Data Privacy

General

1.1 Objective and responsibility

1. This data privacy statement explains how and why we process personal data in connection with the use of our online services and the associated websites, functions, and content (hereinafter referred to collectively as the “online services” or the “website”).

2. The provider of the online services and the party with data controller responsibility under data privacy law is The unbelievable Machine Company GmbH (Grolmanstr. 40, 10623 Berlin, Germany) – hereinafter referred to as the “provider”, “we”, or “us”.

3. Parts of our online services (our blog) are provided by Hubspot, INC (25 First Street, 2nd Floor, Cambridge, MA 02141, USA).

4. Our data protection officer can be contacted via datenschutz@unbelievable-machine.com.

5. The term “user” includes all customers and visitors to our online services.

1.2 Legal principles

We collect and process personal data on the basis of the following legal principles:

  • a. Consent in accordance with Article 6, para. 1(a) of the General Data Protection Regulation (GDPR). Consent is defined as permission granted for a specific instance voluntarily, unambiguously, and in an informed manner, by means of a written statement or other unambiguous action by the data subject, to indicate that he or she agrees to the processing of personal data held on him/her.
  • b. A requirement relating to fulfillment of the contract or preparatory measures in accordance with Article 6, para. 1(b) of the GDPR, i.e. where data is required for us to fulfill our contractual obligations towards you or where we require data to prepare to enter into a contract with you.
  • c. Processing to fulfill a legal obligation in accordance with Article 6, para. 1(c) of the GDPR, i.e. where we are required to process data to comply with the law or other regulations.
  • d. Processing to safeguard legitimate interests in accordance with Article 6, para. 1(f) of the GDPR, i.e. where we are required to process data to protect our legitimate interests or those of third parties, as long as these interests are not outweighed by your interests, basic rights, or freedoms requiring the protection of your personal data.

1.3 Rights of data subjects

  • a. Right of access in accordance with Article 15 of the GDPR
  • b. Right to rectification in accordance with Article 16 of the GDPR
  • c. Right to erasure (“right to be forgotten”) in accordance with Article 17 of the GDPR
  • d. Right to restriction of processing in accordance with Article 18 of the GDPR
  • e. Right to data portability in accordance with Article 20 of the GDPR
  • f. Right to object in accordance with Article 21 of the GDPR
    Note: In accordance with legal provisions, users can revoke their consent for the future processing of their personal data at any time. This option may, in particular, be exercised to revoke consent for the processing of data for direct marketing purposes.

Notwithstanding any other administrative or judicial legal remedies that may be available to you, you have the right to complain to a supervisory body in the member state in which you reside or work or in which the suspected breach took place, if you believe that the processing of your data breaches the GDPR.

1.4 Data deletion and retention periods

Personal data held on data subjects will be deleted or blocked as soon as the purpose for which the data was collected and stored has been fulfilled. We may continue to store the data for longer periods if required to do so under European or national law by European Union ordinances, laws, or other regulations that apply to data controllers. The data will be blocked or deleted when the retention period prescribed in the aforementioned standards ends, unless we are required to retain the data in relation to the conclusion or fulfillment of a contract.

1.5 Data processing security

1. We have implemented appropriate technical and organizational security measures (TOMs) based on the best technology currently available. The data we process is therefore protected against accidental or deliberate manipulation, loss, destruction, and unauthorized access.

2. The encrypted transmission of data between your browser and our server is a key part of our security program.

1.6 Data transfer to third parties, subcontractors, and third-party providers

1. Personal data is transferred to third parties only within the confines of the law. We will only pass user data to third parties if it is required, for example, for purposes such as invoicing or for other purposes essential to fulfilling our contractual obligations towards users.

2. Where we use subcontractors to deliver our online services, we have made appropriate contractual arrangements with these parties in relation to the relevant technical and organizational measures.

3. Where we use content, tools, or other materials from other companies (hereinafter referred to collectively as “third-party providers”) and the headquarters of such companies are located in another country, data may be transferred to the country of the third-party provider. We will only transfer personal data to other countries if the receiving country has appropriate standards of data privacy, if the user has provided permission, or where another form of legal permission has been granted.

2 Data processing specifics

2.1 Collecting information on the use of our online services

1. When you use our online services, information is automatically collected and transferred to us via your browser. This information includes the name of the website accessed, the file, the date and time of access, the data volume transferred, a notification of successful access, the browser and version used, the operating system of the user, the referrer URL (the previously visited page), the IP address, and the requesting provider.

2. This data is processed based on our legitimate interests in accordance with Article 6, para. 1(f) of the GDPR (e.g. optimization of our online services) and to guarantee that our data processing procedures are secure in accordance with Article 5, para. 1(f) of the GDPR (e.g. to defend against and detect cyber-attacks).

