Data protection

For ecosio, your right to privacy and protection of your personal data is important. We want to make sure that your personal data is in safe hands and are therefore committed to protect your personal data in accordance with the data protection laws applicable in the respective country and our data protection guidelines. In particular, personal data is processed in accordance with the requirements of the GDPR and in accordance with the applicable country-specific data protection regulations (e.g. the applicable data protection regulations in the United Kingdom). The transfer of data for processing within and outside ecosio for the purpose of commissioned processing is based exclusively on commissioned processing agreements. Our privacy policy defines the treatment of data in relation to our website and services that refer to it.

We collect and use personal data of our users only insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data regularly takes place only after prior consent has been obtained. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations. 

If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (for example, if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art 6 (1) lit b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data based on a so-called “data processing agreement”, this is done based on Art 28 GDPR. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art 44 ff GDPR. We will not use your personal data for purposes incompatible with the processing purposes about which you have been informed unless such use is required or permitted by law or is in your own vital interests. 

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art 6 (1) (a) GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art 6 (1) c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art 6 (1) lit f GDPR serves as the legal basis for the processing.

We store your personal data only as long as it’s necessary for the fulfilment or initiation of the contract if we have a legitimate interest or as long as you have not revoked your consent. We delete or block your personal data as soon as the purpose for storing it no longer applies. We adhere to the statutory retention periods for the duration of the storage of personal data.

We use the Google Analytics 4 (“GA4”) version of the Google Analytics service on our website. The service is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), whereby the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area (“Google“). Google Analytics is used to analyze website usage by users. Google uses so-called cookies, i.e. text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there. 

GA4 does not log or store IP addresses. The IP address data of website users from the EU is only used to derive location data and is deleted immediately afterwards.

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. However, we would like to point out that this no longer guarantees that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP-address) from being sent to and used by Google Inc. by downloading and installing the available browser plug-in HERE. You can also find more information on data use by Google Inc. HERE.

We also use the remarketing function of Google on our website. This Google marketing service allows us to display advertisements for and on our website in a more targeted manner to present users only with ads that potentially match their interests. To carry out the analysis of user behavior when visiting our website, Google uses so-called cookies. For this purpose, Google stores a small file with a sequence of numbers in the browsers of the website visitors. The analysis of user behavior forms the basis for the creation of interest-based advertisements. If you subsequently visit another website in the Google advertising network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. This number is used to record visits to the website as well as anonymized data on the use of the website. However, no personal data of the website visitors is stored.  The purpose of Google Remarketing is merely to display advertising that is  relevant to interest. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

You can permanently disable the use of cookies by Google by downloading and installing the plug-in provided HERE. 

We also use Google Ads on our website. Google Ads is an online advertising program from Google. Our website uses Google Ads with conversion tracking. This means that in the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained with the help of the cookie or AdWords pixel is used to create conversion statistics for AdWords customers. However, you will not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can find more information about Google AdWords and Google Conversion Tracking HERE.

We also use Google AdSense on our website. We can integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense also uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the internet. We may also use Google Tag Manager and Google Phone Tracking to integrate and manage Google’s analytics and marketing services on our website. For more information on Google’s use of data for marketing purposes, please click HERE. 

We use so-called session or flash cookies on our website. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after visting another website. In addition, we also use – if you allow this – so-called persistent cookies that are used beyond the session (“cross-session cookies”). These cookies in particular serve to make the internet offer user-friendly, more effective and safer. The user data collected through technically necessary cookies are not used to determine your identity. Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies and these cookies are deleted again when the browser is closed. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it may no longer be possible to use all the functions of the website.

On our website we use various tools from Outbrain UK Ltd (5 New Bridge Street, London, EC4V6JA, UK) (“Outbrain”), which enable us to analyze the use of our website through cookies.

Through Outbrain, we can point you to relevant content on our website. The recommendations are based on the content you have read so far. The content displayed by Outbrain is automatically controlled and provided by Outbrain. The display of recommendations is pseudonymized, i.e. it takes place via a generated character string that is assigned to you. No personal data is stored in the process. Outbrain records the anonymized IP address of the user, the type of browser and the source of the device. 

In addition, we also use “Outbrain Amplify” and “Outbrain Pixel” for marketing and optimization purposes on our website. These tools allow us to analyze your usage behavior and improve our offer.

