Privacy

Reporting requirement regarding the use and processing of personally identifiable user data

1. Responsible entity and contact details

The data controller is belboon GmbH (hereinafter referred to as the controller) and processes the data provided by the data subject (hereinafter referred to as the customer) in accordance with the provisions of the European Data Protection Regulation (hereinafter referred to as the DSGVO).
The contact details of the controller are:
Address: Weinmeisterstr. 12-14, 10178 Berlin, Germany.
Telephone: +49 (0)30 32 29 65-120
E-mail: info@belboon.com

2. Data protection officer

Our data protection officer is heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, datenschutz@heydata.eu.

3. Purpose and legal grounds

The processing of the customer’s personal data is necessary for the fulfilment of a contract to which the customer is a contracting party or for the implementation of pre-contractual measures which are carried out at the request of the customer. The legal basis for this processing is Art. 6 (1) b) DSGVO.
In the event that the customer uses the contact form on the website of the responsible party or contacts the responsible party in another way, in particular by e-mail, telephone, fax or post, the personal data will be used exclusively to process the customer’s request. The legal basis for this processing is the customer’s consent in accordance with Art. 6 (1) a) DSGVO.

In the event that the customer uses the contact form on the platform https://www.linkedin.com, the personal data will be used to process his enquiry. In addition, the customer’s personal data is used for marketing purposes (direct advertising). The legal basis for this processing is the customer’s consent pursuant to Art. 6 (1) a) DSGVO. The data controller points out the customer’s right to object. The customer will receive more detailed information under point 9 of this declaration.

In the other cases in which personal data are processed, the processing is carried out to protect the legitimate interests of the controller, namely to analyse the use of the website by Google Analytics, to integrate external fonts by Google Fonts or Cloudflare in order to detect, limit or eliminate cyberattacks or faults on the website. The legal basis for this processing is Art. 6 (1) f) DSGVO. The controller points out the customer’s right to object. The customer receives more detailed information under point 9 of this declaration.

4. Recipients
The personal data of the customer, which are transmitted to the responsible party, are made accessible to the following recipients as follows:

4.1 Fulfilment of the contract or implementation of pre-contractual measures.

For the performance of the contract or the execution of pre-contractual measures, the personal data of the customer transmitted to the controller will be made available to the following recipients:

– Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA 

– Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

– SparkPost, Message Systems Inc., 9130 Guilford Road, Columbia, MD 21046, USA 

– Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA 

– Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany

– NAS conception GmbH, Heerdter Lohweg 212, 40549 Düsseldorf, Germany

– Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany 

– Ingenious Technologies AG, c/o WeWork, Stresemannstr. 123, 10963 Berlin, Germany

salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, Germany

Personal data will not be made available to third parties without the written consent of the customer, unless this is required by law.

4.2 Use of the comment function and other forms of contact

In the case of the use of the contact form on the website of the responsible party, the personal data of the customer, which is transmitted to the responsible party, may be made accessible to the following recipients:

  • salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, Germany

In case of use of the contact form on the platform https://www.linkedin.com, the personal data of the customer transmitted to the data controller will be made available to the following recipients:

  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

In the case of contact by e-mail, the personal data of the customer transmitted to the person responsible will be made available to the following recipients:

  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 6399, USA.

In case of contact by telephone & fax, the personal data of the customer transmitted to the person in charge will be made available to the following recipients:

  • Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany

In the case of contact by post, the personal data of the customer transmitted to the person responsible will be made available to the following recipients:

  • Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.

Without the customer’s consent, the personal data will not be made available to other third parties, unless this is required by law.

4.3 Website analysis

In order to analyse the use of the website, the personal data of the customer which is transmitted to the responsible person is made accessible to the following recipient:

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of this website (including the IP address) will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymisation is activated on this website, however, Google will truncate the IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by the customer’s browser as part of Google Analytics will not be merged with other Google data. The customer may refuse the use of cookies by selecting the appropriate settings on the customer’s browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, the customer can prevent the collection of the data generated by the cookie and related to his use of the website (incl. the IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. The customer can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set which will prevent future collection of their data when visiting this website: Deactivate Google Analytics The customer can find more information on this at: https://tools.google.com/dlpage/gaoptout?hl=de or at https://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). The responsible party informs the customer that on this website Google Analytics has been extended by the code “anonymizeIp” (“analytics.js”) to ensure anonymised collection of IP addresses (so-called IP masking).

Personal data will not be made available to third parties without the written consent of the customer, unless this is required by law.

