Privacy Policy

The following data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, apps and external online presences, such as our social media profiles.

The protection of users’ and customers’ personal data is of the utmost importance to us. Our data protection policy is in line with the provisions of the EU Data Protection Regulation (EU GDPR) and the UK Data Protection Regulation (UK GDPR). If you are located in the European Economic Area, we will generally transfer your personal data to third countries (e.g. USA) in accordance with the standard contractual clauses for the transfer of personal data. This privacy policy explains what data is stored by us and how it is used.

In addition to the EU GDPR and the UK GDPR, we comply with all data protection laws that apply to us.

We reserve the right to update and/or modify this Privacy Policy from time to time in the future. Please visit this website periodically to be notified of any such changes.

Content

Part I – Information about the responsible person and his representative. 2

Name and contact details of the person responsible: 2

Contact details of the data protection officer of the data controller: 2

Contact details of the representative in the United Kingdom: 2

Part II – Information on the processing of personal data. 2

What types of data do we collect, how do we collect it and for what purpose?. 2

  1. Interested parties, online offers. 2
  2. Advisor. 5
  3. Customers. 7

Part III – Information on data subjects’ rights. 9

Part IV – Use of cookies. 9

General 9

Service provider / processor 10

Existence of automated decision making. 17

Payment procedure. 17

Services used and service providers: 18

Part V – California, USA (CCPA). 19

Part VI – Brazil (LGPD). 22

Part VII – SOCIAL MEDIA PRIVACY STATEMENT.. 23

Part I – Information about the responsible person and his representative

Name and contact details of the person responsible:

adviqo GmbH

Max-Dohrn-Str. 8 – 10, D10590 Berlin
Phone +49 (0)30 22445 0
Fax +49 (0)30 224455-9100
E-mail: [email protected]
Website: www.adviqo.com

Contact details of the data protection officer of the data controller:

Data protection

c/o adviqo GmbH

Max-Dohrn-Straße 8 – 10, 10589 Berlin

[email protected]

Contact details of the representative in the United Kingdom:

For the application of the UK General Data Protection Regulation (UK GDPR), adviqo GmbH is the data controller. Our representative in the United Kingdom is the

 

adviqo UK Limited

Anglia House, 6 Central Avenue, St Andrews Business Park,

Thorpe St. Andrew, Norwich, Norfolk, NR7 0HR, United Kingdom

Part II – Information on the processing of personal data

What types of data do we collect, how do we collect it and for what purpose?

A.   Interested parties, online offers

1.  Obligation to provide the data:

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data. However, in the event that the data is not provided, full use of our website is not possible.

2.   Purposes and legal basis:

The processing of users’ personal data is based on our overriding legitimate interest. For the provision of this website, it is technically necessary that we process certain personal data (e.g. the IP address, log files). For your communication, it is necessary that we handle your respective personal data.

Within the framework of the necessary balancing of interests, we have weighed up your interest in confidentiality and our interests in providing this website and contacting you. In each case, your interest in confidentiality takes a back seat. Otherwise, we would not be able to provide you with this website with a secure IT infrastructure or respond to your contact request.

The processing of personal data is also necessary for the implementation of pre-contractual measures that take place at the request of the user, such as customer service, as well as the processing of the contract including billing.

You can register for our newsletter on our website by giving the corresponding consent. For this purpose, we collect the personal data that you enter in the registration form. Your consent is the legal basis for our data processing. You can revoke your consent at any time with effect for the future.

Cookies are data records that are stored by a web server on the end device (e.g. computer, smartphone, tablet) of the user. These are sent back either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”) when our website is called up again with the same end device.

The storage of information in your terminal equipment or the access to information already stored in your terminal equipment is absolutely necessary so that we can provide the telemedia service expressly requested by you as a user (Section 25 (2) No. 2 TTDSG).

Otherwise, the legal basis is generally your consent in each case if no specific legal basis is stated below. You can revoke your consent at any time, e.g. by deleting cookies set via the browser settings of your end device. Please note that for technical reasons, this procedure only applies to the specific end device used.

