Privacy Policy
Introduction
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). The terms used are not gender-specific.
Date: 03.06.2022
Responsibilities
Juucy Software UG (haftungsbeschränkt)
c/o Technische Universität Berlin
Ackerstraße 76, Raum 384
13355 Berlin, Germany
Email: lukas@juucy.io
Overview
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Processed Data
- Inventory data (e.g. names, addresses).
- Content data (e.g. text entries, photographs, videos).
- Contact data (e.g. email, telephone numbers).
- Meta/communication data (e.g. device information, IP addresses).
- Usage data (e.g. websites visited, interest in content, access times).
- Social data (data subject to social secrecy (§ 35 SGB I) and e.g. processed by social insurance agencies, social welfare agencies or pension authorities).
- Location data (data indicating the location of an end user's terminal device).
Categories of persons concerned
- Employees (e.g. employees, applicants, former employees).
- Interested parties.
- Communication partners.
- Customers.
- Users (e.g. website visitors, users of online services).
Purposes of the processing
- A/B tests.
- Provision of our online offer and user-friendliness.
- Visit action evaluation.
- Contact requests and communication.
- Conversion measurement (measuring the effectiveness of marketing efforts).
- Reach measurement (e.g. access statistics, recognition of returning visitors).
- Security measures.
- Contractual performance and service.
- Managing and responding to enquiries.
Relevant legal basis
In the following, we inform you about the legal basis of the Data Protection Regulation (DSGVO) on the basis of which we process personal data. Please note that in addition to the regulations of the DSGVO, the national data protection regulations in your or our country of residence and domicile may apply.- Consent (Art. 6 para. 1 p. 1 lit. a DSGVO) - The data subject has given his/her consent to the processing of personal data concerning him/her for a specific purpose or purposes. - Performance of a contract and pre-contractual enquiries (Art. 6 (1) p. 1 lit. b. DSGVO) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request. - Legitimate interests (Art. 6 (1) p. 1 lit. f. DSGVO) - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.
Legal basis and right to withdraw consent
We use tools required to operate our website and others, where explicitly set out, on the basis of our legitimate interest pursuant to Article 6(1)(1)(f) of the GDPR to enable your convenient and personalised use of the website and ensure that use is as time-saving as possible. In some cases, these tools may also be required for the performance of a contract or for steps required prior to entering into a contract, in which case processing is carried out pursuant to Article 6(1)(1)(b) of the GDPR.
All other tools, in particular those for marketing purposes, are used on the basis of your consent pursuant to Article 6(1)(1)(a) of the GDPR as well as section 15 (3) (1) of the German Telemedia Act (TMG) , provided that user profiles have been created for the purpose of marketing or market research. We will only process your data using these tools if you have provided your consent for us to do so.
Obtaining your consent
To obtain and manage your consents, we use the Cookies & You tool from Osano, Inc., 3800 N Lamar BlvdSte 200, Austin, TX 78756 (hereinafter referred to as “Cookies & You”). This tool can be used to consent to all, individual or no data processing by means of cookies. When you visit our website, Cookies & You will receive your consents or withdrawals of consent, your IP address and information about your browser, your device and the time of your visit. Cookies & You also uses a required cookie to store your consents and withdrawals of consent. If you erase your cookies, we will request your consent again the next time you visit the website.This data processing is required for the purpose of providing you with the cookie management solution required by law and to comply with our documentation obligations. The legal basis for the use of Cookies & You is Article 6(1)(f) of the GDPR, justified by our interest in fulfilling the legal requirements for cookie consent management.
Required tools
We use certain tools to enable the basic functions of our website (“necessary tools”). We cannot provide our service without the use of these tools. Required tools are therefore used without consent on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR, or for the performance of a contract or for steps required prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR.
Google Tag Manager
Our website uses Google Tag Manager, a service offered to users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).
Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element stored in the source code of our website for the purpose of recording predefined usage data, for example. Google Tag Manager does not use cookies. Google Tag Manager ensures that the usage data required by our partners is forwarded to them.
Google Tag Manager sets the following cookies for technical debugging purposes: “gtm”; “gtm_auth”; “gtm_debug”; “gtm_preview”; “gtm_mt”.
We have concluded a processing contract with Google. Some data is processed on a Google server in the USA. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google pursuant to Article 46(2)(c) of the GDPR.
The legal basis is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in an uncomplicated manner.
Further information can be found in the Google Tag Manager overview.
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The contact provided by Google for all queries relating to data protection is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.Google Analytics uses cookies and similar technologies to analyse and improve our website based on your usage patterns. Google will process the information obtained in order to evaluate your use of the website, to compile reports on the website activities for the website operators, and to provide further services associated with the use of the website and the internet.
