Privacy Policy

Cloud data processing using Amazon AWS

We use Amazon Web Services to process data on our behalf as follows: AWS S3 (AWS storage service) is used to store personal room scans (including time codes in Europe, zone eu-west-1). Other AWS services process user data in technical operation without persisting it (AWS EC2, AWS Fargate, AWS Lambda):

We expressly point out that your data may be processed in the USA (third country). We have concluded an order processing contract with AWS that contains EU standard contractual clauses for the use of Amazon Web Services. Through this contract, Amazon assures that the company processes the data in accordance with the GDPR and guarantees the protection of the rights of the data subject. There is currently a decision by the European Commission in which the level of data protection for certified companies in the USA is declared appropriate and any data processing is carried out based on Art. 45 (1) GDPR in conjunction with the EU-US Data Privacy Framework. AWS is a certified company. The list of certified companies is available at https://www.dataprivacyframework.gov/list

Data-driven optimization using Google Analytics

We also use Google Analytics for Firebase and Firebase Crashlytics (hereinafter referred to as Google Firebase) to analyze user behavior and to ensure the stability and continuous improvement of the app. The provider is Google Inc. based at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Firebase contains various functions with which we can analyze in-app behavior. For example, we can analyze screen views and button clicks. We can also determine which functions within our app are used frequently or rarely.

Anonymous information on the frequency of use is used to evaluate the general acceptance of the app and analyze whether further developments of the app have a positive impact. Anonymous information on session/dwell time is used to identify errors in the usability of the app and to optimize content accordingly. Anonymous screen sequences or the processes involved in using the app help us to better understand users’ use cases and goals and to speed up frequently used processes in the app. Demographic data is used to better understand our target group. For these purposes, Google Firebase stores the number and duration of sessions, operating systems, device models, region and a range of other data. You can find a detailed overview of the data collected by Firebase at the following links: support.google.com/firebase/answer/6318039, https://firebase.google.com/support/privacy/#examples_of_end-user_personal_data_processed_by_firebase

Firebase Crashlytics is used to monitor and promptly fix app errors. When the app crashes, certain information about the crash such as time of crash, device type, operating system and other technical details are sent from your mobile device to Crashlytics. These crash reports are stored anonymously, i.e. they do not contain an IP address or other personally identifiable information.

The use of Google Firebase may require the transfer of your personal data to the USA. There is currently a decision by the European Commission in which the level of data protection for certified companies in the USA is declared appropriate and any data processing is carried out based on Art. 45 (1) GDPR in conjunction with the EU-US Data Privacy Framework. Google Inc. is a certified company. The list of certified companies is available at https://www.dataprivacyframework.gov/list

The storage period for the data collected can be found in the provider’s privacy policy. Google Firebase is used to optimize this app and to improve our services. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit f GDPR. However, the processing of data for analysis purposes is only carried out based on your consent in accordance with Art. 6 (1) lit b GDPR in conjunction with § 165(3) TKG 2021. You can find more information about Google Firebase at the following links: https://firebase.google.com/, https://firebase.google.com/terms/crashlytics/, https://firebase.google.com/support/privacy/

Customer relationship management using Hubspot

We use services from Hubspot, a customer relationship management registration and marketing automation system from the provider Hubspot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with offices in Ireland (Ground Floor, Two Dockland Central, Guild Street, Dublin 1) and Germany (Am Postbahnhof 17, 10243 Berlin). We use these services for contact management, email marketing (newsletters, automated mailings), provision of product-related information such as new functions or updates/upgrades, reporting (e.g. traffic sources, hits, etc.), landing pages and contact forms. If you create an account to use our products or otherwise provide us with contact information and other demographic information (e.g. via the contact form on our websites), we may share this information, and the content accessed on our websites or in our products with Hubspot. Hubspot’s services help us to contact visitors to our websites and interested parties and users of our products and, for example, to answer their enquiries and determine which of our company’s services are of interest to them. In addition, these services enable us to work more efficiently with our products and thus generally help to improve usability and service quality.