3.   Recipient:

Due to our global business activities, your personal data will also be transferred to affiliated companies, among others. “Affiliated companies” are legally independent companies that are affiliated with us under company law (cf. §§ 15 ff AktG) and/or are part of the same group of companies. For the purposes of data transfer, this refers to viversum GmbH (Germany), Ingenio Europe GmbH (Germany), Barges Technologies, Inc (USA), Horoscope.com Inc. (USA), Peer Labs LLC (USA) and Ingenio, LLC (USA).

We use service providers in the provision of our services and our presence. Data is therefore transferred, for example, to IT service providers, archiving service providers, external lawyers, external tax consultants and external auditors. These service providers are contractually or legally obliged by us to exercise the same care in processing personal data as we do ourselves.

We may be required to disclose information to courts, authorities, the government or the police.

4.  Data transfer to third countries:

Data is transferred to third countries outside the European Union (e.g. to the USA and the UK). This generally takes place on the basis of contractual regulations provided for by law and, where applicable, supplementary technical-organisational guarantees which are intended to ensure adequate protection of your data and which you can view on request. In certain cases, we may also base such data transfer on consent.

Due to our global operations, your personal data will also be transferred to, among others, affiliates outside the EEA. In some cases, employees of certain service providers may also be located outside the EEA.

We have entered into a data transfer agreement with our affiliated companies that governs the cross-border transfer of your personal data within the group. This agreement is based on the standard contractual clauses of the EU Commission, which you can view here  https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de.

Where third parties transfer your personal data outside the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, for example by entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection regimes.

5.      Storage period:

IP addresses are anonymised after 24 hours at the latest. Pseudonymous usage data is deleted after six months. If we do not provide you with explicit information on the storage period of permanent cookies, the storage period can be up to two years.

We do not keep your personal data longer than is necessary for the purpose for which the data is processed. However, please note that we must retain personal data if there is a legal obligation to retain it, e.g. in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO).

We store your data,

-if you have consented to the processing, at most until you withdraw your consent,

-if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or statutory retention periods run,

-if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or pseudonymisation does not outweigh this.

B.   Advisor

1.   Obligation to provide the data:

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data. However, in the event that the data is not provided, an advisory service is not possible.

2.   Purposes and legal basis:

The processing of personal data of advisors is carried out for the initiation, implementation and execution of the corresponding advisor contract. This enables the identification of the advisor, the establishment of contact and the implementation of pre-contractual measures. The processing also serves the purpose of corporate communication.

The processing of personal data of consultants is carried out for the fulfilment of legal obligations for proper accounting in coordination with external tax consultants and/or auditors, as well as commercial and tax law retention obligations.

The processing of personal data of consultants is also based on our overriding legitimate interest. It is necessary for us to handle your personal data for the documentation and possible evidence to courts or authorities.

Within the framework of the necessary balancing of interests, we have weighed up your interest in confidentiality and our interest in enabling effective documentation and evidence. In each case, your interest in confidentiality takes a back seat. Otherwise, we would not be able to comply with any justifications we may have to state institutions.

3.   Recipient:

 Due to our global business activities, your personal data will also be transferred to affiliated companies, among others. “Affiliated companies” are legally independent companies that are affiliated with us under company law (cf. §§ 15 ff AktG) and/or are part of the same group of companies. For the purposes of data transfer, this refers to viversum GmbH (Germany), Ingenio Europe GmbH (Germany), Barges Technologies, Inc (USA), Horoscope.com Inc. (USA), Peer Labs LLC (USA) and Ingenio, LLC (USA).

We use service providers in the provision of our services. A transfer of data therefore occurs to shipping service providers, IT service providers, accounting service providers, archiving service providers, external lawyers; external tax consultants and external auditors. These service providers are contractually or legally obliged by us to exercise the same care in processing personal data as we ourselves do.

In certain circumstances, we may be required to disclose information to courts, authorities, the government or the police.

4.   Data transfer to third countries:

Due to our global business operations, your personal data will also be transferred to, among others, affiliated companies outside the EEA. Similarly, employees of certain service providers may be located outside the EEA.

We have concluded a data transfer agreement with our affiliated companies which regulates the cross-border transfer of your personal data within the group. This agreement is based on the EU Commission’s standard contractual clauses, which you can view and, if necessary, download here  https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de. If third parties transfer your personal data outside the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, for example by entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection regimes.