If data is transferred to Outbrain Inc. or to other recipients outside the EU/EEA, Outbrain will ensure that the transfer complies with EU data protection laws and that an adequate level of protection is provided. Appropriate safeguards have been put in place to protect the data. You can find more information about Outbrains data protection HERE.

This website uses SalesViewer technology from SalesViewer GmbH (Huestr. 30, 44787 Bochum, Germany) (“SalesViewer”) on the basis of our legitimate interests (Art 6 (1) lit f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymized and is not used to identify website visitors personally.

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking HERE in order to prevent SalesViewer from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

We also offer webinars, whitepapers and similar information material on our website for download or live streaming. If you download a file, we process for the purpose of providing the requested webinar or document and, if applicable, for the purpose of contacting and billing. To run our live-webinars, we use the service of GoTo, GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland. You can find GoTo’s privacy policy HERE.

Wistia 

We use the video-service of Wistia, Inc. 17 Tudor Street, Cambridge, MA 02139, USA (“Wistia“) to embed videos on our website. When the videos are played, a connection to the Wistia servers is made. The following data is collected in the process: Anonymized IP address, access time to the videos you viewed, URL of the videos, type of end device and the operating system and browser used.

If you have a Wistia-account and are logged in on your end device, Wistia can assign the collected information to your user account. You can prevent by logging out of your user account before visiting our website. You can find Wistia’s privacy policy HERE.

Tolstoy

We also use the video-service of Tolstoy Ltd, located at 60 Hasharon St., Ra’anana, Israel (“Tolstoy“) to embed videos on our website. When the videos are played, a connection to the Tolstoy servers is established and certain data such as your IP address may be transmitted. You can find more information about Tolstoy’s processing of your data HERE. 

To subscribe to our newsletter, all you need to do is register via our website with your e-mail address. Our newsletters may contain information about our company, our services and event information. The newsletter registration uses double opt-in. This means that after sending your data, you will receive an e-mail asking you to confirm your registration. We will not pass on your e-mail address to third parties without your consent. You can unsubscribe from the newsletter at any time.

We also use the web analytics tool “Matomo” on our website to perform A/B testing. A/B testing is used to improve the usability and performance of our website. In this way, users are presented with different versions of a website or its elements, such as input forms, on which the placement of content or the labelling of navigation elements may differ. Based on user behaviour, e.g. longer visits to our website or more frequent interactions with the elements, it can then be determined which of these websites or elements better meet the needs of the users.We also use the Matomo Heatmap Module. Matomo’s Heatmap service shows us the areas of our website where the mouse is most frequently moved or clicked. Data entered in forms is not recorded and is not visible at any time.

For more information on Matomo’s terms of use and data protection regulations, click HERE.

We use Facebook social sharing plugins on our website, which are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook, where it is stored and, in accordance with your privacy settings, becomes visible to other people on this social network. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store the IP address. In addition, Facebook may share aggregate statistics about user activity with third parties such as other users, partners, advertisers and affiliated websites. We have no control over the amount of data collected by this provider when sharing or liking content. The relevant information on Facebook’s privacy policy can be found HERE.

Within our online offer, functions and contents of the service Instagram may be integrated, offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. You can find the relevant information on Instagram’s privacy policy HERE.

Within our online offer, functions and contents of the service Twitter may also be integrated, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the call-up of the above-mentioned content and functions to the user’s profile there. You can find Twitter’s privacy policy HERE. 

Within our online offer, functions and contents of the service LinkedIn may be integrated, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. You can find LinkedIn’s privacy policy HERE.

Within our online offer, functions and contents of the service Xing may be integrated, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the  Xing platform, Xing can assign  the call-up of the above-mentioned content and functions to the user’s profile there. You can find Xing’s privacy policy HERE. 

YouTube components are integrated within our online offer. YouTube is an Internet video portal where video clips can be viewed, rated, commented on and uploaded free of charge. YouTube is operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA.
YouTube LLC is a company affiliated with  Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access our website that contains a YouTube video, the corresponding video is loaded from YouTube. Further information on YouTube can be found HERE. Within the framework of this technical procedure, YouTube and Google receive knowledge of which specific website you are visiting. If users are  logged into YouTube at the same time, this information is collected by YouTube and Google and assigned to your YouTube account; this is independent of whether you click on a YouTube video or not. By logging out of their YouTube account, users can prevent YouTube and Google from associating the collected information with their YouTube account. You can find YouTube’s privacy policy HERE. 

