Privacy policy
The Spanflug Technologies GmbH
Status: February 2, 2023
This Data Privacy Policy provides an overview of how we process your personal data that is generated when using the offers and online services on the spanflug.de website and all associated domains ("Website"). This Data Privacy Policy also informs you about your rights under the EU General Data Protection Regulation ("GDPR"). Personal data are defined as any information that enables you to be identified as a person.
Spanflug Technologies GmbH, Bgm.-Steinberger-Ring 4, 84431 Rattenkirchen, email info@spanflug.de, is responsible for data processing in connection with the info@spanflug.de.
There is no legal or contractual obligation to provide us with the personal data specified in this Data Privacy Policy and you can generally use our Website without providing personal data. However, the provision of personal data may be required if you use certain functions on our Website or if you enter into a contract with us (for example, because you commission us to provide services).
1) General information on the use of cookies
Cookies can be used on our Website to provide content and functions. Cookies are small text files that are stored on your computer to recognise you. Details on the cookies used can be found below under the respective processing purposes.
The Website generally uses the following types of cookies, the scope and functionality of which are explained below: transient cookies and persistent cookies. Transient cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a session ID with which various requests from your browser can be allocated to the joint session. This allows your computer to be recognised when you return to our Website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the type of cookie.
The legal basis for the processing of personal data using cookies is article 6 (1) (b) GDPR for cookies that are absolutely necessary for the services you use; for all other cookies the legal basis is your consent given pursuant to article 6 (1) (a) GDPR. If you have given your consent to the use of certain cookies via our cookie notice, you can revoke your consent at any time with effect for the future by calling up the cookie notice again (bottom left of the page).
You can also delete cookies in the security settings of your browser at any time or set your browser to reject all cookies. Your browser may also have an anonymous browsing feature. However, if you disable all or certain types of cookies in your browser, our Website may not function properly.
2) Which personal data we process and the sources they originate from
In order to provide our Website, we process personal data from various sources. These are data on the one hand that we automatically process for each visitor who accesses the Website. And on the other hand, these can also be data that you have voluntarily provided to us or that are only processed when you use certain services on our Website.
a) Data that we automatically collect when you visit our Website
As soon as you visit the Website, you send technical information to our web servers, which we store in server log files. Amongst other things, these "usage data" include:
- the date and time of the visit and the duration of use of the Website;
- the IP address of your device;
- the referral URL (the website from which you may have been referred);
- the sub-pages of the Website or sub-pages of the app visited; and
- further information about your device (device type, browser type and version as well as settings, installed plug-ins, operating system).
We process these data to enable you to use the Website and to ensure the Website functions properly. In addition, we process the usage data to analyse how the Website is performing, to continuously improve the Website and the services we offer and to correct errors or to optimize the content on the Website for you. We also process the usage data to ensure IT security and that our systems are operating properly as well as to prevent or detect misuse, in particular fraud. These server log files are deleted at regular intervals when the data are no longer required for the above purposes.
In order to identify errors, malfunctions or performance problems on our Website, we use the service provider Sentry (https://sentry.io/welcome/). The log data sent to Sentry in the event of an error may contain personal data, such as your IP address. The legal basis for the processing of your data is article 6 (1) (f) GDPR.
We use the log aggregation, monitoring and alerting services of Datadog, Inc (620 8th Ave, 45th Floor, New York, NY 10018 USA). The log data may contain personal data (e.g. IP addresses). The log data is stored within the EU. Datadog has committed itself under a data processing agreement (Art. 28 DSGVO) to, among other things, comply with appropriate technical and organizational measures for data security and acts on our behalf in accordance with instructions. You can find more information about Datadog’s data privacy policy at href="https://www.datadoghq.com/legal/privacy/" target="_blank" rel="noopener">https://www.datadoghq.com/legal/privacy/.