5.   Storage period:

We do not keep your personal data longer than is necessary for the purpose for which this personal data is processed. However, please note that we must retain personal data if there is a legal obligation to retain it, e.g. in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO).

We store your data,

-if you have consented to the processing, at most until you withdraw your consent,

-if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or legal retention periods run,

-if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or pseudonymisation does not outweigh this.

Applicant data for a position as a consultant will be automatically deleted after 6 months if no contract is concluded.

C.   Customers

1.   Obligation to provide the data:

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data. However, if the data is not provided, it is not possible to use our service or create a customer account.

2.   Purposes and legal basis:

The processing of personal data is carried out for the initiation, implementation and execution of the corresponding contract. This enables the identification of the customer, the establishment of contact and the implementation of pre-contractual measures. The processing of personal data is also necessary for the implementation of pre-contractual measures that take place at the request of customers, such as customer service.

The processing of personal data of customers is carried out in order to fulfil the legal obligations for proper accounting in coordination with external tax advisors and/or auditors, as well as commercial and tax law retention obligations.

The processing of customers’ personal data is also based on our overriding legitimate interest. For the provision of this website it is technically necessary that we process certain personal data (e.g. the IP address). For your communication, it is necessary that we handle your respective personal data.

Within the framework of the necessary balancing of interests, we have weighed up your interest in confidentiality and our interests in providing this website and contacting you. In each case, your interest in confidentiality takes a back seat. Otherwise, we would not be able to provide you with this website or respond to your contact request.

3.   Recipient:

Due to our global business activities, your personal data will also be transferred to affiliated companies, among others. “Affiliated companies” are legally independent companies that are affiliated with us under company law (cf. §§ 15 ff AktG) and/or are part of the same group of companies. For the purposes of data transfer, this refers to viversum GmbH (Germany), Ingenio Europe GmbH (Germany), Barges Technologies, Inc (USA), Horoscope.com Inc. (USA), Peer Labs LLC (USA) and Ingenio, LLC (USA).

We use service providers in the initiation, execution and processing of our contracts and the provision of our services. A transfer of data therefore occurs to postal, forwarding and shipping companies, IT service providers, accounting service providers, archiving service providers, external lawyers, external tax consultants or external auditors. These service providers are contractually or legally obliged by us to exercise the same care in processing personal data as we ourselves do. In certain circumstances, we may be required to disclose information to courts, authorities, the government or the police.

4.   Data transfer to third countries:

Data is transferred to third countries outside the European Union (e.g. to the USA and the UK). This takes place on the basis of contractual regulations provided for by law and, if necessary, supplementary technical-organisational guarantees which are intended to ensure adequate protection of your data and which you can view on request.

We have concluded a data transfer agreement with our affiliated companies and service providers which regulates the cross-border transfer of your personal data within the group. This agreement is based on the standard contractual clauses of the EU Commission, which you can view and, if necessary, download here  https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de.

Where third parties transfer your personal data outside the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, for example by entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection regimes.

5.   Storage period:

We do not keep your personal data longer than is necessary for the purpose for which this personal data is processed. Please note, however, that we must retain personal data if there is a legal obligation to retain it, e.g. pursuant to Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO).

We store your data,

-if you have consented to the processing at most until you withdraw your consent,

-if we need the data to perform a contract, at most for as long as the contractual relationship with you exists or statutory retention periods run,

-if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or pseudonymisation does not outweigh this.

Part III – Information on d
ata subjects’ rights

Rights of the data subject to information as well as to rectification or erasure or to restriction of processing or a right to object to processing as well as the right to data portability:

 

If your personal data is processed, you are a data subject within the meaning of the GDPR. As a data subject, you have the right – partly under certain conditions,

  1. request information about the processing of your data,
  2. have your data corrected and/or completed,
  3. Have your data deleted or blocked,
  4. restrict the processing of your data,
  5. object to the processing of your data,
  6. Receive your data in a transferable format and transmit it to a third party,
  7. revoke your consent to the processing of your data for the future; and
  8. complain to the competent supervisory authority about unlawful data processing. The competent supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information.
Part IV – Use of cookies

General

Our website uses cookies and other identifiers. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. When our website is called up again with the same terminal device, these are sent back either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”). Some providers we use also process your personal data outside the EU/EEA.

