Privacy Policy
Unless otherwise specified regarding certain legal relationships, the controller for the processing of personal data (“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) set out in this Privacy Policy, is:
RIVACY GmbH,
Mexikoring 33,
22297 Hamburg
(“RIVACY” or “we” or “us”)
E-mail: privacy@rivacy.io
This Privacy Policy applies to personal data that we process when you (i) visit our websites, (ii) submit information to us in connection with a potential business relationship with us.
General information on data protection
RIVACY as the controller of personal data and its processing – as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”) – takes the protection of your personal data very seriously and adheres strictly to the rules of the data protection regulations.
Personal data is processed on the website of the controller and within the scope of our entire business activity only to the extent that it is necessary. Under no circumstances will your personal data be made available to third parties without your consent or without another legal basis.
Below we give you information of how we ensure the protection of your personal data and what kind of personal data is processed for what purpose.
Technical and organisational measures in a nutshell
We make use of suitable technical and organisational security measures – also via our service providers, which we contractually commit to comply with data protection – to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our and the service providers’ security measures are continuously improved in line with technological developments. We therefore reserve the right to change these security and data protection measures if this becomes necessary due to technical changes.
When visiting our website and when using our services, we always use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your browser (software-dependent).
1. PERSONAL DATA PROCESSING ON OUR WEBSITE
The processing activities regarding your personal data when visiting our website and using our Services are set out below.
Website visit for purely informational purposes
RIVACY automatically processes personal data transmitted to us by the browser and other applications of your terminal device on the directly accessible Internet presences and services via the service providers commissioned by us (jointly log data). The relevant processed personal data is:
- Browser type/ version / plug-ins
- Operating system used
- General system information (such as end device, end device ID, screen resolution, etc.)
- Referrer URL (e.g. the page you visited previously)
- Host name of the accessing terminal device (e.g. IP address)
- Time of the server request
- Geo- and location data
- Device identification data of your end device.
The personal data mentioned will be processed by us for the following purposes:
- to ensure a smooth connection for our services,
- to ensure a comfortable use of our services,
- to ensure basic functionality of our services,
- to evaluate the system safety and stability, as well as
- for other administrative purposes.
The legal basis for personal data processing for the use of our services on our website is Art. 6 (1) (b) or (f) GDPR.
Automatically collected log data is deleted after the purpose of the processing has been fulfilled, usually 7 days after it has been collected, unless longer storage is necessary in individual cases for reasons of data and system security or for error identification and correction.
Without processing the personal data, the website may not be displayed optimally.
Contact Form
In order to answer other enquiries/quote requests from you, we process the following personal data:
- First name and surname
- Company
- Email address
- Phone number (optional)
- The content of your message.
Your details from the online contact form are processed by us for the purposes of
- processing the enquiry,
- the associated technical administration, as well as
- in the event that follow-up questions arise.
In the case of pre-contractual measures, this personal data is processed in accordance with Art. 6 (1) (b) GDPR, otherwise due to mutual interest in processing in accordance with Art. 6 (1) (f) GDPR.
We will retain your personal data under this section only for as long as it is necessary for the transmission of the information you have requested from us and the establishment of the possible business relationship with you.
To the extent that we are required by applicable law to retain certain personal data for legally defined periods of time (such as in connection with business transactions), we will continue to store such personal data for as long as necessary. In this case, the legal basis for processing the personal data is Art. 6 (1) (c) GDPR. Your personal data will be deleted immediately if it is no longer required for the purposes of fulfilling the legal obligations.
We collect the personal data listed under this section directly from you by providing the personal data yourself. Without processing the personal data (with the exception of any voluntary information), it is not possible to process your request.
Appointments
We use the Calendly appointment scheduling tool to make appointments with you. In order to make an appointment with us, we process the following personal data:
- Contact data (e.g. email address or phone number),
- Selected date and time, and
- Data entered into the Calendly form, including answers to qualification questions.
The information you provide in the Calendly form, including the data you enter there, will be stored by us for the purpose of processing your enquiry or for the purpose of processing a corresponding contractual relationship.
“Calendly” is a service provided by Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA.
You can request and select an appointment via the Calendly scheduling tool with its integrated online calendar. If you click on the corresponding button in our services or if you wish to make an appointment via a link transmitted by us (for example in an email), you will automatically be connected to our appointment account with Calendly. After choosing your appointment, confirming it and entering your contact details and concerns, you will receive an email from Calendly confirming your appointment.
If your enquiry is answered or the purpose no longer applies (e.g. the contractual relationship ends), we will delete your data promptly, subject to contractual or legal storage options. If you would like your data to be deleted prematurely, you can request us to delete it or withdraw your consent to its storage (if given). Mandatory legal provisions – in particular retention periods – remain unaffected.
