Data Protection Declaration
Name and address of controller:
sipgate GmbH (hereinafter referred to as “sipgate”)
Represented by the managing directors, Tim Mois and Thilo Salmon,
Gladbacher Str. 74, 40219 Düsseldorf, Germany
Tel.: +49 (0)211 63 55 55 0
info@sipgate.de
www.sipgate.de
Name and address of the data protection officer of sipgate GmbH:
Data Protection Officer
℅ sipgate GmbH
Gladbacher Str. 74
40219 Düsseldorf, Germany
Tel.: +49 (0)211 63 55 55 0
datenschutz@sipgate.de
A. General information on data processing
I. Scope of personal data processing
This Data Protection Declaration applies to the websites of sipgate as well as the websites operated by sipgate for its affiliated companies.
sipgate only processes personal data insofar as required for providing a functioning website as well as contents and sipgate services. Users’ personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user’s consent. Cases where it is impossible to obtain prior consent for effective reasons and the data processing is permitted by law form an exception to this rule.
II. Legal basis for personal data processing
In the event of sipgate obtaining consent from the data subject for personal data processing activities, Art. 6 (1) lit. a of the General Data Protection Regulation (hereinafter referred to as “GDPR”) forms the legal basis.
When processing personal data required for fulfilling an agreement to which the data subject is party, Art. 6 (1) lit. b GDPR forms the legal basis. The same applies to processing activities required for implementing pre-contractual measures.
In the event of personal data having to be processed for fulfilling a legal obligation of sipgate, Art. 6 (1) lit. c GDPR forms the legal basis.
Should essential interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is required to maintain a justified interest of sipgate or third party, and if the interests, basic rights and freedoms of the data subject do not outweigh the interest stated above, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.
III. Data deletion / storage period
The personal data of the data subject is deleted or blocked as soon as the purpose for its storage ceases to exist. Data may also be stored if stipulated by European or national legislation in EU directives, laws or other regulations which apply to sipgate. Data is also blocked or deleted if a storage period stipulated by the above standards expires, unless it is necessary to continue storing the data for the conclusion or fulfilment of an agreement.
IV. Data processing in third countries
All data processing activities performed in a third county (i.e. a country outside the European Economic Area (EEA) and European Union (EU)) comply with the provision s of the GDPR.
We only initiate the processing of personal data in third countries that maintain adequate data protection standards. Adequate data protection standards exist in countries for which the European Commission has issued an adequacy decision. An adequate data protection standard is further assumed for US providers that are certified in accordance with the Privacy Shield. An adequate data protection standard can also be secured with corresponding guarantees, such as the standard contract clauses of the European Commission, existing certifications or binding internal data protection regulations.
Personal data is furthermore only processed in third countries with explicit consent from the data subject or if prescribed by law or contract.
B. Log files
I. Description and scope of data processing
The sipgate systems automatically collect data and information from the system of the accessing computer each time the sipgate websites are accessed.
The following data is collected during this process:
Information on the browser type and version, the user’s operating system, internet service provider and IP address, date and time of access, websites from which the user’s system is referred to sipgate’s website, and websites accessed by the user’s system through the sipgate website(s).
The data is also stored in the sipgate log files. This data is not stored together with other personal data of the user.
II. Legal basis for processing
Data and log files are temporarily stored on the legal basis of Art. 6 (1) lit. f GDPR.
III. Purpose of data processing
The system has to temporarily store the user’s IP address to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose.
It is stored in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our IT systems. The data is not analysed for marketing purposes in this respect.
The above-stated purpose also constitutes the justified interest of sipgate in the data processing in accordance with Art. 6 (1) lit. f GDPR.
IV. Storage period
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for displaying the website, this is the point at which the respective session ends.
If the data is stored in log files, it is deleted no later than seven days from being collected. Data may be stored for longer periods than the ones stated above. In such event, the user’s IP address is deleted or alienated so that it is no longer possible to allocate it to the accessing client and this data no longer links to a specific person.
V. Option to object and delete the data
The collection of data for displaying the website and storage of data in log files is crucial for operating the website. The user therefore has no option to object.
C. Use of cookies
I. Description and scope of data processing
Our website uses cookies. Cookies are text files stored in the browser and/or by the browser on the user’s computer system. A cookie may be stored on the user’s operating system if the user accesses a website. This cookie contains a characteristic sequence which makes it possible to clearly identify the browser when the website is accessed again.
We use cookies to create a more user-friendly website. Some elements on our website require for the accessing browser to be identified even after switching pages.
The following data is stored and transferred in the cookies for this purpose:
language settings, shopping basket items, log-in information, browser type, operating system, referrer URL (previously visited page), time of server request and IP address.
We also use cookies that make it possible to analyse the user’s surfing behaviour on our website(s).
The following data can be transferred in this manner:
browser type, operating system, referrer URL (previously visited page), time of server request and IP address.
The user data collected in this manner is pseudonymised by technical features. Once this process has been completed, it is no longer possible to allocate the data to the accessing user. The data is stored separately to other personal user data.
When accessing our website(s), users are informed about the use of cookies for analysis purposes and referred to this Data Protection Declaration on an information banner. Information on how the storage of cookies can be prevented by adjusting the browser settings is also provided.
