Data privacy

Introduction

1. Preamble

The protection of your data is very important to us. For this reason, data protection is of particular priority to us. 

This data protection statement informs you about the type, scope and purpose of the processing of personal data within our website and the apps, functions and contents connected with it (hereinafter jointly referred to as “online offer” or “website”). This privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed. 

2. Responsibility

The party responsible within the meaning of the General Data Protection Regulation and other data protection laws:

Filestage GmbH
Lautenschlagerstraße 16, 70173 Stuttgart, Germany
E-Mail: privacy@filestage.io 

Filestage has appointed a data protection officer whose contact details are as follows:

DSBX GmbH
Gablonzer Straße 4
76185 Karlsruhe
Germany
Phone: +49 721 98615899
Email: filestage@dsbx.one

3. Definitions

Our data protection statement is based on the terms used by the European Directive and Regulation Giver when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. 

In order to ensure this, we would like to communicate the terms used transparently in advance. You can read about the terms used, such as “personal data” or their “processing” in article 4 of the General Data Protection Regulation (GDPR).

4. General information on data processing

4.1. Scope of processing of personal data

We only collect and use personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data of our users takes place regularly only with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

4.2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 para. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis. 

In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. 

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. 

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. 

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing. 

4.3. Data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the federal, state, local, or international laws and regulations or other provisions to which the person responsible is subject. 

The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4.4. Children Under the Age of 16

Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at: privacy@filestage.io

4.5. Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information: 

  • By which you may be personally identified, such as name, postal address, e-mail address, telephone number, social security number, or any other identifier by which you may be contacted online or offline (“personal information“); 
  • That is about you but individually does not identify you; and/or 
  • About your internet connection, the equipment you use to access our Website, and usage details. 

We collect this information: 

  • Directly from you when you provide it to us. 
  • Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • From third parties, for example, our customers who act as your employers and business partners, or any other party who may act on your behalf for the purpose of the use of our Website.

Information You Provide to Us.

The information we collect on or through our Website may include: 

  • Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services. We may also ask you for information when you report a problem with our Website. 
  • Records and copies of your correspondence (including email addresses), if you contact us. 
  • Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website. 
  • Information you enter about your employees, or prospective employees.
  • Information entered about you by your employers or prospective employers or employees. 

4.6. How We Use Your Information

  • We use information that we collect about you or that you provide to us, including any personal information: 
  • To present our Website and its contents to you. 
  • To provide you with information, products, or services that you request from us.
  • To fulfill any other purpose for which you provide it. 
  • To provide you with notices about your account, including expiration and renewal notices.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To notify you about changes to our Website or any products or services we offer or provide though it. 
  • To allow you to participate in interactive features on our Website.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

4.7 Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. 

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Service. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service. 

4.8 Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Service home page. If we make material changes to how we treat our users’ personal information, we will notify you by email to the primary email address specified in your account. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Service and this privacy policy to check for any changes.

Cookies and Third Party Technologies

5. Provision of the website and creation of log files

5.1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected: 

  • Information about the browser type and version used 
  • The user’s operating system 
  • The IP address of the user 
  • The date and time of access 
  • Websites from which the user’s system reaches our website 

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The log files contain IP addresses or other data that enable an association to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. 

The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the assignment of the data to a user. This data is not stored together with other personal data of the user. The log files do not contain any IP addresses or other data that enable an assignment to a user. 

5.2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. (Storage of IP addresses in log files). 

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR. (No storage of IP addresses in log files).

5.3.Legal basis for data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context (storage of IP addresses in log files). 

Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes. 

5.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. 

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible (storage of IP addresses in log files). 

5.5. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

6. Cookies

Information on the use of cookies can be found in our Cookie Policy.

7. Newsletter, email marketing and product information

7.1. Description and scope of data processing

Based on our legitimate interests on this website, we offer our users the opportunity to subscribe to a free newsletter. 

We send newsletters only with the consent of the recipient or a legal permission. When registering for the newsletter, the data from the input mask is transmitted to us. 

When registering, the email address is required. In addition, the following data is collected upon registration:

  • IP address of the calling computer
  • Date and time of registration

If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company. 

In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this data protection statement. 

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can log in with other people’ s email addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider are also logged. 

We use the services of Mailjet, 13-13 bis, rue de l’Aubrac, 75012 Paris, France, for sending messages by email. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes. Further information on the data protection provisions of the shipping service provider can be found here

In connection with data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

7.2. Analysis of email usage

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file which is retrieved from the server of the shipping service when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users (newsletter tracking). 

7.3. Legal basis for data processing

The legal basis for processing the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR (newsletter dispatch based on registration of the user on the website) with the user’s consent. 

