Last update: 04 December 2020
In the following we inform about the collection of personal data when using
- our website www.planetly.org
- our profiles on the social media sites Facebook, Instagram, Twitter, LinkedIn and Xing.
Personal data is all data that can be related to you personally, e.g. your e-mail address, your IP address or your browser.
Data controller within the meaning of art. 4 para. 7 EU-General Data Protection Regulation (GDPR) is Planetly GmbH, legally represented by Anna Alex and Benedikt Franke, Gormannstr. 14, 10119 Berlin, email: [email protected].
Scope of data processing, processing purposes and legal basis
The scope of the processing of your data, processing purposes and legal basis are described in detail below. The following are generally applicable as the legal basis for data processing:
- Art. 6 para. 1 s. 1 it. a GDPR serves us as the legal basis for processing operations for which we obtain your consent.
- Art. 6 para. 1 s. 1 lit. b GDPR is the legal basis insofar as the processing of your personal data is necessary for the performance of a contract, e.g. if you purchase a product from us or if we perform a service for you. This legal basis also applies to processing which is necessary for pre-contractual measures, e.g. in the case of inquiries about our products or services.
- Art. 6 para. 1 s. 1 lit. c GDPR is applicable if we fulfil a legal obligation by processing your personal data, as may be the case under tax law.
- Art. 6 para. 1 s. 1 lit. f GDPR serves as a legal basis if we can invoke legitimate interests in processing your data, e.g. for cookies that are required for the technical operation of our website.
You have the following rights against us with regard to your personal data:
- Right of access,
- Right to correction or deletion,
- Right to limit processing,
- Right to object to the processing,
- Right to data transferability,
- Right to revoke a given consent at any time.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data.
Obligation to provide data
Within the scope of our business relationship, you only need to provide us with personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract.
Mandatory data are marked as such.
No automatic decision making in individual cases
As a matter of principle, we do not use a fully automated decision-making process in accordance with article 22 of the GDPR to establish and implement the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.
When you contact us by email or telephone, the data you provide (e.g. your email address and your name) will be stored by us to answer your questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in answering any inquiries addressed to us. We delete the data arising in this context after storage is no longer required or restrict processing if there are legal obligations to retain data.
Data processing on our website www.planetly.org
Collection and use of personal data
When you use the website for information purposes, i.e. if you do not send us information separately, we collect the personal data that your browser sends to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
These data are:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access Status/HTTP Status Code
– Amount of data transferred in each case
– Website from which the request comes
– Operating system and its interface
– Language and version of the browser software.
This data is also stored in log files. They are deleted when their storage is no longer required, at the latest after 14 days.
We host our systems on the basis of a data processing agreement (Art. 28 GDPR) on EU servers of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA. Although the processing of personal data is not an original task of the hoster, it cannot be excluded that the hoster can still access personal data.
If you contact us via the contact form on our website, we will save the data requested there and the content of your message.
The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in answering inquiries addressed to us.
We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal obligations to retain data.
If we use the services of a third party provider within the scope of our contact form, you will find further information on this provider under “Third party tools” below.
On our website you have the possibility to subscribe to a free newsletter. The data provided during registration will be processed exclusively for sending the newsletter.
By clicking on the corresponding field on our website, you declare your consent to the processing of your data. Therefore, the legal basis is Art. 6 para. p. 1 lit. a GDPR. You can revoke your consent at any time, e.g. by sending an e-mail to [email protected] or via the link provided for this purpose in the newsletter. The processing of your data until revocation remains lawful even in the event of revocation.
If you have already used services from us or purchased goods, we reserve the right to inform you from time to time by email about our similar offers, if you have not objected to this. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to send out direct advertising (recital 47 GDPR). You can object to the use of your e-mail address for advertising purposes at any time without additional cost, for example by using the link at the end of each e-mail or by sending an e-mail to [email protected].
The payment processing is carried out on the basis of a data processing agreement (Art. 28 GDPR) via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”), to whom we pass on data provided during the ordering process together with information about the order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number). Processing by Stripe is done to make payment possible.
The legal basis is Art. 6 para. 1 s. 1 lit. b GDPR. Your data will be passed on exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. Further information about the data protection of Stripe can be found under https://stripe.com/privacy-center/legal.
We publish vacant positions in our company on our website or on pages linked to the website.
The processing of your data provided in the context of the application is carried out for the purpose of the application procedure. The legal basis is Art. 88 para. 1 GDPR in connection with § 26 Abs. 1 Federal Data Protection Act, as far as the data are necessary for our decision to establish an employment relationship. We have marked data required for the application procedure accordingly or refer you to them. If you do not provide these data, we will not be able to process your application.
