e-Invoicing

Data protection

Disclaimer

Despite careful control of the content, we assume no liability for the content of external links. The operators of the linked pages are solely responsible for their content. All trademarks (and their logos) mentioned or shown on the website belong to their respective owners.

ecosio Privacy Policy

This privacy policy was last updated on 02.09.2024. Please note that we regularly update our privacy policy to ensure that we can adequately protect your data and that we always comply with the applicable legal situation when processing your personal data.Ā 

The protection of your data is important to us. This policy tells you everything you need to know about how ecosio GmbH and its subsidiary companies, the ecosio InterCom GmbH and ecosio Ltd. (“ecosio” or “we“) protect your personal data when processing them and for which ecosio is responsible, and what rights you have in connection with the processing of your personal data.

Responsible body and contact information

Depending on which of our companies you interact with, the controller within the meaning of the EU General Data Protection Regulation (ā€œGDPRā€) and other national data protection laws, as well as other data protection provisions, is:

ecosio GmbH Lange Gasse 30, 1080 Vienna, Austria
ecosio InterCom GmbH Leoprechtingstr. 32, 81739 Munich, Germany
ecosio Ltd. 77 Farringdon Road, EC1M 3JU, London, United Kingdom


The Managing Directors are Dr Christoph Ebm, Dr Philipp Liegl and Dr Marco Zapletal.Ā 

We have appointed a Data Protection Officer who can be contacted at privacy@ecosio.com. If you have any questions or concerns or would like to know more about how we collect, store or use your personal data, please contact our Data Protection Officer. Ā 

For ecosio, your right to privacy and protection of your personal data is important. We want to make sure that your personal data is in safe hands and are therefore committed to protect your personal data in accordance with the data protection laws applicable in the respective country and our data protection guidelines. In particular, personal data is processed in accordance with the requirements of the GDPR and in accordance with the applicable country-specific data protection regulations (e.g. the applicable data protection regulations in the United Kingdom). The transfer of data for processing within and outside ecosio for the purpose of commissioned processing is based exclusively on commissioned processing agreements. Our privacy policy defines the treatment of data in relation to our website and services that refer to it.

General information on data processing

To provide our services and operate our website and other communication channels, we process personal data of the users with whom we interact. We only use your personal data to the extent necessary for specific purposes. Personal data is information that can be directly linked to you. This includes, for example, information such as your name, e-mail address or telephone number. When you visit our website, additional data is also automatically collected for technical reasons. This includes information such as your IP address, which is assigned to you by your internet service provider when you connect to the internet, details of the website from which you accessed our website and information about the internet browser used (technical information). It is possible that this technical information may contain personal data in certain cases.Ā 

We collect and use personal data of our users only insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data regularly takes place only after prior consent has been obtained. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.Ā 

If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (for example, if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art 6 (1) lit b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data based on a so-called “data processing agreement”, this is done based on Art 28 GDPR. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art 44 ff GDPR. We will not use your personal data for purposes incompatible with the processing purposes about which you have been informed unless such use is required or permitted by law or is in your own vital interests.Ā 

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art 6 (1) (a) GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art 6 (1) c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art 6 (1) lit f GDPR serves as the legal basis for the processing.

We store your personal data only as long as itā€™s necessary for the fulfilment or initiation of the contract if we have a legitimate interest or as long as you have not revoked your consent. We delete or block your personal data as soon as the purpose for storing it no longer applies. We adhere to the statutory retention periods for the duration of the storage of personal data.

Visit our website

When you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected for a limited period of time:Ā 

  1. Information about the browser type and version used
  2. The operating system of the user
  3. The user’s internet service provider
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user’s system accesses our website

This data is partly stored in so-called log files of our system. This data is only needed to analyze any malfunctions and is deleted within thirty days at the latest. The temporary storage of the IP-address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of our website.

We use the Google Analytics 4 (ā€œGA4ā€) version of the Google Analytics service on our website. The service is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), whereby the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area (“Google“). Google Analytics is used to analyze website usage by users. Google uses so-called cookies, i.e. text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.Ā 

GA4 does not log or store IP addresses. The IP address data of website users from the EU is only used to derive location data and is deleted immediately afterwards.

