Privacy Policy

  1. General

This privacy policy explains to you the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) on our website and the associated websites, functions, and content, as well as external online presences, such as our social media profile. (hereinafter jointly referred to as the “Online Presence”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulations (GDPR). This privacy statement only applies to the Online Presence of ALEADON GmbH. The Online Presence of ALEADON GmbH may contain links to other providers (e.g. Xing and LinkedIn), to which this privacy policy does not extend. When you leave our Online Presence, we encourage you to carefully read the privacy notices of any website that collects personally identifiable information.

 

  1. Responsible authority

The provider of the Online Presence and responsible for data protection is:

ALEADON GmbH
Königsallee 106

40215 Düsseldorf

Germany

Tel .: +49 (211) 30 132 207 Commercial register number HRB 74472

Local Court Dusseldorf

Website: www.aleadon.com

Management: Dr. Ing. Heiko Kroll
Data Protection Officer: datenschutz@aleadon.com

 

  1. Legal basis

In accordance with art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the Data Protection Declaration, the following applies: the legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for processing for the fulfilment of our services and the execution of contractual measures as well as for replying to enquiries is art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is art. 6 para. 1 lit. f, GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 (d) GDPR applies as the legal basis.

 

  1. Security measures

We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with art. 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons; the measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data risks. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.

 

  1. Cooperation with data processors and third parties

If we disclose data to other persons and companies (data processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR is required for contract fulfilment), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DSGVO.

 

  1. Transfers to third countries

 

If we process data in a third-party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the particular requirements of art. 44 ff. GDPR are met.. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (called “standard contractual clauses”).

 

  1. Access data and log files

We collect data on the basis of our legitimate interests as defined in Art. 6 para. 1 f GDPR regarding each access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, file, date and time of access, amount of data transferred, report whether the site was successfully retrieved, browser type and version, the user’s operating system, the referrer URL (the site visited before coming to our site), the user’s IP address, and the requesting internet service provider.

Log file information is stored for a maximum of 90 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence is not deleted until the relevant incident has been ultimately clarified.

 

  1. Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our website within the meaning of art. 6 para. 1 lit. f. GDPR), we include content or service offerings from third parties so that we can incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users’ browsers. The IP address is therefore necessary in order to display this content. We strive only to use content from providers who use the IP address to deliver content, and for nothing else. Third-party providers may also use so-called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. “Pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The anonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering. It may also be linked to such information from other sources.

The following presentation offers an overview of third-party providers and their content in addition to links to their Privacy Statements, which contain further references to the processing of data and, already mentioned here in part, opportunities to object (‘opt-out’):

  • If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and the privacy notices of the respective third party providers apply, which are available within the respective websites or transactional applications.
  • External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). Google Fonts are integrated by accessing a Google server (typically in the USA). Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
  • Maps of the Google Maps service of the service provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
  • Videos of the YouTube platform of the service provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
  • Functions of the service or the Twitter platform (hereinafter referred to as “Twitter”) can be integrated within our online offer. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Features include displaying our posts within Twitter within our online offering, linking to our profile on Twitter, as well as the ability to interact with Twitter’s posts and features, as well as measuring whether users are using the ads we’ve posted on Twitter access our online offer (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt out: https://twitter.com/personalization.

 

  1. Online presence in social media

We maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we will process the data of users who communicate with us within social networks and platforms, e.g. write articles about our websites or send us messages.

 

  1. A) Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our website in accordance with Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about the user’s use of the website is generally transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

On our behalf, Google will use this information to analyse the use of our website by users, to compile reports on activities on this website, and to provide us with other services related to the use of this website and the internet. Anonymous usage profiles of users may be created from the processed data.

We also use Google Analytics to display advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products that are determined by the websites visited) that we transmit to Google (known as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our advertisements correspond to the potential interest of the users and are not annoying.

We use Google Analytics only with activated IP anonymisation. This means that the IP address of the user is truncated by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and truncated there.

The IP address sent by your browser will not be associated with other data held by Google. The user may refuse the use of cookies by selecting the appropriate settings in their browser; the user can also prevent Google from collecting the data generated by the cookie regarding your use of the contents data and the processing of this data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, we offer you the option to disable the Google Analytics recording only for this website. You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website: Disable Google Analytics

Further information concerning the terms and conditions of use and data privacy can be found at https://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).

For further information on data usage by Google, setting and blocking options, please see the Google websites: https://www.google.com/intl/en/policies/privacy/partners   (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads   (“Use of data for advertising purposes”),  https://adssettings.google.com/authenticated   (“Control the information Google uses to show you ads”).     

 

  1. B) Google Re- / Marketing Services

Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our Website within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the Marketing and Remarketing Services (“Google Marketing Services”) of Good Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”).

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services use cookies that are stored on your computer and allow us to target ads for and on our site to show users only ads that may be of interest to them. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “re-marketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which content he/she is interested in and which offers he/she has clicked on, along with technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offering. The IP address of the users is also recorded, whereby we give notice within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement. Only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address is not combined with other data Google has about the user. The above information may also be linked by Google to such information from other sources. If the user subsequently visits other websites, the ads tailored to his/her interests can be displayed.

User data is processed anonymously for Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant data cookie-related within anonymous user profiles. This means that, from Google’s point of view, ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this anonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

One of the Google marketing services we use is Google AdWords, an  online advertising platform. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Thus, cookies cannot be tracked using the website of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. AdWords advertisers can find out the total number of users who have clicked on their ad and been redirected to the page with a conversion tracking tag. However, they do not obtain any information which can be used to identify you personally.

We can also use the “Google Tag Manager” to integrate Google analysis and marketing services into our website and manage them.

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

If you wish to opt out of interest-based advertising through Google marketing services, you can use the Google settings and opt-out options: https://adssettings.google.com/authenticated.

 

  1. C) Facebook social plug-ins

Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our Website within the meaning of Art. 6 para. 1 lit. f. GDPR), we use social plugins (“Plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by a Facebook logo (white “f” on a blue tile, the term “Like”, or a “thumbs up” sign) or by the phrase “Facebook social plugin”. The list and the appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When users access a feature of this online offer that contain such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted by Facebook directly to the user’s device to be integrated into the online offer. Pseudonymous usage profiles of users may be created from the processed data; therefore, we have no influence on the scope of the data which Facebook collects using this plugin and inform you based on our knowledge.

By including the plugin, Facebook receives the information that a user has accessed the corresponding page of the online offer. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plug-ins, for example by clicking the Like button or writing a comment, the corresponding information is directly transmitted from your browser to Facebook to be stored there. If you are not a member of Facebook, there is still the possibility that Facebook will gain knowledge of your IP address and store it. According to Facebook, only anonymised IP addresses are stored in Germany.

For the purpose and scope of data collection and further processing and use of data by Facebook, as well as the related rights and settings options to protect the privacy of users, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook before using our online offer and delete his or her cookies. More settings and ways to revoke permission to use your data for advertising purposes are available in your Facebook profile settings: https://www.facebook.com/settings?tab=ads or the US web page https://www.aboutads.info/choices/ or the EU web page https://www.youronlinechoices.com/.      The settings apply across platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.

 

  1. Hosting service provider,

The hosting of the server for our online offers and website is managed by millepondo services GmbH & Co. KG. Further information is available directly under https://www.millepondo.de/. It has been contractually agreed with millepondo that only rental servers of Hetzner Online GmbH (https://www.hetzner.de) will be used for us. Hetzner owns several data centres in Germany and Finland. A contract has been concluded with millepondo services GmbH & Co. KG  for the processing of personal data (in accordance with the GDPR).

 

  1. Contact

When contacting us (via contact form or e-mail), the user’s details for the processing of the contact enquiry and its handling according to the terms and conditions of this agreement are stored. Art. 6 Para. 1 lit. b. GDPR. User information can be stored in our Customer Relationship Management System (“CRM System”). Information provided by users in contact forms may be stored within the content management system (CMS) WordPress used together with the time of transmission and the IP address of the sender. We delete queries if they are no longer necessary. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. In the case of statutory archiving obligations, deletion shall take place after their expiry.