The legal basis for the processing of your data is article 6 (1) (f) GDPR.
b) Data we collect when you use certain functions on our Website
We also process personal data to provide certain functions on our Website, such as internal user areas, shopping cart functions, contact forms, other interactive elements.
The legal basis for the processing of these data is article (6) (1) (b) GDPR if the underlying data processing is required for the provision of the corresponding services, or article (6) (1) (a) GDPR if we process data based on your consent. In addition to being used to provide the services, your data may also be used to ensure IT security, to detect and prevent misuse and to optimize our services, in which cases the legal basis is article (6) (1) (f) GDPR. Cookies are only used for these purposes if this is indispensable for the provision of the content and functionalities or if you have given your consent to this.
Registration, internal user areas and ordering functions
If you would like to register on our Website, e.g., to order a component or a SaaS subscription, we also collect and process the data you provide during registration (e.g., name, email address, telephone number, address, where applicable). We store your data until you decide to delete your user account.
Contact forms and application forms
In addition to the data we receive from all visitors, we also process data if you use our contact forms or application forms. We store data relating to your title, company name, your name, address (street name, postcode, city), telephone number, email address and the content of your request (you can see the details in the respective contact form). We store these data for as long as is necessary to process your request or, in the case of requests via the contact form, where Spanflug can claim a legitimate interest in communicating with interested parties and future contractual partners.
If you have applied for a vacancy using the application form and we were unable to offer you the position at the time of your application, we will only continue to store your data after you made your application to facilitate a renewed application, or to inform you about other vacancies that may be of interest to you in the future. We will only do so if you have given us your prior consent.
Manufacturing requests
We also process the data that your provide to us for the evaluation of your manufacturing request.
Newsletter.
We process the personal data you provide when subscribing to our newsletter (including your email address). It is possible to unsubscribe to the newsletter at any time and this can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your personal data unless you have expressly consented to the further use of your data.
Payment
Our website uses Stripe, a service of Stripe Inc., 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA for payment processing and subscription management of our software-as-a-service offering. This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, the following data is transmitted to Stripe as far as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. DSGVO):
- E-mail address
- Phone number
- Cardholder name
- Billing address
- Sales tax number
- Bank details
- Credit card data
- Credit card validity period
- Credit card verification number (CVC)
Stripe has a dual role in data processing activities as a controller and processor. As a controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (pursuant to Art. 6 (1) lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 (1) lit. b DSGVO). We have no influence on this process.
Stripe acts as an order processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 DSGVO to comply with the provisions of data protection law.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
For more information about opt-out and removal options with respect to Stripe, please visit: https://stripe.com/privacy-center/legal
Online conferences and meetings
We use Clickmeeting, a product of ClickMeeting spółka z ograniczoną odpowiedzialnością located in al. Grunwaldzka 413, 80-309 Gdansk, Poland, to hold online information events, conferences and meetings.
If you participate in such an online event, the personal data you provide, e.g. first and last name, as well as the chat messages you write will be transferred to Clickmeeting. If you allow the transmission of your camera and microphone recordings, these will also be transmitted to Clickmeeting. This data can be viewed by the event organizer.
Clickmeeting has committed itself under a contract for commissioned processing (Art. 28 DSGVO) to, among other things, comply with appropriate technical and organizational measures for data security and acts on our behalf in accordance with instructions.
For more information on Clickmeeting's privacy policy, please visit https://clickmeeting.com/legal
c) Data that we collect to optimize our Website and for advertising purposes
Personal data are also processed to optimize our Website.
The legal basis for the processing of these data is article (6) (1) (f) GDPR, provided we can claim an overriding interest in the processing of these data (e.g., to improve our Website and our services or to facilitate the use of our Website), in all other cases, your consent according to article (6) (1) (a) GDPR is required as the legal basis for the processing. Cookies will only be used for these purposes if you have given your consent to this.
Provision of personalised content
We use your data to provide you with a personalised Website based on your personal settings and preferences (e.g., displaying our Website in your local language). For example, your computer's IP address is used to identify your geographic location and provide you with localised content in your local language. However, we will never process and analyse your personal data as part of this user profile in such a way that this would result in an automated decision that would be legally effective for you or which would have a significant effect on you in a similar way.
Google Analytics
Our website uses Google Analytics, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google"). Google Analytics uses cookies and helps us to analyse user numbers and the general behaviour of visitors to our Website.
The information generated by the cookie about your use of our Website (ID, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is usually transmitted to a Google server in the USA and stored there. However, in the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will first be shortened by Google on our website. For this purpose, we have implemented the code "gat._anonymizeIp() ;" to ensure the anonymous collection of IP addresses (also known as IP masking).
The complete IP address will only be transmitted to a Google server in the USA in exceptional cases and then shortened there. If personal data is transferred to the USA by way of exception, a high level of data protection is ensured through the conclusion of so-called standard contractual clauses.
Google will use the information about your use of our Website to analyse your use of the Website on our behalf in order to compile reports on website activities and to provide further services relating to the use of the Website and the internet. The IP address transmitted by your browser as part of Google Analytics and Google Tag Manager is not combined with other Google data.
More information on the terms of use and data protection can be found under http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/privacy/.
Google reCAPTCHA
Spanflug uses “Google reCAPTCHA” (“reCAPTCHA”) on our Websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). reCAPTCHA is used to check whether the data that are entered on our Websites (e.g., in our contact form) are entered by a human being or an automated program. For this purpose, reCAPTCHA analyses the visitor's behaviour based on various characteristics. This analysis starts automatically as soon as the visitor enters the Website and has given their consent. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the visit on the Website or the user's movement of the mouse). The data collected during the analysis are forwarded to Google. The reCAPTCHA analyses run completely in the background. Visitors of the Website are not notified that an analysis is being carried out. More information on Google reCAPTCHA and Google's data protection notice can be found under the following links: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.
Google Ads and Microsoft Advertising (advertisements on third-party websites)
We use Google Ads and Microsoft Advertising to display advertisements on the Google search engine or on third-party websites. With Google Ads and Microsoft Advertising, targeted advertisements can be shown based on the user data available at Google. As a website operator, we can interpret these data by analysing, for example, which search terms have led to the display of our advertisements and which advertisements are particularly effective. This allows us to optimize our offer and our advertisements.
Hubspot
Our Website uses Hubspot, a service provided by Hubspot, Inc, 25 First Street, Cambridge, MA 02141 USA. In this context, we use the "EU hosting option", where Hubspot processes personal data from the EU mainly within the EU, see https://legal.hubspot.com/de/hubspot-regional-data-hosting-policy.
Hubspot uses cookies and works on our behalf to analyse visitor behaviour on our Website. The information generated by the cookie about your use of our Website (ID, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is usually transmitted to a Hubspot server operated in the USA and stored there.
In addition, we use Hubspot for online marketing activities such as:
- email marketing (newsletters and automated mailings, e.g., to provide downloads)
- Social media publishing & reporting
- Reporting (e.g. traffic sources, accesses, etc. ...)
- Contact management (e.g. user segmentation & CRM)
- Creation of contact forms
Hubspot has undertaken, among other things, to comply with the appropriate technical and organisational data security measures within the framework of a processing agreement (article 28 GDPR) and acts on our behalf in accordance with instructions.
