Preface
GREYD GmbH (“we“) take the protection of your personal data seriously and would like to inform you at this point about data protection in our company.
As part of our data protection responsibilities, the entry into force of the EU General Data Protection Regulation (“GDPR“) has imposed additional obligations on us to ensure the protection of personal data of the data subject (“you“).
Insofar as we decide, either alone or jointly with others, on the purposes and means of data processing, this includes in particular the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Articles 13 and 14 DSGVO). With this declaration (“data protection declaration“), we comply with this duty to inform.
Our data protection declaration has a modular structure. It consists of a general part for all processing of personal data and processing situations (A. General) and special parts, the content of which only relates to the processing situation specified there. This includes data processing when using our website and social media presences (B.), as well as the processing of applicant data (C.).
A. General
(1) Definitions
Pursuant to Article 4 of the GDPR, this Privacy Policy is based on the following definitions:
- “Personal data” (Article 4 No. 1 DSGVO) means any information relating to an identified or identifiable natural person (“data subject“). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information regarding his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
- “Processing” (Article 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. obtaining), recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the alteration of a purpose or intended purpose on which a data processing was originally based.
- โController” (Article 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- โThird party” (Article 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data, including other legal entities which are members of a group.
- “Processor” (Article 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In the sense of data protection law, a processor is in particular not a third party.
- “Consent” (Article 4 No. 11 GDPR) means any freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
(2) Name and address of the controller
The controller for the processing of your personal data within the meaning of Article 4 No.7 DSGVO is:
GREYD GmbH
Wรผrzburgerstr. 6
80686 Munich
Germany
Represented by:
Mark Weisbrod (CEO)
For further information on our company, please refer to the imprint details on our website
(3) Contact details of the data protection officer
Our data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our company. You can reach our data protection officer at .
(4) Legal basis for data processing
According to the GDPR, the processing of personal data is generally prohibited unless there is a specific legal basis that allows the data processing. In the following, we will first present the various legal bases for data processing. In the context of the presentation of the individual data processing, we then explain on which specific legal basis we base the respective data processing (a processing can also be based on several legal bases).
According to the GDPR, the processing of personal data is lawful in the following cases:
- Consent (Article 6 para. 1 p. 1 lit. a GDPR, see definition above under A.(1)).
- Necessity for the performance of a contract (Article 6 para. 1 p. 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request;
- Fulfilment of a legal obligation (Article 6 para 1 p. 1 lit. c GDPR): Where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to keep records);
- Necessity to protect vital interests (Article 6 para 1 p. 1 lit. d GPPR): If the processing is necessary to protect vital interests of the data subject or another natural person;
- Public interests / Public authority (Article 6 para.1 p.1 lit. e GPPR): Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Legitimate interests (Article 6 para.1 p.1 lit. f GDPR): If the processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject override these.
(5) Data deletion and storage period
For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in this data protection declaration.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute or other legal proceedings or if longer storage is provided for by legal regulations to which we are subject as the responsible party (e.g. ยง 257 HGB, ยง147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
(6) Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (this includes, for example, SSL encryption for our website to prevent third parties from gaining knowledge of the data that is transmitted to us when you access our website). This is done taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see A. (3)).
(7) Cooperation with processors
For certain areas of data processing, such as web analytics, we use commissioned processors. These processors only act on our instructions and have been carefully selected in accordance with Article 28 of the GDPR and are contractually obliged to comply with the data protection regulations at the same level as we ourselves comply with them.
(8) Conditions for the transfer of personal data to third countries
The use of external services may result in the transfer of data to third countries outside the European Union. Insofar as a lower level of data protection exists in these countries than in the European Union and insofar as no adequacy decision issued by the European Commission pursuant to Article 45 of the GDPR exists for these countries, we act with internal agreements and regulations to ensure an adequate level of protection for your data. To achieve this goal, we also make use of standard contractual clauses of the European Union. Insofar as these measures are not possible or sufficient, we would like to point out to you that the transfer of your data to third countries is based on your consent in accordance with Article 49 of the GDPR (- you give us your consent via our Consent Tool by informing you again about the risks mentioned here at the same time) and may also be necessary for the performance of the contract in accordance with Article 49 of the GDPR. However, we would like to point out at the same time that in these cases (transfer of data to third countries) there is a possibility that the protection of your data is not guaranteed to the same extent as within the European Union. In the USA in particular, security authorities have easier access to personal data. In such cases, you will not be able to assert your above-mentioned data subject rights with the same effectiveness as within the European Union.
(9) No automated decision making (including profiling)
We do not use the personal data we collect from you for any automated decision-making process (including profiling).
(10) No obligation to provide personal data
In principle, there is no legal or contractual obligation for you to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.
(11) Your Rights
You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A. (2). You have the right as a data subject:
- to request information about your data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the processing purposes, the category of data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected from us, as well as about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- demand the correction of inaccurate or the completion of your data stored by us without delay in accordance with Article 16 of the GDPR;
- pursuant to Article 17 of the GDPR, to request the erasure of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims (so-called right to be forgotten);
- in accordance with Article 18 DSGVO, to demand the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
- in accordance with Article 20 of the GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller (the so-called right to data portability)
- object to the processing in accordance with Article 21 GDPR, provided that the processing is carried out on the basis of Article 6 para. 1 sentence 1 lit. f GDPR, on the basis of our legitimate interest. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing;
- revoke your consent at any time in accordance with Article 7 para. 3 GDPR, if you have given your consent. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
- complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Article 77 GDPR, such as the data protection supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach,
(12) Changes to the privacy policy
In the context of the further development of data protection law as well as technological or organisational changes, our data protection declaration is regularly checked for the need to adapt or supplement it. You will be informed of any changes in particular on our website at https://greyd.de/en/data-privacy/. This data protection declaration is valid as of April 2023.
This Data Protection Declaration was originally drawn up in German and then translated into English. In the event of any inconsistency between the two versions, the German language version shall prevail.
B. Visiting websites and social media presences
(1) Explanation of the function
You can obtain information about our company and the services we offer in particular at https://greyd.de/en (“websites“). When you visit our websites, your personal data may be processed.
(2) Personal data processed
a) Informational use of the website
During the informative use of the websites, as soon as you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
- the page from which the page was requested (so-called referrer URL)
- the name and URL of the requested page
- the date and time of the request
- the description of the type, language and version of the web browser used
- the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
- the amount of data transferred
- the operating system
- the message as to whether the request was successful (access status/http status code)
- the GMT time zone difference.
b) Contact requests & contact form data
When using contact forms, the data transmitted in this way is processed (e.g. surname and first name, e-mail address, content of the enquiry and the time of transmission). We store this data to the extent necessary to answer your enquiry and to be able to contact you personally. We proceed in the same way if you contact us by e-mail or text message.
(3) Purpose and legal basis of the data processing
We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Article 6 para. 1 sentence 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection. The legal basis is Article 6 para. 1 p. 1 lit. f GDPR.
Contact form data and e-mail enquiries are processed for the purpose of handling enquiries from (potential) customers and other interested parties. The legal basis is Article 6 para. 1 sentence 1 lit. a and lit. b GDPR, as you send us your enquiry on the basis of your voluntary consent and your enquiry – insofar as you are a potential customer – may also serve to implement a contractual relationship.
(4) Duration of data processing
Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes. Regarding the use and storage period of cookies, please refer to point A. para. 6 and the Cookie Policy https://greyd.de/en/cookie-settings/.
(5) Transfer of personal data to other recipients; legal basis
The following categories of recipients may receive access to your personal data:
- Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT security). The legal basis for the transfer is then Article 6 para. 1 s. 1 lit. b or lit. f GDPR, insofar as it does not involve order processors;
- Government agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation. The legal basis for the transfer is then Article 6 para. 1 s.1 lit. c GDPR;
- Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Article 6 para. 1 s. 1 lit. b or lit. f GDPR.