The legal basis for the dispatch of the newsletter as a result of the sale of goods or services is § 7 para. 3 UWG (Newsletter dispatch due to the sale of goods or services). 

The legal basis for statistical surveys and analyses is Art. 6 para. 1 lit. f GDPR (Newsletter Tracking).

7.4. Purpose of data processing

To subscribe to the newsletter, simply enter your email address. The collection of the user’s email address serves to send the newsletter. Optionally, we ask you to enter a name in the newsletter in order to address us personally. 

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used (newsletter dispatch due to user registration on the website). 

The purpose of the statistical surveys is to use a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users (newsletter dispatch based on the user’s registration on the website). 

7.5. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s email address will therefore be stored for as long as the subscription to the newsletter is active.

7.6. Possibility of objection and elimination

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. 

This also makes it possible to revoke the consent to the storage of personal data collected during the registration process (newsletter dispatch based on the user’s registration on the website).

At the same time, your consent to the statistical analyses expires. A separate cancellation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible (newsletter tracking). 

If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted. 

8. Registration

8.1. Description and scope of data processing

On the basis of our legitimate interests, we offer users on this website the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved. The data will not be passed on to third parties. 

The following data is collected during the registration process: 

  • Email 
  • Name and surname
  • Phone number (optional)

At the time of registration, the following data is also stored: 

  • Date and time of registration 
  • Browser language setting 

In the course of the registration process, the user’s consent to the processing of this data is obtained.

8.2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. 

If registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6 para. 1 lit. b GDPR (registration to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures).

8.3. Purpose of data processing

A registration of the user is necessary for the fulfillment of a contract with the user or for the execution of pre-contractual measures (registration not for the conclusion of a contract with the user). 

The data collected is necessary for the use of our service in order to enable authentication and recognition of the user.

8.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration on our website is canceled or changed. 

This is the case for those during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations (registration for the conclusion of a contract with the user). 

Perpetual obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and the storage of data for tax purposes. Which storage periods are to be observed cannot be determined across-the-board, but must be determined for the contracts and contractual parties concluded in each individual case.

8.5. Possibility of objection and elimination

As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time. 

By contacting our support at the email address provided on the website, a deletion of the account can be requested. 

If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

9. Contact form, email contact and live chat

9.1. Description and scope of data processing

9.1.1. Contact form

On the basis of our legitimate interests, we use a contact form on this website, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. At the time the message is sent, the following data is also stored: 

  • User’s email address 
  • The IP address of the user 
  • Date and time of registration 

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection statement. 

9.1.2. Email contact

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored. 

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

9.1.3. Live-Chat

To ensure the fastest possible support for the best possible user experience, we use the Intercom service of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA for sending messages by email and for live chats. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes. For more information about the Live Chat service provider’s privacy policy, click here

9.2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. 

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR. 

The use of the service provider Intercom is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

9.3. Purpose of data processing

The processing of the personal data from the input mask serves solely for the processing of the establishment of contact, and in the case of an establishment of contact by email, this is also the necessary legitimate interest in the processing of the data. 

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

9.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

9.5. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. 

The user can express the revocation of the consent and the contradiction of the storage in the written conversation. All personal data stored in the course of contacting us will be deleted in this case.

10. Google Analytics

10.1 Description and scope of data processing

Based on our legitimate interests, we use the web analysis service Google Analytics of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). It is used to analyze the surfing behavior of our users. 

Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there. 

By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is called up, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the person concerned, which serves Google, among other things, to trace the origin of visitors and clicks and subsequently enable commission statements. 

Cookies are used to store personal information, such as access time, the location from which access came and the frequency of visits to our website by the person concerned. Whenever you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties. 

If individual pages of our website are accessed, the following data is stored: 

  • Two bytes of the IP address of the user’s system calling the server.
  • The accessed website 
  • The website from which the user has accessed the accessed website (referrer) 
  • The subpages that are accessed from the accessed website 
  • Duration of stay on the website 
  • The frequency of visiting the website

Google has accepted the EU Commission’s standard contract clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law. 

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data. 

The IP address transmitted by the user’s browser is not merged with other Google data. 

We use Google Analytics to display the ads placed by Google and its partners within advertising services only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined by the web pages visited) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we would also like to ensure that our ads correspond to the potential interest of the users and are not annoying (Google remarketing services). 

We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. 

10.2. Legal basis for the processing of personal data

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. a GDPR. 

10.3. Purpose of data processing

The processing of users’ personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f GDPR. 

By anonymizing the IP address, the interest of users in protecting their personal data is sufficiently taken into account.

10.4. Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes. In our case, this is the case after 14 months.

