Privacy Policy valid until October 20th 2024
www.usercentrics.com
Last update: July 19th, 2024
Your privacy is important to us. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.
I. Name of the person responsible
The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the
Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany
E-mail: datenschutz@usercentrics.com | Website: www.usercentrics.com
II. Data Protection Officer
You can contact our data protection officer under:
SECUWING GmbH & Co. KG
Maximilian Hartung
Frauentorstr. 9
86152 Augsburg
Germany
E-mail: epost@datenschutz-agentur.de | Phone: +49 821 90786450 | Fax: +49 821 90786459
III. General information about the collection and processing of your data
1. Scope of processing
In principle, we process personal data only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para.1 s. 1 lit. a GDPR serves as a legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 s. 1 lit. b GDPR is a legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 s. 1 lit. c GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 s. 1 lit. f GDPR serves as the legal basis for processing.
3. Storage and deletion of your data
In principle, we only store personal data for as long as is necessary to fulfill contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidentiary purposes, we must retain contractual data for six years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest according to the statutory limitation period.
Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.
We delete or block the personal data of the data subject as soon as the purpose of the storage is fulfilled. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
4. Please note
Your consent data will be processed for the use of this website and the use of the implemented Consent Management Platform. We use the Google Cloud Platform, provided by Google Cloud EMEA Ltd. The servers are located in Germany and Belgium. We would like to inform you that we cannot exclude the fact that data may be transferred to the US and may be subject to access by the US security authorities in accordance with 50 U.S.C. §1881(b)(4), 50 U.S.C. §1881a (= FISA 702). In the event that personal data is transferred to the USA or other third countries, we have taken necessary measures with Google in accordance with Art. 44 et seq. GDPR. More information can be found in the Data Protection references of Google. Additionally we have taken further safety measures to ensure the security of the data.
IV. Provision of the website and creation of log files
1. Scope of processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. This is e.g. information like
- Information about the type and version of your internet browser,
- The operating system of your computer or smartphone,
- Your internet service provider,
- Your IP address,
- Date and time of your access,
- Geographic location,
- Websites from which you came to us,
- Websites that you visit from our site.
- When applicable – Referrer URL from Partner Website.
We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, we have a legitimate interest in the processing of data according to Art. 6 para. 1 s. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website.
V. Contact requests for product information, a demo or other concerns
1. Description and scope of data processing
On our website you can contact us via various options: e.g. contact form, book a demo, request a quote, request product information, request guides. If you make use of these options, the data entered in the input mask will be transmitted to us and saved. In addition to the specific input macro data, the IP address and the date and time of the request are collected and stored.
Alternatively, a contact via e-mail address is possible. In this case, your personal data transmitted by e-mail will be stored.
In this context, there will be no disclosure of the data to third parties, unless this is necessary for the processing of the query (for example, demo booking tool). In any case, the data will be used exclusively for processing the conversation, unless agreed upon otherwise.
2. Legal basis for processing
Legal basis for the processing of the data is in general consent of the user, art. 6 para. 1 s. 1 lit. a GDPR.
3. Purpose of the data processing
The processing of personal data from the input mask is solely for the processing of your request. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
If you have booked a demo, requested product information or an offer, we reserve the right to store the data for two years to measure the profitability of our sales and marketing. Otherwise, we will delete the data as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data entered in the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
5. Revoking consent and removal possibility
You have the possibility at any time to revoke your consent to the processing of the personal data. If you contact us by e-mail, you may object to the storage of his personal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
VI. NEWSLETTER, PRODUCT RECOMMENDATIONS, WEBINARS,CUSTOMER SURVEYS AND PARTNER PORTAL
1. Newsletter
When signing up for the Newsletter, data entered into the input mask will also be stored, in order to provide the Newsletter. The legal basis for this processing is art. 6 para. 1 s. 1 lit. a GDPR. Your e-mail address, time of subscription and the IP address used for subscribing will be retained as long as you subscribe to our Newsletter. This service is provided by means of a double opt-in. Thus, you will receive an e-mail containing a link by which you can confirm that you are the owner of the e-mail address and wish to be notified via our e-mail service. You can unsubscribe from this service at any time by contacting us at unsubcribe@usercentrics.com or by opting out via the link provided in each Newsletter any time.
2. Product Recommendations
You will be informed by Usercentrics about relevant changes concerning the Services, such as the implementation of additional functions, by e-mail, if you purchase the Usercentrics product. The legal basis for this is Art. 6 Para. 1 lit. f GDPR in conjunction with § 7 Para. 3 UWG, justified by our interest in sending you individual offers.