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
Certain third parties provide ways to opt out of advertising cookies across multiple sites. You can learn more by visiting the sites of the Network Advertising Initiative (https://optout.networkadvertising.org) or the Digital Advertising Alliance (https://www.aboutads.info). In addition, there are third party plug-ins and apps that help manage cookies.
II. Legal basis for data processing
The legal basis for the processing of personal data and use of technically required cookies is Art. 6 (1) lit. f GDPR.
Art. 6 (1) lit. a GDPR forms the legal basis for processing personal data whilst using cookies for analysis purposes with the user’s consent.
III. Storage period, option to object and delete the data
Cookies are stored on the user’s computer from where they are transferred to sipgate. You, the user, have full control over the use of cookies. You can adjust your browser settings to deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time (also automatically). Deactivating cookies on the sipgate website may result in not all of the website functions being fully usable.
We ask for your consent before any non-essential cookies are set.
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
You can also object to the use of cookies on the following websites:
http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choices/
D. Consentmanager (Cookie-Consent-Tool)
I. Scope of personal data processing
We have integrated the consent management tool „consentmanager“ (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of „consentmanager“ you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed.
II. Legal basis for personal data processing
The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, we help our customers (according to GDPR this is the responsible party) to fulfill their legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities.
III. Data deletion / storage period
„Consentmanager“ stores your data as long as your user settings are active. One year after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.
IV. Option to object and delete the data
You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.
E. Newsletter
I. Description and scope of data processing
Any email address entered by you when purchasing goods or services on the sipgate website may be used by sipgate to send you a newsletter. The newsletter exclusively contains direct advertising for our own goods and services. You can also subscribe to the newsletter of sipgate GmbH without purchasing goods and services. We engage external service providers for sending the newsletter. We record the number of opened and delivered newsletters in this respect.
The newsletters contain a web beacon, i.e. a one-pixel file which is accessed by the server of our service provider when the newsletter is opened. Technical information, such as on your browser and system as well as your IP address and time of request, is collected as part of this request. This information is used for improving the technical aspects of the service on the basis of technical data or the target groups and their read behaviour based on their request locations (which can be determined with the help of the IP address) or access times.
The statistical data collected also includes the determination if the newsletters have been opened and when and which links have been clicked. This information can be allocated to the individual newsletter recipients for technical reasons. However, neither we nor our service provider intend to monitor individual users. The analyses merely serve for us to recognise the read behaviour of our users and to adjust our contents accordingly or to send different contents that meet our users’ interests.
II. Legal basis for data processing
Section 7 (3) of the Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG) forms the legal basis for sending the newsletter following the sale of goods or services. Art. 6 (1) lit. f GDPR forms the basis for recording the number of opened and delivered newsletters.
If the user explicitly subscribes to receive newsletters, the legal bases for sending the newsletter and recording the number of opened and delivered newsletters are Art. 6 (1) lit. a GDPR and Art. 7 GDPR.
III. Purpose of data processing
Email addresses and user names are collected for delivering a personalised newsletter.
The number of opened and delivered newsletters is recorded to recognise potential technical problems and to improve the contents. This purpose also constitutes sipgate’s justified interest in accordance with Art. 6 (1) lit. f GDPR.
IV. Storage period
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. The user email address is therefore stored for as long as the newsletter subscription remains active.
V. Option to object and delete the data
The affected user can cancel the newsletter subscription at any time. A corresponding link is included in every newsletter for this purpose.
F. Contact form
I. Description and scope of data processing
The sipgate website contains contact forms that can be used for contacting the company via electronic channels. If the user decides to use this option, the data entered in the input mask is transferred to sipgate and stored.
This data includes: email address, customer number and phone number, if required.
II. Legal basis for storage
Art. 6 (1) lit. a GDPR forms the legal basis for data processing with the user’s consent.
The legal basis for processing data transferred as part of an email is provided by Art. 6 (1) lit. f GDPR. If the email contact aims at concluding an agreement, Art. 6 (1) lit. b GDPR forms an additional legal basis for processing.
III. Purpose of data processing
sipgate exclusively processes personal data from the input masks for processing the contact request. In the case of contact being made via email, this also constitutes the necessary and justified interest in processing the data.
The other personal data processed during the send process serves to prevent the misuse of the contact form and ensure the security of sipgate’s IT systems.
IV. Storage period
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent via email, this is the case once the respective conversation with the user has ended. The conversation has been concluded once the respective matter has been clarified in full and final.
V. Option to object and delete the data
The user may withdraw its consent for processing the personal data at any time. In such case, the conversation cannot be continued.
G. Zendesk
I. Description and scope of personal data processing
sipgate uses tools provided by Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA, for collecting and processing customer requests. When customers contact sipgate via email or chat, their email address, customer number and any other information sent are stored by zendesk.
II. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the legal basis for processing data which is transferred as part of an email or chat. If the contact aims at concluding or fulfilling an agreement, Art. 6 (1) lit. b GDPR forms the legal basis for processing.
III. Purpose of processing
The personal data is exclusively processed for finding a specific solution to customer queries whilst recording and/or processing them. It is essential in this respect for sipgate to be able to contact the respective customer.
IV. Storage period, deletion, option to object and delete the data
Users may request the deletion of their personal data at any time. In such case, the conversation cannot be continued.
