Privacy policy

We attach great importance to the protection of your data. We therefore comply with the provisions of law on data protection (GDPR) and otherwise do everything in our power to protect your data. The controller in the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union (EU) and other data protection regulations is:

RAIDBOXES GmbH

Friedrich-Ebert-Strasse 7

48153 Münster

The controller’s internal data protection officer is:

Ms Virginia Ostfeld

Email: virginia@raidboxes.io

Tel.: 020 3608 6334

Introduction

This privacy policy is intended to provide you as a customer or interested party with a detailed overview of how and to what extent your data is recorded, stored, processed, passed on and transmitted by us if you visit our website or use our services. It also outlines the data protection measures we employ and informs you of the options you have when you visit our site and use our services.

In order to ensure the protection of your data also in the future, particularly in line with new legal requirements and technical developments, it is inevitable that this privacy policy will have to be adjusted from time to time. We therefore recommend that you regularly reread our information on data processing.

When preparing this privacy policy we tried to avoid the use of legal expressions as much as possible, so as to ensure that all its content is clearly comprehensible even for non-lawyers. In some places you will find references to legislation, which are included purely for the sake of completeness. If you find certain sections to be incomprehensible, please let us know so that we can revise them.

However, it proved to be a considerable challenge to write a privacy policy which is clear, comprehensible and complete on the one hand and on the other not so long as to tire the reader out. We therefore decided to first provide you with a summary in a general section and then go into greater detail further on in the privacy policy. Please take a moment to read through this privacy policy. Should you have any further questions on data protection, you can contact our data protection officer Ms Virginia Ostfeld at any time.

What data is processed?

When we talk about data processing we are always referring to your personal data, defined in Article 4 No.1 of the GDPR as information that relates to an identified or identifiable person. It is therefore any data relating to you (whether directly or indirectly), e.g. first name, surname, addresses, email addresses, user behaviour, etc. Data associated with websites or services that do not belong to us or that we do not control is not covered by this privacy policy. Websites or services of other RAIDBOXES customers are also excluded.

  1. Why do we process personal data?

Firstly because we have no option – in order to conclude a contract with us it is absolutely necessary for us to know your basic data. Secondly, we want to provide you as the customer with the best possible user experience, and for that reason always strive to optimise our services. We only process personal data in compliance with the provisions of law. This means that the data is only processed with statutory permission, in particular if the data processing is necessary for the provision of our contractual services or for the use of the online services or is legally required. We also process data if we have been granted consent or have a legitimate interest in the processing (e.g. an interest in the analysis, optimisation, economic operation or security of our online service, particularly with regard to measuring its coverage, the creation of profiles for advertising and marketing purposes, as well as the collection of access data and the use of the services of third-party providers. In the second section “In detail: cookies and other technologies” we provide comprehensive information on their use.

  1. When and to what extent do we process personal data?

Below you will find an overview of all the processes in which your personal data is processed.

3.1 For the provision of contractual services/registration

We process user data and contract data so that we can fulfil our contractual obligations and perform our services (Article 6(1) point (b) GDPR).

3.2 Contacting us

If you contact us by e-mail, the information will be processed insofar as this is necessary to answer your questions. Any communication with us via our live chat function will be effected through services provided by Intercom. You can find further information on this in the section entitled “In detail: cookies and other technologies”.

3.3 Visiting our website

If you use our website, services or messaging functions, we or our authorised service providers may use cookies or similar technologies. The thus collected information helps us to better tailor our services to the needs of our customers and make them better, faster and most importantly even more secure. It also serves advertising purposes.

  1. Legal basis for the processing of personal data

If we obtain the consent of the data subject for personal data processing operations, the legal basis is Article 6(1) point (a) of the General Data Protection Regulation (GDPR). Where personal data is processed for the performance of a contract to which the data subject is party, the legal basis is Article 6(1) point (b) GDPR. The same applies for processing operations which are necessary for the purpose of implementing pre-contractual measures. Where it is necessary to process personal data for the purpose of fulfilling a legal obligation to which our company is subject, the legal basis is Article 6(1) point (c) GDPR. In the event that vital interests of the data subject or another natural person require processing of personal data, the legal basis is Article 6(1) point (d) GDPR. If the processing is necessary for the purposes of a legitimate interest of our company or a third party and if the interests and fundamental rights and freedoms of the data subject do not override that interest, the legal basis for the processing is Article 6(1) point (f) GDPR.

  1. Erasure of data and storage period

The data that we store will be erased as soon as it is no longer needed for its designated purpose and if no statutory retention requirements are opposed to the erasure. If the user’s data is not erased because it is necessary for other legally permissible purposes, its processing will be restricted. That means that the data will be blocked and not processed for other purposes. This applies, for example, for data of the user which has to be stored for reasons related to commercial or tax law. Pursuant to statutory requirements, the retention periods are six years under Article 257 par. 1 of the German Commercial Code (Handelsgesetzbuch – HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and 10 years under Article 147 par. 1 of the German Tax Code (Abgabenordnung) (books of account, records, management reports, accounting records, commercial and business letters, documents relevant for taxation etc.).

  1. Can minors use our services?

In short the answer is no, our website and services may not be used by minors. We do not knowingly record any information of minors or other persons who are not legally permitted to use our services. If we discover that we have collected personal data of minors, we will promptly erase it, unless we are legally required to retain it. Please contact us if you suspect that we have inadvertently or erroneously recorded data of a minor.

  1. How do we protect your personal data?

We implement physical, technical and administrative security measures in order to adequately protect your personal data against loss, misuse, unauthorised access, disclosure or alteration. Those security measures include firewalls, data encryption and authorisation controls for access to data. We also select our server locations very carefully. We are committed to ensuring the security of our systems and services.

However, you are responsible yourself for the security and confidentiality of your passwords and your account profile/registration data. You are also responsible for checking to ensure that that the personal data concerning you in our possession is correct and up to date. We are not liable for the protection of personal data that we pass on to third parties on the basis of an account link authorised by you.

  1. Where is your data stored?

8.1 Frankfurt

Some of the servers used for the hosting service are located in the computer centres of the company Interxion in Frankfurt. The server location is certified under ISO 27001, among other certifications. The spaces in the computer centre are leased from Digital Ocean LLC, New York. Digital Ocean operates a cloud platform there for virtual servers, which is used by us as a platform for the hosting. We have concluded a contract data processing agreement with DigitalOcean. In addition, DigitalOcean is subject to the EU-US Privacy Shield agreement.

8.2 Falkenstein/Nuremberg

Another part of the servers used for the hosting service and also the servers for our own infrastructure/data processing (dashboard, monitoring, configuration management, etc.) are located in the computer centres of the company Hetzner Online GmbH in Falkenstein and Nuremberg. Hetzner provides dedicated servers for rental at those locations, which are used by us as a platform for the hosting. We also use them for our own infrastructure. We have concluded a contract data processing agreement with Hetzner. Hetzner is also subject to the requirements of the General Data Protection Regulation. Hetzner Online GmbH holds Certificate 27001.

8.3 Amsterdam

Dating back to the initial period of our operations there are still a few websites in the computer centres of Equinix Amsterdam Data Centers. The server location is certified under ISO 27001, among other certifications. You can find further information on the computer centre here. The spaces in the computer centre are leased from Digital Ocean LLC, New York.

8.4 Backups

Our backups are stored in the computer centres of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States (“AWS”). We chose Frankfurt as the server location. AWS participates in the EU-US Privacy Shield programme. The server location is certified under ISO 27001, among other certifications.

  1. When do we pass your data on?

First and foremost we would like to assure you that we do not sell, lend out or lease your personal data. Data is only passed on to if this is absolutely necessary, for example for the fulfilment of our contractual obligations, if we have a legitimate interest or if you have given us your consent. Each of our contract partners is carefully and conscientiously selected and we obligate them to protect all data in accordance with the provisions of law. For that reason we also conclude a contract data processing agreement with the contract processor in accordance with Article 28 GDPR.

  1. Links

Our website may contain links to websites of other providers, for whose content we, RAIDBOXES Gmbh, are not responsible and which is not covered by this privacy policy.

  1. Your rights

If your personal data is processed, you are a data subject in the meaning of the GDPR and are entitled to the following rights with respect to the controller (i.e. with respect to us):

  • right to information
  • right to rectification or erasure
  • right to restriction of the processing
  • right to object to the processing
  • right to data portability.

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.

In detail: cookies and other technologies

This section is intended to give you a better understanding of the different technologies used by us and explain how they are used. If you use our website, services or messaging functions, we or our authorised service providers may use cookies or similar technologies. The thus collected information helps us to better tailor our services to the needs of our customers and make them better, faster and most importantly even more secure. It also serves advertising purposes.

  1. The provision of the website and the creation of log files

1.1. Description and scope of the data processing

When you access our website our system automatically records data and information from the system of the accessing computer. The following data is collected in this context:

  • information on the browser type and the version used
  • the user’s operating system
  • the user’s IP address
  • the date and time of the access
  • the websites from which the user’s system arrived at our website.

The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

1.2 Legal basis

The legal basis for the temporary storage of the data and log files is Article 6(1) point (f) GDPR.

1.3 The purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, your IP address must remain stored for the duration of the session. Storage in log files occurs in order to ensure that the website functions properly. We also use the data to optimise the website and to ensure the security of our information technology systems. In this context, the data is not analysed for marketing purposes. Our legitimate interest in the data processing under Article 6(1) point (f) GDPR also lies in these purposes.

1.4. Storage period

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. If the data is recorded for the purpose of providing the website, this is the case when the respective session ends. If the data is stored in log files, this is the case no later than after seven days. Further storage is possible, in which case the IP addresses of the user will be erased or altered so that the accessing client can no longer be attributed.

1.5 Objection and removal option

The recording of the data for the purpose of providing the website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore does not have any possibility of objecting.

  1. Cookies

2.1. Description and scope of the data processing

Our website uses cookies. Cookies are small text files which are stored in the Internet browser or by the Internet browser on the user’s computer system. If you access a website as a user, a cookie may be stored in your operating system. That cookie contains a distinctive character string which makes it possible to unequivocally identify the browser when you access the website again. Cookies cannot execute any programmes or transfer viruses onto your computer. They serve the purpose of making the Internet service generally more user-friendly and effective. There are four types of cookie:

  • Session cookies expire at the end of your browser session and enable us to link your actions during that particular browser session with each other.
  • Permanent cookies are stored on your device between browser sessions and enable us to document your priorities or actions across several pages.
  • First-party cookies are stored by the site which you have just accessed.
  • Third-party cookies are installed by a third-party site other than the site visited by you.

We install cookies in order to make our website more user-friendly. Some elements of our website require that the accessing browser can also be identified after a page change. In these technically necessary cookies, the following data is stored and transmitted:

  • Language settings
  • Log-in information

We also use cookies on our website that enable us to analyse the user’s surfing behaviour. In this way the following data may be transmitted:

  • use of website functions (Intercom, OneSignal)
  • use behaviour (Crazy Egg, Google Analytics)
  • attribution of the source of the website access (own cookie)
  • attribution to an affiliate/advertising partner (own cookie)
  • the frequency of site access (Google Analytics)
  • entered search terms (Google Analytics).

When he/she accesses our website, the user is informed of the use of cookies for the purposes of analysis and his/her consent to the processing of the personal data used in this context is obtained. In this context reference is also made to this privacy policy. You can find further information on cookies in the following sections.

2.2. Legal basis for the data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1) point (f) GDPR. The legal basis for the processing of personal data using cookies for the purposes of analysis, where the user has given his/her consent in this respect, is Article 6(1) point (a) GDPR.

2.3 The purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for the user. Some functions of our website cannot be provided without the use of cookies. For those functions it is necessary that the browser be recognised also after a page change. We need cookies for the following applications:

  • takeover of language settings
  • noting search terms.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continually optimise our service.

2.4 The storage period and objection and removal option

Cookies are stored on your computer and transmitted by it to our site. You as the user therefore have full control of the use of cookies. By changing the settings in your Internet browser you can deactivate or restrict the transfer of cookies. Already stored cookies can be deleted at any time. This may also occur automatically. If cookies are deactivated for our website, you may not be able to use all the functions of the website to the full extent. If you would like to object to the cookies that RAIDBOXES GmbH installs, simply write to us.

  1. Registration

3.1. Description and scope of the data processing

On our website we offer you the possibility of registering, for which you must provide personal data. The data is entered into an input mask, transmitted to us and stored. The data will not be handed over to third parties. The following data is collected in the course of the registration process:

  • first name
  • surname
  • email address.

3.2. Legal basis for the data processing

The legal basis for the processing of data, where the user’s consent has been obtained, is Article 6(1) point (a) GDPR. If the registration serves the purpose of the performance of a contract to which the user is party or carrying out pre-contractual measures, an additional legal basis for the processing of the data is Article 6(1) point (b) GDPR.

3.3 The purpose of the data processing

Registration of the user is necessary for the performance of a contract with the user or for carrying out pre-contractual measures.

3.4. Storage period

The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. This is the case for the data collected during the registration process for the performance of a contract or for carrying out pre-contractual measures if the data is no longer necessary for the performance of the contract. It may also be necessary to store personal data of the contract partner after the conclusion of the contract for the purpose of fulfilling contractual or legal obligations. Continuous obligations require storage of the personal data during the term of the contract. Warranty periods must also be observed, as well as required storage of data for tax purposes. What storage periods must be complied with in this context cannot be generally determined but must be ascertained in an individual case for the concluded contracts and contract parties.

3.5 Objection and removal option

As the user you may annul the registration at any time. You can alter or erase the stored data yourself at any time through the RAIDBOXES user interface. If the data is required for the performance of a contract or for carrying out pre-contractual measures, early erasure of the data is only possible if contractual or statutory obligations are not opposed to erasure.

  1. Newsletter, email marketing and product information

4.1. Description and scope of the data processing

4.1.1 Mailing newsletter and email marketing on the basis of registration for the newsletter

On our website you have the option of subscribing for a free newsletter. Upon registration for the newsletter; the data from the input mask is transmitted to us. In order to register for the newsletter, it is sufficient to provide us with your email address. We also optionally request your first name for the purpose of personally addressing you in the newsletter. The following data is also collected upon registration:

  • your email address
  • the IP address of the accessing computer
  • the date and time of the registration:

Your consent will be obtained for the processing of the data in the course of the registration process and you will be referred to this privacy policy.

4.1.2 Mailing the newsletter and email marketing on the basis of product information

If you purchase services on our website and in this context provide your email address, it may be subsequently used by us to mail product information, in which case exclusively direct advertising for similar products or services of our company will be sent via the newsletter.

The data will not be passed on to any third parties in connection with the data processing for the mailing of newsletters. The data will be used exclusively for mailing the newsletter.

4.2 Registration for the newsletter and logging

Registration for our newsletter occurs in a so-called “double opt-in” procedure. That means that after registration you receive an email in which you are asked for confirmation of your registration. That confirmation is necessary to ensure that no one can register with another person’s email address. Registrations for the newsletter are logged so that we can provide proof that the registration process is compliant with legal requirements. This includes storage of the time of registration and confirmation, as well as the IP address. Changes of your data stored with the mailing service provider will also be logged.

4.3 Our mailing service provider for the newsletter: MailChimp

Following extensive research we decided to use “MailChimp”, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, for our newsletter mailing. The email addresses of our newsletter recipients and their other data, as described in the relevant information, are stored in MailChimp’s servers in the USA. MailChimp uses that information to mail and evaluate the newsletter on our behalf. According to its own information, the mailing service provider may also use that data in pseudonymous form, i.e. without attribution to a user, to optimise or improve its own services, for example for the technical optimisation of the mailing and presentation of the newsletter or for statistical purposes, or to determine which countries the recipients come from. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or pass it on to third parties. We have confidence in the reliability of MailChimp and its IT and data security. MailChimp is certified under the Privacy Shield agreement and thus provides a guarantee that it adheres to the European level of data protection. We have also concluded a “data processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect our users’ data, process it on our behalf in accordance with its privacy policy and, in particular, refrain from passing it on to third parties. You can access the mailing service provider’s privacy policy here.

4.4 Our service provider for product information: Intercom

For the mailing of notifications by email providing information on our products, new features or possible malfunctions, we use the services of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. Our legitimate interest in the data processing under Article 6(1) point (f) GDPR also lies in these purposes.

4.5 Online access and data management

In some cases we direct the newsletter recipients to MailChimp’s website. For example, our newsletters contain a link with which the newsletter recipients can access the newsletter online (for example in the event of display problems in the email programme). Newsletter recipients can also subsequently correct their data, for example their email address. The privacy policy of MailChimp can also only be accessed on its website. Please note that cookies are used on MailChimp’s website and thus personal data is processed by MailChimp and its partners and engaged service providers (for example Google Analytics). We have no influence on that data collection. You can find further information on this in MailChimp’s privacy policy. We also advise you of the possibility of objecting to the data collection for advertising purposes on the websites http://www.aboutads.info/choices/and http://www.youronlinechoices.com/(in Europe).

4.6. Legal basis for the data processing

The legal basis for the processing of the data following registration for the newsletter by the user, where the consent of the user has been obtained, is Article 6(1) point (a) GDPR. The legal basis for the mailing of the newsletter as a result of the sale of goods or services is Article 7 par. 3 of the German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb). The use of the mailing service provider MailChimp occurs on the basis of our legitimate interest in accordance with Article 6(1) point (f) GDPR.

4.7 The purpose of the data processing

The collection of the user’s email address serves the purpose of delivering the newsletter. Our interest is based on the use of a user-friendly and secure newsletter system which both serves our business interests and meets the users’ expectations.

4.8. Storage period

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. Your email address will therefore be stored as long as the subscription for the newsletter is active.

4.8 Objection and removal option

You can terminate the receipt of our newsletter at any time, i.e. withdraw your consent. You will find a link for the termination of the newsletter at the end of each newsletter. Following termination your data will be erased, except for the email address. The email address will be stored in a blocking list and will only be used to ensure that we do not send any more emails to your email address.

  1. Contact form, contact email, live chat

5.1. Description and scope of the data processing

Forms are available on our website which you can use to electronically contact us. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to and stored by us. At the moment when the message is dispatched the following data will also be stored:

  • the user’s email address
  • the user’s IP address
  • the date and time of registration:

In the course of the dispatch process, your consent will be obtained for the processing of the data and you will be referred to this privacy policy. Alternatively, you can contact us via the email address that we provide, in which case the personal data of the user transmitted with the email will be stored. You can also contact us via the live chat function. For this purpose we use the services of Intercom. The data will not be passed on to any third parties in this context. The data will be used exclusively for processing the communication.

5.2. Legal basis for the data processing

The legal basis for the processing of the data, where the user’s consent has been obtained, is 6(1) point (a) GDPR. The legal basis for the processing of the data which is transmitted in the course of sending an email is Article 6(1) point (f) GDPR. If the email contact is aimed at the conclusion of a contract, Article 6(1) point (b) GDPR is an additional legal basis for the processing.

The use of the service provider Intercom is based on our legitimate interest in accordance with Article 6(1) point (f) GDPR.

5.3 Use of Intercom

For the purpose of customer management and particularly to ensure the fastest possible support for an optimum user experience, for mailing of notifications by email and for the live chat function we rely on the services of Intercom Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. Our legitimate interest in the data processing under Article 6(1) point (f) GDPR also lies in these purposes.

5.4 The purpose of the data processing

Our sole purpose in processing the personal data from the input mask is to process the communication with us. If you contact us by email, this is also the required legitimate interest in the processing of the data. The other personal data processed during the dispatch process serves the purpose of preventing misuse of the contact form and ensuring the security of our information technology systems.

5.5. Storage period

The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and the data sent by email this is the case when the respective communication with the user has ended. The communication ends when the circumstances indicate that the issue in question has been conclusively clarified. The personal data additionally collected during the dispatch process will be erased no later than after a period of seven days.

5.6 Objection and removal option

The user has the possibility of withdrawing his/her consent to the processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time, in which case the communication cannot be continued. Below you will find a description of how you can withdraw your consent and object to the storage. All personal data which has been stored in the course of the communication will then be erased.

  1. Google Analytics

6.1 The scope of the data processing

On our website we use Google Analytics to analyse the surfing behaviour of our users. The software installs a cookie in the user’s computer (see above for information on cookies). If individual pages of our website are accessed, the following data will be stored:

  • two bytes of the IP address of the accessing system of the user
  • the accessed web page
  • the website from which the user arrived at the accessed website (referrer)
  • the subpages which are accessed from the website which is accessed
  • the amount of time spent on the website
  • the frequency with which the website is accessed.

Google uses cookies. The information generated by the cookies on the use of the online service by the users is generally transferred to and stored on a Google server in the USA. Google is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection laws. We only use Google Analytics with activated IP anonymisation. That means the users’ IP addresses are abbreviated by Google in Member States of the European Union or in other contracting states of the Treaty on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the USA and abbreviated there. The IP address transmitted by the user’s browser will not be combined with any other Google data. Users can prevent the storage of the cookies by setting their browser software accordingly. They can also prevent the recording of the data generated by the cookie that relates to their use of the website to Google and the processing of that data by Google by downloading and installing the browser plug-in available under the following link.You can find further information on the use of data by Google and setting and objection options on Google’s web pages “How Google uses data when you use websites or apps of our partners”, “Use of data for advertising purposes” and ”Manage information that Google uses to display advertising to you”. Google will use that information on our behalf to analyse the use of our online service by the user, to compose reports on the activities on the website and to provide further services to us associated with the use of our site and the use of the Internet. Pseudonymous use profiles of the users may be created from the processed data.

6.2. Legal basis for the data processing

We use Google Analytics, a web analysis service of Google Inc. (“Google”), on the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and economic operation of our website in the meaning of Article 6(1) point (f) GDPR).

6.3 The purpose of the data processing

We use Google Analytics so that the advertisements displayed within advertising services of Google and its partners are only displayed to users who have shown an interest in our online service or who have particular characteristics (e.g. an interest in particular subjects or products, which are determined based on the visited web pages), which we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the aid of the remarketing audiences, we also aim to ensure that our advertisements correspond to the potential interests of the users and do not seem bothersome.

6.4. Storage period

Sessions and campaigns are terminated after the end of a particular period of time. As a rule, sessions are terminated after 30 minutes without activity and campaigns after six months. The time limit for campaigns can be a maximum of two years. You can find more detailed information on terms of use and data protection at:https://www.google.com/analytics/terms/de.htmlor https://policies.google.com/

6.5 Revocation and removal options

You can prevent the storage of the cookies by setting your browser software accordingly. However, please note that if you do so you may not be able to use all the functions of this website to their full extent. You can also prevent the recording of the data generated by the cookie that relates to your use of the website (including your IP address) to Google and the processing of that data by Google by downloading and installing this browser add-on.

Opt-out cookies prevent the future recording of your data when you visit this website. In order to prevent recording by Universal Analytics across different devices, you must carry out the opt-out on all systems used.

  1. Google marketing and remarketing services

7.1 The scope of the data processing

We use the marketing and remarketing services (“Google marketing services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection laws. The Google marketing services enable us to display advertisements for and on our website in a more targeted manner, so that we can present to users only advertisements which potentially correspond to their interests. If, for example, advertisements are displayed to a user for products in which he/she has taken an interest on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, a Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website, with the aid of which an individual cookie, i.e. a small file (similar technologies may also be used instead of cookies), is stored on the user’s device. The cookies can be installed from different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. It is noted in that file which websites the user visited, what content he/she was interested in and what offers he/she clicked on, along with technical information regarding the browser and operating system, referring websites, the visit time and further information on the use of the online service. The user’s IP address is also recorded. We give notification within the framework of Google Analytics that the IP address will be abbreviated within Member States of the European Union or in other contracting states of the Treaty on the European Economic Area, and in exceptional cases only the entire IP address will be transferred to a Google server in the USA and abbreviated there. The IP address will not be combined with data of the user within other Google services. The above-mentioned information may also be combined by Google with information from other sources. If the user then visits other websites, targeted advertisements may be displayed to him/her according to his/her interests. The user’s data will be processed in pseudonymous form within the framework of the Google marketing services, i.e. Google will, for example, not store and process the name or email address of the user but will process the relevant data on a cookie-related basis within pseudonymous user profiles. That means that from Google’s standpoint the advertisements will not be managed and displayed for a specifically identified person, but for the owner of the cookie, irrespective of who the cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services concerning the user is transmitted to Google and stored on Google’s servers in the USA. The Google marketing services used by us include the online advertising programme “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords clients. The information obtained with the aid of the cookie serves the purpose of preparing conversion statistics for AdWords clients who have decided to employ conversion tracking. The AdWords clients learn the total number of users who clicked on their advertisement and were redirected to a page equipped with a conversion tracking tag. However, they receive no information with which users can be personally identified. On the basis of the Google marketing service “DoubleClick” we can integrate advertisements of third parties. DoubleClick uses cookies which enable Google and its partner websites to display advertisements based on visits by users to this website or other websites on the Internet. On the basis of the Google marketing service “AdSense”, we can integrate advertisements of third parties. AdSense uses cookies which enable Google and its partner websites to display advertisements based on visits by users to this website or other websites on the Internet. We may also use the “Google Optimizer” service. Google Optimizer enables us, within the framework of so-called “A/B testing”, to track the effects of various changes made to a website (e.g. changes made to the input fields, design, etc.). For these testing purposes, cookies are installed on the users’ devices. Only pseudonymous data of the users is processed. We may also use “Google Tag Manager” in order to integrate the Google analysis and marketing services into our website and manage them. You can find further information on the use of data for marketing purposes by Google on the overview page. Google’s privacy policy can be accessed here.

7.2. Legal basis for the data processing

We use these services on the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and economic operation of our website in the meaning of Article 6(1) point (f) GDPR).

7.3 The purpose of the processing

The Google marketing services enable us to display advertisements for ourselves and on our website in a more targeted manner, so that we can present to users only advertisements which potentially correspond to their interests.

7.4. Storage period

According to its own information, the log data collected by Google is anonymised, in that a part of the IP address and the cookie information is erased after nine or 18 months.

7.5 Revocation and removal option

If you would like to object to interest-related advertising through Google marketing services, you can use the setting and opt-out options provided by Google.

  1. Facebook social plug-ins

We use the GDPR-compliant social plug-in “Shariff Wrapper”. More information is available here.

8.1 The scope of the data processing

We use social plug-ins (“plug-ins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plug-ins may represent interactive elements or content (e.g. videos, graphics or text items) and are marked with a Facebook logo (a white “f” on a blue tile, the words “Like” or “Gefällt mir” or a “thumbs-up” symbol) or they are labelled “Facebook social plug-in”. A list of the Facebook social plug-ins and their appearance can be accessed here. The plug-ins are only activated when you click on the relevant button. If they are shown greyed out the plug-ins are inactive. You have the option of activating the plug-ins on a one-off basis or permanently. Facebook is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection laws. If a user accesses a function of this online service which contains such a plug-in, his/her device will create a direct connection with Facebook’s servers. The content of the plug-in will be directly transmitted by Facebook to the user’s device and integrated by it into the online service. Use profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the aid of that plug-in and inform the users to the best of our knowledge. Through the integration of the plug-ins, Facebook is notified that a user has accessed the relevant page of the website. If the user is logged into Facebook, Facebook can attribute the visit to his/her Facebook account. If users interact with the plug-ins, for example by pressing the “Like” button or submitting a comment, the relevant information will be directly transferred to Facebook by your device and stored there. If a user is not a member of Facebook, the possibility still exists that Facebook will obtain his/her IP address and store it. According to Facebook, in Germany only an anonymised IP address is stored. The purpose and scope of the collection of data and the further processing and use of the data by Facebook and your rights in this respect and setting options with regard to the protection of your privacy are described in Facebook’s privacy policy.

8.2. Legal basis for the data processing

The data processing occurs on the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and economic operation of our online service in the meaning of Article 6(1) point (f) GDPR).

8.3 The purpose of the data processing

The Facebook social plug-ins show us the visitors’ interests, so that we can display advertisements to them on our website in a more targeted manner and only present items to users which potentially correspond to their interests.

8.4. Storage period

According its own informationFacebook stores, for a period of 90 days, the date and time of your visit, the specific Internet address at which the social plug-in is located and further technical data, for example the IP address, the browser type and the operating system, for the purpose of further optimisation of Facebook’s services. After the 90-day period has elapsed, the data is anonymised so that it can no longer be associated with you.

8.5 Revocation and removal option

If a user is a member of Facebook and does not want Facebook to collect data concerning him/her through this online service and associate it with his/her member data stored at Facebook, he/she must log out of Facebook and delete his/her cookies before using our website. Further settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings or via the US site or the EU site. The settings are carried out without reference to a specific platform, i.e. they are implemented for all devices, such as desktop computers or mobile devices.

  1. Facebook and custom audiences and Facebook marketing services

9.1 The scope of the data processing

Within our online service we use “Facebook Pixel” as provided by social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection laws. With the aid of Facebook Pixel, Facebook can designate the visitors to our online service as a target group for the presentation of advertisements (so-called “Facebook ads”). When you access our website, Facebook Pixel is directly integrated by Facebook and can store a cookie, i.e. a small file, in your device. If you then log into Facebook or visit Facebook whilst being logged in, the visit to our online service will be noted in your profile. The data collected concerning you is anonymous for us and thus does not enable us to draw any inferences regarding the identity of the user. However, the data will be stored and processed by Facebook, so that a connection with the respective user profile is possible and may be used by Facebook as well as for our own market research and advertising purposes. Insofar as we transmit data to Facebook for the purposes of comparison, it will be locally encrypted on the browser and only then sent to Facebook via a secured https connection. This occurs for the sole purpose of drawing a comparison with the data likewise encrypted by Facebook. The processing of the data by Facebook occurs within the framework of Facebook‘s Data Use Policy. You can therefore find general information on the presentation of Facebook ads in Facebook’s Data Use Policy. You can find special information and details on Facebook Pixel and its functioning in Facebook’s help section.

9.2. Legal basis for the data processing

The data processing occurs based on our legitimate interests in the analysis, optimisation and economic operation of our online service and for those purposes.

9.3 The purpose of the data processing

We use Facebook Pixel to ensure that the Facebook ads displayed by us are only displayed to Facebook users who have shown an interest in our online service or who have particular characteristics (e.g. an interest in particular subjects or products, which are determined based on the visited web pages), which we transmit to Facebook (so-called “custom audiences”). With the aid of Facebook Pixel we would also like to ensure that our Facebook ads correspond to the potential interests of the users and do not seem bothersome. With the aid of Facebook Pixel we can also track the effectiveness of the Facebook advertisements for statistical and market research purposes, in that we can see whether users have been directed to our website after clicking on a Facebook ad (so-called “conversion”).

9.4. Storage period

According its own informationFacebook stores, for a period of 90 days, the date and time of your visit, the specific Internet address at which the social plug-in is located and further technical data, for example the IP address, the browser type and the operating system, for the purpose of further optimisation of Facebook’s services. After the 90-day period has elapsed, the data is anonymised so that it can no longer be associated with you.

9.5 Revocation and removal options

You can object to the recording by Facebook Pixel and the use of your data for the presentation of Facebook ads. In order to set what types of advertisements are displayed to you within Facebook, you can access the site set up by Facebook and follow the instructions there on settings for use-based advertising. The settings are carried out without reference to a specific platform, i.e. they are implemented for all devices, such as desktop computers or mobile devices. You can also object to the use of cookies that serve the purpose of measuring coverage and advertising purposes through the deactivation page of the Network Advertising Initiativeas well as the US website or the European website.

  1. Intercom

10.1 The scope of the data processing

For the mailing of notifications by email and for live chats, as well as for customer management, we use the Intercom service provided by Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. In this context we transmit the following personal data:

  • your email address
  • your first name and surname
  • your telephone number
  • contract master data
  • contact details for the technical contact.

Intercom, Inc. holds the Privacy Shield certificate, which is designed to ensure a higher level of data protection for companies not based in the EU. You can find further information on data protection at Intercom here. Intercom also uses cookies. The information generated by the cookie on your last accessed subpage of this online platform is transferred to and stored on an Intercom server in the USA. On our behalf, Intercom uses the above-mentioned information to provide the related services with respect to the website operator. The IP address transmitted by your browser within the framework of Intercom will not be combined with any other data.

10.2. Legal basis for the data processing

The data processing occurs on the basis of our legitimate interest (Article 6(1) point (f) GDPR).

10.3 The purpose of the data processing

We use Intercom’s service to enable us to react as fast as possible to customer inquiries in the live chat function and also to manage our customer contacts. Our legitimate interest in the data processing under Article 6(1) point (f) GDPR also lies in these purposes.

10.4. Storage period

The data on interested parties who have contacted us through the live chat function is completely erased no later than after nine months. Any interested person who subsequently contacts us is treated as a newly interested person.

10.5 Revocation and removal option

You can prevent the storage of the cookies by Intercom by setting your browser software accordingly (under “Settings” in most browsers). However, we advise you once again that if you do so you may not be able to use all the functions of this website to their full extent (e.g. the live chat function).

  1. Integration of services and content of third parties

Within our online service, on the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and economic operation of our website in the meaning of Article 6(1) point (f) GDPR), we use content or service offers of third-party providers in order to integrate their content and services, for example videos or fonts (hereinafter referred to jointly as “content”). This always requires that the third-party providers of that content know the IP addresses of the users, because without the IP address they would not be able to send the content to their browsers. The IP address is therefore necessary for the presentation of that content. We make every effort to only use content whose respective provider only uses the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags” information such as the user traffic on the pages of this site can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and include technical information on the browser and operating system, referring websites, the visit time as well as further information on the use of our online service, and it can also be combined with such information from other sources. The following is an overview of third-party providers and their content, with links to their privacy policies, which contain further information on the processing of data and objection options, in part already referred to herein (so-called opt-out):

  • Maps from the “Google Maps” service of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy.
  • Videos from the “YouTube” platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy.
  • Functions of the Google+ service are integrated within our website. Those functions are provided by third-party provider Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. If you are logged into your Google+ account, by clicking on the Google+ button you can link the content of our site with your Google+ profile. This will enable Google to attribute your visit to our site to your user account. We advise you that as the provider of the website we will not receive any information on the content of the transmitted data or its use by Google+. Privacy policy.
  • Functions of the Instagram service are integrated within our website. Those functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, by clicking on the Instagram button you can link the content of our site with your Instagram profile. This will enable Instagram to attribute your visit to our site to your user account. We advise you that as the provider of the website we will not receive any information on the content of the transmitted data or its use by Instagram. Privacy policy.
  • Our online service makes use of functions of the LinkedIn network, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn functions, a connection to LinkedIn’s servers is created. LinkedIn is informed that you have visited our website and of your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to attribute your visit to our website to you and your user account. We advise you that as the provider of the website we will not receive any information on the content of the transmitted data or its use by LinkedIn. Privacy policy.
  • We use social plug-ins of social network Pinterest, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (”Pinterest”). If you access a page which contains such a plug-in, your browser creates a direct connection with Pinterest’s servers. The plug-in transmits log data to the Pinterest server in the USA. That log data may contain your IP address, the address of the visited websites which also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your manner of using Pinterest, as well as cookies. Privacy policy.
  • Functions of the Twitter service may be integrated within our online service. Those functions are provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Through the use of Twitter and the “Retweet” function, the websites visited by you are connected to your Twitter account and reported to other users. In this process data is also transferred to Twitter. We advise you that as the provider of the website we will not receive any information on the content of the transferred data or its use by Twitter. Twitter’s privacy policy. You can adjust your privacy settings at Twitter in the account settings.
  • We use social plug-ins of the social network Tumblr, which is operated by Tumblr, Inc., 35 East 21st Street, 10E, New York, NY 10010, USA (“Tumblr”). If you access a page of our website which contains such a plug-in, your browser creates a direct connection with Tumblr’s servers. The plug-in transmits log data to the Tumblr server in the USA. That log data may contain your IP address, the address of the visited websites which also contain Tumblr functions, the type and settings of the browser, the date and time of the request, your manner of using Tumblr, as well as cookies. Privacy policy.
  • We use functions of the XING network, provided by XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany. Each time you access one of our pages that contain Xing functions, a connection to Xing’s servers is created. As far as we know, no storage of personal data occurs in this context. In particular, IP addresses are not stored and usage behaviour is not analysed. Privacy policy.
  • External code of the JavaScript framework “jQuery”, provided by third-party provider jQuery Foundation.
  • Our website uses the tracking tool “Crazy Egg”, provided by Crazy Egg Inc. USA, in order to collect statistical data on the use of our Internet service. With the aid of technologies provided by Crazy Egg Inc. visitor information is randomly collected and transmitted to the servers of Crazy Egg Inc. The technology enables the activities of the user during their visit to our website to be collected, analysed and visualised. For example, by means of a “Heatmap” we are able to identify which areas of our website are most visited and clicked on. For this purpose cookies are also used. You can object to the collection, processing and recording of the data generated by CrazyEgg.com at any time by following the instructions. The purpose and scope of the collection of data and the further processing and use of the data by Crazy Egg, as well as your rights in this respect and setting options with regard to the protection of your privacy, are described in Crazy Egg’s privacy policy.

III. Your rights

  1. Right to information

You may request a confirmation at any time as to whether personal data concerning you is processed by us. That information is of course free of charge, provided that you do not request it unusually frequently. In order to provide you with that information it is necessary to carry out a further verification. When you submit the request you will therefore be sent a randomly generated verification code to the email address that you have provided us with, which you must confirm.

  1. Right to rectification

If the personal data stored by us is incorrect or incomplete, you may submit a request for rectification at any time. We are obliged to promptly carry out the rectification.

  1. Right to restriction of the processing

Subject to the following conditions, you can request the restriction of the processing of the personal data relating to you:

(1) if you dispute the accuracy of the personal data relating to you, for a period enabling us to verify the accuracy of the personal data;

(2) if the processing is unlawful, and you refuse the erasure of the personal data and instead request restriction of the use of the personal data;

(3) if we no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims; or

(4) if you have submitted an objection to the processing in accordance with Article 21(1) GDPR pending the verification of whether our legitimate grounds override yours.

If the processing of the personal data relating to you has been restricted, with the exception of storage thereof that data may only be processed with your consent or for the establishment, exercise or defence of legal claims or in order to protect the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State. If restriction of the processing has been applied in accordance with the above-mentioned conditions, you will be notified by us, RAIDBOXES GmbH, before the restriction is lifted.

  1. Right to erasure

If no legitimate interest is opposed to it, you may exercise your right to erasure at any time.

  1. Withdrawing consent

Any data processing that occurs on the basis of your consent can be discontinued as soon as you withdraw your consent. You can withdraw your consent at any time with effect for the future. Because we are obliged on the basis of our accountability to store granted consents, the withdrawal must be in writing (email is sufficient).

If you continue, you agree our Cookie Policy.