3. Webinars
Usercentrics offers from time to time webinars, to which you can sign up from our website. In these cases the data put in the sign-up form during the sign-up process will be used by Usercentrics for the purposes of the webinar and communication regarding the webinar and other relevant topics. If the webinar is organized together with a partner, then the data might be shared with them. The data is processed on the legal basis of consent, Art. 6 para. 1 s. 1 lit. a GDPR. You have the right to withdraw your consent to process your data at any time by contacting unsubscribe@usercentrics.com.
4. Customer Surveys
If you place an order with us, we will also use your e-mail address to send you customer and satisfaction surveys. We will use the results of the surveys to improve our products and services. The legal basis for this is Art. 6 para. 1 lit. a GDPR, if you have given your consent. In some cases Art. 6 para. 1 lit. f GDPR might apply, justified by our legitimate interest in constantly improving our service.
5. Preference Management Platform
We use the Usercentrics Preference Management Platform, in order to provide you as a recipient of our newsletter and other kinds of communication the option to choose which kinds of communication you want to receive. You can change your settings and preferences at any time. By using this service your e-mail address and the preference decision will be stored. This data is used in order for us to be able to send communication based on your preferences. The above mentioned data is only processed with your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can withdraw your consent at any time. The data is not shared with any third parties.
6. Partner Portal
We use the Usercentrics Partner Portal as a Partner Management tool. When using the Partner Portal, the personal data of our Partners might be processed. This can include the following information: name, e-mail address, company name and information, information about signed deals (deal data, partner tier, etc.), information on the partner’s clients (including e-mail address and name), behavior in the Partner Portal, and possibly transactional information. This data is processed in order to fulfill our contractual relationship. The data is kept for as long as necessary to fulfill the purpose. Data collected is not shared with third parties.
7. Support tickets
When you create a support ticket with Usercentrics, we will be process the data that you have entered into the ticket, for the purposes of evaluating and responding to your request. In this case, we use the service Zendesk provided by Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA (hereinafter Zendesk) as a support system, which allows users to communicate with Usercentrics. In order to do so the data entered into the ticket will be processed (name, e-mail address, etc.) as well as the IP aAddress will be processed. The legal basis for the processing is consent (Art. 6 para. 1 s. 1 lit. a GDPR). When creating a ticket through Zendesk, you also accept the use of following features on Zendesk: Zendesk Advanced AI, Intelligent triage, Intelligence in the context panel, Generative AI for agents, Macro suggestions for admins, Autoreply and internal note trigger actions, and Generative AI for Help Center. You can find further information on Zendesk’s usage of AI here. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.
For more information on how data is processed by Zendesk, you can visit Zendesk’s privacy policy or contact Zendesk at privacy@zendesk.com.
VII. YOU BECOME A CUSTOMER OR PARTNER OF USERCENTRICS
1. Description and scope of data processing
You can become a customer or partner of Usercentrics. The following data is collected during the registration process:
- your e-mail address
- first name and last name
- if necessary company affiliation,
- payment information (possibly the company)
- other data that we request from you, and
- possibly data that we receive in the course of the business relationship.
2. Legal basis for processing
Legal basis for the processing of the data is in the presence of the consent of the user art. 6 para 1 s. 1 lit. a GDPR and art. 6 para. 1 s. 1 lit. b GDPR, since the registration of the fulfillment of a contract or the implementation of pre-contractual measures.
3. Purpose of the data processing
Registration is required to fulfill the customer or partner contract or to carry out pre-contractual measures.
4. Opposition and removal possibility
As a customer you always have the option to cancel your account. You can change the data stored about you at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible, unless contractual or legal obligations preclude deletion.
VIII. COOKIES AND TRACKING TECHNOLOGIES
1. What are Cookies?
Web Browser Cookies: A web browser cookie is a small text file sent from a website to your computer or mobile device where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type, and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyze how you use online services.
Tracking Technologies: Web Beacons, Pixels, Tags, Scripts.
E-mails and mobile applications can contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyze and improve their services.
2. Use, legal basis and purpose
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break. Cookies as well as the storage of data in the local storage only allow functionalities which should contribute to a positive user experience on our website. We do not use cookies with personal data without given consent.
In addition, we use cookies on our website that allow an analysis of users’ browsing behavior.
When accessing our website, the user is informed about the use of cookies for analytics purposes and his consent to the processing of the personal data used in this context is obtained.