H. DialogFlow
I. Description, scope and purpose of data processing
We use a chatbot on some of our websites. The Dialogflow software by Google Inc. used for this purpose uses machine learning for improving its understanding of and responses to input and queries. The data that has been entered is sent to servers spread around the globe for this purpose. All chats are stored without any references to natural persons. The dialogues exclusively serve to improve the chat system and are used for analyses only.
Personal data is neither queried nor required at any stage of the chatbot system. The user’s browser only creates a direct connection to the Dialog-flow server once explicit consent to call up the chatbot has been given. This gives Dialog-flow access to the IP address and information on the browser, operating system and device used. Dialog-flow may install cookies in the user’s browser.
II. Legal basis for data processing
The justified interest within the meaning of Art. 6 (1) lit. f GDPR is training purposes and learning from your input and queries.
I. Fonts
I. Description and scope of personal data processing
We engage the services of the copyright holders of fonts for displaying various fonts. To do so, the IP address of the querying computer is transferred to the copyright holder supplying the font.
II. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
III. Purpose of processing
The display of the sipgate website(s) in the requested font.
IV. Storage period, deletion, option to object and delete the data
The IP address is deleted immediately after accessing the font.
J. Gravatar
I. Description and scope of personal data processing
Website visitors can leave comments on some of the websites of sipgate GmbH. To do so, visitors have to give an email address.
When a new comment is stored, sipgate GmbH fully automatically checks if the website visitor has a Gravatar account based on the email address provided by the visitor.
Gravatar is a service by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, that is used to ensure that a profile picture is uploaded only once centrally to be displayed on all websites visited that contain a comment or similar function.
If no Gravatar account has been created for the requested email address, Gravatar immediately deletes the requested email address.
If a Gravatar account has been created for the requested email address, the profile picture of the respective user is automatically displayed on the websites of sipgate GmbH, together with the comments of this user.
No other data is stored in this respect.
II. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
III. Purpose of data processing
Displaying the profile pictures of users of the websites of sipgate GmbH.
K. Google
I. Description and scope of personal data processing
We use the services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, for our work as well as internal and external communication. As part of our work, various personal data (such as IP address of the querying computer, your name, your email address and other data processed during the conclusion of an agreement and/or its performance by us) is stored on Google servers, if required for the performance of the agreement or communication with the customer.
II. Legal basis for personal data processing
Art. 6 (1) lit. b and f GDPR forms the basis for the processing of personal data.
III. Purpose of processing
Customer contacts and other various processes that are required for the performance and fulfilment of the agreement.
IV. Storage period, deletion, option to object and delete the data
The data is deleted if no longer required and we are not obliged to store it by law.
L. Google Maps
I. Description and scope of personal data processing
sipgate uses the service of Google Maps by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on some of its websites. When using Google Maps, information on the use of the accessed webpages, including your IP address and the start address entered during route planning, may be transmitted to Google. When you access a webpage containing Google Maps, your browser establishes a direct connection to Google servers. Google transmits the map content directly to your browser which integrates it in the website. We do not have any influence over the scope of the data thus collected by Google.
II. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR
III. Purpose of processing
Displaying an interactive map with route planner.
IV. Duration of storage, erasure, option to object and remove the data
You can deactivate JavaScript in your browser if you object to the collection of data by Google Maps. However, you will not be able to see the map or plan your route in this case.
M. Calendly
I. Description and scope of personal data processing
We use the service of Calendly, 271 17th St NW, Ste 1000, Atlanta, GA 30363, USA., for arranging certain appointments. If a user uses this option, their email address, name and phone number, if applicable, are collected and stored.
II. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of this data. If the arrangement of an appointment aims at concluding an agreement, Art. 6 (1) lit. b GDPR forms an additional legal basis for processing.
III. Purpose of processing
The data is processed for the sole reason of arranging appointments between sipgate and the user in an uncomplicated manner.
IV. Storage period, deletion, option to object and delete the data
The data is deleted if no longer required and we are not obliged to store it by law.
If the user objects to the use of the service provided by Calendly, the user can always arrange appointments in a different manner (e.g. email or phone).
N. Web analysis
I. Google Tag Manager
Google Tag Manager is a solution that permits us to manage website tags via an interface (and therefore integrate Google Analytics and other Google marketing services in our websites). The Tag Manager does not process any personal user data in itself. Please refer to the descriptions of the individual Google services with regard to the processing of personal user data.
II. Google Analytics
1. Description and scope of personal data processing
The sipgate website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies which are stored on the user’s computer and which make it possible to analyse the user’s use of the website. This enables sipgate to analyse the use of the website(s) and thus create even more user-friendly contents.
The additional “User ID” function is also integrated on some websites.
The User ID is a unique, permanent and non-personalised character sequence which we allocate to you as a person and not to a specific device. It enables us to record your visit and user behaviour on our website from various devices (e.g. smartphone, tablet or laptop). The User ID is only allocated to you if we can clearly identify you as a user. This generally is the case when you register for the first time on our website. We do not combine the data collected under the User ID with personal data. We only transfer the pseudonymised User ID to Google Universal Analytics and use it as your pseudonym when dealing with Google. Other data and information relating to your account is not transferred to Google. Your user behaviour on our websites is then transferred to the Google servers in the USA, together with your User ID, where it is stored and processed for analysis purposes. Google links the transferred information to pseudonymised user profiles and provides sipgate with a summary of them. sipgate does not combine these transferred user profiles with your personal data. This makes it impossible to allocate the data to specific persons at all times.
sipgate has activated IP anonymisation (“_anonymizeIP()” extension) on this website. This means that IP addresses are recorded anonymously by way of IP masking to remove any direct link to persons. The full IP address is only transferred to Google servers in the USA and abbreviated there in exceptional circumstances. The IP address is usually abbreviated within the member states of the European Union or other contracting states of the Agreement on the European Economic Area and transferred to Google servers in the USA in abbreviated form.
2. Legal basis for personal data processing
Art. 6 (1) lit. a and f GDPR forms the basis for the processing of personal data. The above purpose also constitutes sipgate’s justified interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR.
3. Purpose of data processing
Google uses this information on behalf of sipgate for analysing the use of the latter’s website, for compiling website activity reports and for providing other services relating to the use of the internet and website for sipgate. Google does not combine the IP address transferred by your browser within the scope of Google Analytics with other data.
4. Storage period
The data is stored for a maximum period of 26 months.
5. Option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
You can adjust your browser settings to block the storage of cookies. However, we would like to point out that you may no longer be able to fully use all of the functions on this website in this case. You can also prevent the transfer of the data created by the cookie that relates to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the respective browser plug-in from the following link (http://tools.google.com/dlpage/gaoptout?hl=de). The web analysis remains deactivated until the Google add-on is deactivated and/or deleted. Please therefore do not delete this add-on as long as you wish to prevent the web analysis. The add-on has to be installed in every browser on every computer. You have to install the add-on separately if you access sipgate services and/or websites from different browsers / computers.
By using this website you agree for us to collect and process your personal data in the manner and for the purpose stated above if you have not installed the above browser plug-in.
The data collected in connection with your user ID when you installed the add-on can be deleted at any time. To do so, please send us an email with your user ID and request for deletion of the previously collected data.
6. Data processing in third countries
As part of the use of Google products, data is stored on servers located within the United States of America. This data usually (see Section VIII. A. 1.) does not relate to a person as it has been anonymised prior to being transferred.
Data transfer to the United States of America is justified by the conclusion of the agreement between sipgate and Google which contains standard provisions developed by the EU Commission.
III. Instana performance analysis service
1. Description and scope of personal data processing
sipgate uses a service provided by Instana Inc., 222 Merchandische Mart Plaza, Suite 1212, Chicago, IL, USA, on its websites and APIs for performance analysis purposes. All of the data processed by Instana is processed on servers located in the EU.
2. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
3. Purpose of data processing
This service is used for monitoring the technical stability of the services provided by sipgate on its websites. This makes it possible to monitor, recognise and improve system stability and performance. This data exclusively serves to provide sipgate services with the least possible errors and to rectify any errors found more quickly.
The above purposes also constitute the justified interest of sipgate in the data processing in accordance with Art. 6 (1) lit. f GDPR.
4. Deletion
The data stored by Instana is deleted after a maximum period of seven days.
IV. HubSpot
1. Description and scope of personal data processing
sipgate uses HubSpot, a service provided by HubSpot Inc., on its website for analysis purposes. HubSpot Inc. is a US company with branch in Ireland (HubSpot, 2nd floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 1 5187500).
HubSpot uses cookies (see Section III. on cookies) that are stored on the user’s computer and collect certain data. The data collected includes IP address, location, browser, duration of the visit and websites accessed. HubSpot analyses this data and uses it for generating statistics on the use if sipgate’s website(s).
2. Legal basis for personal data processing
Art. 6 (1) lit. a and f GDPR forms the basis for the processing of personal data using the Hub Spot service.
3. Purpose of data processing
The data collected via HubSpot is used for generating statistics on the use of the sipgate websites. sipgate requires these statistics to ensure that the website and all contents operate smoothly and to continuously optimise them.
sipgate further requires the data collected by the HubSpot service to provide users with targeted marketing.
The above purpose also constitutes sipgate’s justified interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR.
sipgate uses the data collected via the Hubspot service exclusively for the purposes stated above and never transfers it to third parties.
4. Deletion, option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
You can block the collection of data by HubSpot by blocking the storage of cookies in your browser settings. For instructions on how to do this, please go to http://www.meine-cookies.org/cookies_verwalten/index.html
If you wish to prevent the use of your data for marketing purposes, you can deactivate this option with one click at http://www.youronlinechoices.com/de
V. Wistia
1. Description and scope of personal data processing
sipgate uses the wistia service for all videos directly integrated in its websites. This service is used for recording various general video statistics, such as number of views, ratio between visitors and views, average play duration and conversion rate. wistia also creates heatmaps which can be used to find out the spot where most viewers ended the video and which parts of the videos have been viewed most often.
wistia collects the viewer’s operating system, browser, internet provider and accessing IP address for preparing the statistics. The data is exclusively collected for preparing the statistics.
2. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
3. Purpose of data processing
sipgate uses the wistia statistics to establish which videos are particularly popular amongst website visitors and at which point they stop watching them. This enables sipgate to adjust the video contents more accurately to meet the requirements and expectations of website visitors.
4. Deletion, option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
VI. Mixpanel
1. Description and scope of personal data processing
We use the software of Mixpanel Inc., 406 Howard Street, Floor 2, San Francisco, CA 94105, USA, for the statistical analysis of the use of our websites, apps and some emails.
Mixpanel uses cookie technology and pixels that are integrated in some websites, apps and emails for this purpose. The following data is collected during this process: request (requested file name), browser, browser version, browser language, operating system, screen resolution, Javascript, Java on/off, cookies on/off, colour depth, referrer URL, IP address (the IP address is collected in an anonymised format), time of access, clicks, time stamp and duration of an app session, app functions used and data for collecting the number of emails opened and delivered (see Section D).
The user data is processed in an anonymised format, i.e. no clearly identifiable user data (such as name) is processed and user IP addresses are transferred not at all or in abbreviated form only. All of these processing activities are exclusively based on an online ID and technical ID. Any IDs disclosed to Mixpanel (e.g. those of a customer service system) or email addresses are encrypted as hash values and stored as a series of characters that make it impossible to identify the data.
2. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
3. Purpose of data processing
The data collected through Mixpanel is used for continuously improving and optimising our website and to create a more user-friendly experience.
4. Deletion, option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
If you object to the transfer of protocol data of your activities on this website to Mixpanel, you can block the recording of data on your activities at any time with an opt-out cookie. You can activate the opt-out cookie at http://mixpanel.com/optout/.
However, please note that this cookie, and therefore the recording block, will be deleted when you delete your cookies in your browser (internet access programme) settings.
For further information and options to object to data collection by Mixpanel, please read the Mixpanel Privacy Policy at https://mixpanel.com/legal/privacy-policy/.
VII. Facebook Pixel
1. Description and scope of data processing
Some of the sipgate websites use the “Conversion Pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. By accessing this pixel in your browser, Facebook is able to recognise if a Facebook ad has been successful, in other words if it lead to the conclusion of a contract. Facebook provides sipgate with statistical data that does not have any correlation to specific persons only for this purpose. This enables sipgate to record the effectiveness of Facebook ads for statistical and market research purposes.
In particular if you are logged into Facebook, please refer to the Facebook Privacy Policy for further information: https://www.facebook.com/about/privacy/.
2. Option to object and delete the data
Please click here if you wish to withdraw your consent for the Conversion Pixel: https://www.facebook.com/settings?tab=ads#_=_ .
Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance website: http://www.aboutads.info/choices/
VIII. Facebook Website Custom Audience
1. Description and scope of data processing
sipgate uses the Facebook Pixel by Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA) on some of its websites for direct marketing purposes. Tracking pixels have been integrated in some of our websites for this purpose. The tracking pixel creates a direct connection between your browser and the Facebook server when you visit these websites. The only information that your browser sends to Facebook during this process is that your device has accessed the respective page. sipgate does not use the “extended comparison” function, i.e. the transfer of customer data in hash format to Facebook. If the user is also a Facebook user, Facebook is able to allocate the website visit to the user account. Please note that sipgate, as the provider of the websites, does not obtain any knowledge of of the content of the transferred data nor its further use by Facebook. sipgate can merely determine which Facebook users (selected by parameters such as age and interests) are to see the advertising. sipgate uses Custom Audiences so that no data sets, and particularly no emails, are transferred to Facebook, neither in encrypted or unencrypted form.
2. Option to object and delete the data
For further information, please read the Facebook Privacy Policy at https://www.facebook.com/about/privacy/.
Please click here if you do not wish for your data to be collected by Custom Audiences: https://www.facebook.com/settings?tab=ads#_=_
Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance website: http://www.aboutads.info/choices/
IX. Google Ads / remarketing
1. Description and scope of data processing
sipgate uses the service of Google Adds by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on some of its websites. Google Ads is an online advertising service which enables advertisers to place ads in the Google search results as well as the Google advertising network. Google Ads enables advertisers to determine specific key words and target groups in advance. These are then used for displaying an advert in the Google search results when the user calls up a search result that is relevant to the key words. In the Google advertising network, the ads are distributed via an automatic algorithm and based on the previously determined key words and target groups on relevant websites. The purpose of Google Ads is to advertise our website by displaying relevant advertising on third-party websites and in the Google search results.
We also use the Google Ads remarketing function. This function enables us to target our advertising by placing adverts that are personalised and relevant to the interests of the visitors to our website when they visit other websites in the Google Display network or use the Google search engine. Google uses cookies for performing the web analysis, which forms the basis for creating interest-related ads.
Google stores a cookie in the user’s browser when the user visits Google services or websites in the Google advertising network. This cookie records the user’s website visits. This cookie enables Google and us to trace if you generate sales, in other words complete or cancel a purchase of goods, when you have accessed our website through an ad.
The cookie stores personal information, such as the websites visited by you. Personal data, including the IP address of the internet connection used, is transferred to Google at every visit to our website. Google stores this personal data. Google may transfer the personal data that has been collected through the technical process to third parties.
2. Option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
You can permanently object to the installation of cookies by our website, as described above, at any time by adjusting your browser settings to block cookies. Such browser settings would also prevent Google from installing a cookie in your browser.
