The controller’s in-house data protection officer is:
Ms. Virginia Ostfeld
Telephone: 020 3608 6334
The protection of your data is very important to us! That is why we comply with the statutory provisions on data protection and do everything else in our power to protect your data.
This data privacy statement is intended to give you, as a customer or interested party, a detailed overview as to how and to what extent your data is collected, stored, processed, passed on or transmitted by us when you visit our pages or make use of our services. Furthermore, we want to give you an overview of the data protection measures we have in place and the options available to you when you visit our site and use our services.
1. What data are we talking about?
2. Why do we process personal data?
Firstly, because we have to: for a contract to be concluded with us, it is absolutely necessary that we have your master data. Secondly, we want to give you as our customer the best possible user experience and are therefore always eager to optimise our services. We only process personal data in compliance with the statutory provisions. That means that the data is only processed if we have legal permission to do so – especially if the processing of the data is necessary for the performance of our contractual services or for the use of the online services, or is required by law. Furthermore, we process data if we have obtained your consent or if we have a legitimate interest in its processing (e.g. interest in analysis, optimisation, economic operation, security of our online offering, in particular as regards range measurement, the creation of profiles for advertising and marketing purposes and the collection of access data and use of third-party services). In the second section, “Further details: cookies and other technologies”, we give you a comprehensive picture of the use and application of these.
3. When and to what extent do we process personal data?
In the following you will find a summary of all the processes during which your personal data is processed. You will find a more detailed description here.
3.1 For the performance of contractual services/ for registration
We process inventory data and contract data in order to fulfil our contractual obligations and perform our services pursuant to Art. 6 (1) lit. b GDPR.
3.2 Establishing contact
If contact is made by email, the information will be processed to the extent necessary to answer your questions. Contact established via our live chat takes place via the services of Intercom. You can find more details on this under the heading “Further details: cookies and other technologies”.
3.3 Visiting our website
4. Legal basis for the processing of personal data
Where we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the General Data Protection Regulation (GDPR) is the legal basis. For the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR is the legal basis. This also applies to processing steps which are necessary for the implementation of pre-contractual measures. Where the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR is the legal basis. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) lit. d GDPR is the legal basis. Where the processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party, except where such interest is overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) lit. f GDPR is the legal basis.
5. Erasure of data and duration of storage
The data we store is deleted as soon as it is no longer required for its intended purpose and if there are no legal obligations for it to be retained. Where user data is not deleted because it is required for other lawful purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. That applies for example to user data which must be stored for reasons of commercial or tax law. In accordance with legal requirements, the documents are stored for 6 years pursuant to Section 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).
6. May minors use our services?
In one word: no. Our website and services may not be used by persons who have not yet reached the age of majority. We do not knowingly record any data concerning minors or other persons who are not allowed by law to use our services. If we discover that we have obtained personal data concerning minors, we will delete it immediately, unless we are required by law to retain it. Please contact us if you suspect that we have accidentally or mistakenly recorded information about a minor.
7. How do we protect your personal data?
We carry out physical, technical and administrative security measures in order to adequately protect your personal data against loss, misuse, unauthorised access, disclosure or alteration. These security measures include firewalls, data encryption, access control for data access, and careful selection of our server locations. We are committed to securing our systems and services.
However, you yourself are responsible for the security and privacy of your passwords, account profile and registration data. Furthermore, it is your responsibility to ensure that the personal data we have about you is accurate and up to date. We are not liable for the protection of personal data which we disclose to third parties on the basis of an account link authorised by you.
8. Where is your data stored?
Some of the servers used for the hosting service are located in the Interxion data centres in Frankfurt. The server location is, inter alia, ISO 27001 certified. You can find more details about the data centre here. The locations in the computer centre were rented from Digital Ocean LLC, New York. Digital Ocean operates a cloud platform for virtual servers there and we use this as our hosting platform. An order data processing contract was concluded with DigitalOcean. DigitalOcean is also subject to the EU-US Privacy Shield Agreement.
8.2 Falkenstein / Nuremberg
Another part of the servers used for the hosting service as well as the server for our own infrastructure/data processing (dashboard, monitoring, configuration management etc.) are located in the computer centres of Hetzner, Hetzner Online GmbH, in Falkenstein and Nuremberg. Hetzner offers dedicated servers for rent at these locations, which we use as a platform for hosting. We also use them for our own infrastructure. An order data processing contract was concluded with Hetzner. Hetzner is also subject to the requirements of the General Data Protection Regulation. Hetzner Online GmbH was awarded the certificate 27001. You can find more details about the server locations here.
From our early days, there are still a few websites in the data centers of Equinix Amsterdam Data Centers. The server location is, inter alia, ISO 27001 certified. You can find more details about the data centre here. The locations in the computer centre were rented from Digital Ocean LLC, New York.
Our backups are stored in the data centers of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States, or AWS for short. We chose Frankfurt as the server location. AWS participates in the EU-US Privacy Shield programme. The server location is, inter alia, ISO 27001 certified.
8.5 SMTP relay (email dispatch)
For the dispatch of transactional emails, we cooperate with the service provider Mailgun (Mailgun Technologies, Inc., 548 Market St. #43099, San Francisco, CA 94104). To this end, the following data is stored:
- email address “from”
- email address “to”
- contents of email
- domain of the BOX which sends the email
The purpose of the processing is the fulfillment of contractual obligations. Its legal basis is Art. 6 (1) lit. b GDPR.
The data is stored at Mailgun for 15 days. The emails themselves are stored in the BOX for 7 days.
9. When do we forward your data?
First, we would like to assure you that we do not sell, lend or lease your personal data. We only pass on data if this is indispensable, e.g. for the fulfilment of our contractual obligations, if we have a justified interest or if we have received your consent. Each of our contractual partners is conscientiously and carefully selected and we oblige them to protect all data in accordance with the statutory provisions. For this reason, we conclude an order data processing agreement with the processor in accordance with Art. 28 GDPR.
11. Your rights
When personal data concerning you is processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller (i.e. vis-à-vis us):
- Right to access
- Right to rectification or erasure
- Right to the restriction of processing
- Right to object to the processing
- Right to data portability
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. You will find more information here.
II. Further details: cookies, tracking and other technologies
1. Provision of the website and creation of log files
1.1 Description and scope of data processing
When you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and the version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.
1.2 Legal basis
The legal basis for the temporary storage of the data and log files is Art. 6 (1) lit. f GDPR.
1.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, your IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. Furthermore, the data helps us to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context. These purposes constitute our legitimate interest in the data processing pursuant to Art. 6 (1) lit. f GDPR.
1.4 Duration of storage
The data is deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. In the case of collection of data for the provision of the website, this is the case when the respective session is over. In the case of storage of data in log files, this is the case after seven days at the latest. Storage for a longer duration than this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to map the client accessing the service.
1.5 Possibility of objection and elimination
Collection of data for the provision of the website and storage of data in log files is indispensable for the running of the website. Consequently, there is no possibility of objection for the user.
2.1 Description and scope of data processing
- Language settings
- Log-in information
- Use of website functions (Intercom, OneSignal)
- User behaviour (Crazy Egg, Google Analytics)
- Allocation of the source of the website calls (our own cookie)
- Allocation to an affiliate / advertising partner (our own cookie)
- Frequency of page views (Google Analytics)
- Search terms entered (Google Analytics)
2.2 Legal basis for the processing of data
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is, where consent has been given by the user, Art. 6 (1) lit. a GDPR.
2.3 Purpose of data processing
- Taking over language settings
- Remembering search terms
- Analysis cookies are used for the purpose of improving the quality of our website and its contents. By means of the analysis cookies we learn how the website is used and can thus constantly optimise our offer.
