Privacy Notice

(Status: 20.07.2020)

1. Contents, application and body responsible

The following statement provides you with information about the processing of your personal data when you visit our website, www.sovanta.com, when you contact us or when you subscribe to our newsletter. This data privacy statement also applies to our blog, https://blog.sovanta.com/. Some separate processing operations take place there, which we likewise explain below. Personal data include all information that relates to an identified or identifiable individual.

In our website and our blog, we have integrated various tools with which we can process data of our website visitors without them actively providing us with such.

Below, we explain to you in detail how we collect which data on which legal basis. Furthermore, we outline which rights you have and for how long your data are stored. Your data are processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German federal data protection act (BDSG) and the German telemedia act (TMG) as well as any other applicable statutory regulations.

The body responsible for the data processing is:

sovanta AG
X-House
Mittermaierstr. 31
69115 Heidelberg
Germany
Tel.: +49 (0)6221 18733-0
info@sovanta.com

You can contact our Data Protection Officer at:

sovanta AG
Data Protection Officer X-House
Mittermaierstr. 31
69115 Heidelberg
Germany
datenschutz@sovanta.com

2. Processing of your data if you contact us or in the event that an input form is used; processing of personal data from applicants

If you provide us with personal data by contacting us e.g. by e-mail, we process your data in accordance with art. 6 par. 1 p. 1 b) GDPR for the purpose of performing a contract or in order to take steps prior to entering into a contract at your request, or in accordance with art. 6 par. 1 p. 1 f) GDPR on the basis of our legitimate interest in responding to your enquiry.

If you provide us with your data and application documents via our input form on the Career page, we process your personal data on the basis of § 26 BDSG. According to this, processing is permitted for the data required in connection with the decision concerning establishment of an employment relationship.

Should the data be required after completion of the application process, such as for legal proceedings, then data processing may take place on the basis of the conditions of art. 6 GDPR and in particular for the protection of legitimate interests in accordance with art. 6 par. 1 p. 1 f) GDPR. Our interest here lies in the assertion or defence of claims.

In the event of rejection, your data will be erased after 4 months unless you have consented to longer-term storage in our applicant database.

3. Processing of your data in the case of enrolment or registration for seminars/webinars/events

Via our website, we offer seminars, webinars and other events (hereafter “events”). Enrolment for these is undertaken directly with our webinar provider. All data that we request for enrolment are used by us in accordance with art. 6 par. 1 p. 1 b) GDPR for the purpose of performing a contract or in order to take steps prior to entering into a contract, at your request, namely for completion of your enrolment for the respective event. Here, we request data that must essentially be provided and that we need for participation, which include your forename and surname and your e-mail address, as well as data that you can enter voluntarily. If you enter these, we also store them.

https://www.logmeininc.com/de/...

4. Consent to receiving further communications

On the contact form, if you consent to receiving further communications from us, we process all the data you have entered on the contact form for the purpose of sending further communications, although we store the message text only if we are able to send you more targeted communications because of this. In addition, we store your IP address in order to be able to prove your consent. After sending your enquiry, you will receive a confirmation e-mail in which you need to click on a link in order to actually receive the further communications. This confirmation e-mail is necessary so that we can verify you as the owner of the e-mail address entered. Only after clicking on this link will you receive further communications after the response to your enquiry.

You will then receive further communications about products, services and other content that may be of interest to you and that are connected with sovanta. We use a third-party provider to send these further communications. This provider has been carefully selected by us and we have concluded data privacy regulations with the same, so that we maintain ownership of your data. We analyse the click and opening rates of our communications, i.e. we record who has opened the newsletter and clicked on which link in it.

You can unsubscribe from the further communications at any time by contacting us by e-mail or by post at the aforementioned address. The revocation of your consent by unsubscribing from the further communications has no effect on the legality of the data processing up to the time of revocation. If you unsubscribe from the further communications, the data stored by us for the purpose of sending the further communications will be erased unless the erasure is in breach of retention obligations under data protection law.