The legal basis for the processing of personal data using technically necessary cookies is Article 6 para. 1 s. 1 lit. f GDPR. The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We require cookies for the following applications: acceptance of language settings. The user data collected through technically necessary cookies will not be used to create user profiles.
The legal basis for the processing of personal data using cookies for analytics purposes is the consent of the user Art. 6 para. 1 lit. a GDPR. The use of the analytics cookies is for the purpose of improving the quality of our website and its contents. Through the analytics cookies, we learn how the website is used and so we can constantly optimize our offer.
3. Duration of storage, objection and disposal options
Cookies are stored on the computer of the user and transmitted to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.
4. Recipients of data
We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.
In principle, we process your data ourselves. In some cases, however, we also use service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.
In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Usercentrics, Usercentrics strives to limit the disclosure. Usercentrics will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Usercentrics will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
If Usercentrics commissions third parties with the collection, processing and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.
IX. IMPLEMENTED TECHNOLOGIES
1. Third Party Technologies used on Website
- Zapier
We are using the service Zapier as workflow automation software. The service is provided by Zapier Inc., 548 Market St., # 62411, San Francisco, California 94104, United States of America. This service is used to transfer information entered into forms on our website to our systems. Additionally, information like IP Address might be processed through the service. Legal basis for the usage of this service is legitimate interest, Art. 6 para. 1 s. 1 lit. f GDPR, as the service is required to transfer the input to our internal systems. The data will be deleted as soon as it is no longer necessary to achieve the purpose for its collection. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider.
For more information on how data is processed by Zapier, you can visit Zapier’s privacy policy or contact Zapier at privacy@zapier.com.
- LinkedIn Leads
We are using the service provided by LinkedIn Leads for lead generation. When signing up for Usercentrics events or content on LinkedIn, we will process your data. The email address will be used for sending the resources, and for direct advertising and contact initiation in the context of the products and services we offer. The data is also shared with Google Ads for the purpose of retargeting. The collection of the data does not take place on the Usercentrics website, but on the sign-up forms on LinkedIn. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time.
- Personio
We are using the service Personio as applicant management software. The service is provided by Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. The data will be stored for a period of 60 days after the application process has been concluded. For further information on how data is processed by Personio, you can visit Personio’s privacy policy or contact Personio at privacy@personio.com.
- Zoom
We are using the service provided by Zoom as a video conferencing service. The service is provided by Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, United States of America. The service is used as a video conferencing service in order to host webinars and other types of video conferences. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider and the provider is included in the Data Privacy Framework List.
For more information on how data is processed by Zoom, you can visit Zoom’s privacy policy or contact Zoom at privacy@zoom.us.
- Stripe
We are using the service provided by Stripe as an online payment system. The service is provided by Stripe, Inc., 3180 18th Street, San Francisco, CA 94110, United States of America. The service is used in order to enable the payment process on the website. Legal basis is performance of a contract, Art. 6 para. 1 s. 1 lit. b GDPR, as this service is required in order to be able to finalize the purchase process. When using this service data, like the payment information (including payment card information), purchase information, as well as IP Address, might be processed. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider and the provider is included in the Data Privacy Framework List.
For more information on how data is processed by Stripe, you can visit Stripe’s privacy policy or contact Stripe at privacy@stripe.com.
- Chili Piper
We are using the service provided by Chili Piper as a booking and meeting platform, in order to provide our users the ability to schedule meetings with our teams, as well as for video conferencing. The service is provided by Chili Piper, Inc., 228 Park Ave. S., #78136, New York, New York 10003-1502, United States of America. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. When using this service data, such as meeting date, time and title, guest list, first name, last name, and e-mail address might be processed. This service might transfer data outside of the EU/EEA. For that case we have agreed on standard contractual clauses with the service provider.
For more information on how data is processed by Chili Piper, you can visit Chili Piper’s privacy policy or contact Chili Piper at support@chilipiper.com.
- Pardot
We are using the service provided by Pardot as customer relationship management software, in order to manage marketing automation and lead generation. The service is provided by Salesforce, Erika-Mann-Straße 31-37, 80636 Munich, Germany. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. When using this service, data such as first and last name, contact information, e-mail address, company information, as well as IP Address might be processed.
For more information on how data is processed by Pardot, you can visit Pardot’s privacy policy or contact Pardot at privacy@salesforce.com.
- Google Customer Match
We use Google Customer Match for marketing and retargeting purposes. This service is provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland. When using this service, data, such as first and last name, as well as e-mail address, will be processed. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider and the provider is included in the Data Privacy Framework List. For more information on how data is processed by Google, you can visit Google’s privacy policy.