The legal basis for this processing is your express consent (Art. 6 (1) lit a GDPR) and the protection of our legitimate interests (Art. 6 (1) lit f GDPR), namely the improvement of the user experience and service quality (e.g. efficient and fast processing of enquiries). Hubspot is a provider based in the USA. We have therefore concluded a contract with HubSpot with standard contractual clauses within the meaning of Art. 46 (2) GDPR, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. There is currently also a decision by the European Commission in which the level of data protection for certified companies in the USA is declared appropriate and any data processing is carried out based on Art. 45. (1) GDPR in conjunction with the EU-US Data Privacy Framework. Hubspot Inc. is a certified company. The list of certified companies is available at https://www.dataprivacyframework.gov/list

Further information about Hubspot can be found at the following links: https://legal.hubspot.com/de/dpa, https://legal.hubspot.com/de/privacy-policy

Payment service provider Stripe 

We offer the option of processing the payment transaction via the payment service provider Stripe, 510 Townsend St., San Francisco, CA 94103. This corresponds to our legitimate interest in providing an efficient and secure payment method (Art. 6 (1) lit f GDPR). Without the transmission of your personal data (name, address, bank details, account number or credit card number, payment reference), we cannot offer payment via Stripe. As the controller under data protection law, Stripe uses your transmitted data to fulfil contractual obligations and process the payment transaction. This serves the fulfilment of the contract (pursuant to Art. 6 (1) lit b GDPR). Please also note its General Terms and Conditions in the context of payment processing. Stripe has implemented the necessary compliance measures for international data transfers. These apply to all activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses. There is currently also a decision by the European Commission in which the level of data protection for certified companies in the USA is declared appropriate and any data processing is carried out based on Art. 45 (1) GDPR in conjunction with the EU-US Data Privacy Framework. Stripe is a certified company. The list of certified companies is available at https://www.dataprivacyframework.gov/list

Further information on objection and removal options with respect to Stripe can be found at: https://stripe.com/privacy-center/legal. Your data will be stored by us until payment processing has been completed. This also includes the period required for the processing of refunds, receivables management and fraud prevention (see also section 2.1.2. Paid packages)

Managing contact data using Zoho

To store and efficiently manage our contact data, we also use the Zoho CRM customer relationship management system from Zoho Corporation, 4141 Hacienda Drive Pleasanton, CA 94588, USA. Zoho is a provider based in the USA. We have concluded a contract with Zoho with standard contractual clauses within the meaning of Art. 46 (2) GDPR, in which Zoho undertakes to process the contact data only in accordance with our instructions and to comply with the EU data protection level. Further information can be found on the Zoho website (https://www.zoho.com/gdpr.html). The legal basis for the processing of contact data is the protection of our legitimate interests (Art. 6 (1) lit f GDPR), namely the establishment of a business relationship and the maintenance of our business contacts (CRM) as well as the fulfilment of contractual obligations in accordance with Art. 6 (1) lit b GDPR.

Sales organization using SalesLoft

We also use various tools to process the data stored in our CRM systems. These include the SalesLoft sales platform, which we use to improve the organization of our sales processes. SalesLoft accesses some of the customer data contained in our CRM systems (contact information and company information) and combines this with information about the interactions that have taken place with us (e.g. telephone calls, communication via email and/or social networks). This information helps us to coordinate our sales activities centrally and to communicate with our customers authentically and always up to date. SalesLoft is a provider based in the USA. We have therefore concluded a contract with SalesLoft with standard contractual clauses within the meaning of Art. 46 (2) GDPR, in which SalesLoft undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. There is currently also a decision by the European Commission in which the level of data protection for certified companies in the USA is declared appropriate and any data processing is carried out based on Art. 45 (1) GDPR in conjunction with the EU-US Data Privacy Framework. SalesLoft is a certified company. The list of certified companies is available at https://www.dataprivacyframework.gov/list. The legal basis for this processing is the protection of our legitimate interests (Art. 6 (1) lit f GDPR), namely the ongoing optimization of our sales processes.

Geolocation using OpenStreetMap and Google Maps

We use the OpenStreetMap service to derive the address of buildings based on GPS data. The IP address and GPS data are passed on to OpenStreetMap. The GPS data is only passed on in order to determine the exact address of buildings and to display the location information accordingly. This enables us to provide you with precise information about your surroundings and the addresses you are looking for. Your IP address and GPS data are processed on the basis of your consent in accordance with Art. 6 (1) lit a GDPR, which you give us by using our services and accepting this privacy policy.

Finally, in our app you have the option of viewing the location of buildings via a link to Google Maps. The link to Google Maps allows you to visualize the location of buildings and get directions. If you use the link to Google Maps, you will be redirected to the Google Maps website. Your IP address and the location data (GPS data) of the scan will be transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In the course of using Google Maps, your data may be transferred to the USA (third country). There is currently a decision by the European Commission in which the level of data protection for certified companies in the USA is declared appropriate and any data processing is carried out on the basis of Art. 45 (1) GDPR in conjunction with the EU-US Data Privacy Framework. Google LLC is a certified company. The list of certified companies is available at https://www.dataprivacyframework.gov/list

Google Maps processes this data in accordance with its own privacy policy, which you can view here: https://policies.google.com/. The transfer and processing of your data is based on your consent in accordance with Art. 6 (1) lit a GDPR, which you give us by using our services and accepting this privacy policy.