4.4 Google Fonts

For the integration of external fonts by Google Fonts, the personal data of the customer, which are transmitted to the responsible party, are made accessible to the following recipient:

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
    This website uses Google Fonts to integrate external fonts. Google provides the fonts. When the customer calls up this website, the required fonts are loaded into the customer’s browser cache in order to display the texts and fonts correctly on the page.
    For this purpose, the customer’s IP address is transmitted to a server of Google Inc. The customer can obtain further information at https://developers.google.com/fonts/faq and in Google’s privacy policy https://policies.google.com/privacy?hl=de.
    Without the written consent of the customer, the personal data will not be made available to other third parties, unless this is required by law.

4.5 Cloudflare Cyber Defence

In order to defend against cyber attacks, the personal data of the customer that is transmitted to the data controller will be made available to the following recipient:

  • Inc, 101 Townsend St, San Francisco, CA 94107, USA.
    Cloudflare is a US company that provides Internet security services (DDOS protection) and distributed DNS services that reside between the visitor and the Cloudflare user’s hosting provider and act as a reverse proxy for websites. The service protects the website from cyber attacks. For this purpose, the IP address, time, user agent (browser, operating system and language), referrer and all contact form entries are transmitted to Cloudflare and then forwarded to the website.
    Cloudflare states that with the start of the DSGVO they also comply with it: https://blog.cloudflare.com/keeping-your-gdpr-resolutions/
    Cloudflare is also a member of the EU-US Privacy Shield: https://www.privacyshield.gov
    Without the written consent of the customer, personal data will not be made available to other third parties, unless this is required by law.

5. Cookies
On various pages, the responsible party uses cookies to make visiting its websites more attractive and to enable the use of certain functions. Cookies are small text files that are stored on the visitor’s computer. Most of the cookies used by the responsible party are deleted from the visitor’s hard drive at the end of the browser session (so-called session cookies). Other cookies remain on the visitor’s computer and enable the responsible party to recognise the visitor’s computer on the next visit (so-called permanent cookies). Of course, the customer can reject the cookies at any time, provided that the browser used allows this.

6. Data transfer to third-party countries

  • In the context of the use of Google Analytics and Google Fonts, a transfer of personal data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, takes place.

An adequacy decision by the European Commission is missing. However, Google LLC is a member of the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at URL:

https://www.privacyshield.gov

When using Microsoft, personal data is transferred to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

An adequacy decision of the European Commission is missing. Microsoft is GDPR ready and a member of the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit URL:

https://www.privacyshield.gov

In the context of the use of Atlassian, a transfer of personal data to Atlassian Inc. 1098 Harrison St, San Franciso, CA 94103, USA, takes place.

An adequacy decision of the European Commission is missing. Atlassian is GDPR ready and a member of the EU-US Privacy Shield. Further information can be found here:

https://www.privacyshield.gov

In the context of the use of HubSpot, a transfer of personal data to HubSpot Inc, 25 First Street, 2nd FloorCambridge, MA 02141, USA, takes place.

An adequacy decision of the European Commission is missing. However, Hubspot is a member of the EUUS Privacy Shield. Further information can be found here:

https://www.privacyshield.gov

  • In the course of using SparkPost, personal data is transferred to SparkPost, Message Systems Inc, 9130 Guilford Road, Columbia, MD 21046, USA.

An adequacy decision by the European Commission is missing. SparkPost is GDPR ready and a member of the EU-US Privacy Shield. More information can be found here:

https://www.privacyshield.gov

  • In the context of the use of Cloudflare, a transfer of personal data to Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA, takes place.

An adequacy decision of the European Commission is missing. Cloudflare is GDPR ready and a member of the EU-US Privacy Shield. Further information can be found here:

https://www.privacyshield.gov

7. Duration of information storage

With the complete execution of the contract, the customer’s data, which must be kept for legal reasons, will be blocked. This data is no longer available for further use. After this legal reason has ceased to exist, this blocked data will be deleted.

In the event that the customer contacts the person responsible or uses the contact form, the personal data will be used for the duration of the processing of the enquiry. Subsequently, the data that must be retained for legal reasons will be blocked. This data is no longer available for further use.

The responsible party is subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.

Personal data collected by means of consent (for marketing purposes) is stored for an unlimited period of time. This data is deleted unless the customer has expressly consented to further processing and use of his data.

The data collected by means of Google Analytics will be stored for 26 months.