We use Usercentrics as a cookie management tool. You will find an overview of cookies and identifiers in this tool.

Legal basis

The legal basis for the use of technically necessary cookies/identifiers is our legitimate interest (Art. 6 para. 1 lit. f) GDPR). The storage of information in your terminal equipment or the access to information already stored in your terminal equipment is absolutely necessary so that we can provide the telemedia service expressly requested by you as a user (Section 25 (2) no. 2 TTDSG).

In addition, the legal basis is generally your consent (Art. 6 para. 1 lit. a) GDPR, § 25 para. 1 TTDSG). You can revoke your consent at any time, e.g. by deleting cookies set via the browser settings of your end device. Please note that for technical reasons, this procedure only applies to the specific end device used. This may restrict the functionality of our online offer.

Service provider/processor

1.      Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law.

Usercentrics is used to obtain consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR, § 25 para. 1 p. 2 TTDSG.

Service provider: User centric GmbH, Rosental 4, 80331 Munich, Germany

Website: https://usercentrics.com/de/

Privacy policy: https://usercentrics.com/de/datenschutzerklaerung/

Disclosure and processing of personal data: http data (IP address, information about your browser, information about your terminal device, time of your visit to the website, operating system used), storage of cookie consent.

Legal basis for processing: legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR

2.      Amazon Web Services

We use the “S3” product from Amazon Web Services, Inc. for hosting and distributing website content. (“AWS”). AWS processes our data on our behalf. Hosting takes place exclusively in the AWS data centre in Frankfurt am Main.

Service Provider: Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, USA

Website: https://aws.amazon.com/de/

Privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr

Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): https://d1.awsstatic.com/Processor_to_Processor_SCCs.pdf, https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf

Legal basis for processing: legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR; if a corresponding consent was requested Art. 6 para. 1 lit. a) GDPR

3.      Heroku

We use a hosting server to process and store your data. Heroku is a subsidiary of salesforce.com, inc or an affiliate of that company (“salesforce.com”). The servers and databases provided by Heroku are located in Ireland/Europe and are subject to European data protection laws. For more information on Heroku’s privacy policy, please see

Service Provider: Heroku, Inc, 650 7th St, San Francisco, CA 94103

Parent company: salesforce.com, inc

Website: www.heroku.com

Privacy policy: https://www.heroku.com/policy/privacy/.

Legal basis for processing: legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR

4.      MongoDB

We use Atlas by MongoDB, Inc. as our central database. Apart from the pseudonymised Blinkist ID, no other personal user data is stored in the Atlas database.

Service Provider: MongoDB, Inc, 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Ireland

Website: www.mongodb.com

Privacy policy: https://www.mongodb.com/legal/privacy-policy.

Legal basis for processing: legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR

5.      Use of Facebook Custom Audiences and Facebook Visitor Action Pixel

Furthermore, we use so-called retargeting technologies. This technology makes it possible to address internet users who have already shown interest in our offer, as well as internet users to whom this probably also applies, with advertising on the websites of our partners (e.g. Facebook). The display of these advertisements on our partners’ sites is based on cookie technology and an analysis of previous user behaviour. This form of advertising is pseudonymous. The use of retargeting technology is carried out in compliance with the applicable legal data protection regulations.

Specifically, we use Custom Audiences from Facebook on this website. For this purpose, so-called Facebook pixels are integrated on our websites, which mark you as a visitor to our website in pseudonymised form. If you are later logged into Facebook, a non-reversible and thus non-personal checksum (profile) from your usage data is transmitted to Facebook for analysis and marketing purposes. We also provide Facebook with hashed, i.e. pseudonymised, email addresses of our users.

With your consent, we use the “visitor action pixel” of Facebook Inc. within our website. With its help, we can track the actions of users after they have seen or clicked on an advertisement. This enables us to record the effectiveness of the advertisements on the aforementioned platforms for market research purposes. The data collected in this way is anonymous for us, which means that we do not see the personal data of individual users. However, this data is stored and processed by the respective platform provider, about which we inform you according to our state of knowledge.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s device), event data (Facebook) (“event data” is data that may be transmitted, e.g. via Facebook Pixel (via apps or other means), from us to Facebook and relates to individuals or their actions; the data includes e.g.. Event data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not include login data or interaction data, e.g. comments under an embedded post; event data also does not include contact information (i.e. data that (clearly) identifies data subjects, such as names, email addresses and telephone numbers).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioural marketing, profiling (creation of user profiles), targeting (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR), § 25 para. 1 p. 2 TTDSG

6.      Applift

We continue to use the services of the company ME mobile GmbH. This service provider also only uses pseudonymous data to improve our offer.