In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.
For the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, see A (8).
(6) Google Analytics (including Google Optimize)
This website uses Google Analytics a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to improve our offer through the statistics and reports obtained and to make it more interesting for you as a user.
We primarily record the interactions between you and our websites with the help of cookies (see B (7)), data on the device/browser, IP addresses and website or app activities. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as website operators, with information about the country, region or location from which the respective user originates (so-called “IP location determination”). For your protection, however, we naturally use the anonymisation function (“IP masking”), i.e. Google (as a rule) truncates the IP addresses by the last octet within the EU/EEA.
Google acts as a processor for us in accordance with Article 28 GDPR and we have concluded a corresponding contract with Google. The information generated by the cookies set for this purpose (see B (7)) and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country (for information on the transfer of data to third countries, see A (8) in total).
The legal basis for the collection and further processing of your personal data (which, according to Google, takes place for a maximum of 13 months after the respective collection) is your consent (Article 6 para. 1 s. 1 lit. a GDPR). You can revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke your consent is to use our Consent Manager (the pop-up window that appears the first time you visit our website and asks for your consent for various cookies) or to install the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
Part of our use of Google Analytics is also the use of Google Optimize to perform A/B tests.
A/B tests serve to increase the attractiveness and functionality of our website. In this process, content, functional or design adjustments are played out to a percentage of our users on a test basis and the change in usage is statistically evaluated.
Google uses cookies for this purpose, which are stored on your terminal device and enable an analysis of your use of our website. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR). The information generated by the cookies used by Google about the use of our website by users, i.e. by you, is usually transmitted to a Google server in the USA and stored there (for data transmission to third countries, see A (8).
Further information on the scope of services provided by Google Analytics is available at marketingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy at www.google.de/intl/de/policies/privacy/.
(7) Use of cookies, plugins and other services on our website
a) Types of cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using by means of a characteristic character string and stored on your hard drive or terminal device, and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the internet offer as a whole more user-friendly, more target group-oriented and more effective.
Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
- Technical cookies: these are essential to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;
- Performance cookies: these collect information about how you use our websites, which pages you visit and, for example, whether errors occur during website use; performance cookies do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests users;
- Advertising cookies, targeting cookies: these are used to provide website users with tailored advertising on the website or third party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing cookies: these are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
Any use of cookies that is not strictly technically necessary constitutes data processing that only takes place on the basis of your explicit and active consent pursuant to Article 6 para. 1 p. 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we only pass on your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 s. 1 lit. a GDPR.
b) Google Analytics cookie policy
We create pseudonymous usage profiles with the help of Google Analytics in order to design our websites according to your needs. Google Analytics uses targeting cookies that are stored on your terminal device and can be read by us. In this way, we are able to recognise and count returning visitors as such and to find out how often our web pages have been accessed by different users. The data processing takes place on the basis of Article 6 para. 1 lit. a GDPR (consent) in our Consent Tool.
The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. However, as we have activated IP anonymisation on our website, your IP address will be shortened by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there (for more information on the purpose and scope of data collection, see e.g. https://policies.google.com/privacy?hl=de&gl=de). We have also concluded an order processing agreement with Google LLC (USA) in accordance with Article 28 GDPR. Accordingly, Google will use all information strictly for the purpose of evaluating the use of our websites for us and compiling reports on website activity.
Google uses the following cookies when you visit our website and consent to the use of the Google Analytics cookie:
_ga
This cookie helps us to count how many people visit our websites when you have already visited them.
_gid
This cookie helps us to count how many people visit our websites.
_gat
This cookie allows us to manage the frequency with which requests were made to view a page.
You can revoke your consent at any time. Please use one of the following options to do so:
- You inform us via the contact details mentioned under A (1) that you wish to revoke your consent.
