Privacy policy
§ 1 Information about the collection of personal data
(1) In the following, we provide information about the collection of personal data when using our platform. Personal data is any data that relates to you personally, such as name, address, email addresses, user behavior.
(2) The controller in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Loady GmbH, Julius-Hatry-Str. 1, 68163 Mannheim, Germany (see our legal notice). You can contact our data protection officer at info@grewe-kanzlei.de or at our postal address with the addition “the data protection officer”.
(3) When you contact us by email or via a contact form, the data you provide (your email address, possibly your name and telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.
(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we also state the defined criteria for the storage period.
§ 2 Your rights
(1) You have the following rights vis-à-vis us with regard to personal data concerning you:
- right to information,
- the right to correct or delete,
- the right to restrict processing,
- the right to object to processing,
- The right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
§ 3 Collection of personal data when you visit our platform
(1) If you only use the platform for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our platform, we collect the following data, which is technically necessary for us to display our platform to you and to ensure stability and security (the legal basis is Art. 6 (1) (f) GDPR):
- IP address
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- amount of data transferred in each case
- website from which the request comes
- Browser
- operating system and its interface
- language and version of the browser software.
(2) In addition to the data mentioned above, cookies are stored on your computer when you use our platform. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot run programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall.
(3) Use of cookies:
This platform uses the following types of cookies, the scope and functionality of which are explained below: Transient cookies.
Transient cookies are automatically deleted when you close your browser. In particular, this includes session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This allows your computer to be recognized when you return to our platform. Session cookies are deleted when you log out or close your browser. You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all features of this website.
§ 4 Other functions and offers of our platform
(1) In addition to the purely informational use of our platform, we offer various services that you can use if you are interested. To do this, you must usually provide further personal data, which we use to provide the respective service and to which the above-mentioned principles of data processing apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) We may also share your personal data with third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. You will receive more detailed information about this when you provide your personal data or in the description of the offer below.
(4) If our service providers or partners are based in a state outside the European Economic Area (EEA), we will inform you of the consequences of this fact in the description of the offer.
§ 5 Objection or revocation against the processing of your data
(1) If you have given your consent to process your data, you can withdraw it at any time. Such a withdrawal affects the lawfulness of processing your personal data after you have expressed it to us.
(2) Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if processing is in particular not necessary to fulfill a contract with you, which is described by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and will either stop or adjust data processing or show you our compelling legitimate reasons for continuing processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising using the following contact details:
Loady GmbH
Julius-Hatry-Strasse 1
68163 Mannheim
Germany
§ 6 Use of Microsoft Azure (cloud hosting and operation)
(1) We operate our SaaS platform on the “Microsoft Azure” cloud infrastructure. Services and resources (e.g. compute, storage, databases, container orchestration, monitoring) are provided on our behalf. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (as primary contractual partner in the EU). Where necessary, Microsoft affiliated companies may act as sub-processors.
(2) We remain responsible within the meaning of Art. 4 No. 7 GDPR. Microsoft acts as a contract processor in accordance with Art. 28 GDPR. The basis of the contract is an order processing contract including data processing conditions (Data Protection Addendum) from Microsoft.
(3) Categories of processed data:
— Customer data/content: Data that you store/process on the platform (e.g. user profiles, business data, uploaded files).
— Account and contract data: Master data, billing and support data.
— Operation/log data: technical logs, events, performance and security data.
— Telemetry/diagnostics (platform-dependent): usage metrics for stability and fault analysis.
The specific scope depends on your use of the platform/functions.
(4) Purposes of processing:
Operation and delivery of SaaS services, scaling and resilience, storage/backup, security (e.g. DDoS protection, access controls), failure analysis/support, compliance with legal obligations (e.g. storage).
(5) Legal bases:
Art. 6 para. 1 lit. b DSGVO (contract performance for core functions), Art. 6 para. 1 lit. f DSGVO (legitimate interests in safe and efficient operation, prevention of misuse/malfunction) and Art. 6 para. 1 lit. c GDPR (legal obligations). Insofar as consent is required for optional functions/telemetry, processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR.