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. However, we would like to point out that this no longer guarantees that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP-address) from being sent to and used by Google Inc. by downloading and installing the available browser plug-in HERE. You can also find more information on data use by Google Inc. HERE.

As an extension to Google Analytics, Google Signals can be used on this website to create cross-device reports. If you have activated personalised ads and linked your devices to your Google account, Google can analyse your usage behaviour across your devices and create database models, including cross-device conversions, subject to your consent to the use of Google Analytics. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can deactivate the “personalized advertising” function in the settings of your Google account. Follow the instructions HERE. You can also find more information about Google Signals HERE.

We also use the remarketing function of Google on our website. This Google marketing service allows us to display advertisements for and on our website in a more targeted manner to present users only with ads that potentially match their interests. To carry out the analysis of user behavior when visiting our website, Google uses so-called cookies. For this purpose, Google stores a small file with a sequence of numbers in the browsers of the website visitors. The analysis of user behavior forms the basis for the creation of interest-based advertisements. If you subsequently visit another website in the Google advertising network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. This number is used to record visits to the website as well as anonymized data on the use of the website. However, no personal data of the website visitors is stored.Ā  The purpose of Google Remarketing is merely to display advertising that isĀ  relevant to interest. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

You can permanently disable the use of cookies by Google by downloading and installing the plug-in provided HERE.Ā 

We also use Google Ads on our website. Google Ads is an online advertising program from Google. Our website uses Google Ads with conversion tracking. This means that in the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained with the help of the cookie or AdWords pixel is used to create conversion statistics for AdWords customers. However, you will not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can find more information about Google AdWords and Google Conversion Tracking HERE.

We also use Google AdSense on our website. We can integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense also uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the internet. We may also use Google Tag Manager and Google Phone Tracking to integrate and manage Google’s analytics and marketing services on our website. For more information on Google’s use of data for marketing purposes, please click HERE.Ā 

We use so-called session or flash cookies on our website. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after visting another website. In addition, we also use – if you allow this – so-called persistent cookies that are used beyond the session (“cross-session cookies”). These cookies in particular serve to make the internet offer user-friendly, more effective and safer. The user data collected through technically necessary cookies are not used to determine your identity. Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies and these cookies are deleted again when the browser is closed. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it may no longer be possible to use all the functions of the website.

On our website we use various tools from Outbrain UK Ltd (5 New Bridge Street, London, EC4V6JA, UK) (ā€œOutbrainā€), which enable us to analyze the use of our website through cookies.

Through Outbrain, we can point you to relevant content on our website. The recommendations are based on the content you have read so far. The content displayed by Outbrain is automatically controlled and provided by Outbrain. The display of recommendations is pseudonymized, i.e. it takes place via a generated character string that is assigned to you. No personal data is stored in the process. Outbrain records the anonymized IP address of the user, the type of browser and the source of the device.Ā 

In addition, we also use “Outbrain Amplify” and “Outbrain Pixel” for marketing and optimization purposes on our website. These tools allow us to analyze your usage behavior and improve our offer.

If data is transferred to Outbrain Inc. or to other recipients outside the EU/EEA, Outbrain will ensure that the transfer complies with EU data protection laws and that an adequate level of protection is provided. Appropriate safeguards have been put in place to protect the data. You can find more information about Outbrains data protection HERE.

To optimize our services, we use Lead Forensics on our website, a service provided by Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, UK.Lead Forensics does not use cookies. When you visit our website, your IP address is collected and transmitted to Lead Forensics, where it is then compared with their own databases in a global database of companies and business information. Personal data such as first name, surname, email address, social profiles and IP address may also be stored here. This data is not compared with the specific IP address. Lead Forensics does not assign the IP address to the personal data stored in the database. As soon as the data has been matched, the IP address is anonymised by Lead Forensics. After the data comparison, we receive the information from Lead Forensics’ database that has been assigned to the IP address in question. This allows us to see who is interested in our products. Lead Forensics provides us with the actual history of your visit to our website. This also includes an overview of all the pages you have visited and how long you have been on this page.

