Principles of Data Protection
Thank you for your interest in our homepage and our company. The following websites
apaleo.com, store.apaleo.com, app.apaleo.com, apaleo.zendesk.com, dev.apaleo.com
are operated by:
apaleo GmbH, Dachauerstr. 15 A, RGB, 80335 München, Germany
For the use of the website, the delivery of goods or the provision of services, we collect various types of data, some of which are provided by you as a user and some of which are necessary for the use of the website or arise from the use of the website. Personal data are individual details about personal or professional circumstances of a specific or identifiable natural person, such as your name, your address, your telephone number, your date of birth, your payment data and your IP address. Your personal data will only be passed on or otherwise transferred to third parties if the transfer is necessary for the purpose of contract processing (for example for payment processing or sending goods via parcel service) or if you have given your express consent. The information is not used for any other purpose.
If we use contracted service providers for individual functions of our offers via this website or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
The following data protection principles apply to the use of our website and other services offered through it (e.g. contact form, registration, shop):
- We protect your personal data by taking all reasonable and necessary technical and organizational possibilities so that they are not accessible to unauthorized third parties. Our website and other services offered through it therefore use appropriate encryption mechanisms for the provision of content and during the input and transmission of data. When communicating by e-mail, we also recommend the use of encryption for confidential information
- Person responsible in the meaning of. Art. 4 Para. 7 General Data Protection Regulation (GDPR) is apaleo GmbH, Dachauer Str. 15A, 80335 München (see also via „Imprint“ at our Website). You can contact our data protection officer at email@example.com or via our postal address with the addition “The Data Protection Officer”.
- If you send us e-mail messages or other messages, in particular comments, or enter them directly on the Website, we will retain such messages in order to process the request, respond to questions and improve the Website, products and services. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.
- If you provide feedback (for example on the Website), we may use and disclose this feedback for any purpose, as long as we do not provide it with your personal data, i.e. anonymously or pseudonymously. The collection of data contained in such feedback and the handling of all personal data contained therein is in accordance with the data protection principles set out herein.
- You have the right to ask about your personal data free of charge at any time. Furthermore, you have the right at any time to revoke your consent to the use of your personal data with effect for the future and to request correction or deletion of the data stored by us.
In particular, you have the following rights towards us with regard to the personal data related to you:
- Right to access information,
- Right to correction or erasure,
- right to limitation of processing,
- right of withdrawal of the consent to processing,
- Right to data transferability.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
Please contact the data protection officer at firstname.lastname@example.org to request information and for withdrawal as well as for notification of a request for deletion; the data protection officer will then provide the information immediately or confirm the execution of your request for deletion. A deletion requested by you will then be carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing of the data concerned and inform you accordingly.
- Data that is provided actively by you as user of the website or services:
- As far as the website or an action via our website requires a registration, the basic data for the registration, determined by the respective registration form are transmitted, processed and stored and only collected, stored and used for the use of the website and its services as well as the shop. In the context of such registration we are also entitled to inform you about changes, additions or new versions of the website, changes of our terms and conditions as well as these privacy statement and additional information provided via the website as well as e.g. about new products.
- If you register for the subscription of a newsletter, this registration can take place under indication of the e-mail address without further data. The user can voluntarily provide further information when registering for the newsletter
We use the so-called double opt-in procedure for sending the newsletter. As part of this process, we first send the user an e-mail to the specified e-mail address. However, the user will not receive a newsletter by e-mail until the user clicks on the link received in the e-mail and has expressly confirmed to us that we should activate the newsletter service. After your confirmation we will save your e-mail address only for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us by another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously.
If at any time you no longer wish to receive newsletters from us, you can object to the newsletter subscription at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the contact data specified in the imprint is sufficient for this. Of course, you will also find a unsubscribe link in every newsletter.
- The data created by users within the scope of using the website via a login or a newsletter registration are stored on servers operated in our name. However, the server operators are subject to the same data protection standards as we are and are operated in the European Union.