(6) Storage locations/regions:
We prefer to configure Azure resources in data centers within the EU. If technically necessary, individual services can be distributed globally (e.g. CDN, email/push delivery).
(7) Third-country transfer:
A transfer to third countries outside the EEA may take place in individual cases (e.g. as part of remote support or global services). In these cases, we rely on appropriate guarantees in accordance with Article 46 GDPR, in particular on EU standard contractual clauses (SCC). In addition, we use additional measures (e.g. encryption, role-based access, data minimization).
§ 7 Use of Trimble Maps (map services)
(1) Our platform uses Trimble Maps services to display interactive maps, for geocoding (converting addresses into geographical coordinates) and, if necessary, for location determination or location validation. This integration allows us to dynamically integrate map content and provide location-based functions.
(2) Provider:
Trimble Inc., 935 Stewart Drive, Sunnyvale, CA 94085, United States. Within the EU, Trimble is supported by affiliated companies.
(3) Processed data:
When using the map functions, the following data in particular can be processed:
- IP address and technical access data (e.g. browser type, operating system, date/time of retrieval)
- Location data (if approved by the user or by entering an address/zip code)
- Usage data for interaction with the maps (e.g. zoom level, retrieved map sections, planned routes)
(4) Legal basis:
- Art. 6 para. 1 lit. b GDPR (contract fulfillment), insofar as map functions are required to use the platform (e.g. location display, route calculation).
- Art. 6 para. 1 lit. f DSGVO (legitimate interest in user-friendly and technically optimized provision of map content).
- Art. 6 para. 1 lit. a GDPR (consent), when access to the device or the processing of exact location data takes place.
(5) Third-country transfer:
A transfer to the USA is possible. Appropriate guarantees in accordance with Article 46 GDPR, in particular the EU Standard Contractual Clauses (SCC), are used for protection. In addition, we use technical and organizational measures to protect data (e.g. encryption, access controls).
(6) Storage period:
Trimble only stores the data for as long as is necessary for card delivery and system security purposes. More detailed information can be found in the provider's privacy policy https://maps.trimble.com/privacy/
§ 8 Use of Twilio SendGrid (email communication)
(1) We use the Twilio SendGrid service to send transactional and system-related emails (e.g. registration confirmations, password reset, notifications). It is used to deliver our emails reliably and securely.
(2) The provider is:
SendGrid, Inc. (a subsidiary of Twilio Inc.), 1801 California Street, Suite 500, Denver, CO 80202, USA. The contractual partner within the EU/EEA is Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland.
(3) Processed data:
— Recipient's email address
— Recipient's name (if provided)
— Content of the respective message
— Technical metadata (e.g. delivery or opening status, IP address, time stamp)
(3) Legal basis:
— Art. 6 para. 1 lit. b DSGVO (contract fulfillment), insofar as shipping is necessary to use our platform.
— Art. 6 para. 1 lit. f DSGVO (legitimate interest in functioning e-mail communication, delivery security and prevention of misuse).
— Insofar as consent is required in accordance with Article 6 (1) (a) GDPR (e.g. for newsletters), we obtain this before sending.
(4) Third country transfer:
Processing can also be carried out in the USA. Twilio SendGrid is based on the EU standard contractual clauses (Art. 46 GDPR). In addition, technical and organizational measures are used to protect data (e.g. encryption, access controls).
(5) Storage period:
We will only process your data for as long as is necessary for the purposes of sending emails. Details about SendGrid's privacy policy can be found in Twilio's privacy policy: https://www.twilio.com/legal/privacy
§ 9 Matomo
(1) We used the Matomo open-source tool to analyze our platform. The purpose of data processing is to analyze your surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual pages of our platform. This helps us improve our platform and its usability. We collect the following data via Matomo:
- IP address (anonymized)
- Country+city
- operating system
- Browser
- Screen resolution
- language
- date and time of visit
- Pages visited
(2) The legal basis for collecting and anonymizing your IP address is Art. 6 para. 1 lit. a and f DSGVO, § 25 para. 2 no. 2 TTDSG. The anonymization of the IP address to evaluate website usage in a privacy-friendly manner represents our legitimate interest.
It is not possible to object to processing due to the lack of a personal reference. Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/