- You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
- You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
- -You can also prevent the collection of data generated by the cookie and related to your use of our websites (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).”
c) Facebook pixel cookie policy
Furthermore, we operate advertising measures for our website by integrating the so-called “Facebook Pixel”, a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The Facebook Pixel on our website enables us to display our advertising measures (“Facebook Ads”) to users of our website and the social network Facebook and to measure and evaluate the success (“Conversion Tracking”). This connection of Facebook and our website is technically carried out via the “Facebook Pixel”. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore present you with the processes known to us: Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding web page of our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may learn your IP address and other identifying features and use them to create your profile.
The information collected is stored on Facebook servers, also in the USA. S. on data transmission to third countries A (8).
You can revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke your consent is via our Consent Manager or by clicking [here]. In addition, (logged-in users only) can object via the provider’s function under the following link: www.facebook.com/settings/?tab=ads#_. If you are not a (logged in) user of Facebook, you may be able to technically declare your revocation via an alternative solution provided by third-party providers, which should be individually integrated into the website as a script (e.g. github.com/ovlb/demos/blob/master/lib/FacebookPixelController/FacebookPixelController.js).
Further information on data processing by Facebook is available at Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; privacy policy: www.facebook.com/about/privacy.
We also use the “Custom Audiences” remarketing function, which also uses the Facebook pixel, to display interest-based advertisements when you visit our website or other websites that have also integrated the Facebook pixel. This allows us to show you advertisements that are of interest to you in order to make our website more interesting for you and to market our offer.
d) Social Media Plugins
We do not use social media plugins on our websites. If our websites contain symbols from or links to social media providers (e.g. Instagram, Strava), we only use these to passively link to the pages of the respective providers.
e) Vimeo
Our website uses the service “Vimeo” for the provision of videos, which is offered by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). This is done on the basis of our interest in providing you with reliable video content (Article 6 para.1 lit. f GDPR) and – in particular as far as consent to the use of cookies is concerned – on the basis of your consent pursuant to Article 6 para.1 lit. a GDPR.
If you call up pages with a video integration, a connection to the Vimeo servers is established. This transmits the information about which video you have viewed and on which page this video was embedded.
If you have an account with Vimeo and are logged in with it, this information will also be assigned to your account.
Vimeo automatically collects certain types of data when you use Vimeo services (for example, by viewing the videos on our website), regardless of whether or not you have an account. This information includes your IP address, technical information about your device (e.g., browser type, operating system, basic device information), the web page you visited or search query you entered before reaching Vimeo, and your other activities captured by cookies used by Vimeo.
You can use our website without consenting to the cookies set by Vimeo, however, the videos fed via Vimeo cannot be played or viewed without your consent to the cookies in our Consent Tool or consent to Vimeo’s privacy policy before playing the video. Alternatively, you can prevent the allocation of data by logging out of your Vimeo account and (even if you do not have a Vimeo account) deleting all cookies associated with Vimeo (in which case the above-mentioned restrictions on playing the videos may apply).
When using Vimeo, data may be transferred to Vimeo servers in the USA (see A (8) on data transfer to third countries).
Further information on Vimeos data protection can be found https://vimeo.com/privacy
f) Hubspot
We use the services of the software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland; “HubSpot”).
HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. In the process, so-called “web beacons” are used and cookies are stored on the end device you use.
In the process, the following personal data may be collected, for example:
- IP adress
- geographical location
- type of browser
- duration of the visit
- pages viewed
The legal basis for the data processing is your consent pursuant to Article 6 para. 1 lit.a GDPR.
Hubspot acts as a processor for us in accordance with Article 28 DSGVO and we have concluded a corresponding contract with Google.
When using Hubspot, data may be transferred to Hubspot servers in the USA (see A (8) on data transfer to third countries).
