Legal issue

Privacy policy for visitors and interested parties

In the following, we will explain which personal data we process and to what extent when you visit platoyo.io and how we process your data in the context of inquiries from interested parties.

1. Responsibility

Responsible for data processing on and via platoyo.io in the sense of Art. 4 No. 7 DSGVO is:

Atalanda GmbH

Münchener Straße 1

83395 Freilassing

E-mail: info@atalanda.com

Phone: +49 8654 774 17 21

Fax: +49 8654 403 99 65

Represented by: Roman Heimbold (Managing Director)

Hereafter "Platoyo".

2. Data Protection Officer

Address see above.

E-mail: datenschutz@platoyo.com

Phone: +49 8654 774 17 22

Fax: +49 8654 403 99 65

3. Subject of data privacy

The subject of data protection is personal data. According to Art. 4 No. 1 DSGVO, these are all information relating to an identified or identifiable person. This includes, for example, details such as names, postal addresses, e-mail addresses or telephone numbers, but also usage data such as the IP address or content data from the e-mail correspondences that you exchange with us.

4. Scope and purpose of data collection and storage

In the following, we clarify the scope of data collection and storage as well as use (hereinafter "data processing", used in the sense of Art. 4 No. 2 DSGVO), the purpose of the respective data processing on platoyo.io (item 5) as well as the processing of personal data of interested parties (item 6).

5. Data processing in the context of the use of the websites of platoyo.io

For the simple use of platoyo.io, only the processing of your IP address is mandatory in the short term, we explain this in section 5.1.

In addition, we naturally set cookies. Without your consent, however, only to the extent that this is technically necessary. More information on this and on the integration of various social plug-ins is available in section 5.2.

If you subscribe to our newsletter, we require your e-mail address, more information on this in section 5.4.

5.1. IP addresses and log files

We store the IP address and the log files for 60 days in order to quickly detect Brutforce attacks and other manipulations and to be able to take countermeasures.

The legal basis for this data processing is regularly Art. 6 (1) b) DSGVO, as we need your IP address and the other automatically transmitted data mentioned here to be able to send you the website and the information it contains at all.

Further storage for purposes of technical support of our IT security is based on Art. 6 I f), as we have a legitimate interest in protecting our services from attacks and manipulations. A predominantly legitimate interest of the data subject is not recognizable, since only the IP address is stored, which we as the responsible party cannot de-pseudonymize; i.e. we cannot establish a personal reference by means of the IP address.

5.2. Cookies & Social PlugIns

Cookies are small text files that are stored by websites on the computer in order to

  • to make the site usable at all (so-called necessary cookies) or

  • to define preferences on the part of the user in the long term or to be able to personalize content (so-called preference cookies) or

  • to enable the analysis of the use of the website (so-called statistics cookies) or

  • in order to be able to pass on information about users to third-party providers (so-called marketing cookies).

According to the German Data Protection Conference (DSK, the association of national data protection authorities), cookies may only be set without consent if they are technically necessary for the operation of the site. We adhere to this.

When you visit our website for the first time, a cookie banner is displayed. Via this cookie banner, you can individually decide (consent) whether all or only the technically necessary cookies may be set.

By the way: You can prevent any installation of cookies by preventing the installation of cookies through a corresponding setting in the browser software (to be found under "Settings" in most browsers); however, it should be noted that in this case not all functions can be used in full.

Furthermore, cookies that have already been set can also be deleted (also found under "Settings" in the browser).

In addition, we would like to inform you specifically about the integration of session cookies (section 5.2.1), Universal Analytics (formerly: Google Analytics, section 5.2.2) and Hotjar (section 5.2.4). Finally, we would like to inform you about the use of social plug-ins.

5.2.1. User-ID-Cookie

A web application like platoyo.io has no memory per se. Every call of a (sub)page is counted as a new visit. This is unfortunate if you - like you as a provider - want to log in to the application and work within it. As a result, we set a cookie. This cookie is used to assign a so-called user ID, so that we or the technology can (re)recognize that it is (and remains) you who is just on the application and has just logged in. This cookie is stored persistently, i.e. long-term, in order to make working with the application more convenient for you. However, no personal data is processed with this cookie itself.