5. Processing of your data by means of log files

On the basis of art. 6 par. 1 p. 1 f) GDPR, based on both our legitimate interest and that of our host provider in improving the stability and functionality of our website, our website uses so-called log files in which access data are stored every time a page is opened. The dataset stored here includes the following data:

· Your anonymised IP address, the date, the time, which file was accessed, the status, the enquiry made to the server by your browser, the volume of data transmitted and the website (referrer) from which you arrived on the requested page, as well as

· The product and version information of the browser used, your operating system and your home country.

The log data are used only in anonymised form, i.e. with no attribution or reference to your person, only for the purpose of being able to detect and if necessary to prevent attacks on our website. We reserve the right to store IP addresses in full in individual cases and to analyse these if certain facts give rise to the suspicion that users are using our websites and/or services illegally or uncontractually. The IP address will be anonymised as soon as we no longer require it.

6. Processing of your data by means of cookies and tags

a) Legal bases for the processing of your data

When you open our website, we inform you that we use cookies with which we process certain personal data for the purpose of configuration and optimisation of our marketing activities and for the compilation of statistics. To this end, in part, we use the tools described below, which are offered by third-party providers who can also use them to process your data. This all takes place on the basis of art. 6 par. 1 p. 1 f) GDPR, because we have a legitimate interest in tracking the activity on our website in order to compile statistics and generate marketing activities from this.

You can object to this as described below and thus prevent the processing of your personal data for the aforementioned purposes with effect for the future.

b) Data processing by Google Analytics and Google Tag Manager

On our website (but not in our blog), we use Google Analytics, a web analysis service from Google Ireland Limited (“Google”) based in Dublin, Ireland. Google Analytics uses so-called cookies. A cookie is a file that stores certain information on the access device of the user (PC, tablet, smartphone etc.). If our website is opened from the corresponding user device, our website server or the server of Google can analyse the information stored in the cookie in various ways. The information generated from the cookie is transmitted to and stored on a server of Google, which may be anywhere in the world. Google guarantees compliance with the legal framework conditions at all times in the case of transmission of personal data outside the European Union (EU) or the European Economic Area (EEA).

We use Google Analytics only with IP anonymisation activated. This means that Google truncates the IP address of users in member states of the European Union or in other signatory states to the agreement on the European Economic Area (only in exceptional cases is it possible that the full IP address will be transmitted to a server of Google in the USA and truncated only there).

You have the option to prevent the storage of cookies by means of a corresponding setting in your browser; please note that you may not be able to make full use of all the functions of this website in this case. Additionally or alternatively, the collection of the information generated by the cookie and its processing by Google can be prevented by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage.... This also represents an objection to the data processing by us.

Please note that the plugin must be downloaded separately for every browser you use, in order to prevent full coverage by Google Analytics.

Further information about data usage by Google as well as setting and objection options can be found in the data privacy statement of Google (https://policies.google.com/te...) and by Google users in the settings for the display of advertising by Google (https://adssettings.google.com...).

The Google Tag Manager is a solution from Google with which we are able to manage Website tags by means of an interface. Tags are small code elements on our website, which serve – among other things – to measure traffic and visitor behaviour, to record the effect of online advertising and social channels, to employ remarketing and focus on target groups, and to test and optimise our website. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and records no personal data. The tool allows the activation of other tags, which themselves may record data. Google Tag Manager does not access these data. If deactivation has been undertaken at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

If you deactivate tracking by Google Analytics (see above), you will also not be recorded by Google Tag Manager.

c) Google Ads

On the basis of art. 6 par. 1 p. 1 f) GDPR, as we have a legitimate interest in direct marketing, we also use a provision from Google on our website (but not for our blog), in order to draw attention to our provisions by means of advertisements on external websites. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising activities are. We are therefore pursuing the interest of showing you advertising that is of interest to you and therefore making our website more interesting for you. These means of advertising are delivered by Google via so-called “ad servers”. To this end, we use ad server cookies with which certain parameters for measuring success, such as the display of the advertisements or clicks by the user, can be measured. If you access our website via a Google advertisement, a cookie is stored on your PC by Google. Such cookies generally lose their validity after 30 days and should not allow personal identification of you. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) as well as opt-out information (marker that the user no longer wishes to be addressed) are generally stored with this cookie as analysis values. These cookies enable Google to recognise your internet browser again. If users visit certain pages on the website of a Google Ads customer and the cookies stored on their computer have not yet expired, Google and the customer are able to recognise that the user has clicked on the advertisement and been redirected to this page. Every Google Ads customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. We ourselves collect and process no personal data in the stated advertising activities. We receive only statistical analyses provided by Google. From these analyses, we can recognise which of the employed advertising measures are particularly effective. We receive no further data from use of the means of advertising and in particular we cannot identify users by means of this information.