- Meta Custom Audiences
We use Meta Custom Audiences for marketing and retargeting purposes. This service is provided by Meta Platform Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. When using this service, data, such as first and last name, as well as e-mail address, might be processed. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider and the provider is included in the Data Privacy Framework List. For more information on how data is processed by Meta, you can visit Meta’s privacy policy.
- LinkedIn Matched Audiences
We use LinkedIn Matched Audiences for marketing and retargeting purposes. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When using this service, data, such as first and last name, as well as e-mail address, might be processed. The legal basis is consent, Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. This service might transfer data outside of the EU/EEA. For that case we have signed standard contractual clauses with the service provider and the provider is included in the Data Privacy Framework List. For more information on how data is processed by LinkedIn, you can visit LinkedIn’s privacy policy.
2. Recipients of data
Usercentrics does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or processors that assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need to know basis and will be contractually obliged to keep your information confidential.
We will also share data among the Usercentrics entities (Usercentrics A/S, Usercentrics GmbH, Cybot A/S (including CYBOT A/S, odštěpný závod office in Prague), Usercentrics Unipessoal, Usercentrics Inc.), here also including sharing data among Cookiebot™ and Usercentrics products when needed. All the entities may have access to personally identifiable information on a need to know basis and will be contractually obliged to keep your information confidential (joint controller agreement).
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of others, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.
In principle, we process your data ourselves. In some cases, however, we also use service providers. In addition to the processors mentioned in this privacy policy, these may include, in particular, data centers that store our websites and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to processors, they may only use the data to fulfill their tasks. The processors have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.
In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Usercentrics, Usercentrics strives to limit the disclosure. Usercentrics will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Usercentrics will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
If Usercentrics commissions third parties with the collection, processing, and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.
Matomo Opt-Out
X. California Consumer Privacy Act Compliance
In addition to the above mentioned, the following provisions apply specifically for residents of California, USA.
The California privacy laws provide residents with specific rights regarding their personal information. This section describes the consumers’ rights and explains how to exercise those rights, subject to exceptions under the law.
1. Your rights under California Privacy Law
- Right to Know About Personal Information Collected, Sold or Shared (“Right to Know”)
You have the right to request to know what personal information we have collected about you, including:
- The categories of personal information collected
- The categories of sources from which the personal information is collected
- The business or commercial purpose for collecting or selling personal information
- The categories of third parties to whom the personal information is shared
- The specific pieces of personal information collected about you that are permitted by law
- Right To Request Deletion of Personal Information (“Right to Delete”)
You have the right to request that we delete any of your personal information that we collect, subject to certain exceptions. Once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
- Right to Correct Inaccurate Personal Information (“Right to Correct”)
You have the right to request correction of inaccurate personal information that we maintain about you or update the information we have on file.
- Right to Opt Out of Sale or Sharing of Your Personal Information
You have the right to opt out of the sale or sharing of personal information. Usercentrics does not sell personal information, including personal information of minors under the age of 16. You can make use of your right to opt out of the sale or sharing of personal information by clicking the “Do Not Sell Or Share My Personal Information” link at the bottom of the page.
- Right to Non-Discrimination For The Exercise Of Your Privacy Rights
You have the right to be protected from discrimination for exercising your rights. We will not discriminate against you for exercising your rights.
- Right to Limit the Use of Sensitive Personal Information
Usercentrics does not use sensitive personal information in any manner that requires offering a right to limit its use.
2. How To Submit a Request to Exercise Your Right to Know, Delete, or Correct
You may submit your request by sending an email to privacy@usercentrics.com. We will compare the information you submit to us with the information we have in our records to ensure your request meets the definition of “verifiable consumer request” under the California Privacy Laws. We will then respond to your request in accordance with the requirements.
- Response Timing and Format
Usercentrics endeavors to respond to a request within forty-five (45) days of its receipt. If Usercentrics requires more time (up to 90 days), you will be informed of the reason and extension period in writing. Any disclosures provided will only cover the twelve (12) month period preceding the receipt of the verifiable request. If applicable, the response will also explain the reasons for which Usercentrics cannot comply with a request. For data portability requests, Usercentrics will select a format to provide the Personal Information that is readily usable and should allow transmission of the information from one entity to another entity without hindrance. Usercentrics does not charge a fee to process or respond to the verifiable request unless it is excessive, repetitive, or manifestly unfounded. If Usercentrics determines that the request warrants a fee, we will inform why Usercentrics made that decision and provide a cost estimate before completing the request.
