1. GENERAL INFORMATION 2. DATA CATEGORIES 3. ORIGIN OF THE DATA 4. PROCESSING PURPOSES 5. LAWFULNESS OF PROCESSING 6. CATEGORIES OF RECIPIENTS 7. DURATION OF DATA STORAGE 8. DATA SECURITY 9. SPECIFIC INFORMATION ON DATA PROCESSING ON OUR WEBSITES 10. YOUR RIGHTS
1. GENERAL INFORMATION
- visit any of our websites or social media pages,
- access or use any of our applications or platforms or other digital offerings (such as user forums on our websites or platforms),
- register and/or attend to events hosted or attended by HYPERGANIC,
- contact our customer support,
- do business with us, or
- otherwise interact or communicate with us.
These services are hereinafter collectively referred to as “Services”. If you decline to provide your Personal Data or ask us to delete it, you may not be able to access or use the Services.
In all these cases, various Personal Data is processed. Personal Data is information that relates to an identified or identifiable natural person (hereinafter “Data Subject”).
A person is identified if the identity results directly from the data itself, such as the name of an individual, or if the name is stored directly in connection with the date of birth. A person is identifiable if his or her identity can be established – directly or indirectly – by combining the data with another piece of information.
1.2 CONTROLLER AND CONTACT PERSON FOR DATA PROTECTION The Controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of Personal and Business Data (“Data”). The Controller within the meaning of the GDPR and the applicable national data protection laws (esp. FDPA) and other data protection provisions is:
Hyperganic Group GmbH Georgenstr. 38 80799 Munich Germany
Legal representatives: Xin Ge, Chiat Siang Lau
You can reach the data protection officer at firstname.lastname@example.org
2. DATA CATEGORIES
The categories of data we process depend on your interactions with us and may include one or more of the following data categories.
2.1 CONTACT AND BUSINESS DATA For the use of certain Services, contact data may be processed. Contact data consists of last name, first name, corporate/business email address, corporate/business physical address, corporate/business phone number, country of origin and similar contact information, including in some circumstances usernames and passwords. These may be supplemented by further business data such as position, company name and other similar information.
2.2 COMMUNICATION AND TRANSACTION DATA Communication data refers to the data resulting from your interaction with us, e.g., emails, direct/chat messages, video meetings or telephone calls, software downloaded, questions asked in user forums, and product interest information. We may also collect registration information related to your attendance at one of our events, including travel information, scheduling information, food preferences or allergies, and accessibility requests.
2.3 DEVICE AND BROWSER DATA When you visit or use one of our websites, platforms or applications, online and technical information from your computer or mobile device may be collected, such as: device type, location, information about the browser type and version, the operating system and version, the ISP or mobile carrier, the IP Address (or proxy server) and geographic areas derived from your IP address, time and date of access, duration of access, referring URL (if any), and identifiers that help us recognize your device and validate that you are a licensed user.
3. ORIGIN OF THE DATA
In most cases, you provide the Data directly to us by accessing one of our websites or by registering and/or using one of the Services. We may also obtain Data from your employer in the context of providing the Services or from third party suppliers, social networks, or partners.
<h2id=“processing-purposes”> 4. PROCESSING PURPOSES
4.1 PROVIDING THE REQUESTED SERVICE We process your Data to fulfill our contractual obligations to you, including to:
- provide and deliver products and services (including updates thereto);
- operate and improve our operations, systems, products and services;
- understand your preferences to enhance your experience; and
- provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts and administrative messages and providing customer support and troubleshooting.
4.2 COMMENTS AND QUESTIONS If you contact us via our website, via email or in any other way, we process your Data to understand and respond to your request and to provide customer service. In such circumstances, your request might be internally forwarded to the responsible department at HYPERGANIC.
4.3 SALES & MARKETING ACTIVITIES We may use your corporate/business email address for direct advertising, to communicate news about upcoming events, products, and services, and for surveys according to Art. 6 Para. 1 (a) or (f) GDPR. We also use your corporate/business email address, which we receive in connection with the sale of a product or service, for direct advertising of products or services similar to the ones you ordered.
Our marketing emails permit you to opt-out of receiving further communications by selecting the “unsubscribe” link. In addition, you may opt-out from marketing communication at any time by contacting email@example.com.
4.4 STATISTICS To improve performance of the Services, to assess and improve the customer and user experience, to identify future opportunities for development of the Services, and to assess capacity requirements, we may analyze aggregated, anonymized or statistical information based on Data (Art. 6 Para. 1 (f) GDPR).
4.5 SECURITY & COMPLIANCE We may analyze your Data to maintain the security of the Services and facilities, to enforce our terms and conditions; to protect against, investigate and deter fraudulent, unauthorized, or illegal activity; and to avoid and detect attacks on our website or applications or misuse of our Services.