Within our online offer, functions and contents of LiveChat may be integrated, offered by LiveChat Inc.,  Attn: 101 Arch Street, 8th Floor, Boston, MA 02110, USA. This may include e.g. contents from chats. This content is also sent to us by e-mail and and will be stored. The privacy policy of LiveChat can be found HERE. 

We also use the services of so-called lead generation tools. Lead generation is a term from marketing. A lead is a qualified prospective customer who, on the one hand, is interested in a company or a product and, on the other hand, provides the advertiser with his address and similar contact data (lead = data record) for a further dialogue and is therefore very likely to become a customer. Generating high-quality leads is a fundamental task for acquiring new customers. Address data of potential interested parties can be generated online and offline for specific target groups and these purposes are also our legitimate interest in data processing according to Art 6 (1) lit f GDPR.

We use the “LinkedIn Lead Generation” service as a lead generation tool. LinkedIn uses forms for lead generation and functions and content of the LinkedIn service, offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. The privacy policy of LinkedIn can be found HERE.

We use the Pardot Marketing Automation System (“Pardot MAS“) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot“) on our website. Pardot is a special software for recording and evaluating the use of a website by its visitors. Insofar as Pardot LLC processes personal data, the processing is carried out exclusively on our behalf and in accordance with our instructions. We have ensured Pardot LLC’s compliance with the provisions of the GDPR via an individual agreement with Pardot LLC. When you visit our website, Pardot MAS records your click path and uses it to create an individual usage profile. Cookies are used for this purpose, which allow your browser to be recognized. If you agree to this the first time you use our website by confirming the so-called cookie acceptance banner, you also agree to the use of cookies by Pardot.

You can revoke your consent at any time with effect for the future. In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your internet browser so that cookies from the domain “pardot.com” are not accepted. However, this may lead to certain restrictions in the functions and user-friendliness of our offer. Further information on the privacy policy of Pardot LLC can be found HERE.

At trade fairs or other events organized by ecosio, we regularly collect visitor data. We collect data to send out information material on our products and services, for the preparation of individual offers for potential customers or for processing enquiries. The collection of data is voluntary and only with the consent of the respective person. 

The ecosio status page is a website that displays the status of our services. Through updates, the status page gives users insights into planned maintenance windows, faults or outages and the general operationality of the systems. The status page enables us to communicate transparently and proactively with our customers. The website can be reached at https://ecosio-status.com/.

Each user of the status page has the option, by entering their email address, to sign up for our “email updates” and thus receive regular information from us via email on the status of our services. The status page also allows users to select the information they wish to receive. No personal data is passed on to third parties. To meet the high data protection standards, the ecosio status page relies on EU-based servers.

You can request confirmation from us as to whether and to what extent personal data relating to you is being processed by us. If such processing is taking place, you can request information from us.

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

You may request the restriction of the processing of personal data concerning you under the following conditions: 

• if you dispute the accuracy of the personal data relating to you for a period of time that enables us to verify the accuracy of the personal data; 
• the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data; 
• we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or 

if you have objected to the processing pursuant to Art 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds. If the processing of personal data relating to you has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

You can request that we delete the personal data concerning you without delay. Please note that we are only obliged to delete it if we process it unlawfully or the processing disproportionately interferes with your legitimate interests in protection. In addition, there are legally recognized reasons that prevent immediate deletion, e.g. the fulfilment of a legal obligation – such as legally regulated retention obligations or the assertion of legal claims.

If we have made personal data of yours public in the course of our activities and we are obliged to delete it pursuant to Art 17 (1) GDPR, we shall of course, taking into account the available technology and the implementation costs, take appropriate measures to inform third parties that you, as the data subject, have requested the deletion of all personal data.

If you have made a right to rectification, erasure or restriction of processing to us, we are obliged to notify all recipients to whom the personal data relating to you has been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent (Art 6 (1) (a) or Art 9 (2) (a) of the GDPR) or on a contract pursuant to Art 6 (1) (b) of the GDPR and the processing is carried out with the help of automated processes.

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent. 

Regarding the cases referred to in (1) and (3), we shall take reasonable measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from ecosio, to express your point of view and to contest the decision.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy.