Pricing
Solutions
Resources
Pricing
Contact

Information on data collection in accordance with Article 13 GDPR

As of: 24 March 2024

1 Controller and data protection officer

The controller for data collection and data processing is

konfidal GmbH \ Hauptstr. 28 \ 15806 Zossen

Management: Martin Meng and Frederik Wegner

konfidal GmbH has appointed the following external data protection officer

Dr Bernd Schmidt, LL.M. \ PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH \ Jungfernstieg 1 \ 20095 Hamburg

2 Collection and storage of personal data as well as type and purpose and their use

2.1 When using our website under the domain konfidal.eu or a purely read-only access to app.konfidal.eu

The following data is sent to

  • our servers, operated by Hetzner Online GmbH and
  • the servers of plausible.io, a website analytics tool,

transmitted:

  • operating system, IP address, browser version and the language set in the browser of the requesting end device,
  • the time of the enquiry (date and time),
  • the requested content defined by the URL and
  • the HTTP "Referrer" header.

This data is not stored on our servers, but is only used for a few milliseconds to correctly deliver the website to the user. This data can be temporarily stored in logs for technical error analyses. Such logs are automatically deleted after 7 days.

Our tracking tool plausible.io anonymises the transmitted information immediately after receipt and then stores it for the purpose of analysing website usage. Plausible does not store any cookies with the user. Read the privacy policy of plausible.io to find out the technical details. With this method, the user's IP address, operating system and browser data are not stored. Based on the IP address, plausible.io tries to determine the origin of a regional enquiry, insofar as this is possible with an IP address.

The aforementioned data is processed by us for the following purposes:

  • Ensuring smooth and fast delivery,
  • Analysing system security and stability,
  • Protection and defence against cyber attacks,
  • Analysing usage for technical and content improvement.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection mentioned above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. The data is also not merged with other data sources.

Use of meetergo on our website

We have integrated meetergo on this website. The provider is meetergo GmbH, Hansaring 61, 50670 Cologne (hereinafter referred to as meetergo). meetergo provides an online appointment tool. If you make an appointment with us online, the data you enter for this purpose will be stored on meetergo's servers in Germany. In addition, meetergo temporarily records your IP address, your referrer URL, the time of access and can determine that you have made an enquiry with us; this data is used exclusively for the technical provision of the service and is then automatically deleted again. The integration of meetergo is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in offering you the simplest and most uncomplicated way to make an appointment. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.

Use of Varify.io on our website

We use varify.io for A/B testing. The provider is Varify GmbH, Südliche Münchner Straße 55, 82031 Grünwald, Germany. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to continuously optimise our website for you. The processing of the data is technically necessary in order to display different versions of the website to website visitors.

We delete the data when the purpose for which it was collected no longer applies.

Integration of Vimeo videos on our website

We embed videos on our website that are stored by the third-party provider Vimeo. For technical reasons, the integration of Vimeo videos causes the Vimeo servers to be called up. Data from your browser or device, including your IP address, is transmitted to the Vimeo server. It is also transmitted which of our Internet pages you have visited. Vimeo is operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. You can find information about data collection and its purpose, further data processing and use by Vimeo as well as your rights in this regard and setting options to protect your privacy in Vimeo's data protection information.

Vimeo is certified in accordance with the EU-US Data Privacy Framework. Data is therefore transferred on the basis of an adequacy decision in accordance with Art. 45 para. 3 GDPR of the EU. The data transfer only takes place after your consent via a two-click solution in accordance with Art. 6 para. 1 lit. a GDPR.

Use of the Contentful CDN on our website

We use the Contentful CDN to display static files such as graphics. Contentful is operated by Contentful, Inc, 150 Spear St, San Francisco, CA 94105, USA.

Data from your browser or end device, including your IP address, is transmitted to the Contentful server. It is also transmitted which of our websites you have visited. We use the EU plugin from Contentful so that your data is processed purely in the EU in accordance with the requirements of the GDPR.

The legal basis for the processing is our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to display our website as quickly and optimally as possible for you.

Use of the Google Tag Manager on our website

We use Google Tag Manager to display additional tools. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing takes place on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.

The legal basis for the transfer to a country outside the EU is an EU adequacy decision Art. 45 para. 3 GDPR, as the parent company of Google Ireland Limited is certified under the EU-US Data Privacy Framework. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided in an adequacy decision pursuant to Art. 45 (3) GDPR that the third country offers an adequate level of protection.

We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

Use of Microsoft Advertising (formerly Bing Ads) on our website

We use Microsoft Advertising, offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. To improve the reach of our advertising, we therefore also use Microsoft's conversion tracking tool on our website, which also stores your data. This tells us, for example, which keyword or advert you used to reach us, what you click on our website, how many people visit our website via Microsoft Ads and how long you stay on our website. All this data relates to user behaviour and not to personal data. We therefore only receive data or evaluations of your web behaviour, but no personal information. Microsoft uses the data to optimise its own advertising and other services. If you have a Microsoft account yourself, the data collected may be linked to your account. Microsoft may also recognise and store your IP address.

The legal basis for the transfer to a country outside the EU is an EU adequacy decision Art. 45 para. 3 GDPR, as the parent company of Google Ireland Limited is certified under the EU-US Data Privacy Framework. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided in an adequacy decision pursuant to Art. 45 (3) GDPR that the third country offers an adequate level of protection.

The legal basis is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in using Microsoft Advertising to optimise our website and our marketing measures.

2.2 When using / interacting with our app under the domain app.konfidal.eu

2.2.1 When registering a new account

If you create an account with us, we collect the following data from you

  • Email address
    • For logging in and for notifications from the app
    • For direct marketing
  • First name, surname
    • For contract fulfilment
    • For direct marketing
    • To personalise the emails sent by the app
    • For better display of multi-user functionality
  • The role in the job and a profile picture, if specified / uploaded by the users themselves
    • For better mutual identification when working together in the app

The legal basis for this is your consent, Art. 6 para. 1 lit. a GDPR.

2.2.2 When inviting a new user to the app

Before inviting a new user, please make sure that they agree to the entry of their email address and would like to be invited to the app.

  • E-mail address of the new user
    • To send the invitation

The e-mail address is only stored for as long as the invitation is open, but for a maximum of 7 days. If a user accepts the invitation and registers, they must accept this privacy policy. The personal data collected will then be processed in accordance with the provisions of this declaration.

We use the sendinblue email service to send the email; details can be found under 2.2.5 "When sending an email from the app to a user".

The legal basis for this is the consent of the invited user, Art. 6 para. 1 lit. a GDPR.

2.2.3 When sending a notification via a notification form

To submit notifications via the notification form, no personal data needs to be entered or collected. Entries can also be submitted anonymously. The following data will only be collected if you enter it:

  • E-mail address
    • To log in and for notifications from the app
  • First name, surname
    • To inform the recipient of the message
  • All data entered in the free text field or later chat with the case handler of the report

The legal basis for this is your consent, Art. 6 para. 1 lit. a GDPR. In addition, the data is required for the fulfilment of the contract, Art. 6 para. 1 lit. b GDPR.

Due to the EU Whistleblower Directive and its national legislation of the EU member states (in Germany and Austria the HinschG), all data associated with notices are permanently stored by us. However, only the relevant departments at konfidal and the konfidal employees listed as case handlers in the respective notification form have access to the data.

2.2.4 When setting up a company

When you enter a new company in konfidal, the following data is collected:

  • Address of the registered office with full company name
    • For the execution of the contract
  • Name of the company in the app
    • Abbreviation option
  • An image of the company logo, if uploaded by the user

If company data contains personal data, the legal basis for this is your consent, Art. 6 para. 1 lit. a GDPR. In addition, the data is required for the fulfilment of the contract, Art. 6 para. 1 lit. b GDPR.

This data is stored indefinitely. If the company is deleted, it will be stored for as long as required by law.

2.2.5 When sending an email from the app to a user

To send emails from our app - e.g. a welcome email after registration - we use the sendinblue.com service. This is operated by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. We have concluded an order processing contract with the provider to formally ensure that your data is processed in compliance with data protection regulations.

Our servers transmit the following data so that sendinblue can deliver the email correctly.

  • E-mail address, first name and surname of all recipients of the e-mail,
  • Content of the email.

Sendinblue stores everything except the content of the email for one month. This helps the konfidal development team to correct errors.

The legal basis for this is your consent, Art. 6 para. 1 lit. a GDPR. In addition, the data is required for the fulfilment of the contract, Art. 6 para. 1 lit. b GDPR.

2.2.6 When opening an email sent from the app

When an email sent from the app is opened, the following data associated with the email is sent to Sendinblue by the email programme displaying the email

  • Email has been delivered,
  • Email has been opened,
  • A button or link in the email was clicked.

Sendinblue stores this data for one month.

The legal basis is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in tracking the receipt of emails and their use. This enables us to ensure that emails have actually reached the recipient or to optimise the emails for you.

2.2.7 When purchasing a licence in-app

When you purchase a licence in the app, data is transmitted to our payment service provider Chargebee (https://www.chargebee.com/privacy/). Chargebee is based in the USA, but operates a completely separate data centre in the EU for European customers, which means that no data leaves the EU. In addition, Chargebee uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there.

The following data is transmitted to Chargebee in order to complete the purchase process:

  • First name, surname and address of the company
    • For the execution of the contract / invoicing
  • Credit card details
    • To process the payment
  • E-mail of the user
    • For sending invoices and other contractually relevant information by Chargebee to the user

After checkout with chargebee, the user automatically has a customer profile in our chargebee instance. This exists for as long as the user account with konfidal exists. The chargebee customer profile can be deleted at the user's request.

The legal basis is the performance of the contract, Art. 6 para. 1 lit. b GDPR.

2.2.8 Other data input through functionalities in the konfidal app

The app has many free text input fields whose data we store in the interest of and with the consent of the user. We store data until the user deletes it. We are not permitted to destroy data in connection with the EU Whistleblower Directive or the HinschG for legal reasons. However, only the relevant departments at konfidal and the konfidal employees listed as case handlers in the respective reporting form have access to this data. A careful transfer can be carried out here, in which the data is deleted from our system but continues to exist elsewhere.

The legal basis for this is your consent, Art. 6 para. 1 lit. a GDPR.

3. cookies

Einwilligungsaufforderung ansehen

Our website uses "cookies". Data is stored locally in the cache of your browser, which continues to exist and can be read even after closing the browser window or exiting the programme - unless you delete the cache and unless it is a cookie for the duration of a session. Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.

3.1 Cookies used

You can find an overview of the cookies we use in the privacy settings.

4. process for a notification via our app

4.1 Basic information

Our app, which you can use under the domain app.konfidal.eu, is a so-called whistleblower management software. It enables companies to fulfil their obligations under the EU Whistleblower Directive and the Whistleblower Protection Act (HinschG). They can submit reports via the app. These reports can be made anonymously without entering personal data. Please note our information on data processing, in particular under point 2 above.

4.2 After you have submitted a report

  1. you can view the status of the procedure at any time via our app. If you decide in favour of an anonymous submission, you will receive an individual token from us at the end of the submission process. Please keep this safe - we will not be able to recover it or give it to you afterwards. If you provide your personal data, you will receive information e-mails from us as soon as there are any new developments in the procedure. These e-mails do not contain any further information; you will only receive this after logging into the app. 2 After you have entered a report via our app and sent it to us, we will first carry out the checks required by law. These are in particular checks as to whether the report is a whistleblower protection case under the HinschG. If you have provided us with your contact details, we will also contact you again if necessary.
  2. you can submit reports both in writing and by voice message. If you opt for anonymous reporting (you can select this), your voice colour will be distorted before it is sent to the company you have reported to. This distortion takes place on our own systems.
  3. if you opt for anonymous reporting (you can select this), any metadata about you will also be removed before submission to the company. 5 Next, the company you have reported to will be informed that a specific type of report has been received. The purpose of this information is to clarify the further procedure with the company and, in particular, to appoint employees of the company to clarify the case. **All data remains in the konfidal ecosystem, including any data relating to the clarification of the facts.
  4. the report will be investigated further and clarification will be sought. Insofar as we need third parties (e.g. lawyers, authorities) for clarification, the data available to us will be passed on accordingly. We observe the obligations of the HinschG at all times. The result is to find out what can be done to remedy the situation on the part of the company. 7 We summarise the results and any measures taken in a final report. We will either send this to you - if we have your contact details - or you can access it via your individual token in the app.
  5. if your report is rejected - e.g. due to a lack of response from you to queries - you will also receive a final report as described under 4.
  6. in any case, you can also contact official bodies for reporting, regardless of whether you have submitted a report via our app. However, if you have submitted a report via our app, you must wait until the internal procedure via the app has been completed before submitting a report to an official body.

5. subscription to our newsletter

On our website, you are given the opportunity to subscribe to our company's newsletter. The input mask used for this purpose determines what personal data is transmitted to the controller when you subscribe to the newsletter.

Konfidal informs its customers and business partners regularly by means of a newsletter about enterprise offers. Our company's newsletter can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation e-mail is sent to the e-mail address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation email is used to check whether the owner of the email address as the data subject has authorised receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject's e-mail address at a later date and therefore serves as legal protection for the controller.

The personal data collected as part of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or in the event of a change in technical circumstances. The personal data collected as part of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter dispatch, can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. It is also possible to unsubscribe from the newsletter at any time directly on the controller's website or to inform the controller of this in another way.

6. transfer of data to third parties

We store all our data in the EU. Our servers do not transfer data to servers outside the EU.

Your personal data will not be transferred to third parties for purposes other than those listed below. Insofar as this is necessary for the processing of the contractual relationship with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, your personal data will be passed on to third parties. Recipients of the data are public bodies that receive data due to legal regulations (e.g. social security institutions, tax authorities), internal bodies involved in the execution of the respective business processes (personnel administration, accounting, banking institutions/payment service providers, accounting, customer service, marketing, sales), in the case of shipping products to the transport company/shipping company commissioned by us, contractual partners, business partners insofar as this is required or permitted by legal regulations.

**7. your rights

You have the right:

in accordance with Art. 7 para. 3 GDPR to revoke your consent once given to us at any time. This means that we may no longer continue the data processing based on this consent in the future;

to request information about your personal data processed by us in accordance with Art. 15 GDPR_ **In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

in accordance with Art. 16 GDPR_ to demand the immediate rectification of incorrect or completion of your personal data stored by us;

in accordance with Art. 17 GDPR_ to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

in accordance with Art. 18 GDPR_ to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

in accordance with Art. 20 GDPR_ to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller; and

in accordance with Art. 77 GDPR_ to lodge a complaint with a supervisory authority As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

8. routine deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

9. encryption of personal data

Your personal data is encrypted on the website and in our app using SSL over the Internet. We use technical and organisational measures to secure our website, app and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. Access to your account or your message is only possible after entering your personal access data or an individual token. You should always treat your access information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others. The technical measures we maintain are continuously adapted to the current state of the art.

10. right of objection and cancellation, request for information, deletion and correction

You have the option at any time to withdraw your consent to the processing of personal data with effect for the future and to have your personal data deleted or amended. If the data is required for the fulfilment of the contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

If commissioned by you, it will take up to 3 months for all your data to be completely deleted.

Requests for information, correction and deletion as well as the revocation or objection regarding the further use of the data possibly given to us can be declared informally as follows:

konfidal GmbH \ Hauptstr. 28 \ 15806 Zossen \

by e-mail to: \ privacy@konfidal.eu

Man sitting on the footer bar of the website working with a laptop on his lap.
Why konfidalPricingKnowledgeImprintTerms & ConditionsPrivacy PolicyReset cookie settingsLoginContact
Event illustrations by Storyset
2023 All rights reserved. konfidal is a registered trademark of konfidal GmbH.
Kitaplatz gesucht? kita.kids hilft!