For more information on HubSpot’s data protection, please visit https://legal.hubspot.com/de/privacy-policy.
g) Chargebee
We use the services of the software manufacturer CHARGEBEE INC (address: 340 S Lemon Avenue, #1537 Walnut, California 91789, USA, “Chargebee”).
Chargebee is a software service provider that offers subscription and payment processing. The service used is an integrated software solution that we use to manage customer data and cover various aspects of managing our subscriptions and payments. This includes, but is not limited to, managing contracts, invoices and subscriptions.
Chargebee collects only the minimum information necessary to provide the relevant software service, which may include your name, contact details or payment details, depending on the specific purpose of the customer data processing. Chargebee will only retain the data for as long as is necessary for the provision of the service.
The legal basis for data processing is your consent in accordance with Article 6 para.1 (a) GDPR.
Chargebee acts as a processor for us in accordance with Article 28 DSGVO and we have concluded a corresponding contract with Google.
When using Chargebee, data transfer to Chargebee servers in the USA may occur (see on data transfer to third countries A (8).
Further information on Chargebee’s data protection can be found here.
h) First Promoter
For our affiliate system, we use the โFirst Promoterโ service provided by Igil Webs SRL (Str. Talmacelului, nr. 30, Talmaciu, Sibiu, Romania). If our website is accessed via an affiliate link, First Promoter uses browser cookies (_fprom_track, _fprom_code, _fprom_signup) to store a randomly generated ID for up to 90 days. Only if a purchase is made will further data such as the IP address, UID and, if applicable, e-mail address be collected. This serves the sole purpose of assigning the purchase to the affiliate partner.
Further information on data protection and the handling of affiliate tracking cookies by First Promoter can be found here.
i) Help Scout
We use the Help Scout communication tool to offer support articles and chats on our websites. Service provider is the American company Help Scout Inc., Boston, 100 City Hall Square 5th Floor, Massachusetts, USA.
Help Scout also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.
As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there, Help Scout uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 DSGVO) . Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Help Scout undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: EUR-Lex – 32021D0914 – DE – EUR-Lex
The Data Processing Amendment, which corresponds to the standard contractual clauses, can be found at Data Processing Amendment – Help Scout
You can find out more about the data processed through the use of Help Scout in the privacy policy at Privacy Policy – Help Scout
(8) Social media precences
a) General
We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
When you visit our profiles, your personal data is collected, used and stored not only by us but also by the operators of the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data as well as the type, scope and purpose of their use by the operator of the respective social network, please refer to the data protection declarations of the respective operator. The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA (see on data transfer to third countries A (8)). We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you want to avoid this, you should log out or deactivate the “stay logged in” function, delete the cookies on your device and restart your browser.
b) Our social media profiles
In the following, we inform you about the data processing in the context of the use of our individual social media profiles.
1. Youtube
We operate profiles on the social platform or video platform YouTube (“YouTube”), a service of Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (“Google”): https://www.youtube.com/@greydsuite and https://www.youtube.com/@greydsuitegermany.
We have integrated YouTube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. These videos are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the following paragraph be transferred. We have no influence on this data transmission.
As the operator of a YouTube profile and through the integration on our website, we can view the information stored in your public YouTube profile, insofar as you have such a profile and are logged into it while you call up our YouTube profile or our integrated videos. In addition, Youtube provides us with anonymous usage statistics, which we use to improve the user experience when visiting our Youtube profile. We do not have access to the usage data that Youtube collects to create these statistics.
This data processing serves our legitimate interest in improving the user experience when visiting our Youtube profile in line with the target group. The legal basis for this data processing is therefore Article 6 para. 1 lit. f GDPR. In addition, Youtube uses cookies that are stored on your end device when you visit our Youtube profile, even if you do not have your own Youtube profile or are not logged into it during your visit to our profile. These cookies, which also collect your IP address, allow Youtube to create user profiles based on your preferences and interests and to show you advertising (inside and outside Youtube) tailored to these. Cookies remain on your terminal device until you delete them.
