Legal

Principles of Data Protection

Thank you for your interest in our homepage and our company. The following websites

apaleo.com, store.apaleo.com, app.apaleo.com, apaleo.zendesk.com, info.apaleo.com (“Website”)

are operated by:

apaleo GmbH, Dachauerstr. 15 A, 80335 Munich, Germany E-Mail: info@apaleo.com

For the use of the Website, or by using our software and/or the apaleo app store (“Store”) or as part of the provision of services – collectively called “Services”, we collect various types of data, some of which are provided by you as a user and some of which are necessary for the use of the Services or arise from the use of the Services. Personal data are individual details about personal or professional circumstances of a specific or identifiable natural person, such as your name, your address, your telephone number, your date of birth, your payment data and your IP address. Your personal data will only be passed on or otherwise transferred to third parties if the transfer is necessary for the purpose of contract processing (for example for payment processing or sending goods via parcel service) or if you have given your express consent. The information is not used for any other purpose.

If we use contracted service providers for individual functions of our Services or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.

The following data protection principles apply to the use of our Services and other services offered (e.g. contact form, registration, Store):

  • We protect your personal data by taking all reasonable and necessary technical and organizational measures so that they are not accessible to unauthorized third parties. Our Website and other services offered through it therefore use appropriate encryption mechanisms for the provision of content and during the input and transmission of data. When communicating by e-mail, we also recommend the use of encryption for confidential information.

  • The Responsible party in respect of. Art. 4 Para. 7 General Data Protection Regulation (GDPR) is apaleo GmbH, 15 A, 80335 Munich (see also via "Imprint“ at our Website). You can contact our data protection officer at privacy@apaleo.com or via our postal address with the addition "The Data Protection Officer".

  • If you send us e-mail messages or other messages, in particular comments, or enter them directly on the Website, we will retain such messages in order to process the request, respond to questions and improve the Website, and services. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.

  • If you provide feedback (for example on the Website), we may use and disclose this feedback for any purpose, as long as we do not provide it with your personal data, i.e. anonymously or pseudonymously. The collection of data contained in such feedback and the handling of all personal data contained therein is in accordance with the data protection principles set out herein.

  • You have the right to ask about your personal data free of charge at any time. Furthermore, you have the right at any time to revoke your consent to the use of your personal data with effect for the future and to request correction or deletion of the data stored by us.

In particular, you have the following rights towards us with regards to the personal data related to you:

Right to access information, Right to correction or erasure, Right to restriction of processing, Right to withdraw consent to processing, Right to data portability. You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

Please contact the data protection officer at privacy@apaleo.com to request information, as well as for notification of a request for withdrawal or deletion; the data protection officer will then provide the information immediately or confirm the execution of your request for withdrawal or deletion. A deletion requested by you will then be carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing of the data concerned and inform you accordingly.

  • Data that is provided actively by you as user of the Website or Services:

a. As far as the Website or an action via our Website requires a registration, the basic data for the registration, determined by the respective registration form, are transmitted, processed and stored and only collected, stored and used for the use of the Website and its services as well as the Store. In the context of such registration we are also entitled to inform you about changes, additions or new versions of the Website, changes of our terms and conditions as well as this privacy statement and additional information provided via the Website as well as e.g. about new Services or news related to Services.

b. If you register for the subscription of a newsletter, this registration can take place under indication of the e-mail address without further data. The user can voluntarily provide further information when registering for the newsletter.

We use the so-called double opt-in procedure for sending the newsletter. As part of this process, we first send the user an e-mail to the specified e-mail address. However, the user will not receive a newsletter by e-mail until the user clicks on the link received in the e-mail and has expressly confirmed to us that we should activate the newsletter service. After your confirmation, we will save your e-mail address only for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons/tracking pixels, which represent single-pixel image files stored on our Website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us by contacting the Data Protection Officer. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously.

If at any time you no longer wish to receive newsletters from us, you can object to the newsletter subscription at any time without incurring any costs. A message in text form to the contact data specified in the imprint is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter.

The data created by users within the scope of using the Website via a login or a newsletter registration are stored on servers operated in our name. However, the server operators are subject to the same data protection standards as we are and are operated in the European Union.

  • Use of the Store:

We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information.

  • Data collected directly in the context of your use of the Website:

a. During a purely informational use of the Website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our Website, we collect the following data, which are technically necessary for us to display our Website to you and to guarantee its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

IP address (stored shortened in accordance with data protection regulations) Date and time of the request Time zone difference to Greenwich Mean Time (GMT) Content of the request (specific page) Access status / HTTP status code Amount of data transferred in each case Website from which the request originates Browser name and version, language setting Device Operating system and version b. When you visit our Website and when using the services offered via the Website, the server sends one or more cookies - small files containing a string of characters - to the user's computer or other data processing unit, which uniquely identifies the browser. We use cookies to improve the quality of the Website, including to store usage preferences and track user trends.