We have made the following privacy settings in Google Analytics:
- IP anonymisation (truncation of IP address prior to evaluation, preventing any conclusions to be drawn regarding your identity)
- Automatic erasure of old logs/limitation of storage duration
- Advertising features enabled (including GA Audiences remarketing groups)
- Personalised advertising disabled
- Measurement protocol disabled
- Cross-website tracking disabled (Google Signals)
- Data sharing with other Google products and services disabled
Google Analytics processes the following data:
- Anonymised IP address
- Referrer URL (previously visited website)
- Pages accessed (date, time, URL, title, length of visit)
- Downloaded files
- Clicked links to other websites
- As applicable, attainment of specific targets (conversions)
- Technical information: operating system; browser type, version, and language; device type, make, model, and resolution
- Approximate location (country and possibly town, based on anonymised IP address)
Hotjar
Our website uses Hotjar, a web analysis service provided by Hotjar Ltd., Elia Zammit Street 3, St Julians STJ 1000, Malta (“Hotjar”).Hotjar is used to generate so-called heat maps. Heat maps display statistics in graphical form about mouse movements and clicks on our website, allowing us to analyse our website based on your user behaviour. This allows us to identify frequently used functions of our website and to further improve the website. However, your IP address is truncated before the usage statistics are evaluated, so that no conclusions can be drawn regarding your identity. In addition to mouse movements and clicks, information about the operating system, browser, incoming and outgoing links, geographical origin, and the resolution and type of the device used are evaluated for statistical purposes. This information is pseudonymous and will not be passed on to third parties by us or Hotjar. Data which you enter in form fields on our website will be hidden and not collected by Hotjar.The legal basis is your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time. More information on this can also be found in the Hotjar privacy policy.
Disclosure of data
We will generally only disclose the data we collect if
- you have given your express consent pursuant to Article 6(1)(1)(a) of the GDPR
- disclosure pursuant to Article 6(1)(1)(f) of the GDPR is necessary in order to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
- we are legally obliged to disclose it pursuant to Article 6(1)(1)(c) of the GDPR
- this is legally permissible and, pursuant to Article 6(1)(1)(b) of the GDPR, is necessary for the processing of contractual relationships with you or for steps prior to entering into a contract carried out at your request
Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. Should we disclose data to our service providers, they may use the data solely for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, and are regularly monitored by us.
In addition, a transfer of your data may occur in connection with official enquiries, court orders, and legal proceedings if they are deemed necessary for legal prosecution or enforcement.
Transfer of data to third countries
As explained in this privacy policy, we make use of services offered by providers that may be located in “third countries” (e.g. the USA), i.e. countries that do not have a level of data protection comparable to that in the European Union. Where this is the case and where the European Commission has not adopted an adequacy decision (Article 45 of the GDPR), we have taken precautions to ensure an adequate level of data protection for any transfers of data. These include the European Union’s standard contractual clauses and binding internal data protection regulations.
Where this is not possible, we use as the legal basis for data transfers the derogations set out in Article 49 of the GDPR, in particular your explicit consent or the necessity of the transfer for the performance of a contract.
If data is to be transferred to a third country and neither an adequacy decision nor other suitable guarantees are available, there exists the possibility and risk that authorities in the third country (e.g. secret services) may obtain access to the transferred data for the purpose of collecting and analysing it, and that your rights as a data subject may not be enforceable. You will be informed of this when your consent is obtained via the cookie banner.
Storage duration
In principle, we store personal data for only as long as is necessary to fulfil the contractual or statutory obligations for which we have collected the data. We then delete the data immediately, unless we need the data until the end of the statutory limitation period for purposes of evidence for civil claims or due to statutory retention obligations.
For evidence purposes, we must retain contract data for a further three years beyond the end of the year in which our business relationship with you is terminated. Any claims become statute-barred at the earliest after the statutory period of limitation.Even after this time, we still need to store some of your data for accounting purposes. We are obliged to do so on the basis of statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods they stipulate for the retention of documents range from two to ten years.
Your rights
You have a right of access to information about how we process your personal data at any time. We will explain our data processing procedures to you and provide you with a summary of the personal data concerning you that we hold. If data we have stored is incorrect or obsolete, you have the right to have this data rectified. You may also request the erasure of your data. If, in exceptional cases, erasure is not possible due to other legal regulations, the data will be blocked so that it is only available for this legal purpose. You may also restrict processing of your personal data if, for example, you have doubts about the accuracy of this data. Your also have the right to data portability, i.e. on request we will send you a digital copy of the personal data concerning you that you have provided to us.
In order to assert your rights described here, you may contact us at any times using the contact details given above. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection.
You have the right to withdraw consent once given to us at any time. As a result, we will not continue to process data based on this consent in the future. Withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data on grounds relating to your particular situation at any time. Should you object to data processing for direct marketing purposes, you have a general right to object, which we shall comply with even if you do not state any reasons for your objection.
Should you wish to exercise your right to withdraw or object, simply send an informal email to the contact details given above.
Finally, you shall have the right to file a complaint with the data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or in the place of the alleged infringement. In Berlin, where Juucy Software UG (haftungsbeschränkt) is based, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.