Principles of Data Protection
Thank you for your interest in our homepage and our company. The following websites apaleo.com, store.apaleo.com, app.apaleo.com, apaleo.zendesk.com, info.apaleo.com (“Website”) are operated by: apaleo GmbH, Dachauerstr. 15 A, 80335 Munich, Germany E-Mail: firstname.lastname@example.org
For the use of the Website, or by using our software and/or the apaleo app store (“Store”) or as part of the provision of services – collectively called “Services”, we collect various types of data, some of which are provided by you as a user and some of which are necessary for the use of the Services or arise from the use of the Services. Personal data are individual details about personal or professional circumstances of a specific or identifiable natural person, such as your name, your address, your telephone number, your date of birth, your payment data and your IP address. Your personal data will only be passed on or otherwise transferred to third parties if the transfer is necessary for the purpose of contract processing (for example for payment processing or sending goods via parcel service) or if you have given your express consent. The information is not used for any other purpose. If we use contracted service providers for individual functions of our Services or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period. The following data protection principles apply to the use of our Services and other services offered (e.g. contact form, registration, Store):
1 We protect your personal data by taking all reasonable and necessary technical and organizational measures so that they are not accessible to unauthorized third parties. Our Website and other services offered through it therefore use appropriate encryption mechanisms for the provision of content and during the input and transmission of data. When communicating by e-mail, we also recommend the use of encryption for confidential information.
2 The Responsible party in respect of. Art. 4 Para. 7 General Data Protection Regulation (GDPR) is apaleo GmbH, 15 A, 80335 Munich (see also via "Imprint“ at our Website). You can contact our data protection officer at email@example.com or via our postal address with the addition "The Data Protection Officer".
3 If you send us e-mail messages or other messages, in particular comments, or enter them directly on the Website, we will retain such messages in order to process the request, respond to questions and improve the Website, and services. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.
4 If you provide feedback (for example on the Website), we may use and disclose this feedback for any purpose, as long as we do not provide it with your personal data, i.e. anonymously or pseudonymously. The collection of data contained in such feedback and the handling of all personal data contained therein is in accordance with the data protection principles set out herein.
5 You have the right to ask about your personal data free of charge at any time. Furthermore, you have the right at any time to revoke your consent to the use of your personal data with effect for the future and to request correction or deletion of the data stored by us.
In particular, you have the following rights towards us with regards to the personal data related to you:
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. Please contact the data protection officer at firstname.lastname@example.org to request information, as well as for notification of a request for withdrawal or deletion; the data protection officer will then provide the information immediately or confirm the execution of your request for withdrawal or deletion. A deletion requested by you will then be carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing of the data concerned and inform you accordingly.
6 Data that is provided actively by you as user of the Website or Services: a. As far as the Website or an action via our Website requires a registration, the basic data for the registration, determined by the respective registration form, are transmitted, processed and stored and only collected, stored and used for the use of the Website and its services as well as the Store. In the context of such registration we are also entitled to inform you about changes, additions or new versions of the Website, changes of our terms and conditions as well as this privacy statement and additional information provided via the Website as well as e.g. about new Services or news related to Services. b. If you register for the subscription of a newsletter, this registration can take place under indication of the e-mail address without further data. The user can voluntarily provide further information when registering for the newsletter. We use the so-called double opt-in procedure for sending the newsletter. As part of this process, we first send the user an e-mail to the specified e-mail address. However, the user will not receive a newsletter by e-mail until the user clicks on the link received in the e-mail and has expressly confirmed to us that we should activate the newsletter service. After your confirmation, we will save your e-mail address only for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR. We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons/tracking pixels, which represent single-pixel image files stored on our Website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us by contacting the Data Protection Officer. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously. If at any time you no longer wish to receive newsletters from us, you can object to the newsletter subscription at any time without incurring any costs. A message in text form to the contact data specified in the imprint is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter. The data created by users within the scope of using the Website via a login or a newsletter registration are stored on servers operated in our name. However, the server operators are subject to the same data protection standards as we are and are operated in the European Union.
7 Use of the Store: We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information.
8 Data collected directly in the context of your use of the Website: a. During a purely informational use of the Website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our Website, we collect the following data, which are technically necessary for us to display our Website to you and to guarantee its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
10 For the use of app.apaleo.com the registration data will be processed by a third party on behalf of apaleo. The same applies to the provision of support and the support community. The legal basis for the above processing is Art. 6 Par. 1 S 1 lit. b GDPR. In particular, the following services are used, which may use personal data of the respective user:
| Company name | URL | | ---------- | ---------- | | Adyen N.V. (NL) | https://www.adyen.com/policies-and-disclaimer/privacy-policy | | Amazon Web Services EMEA SARL (DE) | https://aws.amazon.com/privacy/ | | Contentful GmbH (DE) | https://www.contentful.com/legal/privacy-at-contentful/privacy-notice/ | | Datadog, Inc. (US) | https://www.datadoghq.com/legal/privacy/, https://www.datadoghq.com/legal/datadog-eea-data-processing-addendum/ | | Functional Software Inc. (US) | https://sentry.io/privacy/ | | Google Ireland Ltd. - Google analytics (IRL) | https://policies.google.com/privacy?hl=en-US | | Heroku Inc. (Salesforce) (US) | https://www.salesforce.com/company/privacy/, https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf | | Hotjar Ltd.(MLT) | https://www.hotjar.com/legal/policies/privacy/, https://www.hotjar.com/legal/support/dpa/ | | Productboard Inc. (US) | https://www.productboard.com/privacy-policy/ | | Statuspage –Dogwood Labs Inc. - Atlassian (US) | https://www.atlassian.com/legal/privacy-policy#what-this-policy-covers | | Usetiful - Dobbytec OÜ (EST) | https://www.usetiful.com/privacy-policy, https://www.usetiful.com/gdpr | | WP Engine, Inc. (GB) | https://wpengine.com/legal/privacy/, https://wpengine.com/legal/dpa/ | | Zendesk, Inc. (US) | https://www.zendesk.com/company/privacy-and-data-protection/#gdpr-sub | | ZenHub - Axiom Labs Inc. (CAN) | https://www.zenhub.com/privacy-policy |
With all the subcontractors located in the U.S. apaleo has signed data processing agreements which incorporate the Standard Contractual Clauses as approved by the European Commission pursuant to its decision 2021/914 of 4 June 2021. This certifies their compliance with the EU GDPR. The data collected during the use of the above services will be used exclusively for the purpose determined during the first survey and will be deleted in accordance with the internal deletion concept if the purpose no longer exists or if deletion is appropriate for other reasons. Insofar as data relevant to the contract is concerned, the deletion is carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing to the purpose of the fulfillment of the respective storage obligation.
11 Applicant data: apaleo offers the opportunity to apply for vacancies or initiative an application in our company via the website. To do this, we use Greenhouse Software, Inc. (“Greenhouse”) as a software partner. Greenhouse is a contract data processor in the sense of data protection legislation and is obliged by corresponding contracts to handle applicant data in accordance with data protection regulations. The scope of the data depends on what the applicants want to share, but at least title, first and last name, contact information as well as the CV as application document. With the consent of the applicants, this data will be stored in greenhouse.io. This data is then technically transmitted to greenhouse.io. Latest Version: February 2022