You can also delete any cookies previously installed by Google Ads using your browser or other software programmes.
Please note that if deleting all cookies on the device, this opt-out cookie will also be deleted. Should you therefore wish to continue to object, you will have to install the cookie again by clicking on the link above. The opt-out cookie is installed for each top level domain and device and prevents data collection for this website only.
Alternatively, you can deactivate the use of third-party cookies by going to the deactivation website of the network Initiative, http://www.networkadvertising.org/choices/, and implementing the additional opt-out information stated therein.
You can also object to interest-based Google advertising. To do so, go to https://www.google.de/settings/ads from every browser you are using and implement the required settings.
For further information, please read the applicable Google Privacy Policy at https://www.google.de/intl/de/policies/privacy/.
X. Bing Ads
1. Description and scope of data processing
We use the Bing Ads service by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on some of our websites. Microsoft installs a cookie on the device if the user arrived on the website through a Microsoft Bing ad. This enables Microsoft Bing and us to recognise that a person has clicked on an ad, was transferred to our website and reached a pre-determined conversion page. We only see the total number of users who clicked on a Bing ad and were transferred to a conversion page. Microsoft collects, processes and uses cookie information that is used for creating pseudonymised user profiles. These user profiles serve to analyse visitor behaviour and are used for displaying ads. No personal user identity information is processed.
2. Option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
If you do not wish for information on your behaviour to be used by Microsoft as described above, you can object to the installation of the required cookie – by adjusting your browser settings so that the automatic installation of cookies is generally deactivated, for instance.
You can also prevent the transfer of the data created by the cookie that relates to your use of the website and the processing of this data by Microsoft by declaring your objection at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
Please note that if deleting all cookies on the device, this opt-out cookie will also be deleted. Should you therefore wish to continue to object, you will have to install the cookie again by clicking on the link above. The opt-out cookie is installed for each top level domain and device and prevents data collection for this website only.
For further information on data protection and the cookies used by Microsoft and Bing Ads, please go to Microsoft’s website at https://privacy.microsoft.com/de-de/privacystatement.
XI. Bing Remarketing
1. Description and scope of data processing
We use the Bing Ads Remarketing app by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on some of our websites.
This app enables us to display our ads to users after they have visited our website, during the further use of the internet. We aim to display ads that are of interest to users. This process uses a cookie that is installed in the browser through which the user behaviour is recorded and analysed. No personal information on the individual website visitors is disclosed to us and we can only target our ads at website customer target groups once they have reached a critical number. This makes it impossible for us to determine the identity of individual visitors.
2. Option to object and delete the data
You can block the installation of cookies in your browser settings. However, our website may have limited functionality in this case.
You can also prevent Microsoft from collecting data on this website by clicking here: http://choice.microsoft.com/de-DE/opt-out
This sets an opt-out cookie which prevents future data collection when visiting our website.
Please note that if deleting all cookies on the device, this opt-out cookie will also be deleted. Should you therefore wish to continue to object, you will have to install the cookie again by clicking on the link above. The opt-out cookie is installed for each top level domain and device and prevents data collection for this website only.
You can also object to the use of cookies on the following websites:
http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choices/
XII. Google Optimize
1. Description and scope of data processing
We use the web analysis and optimisation service Google Optimize by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on some of our websites.
We use the Google Optimize service for improving the attractiveness, content and functionality of our website by displaying new functions and contents to a certain percentage of users and statistically analysing the changes of use.
Google Optimize is a sub-section of Google Analytics.
Google Optimize uses cookies that make it possible to optimise and analyse your use of our website. The information on your use of our website generated by this cookie is usually transferred to, and stored on, a Google server in the USA. We use Google Optimize with activated IP anonymisation, meaning that Google first abbreviates the IP address within member states of the European Union or in other contracting countries of the European Economic area. The full IP address is only transferred to a Google server in the USA and then abbreviated in exceptional circumstances. Google uses this information for analysing your use of our website, compiling reports on the optimisation tests and related website activities and for providing further services to us related to the use of our website and the internet.
2. Option to object and delete the data
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
You can block the installation of cookies by adjusting your browser settings accordingly. In addition, you can prevent the transfer of the data created by the cookie that relates to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the respective browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For further information on the collection and processing of data by Google, please read the Google Privacy Policy at http://www.google.com/policies/privacy.
O. Information transfer
We transfer data only in the following circumstances:
I. Payment types
sipgate transfers the personal data that has been collected and stored to our service providers within the scope of contractual regulations if this is necessary for processing your agreement. Obviously, these service providers are requested to comply with the applicable data protection regulations.
We cooperate with external service providers for the various payment methods available:
Credit card payments: SIX Payment Services Germany GmbH, Langenhorner Chausee 92-94, 22415 Hamburg, Germany.
Paypal payments: PayPal Deutschland GmbH, Am Marktplatz 1, 14532 Europaparc Dreilinden, Germany.
II. Affiliated companies
Affiliated companies are companies that are controlled by sipgate. Data may be transferred to affiliated companies. However, we only transfer data if these companies are either governed by this Data protection Declaration or comply with guidelines that provide at least the same level of protection as this Data Protection Declaration.
III. Legal or official obligation
We only disclose the personal data of our customers if required to do so by law or if such transfer is necessary to assert our general terms and conditions of business or other agreements or to protect our rights and the rights of our customers and third parties. This includes an exchange of data with companies specialising in the prevention and minimisation of misuse and credit card fraud. No data is transferred for commercial use by these companies, it is exclusively transferred for the purposes stated above.
P. Social networks
sipgate maintains a presence on the following social networks:
I. Facebook
Facebook is a social network operated by Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland). sipgate maintains a Facebook page (fan page).
If you have logged into your Facebook account and use the sipgate Facebook fan page, Facebook gives us access to your “public information” on Facebook that you make available to the public or approve for the respective application via a technical interface. On Facebook, “public” means that everyone, including persons outside of Facebook, can see your data. This includes your name, profile picture, cover photo, gender, networks, “Likes”, user name (Facebook URL) and user ID (Facebook ID).
Based on the Facebook data protection policy, Facebook decides which data is permanently accessible to the public and which you can make accessible by adjusting your privacy settings.
II. Twitter
sipgate maintains a Twitter account. Twitter is a microblogging service operated by the US company Twitter, Inc. (795 Folsom Str., Suite 600, San Francisco, CA 94107, USA).
Q. Information for participants in usability tests and user research activities
I. Description and scope of data processing
sipgate conducts usability tests and user research activities. These activities serve to create user-friendly sipgate services and to further develop our products based on external feedback. Participation in all such activities is voluntary. We use the lookback tool by Lookback Inc, 470 Ramona St, Palo Alto, CA 94301, USA, which acts as order processor within the meaning of Art. 28 GDPR, for these tests.
Within the scope of these tests, the names, email addresses of participants as well as recordings with time stamp and technical metadata of their participation are stored.
II. Legal basis for processing
The participant’s consent in accordance with Art. 6 (1) lit. a GDPR forms the basis for the processing of this data.
III. Purpose of data processing
The data is exclusively stored for the analysis of the test results for the purpose of internal product development. The data is not compiled with any other personal data that has been stored.
IV. Storage period
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. As the test results are not always analysed immediately, the data is deleted no later than one year from participation in the test.
V. Option to object and delete the data
The user may withdraw its consent for processing the personal data at any time. In this case, the participant cannot participate in the test or cannot continue their participation.
R. Voicemail Transcription
sipgate offers customers the option to have incoming voicemails transcribed.
I. Description, scope and purpose of data processing
Voicemail transcription enables users to transcribe audio voicemail messages recorded into text.
For transcription, sipgate uses a service provided by Cantab Research Limited, Company Number: 05697423 (trading as „Speechmatics“), 296 Cambridge Science Park, Milton Road, Cambridge, CB4 0WD, United Kingdom.
The received voicemail is stored as an audio file on sipgate’s servers, transferred to Speechmatics‘ interface, and transcribed with the help of artificial intelligence. The transcribed text is in turn sent back to sipgate via the interface, stored by sipgate, and displayed to the customer as an event in the Event List (call history). In addition, depending on the selected setting, the text file is sent to the customer by e-mail. After the transcription, the audio file is immediately deleted from Speechmatics‘ interface and records.
II. Legal basis for data processing
The legal basis for the processing is Art. 6 (1) lit. a DSGVO. Transcription of voicemails only takes place with the consent of the respective user.
III. Duration of storage
Speechmatics deletes the data as soon as they are no longer required to achieve the purpose for which they were collected; Speechmatics stores the data for a maximum of 7 days.
The transcription is stored for 30 days for purposes such as transcription retrieval in the event of a faulty transmission to the interface.
The storage period of the generated event on the sipgate system will depend on the settings of the respective user for the storage period of the event list.
It is possible to delete individual events at any time.
IV. Possibilities to object and for removal
The customer has the option to stop the transcription of voicemails at any time by deactivating this function.
The user can prevent the further storage of transcriptions that have already taken place as events in the event list at any time by directly deleting individual events or the entire event list and by his settings for the storage period of the event list.
S. Data processing during the provision of telephone services (existing / traffic data)
I. Description and scope of personal data processing
We collect your title, name, address, date of birth and payment information within the scope of the conclusion of an agreement.
In addition to the existing data, e.g. from the customer order, sipgate also uses your traffic and user data. Traffic and user data includes data created during telephone calls or through other methods via the network used by sipgate (SMS / MMS, data services).
II. Legal basis for personal data processing
Art. 6 (1) lit. b GDPR forms the basis for the processing of this data.
III. Purpose of personal data processing
The traffic data is created when the telecommunication connection is established and maintained and is required for invoicing purposes. It is stored, processed and used for a maximum period of six months from dispatch of invoice.
The existing data is required for performing the agreement.
The email address is also required for contacting the customer (sending invoices and other product-related information).
IV. Storage period, option to object and delete the data
Traffic data is stored for a maximum period of six months from dispatch of invoice.
In accordance with the German Telecommunications Act (Telekommunikationsgesetz – TKG), we are obliged to store the existing data until the close of the calendar year following the termination of the agreement. Any longer data storage periods required in accordance with commercial law, such as for invoices (German Commercial Code (Handelsgesetzbuch – HGB) or German Tax Code (Abgabenordnung – AO)) are binding.
