1. Technologies used on website
- Amplitude
We use the analytics service provided by Amplitude, Inc., 501 2nd Street, Suite 100, San Francisco, CA 94107, United States of America (hereinafter Amplitude) for analytics purposes. By using the service the IP Address, Geographic location, Browsing activity, Device information and Device identifiers will be processed. The legal basis for the processing is consent (Art. 6 para. 1 s. 1 lit. a GDPR). Users can withdraw their consent at any time. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This service might transfer data outside of the EU/EEA and into the United States of America. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Amplitude, you can visit Amplitude’s privacy policy or contact Amplitude at privacy@amplitude.com.
- Auth0
We use the authentification service provided by Auth0 Inc, 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA (hereinafter Auth0) to provide login and authentication options. In order to do so the log-in information (e-mail address and password) of the user will be processed. The legal basis for the processing is legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), as the usage of the service is necessary for a secure log-in. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Auth0, you can visit Auth0’s privacy policy or contact Auth0 at privacy@auth0.com.
- Beamer
We use the service Beamer provided by Joincube Inc, 3800 South Dupont, Dover, DE 19901, USA (hereinafter Beamer) in order to receive user feedback. In order to do so the following data of the user will be processed: First name, Last name, E-Mail address, Anonymised IP Address and User identifiers, Device information, Geographic location, Referrer URL. The legal basis for the processing is consent (Art. 6 para. 1 s. 1 lit. a GDPR). The user can withdraw their consent at any time. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Beamer, you can visit Beamer’s privacy policy or contact Beamer at info@getbeamer.com.
- Chargebee
We use the service provided by Chargebee Inc, 340 S. Lemon Avenue, Suite #1537, Walnut, California 91789, USA (hereinafter Chargebee) in order to process payments and enable invoicing. In order to do so the user data, bank, transaction and invoice information, purchase details and the IP address will be processed. The legal basis for the processing is the performance of a contract (Art. 6 para. 1 s. 1 lit. b GDPR), as this processing is necessary to fulfill the contract. The data will be deleted after the termination of the contract, within 120 days (please be aware that Usercentrics might keep the information for taxing and documentation purposes for a longer period of time, as it is required by law) . This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Chargebee, you can visit Chargebee’s privacy policy or contact Beamer at privacy@chargebee.com.
- Fontawesome
We use the service Fontawesome provided by Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA (hereinafter Fontawesome) in order to provide fonts on the website. In order to do so the IP address, device operating system and browser information will be processed. The legal basis for the processing is legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), as the service is used in order to provide a correctly shown website. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Fontawesome, you can visit Fontawesome’s privacy policy or contact Fontawesome at privacy@fontawesome.com.
- Mailgun
We use the service Mailgun provided by Atlassian PTY Ltd., 548 Market St., CA 94104 San Francisco, USA (hereinafter Mailgun) in order to send out e-mail communication. In order to do so the name, email address, and interaction with the emails will be processed. The legal basis for the processing is legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), as the service is used in order to provide a correctly shown website. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Mailgun, you can visit Mailgun’s privacy policy or contact Mailgun at privacy@mailgun.com.
- Statuspage
We use the service Statuspage provided by Dogwood Labs, Inc. (dba Statuspage.io), 1098 Harrison St, San Francisco, CA 94103, USA (hereinafter Statuspage) as an incident management tool. In order to do so the account information will be processed. The legal basis for the processing is legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), in order to be able to monitor and provide notifications of relevant incidents. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Statuspage, you can visit Statuspage’s privacy policy or contact Statuspage at privacy@atlassian.com.
- Usercentrics Consent Management Platform
We use the service Usercentrics provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (hereinafter Usercentrics) as a consent management provider. In order to do so the consent information (opt-in and opt-out information, consent ID, time of consent, template version and banner language), Referrer URL, User agent, and IP Address will be processed. The legal basis for the processing is compliance with a legal obligation (Art. 6 para. 1 s. 1 lit. c GDPR). The data will be deleted after one year.
For more information on how data is processed by Usercentrics, you can visit Usercentrics privacy policy or contact Usercentrics at privacy@usercentrics.com.
- Userlane
We use the service Userlane provided by Userlane GmbH, St.-Martin-Str. 102, 81669 Munich, Germany (hereinafter Userlane) as a digital adoption platform, providing training to new users. In order to do so the usage data and IP Address will be processed. The legal basis for the processing is legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), in order to be able to provide new users with an easy training on the usage of the platform. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.
For more information on how data is processed by Userlane, you can visit Userlane’s privacy policy or contact Userlane at dpo@userlane.com.
2. Data Transfer to third countries
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.
If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
3. Recipients of Data
Usercentrics does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or processors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We will also share data among the Usercentrics entities (Usercentrics A/S, Usercentrics GmbH, Cybot A/S (including CYBOT A/S, odštěpný závod office in Prague), Usercentrics Unipessoal, Usercentrics Inc.), here also including sharing data among Cookiebot™ and Usercentrics products when needed. All the entities may have access to personally identifiable information on a need to know basis and will be contractually obliged to keep your information confidential (joint controller agreement).
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of others, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.
In principle, we process your data ourselves. In some cases, however, we also use service providers. In addition to the processors mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to processors, they may only use the data to fulfill their tasks. The processors have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.
In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Usercentrics, Usercentrics strives to limit the disclosure. Usercentrics will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Usercentrics will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
If Usercentrics commissions third parties with the collection, processing and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.