Of course, you can also choose your browser settings so that this cookie is also deleted automatically after each session (i.e. when you close the page.) or not allow this cookie to be set at all (these functions can usually be found under "Settings" in the browser).

5.2.2. Use of Universal Analytics (Google Analytics)

Furthermore, the tracking service Universal Analytics (formerly: Google Analytics) is integrated on platoyo.io. We explain the integration and functionality of this service in the following.

Universal Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (in future: Google). Universal Analytics is a web analytics tool that helps to analyze the interaction of visitors with the online platform and thus to further improve the online platform. For this purpose, several cookies are set by Google. These cookies allow the processing of the following data:

Browser type,

the operating system used,

the IP address (shortened)

Time of the server request

User IDs

The information about the use of this website that can be used by the cookie is usually transferred to a Google server in the USA and stored there. However, we have activated IP anonymization on our online platform. Due to this, the IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area will be shortened by Google before being transferred to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use the above information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Universal Analytics will not be merged with other data from Google.

Google creates a concrete user profile about you via the user ID. If you have an account with us and log in via several devices, we can recognize from this user ID with the help of Google Analytics that it is you who has logged in with the devices (so-called cross-device tracking). This information is passed to Google using a random ID such as 77463737.1937301.

For this form of tracking, however, we obtain your specific consent in accordance with the opinion of the DSK (see position statement of the Conference of Independent Data Protection Authorities of the Federal Government and the Länder - Düsseldorf, April 26, 2018). This is because you specify via the cookie settings - as explained above - whether we may set cookies for statistical purposes or for re-marketing purposes. If you negate this, no cookies will be set. Thus, this form of data processing here is based on Art. 6 I a) iVm Art. 7 DSGVO.

Google is also obligated to us under data protection law via an order processing agreement.

In addition, you could prevent the collection of the data generated by the cookie and related to the use of the website (including the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

If you are using the site via a tablet or cell phone and would like to prevent Universal Analytics from collecting your visits to this website in the future, please click this link. By clicking the link, an opt-out cookie will be placed in the mobile browser. If this cookie is deleted, the link must be clicked again.

5.2.3. Use of Hotjar

We use Hotjar to better understand the needs of our users and optimize the experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and don't like, etc.) and this helps us tailor our offerings to our users' feedback. Hotjar works with cookies and other technologies to collect information about our users' behavior and about their devices (in particular, IP address of the device (collected and stored only in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website). Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users or merged with other data about individual users. For more information, please see Hotjar's privacy policy here.

5.2.4. LinkedIn

Our platform uses "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that collects the following data: Page views and other page events (e.g. clicks), IP address, device and browser properties. This data is encrypted and anonymized within 7 days. The anonymized data is deleted by LinkedIn within 90 days. LinkedIn does not share any personal data with us, but provides anonymized reports on ad performance and website audience. In addition, LinkedIn offers the possibility of retargeting. Further information on data protection at LinkedIn can be found in the LinkedIn privacy notices. Members of LinkedIn can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out") click here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5.3. Youtube

We use the YouTube.com platform to post videos on our platforms and make them publicly available. YouTube is the service of YouTube LLC, a third party not affiliated with us.

On some of our websites, Platoyo directly embeds videos stored on YouTube. Here, content from the YouTube website is displayed in parts of the browser window ("framing"). The YouTube videos are called up by clicking on them separately. When you call up a page on platoyo.io with YouTube videos, a connection is established to YouTube's servers and the content is displayed on your browser.

The YouTube content is displayed in "enhanced privacy mode". The mode is offered by YouTube. In this mode, YouTube assures not to store cookies on your device. However, by calling up the pages with YouTube content, your IP address is communicated and which of our Internet pages you have visited. However, this information is not directly attributable to you unless you have registered with YouTube or other Google services in advance.

As soon as you start a YouTube video on our pages by clicking on it, YouTube, according to its own information, only stores cookies in your browser through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to Google itself. You can prevent the setting of cookies through appropriate browser settings and extensions.

Address and link to YouTube's privacy policy:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Privacy policy: https://policies.google.com/privacy

Opt-out: https://adssettings.google.com/authenticated

5.4. Vimeo

On our site we use videos from Vimeo. For technical reasons, the integration of Vimeo videos results in calls to the Vimeo servers. Data from your browser or end device is transmitted to the Vimeo server. It is also transmitted which of our Internet pages you have visited. However, this information is not directly attributable to you unless you have registered with Vimeo or other Google services in advance.