2.4 Duration of storage, possibility of objection and elimination
3.1 Description and scope of data processing
On our homepage we offer you the chance of registering by providing personal data. In the process, the data is entered into an input mask, transmitted to us and stored. The data is not forwarded to third parties. The following data is collected during the registration process:
- First name
- Last name
- Email address
3.2 Legal basis for the processing of data
The legal basis for the processing of the data is, where consent has been given by the user, Art. 6 (1) lit. a GDPR. Where registration serves to fulfil a contract to which the user is a party or to carry out pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 (1) b GDPR.
3.3 Purpose of data processing
Registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
3.4 Duration of storage
The data is deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. This is the case during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required to execute the contract. Even after concluding the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. Long-term liabilities require the storage of personal data during the term of the contract. Furthermore, warranty periods must be observed as well as the storage of data for tax purposes. It is not possible to specify the storage periods to be observed here in general terms; instead, they must be determined on a case-by-case basis for the contracts concluded and contracting parties in each case.
3.5 Possibility of objection and elimination
As a user you have the possibility to cancel your registration at any time. You can change or delete the stored data yourself at any time via the RAIDBOXES user interface. Where the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or statutory obligations to the contrary.
4. Use of an e-mail box
4.1 Scope of data processing
When you set up an e-mail box, the following data will be requested and stored: first name, last name, RAIDBOXES customer number, e-mail addresses belonging to the e-mail box, and the names of the corresponding domains.
4.2. Purpose of data processing, legal basis
Input of the data is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. Art. 6 (1) lit. b GDPR therefore serves as a legal basis.
4.3 Duration of storage
After the end of your e-mail box contract with RAIDBOXES, your link to mailbox.org will be deleted, provided that it was the last e-mail box contract. This includes the links to the domains you stored at mailbox.org. After the end, the DNS settings will remain unaffected. 60 days after deletion of the e-mail box, mailbox.org will delete all the data.
5. Newsletter, e-mail marketing and product information
We offer you the chance of receiving all the latest news about WordPress and our products. For this purpose, we offer you, for example, our free newsletter. We will explain how, when and where we store data in the process as follows:
On our website we offer the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input mask will be transmitted to us. To subscribe to the newsletter, all you need to enter is your e-mail address. In addition, the following data is collected when you register:
- Your e-mail address
- IP address of the calling computer
- Date and time of registration
- Geographical data (longitude and latitude)
Your consent to the processing of the data will be obtained during the registration process. This will be recorded by us. Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is required so that no one can register with other people’s e-mail addresses. Subscriptions to the newsletter are recorded so that we can prove that the subscription process complies with legal requirements. This includes storing the log-in and confirmation times as well as the IP address. Changes to your data which is stored by the e-mail marketing service provider are also recorded.
For the dispatch of our newsletter we use the services of Mailchimp Inc.
5.2 Our dispatch service provider for the newsletter: MailChimp
5.2 E-mails containing product information
In order to send you e-mail messages about our products and any malfunctions that may occur, we use the services of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. These purposes constitute our legitimate interest in the data processing pursuant to Art. 6 (1) lit. f GDPR. You can find more details about this here.
5.3 E-mail marketing for existing customers
If you purchase services on our website and thereby supply your e-mail address, this may subsequently be used by us to send you product information. In such a case, only direct advertising for our own similar products or services will be sent by e-mail.
In connection with the processing of the data, the data will not be forwarded to third parties.
5.4 Legal basis for the processing of data
The legal basis for the processing of the data after the user has subscribed to the newsletter is Art. 6 (1) lit. a GDPR. The legal basis for the dispatch of direct marketing e-mails following the sale of goods or services is Section 7 (3) of the German Fair Trade Practices Act (UWG).
The use of the service providers HubSpot and Intercom is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
5.5 Purpose of data processing
The user’s e-mail address is recorded so that the newsletter or direct mail can be delivered. Our interest lies in employing a user-friendly and secure mailing system which both serves our business interests and meets users’ expectations.
5.6 Duration of storage
The data is deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. Your e-mail address will therefore be stored for as long as your newsletter subscription is active. Your email address for direct marketing mail will be stored for as long as you are one of our current customers.