Cookies can be set in one of the following types:

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our Website. Session cookies are deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. c. You can set your browser to notify you when a cookie is sent. This opens up the possibility of either accepting or rejecting a cookie. The information collected and analysed is used to improve the services and the Website, to personalize the web experience, and to allow easy login to permanently set login cookies.

d. We may use the services of third parties to evaluate the efficiency of the Website and services and to determine how visitors use the Website and / or the services and, where appropriate, to provide a personalized user experience when evaluating cookies. The Website may use web beacons (tracking pixels) and cookies provided by third parties for this purpose. The information collected by the provider includes the pages visited, navigation patterns and similar data. This data enables us to find out which information related to the service is most interesting for users and which offers users prefer to view. Furthermore, we do not exclude the possibility that we transmit anonymous usage data for market research purposes. Although we may have commissioned third parties to log the data originating from our Website, we have control over how this data may or may not be used. The cookie itself does not contain any personal data, but if you provide personal data when visiting the Website and do not delete the cookie from your browser after providing this data, the provider collects the non-personal data stored in the cookie (such as the number of visits to the provider) and stores and processes this anonymously.

  • Data collected in the context of the use of the Website by analysis tools (WebAnalytics) used by us with our Website:

We use Google Analytics to anonymously analyse and regularly improve the use of our Website. We can improve our offer and make it more interesting for you as a user. Google Analytics is a web analysis service of Google Inc. ("Google"), which uses cookies to analyse the use of the Website. The information generated by the cookie about your use of this Website could be transferred to a Google server. If European Union (EU) data protection law applies to the processing of your information, Google provides the controls described in this policy so that you can exercise your right to request access to, update, remove, and restrict the processing of your information. You also have the right to object to the processing of your information or export your information to another service.

Unless otherwise stated in a service-specific privacy notice, the data controller responsible for processing your information depends on where you are based:

Google Ireland Limited for users of Google services based in the European Economic Area or Switzerland Google LLC for users of Google services based in the United Kingdom The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit. f GDPR.

On behalf of the operator of this Website, Google will use this information to evaluate your use of the Website, and to compile reports on Website activity and to provide other services related to the Website and internet usage to the website operator.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this Website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the Website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=en

Third-party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: https://marketingplatform.google.com/about/analytics/terms/de/ Privacy Policy: https://policies.google.com/privacy?hl=en-US

  • For the use of app.apaleo.com the registration data will be processed by a third party on behalf of apaleo. The same applies to the provision of support and the support community.

The legal basis for the above processing is Art. 6 Par. 1 S 1 lit. b GDPR. In particular, the following services are used, which may use personal data of the respective user:

Adyen N.V. (NL) https://www.adyen.com/policies-and-disclaimer/privacy-policy Amazon Web Services EMEA SARL (DE) https://aws.amazon.com/privacy/ Contentful GmbH (DE) https://www.contentful.com/legal/privacy-at-contentful/privacy-notice/ Datadog, Inc. (US) https://www.datadoghq.com/legal/privacy/ https://www.datadoghq.com/legal/datadog-eea-data-processing-addendum/ Functional Software Inc. (US) https://sentry.io/privacy/ Google Ireland Ltd. - Google analytics (IRL) https://policies.google.com/privacy?hl=en-US Heroku Inc. (Salesforce) (US) https://www.salesforce.com/company/privacy/ https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf Hotjar Ltd.(MLT) https://www.hotjar.com/legal/policies/privacy/ https://www.hotjar.com/legal/support/dpa/ Productboard Inc. (US) https://www.productboard.com/privacy-policy/ Statuspage –Dogwood Labs Inc. - Atlassian (US) https://www.atlassian.com/legal/privacy-policy#what-this-policy-covers Usetiful - Dobbytec OÜ (EST) https://www.usetiful.com/privacy-policy https://www.usetiful.com/gdpr WP Engine, Inc. (GB) https://wpengine.com/legal/privacy/ https://wpengine.com/legal/dpa/ Zendesk, Inc. (US) https://www.zendesk.com/company/privacy-and-data-protection/#gdpr-sub ZenHub - Axiom Labs Inc. (CAN) https://www.zenhub.com/privacy-policy

With all the subcontractors located in the U.S. apaleo has signed data processing agreements which incorporate the Standard Contractual Clauses as approved by the European Commission pursuant to its decision 2021/914 of 4 June 2021. This certifies their compliance with the EU GDPR.

The data collected during the use of the above services will be used exclusively for the purpose determined during the first survey and will be deleted in accordance with the internal deletion concept if the purpose no longer exists or if deletion is appropriate for other reasons. Insofar as data relevant to the contract is concerned, the deletion is carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing to the purpose of the fulfillment of the respective storage obligation.

  • Applicant data:

apaleo offers the opportunity to apply for vacancies or initiative an application in our company via the website https://apaleo.com/careers/. To do this, we use Greenhouse Software, Inc. (“Greenhouse”) as a software partner. Greenhouse is a contract data processor in the sense of data protection legislation and is obliged by corresponding contracts to handle applicant data in accordance with data protection regulations. The scope of the data depends on what the applicants want to share, but at least title, first and last name, contact information as well as the CV as application document. With the consent of the applicants, this data will be stored in greenhouse.io. This data is then technically transmitted to greenhouse.io.

Latest Version: February 2022