1. General notes and mandatory information
a) Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Edgeless Systems GmbH
44791 Bochum, Germany
b) Purpose of the processing of personal data
We process your personal data as a user of this website only to the extent necessary to provide a functional website as well as our contents and services. Your personal data will only be processed with your consent for the specific purpose, unless data processing is permitted by law without prior consent. The purposes of the processing are as follows:
• Provision of our public website https://www.edgeless.systems/, its functions and content
• Answering contact requests and communication with users
• Security measures
• Reach measuring/marketing.
c) Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, e.g., for the use of analysis tools, Art. 6 para. 1a) GDPR serves as the legal basis. If the processing of your data is necessary for the performance of a contract to which you are a party, Art.6 para.1 b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures. If processing of your personal data is necessary to fulfil a legal obligation to which we are subject, Art.6 para.1c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if your interests, fundamental rights and freedoms do not outweigh the former interest, Art.6 para.1f) GDPR serves as the legal basis for the processing.
d) Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Storage may also take place if this is provided for by law or other legal provisions binding on us. A blockage or deletion of the data is also carried out when a storage period prescribed by the aforementioned legal provisions expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
e) Rules on the provision of the data and consequences of non-provision
The provision of your personal data for the use of our public website is not required by law or contract and is not necessary for the conclusion of a contract. You are not obliged to provide us with your personal data. However, if you do not consent to the processing of your data for certain purposes, e.g., by setting certain cookies, you may not be able to use all the functions of this website.
f) Automated decision making
An automated decision making process does not take place in connection with your use of the website.
g) Your rights as a data subject
Revocation of your consent to data processing
You can revoke a previously granted consent at any time. For this purpose, an informal notification by email to us is sufficient. The legality of the data processing that took place up to the revocation remains unaffected by the revocation.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered.
Right to data portability
You have the right to have your personal data processed by us delivered to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time by using the contact details given in sections 1a or 2.
Right of objection (Art. 21 GDPR)
You also have the right to object to the processing of your personal data under certain conditions. The right of objection may arise from your particular situation to object at any time to the processing of personal data concerning you. This only applies if the processing is carried out on the basis of Art. 6 para. 1 e) or f) GDPR (safeguarding of public interests or protection of legitimate interests by the controller). We then no longer process the personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In order to exercise this right of objection, you may also send us an informal message stating your intention, stating your e-mail address, via the contact options mentioned under 1a or 2.
2. Data collection
If you send us enquiries via a form on our website (e.g., contact forms, demo request, product information), your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The processing of the data entered in the form is, thus, exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal notification by email to us is sufficient. The legality of the data processing operations carried out up to the time of revocation remains unaffected by the revocation.
The data you enter in the enquiry form will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for which the data was stored no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
If you have explicitly consented pursuant to Article 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter at regular intervals. Indicating an email address will be sufficient to receive the newsletter.
If you acquire any goods or services on our internet website and provide your email address for this, such address may be used by us for sending out a newsletter subsequently. In this case, the newsletter is only used to send out direct marketing for own similar goods or services. The legal basis for sending out the newsletter due to sale of goods or services shall be § 7 para. 3 of the Gesetz gegen den unlauteren Wettbewerb (the Act Against Unfair Competition) in conjunction with Article 6(1)(1)(f) GDPR in such a case.
Unsubscription is possible at any time, independently of whether the newsletter was sent based on consent or statutory permission, e.g. using a link at the end of each newsletter. As an alternative, you may also send your unsubscription request to us at any time by email to: firstname.lastname@example.org. The only costs resulting from this are the transfer costs according to the basic rates.
The personal data required for sending out the newsletter shall be erased as soon as they are no longer required for achieving the purpose of their collection and as far as no other legal authorization basis applies for further processing. Your email address shall only therefore be stored for sending out the newsletter until you revoke your consent or until you object to submission of the newsletter.
Server log files
We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type, browser version and the name of your access provider
• Operating system used
• Referrer URL, name and URL of the trived file
• Host name of the accessing computer
• Date and time of the server request
• IP address
This data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
a) Google Analytics
This website uses Google Analytics, a web analytics service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Storing of Google Analytics cookies happens after explicit consent with the cookie notice, when visiting the website, based on von Art. 6 (1) lit. a GDPR.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser, even after you consented to cookies in the frame of our cookie manager. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
4. Customer Database
We store and use contact data and information received (such as business communication histories) from customers and interested parties for the purpose of processing or initiating the business relationship. The processing is based on Art. 6 (1) lit. b GDPR.
As a customer database, we use HubSpot. The provider is HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (hereinafter: HubSpot). The data is stored on HubSpot’s servers in the EU or US. Further information on data protection, security and other legal issues under HubSpot can be found online at: https://legal.hubspot.com/legal-stuff.
5. Information disclosure
The processing of your personal data by all our service providers is only carried out on the basis of a proper data processing agreement in accordance with Art. 28 GDPR. Your personal data will not be passed on to third parties.
6. Data transfer to recipients outside the EU
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.
Subject to your express consent or a contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligations based on the standard contractual clauses of the EU Commission, in the presence of certifications or the existence of binding internal data protection regulations (Art. 44 to 49 GDPR).
The data collected by the products listed within the scope of this declaration from US providers or their affiliated companies, such as Google, may be stored and processed by them in the USA, among other places. We have no influence on the further data processing by the US service providers. For a data transfer to a third country, i.e. a country outside the EU or the EEA, appropriate guarantees for the protection of your personal data are generally required. After the European Court of Justice invalidated the Commission’s Implementing Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield (“EU-US Privacy Shield”), the EU-US Privacy Shield can no longer be used as a guarantee for an adequate level of protection in the USA according to EU standards. Thus, there is currently no level of data protection in the U.S. equivalent to that in the EU within the meaning of Art. 45 GDPR, and we are also unable to provide appropriate safeguards under Art. 46 GDPR to compensate for this deficit. Thus, data transfer to the USA is only permissible here with your express consent pursuant to Art. 49 (1) a) GDPR, which can be granted by you with the cookie notice by selecting optional categories. Possible risks of this data transfer are that access by state authorities, such as security authorities and/or intelligence services, cannot be ruled out and your data could be processed by them, possibly without you being informed separately and without enforceable rights and effective legal remedies being available to you, for reasons of national security, law enforcement or for other purposes in the public interest of the USA. Otherwise, we will only share your data with third parties if:
- you have expressly given your consent to this in accordance with Art. 6 para. 1 p. 1 a) GDPR,
- the disclosure according to Art. 6 para. 1 p. 1 f) GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- there is a legal obligation for the disclosure according to Art. 6 para. 1 p. 1 c) GDPR or
- this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 b) GDPR. The transfer to tax offices and social security institutions will only take place if there is a legal obligation to do so; the legal basis is Art. 6 para. 1 p. 1 c) GDPR. The transfer to service providers only takes place on the basis of a proper contract processing agreement in accordance with Art. 28 GDPR.