5.7 Possibility of objection and elimination
You can cancel or unsuscribe from our newsletter or our direct marketingmail any time. You will find an unsubscription link at the end of each newsletter. Following cancellation all your data will be deleted except for your e-mail address. The e-mail address will be stored in a blacklist and only be used to ensure that we do not send any more e-mails to your e-mail address.
6. Contact forms, contact e-mail, live chat
6.1 Description and scope of data processing
Our website contains forms which may be used for electronic enquiries. When a user makes use of this option, the data entered in the input mask is transmitted to us and stored. At the time of dispatch of the message the following data is also stored:
- The user’s e-mail address
- The user’s IP address
- Date and time of registration
6.2 Legal basis of data processing
The legal basis for the processing of the data is, where consent has been given by the user, Art. 6 (1) lit. a GDPR. The legal basis for the processing of the data transmitted when an e-mail is sent is Art. 6 (1) lit. f GDPR. Where the purpose of the e-mail is to conclude a contract, an additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.
The use of the service provider Intercom is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
6.3 Use of Intercom
For the purpose of customer administration and, above all, to ensure the fastest possible support for the best possible user experience, for the dispatch of messages by e-mail and for live chats, we use the Intercom service of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. These purposes constitute our legitimate interest in the data processing pursuant to Art. 6 (1) lit. f GDPR. You can find more details about this here.
6.4 Purpose of data processing
The processing of the personal data from the input mask serves only for us to process the establishment of contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the dispatch process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
6.5 Duration of storage
The data is deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. With regard to the personal data from the input mask of the contact form and the data sent by e-mail, this is the case when the particular conversation with the user has ended. The conversation has ended when it can be deduced from the circumstances that the relevant facts have been conclusively clarified. The personal data additionally collected during the dispatch process is deleted after seven days at the latest.
6.6 Possibility of objection and elimination
The user can revoke his consent to the processing of personal data at any time. Where the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. A description of how to revoke consent and object to storage follows. In this case, all the personal data stored during the establishment of contact is deleted.
7. RAIDBOXES magazine “OUT OF THE BOX” comment function
Under https://raidboxes.*/blog/ you can find our magazine “OUT OF THE BOX”. With our magazine we wish to inform you about all kinds of subjects to do with WordPress.
7.1 Scope of data processing/ purpose of processing
Our magazine “OUT OF THE BOX” contains a comment function that allows you to comment on our articles. In order to use this comment function, you need to enter your e-mail address and name. All other information, such as your website, is optional. It is necessary to enter an e-mail address so that in case there is a complaint about your comment it can be forwarded to you and you also have the opportunity to comment. If you give your surname and/or first name when you post your comment, they will be published. Your e-mail address and all other voluntary information as well as the time when your comment was posted will be stored in WordPress, will not be passed on to unauthorised third parties and will only be processed for the purpose of the comment function. We reserve the right to delete any comments with an offensive, threatening or racist content.
7.2 Legal basis of processing
Where your personal data is communicated to us via the comment function, the disclosure of this data is always on an expressly voluntary basis. The legal basis for the processing is Art. 6 (1) lit. a GDPR.
7.3 Duration of storage/ revocation and elimination
The data will be stored until you revoke your consent to the processing. You can revoke your consent to the processing of your data at any time. All the personal data that you stored while using the comment function will be deleted immediately upon revocation. As a result, all the comments you entered in our magazine will also be deleted.
8. Google Analytics
8.1 Scope of data processing
On our website we use Google Analytics in order to analyse our users’ surfing behaviour. The software places a cookie on the user’s computer (with regard to cookies, see above). Whenever a page of our website is called up, the following data is stored:
Two bytes of the IP address of the user’s system which is calling
- The page called up
- The website from which the user accessed the page called up (referrer)
- The subpages accessed from the page called up
- The time spent on the page
- How many times the page was called up
8.2 Legal basis of data processing
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 (1) lit. f. GDPR), we use Google Analytics, a web analysis service of Google Inc. “(“Google”).