5. LAWFULNESS OF PROCESSING
When we collect and use your Data, we will only do so where at least one of the following applies:
- We need to process your Data to perform our responsibilities under our contract with you and to provide you with tools and services (see Art.6 Para 1(b) GDPR).
- We have a legitimate interest to process your Data (see Art.6 Para 1(f) GDPR).
- You have given consent to process Data (see Art.6 Para. 1(a) GDPR).
- It is necessary for us to process your Data to comply with a legal obligation (see Art.6 Para. 1(c) GDPR).
6. CATEGORIES OF RECIPIENTS
Your Data may be transferred to affiliates and partners of HYPERGANIC as well as to a limited number of service providers (Processors) that perform processing operations such as data storage, hosting or communication services. These service providers process Data on our instructions only and have implemented state-of-the-art technical and organizational measures to safeguard the processed data. All Processors have been selected carefully and are closely monitored. The following is a list of the names of HYPERGANIC’s key sub-processors and the purposes for which they process Data (as changed from time to time):
Sub-processor Purpose Amazon Web Services (AWS) Cloud infrastructure hosting Digital Ocean Cloud infrastructure hosting Atlassian Jira Development tracking tool Microsoft (Office 365) Email hosting, storage Slack Internal communication Zoom Video Communications Video telephony software program
When we ask third parties to host or present at certain events, we may forward your Data to the respective third party who may use this data to provide access to the event or may contact you for related marketing purposes.
If Data is transferred to subsidiaries, partners service providers or third parties located outside the European Economic Area (EEA) which are not subject to an adequacy decision by the European Commission we will ensure that such recipient offers an adequate level of data protection, for instance by entering into EU Standard Contractual Clauses (SCCs) and implementing additional safeguards in accordance with legal requirements, or we will ask you for your prior individual consent to such international data transfers.
We may disclose your Data to comply with legal requirements, such as in response to a court order or a subpoena. In such an event, we will use reasonable and lawfully available measures to object to overbroad, unclear or otherwise inappropriate requests for information, and will cooperate with those seeking a protective order unless we are legally prohibited from doing so. We may also share Data with our auditors, attorneys or other advisors under professional obligations of confidentiality in connection with corporate functions.
7. DURATION OF DATA STORAGE
Your Data will be deleted upon your request or as soon as it is no longer required to achieve the purpose for which the Data has been collected, namely, to provide the requested Services. If legal regulations (e.g., by fiscal, commercial, or contractual law) apply that require longer storage of your Data, or if we need your Data to assert legal claims or defend against legal claims, we will store your Data until the expiration of the corresponding storage period or until the settlement of the claims.
Any user account and its related data in applications where we act as Controller will be deleted upon your request or after three years of inactivity.
8. DATA SECURITY
Data is protected by us by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect Data from unauthorized disclosure by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “https://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is therefore not possible.
9. SPECIFIC INFORMATION ON DATA PROCESSING ON OUR WEBSITES
9.1 CALLING UP AND VISITING OUR WEBSITE – SERVER LOG FILES For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time our website is called up and automatically stored in so-called server log files. These are:
- Browser type and browser version
- Operating system used
- Website from which the access is made (referrer URL)
- Host name of the accessing computer
- Date and time of access
- IP address of the requesting computer
The storage of the aforementioned access data is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your company or person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our Internet offering purely statistically and without any inference to your person. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.
Insofar as you visit our website in order to obtain information about our range of products and services or to use them, the legal basis for the temporary storage and processing of the access data is Art. 6 Para. 1 (b) GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 Para. 1 (f) GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
9.2 COOKIES – SESSION IDS Cookies are text files that are stored on a computer system via an internet browser. There are different categories of cookies, mainly (i) technical cookies necessary for the basic website functionality, (ii) functional cookies that enhance functions and performance and (iii) analyzing/marketing cookies that track website activity.
On our websites, we only use so-called session IDs or session tokens. A session ID is a unique identifier that a website assigns to a specific user for the duration of the session, to keep track of visitor activity for user authentication purposes. A session ID is a technical cookie which is necessary for the functionality of the website and is automatically deleted once the user ends the session.
Apart from that, we have designed our websites so that no cookies are used. A tracking or analysis is also not carried out.
9.3 NEWSLETTER - MAILCHIMP When you sign up for our newsletter, you submit to us your first name, last name and corporate/business email address and give us the right to contact you by email (Art. 6 Para. 1 (a) GDPR). We use the data stored as part of the registration for the newsletter exclusively for our newsletter.
If you unsubscribe from the newsletter - you will find the link for this at the very bottom of each newsletter - we will delete all data that was stored with the newsletter registration.
We send newsletters with MailChimp and use functions of the newsletter service MailChimp of the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA on this website to collect newsletter registrations.
NEWSLETTER SIGNUP If you sign up for our newsletter on our website, the data you enter will be stored by MailChimp.