Further data are voluntary and not required for an application. If you provide further information, the basis for this is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).
Please do not include in your CV and cover letter information about political opinions, religious beliefs, and similar sensitive data. They are not required for your application. However, if you do provide such data, we will not be able to prevent them from being processed in the context of your the processing of your CV or cover letter. Their processing is then also based on your consent (Art. 9 para. 2 lit. a GDPR).
Finally, we process your data for further application procedures if you have given us your consent to do so. In this case the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
We pass on your data to the responsible employees of the human resources department and to the employees who are otherwise involved in your application process.
If we enter into employment with you after the application process, we will not delete your information until the employment ends. Otherwise, we will delete your data no later than six months after receiving your application.
If you have given us your consent to also use your data for further application procedures, we will only delete your data one year after receiving your application.
Technically necessary cookies
Our website sets cookies. Cookies are small text files that your web browser stores on your end device. Cookies help to make the website more user-friendly, effective and safer. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter “technically necessary cookies”), the legal basis for the associated data processing is Art. 6 Para. 1 S. 1 lit. f GDPR, as we have a legitimate interest in providing you with a functioning website.
Specifically, we set technically necessary cookies for the following purpose or purposes:
- Transfer of language settings
- Shopping cart
- Memorising search terms
Further information about the various tools, e.g. about their providers, the legal basis of data processing and any data transfer to a non-EU country can be found in the following list:
This information is usually transferred to a Google server in the USA and stored there. The legal basis for processing is the consent of the site visitor (Art. 6 para. 1 s. 1 lit. a GDPR). If site visitors wish to revoke their consent, they can contact us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
Google uses this information to evaluate the use of our website by site visitors, to compile reports on the activities on this website and to provide us with additional services related to the use of this website and the use of the internet. This data can be used to create pseudonymised user profiles of the site visitors. Google does not combine the IP address transmitted by the visitor’s browser with other data.
Facebook-Pixel und Custom Audiences
On our website, we use the “Visitor Action Pixel” of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on the basis of a contract for processing orders (Art. 28 GDPR).
The Visitor Action Pixel enables us to track the behaviour of page visitors after they have been directed to our website by clicking on a Facebook advertisement (so-called “conversion”). We may also use this information to measure the effectiveness of Facebook Ads for statistical and market research purposes.
The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook can link this data to your Facebook account and also use it for its own advertising purposes in accordance with Facebook’s Data Usage Policy. In addition, based on the information collected with the Facebook pixel, we may serve ads to Facebook users who have previously visited our site through the “Custom Audiences” service.
The data processed includes Facebook user ID, IP address, browser information, non-sensitive custom data, Facebook cookie information, referrer URL, pixel-specific data, pixel ID, social media friend network, usage data/user behaviour, views and interactions with content and advertisements and services, content viewed, device information, marketing campaign success, transaction information, hardware/software type, browser type, device operating system, geographic location, cookie ID, information from third-party sources, user agent and conversions. For more information, please visit https://www.facebook.com/about/privacy/.
The Visitor Action Pixel is triggered by Facebook when our website is called up and can store a cookie on the visitor’s device. If the page visitor then logs in to Facebook or visits Facebook when logged in, the visit to our website is noted in his or her profile. The data collected about him or her remains anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective profile of the page visitor is possible and can be used by Facebook as well as for our own market research and advertising purposes.
The legal basis for the use of this service is the consent of the page visitor (Art. 6 para. 1 sentence 1 lit. a GDPR). Visitors to the site can revoke their consent at any time by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
The security of the data is ensured as the contract with Facebook contains standard contract clauses according to Art. 46 para. 2 lit. c GDPR, which have been adopted by the EU Commission.
Google Marketing Plattform
On our website, we use marketing and remarketing services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on the basis of a data processing agreement (Art. 28 GDPR). These services allow us to display advertisements in a more targeted manner in order to present page visitors with advertisements that meet their interests. Remarketing allows us to show site visitors ads and products that are of interest to other sites on the Google Network.
For these purposes, a code is executed when Google calls up our website and so-called (re)marketing tags are integrated into the website. These tags are used to store an individual cookie or similar technology on the visitor’s device. The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites page visitors have visited, what content they are interested in and what offers they have clicked on. In addition, technical information about the browser and operating system, referring websites, visiting time and other information about the use of the website is stored.
All data of the site visitors are only processed as pseudonymous data. Google therefore does not store names or email addresses. All displayed ads are therefore not shown specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to servers in the USA and stored there.