8.3 Purpose of data processing
We use Google Analytics to display only those ads placed by Google and its partners within our advertising services to users who have shown an interest in our online offering or have specific characteristics (e.g. an interest in specific topics or products determined by the pages they visit), which we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the aid of remarketing audiences, we also wish to ensure that our advertisements correspond to the potential interests of users and do not cause annoyance.
8.4 Duration of storage
8.5 Possibilities of objection and elimination
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the transmission of the data generated by the cookie relating to your use of the website (incl. its IP address) to Google and the processing of this data by Google by downloading and installing this browser add-on.
Opt-out cookies prevent the collection of your data in future when you visit this website. To prevent Universal Analytics from collecting data across multiple devices, you need to opt out on all the systems you use.
9. Google marketing and remarketing services
9.1 Scope of data processing
9.2 Legal basis of data processing
We use these services on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 (1) lit. f. GDPR).
9.3 Purpose of processing
The Google marketing services give us the chance of displaying advertisements for ourselves and on our website in a more targeted manner in order to show users only those ads that could potentially interest them.
9.4 Duration of storage
According to Google, the protocol data collected by Google is anonymised by deleting part of the IP address and of the cookie information after 9 and 18 months respectively. You can find more details about this here.
9.5 Possibilities of objection and elimination
If you wish to object to interest-based advertising by Google marketing services, you can use the preference and opt-out settings provided by Google.
10. Facebook Social Plugins
We use the Social Plugin “Shariff Wrapper”. You can find more details about this here.
10.1 Scope of data processing
10.2 Legal basis of data processing
The data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 (1) lit. f. GDPR).
10.3 Purpose of data processing
The Facebook Social Plugins show us the interests of the visitors so that we can display them in a more targeted manner on our website in order to show users only those articles which could potentially interest them.
10.4 Duration of storage
According to Facebook’s information, Facebook stores the date and time of your visit, the specific internet address where the social plugin is located, and other technical data such as IP address, browser type and operating system for a period of 90 days in order to further optimise Facebook’s services. After 90 days the data is anonymised so that it can no longer be associated with you.
10.5 Possibilities of objection and elimination
If a user is a Facebook member and does not want Facebook to collect data about him via this online service and link it to his membership data stored on Facebook, he must log out of Facebook and delete his cookies before using our online service. Further settings and objections to the use of data for advertising purposes can be made in the Facebook profile settings or via the US-American page or the EU page. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
11. Facebook, Custom Audiences and Facebook marketing services
11.1 Scope of data processing
Within our online offering, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of complying with European data protection law. By means of the Facebook pixel, Facebook can, firstly, identify the visitors to our online site as the target group for the presentation of advertisements (so-called “Facebook ads”). When you visit our web pages, the Facebook pixel is directly inserted by Facebook and can store a so-called cookie, i.e. a small file, on your device. When you subsequently log in to Facebook or visit Facebook when already logged in, the visit to our online site will be noted in your profile. The data collected about you is anonymous for us, i.e. it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for our own market research and advertising purposes. If we should transmit data to Facebook for comparison purposes, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of comparison with the data equally encrypted by Facebook. Facebook processes the data in accordance with Facebook’s data usage policy. Accordingly, general notes on the presentation of Facebook ads in Facebook’s data policy. You can find specific information and details about the Facebook pixel and how it works in the Facebook Help Center.
11.2 Legal basis of data processing
Our justified interests in the analysis, optimisation and economic operation of our online offer and for these purposes.
11.3 Purpose of data processing
We use the Facebook pixel to display only those Facebook ads placed by us to those Facebook users who have shown an interest in our online offering or specific characteristics (e.g. an interest in specific topics or products determined by the pages they visit), which we transmit to Facebook (so-called “Custom Audiences”). With the aid of the Facebook pixel, we also wish to ensure that our Facebook ads correspond to the potential interests of users and do not cause annoyance. With the aid of the Facebook pixel, we can also monitor the effectiveness of Facebook ads for statistical and market research purposes, by seeing whether users were referred to our website after clicking on a Facebook ad (so-called “conversion”).