Further information on the processing of data can be found HERE. Insofar as we process personal data in this context, we do so on the basis of our legitimate interests in improving the design of our website and customer acquisition. The legal basis is the protection of legitimate interests in accordance with Article 6(1)(f) GDPR.

We also offer webinars, whitepapers and similar information material on our website for download or live streaming. If you download a file, we process for the purpose of providing the requested webinar or document and, if applicable, for the purpose of contacting and billing. To run our live-webinars, we use the service of GoTo, GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland. You can find GoTo’s privacy policy HERE.

WistiaĀ 

We use the video-service of Wistia, Inc. 17 Tudor Street, Cambridge, MA 02139, USA (“Wistia“) to embed videos on our website. When the videos are played, a connection to the Wistia servers is made. The following data is collected in the process: Anonymized IP address, access time to the videos you viewed, URL of the videos, type of end device and the operating system and browser used.

If you have a Wistia-account and are logged in on your end device, Wistia can assign the collected information to your user account. You can prevent by logging out of your user account before visiting our website. You can find Wistia’s privacy policy HERE.

Tolstoy

We also use the video-service of Tolstoy Ltd, located at 60 Hasharon St., Ra’anana, Israel (“Tolstoy“) to embed videos on our website. When the videos are played, a connection to the Tolstoy servers is established and certain data such as your IP address may be transmitted. You can find more information about Tolstoy’s processing of your data HERE.Ā 

To subscribe to our newsletter, all you need to do is register via our website with your e-mail address. Our newsletters may contain information about our company, our services and event information. The newsletter registration uses double opt-in. This means that after sending your data, you will receive an e-mail asking you to confirm your registration. We will not pass on your e-mail address to third parties without your consent. You can unsubscribe from the newsletter at any time.

We also use the web analytics tool “Matomo” on our website to perform A/B testing. A/B testing is used to improve the usability and performance of our website. In this way, users are presented with different versions of a website or its elements, such as input forms, on which the placement of content or the labelling of navigation elements may differ. Based on user behaviour, e.g. longer visits to our website or more frequent interactions with the elements, it can then be determined which of these websites or elements better meet the needs of the users.We also use the Matomo Heatmap Module. Matomo’s Heatmap service shows us the areas of our website where the mouse is most frequently moved or clicked. Data entered in forms is not recorded and is not visible at any time.

For more information on Matomo’s terms of use and data protection regulations, click HERE.

We use Unbounce, Unbounce Marketing Solutions, Inc, 400-401 West Georgia Street, Vancouver, BC V6B 5A1, Canada (“Unbounce”) to create landing pages for our website and to optimize our offer. The pages are hosted by Unbounce. This means that the user’s browser communicates directly with Unbounce. For example, the IP address, browser signature, operating system, device type and the date and time of the page visit are transmitted to Unbounce. Cookies may also be set in this context. These cookies are not made accessible by browsers across domains, i.e. they are not passed on to third parties, and the data is only made available to us in anonymised form so that we cannot draw any conclusions about individual persons. Further information on Unbounce’s privacy policy can be found HERE.

Our website is operated with WordPress, 60 29th Street #34, San Francisco, CA 94110, USA, one of the leading content management systems (CMS) for creating and managing websites. WordPress uses cookies to improve user-friendliness and to enable certain functions. WordPress can also collect various types of data to optimize the website experience. When you visit our website, WordPress automatically collects information of a general nature, which is stored in the server log files. This includes, among other things, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar information. This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when using the internet. WordPress uses this data to display our website, to ensure the long-term functionality and security of our information technology systems and to optimize the content of our website. This anonymously collected data and information is therefore analyzed by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The data is not analyzed for marketing purposes in this context.

WordPress uses cookies to make visiting our website attractive and to enable the use of certain functions. You have the option of preventing or restricting the installation of cookies by selecting the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. This can be done in the browser settings. Please note that if you deactivate cookies, you may not be able to use all the functions of this website to their full extent.

For more information on data processing by WordPress, click HERE.