Service provider: ME mobile GmbH, Karl-Liebknecht-Straße 32, 10178 Berlin

Website: https://applift.com/

Privacy policy: https://applift.com/privacy-policy

Legal basis for processing: legitimate interest pursuant to Art. 6 (1) f) GDPR

7.      Braze

To send push messages in the Android and iOS apps, the service Braze is used, a programme by Braze Inc. Braze stores data about the use of the app under an anonymised ID, but no personal data.

Service Provider: Braze Inc. NYC, 318 West 39th Street, 5th Floor, New York, NY 10018, USA

Website: www.braze.com

Privacy policy: https://www.braze.com/privacy

Disclosure and processing of personal data: Email, push tokens, interaction data and IP address

Legal basis for processing: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR), § 25 para. 1 p. 2 TTDSG

8.      Vonage APIs (formerly Nexmo)

Verification of a mobile number

To ensure that all relevant information is received via SMS, the mobile number is verified by the provider Vonage through an opt-in procedure.

Contact through the mobile number

As soon as the mobile number is verified, we store it in our database. It is not publicly viewable.

Service Provider: Vonage Limited, 25 Canada Square Level 37, London, England E14 5LQ

Website: www.vonage.com

Privacy policy: www.vonage.com/privacy-policy

Disclosure and processing of personal data: Inventory data (e.g. names), contact data (e.g. telephone numbers)

Legal basis for processing: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR), legitimate interest (Art. 6 para. 1 p. 1 lit. f) GDPR)

9.      Google Cloud Platform (GCP)

We use the Google Cloud for hosting. For hosting in the Google Cloud (Google Cloud Platform, GCP), the Frankfurt, Germany region is used (europe-west3). However, the Google Cloud works on the principle of a multi-tenant environment, so that data is replicated between several geographically distributed data centres (data centre resilience).

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA

Website: www.google.com

Privacy policy: https://policies.google.com/privacy

Legal basis for processing: legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR

10.   Google Firebase

We use the tool Firebase in our app. This is a real-time database that we use for real-time data exchange and storage in our app to improve and further develop our app. The user data is transmitted anonymously to Firebase.

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website: https://marketingplatform.google.com

Privacy policy: https://policies.google.com/privacy

Types of processing and data processed: https://privacy.google.com/businesses/adsservices

Data processing terms and conditions for Google advertising products and standard contractual clauses for third country data transfers: https://business.safety.google/adsprocessorterms

11.   Newsletter distribution through Emarsys (email marketing)

Emarsys eMarketing Systems AG is an Austrian company based in Berlin that provides the software and infrastructure for sending consent-based electronic messages. Emarsys is aware of its responsibility towards the recipients of such messages and has a zero-tolerance spam policy.

Analysis and performance measurement:

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server.

The information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients, but it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. Rather, we use the analyses to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

A separate revocation of the performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be cancelled or must be contradicted.

Prerequisite for the use of free services: Consent to send mailings may be made conditional as a prerequisite to avail of free services. If users wish to take advantage of the free service without subscribing to the newsletter, please contact us.

Service provider: Emarsys eMarketing Systems AG, Stralauer Platz 34, 10243 Berlin

Website: www.emarsys.com

Privacy policy: https://www.emarsys.com/en/privacy-policy/.

Disclosure and processing of personal data: Browser data, IP address and the time of the retrieval

Legal basis for processing: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR), § 25 para. 1 p. 2 TTDSG

Opt-out/unsubscribe: If you no longer wish to receive our newsletter, you can unsubscribe at any time by clicking on the unsubscribe link contained in each mailing.

12.   Mailchimp (email marketing)

We use the list provider MailChimp to send our newsletter.

