Status: May 2023
In the following, we inform you about the processing of your personal data (hereinafter “data”) on our website gendas.com.
- Responsible
This privacy notice applies to data processing by:
GENDAS Ltd.
Paul Robeson Street 14
10439 Berlin
For all privacy-related inquiries, you can email us at any time: datenschutz@gendas.com
- Purposes of processing and legal bases
- Data processing when visiting our website
When you visit our website, information is automatically sent to our web server by the browser used on your end device. This information is temporarily stored in a so-called log file. Basically, the following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL), browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability, and
- for other administrative purposes.
The legal basis for data processing when calling up our website is Art. 6 para.1 p.1 lit. f DSGVO. According to this, data may be processed if this is necessary to protect legitimate interests and if the interests of the data subject – in this case yours – do not prevail. Our legitimate interest within the meaning of the above provision results from the purposes for data collection listed above. This interest prevails in the context of a balancing of interests with regard to processing for the purposes listed above.
- Third party services on our website
We use website performance analysis services on our website to enable us to optimize our offerings.
- Google Analytics
We have integrated the “Google Analytics 4” service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, into our website (hereinafter “Analytics”).
Analytics uses cookies, i.e. are text files that are stored on your terminal device and enable an analysis of your use of the website. Information generated by such a cookie, including your IP address (in shortened form), is transmitted to a Google server. No individual IP addresses are logged or stored in Analytics. However, the metadata “city” (with latitude and longitude), “continent”, “country”, “region” and “subcontinent” are derived from IP addresses. Further information on the processing of IP addresses can be found here: https://support.google.com/analytics/answer/12017362?hl=de
Google may transfer, store or process your personal data outside the EEA/EU (in particular to the USA). In these third countries, there may not be an adequate level of data protection equivalent to the EU due to the lack of an adequacy decision (Art. 45(3) GDPR) and/or safeguards (Art. 46 GDPR). For this reason, the enforcement of your rights may be limited or not possible. Under certain circumstances, there is a risk in third countries (in particular in the USA) that state authorities may disproportionately access your data or further process this data and that no legal remedy is provided against this.
We have concluded an order processing agreement with Google, you can find more information here: https://business.safety.google/adsservices/. For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
You can find more information here: https://support.google.com/analytics/answer/6004245#info_for_sites&zippy=%2Cgoogle-analytics-gem%C3%A4%C3%9F-der-eu-datenschutz-grundverordnung-dsgvo%2Cin-google-analytics-erfasste-daten and https://business.safety.google/adsprocessorterms/
Analytics collects data about your website visit and other user data (e.g. information about browser, operating system, date and time of the website visit) and allows us to evaluate this data. Analytics also provides the special function of so-called “demographic characteristics”. Data on demographic characteristics of website visitors includes information on age and gender and also provides information on the interests of website visitors, which can be derived from online activities relating to travel and purchases. Analytics thus enables statistics to be compiled based on these characteristics. This allows us to define and differentiate user groups of our website. We can use this as a basis for appropriate target group-oriented marketing measures. You can find more information here: https://support.google.com/analytics/answer/6004245?sjid=4653284184503065859-EU#
The data processing on our website is based on your consent given via the Consent Tool according to Art. 6 para. 1 lit. a DSGVO. With your consent to use the service, you agree to the transfer of your data to third countries (especially the USA) despite the existing risks. You can revoke your consent at any time with effect for the future by clicking on “Cookie settings” in the footer of our website and deselecting the tool there.
Data collected through the use of Analytics is retained for 2 months and then deleted. . You can also download a browser plugin from Google at the following link to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
- Google Tag Manager
We use the Google Tag Manager of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland on this website.
The Google Tag Manager enables us to implement and manage various tools on our website. Via the Google Tag Manager, personal data may be transferred to Google. Google may transfer, store or process your personal data outside the EEA/EU (in particular to the USA). In these third countries, there may not be an adequate level of data protection equivalent to the EU due to the lack of an adequacy decision (Art. 45(3) GDPR) and/or safeguards (Art. 46 GDPR). For this reason, the enforcement of your rights may be limited or not possible. Under certain circumstances, there is a risk in third countries (in particular in the USA) that state authorities may disproportionately access your data or further process this data and that no legal remedy is provided against this. You can find more information here: https://support.google.com/tagmanager/answer/7157428
The data processing on our website is based on your consent given via the Consent Tool pursuant to Art. 6 (1) lit. a DSGVO. With your consent to use the service, you agree to the transfer of your data to third countries (especially the USA) despite the existing risks. You can revoke your consent at any time with effect for the future by clicking on “Cookie settings” in the footer of our website and deselecting the tool there.