The legal basis for the use of cookies is Article 6 para. 1 a GDPR.
Details can be found in the Youtube privacy policy https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_de_eu.pdf.
2. LinkedIn
We operate a profile on the social platform LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“Linkedin”): https://www.linkedin.com/company/greyd-gmbh/. You can access our LinkedIn profile by clicking on a link on our website. As the operator of a LinkedIn profile, we can view the information stored in your public LinkedIn profile, insofar as you have such a profile and are logged into it while you access our LinkedIn profile. In addition, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our LinkedIn profile. We do not have access to the usage data that LinkedIn collects to create these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our LinkedIn profile in line with the target group. The legal basis for the data processing is therefore Article 6 para. 1 f GDPR.
In addition, LinkedIn uses cookies that are stored on your end device when you visit our LinkedIn profile, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our profile. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to show you advertising (within and outside LinkedIn) tailored to these. Cookies remain on your device until you delete them. When you access a LinkedIn page, the IP address assigned to your end device is transmitted to LinkedIn. According to information from LinkedIn, this IP address is anonymised on servers within the EEA and deleted after 90 days.
The legal basis for the use of cookies is Article 6 para. 1 a GDPR.
Details can be found in LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy.
3. Facebook
We operate a profile on the social platform Facebook, a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”): https://www.facebook.com/GREYD.SUITE/. As the operator of a Facebook profile, we can view the information stored in your public Facebook profile, insofar as you have such a profile and are logged into it while accessing our Facebook profile. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when visiting our Facebook profile or group. We do not have access to the usage data that Facebook collects to compile these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our Facebook profile in line with the target group. The legal basis for the data processing is therefore Article 6 (1) f DSGVO. In addition, Facebook uses cookies that are stored on your end device when you visit our Facebook profile or our group, even if you do not have your own Facebook profile or are not logged into it during your visit to our profile or our group. These cookies, which also collect your IP address, allow Facebook to create user profiles based on your preferences and interests and to show you advertising (both within and outside of Facebook) tailored to these. Cookies remain on your terminal device until you delete them.
The legal basis for the use of cookies is Article 6 para. 1 a GDPR.
Details can be found in Facebook’s privacy policy: https://de-de.facebook.com/policy.php.
4. Instagram
We operate a profile on the social platform Instagram, a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Instagram”): https://www.instagram.com/greyd.suite/. You can access our Instagram profile by clicking on a link on our website. As the operator of an Instagram profile, we can view the information stored in your public Instagram profile, insofar as you have such a profile and are logged into it while you access our Instagram profile. In addition, Instagram provides us with anonymous usage statistics that we use to improve the user experience when visiting our Instagram profile. We do not have access to the usage data that Instagram collects to create these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our Instagram profile according to the target group. The legal basis for the data processing is therefore Article 6 para. 1 f GDPR. In addition, Instagram uses cookies that are stored on your end device when you visit our Instagram profile, even if you do not have your own Instagram profile or are not logged into it during your visit to our profile. These cookies, which also collect your IP address, allow Instagram to create user profiles based on your preferences and interests and to show you advertising (within and outside of Instagram) tailored to these. Cookies remain on your terminal device until you delete them.
The legal basis for the use of cookies is your consent in accordance with Article 6 para. 1 a GDPR.
You can find details on this in Instagram’s privacy policy: https://help.instagram.com/155833707900388.
c) Communication and data subject rights
If you use our profiles in social networks to contact us (e.g. by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with (e.g. user name and email address) will be processed by us solely for the purpose of contacting you. The legal basis for the data collection is thus Article 6 para. 1 (a) (and (b) if there is a connection to a contract) GDPR. We delete stored data after 30 days, as soon as their storage is no longer necessary or you request us to delete them.
To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or needs to receive the information from the other party, we or the provider will forward your request to the other party. Please contact the operator of the social media platform directly for questions about the profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details we have provided above.