We use prospecting to target potential customers on our platform and services. For this purpose, we utilize the services of Cognism Limited, First Floor, Holborn Gate, 330 Holborn, London WC1V 7QT, United Kingdom (ā€œCognismā€). Cognism helps us find and reach potential customers. The following data may be provided and used for this purpose:

  • Name
  • Employer and company details
  • Location (country and city)
  • Business phone number
  • Business email address

In accordance with Article 6(1)(b) GDPR, we use the aforementioned data if the data subject intends to enter into a contract with us or has already done so, or if the intention is apparent (through user behavior). The use of this service is also based on Article 6(1)(f) GDPR. ecosio has a legitimate interest in identifying potential customers to expand its customer base and optimize advertising. If consent has been obtained (e.g., consent to store cookies, data entered by the data subjects at the provider with consent for the data to be shared), the processing is based on Article 6(1)(a) GDPR; consent can be withdrawn at any time.

Your personal data, which you provide, will generally be stored and retained by Cognism within the European Economic Area (EEA) or the United Kingdom. Data processing is based on the GDPR and the European Commission’s adequacy decision for the United Kingdom under Article 45(3) GDPR. Further information on data processing by Cognism can be found HERE. You also have the option to object directly to the data processing by Cognism (opt-out): https://www.cognism.com/de/daten-opt-out.Ā Ā 

16.Plerdy

We use Plerdy on our website based on your consent given in the cookie manager in accordance with Article 6(1)(a) GDPR. Plerdy is a service provided by Plerdy, Vodohinna 2/321 in Lviv, Lvivska 79017, Ukraine. This service offers features for website analytics, including so-called heatmaps, anonymized video recordings of website usage, as well as associated data collection of clicks, scrolls, and mouse movements that website users make during their visit to the pages. Plerdy itself does not record videos, take screenshots, or access information that users enter on the website. Therefore, we only receive aggregated data, which is necessary to monitor user behavior, but never personal data. Thanks to this analysis, we can create a type of heatmap of our website that highlights the areas that receive the most attention or generate the most engagement, thereby improving the operation of our website.

Plerdy collects non-identifiable information, such as browser type, preferred language, and the date/time of website visits. Plerdy can also track which pages of the services are the most popular or most frequently clicked. In the video recordings made during visits to our website, the recording of data from fields is automatically blocked or anonymized and is therefore not visible to anyone. Further information on Plerdy’s data protection can be found HERE.

We also use Arcade on our website, which helps to enhance the interactive experience on our website and other digital platforms. The provider of this tool is Arcade Software Inc., 333 Bush St., San Francisco, California, 94104 USA. It enables us to create and embed interactive content, such as tutorials and walkthroughs, into our products and services. We use Arcade to provide interactive and engaging content directly on our website or within our products. To ensure the security and privacy of our users, we implement Arcade using iframe technology. This approach ensures that all hosting, editing, and data processing activities related to Arcade content occur on Arcadeā€™s secure platform.

Arcade may collect certain information, including but not limited to usage data (e.g., how you interact with the embedded content), device information, and other technical data. We do not collect or process any personal data from your interaction with Arcade content. However, if personal data is provided to us via Arcade (e.g., through feedback forms within the Arcade content), we will handle it in accordance with our general privacy policy. Further information on data processing and Arcade’s privacy policy can be found HERE.

Social Networks

We maintain online presences within social networks and platforms to communicate with customers, interested parties and users active there and to inform them about our services and events. The use of these offers is based on the privacy policy of the respective network. Unless otherwise stated in our privacy policy, we only process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages. We set up links to these social networks and platforms within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the
meaning of Art 6 (1) lit f GDPR provide links to these third-party services. This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP-address they would not be able to send the content to their browser. The IP-address is thus necessary for the display of this content. We endeavor to only use content whose respective providers only use the IP-address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.

We use Facebook social sharing plugins on our website, which are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook, where it is stored and, in accordance with your privacy settings, becomes visible to other people on this social network. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store the IP address. In addition, Facebook may share aggregate statistics about user activity with third parties such as other users, partners, advertisers and affiliated websites. We have no control over the amount of data collected by this provider when sharing or liking content. The relevant information on Facebook’s privacy policy can be found HERE.

