§ 1 Information about the collection of personal data
1.1 In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifying you, e.g. name, address, e-mail addresses, identification number or an online identifier.
1.2 The person responsible according to Art. 4 para. 7 GDPR is Unsigned Integer UG (haftungsbeschränkt), Kottbusser Damm 79, 10967 Berlin, firstname.lastname@example.org.
1.3 When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
1.4 If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
§ 2 Your rights
2.1 You have the following rights towards us with regard to personal data concerning you:
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object the processing,
- Right to data portability.
2.2 You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
§ 3 Collection of personal data when you visit our website
3.1 When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you (legal basis is Art. 6 para. 1 point b GDPR):
- IP address
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
Log file information is deleted immediately after the requested website content has been submitted. stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
3.2 In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to us. Cookies cannot run programs or transmit viruses to your computer. They serve to make our website more user-friendly and effective.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Temporary cookies (see b)
- Permanent cookies (see c).
b) Temporary cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to one session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Please note that you may not be able to use all functions of this website. If you have the “Do Not Track” feature enabled in your browser, we of course will respect that.
§ 4 Further functions and services of our website
4.1 In addition to the purely informational use of our website, we offer various services that you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
4.2 In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
4.3 Furthermore, we may pass on your personal data to third parties if we offer competitions, contracts or similar services together with partners. You will find more information, when you provide your personal data or in the description of the service below.
4.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
§ 5 Right to object and withdrawal of consent
5.1 If you have given your consent to the processing of your data, you can withdraw this consent at any time. Such a withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
5.2 If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is in particular the case if processing is not necessary to fulfil a contract with you, which is described by us in the following description of the services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
§ 6 Special services implemented on our website
6.1.1 The website is hosted and delivered by Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle WA 98109, United States. AWS is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4). Further information can be found in the AWS data policy: https://aws.amazon.com/privacy/?nc1=h_ls
6.1.2 A CDN is a service with the help of which contents of our online offer, in particular large media files, such as graphics or scripts, are delivered faster with the help of regionally distributed servers connected via the internet. The processing of user data is carried out solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
6.1.3 The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our online offer in accordance with Art. 6 para. 1 point f GDPR.
6.2 Google Analytics
6.2.1 This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how you use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and internet use.
6.2.2 Google Analytics is integrated with Google Tag Manager, a solution with which we can manage so-called website tags via an interface (and thus integrate Google Analytics and other Google services into our online service). The Tag Manager itself does not process any personal data of the users. With regard to the processing of users’ personal data, reference is made to the following information on the Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
6.2.3 We use Google Analytics in the “Universal Analytics” mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
6.2.4 The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
6.2.6 This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
6.2.7 We use Google Analytics to analyse and regularly improve the use of our website. We can improve our web service and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI). The legal basis for the use of Google Analytics is Art. 6 Par. 1 point f GDPR.
6.2.8 Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
6.2.7 Users’ personal data will be deleted or made anonymous after 14 months.
6.3.2 Twitter is a short message service. Such messages can be combined with various content such as pictures, videos etc. We use Twitter widgets to display selected tweets from real customers, serving as testimonials for Deckset.
6.3.3 The use is based on our legitimate interests, i.e. interest in showing real opinions of users about Deckset in order to give them an authentic impression. Legal basis is Art. 6 para. 1 point f GDPR.
6.4.2 Paddle acts as a merchant of record, which means: When purchasing a Deckset license, you enter into an agreement with Paddle directly. As a consequence, Paddle collects your data autonomously.
6.4.3 Paddle collects buyer data during its checkout process for payment processing and order fulfilment purposes. These include name, location, contact details, and billing information. Legal basis is Art. 6 para 1 point b GDPR.
6.4.4 We have also implemented Paddle into our software, in order to i) verify the validity of your license and ii) to gain aggregated insights in your use of the application made available by Paddle. These insights consist of user usage of software, end user names, emails and sales data. i) The use for verification purposes is based on your existing contractual relation with Paddle and Paddle’s and our legitimate interest to validate your license. Legal basis are Art. 6 para. 1 point b and f GDPR. Our legitimate interest is fraud prevention. ii) Legal basis for processing the insights is Art. 6 para. 1 point f GDPR. Our legitimate interest is troubleshooting and to steadily improve Deckset, e.g. assess whether to drop support for an older version of macOS or which functions are popular and worth to be developed etc.