- Use of the Online-Store
- If you would like to order in our Online-Store, it is necessary for the conclusion of the contract that you enter your personal data, which we need for the completion of your order. Required information for the execution of the contracts are marked separately, any further information is voluntary. We process the data provided by you to process your order. For this purpose, we can pass on your payment data to our payment service provider. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR.
- You can voluntarily create a customer account through which we can store your data for future purchases. When you create an account under “my account”, the data you have provided will be stored until you delete the data or request for deletion. All other data, including your user account, can always be deleted in the customer area.
- We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information.
- Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after two years we will restrict processing, i.e. this data will only be used to comply with legal obligations.
- To prevent unauthorized access to your personal data, especially financial data, the order process is encrypted using TLS technology.
- Data collected directly in the context of your use of the website:
- While a purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address (stored shortened in accordance with data protection regulations)
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request originates
- Browser name and version, language setting
Cookies can be set in one of the following types:
- Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
- Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
- You can set your browser to notify you when a cookie is sent. This opens up the possibility of either accepting or rejecting a cookie. The information collected and analyzed is used to improve the services and the website, to personalize the web experience, and to allow easy login to permanently set login cookies.
- We may use the services of third parties to evaluate the efficiency of the website and services and to determine how visitors use the website and or the services and, where appropriate, to provide a personalized user experience when evaluating cookies. The website may use web beacons (tracking pixels) and cookies provided by third parties for this purpose. The information collected by the provider includes the pages visited, navigation patterns and similar data. This data enables us to find out which product information is most interesting for users and which offers users prefer to view. Furthermore, we do not exclude the possibility that we transmit anonymous usage data for market research purposes. Although we may have commissioned third parties to log the data originating from our website, we have control over how this data may or may not be used. The cookie itself does not contain any personal data, but if you provide personal data when visiting the website and do not delete the cookie from your browser after providing this data, the provider collects the non-personal data stored in the cookie (such as the number of visits to the provider) and stores and processes this anonymously.
- If we use Flash cookies, these are not collected by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.
- Data collected in the context of the use of the website by analysis tools (WebAnalytics) used by us with our website:
The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymisation on this website, Google will previously reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. In addition Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit. f GDPR.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the Internet use.
- Use of Social-Media-Plug-ins
- We currently use the following social media plug-in: LinkedIn. We use the so-called Shariff Function (https://wordpress.org/plugins/shariff)/. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in used by the logo shown and/or the additional text information. We offer you the possibility to communicate directly with the provider of the plug-in via such a button. But only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website. In the case of Facebook and Xing, the IP address is anonymized immediately after collection, according to the respective provider in Germany. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on not yet activated button by using your browser’s security settings.
- We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
- The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit. f GDPR.
- The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
- Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- For the use of app.apaleo.com the registration data will be processed by a third party on behalf of apaleo. The same applies to the provision of support and the support community.
The legal basis for the above processing is Art. 6 Para. 1 sentence 1 lit. b GDPR. In particular, the following services are used, which may use personal data of the respective user:
- apaleo uses sentry.io to track and monitor errors and problems when using app.apaleo.com. For this purpose, personal data is transferred to Functional Software Inc.
- apaleo uses HubSpot to manage the addresses of potential customers (“leads”). Personal data is stored and managed in HubSpot.
- apaleo uses Zendesk Support and Zendesk Guide to provide users with support and documentation. For this purpose, personal data is transferred to Zendesk. Inc.
- apaleo uses the Sumo Logic Service from Sumo Logic, Inc., to analyse log data. For this purpose, personal data is transferred to Sumo Logic, Inc.
- com and store.apaleo.com use WP Engine from WP Engine, Inc. as infrastructure. Therefore, personal data is transferred to WP Engine.
- apaleo.com uses Amazon Web Services (AWS) from Amazon Data Services Ireland Ltd as infrastructure. Therefore, personal data is transferred to AWS. https://aws.amazon.com/privacy/
The data collected during the use of the above services will be used exclusively for the purpose determined during the first survey and will be deleted in accordance with the internal deletion concept if the purpose no longer exists or if deletion is appropriate for other reasons. Insofar as data relevant to the contract is concerned, the deletion is carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing to the purpose of the fulfilment of the respective storage obligation.