11.4 Duration of storage
According to Facebook’s information, Facebook stores the date and time of your visit, the specific internet address where the social plugin is located, and other technical data such as IP address, browser type and operating system for a period of 90 days in order to further optimise Facebook’s services. After 90 days the data is anonymised so that it can no longer be associated with you.
11.5 Possibilities of objection and elimination
12. Online presences in social media
We operate internet sites on social networks and platforms in order to establish contact with customers, interested parties and users who are active there and to inform them about our services. You yourself are responsible for the use of Facebook, Instagram and Twitter. This applies in particular to the functions Comment, Share, Rate, etc. The information that we publish on our online sites in the social media can also be called up from our own website.
12.1 Scope of processing
When you visit our Facebook / Instagram / Twitter / XING or Linkedin page, your IP address and information stored as cookies on your computer are collected. Your usage behaviour and interests derived from this can then be used for the creation of a user profile in order to produce advertisements which are visible to you on and outside of the respective platform. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
It cannot be ruled out that the data collected from you might also be processed outside the territory of the European Union. Among other things, this may make it more difficult to enforce your rights.
12.2 Legal basis of processing / purpose of processing
The processing of users’ personal data is carried out on the basis of our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 (1) lit. f GDPR. Where users are asked by the respective providers of the platforms to give their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 (1) lit. a., Art. 7 GDPR.
12.3 Request for information
If you wish to obtain information concerning the data stored about you within the online services or to assert your user rights over these services, we recommend that you assert such rights directly vis-à-vis the respective provider. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. Should you need help, you can of course contact us.
12.4 Possibilities of objection and elimination
For more detailed information regarding the possibilities of objection (opt-out), please refer to the information on the relevant platform. Below you will find further information and the corresponding links:
12.4.1 Facebook, pages, groups
When you visit our Facebook page, the IP address assigned to your end device is transmitted to Facebook. Whether and how Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are attributed to you, how long Facebook stores this data and whether data from your visit to the Facebook page is passed on to third parties, is not conclusively and clearly specified by Facebook and not known to us. We would also like to draw your attention to the fact that Facebook stores information not only on the end devices of its users; Facebook may thus be able to attribute IP addresses to individual users. When you are logged in to Facebook, there is a cookie on your device that contains your Facebook ID. This lets Facebook know that you have visited our site and how you have used it. Facebook buttons which are embedded in our website enable Facebook to record your visits and assign them to your Facebook profile. This data can be used to offer content or advertising which is tailored to you.
If you want to avoid this, you will need to log out of Facebook or disable the “Stay logged in” feature, delete the cookies that are present on your devices, and exit and restart your browser. This will delete Facebook information with which you can be directly identified. This lets you use our Facebook page to a limited extent without revealing your Facebook ID. However, if you want to use the interactive features of the page (like, comment, share, news, etc.), a Facebook login screen will appear. If you log in, Facebook will again recognise you as a certain user. You can find information on how to manage or delete information about yourself on the following Facebook support page: https://de-de.facebook.com/about/privacy and here: https://www.facebook.com/settings?tab=ads. You can also find out more about how Facebook uses your data in order to generate statistical information about visits to the Facebook page by clicking here: https://de-de.facebook.com/help/pages/insights. Facebook is Privacy Shield certified.
13.1 Scope of data processing
For the transmission of messages by e-mail and for live chats as well as for customer management, we use the Intercom service provided by Intercom Inc.. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. In this context we transmit the following personal data:
- Your e-mail address
- Your first and last name
- Your telephone number
- Contract master data
- Contact details of the technical support team
13.2 Legal basis of data processing
The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR).
13.3 Purpose of data processing
We use the Intercom service to respond as quickly as possible to customer enquiries made in the LIVE chat, and also to manage our customer contact. These purposes constitute our legitimate interest in the data processing pursuant to Art. 6 (1) lit. f GDPR.