Within our online offer, functions and contents of the service Instagram may be integrated, offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. You can find the relevant information on Instagram’s privacy policy HERE.

Within our online offer, functions and contents of the service Twitter may also be integrated, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the call-up of the above-mentioned content and functions to the user’s profile there. You can find Twitter’s privacy policy HERE.Ā 

Within our online offer, functions and contents of the service LinkedIn may be integrated, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. You can find LinkedIn’s privacy policy HERE.

Within our online offer, functions and contents of the service Xing may be integrated, offered by XING AG, DammtorstraƟe 29-32, 20354 Hamburg, Germany. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of theĀ  Xing platform, Xing can assignĀ  the call-up of the above-mentioned content and functions to the user’s profile there. You can find Xing’s privacy policy HERE.Ā 

YouTube components are integrated within our online offer. YouTube is an Internet video portal where video clips can be viewed, rated, commented on and uploaded free of charge. YouTube is operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA.
YouTube LLC is a company affiliated withĀ  Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access our website that contains a YouTube video, the corresponding video is loaded from YouTube. Further information on YouTube can be found HERE. Within the framework of this technical procedure, YouTube and Google receive knowledge of which specific website you are visiting. If users areĀ  logged into YouTube at the same time, this information is collected by YouTube and Google and assigned to your YouTube account; this is independent of whether you click on a YouTube video or not. By logging out of their YouTube account, users can prevent YouTube and Google from associating the collected information with their YouTube account. You can find YouTube’s privacy policy HERE.Ā 

Within our online offer, functions and contents of LiveChat may be integrated, offered by LiveChat Inc., Ā Attn: 101 Arch Street, 8th Floor, Boston, MA 02110, USA. This may include e.g. contents from chats. This content is also sent to us by e-mail and and will be stored. The privacy policy of LiveChat can be found HERE.Ā 

We also use the services of so-called lead generation tools. Lead generation is a term from marketing. A lead is a qualified prospective customer who, on the one hand, is interested in a company or a product and, on the other hand, provides the advertiser with his address and similar contact data (lead = data record) for a further dialogue and is therefore very likely to become a customer. Generating high-quality leads is a fundamental task for acquiring new customers. Address data of potential interested parties can be generated online and offline for specific target groups and these purposes are also our legitimate interest in data processing according to Art 6 (1) lit f GDPR.

We use the “LinkedIn Lead Generation” service as a lead generation tool. LinkedIn uses forms for lead generation and functions and content of the LinkedIn service, offered by LinkedIn AG, DammtorstraƟe 29-32, 20354 Hamburg, Germany, can be integrated. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. The privacy policy of LinkedIn can be found HERE.

We use the Pardot Marketing Automation System (“Pardot MAS“) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot“) on our website. Pardot is a special software for recording and evaluating the use of a website by its visitors. Insofar as Pardot LLC processes personal data, the processing is carried out exclusively on our behalf and in accordance with our instructions. We have ensured Pardot LLC’s compliance with the provisions of the GDPR via an individual agreement with Pardot LLC. When you visit our website, Pardot MAS records your click path and uses it to create an individual usage profile. Cookies are used for this purpose, which allow your browser to be recognized. If you agree to this the first time you use our website by confirming the so-called cookie acceptance banner, you also agree to the use of cookies by Pardot.

You can revoke your consent at any time with effect for the future. In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your internet browser so that cookies from the domain “pardot.com” are not accepted. However, this may lead to certain restrictions in the functions and user-friendliness of our offer. Further information on the privacy policy of Pardot LLC can be found HERE.

Contact Form

When contacting us (e.g. via contact form, chat, email, telephone or social media), the user’s details are processed for the purpose of handling the contact request and its processing. The user’s details may be stored in a chat system as well as a customer relationship management system (“CRM system”) or comparable enquiry organization. Depending on the data you transmit to us, we may store names, e-mail addresses or telephone numbers, for example, as well as text entries. We delete the enquiries and thus also your data if they are no longer required for us.Ā 

Events and Fairs

At our events, pictures of the event participants are regularly taken for the purpose of press and public relations work. We publish such images in particular on our website, in our social media channels and in business network portals (e.g. LinkedIn). The images are generally accessible to all persons who access these offers. As a rule, and in any case insofar as the data is not processed for journalistic purposes, we do not keep personal photos publicly accessible for longer than three years and do not store them for longer than that. As a matter of principle, we do not actively transmit any data to third countries, except for image publications on social media platforms or business network portals, which may be transmitted to the USA. If you do not wish to be photographed or videotaped, you can inform the photographer at the event, stay outside the filmed area or leave the event if this would not be possible. By attending the event, you consent to the use of any recordings. Of course, we will not publish any recordings of you that could infringe your personal rights.

