Privacy Policy

Data security is our highest priority!

This website is operated by Pridatect UG. The protection of your personal data is very important to us. In this declaration you will find information about the handling of your personal data when you visit the Pridatect website.

Controller and data protection officer

Responsible for the processing of personal data on this website is:

Pridatect UG

Bülowstr. 17

10783 Berlin

Germany

Phone: +49 3031198331

E-mail: info@pridatect.com

If you have any questions regarding data protection, you can also contact our Data Protection Officer at any time under data-security@pridatect.com.

 

Definitions


The data protection declaration of the Pridatect UG is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:

  1. a) Personal data
    Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. b) Data subject
    Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
  3. c) Processing
    Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. d) Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
  5. e) Profiling
    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  6. f) Pseudonymisation
    Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  7. g) Controller or controller responsible for the processing
    Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  8. h) Processor
    Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  9. i) Recipient
    Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  10. j) Third party
    Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  11. k) Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Collection and use of non-personal data

If you use this website without transmitting data to us in any other way (e.g. by registration), we only collect technically necessary data which is automatically transmitted to our server by your browser (e.g. browser type/browser version, operating system used, referrer URL, pages called up, length of visit, IP address, date and time of enquiry). This is technically necessary in order to display our website to you. As far as personal data is concerned, Art. 6 (1) lit. f GDPR is the legal basis for the collection. This data will not be combined with other sources of data. We reserve the right to examine this data in retrospect, if we become aware that it has been used for unlawful purposes.

 

Collection and use of personal data

We only collect and process the personal data (e.g. name, address, email) that you provide to us upon registration, when you order products or services, or when you make enquiries, and only insofar as this is required to substantiate, to establish the content of the legal relationship, or to change the legal relationship. After the contract has been executed, your data will be deleted with regard to the statutory safe-keeping duties, provided that you have not expressly agreed to the further use of this data. We, and persons instructed by us, shall not forward your personal data to third parties without your consent or a relevant official order.

When you register to set up a new customer account, the data that you enter will be permanently stored in our database. You may request your data and your profile/account be deleted at any time.

Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

 

Storage period

We only process and store your data for as long as is necessary for processing or to comply with legal obligations. Your data will be blocked or deleted after the processing purpose has ceased to apply. If, in addition, legal obligations for storage exist, we block or delete your data at the end of the legal storage periods.

 

Rights of the data subject
a) Right of confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

  1. b) Right of access
    Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

  1. c) Right to rectification
    Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
    If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.
  2. d) Right to erasure (Right to be forgotten)
    Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Pridatect UG, he or she may, at any time, contact any employee of the controller. An employee of Pridatect UG shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of the Pridatect UG will arrange the necessary measures in individual cases.

  1. e) Right of restriction of processing
    Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Pridatect UG, he or she may at any time contact any employee of the controller. The employee of the Pridatect UG will arrange the restriction of the processing.

  1. f) Right to data portability
    Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
    In order to assert the right to data portability, the data subject may at any time contact any employee of the Pridatect UG.
  2. g) Right to object
    Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.


The Pridatect UG shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If the Pridatect UG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the Pridatect UG to the processing for direct marketing purposes, the Pridatect UG will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the Pridatect UG for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may contact any employee of the Pridatect UG. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

  1. h) Automated individual decision-making, including profiling
    Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
    If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the Pridatect UG shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
    If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the Pridatect UG.
  2. i) Right to withdraw data protection consent
    Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.
    If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the Pridatect UG.

Right to complain to a data protection authority

If you have cause to complain on account of the processing of your data by pridatect.com, you can at any time also contact the responsible data protection authority as the supervisory authority.

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

Tel.: +49 30 13889-0

Cookies and other Tracking Technologies

Some of our services require the use of “cookies”. Cookies are small quantities of data, which your Internet browser saves onto your computer. Cookies may store information about your visit to our website. For instance, as a result of this data, information may be displayed on the site that is tailored to your interests. Functionality include:

Most browsers are set by default in such a way that they accept cookies. However, you can configure your browser so that it rejects cookies or requests prior confirmation from you before it stores cookies. The help function in the menu list of most web browsers explains to you how you prevent your browser from accepting new cookies, how you can set your browser to alert you if you receive a new cookie. It also tells you how you can delete any previous cookies and how you can block all future cookies.

However, if you reject cookies you may not be able to use all of the features and functionalities of our site.