The Vimeo content is displayed in "extended data protection mode". The mode is offered by Vimeo. Vimeo assures in this mode not to store cookies on your device. For the use of data from your browser or terminal device associated with the playing of a video, please refer to the provider's privacy policy.

Address and link to the privacy policy of Vimeo:

Vimeo, LLC, 555 West 18th Street, New York 10011.

Privacy policy: https://vimeo.com/privacy

5.5. Google Maps

To make it easier for you to find us when you visit us on site, we have integrated map material from the Google Maps service from Google into our website via an API. In order for you to see this content, Google must receive your IP address, otherwise Google would not be able to provide you with this embedded content (see section 4.1 IP address).

With regard to Google's data processing, Google's privacy policy applies: here. Further information on data processing within the scope of the Google Maps API can also be found here.

5.6. Newsletter subscription

If you subscribe to our newsletter, we will of course need your e-mail address to send you the newsletter.

With the newsletter we inform you about current company developments and offers in connection with our services.

As far as the data processing is based on Art. 6 I b) DSGVO.

In addition, we statistically record which users have opened the newsletter and which users have clicked on links in the newsletter in order to be able to track which content is of interest to our users.

These last two data processing operations are based on your consent pursuant to Art. 6 I a in conjunction with Art. 7 DSGVO.

We obtain your consent as part of the double opt-in process. In this process, you first register for our newsletter and then receive an e-mail with a reference to this data processing information and a confirmation link. Only after clicking on the confirmation link are you included in the newsletter distribution list. We do this to ensure that you have actually registered your e-mail address with us and wish to receive the newsletter and to be able to prove this in case of doubt. For the aforementioned verification purposes, we log your registration for the newsletter, for this purpose we store the registration and confirmation time as well as your complete IP addresses at the time of registration or confirmation. We process this data on the basis of Art. 6 I f) DSGVO, as we have a legitimate interest in the proof of registration by your person to the newsletter in the event of any legal disputes. An overriding legitimate interest on your part that we do not process this data is not apparent. Rather, the double opt-in process is also in your interest, as this is the only way to ensure that unauthorized third parties do not register on your behalf.

Furthermore, we would like to inform you that we use the newsletter service Mailchimp of Rocket Science Group LLC. for the purpose of sending our newsletter. Rocket Science Group LLC (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) is a US company. As a result, your data will be processed in the USA. However, Rocket Science Group LLC is certified with regard to the Mailchimp service. In all other respects, data processing is secured under data protection law via an order processing agreement.

If you do not give the above-mentioned consents or do not want data to be transferred to the USA within the aforementioned framework, then we can understand this, but unfortunately we cannot offer you the subscription to the newsletter.

Of course, you can unsubscribe from the newsletter at any time. See also section 10.3.

5.7. Live-Chat

If you use the live chat tool to contact us, the data you voluntarily enter there (name, email address, message) will be processed by us in accordance with Art. 6 (1) sentence 1 lit. b DSGVO for the purpose of responding to the inquiry in the context of contract processing. In addition, the use of this tool serves to protect our legitimate interests in effective and improved customer communication, which prevail in the context of a balancing of interests, pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO. The data is subsequently deleted.

As part of processing on our behalf, the third-party provider LiveChat, Inc. provides the services for us to provide the live chat tool. All data collected in the course of using the chat tool is processed on its servers.

LiveChat, Inc. is located in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the US and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

More information about the handling of user data can be found in the privacy policy of LiveChat, Inc. https://www.livechatinc.com/legal/privacy-policy/.

6. Data processing in the context of inquiries from interested parties

If you contact us as an interested party, for example by e-mail, contact form, online chat, by telephone or at a trade fair, we process the following data:

First and last name of the contact person

Company affiliation

Position

Telephone number

E-mail address

Postal address

Areas of interest

Contact points such as newsletter subscriptions, trade show contact with key accounts, call notes

Appointment calendar entries

Platoyo processes prospect data to carry out pre-contractual measures within the meaning of Art. 6 I b) DSGVO, such as when you first contact us by email. However, if you as an interested party describe further interest in Platoyo's services with your message, call or conversation, the contact data and the reason for the inquiry are transferred to the CRM system. This processing takes place on the basis of Art. 6 I f) DSGVO. Platoyo has a legitimate interest in maintaining and intensifying contact with interested parties. This is only possible if the data is not deleted immediately. A conflicting interest of the interested party is not apparent in this case, as you have provided Platoyo with the data yourself in the context of an expression of interest.