10.5. Possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted by the user to our site and Google. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full. 

Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. 

This browser plug-in informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. The installation of the browser plugin is considered a contradiction by Google. If the person’s information technology system is deleted, formatted or reinstalled at a later date, the person concerned must reinstall the browser plug-in to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or another person within their control, it is possible to reinstall or reactivate the browser plug-in. 

Further information on data use by Google, possible settings and objections can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites or apps”), https://google.com/policies/technologies/ads (“Data use for advertising purposes”), https://google.de/settings/ads (“Manage information that Google uses to show you advertising”). 

11. Google Remarketing and Marketing Services

11.1 Description and scope of data processing

We use the marketing and remarketing services (“Google Marketing Services”) of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests. 

Google has accepted the EU Commission’s standard contract clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law. 

The Google marketing services allow us to target ads for and on our site in order to present users only with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies).

Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which contents he is interested in and which offers he has clicked on, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The IP address of the users is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement and only in exceptional cases completely transmitted to a Google server in the USA and shortened there. The IP address is not combined with the user’s data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed. 

Users’ data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA. 

One of the Google marketing services we use is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies cannot therefore be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. 

We can integrate third-party advertisements based on the Google marketing service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner sites to serve ads based on users’ visits to this site or other sites on the Internet.

We can also use the “Google Optimizer” service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of so-called “A/B testing”. Cookies are stored on the user’s devices for these test purposes. Only pseudonymous user data is processed. 

We can also use the “Google Tag Manager” to integrate and manage Google Analytics and marketing services into our website. 

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s data protection declaration can be accessed at https://www.google.com/policies/privacy 

11.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. a GDPR.

11.3.Purpose of data processing

The data processing takes place in the interest of the analysis, optimization and economic operation of the online offer.

11.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

11.5. Possibility of objection and elimination

If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: https://google.com/ads/preferences.

12. Google Fonts

12.1. Description and scope of data processing

Description and scope of data processing 

Google Fonts provides an intuitive and robust directory of open source designer web fonts. With a comprehensive catalogue, typography can be seamlessly integrated and embedded into any design project. 

The service is used for the integration of fonts (web fonts) on our Internet pages. The integration of the Google Fonts takes place via a server call at Google, regularly via the URL https://fonts.google.com. The fonts come from different designers and are open source. 

When users access our online offer, a request is usually transmitted to a Google server in the USA and stored and processed there. 

Technically, the fonts embedded in our website are stored on a Google server and then loaded from there when the page is accessed. By using Google Fonts, Google’s servers send appropriate files to each user, based on the technologies supported by the user’s browser. 

Google has accepted the EU Commission’s standard contract clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law. 

The connection to Google Fonts is not authenticated. When you visit our website, no cookies or login information are sent to Google via the Google Fonts service. Corresponding requests to the servers of the Google Fonts service are made to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requests for fonts are generally separate from login information, which can otherwise be sent to Google domains, such as google.com or google.de, and authenticated. 

Google Fonts logs CSS and font file request records. Google assigns aggregated usage numbers for statistical purposes on how popular font families are and publishes these results on an analytics page (https://fonts.google.com/analytics). 

More information about the Google Fonts service can be found at https://developers.google.com/fonts/faq. 

12.2. Legal basis for the processing of personal data

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. a GDPR.

12.3. Purpose of data processing

Data processing is carried out in the interest of analyzing, optimizing and economically operating the online offer in order to integrate content or service offers from third party providers or their content and services. 

We use Google Fonts to make our website independent of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display image on different systems.

The purpose and scope of data collection and further processing and use of the data by Google can be seen in Google’s data protection declaration at https://policies.google.com/privacy?hl=en. 

12.4. Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

12.5. Possibility of objection and elimination

Further information on data use by Google, possible settings and objections can be obtained on the Google websites https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites or apps”), https://google.com/policies/technologies/ads (“Data use for advertising purposes”), https://google.de/settings/ads (“Manage information that Google uses to show you advertising”). 

13. Facebook

13.1. Beschreibung und Umfang der Datenverarbeitung

We use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). 

The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white “f” on blue tile, the terms “like”, “like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. 

Facebook has accepted the EU Commission’s standard contract clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law. 

When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany. 

13.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

13.3. Purpose of data processing

The data processing takes place in the interest of the analysis, optimization and economic operation of the online offer. 

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users’ privacy, can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/. 

13.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

13.5. Possibility of objection and elimination

If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. 

Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page https://aboutads.info/choices/ or the EU page https://youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. 

14. Facebook, Custom Audiences and Facebook Marketing Services

14.1. Description and scope of data processing

Due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used within our online offer. 