The data stored during registration is transmitted to Rocket and stored by Rocket. The data entered during registration will not be transmitted to other third parties. After registration, MailChimp will send you an email to confirm your registration. Furthermore, MailChimp offers various analysis options on how the newsletters sent are opened and used, e.g. to how many users an email was sent, whether emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are only group-related and are not used by us for individual evaluation. MailChimp also uses the Google Analytics analysis tool from Google, Inc and may integrate it into the newsletters. Further details on Google Analytics can be found in this privacy policy under “Google Analytics”.

Service provider: “Mailchimp” – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA

Website: https://mailchimp.com

Privacy policy: https://mailchimp.com/legal/privacy/

Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): https://mailchimp.com/legal/data-processing-addendum/

Special safety measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/

13.   SurveyMonkey

We use the “SurveyMonkey” service for surveys and feedback evaluations.

Service Provider: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland

Website: https://www.surveymonkey.de

Privacy policy: https://www.surveymonkey.de/mp/legal/privacy/

Legal basis for processing: legitimate interest pursuant to Art. 6 (1) f) GDPR

14.   Youtube

We use the provider YouTube, among others, for the integration of videos.  When you call up the Internet pages of our website that are provided with a plugin – for example, our media library – a connection is established to the YouTube servers and the plugin is displayed. This transmits to the YouTube server which of our Internet pages you have visited. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of the companies YouTube LLC and Google Ireland Ltd. before using our website and deleting the corresponding cookies of the companies.

 

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website: https://www.youtube.com

Privacy policy: https://policies.google.com/privacy

Possibility of objection (opt-out): https://tools.google.com/dlpage/gaoptout?hl=de

Settings for the display of advertisements: https://adssettings.google.com/authenticated

15.   Freshdesk

When contacting us (e.g. by contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

Service Provider: Freshworks, Inc, 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403, USA.

Website: https://www.freshworks.com

Privacy policy: https://www.freshworks.com/privacy/

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms)

Affected persons: Communication partner

Purposes of processing: contact requests and communication

Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interest (Art. 6 para. 1 p. 1 lit. f) GDPR)

16.   Native Google & Apple Store

If you download our app, the necessary information is transferred to the respective app store. However, we have no influence on this data collection, as this is carried out by the respective app store operator. We process the data provided to the extent necessary for downloading the app to your mobile device (e.g. smartphone or tablet). They are not stored by us beyond this. In this context, please also note the data protection information of the app store operators:

Service Provider: Apple Inc, 1 Infinite Loop, Cupertino, CA 95014, USA

Website: www.apple.com

Privacy policy: https://www.apple.com/de/privacy/privacy-policy

Disclosure and processing of personal data: User name, e-mail address, time of download and the individual device identification number.

Service Provider: Google Ireland Gordon House, Barrow Street, Dublin 4, Ireland

Website: www.google.de

Privacy policy: https://www.google.de/intl/de/policies/privacy/

Disclosure and processing of personal data: User name, e-mail address, time of download and the individual device identification number.

Existence of automated decision making

No automated decision-making takes place.

Payment procedure

In the context of contractual and other legal relationships, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively “payment service providers”).

The data entered is only processed by the payment service providers and stored with them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and the data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

  • Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: Customers, interested parties.
  • Purposes of processing: provision of contractual services and customer service.
  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
Services used and service providers:

  1. PayPal

Payment services and solutions (e.g. PayPal, PayPal Plus, Braintree)

Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

Website: https://www.paypal.com/de

Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

  1. Adyen

Payment services

Service provider: Adyen BV, Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam, The Netherlands

Website: www.adyen.com

Privacy policy: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy

  1. Google Pay

Payment services

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website: https://pay.google.com/intl/de_de/about/

Privacy policy: https://policies.google.com/privacy

Part V – California, USA (CCPA)

This section applies only to you if you are a resident of the State of California in the U.S. and applies only to personal information for which we have a “business” (as defined in the CCPA) and not to personal information we collect from you as part of our services to you if you are an employee, owner, director, officer or contractor of a business, partnership, sole proprietorship, non-profit organisation or government agency. It applies to personal information we collect from California residents on or through our Services and in other ways (e.g., offline or in-person data collection).