6.4.2 Imgix helps us to optimize images specific to the context in order to display quickly and with high quality.
6.4.3 The use is based on our legitimate interest to improve your website experience. Legal basis is Art. 6 para. 1 point f GDPR.
6.6.2 We use Airtable on the “Apply for an educational discount” (https://www.deckset.com/edu/) and “Request your free upgrade” (https://www.deckset.com/upgrade/) pages, in order to operate the forms to be found there.
6.6.3 The implementation is based on our legitimate interest to assess, whether you are eligible for an educational discount respectively free upgrade. Legal basis is Art. 6 para. 1 point f GDPR.
6.7.1 We use GSuite, a service by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We have signed a Data Processing Addendum, in order to legitimate transfers of personal data to Google Ireland Ltd. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
6.7.2 We use GSuite as our email hosting service. The GSuite inbox for the email address email@example.com is synchronized with FrontApp.
6.7.3 The use is based on our legitimate interest to be able to communicate with our clients and other third parties via mail. Legal basis is Art. 6 para. 1 point f GDPR.
6.8.2 We use FrontApp, a shared inbox for teams as our helpdesk software. All support requests to firstname.lastname@example.org are forwarded to FrontApp. It helps us to keep the overview of all your support requests and to be able to respond to your requests in a team structure.
6.8.3 The use is based on our legitimate interest to be able to respond comprehensively and in timely manner to your support requests. Legal basis is Art. 6 para. 1 point f GDPR.
6.9.1 We use Mailgun, a newsletter service by Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA. We have signed a Data Processing Addendum, in order to legitimate transfers of personal data to Mailgun, Inc. Mailgun has submitted to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG). In addition we have concluded EU Standard Contractual Clauses with Mailgun, in order to further safeguard the processing of personal data outside of the European Economic Area.
6.9.2 We use Mailgun to automatically send mails with education discounts resp. license keys to customers having applied for an education license or a free upgrade.
6.9.3 The implementation is based on our legitimate interest to efficiently submit the necessary information (discount codes, license keys) to you. Legal basis is Art. 6 para. 1 point f GDPR.
6.10.2 We use Campaign Monitor to help us send out our newsletter to all users who have subscribed to it. Campaign Monitor can use the recipient’s data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, Campaign Monitor does not use your personal data to send you mails or to pass the data on to third parties.
6.10.3 You can register for our newsletter by submitting your email address on our website. Upon registering, we will send you an automated mail with a link you have to click (double opt-in), in order to finalize the newsletter subscription. We log your subscription to our newsletter (IP, time, date). This is necessary to be able to prove that you have given us your consent.
6.10.4 Our newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file which is downloaded from Campaign Monitor’s server when you open our newsletter. In this context, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour, nor, if used, that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
6.10.5 A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled. You can find an unsubscribe link in every newsletter email. Upon your cancellation, we may store your subscription data for another three years to be able to prove that you had given us your consent, before we delete your personal data.
6.10.6 Legal basis for sending you newsletter emails and measure its performance is your consent, Art. 6 para. 1 point a, 7 GDPR Art. 6 para 1 point f GDPR. Legal basis for logging your subscription data is Art. 6 para 1 point f GDPR. Our legitimate interest is that we are legally obliged to prove that you have given us consent. To secure the processing of your personal data, we have concluded a data processing agreement with Campaign Monitor.
§ 7 Data processing when using our software application
We use Paddle. For more details on this company, please refer to § 6.4.4 above.
7.2.2 We use HockeyApp to keep track of crash reports. Should the app crash for a user, upon reopening it, a dialog is shown asking users to submit a problem report for Deckset. Such reports contain an anonymized per-device identifier, which means: Two reports from the same device will contain the same identifier. Other than that, such reports do not contain personal data, unless you provide them (e.g. name, email address, comment) voluntarily. The data is then sent to Hockey where we can analyze it and cross-reference it with other crashes.
7.2.3 The use is based on our legitimate interest, to maintain a stable application, find bugs and being able to analyze them in order to fix them. Legal basis is Art. 6 para. 1 point b GDPR.