13.4 Duration of storage
The data concerning interested parties who have contacted us via the live chat is fully deleted after 9 months at the latest. Every interested party who contacts us afterwards is treated as a new interested party.
13.5 Possibilities of objection and elimination
You can prevent the storage of cookies by setting your browser software accordingly (can be found under “Settings” with most browsers); however, we would again like to point out that in this case you may not be able to use all the functions of this website to their full extent (e.g. the live chat).
14. Feedback forum: Uservoice
14.1 Scope of processing
With our dashboard’s Ideas forum, we give you the opportunity to rate our product and suggest improvements and new features. Forthis we use the software Uservoice, which is provided and operated by Uservoice Inc. 121 2nd St, Fl 4, San Francisco, CA 94105, USA (“Uservoice”). To provide feedback, you will be asked to enter your e-mail address. Further information, such as your name, is optional, so that you can decide yourself which personal data you want to transmit to Uservoice via the feedback function. By giving us feedback on Uservoice, you agree to the use and processing by Uservoice of the data collected via the software and supplied by you.
According to Uservoice DPA the following is stored:
- Name (first and last name)
- E-mail address
- IP address
- (Billing) address (where given)
- Name of company (where given)
- Role in said company (if any; referred to in English as Affiliation) (where given).
An idea will however not be published until it has been checked and approved by us.
14.2 Legal basis
We avail ourselves of this service on the basis of our legitimate interests, i.e interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 (1) lit. f. GDPR.
14.3 Purpose of processing
By using Uservoice, we want to give our customers and users the opportunity to actively participate in our product development by sharing ideas for product optimisation and development with us and other participants. We use this information to develop new product functions and position our company as a whole more closely to our target groups.
14.4 Possibilities of objection and elimination
Uservoice offers the possibility to download your data directly via Uservoice and, if desired, to delete it directly. The associated process is as follows:
Go to https://raidboxes.uservoice.com/. Once you have logged in with the email address and password that you used to submit your feedback request, you can click on “Settings” under your name in the top right corner. A sidebar will then appear on the right side of the screen with the setting options. Scroll down to the bottom to find the two options for deleting the account and the data, as well as for exporting the datasets.
15.1 Scope of data processing
15.2 Legal basis of processing
The processing of the data via OneSignal is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR.
15.3 Purpose of data processing
We use the OneSignal service to provide current information about us and our products only to those customers who are interested.
15.4 Duration of storage
OneSignal stores the personal data for 30 days.
15.5 Possibilities of objection and elimination
In your browsersettings you can delete the OneSignal cookie under Cookies.
We use HubSpot on this website for our online marketing activities. HubSpot is a software company from the USA with a subsidiary in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500. We use HubSpot for:
- the evaluation of the use of our web pages (e.g. access, pages visited, length of stay, etc.).
16.1 Scope of data processing
Through the use of the service, so-called “web beacons” are used and cookies are also set, which are stored on your computer and thus enable us to analyse your use of our website.
In the process, the following data is stored:
- IP address
- Geographical location
- Type of browser
- Length of visit
- Page called up
If you have subscribed to our newsletter, your e-mail address, your newsletter opt-in, and optionally your name will be stored. When you register with us, the following data will also be stored:
- Name, first name
- Telephone number
- Contract data
- Any expectations stated
The legal basis for the use of Hubspot’s services is Art. 6 (1) lit. f. GDPR – legitimate interest. Our legitimate interest in using this service is to optimise our marketing efforts and improve the quality of our service on the website.
16.2 Legal basis of processing
The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR). Our legitimate interest in using this service is to optimise our marketing efforts and improve the quality of our service on our website. The purpose of the processing consists in this legitimate interest.
16.3 Possibility of objection and elimination
If you wish to object to the collection of data in general, you can prevent the storage of cookies any time by changing your browser settings.