Based on the marketing tools used, your browser automatically establishes a direct connection to the server of Google. We have no influence over the scope and further use of the data collected by Google through the use of this tool and we are therefore providing you with information according to our knowledge: by integrating Google Ads Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered for a service from Google, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for Google to find out and store your IP address.

You can prevent participation in this tracking process in various ways and thus object to the processing of your data for direct marketing purposes: a) by means of a corresponding setting in your browser software, blocking third-party cookies in particular means that you will receive no advertisements from third-party providers; b) by deactivating the cookies for conversion tracking, by setting your browser such that cookies from the domain www.googleadservices.com are blocked, in https://www.google.de/settings..., although this setting is erased when you delete your cookies; c) by deactivating interest-based advertisements from the providers who are part of the self-regulation campaign “About Ads”, using the link http://www.aboutads.info/choic..., although this setting is erased when you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings.... In this case, please note that you may not be able to use all the functions of this provision in full.

Further information about data privacy at Google can be found here: http://www.google.com/intl/de/...and https://services.google.com/si....

In addition to Google Ads Conversion Tracking, we use the application Google Remarketing. This is a process by means of which we would like to contact you again. With this application, you can be shown our advertisements after visiting our website, when you continue to use the internet. This is done by means of cookies stored in your browser, from which your user behaviour when you visit various websites is recorded and analysed by Google. Google can therefore detect your previous visit to our website. According to its own statements, Google does not amalgamate the data collected in the course of the remarketing with your personal data that Google might have stored. If you prevent conversion tracking using the methods described above and thus object to the processing of your data for direct marketing purposes, they can also not be collected by Google Remarketing.

d) Data processing by HubSpot

For the purposes of analysis on our website and in our blog, we use a service from HubSpot Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA (“HubSpot”). Cookies set here (see b) are stored on your computer and allow us to analyse your visit to the website. On our behalf, HubSpot analyses the information recorded (e.g. IP address, geographical location, browser type, visit duration and pages viewed) in order to generate reports on the visit and on the visited pages of sovanta AG. Further information about how HubSpot works can be found in the data privacy statement of HubSpot Inc., which is available at: http://legal.hubspot.com/de/pr....

In accordance with implementing decision (EU) 2016/1250 of the Commission on 12.07.2016, the transmission of data is permitted from a body responsible for the processing or a contract processor in the EU to organisations in the USA that have undertaken by means of self-certification with the USA Department of Commerce to comply with the framework principles of the EU/US Privacy Shield including the additional principles. By means of self-certification with the USA Department of Commerce, HubSpot has undertaken to comply with these principles.

You can prevent participation in this tracking process and thus object to the processing of your data for direct marketing purposes by preventing the setting of cookies and other tracking tools with a corresponding setting in your browser software.

7. Google Maps

On our website, we also use the Google service Google Maps, a provision from Google Ireland Limited (“Google”) based in Dublin, Ireland. By integration of the service, data from our website visitors can be transmitted to Google. This processing takes place on the basis of art. 6 par. 1 p. 1 f) GDPR on the basis of our legitimate interest in making our website provision more attractive for our website visitors. Google Maps offers an interactive map with which our website visitors are able to see our location conveniently and to plan routes. The Google servers are all over the world. For the transmission of personal data outside the European Union (EU) or European Economic Area (EEA), Google ensures attention at all times to compliance with the legal framework conditions.

For further information about the handling of data by Google, please refer to the data privacy statement of Google: https://policies.google.com/pr....

8. Google Web Fonts

For the consistent display of fonts, our website uses so-called web fonts, which are provided by Google. When one of our web pages is opened your browser loads the required web fonts into your browser cache, in order to display text and fonts correctly. If your browser does not support web fonts, a standard font from your computer is used. We have installed the web fonts on our website server, so that no communication with Google servers and accordingly no data transmission to Google takes place here.