3. Children Under the Age of 16
Usercentrics does not knowingly collect or disclose the personal information of children under the age of 16. As stated above, Usercentrics also does not sell or share personal information, including personal information, of children under the age of 16.
XI. MINORS
Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided Usercentrics personal information, please contact us at datenschutz@usercentrics.com and insist on exercising your rights of access, correction, cancellation and / or opposition. If you are resident in California and are under 16 years of age and wish to erase publicly available content, please contact us at datenschutz@usercentrics.com.
XII. ONLINE PRESENCE IN SOCIAL NETWORKS
We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services.
The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users’ computers. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.
As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the data of the social networks that we can access as operators of the online presences.
The legal basis for data processing is Art. 6 para. 1 s. 1 lit. a and b, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For the legal basis of the data processing carried out by the social networks on their own responsibility, please refer to the data protection information of the respective social network. The links below also provide you with further information on the respective data processing and the options to object.
We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:
- Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
- Operation of the Facebook fan page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller).
- Information on the processed Page Insights data and the contact option in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy policy: https://www.facebook.com/about/privacy/
- Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
- Operation of the Facebook fan page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller).
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
- Privacy policy: https://help.instagram.com/519522125107875
- Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
- Privacy policy: https://policies.google.com/privacy?hl=en
- Opt-out: https://www.google.com/settings/ads.
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland).
- Privacy policy: https://twitter.com/en/privacy
- Opt-Out: https://twitter.com/personalization.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland).
- Operation of the LinkedIn company page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Joint Controller Addendum).
- Information on the Page Insights data processed and the contact option in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Google my business
- We operate a so-called Google My Business entry. Should you find us in this way, we make use of the information service offered by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
- We would like to point out that you use the Google site and its functions on your own responsibility. This applies in particular to the use of the social and interactive functions (e.g. commenting, sharing, rating, direct messaging). When you visit and interact with our Google My Business listing, Google also collects your IP address and other information that is present on your terminal device in the form of so-called cookies. This information is used to provide us, as the operator of the Google My Business listing, with statistical information about the use of Google services. The data collected about you in this context will be processed by Google and may be transferred to countries outside the European Union. Google generally describes what information it receives and how it is used in its privacy policy. Google provides more detailed information in its privacy policy:
- Google privacy policy
- We do not know how Google uses the data from the visit for its own purposes, to what extent activities of individual users are assigned, how long Google stores this data and whether data is passed on to third parties. When accessing Google services, the IP address assigned to your terminal device is transmitted to Google. Google also stores information about its users’ end devices; this may enable Google to assign IP addresses to individual users or user accounts.
- If you contact us via our Google My Business entry or other Google services by direct message, we cannot rule out the possibility that these messages may also be read and evaluated by Google (both by employees and automatically). We therefore advise against providing us with personal data there. Instead, another form of communication should be chosen as early as possible. We delete conversations no later than 14 days after the last chat activity, or immediately after switching to another communication channel. The use of this service is subject to the Google Privacy Policy, which you – with use – have already agreed to.
- We, as the provider of our Google My Business entry, do not collect or process any further data from your use of this Google service. Beyond that, we do not use any Google functions on our website.
XIII. DATA TRANSFER TO THIRD COUNTRIES
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers according to Art. 44 et seq. GDPR. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.
If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
XIV. THIRD PARTY LINKS
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
XV. YOUR RIGHTS
If we process your personal data you have – after successful identification – the following rights towards us:
- Right to information (Article 15 GDPR, § 34 BDSG)
- Right to deletion (Article 17 GDPR, § 35 BDSG)
- Right to rectification (Article 16 GDPR, Section 34 BDSG)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to withdraw consent (Article 7(3) GDPR)
- Right to object to certain data processing activities (Article 21 GDPR).
In order to exercise your rights described here, you can contact us at any time using the contact details listed under “Name of the person responsible“.
You also have the right to complain to the data protection supervisory authority responsible for us. You can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.
XVI. SECURITY AND INTEGRITY OF THE DATA
Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. Usercentrics has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.
XVII. UPDATES
We reserve the right to update this privacy policy from time to time. In the event that we make material changes that restrict Usercentrics’ rights or obligations under this Privacy Policy, we will publish a clear notice in this section of this Privacy Policy that informs users when they are updated.
Click here to see the previous Privacy Policy valid until July 9th 2024.