8. Privacy Rights

Every customer has the right to information according to Article 15 DSGVO, the right to correction according to Article 16 DSGVO, the right to deletion according to Article 17 DSGVO, the right to restriction of processing according to Article 18 DSGVO, the right to object according to Article 21 DSGVO and the right to data portability according to Article 20 DSGVO. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG).

The customer can find the legal texts here

Corresponding requests should be sent to the address mentioned under point 1 or to info@belboon.de.

9. Right to object and other rights

If the customer has given his consent to the processing of personal data relating to him for one or more specific purposes, the customer shall be entitled to revoke such consent with effect for the future.

In particular, the customer has the right to object to the processing of personal data for the analysis of the website or in order to detect, limit or eliminate faults or errors on the website at any time free of charge with effect for the future. For this purpose, it is sufficient to send an e-mail to info@belboon.de or to the address mentioned under point 1.

In addition, the customer has the right to object to the processing of personal data for marketing purposes at any time and free of charge with effect for the future. For this purpose, it is sufficient to send an e-mail to info@belboon.de or to the address mentioned under point 1.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

A competent authority is, for example, the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin, Germany. However, the customer may also choose another one.

10. Mandatory data provision
The following data must be provided (mandatory data):

10.1 Fulfillment of the contract

The provision of the following data is mandatory for the conclusion of a contract in the context of registration as an advertiser (mandatory data):

  • desired user name
  • title
  • legal form
  • Address (street, house number, postcode, town, country)
  • Commercial register number
  • First and last name
  • Sex (gender)
  • Telephone number
  • Fax number
  • Mobile phone number
  • e-mail address
  • Company name
  • VAT ID
  • Currency
  • Information on planned partner programmes (URL, planned remuneration, etc.)
  • Small business or not
  • Billing email address
  • Bank details (country of bank, name of bank, account holder, BIC/SWIFT, IBAN)
  • Tax number

The following data is mandatory for the conclusion of a contract when registering as a publisher (obligatory data):

  • desired user name
  • first and last name
  • gender
  • Telephone number
  • e-mail address
  • Website details (name, primary URL, page views, language, categories, special features, description of advertising platform)
  • language
  • Company or individual
  • First and last name
  • Addendum
  • Address (street, house number, postcode, city, company headquarters)
  • Invoice e-mail address
  • Sales tax identification number
  • Currency
  • Bank data (country of bank, name of bank, account holder, BIC/SWIFT, IBAN, currency)
  • minimum payment amount

All other information is not required for the execution of the contract and is therefore voluntary.

If the mandatory information required for the execution of the contract is not provided, no contract will be concluded. Failure to provide the voluntary information shall not affect the conclusion of the contract.

10.2 Use of the contact form or processing of any other request

  • For the processing of a general enquiry within the framework of the contact form on the website of the person responsible, the provision of the following data is mandatory (compulsory data): First name, last name, e-mail address, telephone number and account name.
  • For the processing of a general enquiry within the framework of the contact form on the platform https://www.linkedin.com, the provision of the following data is mandatory (compulsory data): First name, last name and email address
  • For processing an enquiry by e-mail, it is mandatory to provide the following data (mandatory data): First name, last name, e-mail address, telephone number and account name.
  • For processing an enquiry by telephone, it is mandatory to provide the following data (mandatory data): First name, last name, e-mail address, telephone number and account name.
  • To process an enquiry by fax, the following data must be provided (mandatory data): First name, last name, e-mail address, telephone number and account name.
  • To process a postal enquiry, the following data must be provided (mandatory data): First name, last name, e-mail address, telephone number and account name.

All other details are not required for processing an enquiry and are therefore voluntary.

If the mandatory information required for processing an enquiry is not provided, the enquiry will not be processed. Failure to provide the voluntary information will not affect the processing of the request.

10.3 Website analysis, Google fonts and detecting, limiting or eliminating malfunctions or errors

The deactivation of data transmission within the scope of Google Analytics has no effect on the use of this website.

The non-use of Google Fonts has no effect on the use of this website. In this case, a standard font of the customer’s computer is used.

The provision of the following data is mandatory for the detection, containment or elimination of cyber attacks on the website (mandatory data):

  • IP address
  • Referrer URL
  • time
  • User agent (browser, operating system, language)

The following data is mandatory for the detection, limitation or elimination of cyber attacks on the website. Without this data, the website cannot be used.

11. Automated decision-making
An automated decision-making process including profiling does not take place.