More information on the terms of use and data protection can be found under
https://legal.hubspot.com/privacy-policy
YouTube
Our Website uses a plugin provided by YouTube to display embedded videos. The sites are operated by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. When you watch an embedded YouTube video on our Website, a connection to the YouTube servers is established. This informs YouTube which page you are visiting. If you are logged in to YouTube, YouTube can assign your surfing behaviour to your account. You can prevent this by logging off from your YouTube account. We use YouTube in "extended data protection mode". This means that data from YouTube are not already stored when our Website is loaded, but only when you play a video that is embedded on our Website. For more information on how user data are handled, please check YouTube's data protection notice under: https://policies.google.com/privacy
Google Web Fonts
For uniform display, our website uses web fonts provided by Google. When you visit our site, a connection to Google servers is established in order to load these web fonts into your browser cache. Through this connection, it becomes apparent to Google that your IP address has visited our website. For more information about Google Web Fonts and the use of your data, please visit. https://developers.google.com/fonts/faq and https://www.google.com/policies/privacy/.
Hotjar
This website uses the web analysis service of Hotjar Limited ("Hotjar") based on the consent of the website visitors. Hotjar uses "cookies", which are text files placed on your computer, to help the website analyze how users use the website. In addition, Hotjar will use this information to evaluate your use of the website and to compile reports on website activity.
d) Processing personal data for other purposes
In addition, we may process your data for other purposes. This includes, for example, sharing your personal data with third parties if we are legally obliged to do so, but also to assert legal claims or defend against legal disputes. In these cases, the legal basis is either a legal obligation (article 6 (1) (c) GDPR) or our legitimate interests (article 6 (1) (f) GDPR).3) Who we share your data with
In addition to the service providers listed above, we only share your personal data to third parties if this is necessary for the collection and processing of your production enquiry (e.g., to suppliers), and in cases where you have previously given your separate consent to your data being shared.
We also transfer your data to our hosting and cloud service providers, which enable us to provide the website. The automated e-mail dispatch takes place via our e-mail service providers. In addition, we use external CRM-, Payment-, Accounting and communications service provider.
Our service providers have undertaken, among other things, to comply with the appropriate technical and organisational data security measures within the framework of a processing agreement (article 28 GDPR) and act on our behalf in accordance with instructions. Additional service providers may be commissioned to improve our products, all of whom are bound by instructions.
4) Data processing outside the EEA
In some cases, the use of the abovementioned service providers means your data will be transferred to countries outside the EEA ("Third Countries"). In this case, we ensure that either an adequacy decision of the EU Commission is available for the respective Third Countries or that the so-called EU standard contractual clauses have been agreed with these providers to ensure processing security and an adequate level of data protection. Please contact the address below for further information on the contracts that have been entered into.
5) Storage duration
We will process and store your personal data as long as necessary to fulfil our contractual or statutory obligations. Therefore, we generally store the data (unless otherwise stated in this Privacy Policy) for as long as our contractual relationship with you exists and after termination only to the extent and for as long as is required by the applicable laws. If the other data are no longer required to fulfil legal obligations (such as under tax or commercial law), they are deleted on a regular basis unless their further processing is necessary for the preservation of evidence or for the defence or assertion of legal claims. For the preservation of evidence, for example, your IP address and the exact time of issue are required, if you have given us consent.
6) Your statutory rights under the GDPR
You can exercise the following rights under the GDPR in relation to your personal data:
- your right to information or access pursuant to article 15 GDPR,
- your right to rectification pursuant to article 16 GDPR,
- your right to erasure article 17 GDPR,
- your right to restriction of processing pursuant to article 18 GDPR, and
- your right to data portability pursuant to article 20 GDPR.
You also have a right to lodge a complaint to the competent data protection supervisory authorities.
Furthermore, you can also revoke your consent to the processing of your personal data at any time with effect for the future.
In addition, you have the right to object to the processing of your personal data under the provisions of the GDPR. The objection does not need to meet any specific form requirements.
For all data protection enquiries, please contact us by email at info@spanflug.de or at the contact address of the data controller given above.
7) Amendment of this Privacy Policy
In order to keep this information up to date, this Privacy Policy is updated on a regular basis. Please look at this Policy at regular intervals to ensure your information is up to date.
This Agreement is subject to German law. This Agreement has been drawn up in German and in English. Only the German version is authoritative.