Users may request the deletion of their personal data at any time. Upon receipt of such request, sipgate deletes the personal data, unless obliged to store it in accordance with commercial law.
Please also refer to the general terms and conditions of business and specification of services applicable to the respective product.
T. Rights of the data subject
If a user’s personal data is processed, this user becomes a data subject within the meaning of the GDPR. As a data subject, you have the following rights against sipgate, unless stated otherwise in the individual data processing regulations above:
I. Right to information
You may request confirmation if sipgate processes your personal data.
In the event of your personal data being processed, you may request the following information from the controller:
1. Purposes for which your personal data is being processed;
2. Categories of personal data being processed;
3. Recipients and/or categories of recipients to whom your personal data has been, or will be, disclosed;
4. Planned storage period for your personal data or criteria for determining the storage period if it is impossible to specify;
5. Existence of the right to correction or deletion of your personal data, the right to limit its processing by the controller or the right to object against such processing;
6. Existence of the right to complain to a supervisory authority;
7. All information available on the origin of the data if the personal data is not collected from the data subject;
8. Existence of an automated decision-making process, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved as well as the consequences and intended effects of such processing on the data subject.
You have the right to request information regarding the question if your personal data is transferred to a third country or international organisation. You may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR relating to the data transfer in this respect.
II. Right to correction
You have the right to request the correction and/or completion of the data from the controller if your processed personal data is incorrect or incomplete. The controller must correct the data immediately.
III. Right to deletion
1. Obligation to delete data
You may request for the controller to delete your personal data immediately. The controller is obliged to delete such data if one of the following reasons applies:
a) Your personal data is no longer required for the purposes for which it was collected or processed in any other manner.
b) You withdraw your consent for the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for such processing.
c) You object against the processing in accordance with Art. 21 (1) GDPR and there are no overriding justified interests for the processing or you object to the processing in accordance with Art. 21 (2) GDPR.
d) Your personal data has been processed illegally.
e) Your personal data has to be deleted in order to fulfil a legal obligation under EU law or the law of the member states applicable to the controller.
f) Your personal data was collected with regard to services offered by the information company in accordance with Art. 8 (1) GDPR.
2. Information transfer to third parties
If the controller has published your personal data and is obliged to delete it in accordance with Art. 17 (1) GDPR, the controller shall implement adequate measures, including technical measures that take into consideration the available technology and implementation costs, to inform the controllers that are processing the personal data that you, the data subject, have requested the deletion of all links to this personal data, copies or duplicates thereof.
3. Exceptions
The right to deletion does not exist if the processing is required for
a) Exercising the right to freedom of speech and information;
b) Fulfilling a legal obligation which is governed by EU law or the law of the member states applicable to the controller, or performing a task transferred to the controller which is in the interest of the general public or necessary to enforce the orders of a public authority;
c) Reasons of public interest with regard to public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
d) Archiving purposes that are in the interest of the general public, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR if the right stated in Section a) can be expected to make the realisation of the objectives of such processing impossible or if it would significantly impair it; or
e) Asserting, enforcing or defending legal claims.
IV. Right to information
If you have asserted the right to correction, deletion or limitation of processing against the controller, the latter is obliged to notify all recipient to which your personal data has been disclosed of such correction and deletion of the data or its limitation of processing, unless this is impossible or would incur disproportionate costs and effort.
You have the right to be notified by the controller about such recipients.
V. Right to data transferability
You have the right to receive your personal data which you provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer this data to another controller without being restricted by the controller to whom the personal data has previously been provided, if
The processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or an agreement in accordance with Art. 6 (1) lit. b GDPR, and
Automated methods are used for processing the data.
In execution of this right, you further have the right to enforce that your personal data is transferred directly from one controller to another, insofar as this is technically possible. Such actions may not impair the freedoms and rights of other persons.
The right to data transferability does not apply to personal data processing that is required for fulfilling a task transferred to the controller that is in the interest of the general public or necessary to enforce the orders of a public authority.
VI. Right to object
You have the right to object against the processing of your personal data based on Art. 6 (1) lit. e or f GDPR at any time and for reasons arising from your specific situation; the same applies for any profiling based on these regulations.
The controller will no longer process your personal data in this case, unless it can provide evidence of compelling reasons worth protecting for the processing which outweigh your interests, rights and freedoms, or the processing serves to asset, enforce or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for such advertising purposes at any time; the same applies to profiling that is related to such direct advertising.
If you object to the processing for the purpose of direct advertising, your personal data will no longer be processed for such purpose.
You have the option to assert your right to object by using automated methods that employ technical specifications in connection with the use of services provided by the information company, regardless of Directive 2002/58/EC.
VII. Right to withdraw the data protection consent declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of this consent does not affect the legality of the processing based on the consent until its withdrawal.
You may opt out of non-essential cookies by changing your cookie preferences (Link “Cookie Settings” in footer).
VIII. Right to complain to a supervisory authority
Notwithstanding any other remedy under administrative law or before the courts, you have the right to complain to a supervisory authority, particularly in the member state where you reside, work or where the alleged violation took place if you are of the opinion that the processing of the respective personal data violates the GDPR.
The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint, including the option of legal remedy in accordance with Art. 78 GDPR.
As of: 23 October 2020