Privacy Policy
General
This privacy policy applies to all online services of HIDDB KG.
This page is a translation and therefore legally not binding. Please refer to the original German version which you can find here
How is your personal data processed?
We store and use your personal data only for processing your orders and for contacting you. If you have subscribed to our newsletter, we also use your e-mail address to send it. If you have subscribed to hiddb.com, we will notify you of any error messages. You can apply for a job with us via our applicant portal and send us your application documents.
What categories of data do we collect?
Every time you visit our website, your IP address, among other things, is stored in anonymized form. If you register with us, your contact details will be stored. If you order products from us, your address and payment data are also stored. Specifically, we store the following data from you.
Registration data
As part of your registration with us, we need to collect and process certain personal data from you as your registration data. E.g. we need your name, address data, telephone number, payment data and e-mail address to process your orders. When paying by credit card, we do not collect or store any payment transaction information such as credit card numbers or verification numbers. You only provide this information directly to the respective payment service provider. An exception to this is a so-called pseudo card number for credit card payments: so that you do not have to re-enter your credit card details for each payment transaction, a pseudo card number is stored for your customer account. The pseudo card number only allows you to pay for offers on our website that are ordered from your customer account and is not identical to the credit card number. We delete this data within 24 months as soon as you delete your user account with us or when the legal retention period has expired. You can delete your user account with us by sending us an email to info@hiddb.com with the request for deletion. The legal basis for this processing is Art. 6 (1) lit. b DSGVO.
Email addresses
If you have subscribed to our newsletter or sent us an inquiry, we also store your email address. We delete this data when you delete your user account or when you have unsubscribed from the newsletter or the request has been processed. In order to ensure a consensual newsletter dispatch, we use the so-called double opt-in procedure. In the course of this, the potential recipient allows himself to be added to a distribution list. Subsequently, the user is given the opportunity to confirm the registration in a legally secure manner by means of a confirmation e-mail. Only if the confirmation is received, the address will be actively included in the distribution list. We use this data exclusively for sending the requested information and offers. Sendgrid is used as a service provider for automated electronic correspondence. In this process, your data is transmitted to Twilio Inc. Twilio is prohibited from selling your data and using it for purposes other than sending our automated electronic correspondence. For more information, please visit sendgrid.com. You can revoke your consent to the storage of data, e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe"-link in the newsletter. The legal basis for this processing is Art. 6 para. 1 lit. a or Art. 6 para. 1 lit. b DSGVO.
Data storage on the website
Whenever you visit our website, we automatically store certain data. This includes, among other things, IP address, type and version of the browser used, time, date, and website from which users come to our site. The IP address is stored anonymously. A personal reference can no longer be established. The legal basis for this processing is Art. 6 para. 1 lit. f DSGVO.
To whom do we disclose your data?
In addition to the controller, external service providers who assist us in providing our services may have access to your data. Occasionally, other third parties such as public authorities, external consultants or certain business partners may receive your data.
Specifically, these are: Service provision
As part of the service offered, customers have the option to create a database on our customer platform (dashboard). On the databases created in this way, the customer can upload data. We use an external service provider for storage. The data is transmitted to Hetzner Online GmbH, Industriestr. 25, D-91710 Gunzenhausen. This is a German provider which has been selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act. Privacy Policy: https://www.hetzner.com/de/legal/privacy-policy
Collection
In the event of collection, the necessary data will be passed on to an external service provider.
Third Countries
Data transfers to third countries take place in compliance with the legally regulated conditions of permissibility. If the transfer of data to a third country is not for the performance of our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims, and no other exemption applies, we will only transfer your data to a third country if an adequacy decision pursuant to Article 45 of the GDPR or appropriate safeguards pursuant to Article 46 of the GDPR are in place.
Other categories of recipients
Government bodies and courts
Where is your data processed?
The data uploaded by the user to our SaaS database is processed on European servers unless otherwise specified. The servers and services of the service provider SCALEWAY SAS BP 438 75366 PARIS CEDEX 08 in France are used for the management and storage of customer-related data.
Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected, or deletion is expressly requested (see below for this).
Cookies and right to object to direct marketing
"Cookies" are small text files that are stored on the user's computer. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or even after his or her visit within an online offering. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online store or a login jam can be stored. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies"). We may use temporary and permanent cookies and explain this in our privacy policy. As a rule, we only store so-called refresh tokens in cookies, which are used to maintain your login session. No personal data is stored in cookies. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer. Further details on cookies and information on where we use cookies can be found at https://hiddb.com/cookies
Status Page
If the user has registered on the dashboard to monitor the status of our services, the user's email address is forwarded to the external service provider. We use the software service Statuspage from Atlassian 350 Bush Street Floor 13 San Francisco, CA 94104 USA. Atlassian also processes your data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. You can find the privacy policy at https://www.atlassian.com/legal/privacy-policy
Communication Tool
We use the communication tool Help Scout. The service provider is the American company Helpscout Inc, BOSTEN, 100 CITY HALL Square 5th Floor, Massachusetts, USA. Help Scout also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. You can learn more about this at https://www.helpscout.com/company/legal/dpa/
OpenReplay
OpenReplay is an open source session replay software that we use to analyze how users use our platform. OpenReplay provides us with records for this purpose, which we can use to track the activities on the platform in the event of a problem ("bugs") and thus fix them. OpenReplay is configured with the following parameters so that all sensitive or personal data for recording is anonymized and made unrecognizable: Email addresses: Anonymized & Numbers/Numbers/Text: Anonymized. Due to this anonymization, only the pure course or action of the user and the occurrence of the bug are recorded and documented. Any personal data, other than that provided by the user during registration, is automatically anonymized and made unrecognizable. Furthermore, OpenReplay does not store any personal data.
Payment transactions:
For all payment transactions available atgen, the processing of the payment is carried out by an external service provider. For payment processing, your information is collected directly by the service provider Stripe Inc, 510 Townsend Street San Francisco, CA 94103 USA.
Website hosting:
We host our website on the Cloudflare software solution. The service provider is the American company Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA. Cloudflare also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. You can learn more about this at https://www.cloudflare.com/privacypolicy/
Social Media Data: Online presence in social media
We maintain online presences within social networks and platforms in order to communicate with our customers, interested parties and users and to inform them about our services there. When calling up the respective platforms, the terms and conditions and data processing policies of the respective operator apply. Unless otherwise stated in our privacy policy, we process the data of users insofar as they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages. The processing of users' personal data is based on our legitimate interests in providing users with comprehensive information and communicating with users pursuant to Art. 6 (1) lit. f. DSGVO. If the users are asked by the respective providers of the platforms for consent to the data processing, the legal basis of the processing is Art. 6 para. 1 lit. a. DSGVO.
Your rights as "data subject"
You have the right to information about the personal data we process about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you that proves that you are the person you claim to be. Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law. Furthermore, you have a right to object to processing within the scope of the law. The same applies to a right to data portability.
Right of complaint
You have the right to lodge a complaint about the processing of personal data by us with a data protection supervisory authority.
Voluntariness of data provision
There is no legal obligation for the provision of your data to HIDDB KG. However, you will not be able to use certain services from us if you do not provide us with your data. The provision of your data is entirely voluntary.
Last updated: 01 July 2022