16.4 Hubspot logfiles
Whenever web pages or landing pages created with Hubspot are called up, Hubspot automatically creates so-called log files. The log files can contain the following information, for example: IP address, browser, operating system, internet provider, pages visited, etc. The collection of data serves to optimise the pages, to ensure the security of the websites and to compile general statistics on the use of pages created with Hubspot. The automatically collected data is linked to personal data stored in Hubspot. The legal basis for the storage of the data in the log files is Art. 6 (1) lit. f GDPR. The data is deleted after 180 days and during this period only authenticated Hubspot IT staff have access to the log files.
17.1 Scope of data processing
On our website and dashboard, we use the error analysis service of Rollbar Inc. (Rollbar, 51 Federal Street, San Francisco, CA 94107, USA). Only in the event of an error will your IP address, the user agent and the page accessed be transmitted to Rollbar. Rollbar, Inc. is certified under the EU/Swiss/ US data Privacy Shield. You can find further data protection information about Rollbar at https://rollbar.com/privacy. Furthermore, we have concluded a data processing agreement with Rollbar.
17.2 Legal basis of processing
We avail ourselves of the service on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.
17.3 Purpose of processing
The Rollbar tracking tool helps us to optimise the technical reliabilityof our services by monitoring system stability and identifying code errors from our log files. Rollbar serves these purposes alone and does not evaluate any data for advertising purposes.
17.4 Duration of storage
Personal data such as IP addresses are anonymised either after 30 days or after a problem has been solved.
18. Integration of third-party services and content
We use content or service offerings from third-party providers in our online presence on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer pursuant to Art. 6 (1) lit. f. GDPR), such as videos or font types (in the following jointly called “content”). This always presupposes that the third-party providers of this content are aware of the IP address of the users, since they would not be able to send the content to their browsers without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only such content whose respective providers use the IP address only for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. By means of the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, times of visits and other information about the use of our website, and may also be linked to such information from other sources. The following description offers an overview of third-party providers and their content, along with links to their data privacy statements, which contain further notes on the processing of data and, in part already mentioned here, objection (so-called opt-out) options:
- This site uses so-called web fonts offered by Fonticons, Inc. for the uniform display of fonts. When you visit our site, your browser loads the web fonts you need into your browser’s cache to display text and fonts correctly, and the fonts used are hosted directly by us, so the browser you are using does not need to connect to third parties. Web fonts are used in the interest of a uniform and appealing presentation of our online offering. This represents a legitimate interest pursuant to Art. 6 (1) lit. f GDPR. If your browser does not support web fonts, a default font will be used by your computer. More information about Font Awesome can be found at https://fontawesome.com/help and in the Fonticons, Inc. privacy statement: https://fontawesome.com/privacy.
III. Your rights
1. Right to access
You can request confirmation at any time as to whether personal data concerning you is processed by us. This information is of course – unless requested with above-average frequency – free of charge. In order to be able to give you this information, it is necessary to perform a further verification. You will therefore receive a randomly generated verification code at your e-mail address as soon as you submit your request, which you need to confirm.
2. Right to rectification
Should the personal data which we have stored be incorrect or incomplete, you can request rectification at any time. We shall make the rectification without delay.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
- If you dispute the accuracy of the personally identifiable data concerning you for a period of time that allows us to verify the accuracy of the personally identifiable data;
- If the processing is unlawful and you refuse to delete the personal data and instead request restriction of the use of the personal data;
- If we no longer need the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims; or
- If you have lodged an objection against the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether our legitimate reasons override your reasons.
If the processing of personal data concerning you has been restricted, such data may be processed – with the exception of its storage – only with your consent or for the purpose of asserting, exercising or defending a right or protecting the rights of another natural or legal person or for reasons relating to an important public interest of the Union or of a Member State. If the processing was restricted pursuant to the above conditions, you will be informed by us, RAIDBOXES GmbH, before the restriction is lifted.
4. Right to erasure
Unless there is a legitimate interest to the contrary, you can assert your right to erasure at any time.
5. Revocation of consent
Any data processing based on your consent can be stopped as soon as you revoke your consent. Revocation may be carried out at any time and with effect for the future. As our accountability obliges us to store any consent given, revocation must be effected in writing, whereby an e-mail is deemed sufficient.