3. The information will be deleted automatically four weeks after the connection is terminated – i.e. after the user stops using the online service – unless a longer retention period is required for any reason.

4. We are required to collect data and store it in log files to provide our online services. For this reason, the user has no right of deletion, objection, or rectification in relation to this data.

2.2 Contact form and contact by email

1. When a user contacts us (via our online form or by email), the data provided by the user is processed for the sole purpose of handling the enquiry (e.g. callback service and contact).

2. The data will only be processed for other purposes with the consent of the user.

3. The user’s data will be stored in our Customer Relationship Management system (“CRM system”) or a similar software package/database. The legal retention periods for business correspondence apply. We use the Salesforce.com service to store user data.

2.3 Recruitment

1. If you apply for a position or register with us, you provide us with your personal data for a specific role for recruitment purposes. Your data will be stored and processed on the systems of our software partner BambooHR. The data privacy statement of BambooHR is available at https://www.bamboohr.com/privacy.php.

2. During the application process, your title, first names, and surname will be stored in the applicant database, together with the usual data required to correspond with you, such as your postal address, email address, and telephone numbers. We will also collect and store your application documents such as your covering letter, CV, certificates relating to your education and professional training, and employment references.

3. This data will be stored, evaluated, processed, and forwarded internally solely for the purposes of handling your application. It will only be available to employees in our HR department and the persons responsible for recruitment decisions. Under no circumstances will your data be passed to other companies or persons outside our company, or used for other purposes.

4. On request, we will be happy to tell you what data we hold on you. To obtain this information, please contact our HR department (jobs@unbelievable-machine.com).

5. Your data will be stored for the duration of the recruitment process and any employment relationship entered into thereafter, and for the duration of the legal retention period following the end of the recruitment process and/or your employment relationship with us. If you accept a position with us, your personal data or extracts from it will be added to your personnel file.

6. If you apply for a position with us but we are unable to offer you anything suitable at this time, we will delete your data in accordance with the relevant legal provisions.

2.4 Use of Google reCAPTCHA

1. To ensure that your data is sufficiently secure when transmitting forms to us, we use the reCAPTCHA service provided by Google Inc. in certain circumstances. This service is primarily designed to determine whether the form was completed by a natural person, or has been misused and completed by an automatic service. During the use of this service, your IP address and any other data required by Google for the purpose of providing the reCAPTCHA service will be transferred to Google. The data privacy policy of Google Inc. applies.

2. Further information on the data privacy policy of Google Inc. is available at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/

2.5 Support enquiries

1. To process customer enquiries, we use the ticket system Zendesk, a customer service platform provided by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. Zendesk is a certified participant in the Privacy Shield data protection agreement and therefore satisfies the minimum requirements for processing enquiry data in compliance with the law.

2. Further information on data processing by Zendesk can be found in the Zendesk data privacy policy, which is available at http://www.zendesk.com/company/privacy. If you have any questions, you can also contact the data protection officer at Zendesk directly at privacy@zendesk.com.

2.6 HubSpot

1. Our website uses HubSpot, a software package provided by HubSpot Inc. (25 First St, 2nd Floor Cambridge, MA 02141, USA). This software is used in our inbound marketing department and helps us to coordinate and optimize our marketing strategy using statistical analyses and evaluations of logged user behavior.

2. This software uses cookies. You can block cookies from being stored on your device at any time and delete any stored cookies by modifying the relevant settings in your browser software. Please note that, if you decide to block cookies, you may not be able to use the full range of services available on our website.

3. Further information can be found in the terms of use and data privacy policy of HubSpot Inc., available at http://www.hubspot.com/terms-of-service and http://www.hubspot.com/privacy-policy.

3 Cookie policy

3.1 General information

1. Cookies are information files transferred from our web server or the web servers of third parties to the web browsers of users. They are then stored there for use at a later point in time. Cookies may take the form of small files or utilize other data storage methods.

2. If users do not want to store cookies on their computer, they can deactivate the relevant option in their browser’s system settings. Stored cookies can also be deleted from the browser’s system settings. Blocking cookies may reduce the functionality of our online services.

3.2 Objections

You can object to the use of cookies placed for reach measurement and advertising purposes via

4 Amendments to the data privacy statement

1. We reserve the right to amend the data processing information contained in this data privacy statement to reflect changes in the law, our online services, or in our data processing policies.

2. Where user consent is required or where the data protection statement contain provisions affecting the contractual relationship with users, changes will only be made with the prior approval of users.

3. We ask users to review the contents of this data privacy statement at regular intervals.

As at: 05/31/2018