- Google Adwords
This website uses the Google service “Ads” of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Google Ads helps us to advertise our products on external websites using so-called “Adwords”. The service helps us to determine the success of the respective campaigns. Furthermore, the service enables us to reach potential customers with our products through interest-based advertising.
If you have clicked on one of our advertisements on an external website, a cookie is set for
so-called “conversion tracking”. You can find more information here: https://business.safety.google/adscookies/
A conversion is recorded when you interact with our ad, e.g. by clicking on a text ad and you subsequently perform an action defined by us. This allows us in particular to measure the success of our advertising, to optimize our advertising measures.
You can find more information on the use of data regarding advertising by Google here: https://www.google.com/policies/technologies/ads/
Google may transfer, store or process your personal data outside the EEA/EU (in particular to Google LLC. in the USA). In these third countries, there may not be an adequate level of data protection equivalent to the EU due to the lack of an adequacy decision (Art. 45(3) GDPR) and/or safeguards (Art. 46 GDPR). For this reason, the enforcement of your rights may be limited or not possible. Under certain circumstances, there is a risk in third countries (in particular in the USA) that state authorities may disproportionately access your data or further process this data and that no legal remedy is provided against this.
We have concluded an order processing agreement with Google, you can find more information here: https://business.safety.google/adsservices/. For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. You can find more information here: https://business.safety.google/adsprocessorterms/
The data processing on our website is based on your consent given via the Consent Tool according to Art. 6 para. 1 lit. a DSGVO. With your consent to use the service, you agree to the transfer of your data to third countries (especially the USA) despite the existing risks. You can revoke your consent at any time with effect for the future by clicking on “Cookie settings” in the footer of our website and deselecting the tool there.
- Microsoft Clarity
We use the service “Clarity” of the [contracting party GmbH, street, 1234 city].
Clarity is a website visitor behavior analysis tool that helps us understand how users interact with our website through features such as session replays and heat maps. Heatmaps are graphical representations of user behavior on our website. Clarity allows us to view statistics about user behavior on our website, which helps us optimize our website and product offerings.
You can find more information on data protection here: https://privacy.microsoft.com/de-de/privacystatement
The data processing on our website is based on your consent given via the Consent Tool pursuant to Art. 6 (1) lit. a DSGVO. With your consent to use the service, you agree to the transfer of your data to third countries (especially the USA) despite the existing risks. You can revoke your consent at any time with effect for the future by clicking on “Cookie settings” in the footer of our website and deselecting the tool there.
- Stripe
If you choose a payment method of the payment service provider STRIPE, the payment processing will be carried out via the payment service provider [Vertragspartner GmbH, Street, 1234 City], to which we will pass on your information provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b DSGVO . The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider STRIPE and only insofar as it is necessary for this purpose.
We have concluded an order processing agreement with Stripe. STRIPE may transfer, store or process your personal data outside the EEA/EU (in particular to STRIPE Inc. in the USA). In these third countries, there may not be an adequate level of data protection equivalent to the EU due to the lack of an adequacy decision (Article 45(3) of the GDPR) and/or guarantees (Article 46 of the GDPR). For this reason, the enforcement of your rights may be limited or not possible. Under certain circumstances, there is a risk in third countries (in particular in the USA) that state authorities may disproportionately access your data or further process this data and that no legal remedy is provided against this. STRIPE relies on Standard Contractual Clauses (SCCs) for the permissibility of data transfer.
Further information on data protection at STRIPE can be found here: https://stripe.com/de/privacy
- Website hosting
Our website is provided through the Kinsta service of Kinsta Inc.
The legal basis for the use of Kinsta is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO to operate our website. We have concluded an order processing agreement with Kinsta, so that any personal data that may arise is processed by Kinsta on our behalf.
We have entered into an order processing agreement with Kinsta, under which Kinsta undertakes to comply with the legal provisions of the GDPR.
Kinsta uses the Google Cloud Platform service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to host our website. The data is hosted exclusively on servers located in Frankfurt am Main, Germany.