Google has accepted the EU Commission’s standard contract clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law. 

With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads we post only to Facebook users who have also shown an interest in our online offering or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called “custom audiences”). We also want to use the Facebook pixel to ensure that our Facebook ads meet the potential interest of users and are not a nuisance. The Facebook pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”). 

The Facebook pixel is integrated directly by Facebook when you visit our website and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to us, so it does not provide us with any information about the identity of the user. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we send data to Facebook for matching purposes, it is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely with the purpose of creating a comparison with the data that is equally encrypted by Facebook. 

Facebook processes the data in accordance with Facebook’s Data Usage Policy. Accordingly, general information on the display of Facebook ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616.

14.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

14.3. Purpose of data processing

The data processing takes place in the interest of the analysis, optimization and economic operation of the online offer. 

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users’ privacy, can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

14.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

14.5. Possibility of objection and elimination

You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can visit the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. 

You may also object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (https://aboutads.info/choices) or the European website (https://youronlinechoices.com/uk/your-ad-choices/).

15. Intercom

15.1 Description and scope of data processing

We use the Intercom service of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA for customer support, for sending messages by email and for customer management. We transfer the following personal data: 

  • Email
  • First and last names
  • Contract master data
  • Telephone number

Intercom also uses cookies. The information generated by the cookie about the last page of this online platform you accessed is transferred to an Intercom server in the USA and stored there. On our behalf, Intercom will use the above information to provide the related services to the website operator. The IP address transmitted by your browser within the framework of Intercom is not merged with other data. Intercom is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active). 

15.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

15.3. Purpose of data processing

We use the Intercom service to process customer inquiries in live chat or by email. In addition, we manage our customer relationships via Intercom. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

15.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

15.5. Possibility of objection and elimination

You can prevent Intercom from storing cookies by making the appropriate settings in your browser software (found in most browsers under “Settings”). 

Please note, however, that in this case not all functions of our service (live chat, notifications of product updates, full customer support) may be fully usable.

16. Twitter

16.1. Description and scope of data processing

We use components of the Twitter service, which is operated by Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”) on the basis of our legitimate interests.

Twitter is a multilingual publicly accessible microblogging service on which users can publish and distribute so-called tweets, i.e. short messages. These short messages are available to everyone, including people who are not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets. 

Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the person’s information technology system is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons As part of this technical process, Twitter is informed about which specific subpage of our website is visited by the person concerned. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, to make this website known in the digital world and to increase our visitor numbers. 

If the person concerned is logged on to Twitter at the same time, Twitter recognizes which specific subpage of our website the person concerned visits with every visit to our website by the person concerned and for the entire duration of the respective stay on our website. This information is collected by the Twitter component and assigned to the respective Twitter account of the person concerned by Twitter. If the person concerned presses one of the Twitter buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Twitter user account of the person concerned and stored and processed by Twitter. 

Twitter receives information via the Twitter component that the person concerned has visited our website whenever the person concerned is logged on to Twitter at the same time as accessing our website; this happens regardless of whether the person concerned clicks on the Twitter component or not. If such a transmission of this information to Twitter is not desired by the person concerned, he can prevent the transmission by logging out of his Twitter account before calling our website. 

16.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

16.3. Purpose of data processing

The data processing takes place in the interest of the analysis, optimization and economic operation of the online offer. 

The purpose and scope of data collection and further processing and use of the data by Twitter can be found in the Twitter data protection declaration at https://twitter.com/privacy?lang=en. 

16.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

16.5. Possibility of objection and elimination

If a user is also a user of Twitter services and does not want Twitter to collect data about him via this online offer and link it to his user data stored on Twitter, he must log out of Twitter before using our online offer and delete his cookies. 

Twitter offers you the opportunity to view data that Twitter has collected from your activity on and off Twitter at https://twitter.com/your_twitter_data.

17. Youtube

17.1. Description and scope of data processing

Based on our legitimate interests, we use components of the Youtube service operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). 

YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, music videos, trailers or videos produced by users themselves can be called up via the Internet portal. 

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/de/ In the course of this technical procedure, YouTube and Google are informed which specific subpage of our website is visited by the person concerned. 

If the person concerned is logged on to YouTube at the same time, YouTube recognizes which specific subpage of our website the person concerned visits by calling up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned. 

YouTube and Google receive information via the YouTube component that the person concerned has visited our website whenever the person concerned is logged on to YouTube at the same time as accessing our website; this happens regardless of whether the person concerned clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the person concerned, this can prevent the transmission by logging out of their YouTube account before calling up our website. 

17.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

17.3. Purpose of data processing

The data processing takes place in the interest of the analysis, optimization and economic operation of the online offer. 