Integration of technology of third parties

On our website we integrate services and/or libraries of third parties such as Cloudflare in order to optimise loading speed. In doing so, resources of these providers are accessed from external servers (and thereby data transmitted, e.g. IP address) which may be located outside the European Union. We have no influence over the data collected and the data processing methods, nor do we know the full extent of the data collection, the purposes of the processing or the storage periods. You will find more information on the purpose and scope of the data collection and its processing by these third parties in the respective data protection policies of these providers. You can also find further information there about your rights and about how to adjust your settings to protect your privacy.

Amazon Web Services

We host our systems at Amazon Web Services (Germany), Inc., 410 Terry Avenue North, Seattle WA 98109, USA (“AWS”). For technical reasons, the infrastructure may be serviced from the US. AWS has submitted to the EU-US Privacy Shield.

The legal basis of the aforementioned data processing is Art. 6 para. 1 f) GDPR based on our legitimate interest. We want to provide you with the technical infrastructure to offer our products and services.

For more information, see the AWS privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr

AddToAny

This website uses the AddToAny social bookmarking tool to enable social sharing icons for Facebook, Twitter, WhatsApp and email.

For more information, please visit AddToAny’s privacy policy by clicking https://www.addtoany.com/privacy.

 

Autopilot

We also use the services of Autopilot, an email automation platform, to better reach Pridatect product subscribers who have opted in to receive such communications. Emails are sent out to convey information such as notifications related to activity on the platform, general updates, product additions, product news, partnerships, event announcements, and survey requests. Autopilot does not sell or otherwise use the information it collects on behalf of Pridatect, except as discussed in this policy. More information about data protection and your options in connection with the services of AutoPilot can be found here: https://www.autopilothq.com/legal/privacy-policy

Calendly

We use Calendly to schedule our meetings.

Calendly works with your calendar to automatically check availability and helps us connect with our best contacts, prospects and clients. Calendly Contatct:support@calendly.com or 1315 Peachtree St NE Atlanta, GA 30309, USA.

The data protection provisions published by Calendly, which is available under:

https://calendly.com/pages/privacy

Cloudflare

The Internet presence of this company is provided by the technology partner CloudFlare Inc., based in the USA. All data passed to or from this website pass through the worldwide network of CloudFlare, Inc. The data is buffered, accesses are logged. Hereby, the nearest data center is regularly used. CloudFlare also operates data centers outside the European Union! According to CloudFlare, the cached data are basically deleted within 4 hours, but at the latest after three days. For more information, see CloudFlare’s Privacy Statement at:
https://www.cloudflare.com/security-policy/

Factorial

We use Factorial.Factorial is a SaaS dedicated to solving the typical Human Resources problems of small and medium-sized companies.

Responsible: Identity: EVERYDAY SOFTWARE, S.L., with address at Alaba Street, 61 5th-2nd, 08005 Barcelona – CIF: B-66854530 Telephone: 932 205 976 Email: info@factorial.co.

The data protection provisions published by Factorial, which is available under:

https://factorialhr.de/en/privacy

Facebook

On our pages plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The processing is based on Art. 6 para. 1 f) GDPR. The Facebook plugins can be recognized by the Facebook logo or the “Like-Button” (“Like”) on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like-Button” while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can assign the visit to our pages to your user account. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. For more information, see the Facebook Privacy Policy at https://de-de.facebook.com/policy.php.

If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Font Awesome (Fonticons, Inc. )

Font Awesome is a typeface visualization service provided by Fonticons, Inc. that allows this Website to incorporate content of this kind on its pages.
Usage Data is the personal data collected.

For more information, see Font Awesome’s Privacy Statement at: https://fontawesome.com/privacy

 

Google Analytics

Google Analytics is a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. Google will generally transfer and save the information created by the cookie about your use of this website to a server in the US. In the event that IP anonymisation is activated on this website, Google will, however, shorten your IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google service in the US and abbreviated there in exceptional cases. On behalf of Pridatect UG, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services to website operators related to website activity and internet usage. The IP address transmitted by your browser as part of the Google Analytics process will not be combined with other data from Google. You can prevent cookies from being stored by setting your browser software accordingly; however, please note that you will not be able to use all of the functions of the website if you do so.

We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this, you can deactivate it via the Ad Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=en).