The Google marketing services we use include the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked on the websites of AdWords customers. The information collected through the cookie is used to compile conversion statistics for AdWords customers who have opted in to conversion tracking.
AdWords customers are told the total number of page visitors who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies site visitors.
Further information about Google’s use of data when using Google partner sites can be found at https://policies.google.com/privacy?hl=de.
The legal basis for the use of the Google services described is your consent (Art. 6 para. 1 sentence 1 lit.a GDPR). Visitors to the site can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
The security of the data is ensured as the contract with Google contains standard contractual clauses according to Art. 46 para. 2 lit. c GDPR, which have been adopted by the EU Commission.
We use the web analysis service Hotjar of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter “Hotjar”) on the basis of a data processing agreement (Art. 28 DSGVO). Hotjar uses, among other things, cookies that are stored locally in the cache of the web browser of site visitors and that enable an analysis of the use of our website by site visitors.
Personal data can be stored and evaluated in this way. This includes the site visitor’s activity (e.g. which pages he visited and which elements he clicked on), device and browser information (especially the IP address and operating system) and a tracking code in the form of a pseudonymised user ID. The information collected in this way is transferred by Hotjar to a server in Ireland and stored there in anonymised form.
Further information on how Hotjar processes the data can be found at https://www.hotjar.com/legal/policies/privacy.
By using Hotjar, we can better understand the needs of our site visitors and optimise the services offered on this website. The legal basis for the processing of users’ personal data is generally the user’s consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR. Site visitors can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
The above-mentioned data will be stored for as long as necessary to fulfill the purposes described in this data protection declaration or as required by law.
We use HubSpot, a software of HubSpot Inc., USA, for various marketing and CRM activities on the basis of a data processing agreement (Art. 28 GDPR). This software helps us to better coordinate our marketing strategy and to optimise the content provided to you by means of statistical analyses and evaluations of the logged user behaviour.
Hubspot processes the following data:
– Geographic position
– Browser type
– Navigation information
– Reference URL
– Performance data
– Information about how often the application is used
– HubSpot subscription service credentials
– Files that are displayed on site
– Domain names
– Viewed pages
– Aggregated use
– Version of the operating system
– Internet service provider
– IP address
– Device identification
– Duration of the visit
– Where the application was downloaded from
– Operating system
– Events that occur within the application
– Access times
– Clickstream data
– Device model and version
The legal basis of the processing is the consent of the user (Art. 6 para. 1 sentence 1 lit. a DSGVO). Visitors to the site can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
Our website uses functions of CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA (“CloudFlare”) on the basis of a data processing agreement (Art. 28 GDPR). CloudFlare offers a worldwide distributed content delivery network and has domain name servers. Technically, the transfer of information between a site visitor’s browser and our website is routed through the CloudFlare network.
CloudFlare is thus able to analyse the data traffic between the user and our website in order to detect and fend off attacks on our services. We have a legitimate interest in providing such protection, which is why the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR.
CloudFlare collects statistical data about the visit of this website. The access data includes the name of the accessed website, file, the date and time of the access, the transferred data volume, the message about a successful access, the browser type including version, the operating system of the site visitor, the URL of the previously visited site, IP address and the requesting provider.
The security of data transfer to the USA is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR), which have been adopted by the EU Commission and which we have agreed with CloudFlare.
Data processing in social media
We are represented in the social networks below to present our company and our services. The operators of these networks regularly process your data for advertising purposes. Among other things, they create user profiles from your online behaviour, which are used, for example, to show you on the pages of the networks and also otherwise on the Internet advertising that corresponds to your interests.
For this purpose, the operators of the networks store information on your usage behaviour in cookies on your computer. Furthermore, it cannot be ruled out that the operators will combine this information with other data. This is especially the case if you have an account in the network and are logged in to it. Further information and instructions on how you can object to the processing of your data by the site operators can be found in the data protection declarations of the respective operators listed below.
It is also possible that the operators or their servers are located in non-EU countries, so that they process your data there. This can result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users.
If you contact us via our company profiles, we process the data you provide us with in order to answer your inquiries. This is in our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
We are represented on the following social media pages:
- Facebook (Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – We are jointly responsible with Facebook for the processing of your data when you visit our fan page on the basis of an agreement in accordance with Art. 26 GDPR. Facebook explains which data are processed exactly at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can exercise your rights against us as well as Facebook. However, according to our agreement with Facebook, we are obliged to forward your requests to Facebook, so that you will receive a faster response if you contact Facebook directly.
- Instagram (Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)