The purpose and scope of data collection and the further processing and use of the data by YouTube can be found in YouTube’s data protection declaration at https://www.google.de/intl/de/policies/privacy/

17.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

17.5. Possibility of objection and elimination

If a user is also a user of YouTube services and does not want YouTube to collect data about him via this online offer and link it to his user data stored on YouTube, he must log out of YouTube before using our online offer and delete his cookies. 

YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Accordingly, it may be necessary for the user to log out of a possible user account of Google Inc. and delete his cookies.

YouTube offers the possibility under https://www.google.de/settings/ads/authenticated of contradicting a purposeful advertisement.

18. Vimeo

18.1. Description and scope of data processing

We use components of the Vimeo service operated by Vimeo, Inc. 555 West 18th Street New York, New York 10011 (“Vimeo”) based on our legitimate interests. 

Vimeo is a video video portal that allows video publishers to post video clips and other users to view, rate and comment on them. Vimeo allows the publication of all types of videos, which is why complete film and television programmes, music videos, trailers or videos produced by users themselves can be called up via the Internet portal. 

18.2. Legal basis for data processing

The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

18.3. Purpose of data processing

Vimeo uses cookies to provide this service. The data processing takes place in the interest of the analysis, optimization and economic operation of the online offer.

The purpose and scope of data collection and the further processing and use of the data by Vimeo can be found in the Cookie Policy and in Vimeo’s data protection declaration.

18.4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

18.5. Possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted by the user to our site and Vimeo. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full. 

You can disable Vimeo’s non-essential cookies at: https://vimeo.com/cookie_policy.

Your Rights 

If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights towards the party responsible: 

19. Right to information

You can ask the person in charge to confirm whether personal data concerning you will be processed by us. 

If such processing has taken place, you can request the following information from the person responsible: 

  • the purposes for which the personal data are processed; 
  • the categories of personal data processed; 
  • the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed; 
  • the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period; 
  • the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing; 
  • the existence of a right of appeal to a supervisory authority; 
  • any available information on the origin of the data if the personal data are not collected from the data subject; 
  • the existence of automated decision-making, including qualification in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject. 

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

20. Right to correction

You have a right of rectification and/or completion with regard to the responsible party if the personal data processed concerning you are incorrect or incomplete. The party responsible shall make the correction without delay.

21. Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted: 

  • if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data; 
  • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted; 
  • the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or 
  • if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons. 

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. 

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

22. Right to cancellation

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies: 

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing. 
  • You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR. 
  • The personal data concerning you have been processed unlawfully. 
  • The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject. 
  • The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

23. Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

24. Exceptions

The right to cancellation does not exist insofar as the processing is necessary 

  • to exercise freedom of expression and information; 
  • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller; 
  • for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  • to assert, exercise or defend legal claims.

25. Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. 

The person responsible shall have the right to be informed of such recipients. 

26. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that 

  • processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and 
  • processing is carried out using automated methods. 

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. 

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the responsible party. 

27. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The responsible party no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. 

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. 

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC. 

28. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

29. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision 

  • is necessary for the conclusion or performance of a contract between you and the person responsible, 
  • is admissible by law of the Union or of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or 
  • with your express consent. 

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. 

In the cases referred to in (1) and (3), the party responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the party responsible, to state his own position and to challenge the decision.

30. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Privacy Notice for California Residents

This Privacy Notice for California Residents supplements the information contained in Filestage Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Policy. Capitalized terms not defined herein have the same definitions as those in the Privacy Policy. 

Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information“) from some of its requirements. 

Information We Collect 

Per our Privacy Policy, we collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information“). Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. YES
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

We obtain the categories of personal information listed according to our Privacy Policy.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete below), we will disclose to you: 

  • The categories of personal information we collected about you. 
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information. 
  • The categories of third parties with whom we share that personal information.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: 
  • sales, identifying the personal information categories that each category of recipient purchased; and 
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. 
  • The specific pieces of personal information we collected about you (also called a data portability request). 

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete below), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: 

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et.seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by either:

  • Emailing us at privacy@filestage.io

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. 

You may also make a request to know or delete on behalf of your child by confirming your identity and relationship to the child. 

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
  • Identity document verification.
  • Using a third party identity verification service.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. 

You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us. 

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. 

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: 

  • Deny you goods or services. 
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
  • Provide you a different level or quality of goods or services. 
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Get your best work approved with Filestage

4.8 out of 5

4.8 out of 5

4.8 out of 5

Book a demo

✓ GDPR compliant ✓ Secure servers ✓ ISO 27017 certified data centers