  1. Overview of the personal data we collect about you

For individuals residing in California, the California Consumer Privacy Act (CCPA) requires disclosure of the categories of personal information we collect and how we use it, the categories of sources from which we obtain personal information, and the third parties to whom we disclose that information. We are keen to keep the information simple for our users. The categories are set out below as required by the CCPA. Please see our Privacy Policy for examples and more information about how we collect and use information.

Depending on how you interact with us, we may collect the following categories of data as set out in the table below.

Any personal data we collect about you (as set out below) comes from the source categories below:

  • From you, including through your use of our Services
  • Automatically recorded by you
  • Our Group companies
  • Third parties (for example, if you give permission to social networks to share your data with us or if you have made that data publicly available online).
Categories of personal data we collect Categories of third parties with whom we share this data
Identifiers (such as name, address or email address) – Third parties (such as our service providers)

– Aggregators (such as analytics services)

Activities on the internet or other networks or devices (such as browsing history) – Third parties (such as our service providers)

– Aggregators (such as analytics services)

Location data (for example, obtained by inferring your IP address) – Third parties (such as our service providers)

– Aggregators (such as analytics services)

Classifications protected by law (such as gender and marital status) Third parties (such as our service providers)

Other data that identifies you or can be linked to you in a meaningful way – Third parties (such as our service providers)

– Aggregators (such as analytics services)

  1. Categories of business purposes for our use of your data

All categories of personal data we collect about you (as detailed in the above) will be used for the following purposes:

  • Error detection, error reporting and activities to maintain the quality or safety of our services.
  • Auditing consumer interactions on our website
  • Other uses of which we will inform you
  1. Rights and choices in California

Subject to certain limitations, if you are a California resident, you have the right to request the following from us:

Disclosure of the personal data we collect about you, deletion of all our data collected about you or stored by you. In addition, you may object to the sale of your personal information. As a California resident user, you also have the right to designate an agent to exercise these rights on your behalf.

This section describes how you exercise these rights and how we deal with requests made to us, in particular to verify your identity. If you would like more information about your rights under applicable law, or if you would like to exercise any of these rights, please contact us at [email protected].

  1. Accessing and deleting your personal data
  1. right to request access to your personal data

As a California resident user, you have the right to request that we disclose the categories of your personal information that we collect, use or sell. You also have the right to request certain partial disclosures of the personal information we collect about you. However, we are entitled to withhold information the disclosure of which poses too great a risk to you or your personal data (for example, in the case of financial data or passwords).

  1. right to request the deletion of your personal data

You have the right to request that we delete all personal data that we have collected about you/from you.

However, we may withhold certain personal data under applicable law, including personal data necessary to fulfil the following purposes: Providing our Services; Protecting our business and system from fraudulent activity; Identifying and correcting errors that affect existing functionality; Exercising freedom of expression or other rights as necessary for us or others; Complying with law enforcement requests under a lawful process; For scientific or historical research; For our own internal purposes that are reasonably related to your relationship with us; or To comply with legal requirements. We need certain types of data to enable us to provide our services to you. If you want us to delete it, you may no longer have access to our services.

Users residing in California may exercise their privacy rights granted by the State of California by sending their request by email to [email protected].

  1. Identification

 

Also, for security reasons, we may request supplemental information from you that is necessary to verify your identity when you apply to exercise your privacy rights in California.

If we have reason to believe that the security of your account has been compromised, depending on the nature of the request and the sensitivity of the information requested, we will request further information from you to check against the records we hold to verify your identity.

If you would like to exercise any of the rights listed here and you do not have an account with us, please contact us by email at [email protected]. We will then request further data to carry out the identity check, if possible.

  1. Sale of personal data

The CCPA requires companies that “sell” personal information (as that term is defined in the CCPA) to give California residents the right to opt-out of such sales. adviqo does not “sell” your personal information as we understand and interpret the term.

  1. Non-discrimination rights

Users residing in California have the right not to be discriminated against for exercising their rights as described in this section. We do not discriminate against users for exercising their rights under the CCPA.

Part VI – Brazil (LGPD)

For users who are residents of Brazil, the following additional provisions apply:

Legal provisions regarding data processing equivalent to the GDPR can be found in Art. 7 LGPD.