At trade fairs or other events organized by ecosio, we regularly collect visitor data. We collect data to send out information material on our products and services, for the preparation of individual offers for potential customers or for processing enquiries. The collection of data is voluntary and only with the consent of the respective person.Ā 

Job Applications

If you apply for a job via our career portal, your data, documents and other information are transmitted to us in encrypted form. We collect, process and store your personal data for the purpose of processing the application procedure. Your data will not be used for any other purpose. Access to your application documents and the personal data contained therein will only be granted to the group of persons involved in the selection process. Your personal data will not be passed on to third parties.

For the provision of the career portal, we use Greenhouse Software, Inc., 228 Park Ave. S PMB 14744, New York, New York 10003-1502 US (ā€œGreenhouseā€). The use of Greenhouse takes place in accordance with Art 6 (1) lit f GDPR due to our legitimate economic interest in evaluating and managing applications in an applicant management system and conducting an efficient application process. In connection with the provision of the portal, Greenhouse processes personal data on our behalf. Ā 

We have concluded an order processing contract with Greenhouse for the use of the portal. Through this contract, Greenhouse assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject. In this context, the forwarding of personal data to Greenhouse takes place based on standard data protection clauses of the European Commission in accordance with Art 46 (2) lit c) GDPR. Further information on data protection in connection with the SmartRecruiters applicant portal can be found in their data protection notices HERE and HERE.

Your documents will be automatically deleted six months after a rejection has been sent. You also have the option to have your application saved in our Talent Pool for future job positions. The data processing, the inclusion in our Talent Pool and the contacting are based on your consent according to Art 6 (1) lit a GDPR.

If you receive a job offer from us as a candidate, we may conduct a background check on you. For this purpose, we use the service of CREDENCE Background Screening Limited, 160 London Rd, Sevenoaks TN13 1BT, United Kingdom (ā€œCredenceā€). Background checks are only conducted if permitted by the laws of the location where the position is based. We limit the checks to what is necessary and appropriate for the position being offered to you. The legal basis for this is that we must take the necessary steps before an employment contract between us can be established. Further information about the background checks can be found HERE and in Credence’s privacy policy.

ecosio Services

To use our ecosio.flow portal, each user must register by providing personal data. The
data collected can be seen in the entry form. The personal data entered is collected and stored exclusively for internal use and for our own purposes. By registering, the IP address of the calling computer, date and time of registration are also stored. As a matter of principle, the data is not passed on to third parties. The use of our ecosio.flow portal is subject to our own terms of use, the current version of which is available to every user on the portal. Within the scope of the application or registration process, your consent to the processing of this data is expressly obtained by confirming the terms of use. The purposes also constitute our legitimate interest in data processing pursuant to Art 6 (1) lit f GDPR. Every user is free to change the personal data provided during registration at any time or to have it completely deleted from our database.

In our ecosio.flow portal, we also use Featurebase.app, Kaluri tee 4, Viimsi, Harjumaa 74001, Estonia, (“Featurebase“). Featurebase is a platform that enables us to manage and control features for our software applications. The main objective of this platform is to facilitate the development process of our software and to improve the control over various features. This is an additional function that we offer as part of our web.edi portal. This additional function can be deactivated at any time. Featurebase relies on EU-based servers, no data is transmitted to third countries. You can find more information on Featurebase’s privacy policy HERE.Ā 

We also use the analytics tool “Countly” as part of this service. The service provider is Countly Ltd., 100 Avebury Boulevard, Milton Keynes, United Kingdom, MK9 1FH. Countly is a product analytics service that helps companies track and analyze user interactions within their apps and websites. By collecting data such as IP addresses, device information, and usage patterns, Countly provides valuable insights that contribute to the targeted optimization of the user experience. Further information on Countly’s privacy policy can be found HERE.