7. Processing of data for specific purposes, recipients of data, disclosure of data

We observe the principle of purpose-related data use. We process all of the aforementioned data only for the purposes stated here.

In addition to the recipients of data already mentioned here such as.

Google

Mailchimp Inc.

Hotjar

LiveChat

there are of course other recipients of data. For example, we do not host our servers ourselves, but with hosting providers. And of course, we also use software-as-a-service solutions such as project management tools in our work.

You can obtain a list of specific recipients at any time upon request. For reasons of our own IT and data security, however, we do not wish to publicly name the recipients of data here.

You can be assured, however, that we have obligated every provider who processes data on our behalf via an order processing agreement in accordance with Art. 28 DSGVO and that if and to the extent that data is transferred to a so-called unsafe third country such as the USA, this transfer will only take place in a permissible manner under the conditions of Art. 44 DSGVO.

Personal data will not be passed on to third parties outside the framework described here without express consent.

The transfer to state institutions and authorities entitled to receive information will also only take place within the framework of the legal obligations to provide information or if we are obliged to provide information by a court decision.

8. Processing duration

8.1. Deletion periods for IP addresses, log files and cookies

The IP address and the data in the log files are only temporarily stored in the web server log files to establish the connection and are stored for 60 days for the purpose of detecting attacks and manipulation and then immediately deleted.

As shown, persistent cookies are used. However, these do not store any personal data themselves and can be deleted by you at any time. (under "Settings" in the browser).

8.2. Deletion periods of data processed via Universal Analytics

The data we collect as part of the Universal Analytics usage profile is automatically deleted after 14 months.

8.3. Deletion periods within the scope of the newsletter subscription

We will use your e-mail for the purpose of sending e-mails until you unsubscribe from our newsletter. After you unsubscribe, we delete your e-mail address from the e-mail distribution list of the newsletter and also immediately inform the local partners that they must immediately delete your e-mail address from the corresponding e-mail distribution lists.

8.4. Deletion periods for interested party data

Prospect data is deleted two years after a final touchpoint.

A touchpoint means, for example, downloading a white paper, interacting with an employee at a trade show, via social media, by email or phone, or attending a webinar, seminar, or event. The long retention period is due to the sometimes long planning and budgeting cycles of retailers.

Unless there are retention periods to be met in accordance with §§ 257 of the German Commercial Code (HGB). In this case, the data is stored for up to 6 years and then deleted. In that case, the data will be limited in use in accordance with the expiration of the two years pursuant to Art. 18 DSGVO to the fulfillment of the retention obligation and deleted after the expiration of the above-mentioned periods.

If deletion of individual data and data records is only possible with a disproportionate effort related to the extraction and separation with regard to different deletion periods, these data will be limited uniformly after completion of the request and deleted with the expiration of 6 years after the last point of contact.

The period begins with the end of the calendar year in which the respective date was collected.

9. Data subject rights (including rights of information, revocation, objection and deletion)

In accordance with Art. 15, you have the right to request information regarding the data we have processed about you.

You may object to the processing of your data at any time, insofar as the requirements of Art. 21 DSGVO are met, and revoke any consent to the processing of the data given in addition at any time. If the consent to data processing is revoked or the use of the data is objected to, this does not affect the lawfulness of the data processing until the time of the revocation or objection.

Furthermore, you can have the data processed by us corrected, restricted or deleted at any time. We expressly point out that there may be legal obligations - such as retention obligations - to continue to store data. In this case, the data can only be restricted. This means that the data will be processed exclusively for the purpose of complying with the legal obligations and will not be used for any other purpose.

In addition, you also have the right to data portability pursuant to Art. 20 DSGVO and the right to lodge a complaint with a supervisory authority within the meaning of Art. 77 DSGVO.

If you have any questions, please contact us at any time at team@platoyo.com or directly contact our data protection officer via e-mail at datenschutz@platoyo.com.