 

  1. Performance of contractual services
  2. A) Inventory and contract data

We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. used services, name and e-mail address of the customer admin) in order to fulfil our contractual obligations and services acc. to art. 6 para. 1 lit. b, GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. Companies (represented by a customer admin) need to create a customer account to be able to order products and view their orders, invoices, and stored information. During the registration process, the required information will be communicated to customers. Customer accounts are not public and cannot be indexed by search engines. If users have terminated their customer account, their data with regard to the customer account will be deleted, subject to their retention, for commercial or tax reasons, according to art. 6 para. 1 lit. c GDPR. It is up to the users to save their data before the end of the contract if they have given notice of termination. We are entitled to permanently delete all user data stored during the term of the contract.

As part of the registration and use of our online services, we store information required for the registration and product execution and the time of the respective user action. These data are stored on the basis of our legitimate interests, and to protect the user against misuse and other unauthorised use. A passing on of this data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation in accordance with art. 6 para. 1 lit. c GDPR.

 

  1. B) Registration in the web portal as customer admin

To grant you access to our web portal (WebApp), the following company and personal data must be collected.

  • Company
  • Title:
  • First name
  • Surname
  • Email address

In principle, data will only be stored as long as the online access is desired, i.e. as long as necessary to achieve the purpose. The legal basis is Art. 6 lit. b. GDPR. As soon as paid orders are executed, the following company data must be added:

  • Company address (street, number, post code and city
  • Country
  • VAT ID number (optional)
  • Different invoice address

 

  1. C) Deposit of information about participants or users in the web portal

The following personal data of participants must be recorded to start products in our web portal (WebApp) for additional participants.

  • Title:
  • First name
  • Surname
  • Email address
  • Team membership

To use the feedback system, the following job-related data must be added:

  • Title / Role / Function
  • Short job description
  • Professional Qualification

All data are stored only as long as the customer wishes and are necessary to achieve the purpose. The customer admin or a person authorized by the customer can delete participants and thus also their personal data at any time. Results of deleted participants are no longer displayed on the web portal and are no longer available in team profiles. The legal basis is Art. 6 lit. b. GDPR.

 

  1. D) Events of ALEADON

For the planning and execution of events, the organizer requires personal data of participants. Participants agree that their data may be processed and used for the initiation, execution and follow-up of the event.

  • Title:
  • First name
  • Surname
  • Email address
  • Team membership

All data are stored only as long as the customer wishes and are necessary to achieve the purpose. The legal basis is Art. 6 lit. b. GDPR.

 

  1. E) Web demo

If you request an appointment for a web demo, we will use your information to contact you and coordinate and arrange an appointment.

  • Title:
  • First name
  • Surname
  • Email address
  • Company telephone number
  • Designation

All data are stored only as long as the customer wishes and are necessary to achieve the purpose. The legal basis is Art. 6 lit. b GDPR.

 

  1. Rights of Users and Participants / Transparency Statement
  • You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with art. 15 GDPR.
  • According to art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • In accordance with art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with art. 18 GDPR.
  • You have the right to request the data concerning you that you have provided to us in accordance with art. 20 GDPR and to request their transmission to other controllers.
  • In accordance with art. 77 GDPR you have the further right to lodge a complaint with the responsible supervisory authority.

 

  1. Right of withdrawal and objection

 

You have the right to revoke your consent according art. 7 para. 3 GDPR with effect for the future. Furthermore, you can object to the future processing of your personal data in accordance with art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct advertising purposes.

 

We use temporary and permanent cookies, i.e. small files that are stored on the user’s devices (explanation of the term and function, see last section of this privacy policy). In part, cookies serve security purposes or are required for the operation of our online offer (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies to measure audience reach and for marketing purposes, about which the users will be informed further down in this Privacy Statement.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/. Furthermore, you can deactivate the storage of cookies in the browser settings. Please note that in this case not all functions of the website can be used in full.

 

  1. Deletion of data

The data processed by us will be deleted or their processing restricted in accordance with art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, data stored by us will be deleted at regular intervals, as soon as they are no longer required for their intended purpose, and the deletion does not conflict with any statutory storage obligations. If data are not deleted because their necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

 

  1. Final provisions

ALEADON reserves the right to modify this Privacy Policy at any time to ensure that it complies with the latest legal requirements or to implement changes to the Privacy Policy, such as the introduction of new services or changes to the Website. Any subsequent website access will then be subject to the terms of the new privacy policy.