The ecosio status page is a website that displays the status of our services. Through updates, the status page gives users insights into planned maintenance windows, faults or outages and the general operationality of the systems. The status page enables us to communicate transparently and proactively with our customers. The website can be reached at https://ecosio-status.com/.

Each user of the status page has the option, by entering their email address, to sign up for our “email updates” and thus receive regular information from us via email on the status of our services. The status page also allows users to select the information they wish to receive. No personal data is passed on to third parties. To meet the high data protection standards, the ecosio status page relies on EU-based servers.

3.1 Gong

As part of our sales activities, we use the service “Gong,” provided by Gong.io Inc., 265 Cambridge Ave, Suite 60717, Palo Alto, CA 94306, USA. We use Gong to record, transcribe, and analyze video conferences, phone calls, and emails between our sales representatives and our customers. Gong’s service is used exclusively with your consent. You can find Gong’s privacy policy HERE.

3.2 ReadMe

Additionally, in the course of providing our services, we use the service “ReadMe,” provided by ReadMe, 14 Geary St Fl 2, San Francisco, CA 94108. ReadMe is not integrated into our system but is used as a standalone platform where we document our API and provide access to our customers and partners. In this process, personal data such as username and email address are transmitted and stored by ReadMe. You can find ReadMe’s privacy policy HERE.

3.3 Salesforce

We also use Salesforce Sales Cloud to manage our customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (“Salesforce”). Salesforce is a CRM system that enables us to manage existing and potential customers as well as customer contacts, and to organize sales and communication processes. The use of the CRM system also allows us to analyze our customer-related processes. Customer data is stored on Salesforce’s servers. In this process, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. The use of Salesforce is based on Article 6(1)(f) GDPR. If corresponding consent has been obtained, processing is carried out solely on the basis of Article 6(1)(a) GDPR. Consent can be withdrawn at any time. Further information and Salesforce’s privacy policy can be found HERE.

What rights do I have with regard to the processing of my data?

If we process your personal data, then you are a data subject as defined by the GDPR. Therefore, you are entitled to special rights, which we would like to explain to you under this point. If you wish to assert one of these rights against us, simply use the contact options listed under ā€œResponsible body and contact informationā€.Ā 

You can request confirmation from us as to whether and to what extent personal data relating to you is being processed by us. If such processing is taking place, you can request information from us.

You have a right of rectification and/or completion vis-Ć -vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

You may request the restriction of the processing of personal data concerning you under the following conditions:Ā 

  • if you dispute the accuracy of the personal data relating to you for a period of time that enables us to verify the accuracy of the personal data;Ā 
  • the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;Ā 
  • we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, orĀ 

if you have objected to the processing pursuant to Art 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds. If the processing of personal data relating to you has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

You can request that we delete the personal data concerning you without delay. Please note that we are only obliged to delete it if we process it unlawfully or the processing disproportionately interferes with your legitimate interests in protection. In addition, there are legally recognized reasons that prevent immediate deletion, e.g. the fulfilment of a legal obligation – such as legally regulated retention obligations or the assertion of legal claims.

If we have made personal data of yours public in the course of our activities and we are obliged to delete it pursuant to Art 17 (1) GDPR, we shall of course, taking into account the available technology and the implementation costs, take appropriate measures to inform third parties that you, as the data subject, have requested the deletion of all personal data.

If you have made a right to rectification, erasure or restriction of processing to us, we are obliged to notify all recipients to whom the personal data relating to you has been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent (Art 6 (1) (a) or Art 9 (2) (a) of the GDPR) or on a contract pursuant to Art 6 (1) (b) of the GDPR and the processing is carried out with the help of automated processes.

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent.Ā 

Regarding the cases referred to in (1) and (3), we shall take reasonable measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from ecosio, to express your point of view and to contest the decision.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy.

Subscribe to the e-Invoicing newsletters