9. Use of Vimeo plugins

On our website (not in our blog), we use plugins from provider Vimeo, Inc. of registered office 555 West 18th Street, New York, New York 10011, USA (“Vimeo”) for the integration of videos. On our website, if you open the internet pages that have such a plugin, a connection to the Vimeo servers is established and the plugin is shown. This transmits to the Vimeo server which of our internet pages you have visited. If you are logged in as a Vimeo member (which is naturally not necessary simply to view one of our videos), Vimeo assigns this information to your personal user account. When the plugin is used, e.g. by clicking on the start button of a video, this information is likewise assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our internet page and by deleting the corresponding cookies. Further information about data processing and information about data privacy from Vimeo can be found at https://vimeo.com/privacy.

This data transmission to Vimeo takes place on the basis of art. 6 par. 1 p. 1 f) GDPR on the basis of our legitimate interest in making our website provision more attractive for our website visitors and linking our website to our video channel with Vimeo.

In accordance with implementing decision (EU) 2016/1250 of the Commission on 12.07.2016, the transmission of data is permitted from a body responsible for the processing or a contract processor in the EU to organisations in the USA that have undertaken by means of self-certification with the USA Department of Commerce to comply with the framework principles of the EU/US Privacy Shield including the additional principles. By means of self-certification with the USA Department of Commerce, Vimeo has undertaken to comply with these principles.

10. Use of VidYards

In our blog (not on our website), we use plugins from provider Buildscale Inc., 8 Queen St. N, Unit #1, Kitchener, ON, Canada, N2H 2G8, for the integration of videos.

11. Information about the security of your data

We have taken technical and organisational precautions to protect your data from loss, destruction, manipulation and unauthorised access. All our staff and everyone involved with our data processing are obliged to comply with GDPR, BDSG-new and other laws relating to data protection and to handle personal data confidentially.

In the case of collection and processing of personal data, the information is transmitted in encrypted form, in order to prevent misuse of the data by third parties. Our precautions are continuously reviewed in accordance with technological developments.

12. Categories of data recipient; data transmissions to a third country

In addition to the service providers mentioned in this data privacy statement, other service providers and agents employed by us in connection with the website and our systems, e.g. host providers, agencies, IT service providers or e.g. mail service providers for sending the newsletter, may have access to your personal data. If these service providers and agents are working on our behalf, however, they act only in accordance with instructions and have a corresponding contractual obligation to us. This also applies for service providers based in a third country (a state outside the EU or EEA).

Data transmission to a third country may also take place in the cases mentioned in §§ 5, 6 and 8 of this data privacy statement.

13. Your rights

In accordance with art. 15 GDPR, you have the right to obtain information free of charge concerning the personal data stored about you. You additionally have the right in accordance with art. 16, 17 and 18 GDPR to rectification of incorrect data and to blocking and erasure of your personal data. Under the conditions set in art. 20 GDPR, you are moreover entitled to receive the stored personal data concerning you in a structured, commonly used and machine-readable format and to transmit these data to another controller without hindrance from us. Moreover, in accordance with art. 21 par. 1 GDPR, you are entitled to file an objection to the processing of personal data concerning you that is undertaken on the basis of art. 6 par. 1 p. 1 e) or f) GDPR, including profiling, for reasons based on your specific situation. If your personal data are processed for direct advertising purposes, you have the right to object to the processing of your data for such advertising, including profiling if this is connected with such direct advertising, in accordance with art. 21 par. 2 GDPR.

We will fulfil your aforementioned rights as long as the statutory conditions for assertion of the rights are met.

Please address any requests concerning your personal data to our Data Protection Officer, whose contact details are indicated at the start of this data privacy statement.

Every data subject moreover has the right to file a complaint with a data protection supervisory authority about the processing of data by us.

14. Duration of storage and routine erasure

Unless explicitly specified in this data privacy statement, we process and store personal data only for the period required in order to achieve the purpose of the processing or if specified in laws or regulations to which we are subject. If the storage purpose ceases to exist or if a statutory retention period expires, the personal data are blocked or erased routinely and in accordance with the statutory provisions.