Further information on terms of use and data protection can be found at http://www.google.com/analytics/terms/en.html or under https://www.google.com/en/policies/.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

 

gstatic

Our website uses a web service provided by the company Google LLC, 1600 Amphitheatre Park, 94043 Mountain View, USA (hereinafter referred to as: gstatic). We use this data to guarantee the full functionality of our website. Your browser may, where necessary, send personal data to gstatic in connection with this. Art. 6 (1) lit. f GDPR constitutes the legal basis for this data processing. Our justified interest consists in the smooth functioning of our website.  gstatic is itself certified within the EU-US Privacy Shield Framework (cf.  https://www.privacyshield.gov/list). This data is deleted as soon as the purpose for which it was collected has been fulfilled. You can find further information as to how transmitted data is handled in the gstatic privacy statement: https://www.google.com/intl/de/policies/privacy/. You can prevent the collection and processing of your data by gstatic by disabling the execution of script code in your browser or installing a script blocker in your browser you can find one of these at www.noscript.net or www.ghostery.com for example).

 

Intercom

We use Intercom so you can talk to us while browsing our website or using our products. Much like an analytics service, Intercom records the pages you view within our site and some basic information about your computer. This information helps our sales and support staff provide you with the best help possible.

While browsing our websites, your information is anonymized – Intercom only knows your email address and name if you choose to share it as part of a live chat. However, when you log into one of our tools, we share basic information with Intercom such as your name and email address so that we can better provide you with support should you contact us. Find the privacy policy of intercom here:

We also use Intercom to send you relevant messages (by email or pop-up) based on your current activity, e.g. a welcome message with links to our help documentation when you log into one of our products for the first time.

Intercom data is deleted 9 months after your last visit. Find the privacy policy of intercom here: https://www.intercom.com/terms-and-policies#privacy

 

LinkedIn

Our website uses features of the LinkedIn network. The processing is based on Art. 6 para. 1 f) GDPR. Providers is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. Each time you visit one of our pages that contains LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn’s “Recommend Button” and are logged in to your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn.

For more information, see the LinkedIn privacy statement at: https://www.linkedin.com/legal/privacy-policy

 

Salesforce

For the sake of transparency, we point out that we use the Customer Relationship Management (CRM) tool – Salesforce, to manage the collected data. Salesforce itself does not collect personal information but allows us to efficiently manage the information we collect, as well as to comply with your rights under Section 7 of this Privacy Policy. Salesforce is a product of Salesforce.com Inc., One Market Street Suite 300, San Francisco, California 94105, USA.

We trust the reliability and IT and data security of Salesforce.com. Salesforce.com is certified under the US-EU Privacy Shield, and is committed to complying with EU privacy standards. In addition, we have completed a Data Processing Agreement with Salesforce.com. This is a contract in which Salesforce.com is committed to protecting our users’ privacy, processing it on our behalf in accordance with its privacy policy and, in particular, not disclosing it to third parties. You can view Salesforce.com’s privacy policy at http://www.salesforce.com/company/privacy/.

SLACK

We use slack. Your consent is the legal basis for the processing of the data entered by you and your message to us. In addition to the data that you actively transmit to us, we also process personal data that is transmitted to us in the course of the transmission of messages in connection with the chat (e.g. IP address, date and time). We use your data to carry out the chat and to improve our services. Slack Technologies is certified under the Privacy Shield agreement and is committed to complying with EU data protection regulations. You can view Slack’s privacy policy and DSGVO commitment at https://slack.com/intl/de/privacy-policy and https://slack.com/intl/de/gdpr respectively.

With the chat button on our web pages you start the real-time chat and thereby also consent to the processing of your personal data by Nicer LCC and Slack Technologies as well as the transmission of all entries to the USA.

Stripe

As a payment processing service provider, we work with Stripe Payments Europe, Ltd (“Stripe”). The collection and processing by these providers of your credit or debit card details and other personal data are governed by their respective terms and conditions. See https://stripe.com/gb/privacy  for more information. Stripe may from time to time provide us with information regarding the credits and debits made to your card in order to enable us to reconcile our accounts.

Xing

Our website uses functions of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The processing is based on Art. 6 para. 1 f) GDPR. Each time you visit one of our sites that contains XING features, it will connect to XING servers. A storage of personal data is not done to our knowledge. In particular, no IP addresses are stored or the usage behavior is evaluated.

Further information on data protection and the XING Share button can be found in XING’s privacy policy at: https://www.xing.com/app/share?op=data protection   

Cookies notice

We use our own and third-party cookies to improve our services and show you advertising related to your preferences by analyzing your browsing habits. If you proceed with browsing, we consider you are accepting their use. You can change your settings or get more information here.