DELETION OF YOUR DATA You can withdraw your consent to receive our newsletter at any time within the email received by clicking on the link at the bottom. Once you have unsubscribed by clicking on the unsubscribe link, your data will be deleted from MailChimp.
NEWSLETTER EVALUATION When you receive a newsletter via MailChimp, information such as IP address, browser type and email program is stored to give us information about the performance of our newsletter. MailChimp can determine if the email has arrived, if it has been opened and if links have been clicked by means of images called web beacons (details can be found at https://kb.mailchimp.com/reports/about-open-tracking) integrated in the HTML emails. All this information is stored on MailChimp’s servers, not on this website.
MAILCHIMP DATA PROCESSING AGREEMENT We have concluded a data processing addendum (DPA), including Standard Contractual Clauses (SCC), with MailChimp. This contract serves to safeguard your Data and ensures that MailChimp adheres to the applicable data protection regulations and does not pass on your Data to third parties.
You can find more information about this contract at https://mailchimp.com/de/legal/data-processing-addendum/.
9.4 IP GEOLOCATION We use a program on our website to locate your location via IP address. This program is used to display the website in the language relevant to you. Your location is determined by a service provider to whom only your current IP address is transmitted. As a result, the service provider returns the following data:
City, continent, country, country code, host name at the time of query, IP type, Internet service provider, longitude, latitude, organization, the transmitted IP address, region (state).
With this data we are able to show you the website in the language relevant to you. The data will not be stored by us. Art. 6 Para. 1 (f) GDPR serves as the legal basis for the temporary processing of this data, as our legitimate interest is to be able to provide you with a user-friendly website in the relevant language.
9.5 YOUTUBE Our website uses plugins of the video platform YouTube to embed videos and play them directly on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”). YouTube is an affiliated company of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The integration of YouTube videos takes place in the so-called “extended data protection mode”, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
9.6 SPOTIFY On our pages, functions of the music service Spotify are integrated. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: https://developer.spotify.com. This allows a direct connection between your browser and the Spotify server to be established via the plugin when you visit our pages. Spotify thereby receives the information that you have visited our site with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of our pages on your Spotify profile. This allows Spotify to associate the visit to our pages with your user account. If you do not want Spotify to be able to associate the visit to our pages with your Spotify user account, please log out of your Spotify user account.
The processing is done to enable you to learn more about us via HYPERGANIC related podcasts.
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 Para. 1(f) GDPR). Our legitimate interest lies in the purpose named in the previous paragraph.
9.7 SOCIAL NETWORKS
9.7.2 PURPOSE We maintain profiles on the aforementioned social networks for the purpose of timely and supportive public relations and corporate communication with customers and interested parties. We use the “Facebook Insights” function to make our posts on our Facebook page more attractive to our visitors. For example, we can use visitors’ favorite visiting times to optimize the timing of our posts.
9.7.3 LEGAL BASIS The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 Para. 1 (f) GDPR). Our legitimate interest lies in the purpose named in section 2.7.2. If you are asked by us for consent in the context of a cookie banner or cookie consent tool, the legal basis is Art. 6 Para. 1) (a) GDPR. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 Para. 1(a) GDPR.
9.7.4 FURTHER INFORMATION ON THE SOCIAL NETWORKS The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Privacy policies: https://www.facebook.com/policy.php https://www.facebook.com/help/186325668085084 https://www.facebook.com/about/privacy/your-info-on-other#applications https://www.facebook.com/about/privacy/your-info#everyoneinfo.
Twitter: Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; Privacy policies: https://twitter.com/privacy.
Instagram: Instagram LLC, 1601 Willow Rd, Menlo Park, California 94025, USA; Privacy policies: https://help.instagram.com/155833707900388/.
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Privacy policies: https://www.linkedin.com/legal/privacy-policy.
9.8 LINKS TO OFFERINGS OF THIRD PARTIES Websites as well as services of other providers linked to from this website were and are designed and provided by third parties. We have no influence on the design, content and function of these third-party services. We expressly distance ourselves from all content of all linked third-party services. Please note that the third-party services linked from this website may install their own cookies on your terminal device or collect Data. We have no influence on this. Please inform yourself directly with the providers of these linked third-party offers.
10. YOUR RIGHTS
Upon request, we will inform you whether and which data we have stored about you. Insofar as the legal requirements are met, you have the right to have this data corrected, blocked or deleted. You also have the right to receive Data which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller under conditions and in accordance with the Regulation.
Insofar as we process your data on the basis of the balancing of interests, you have a right of objection if the legal requirements are met.
Where we are relying on consent to process your Data you may withdraw your consent at any time for the future. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You may exercise your rights by contacting us in writing, with a proof of your identity, at firstname.lastname@example.org.
If you are resident of the EU, you also have the right to direct questions or complaints to the lead supervisory authority.