  1. Additional rights

In addition to the rights already set out, you have the right to request confirmation of the existence of the processing. Access to your data will be given, according to your choice, either in a simplified and printed form or in an electronic form, or by a clear and complete statement indicating the origin of the data, the non-existence of the data set, the criteria used and the purpose of the processing, subject to commercial and industrial confidentiality and within fifteen days from the date of your request. To request confirmation or access to your data, please submit a request to the following email address: [email protected], or use the contact details provided above and indicate the form in which you wish to receive the information requested.

You also have the right to request the anonymisation of data that is not necessary or excessive, or data that has been processed in breach of the provisions of the LGPD, unless we are required by law to retain your personal data (see Art. 16 LGPD). To do so, please submit a request to the following email address: [email protected]

In the case of fully automated processing of personal data, you have the right to request a review by a natural person if the automated decision negatively affects your interests. We will therefore provide clear and sufficient criteria and procedures used for the automated decision, subject to commercial and industrial confidentiality.

  1. Data security

We use technical and administrative measures to protect your personal data from unauthorised access and accidental or unlawful destruction, loss, alteration, communication or disclosure, and to prevent the occurrence of damage resulting from the processing of personal data. Please be aware that despite our efforts, no security measure is perfect or impenetrable. Nevertheless, if a security incident occurs, we will inform you in accordance with applicable law.

Part VII – SOCIAL MEDIA PRIVACY STATEMENT

adviqo GmbH maintains various online presences within social networks to which the following data protection declaration applies. This privacy policy summarises and describes all social media used by adviqo GmbH.

Please note that your data may be processed outside the European Union. This may result in risks for you because, for example, it could make it more difficult to enforce your rights.

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

If you assert data subject rights against us regarding processing in a social network, we will refer you directly to the social network, as we ultimately do not have the technical possibilities and technical authorisations to comply with your request.

Name and address of the responsible persons:

Jointly responsible for the operation of the respective online presence within the meaning of the EU General Data Protection Regulation (GDPR) is the respective operator of the network (see identity in the respective section of the social network) and the

adviqo GmbH

Max-Dohrn-Str. 8-10, 10589 Berlin

Phone +49 (0)30 224455-0

Fax +49 (0)30 224455-9100

Website: www.adviqo.com

Contact details of the data protection officer: [email protected]

Processing

We also process the data from your use of our online presences in the social networks that you voluntarily provide there (for example in a comment or in a message to us) as well as information from the analysis and statistics tool of the respective social network. Personal data that you provide to us as part of an enquiry or message will only be processed by us for the purpose of handling your enquiry/message. adviqo will delete messages from completed processes from the inbox after one year at the latest. Whether and for how long the social networks make backups of these messages is not known to us and can only be answered by the social networks themselves. In accordance with the terms of use of the social networks, which each user has agreed to as part of the creation of a profile on the respective social network, we can identify the subscribers to the online presence on the respective social network and view their profiles and other shared information from them. If you no longer wish the described data processing by us in the future, please “unfollow” our online presence on the respective social network or no longer interact with us or our posts.

Facebook and Instagram

We are jointly responsible with Facebook Ireland Ltd for collecting (but not further processing) data from visitors to our Facebook page (known as a “Fan Page”). This data includes information about the types of content you view or interact with, or the actions you take (see under “Things You and Others Do and Provide” in the Facebook Data Policy Statement: https://www.facebook.com/policy), as well as information about the devices you use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy Statement: https://www.facebook.com/policy). As explained in the Facebook Privacy Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Page Insights”, to Page operators to provide them with insights into how people interact with their Pages and with the content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfil the data subject rights (i.e. you can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
  • Services used and service providers:

 

  1. Instagram:

Social network

Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA

Parent Company: Meta Platforms, Inc., 1601 Willow Road Menlo Park, CA 94025 United States

Website: https://www.instagram.com

Privacy policy: https://instagram.com/about/legal/privacy.

  1. Facebook:

Social network

Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Parent Company: Meta Platforms, Inc., 1601 Willow Road Menlo Park, CA 94025 United States

Website: https://www.facebook.com

Privacy policy: https://www.facebook.com/about/privacy

Possibility of objection (opt-out):

Ad settings: https://www.facebook.com/adpreferences/ad_settings (Facebook login is required).

Updated 02.05.2022