Nevertheless, it cannot be ruled out that your personal data will be transferred outside the EEA/EU (in particular to Google LLC in the USA), stored or processed there. In these third countries, there may not be an adequate level of data protection equivalent to the EU due to the lack of an adequacy decision (Art. 45(3) GDPR) and/or guarantees (Art. 46 GDPR). For this reason, the enforcement of your rights may be limited or not possible. Under certain circumstances, there is a risk in third countries (in particular in the USA) that state authorities may disproportionately access your data or further process this data and that no legal remedy is provided against this. Kinsta relies on standard contractual clauses (SCCs) concluded with Google LLC for the permissibility of data transfer.
You can find more information about data protection at Google Cloud here: https://cloud.google.com/privacy/gdpr?hl=de
You can find more information about data protection at Kinsta here: https://kinsta.com/de/legal/datenschutzpolitik/
- Hosting of data entered within the framework of SaaS
For hosting our SaaS, we use the Microsoft Azure Cloud service of Microsoft [Vertragspartner GmbH, Street, 1234].
In the Microsoft Azure Cloud, we store the software underlying our SaaS as well as the data processed as part of the whistleblower systems operated by our customers.
It cannot be ruled out that personal data will be transferred outside the EEA/EU (in particular to Microsoft Inc. in the USA), stored or processed there. In these third countries, there may not be an adequate level of data protection equivalent to the EU due to the lack of an adequacy decision (Art. 45 (3) GDPR) and/or guarantees (Art. 46 GDPR). For this reason, the enforcement of your rights may be limited or not possible. Under certain circumstances, there is a risk in third countries (in particular in the USA) that state authorities may disproportionately access your data or further process this data and that no legal remedy is provided against this.
We have concluded an order processing agreement with Microsoft, in which Microsoft undertakes to comply with the requirements of the GDPR. The data is hosted exclusively on servers in Europe. Microsoft relies on Standard Contractual Clauses (SCCs) for any third country transfer. The legal basis for data processing is Art. 6 (1) f DSGVO, as we have a legitimate interest in providing our SaaS.
The duration of data storage is determined by our customers on whose behalf we provide the service.
Further information on data protection at Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement and https://azure.microsoft.com/de-de/explore/trusted-cloud/privacy
- Cookie Consent Tool
In order to comply with legal requirements for consent when using cookies, we use the service Cookiebot from the provider Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
A cookie is set on your terminal device via the Cookiebot service, which stores whether or not you have consented to certain cookies.
The legal basis for the use of Cookie Bot is Art. 6 (1) lit. c DSGVO, as obtaining the corresponding consents is required by law according to § 25 TTDSG.
You can find further information on data protection at Cookiebot here: https://www.cookiebot.com/de/privacy-policy/
- Support requests and other contacts
If you contact us, e.g. in the context of support requests, we process the data you provide and, if applicable, data from your customer profile to process your request. The legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
The data will be deleted after completion of the support request , as far as the purpose for the processing has ceased to exist, no legal retention periods exist or we have a legitimate interest in the retention, e.g. for the duration of the statutory limitation periods.
- Duration of data storage
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. As soon as the data is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations, the data stored by us will be deleted. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
- Data subject rights
You have the right,
- pursuant to Art. 15 DSG-VO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 DSG-VO to immediately demand the correction of incorrect or completion of your personal data stored by us;
- pursuant to Art. 17 DSG-VO to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- in accordance with Art. 18 DSG-VO to request the restriction of the processing of your personal data, insofar as (a) the accuracy of the data is disputed by you, (b) the processing is unlawful, but you object to its erasure and instead request the restriction of the use of your personal data, (c) we no longer require the data, but you need them for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSG-VO;
- in accordance with Art. 20 DSG-VO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- to revoke your consent, once given, at any time in accordance with Art. 7 (3) DSG-VO. This has the consequence that we may no longer continue the data processing, which was based on this consent, on this basis for the future and
- complain to a supervisory authority in accordance with Art. 77 DSG-VO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
The following supervisory authority is responsible for Gendas GmbH:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 21550
E-mail: mailbox@datenschutz-berlin.de
- Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DSG-VO, you have the right to object to the processing of your personal data pursuant to Article 21 DSG-VO, provided that there are grounds for doing so that arise from your particular situation.
If you wish to exercise your right to object, send us your objection, for example, by e-mail to datenschutz@gendas.com.
- Data security
We take appropriate technical and organizational measures to ensure that your stored data is protected in the best possible way against loss, destruction, manipulation or access by unauthorized persons.
All data that you provide to us is encrypted and transmitted using the SSL (Secure Socket Layer) method for security reasons. SSL is a proven and worldwide used encryption system, with the help of which the website automatically encrypts your data.