Our legal basis for using the Calendly appointment scheduling tool is Art. 6 (1) (f) GDPR (legitimate interest), as Calendly enables us to fully automate appointment scheduling and thus make the process for corresponding appointment requests and meetings more efficient. Furthermore, the legal basis for data processing via Calendly is Art. 6 (1) (b) GDPR, insofar as appointment scheduling is carried out within the scope of our contractual relationships.
As far as possible, we try to use Calendly only on the basis of your express consent (e.g. via an opt-in) with regard to the usage of cookies (please see for cookies also Section 2 of this Privacy Policy). The legal basis for the integration of Calendly in this case results from Art. 6 (1) (a) GDPR. You can withdraw your consent at any time. If you do so, we will not (or no longer) use Calendly to communicate with you.
You can view more information about Calendly and Calendly’s data protection here: https://calendly.com/pages/privacy. Should Calendly transfer this data to a third country (e.g. the USA), this will only be done on a case-by-case basis, on the basis of a data processing agreement concluded with Calendly and in accordance with standard contractual clauses agreed with Calendly and other security measures permitted by the GDPR, which ensure the security of the processing of your personal data with a level of protection identical to that in the EU.
2. COOKIES
We use cookies and related technologies on our website (jointly “Cookies”). These are small (text) files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site and/or use our services. Cookies fundamentally do not cause any damage to your end device and do not contain any viruses, Trojans or other malware to the best of our knowledge and will.
Cookies are used to store information that is generated in connection with the specific end device used. This does not mean, however, that we will gain immediate knowledge of your identity.
We use different categories of cookies for following purposes:
- to statistically record the use of our website and to evaluate it,
- to optimise our services,
- to improve the website and to better achieve website goals,
- to enable to reach out to us through our website, as well as
- for marketing.
Essential cookies
Our use of essential cookies is based on Section 25 (2) of the German Telecommunications-Telemedia Data Protection Act (“TTDSG”) and Art. 6 (1) (f) GDPR. Essential cookies enable basic functions and are necessary for the proper functioning of the website. Without such cookies, our website would not work properly. We therefore process personal data such as cookie banner settings. Such personal data processing and use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These will be deleted automatically after leaving our website or terminating the service.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a specified period of time. If you visit our site again or use our services again, it will automatically be recognised that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.
Statistical and functional cookies
We also use statistical and functional cookies based on your consent according to Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. We use such cookies in order to statistically record the use of our website, to evaluate it for you for the purpose of optimising our offer (see also section 2) and to provide certain functions. These cookies are automatically deleted after a defined period of time.
Matomo
We use the web analysis tool “Matomo”, stored locally on our servers, to design our websites in accordance with demand.
If individual pages of our website are called up, the following data is stored:
- Two bytes of the IP address of the calling system
- The website called up
- The website from which the accessed website was reached (referrer)
- The subpages accessed from the accessed website
- The time spent on the website
- The frequency with which the website is accessed
- Technical details of the browser, such as version number or resolution.
Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise and count returning website visitors. The cookies are stored for 13 months. Data entered in forms is not recorded and is not visible at any time.
Analytics cookies
We also use analytics cookies based on Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. We use such cookies in order to e.g. measure our web audience to improve the website and to better achieve website goals (e.g. increase page views) or for web analytics and marketing purposes. These cookies are automatically deleted after a defined period of time.
LinkedIn Ads
Where you have given your consent, LinkedIn Ads, a web analytics service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is used in connection with this site.
Scope of processing
For LinkedIn Ads, the data processed using the LinkedIn Insight tag is also used to enable you to be shown ads on LinkedIn based on your interests.
For this purpose, the following personal data
- Data about visits to our website, including URL
- referrer URL
- IP address
- device and browser properties
- timestamp and page events.
is collected via our website and is used to enable an identity inference (=match) with users of LinkedIn and thus to play targeted advertisements. If you are not logged into LinkedIn, the data will only be used pseudonymously.
The use of LinkedIn Ads takes place under joint controllership with LinkedIn. For this purpose, a data processing agreement has been concluded with
LinkedIn, which currently assigns full responsibility to both parties for the processing assigned to them. LinkedIn combines your usage data with usage
data collected elsewhere and uses the resulting profiles to display individualised advertising and to provide evaluations.
Your data is only made available to us in aggregated and encrypted form.
Purposes of the processing
By using LinkedIn Ads, we can identify which advertising measures are particularly effective and our advertising measures can be played out in a more targeted manner.
Recipients
LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Irland) and LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA).
Transfer to third countries
The primary place of processing of your personal data is the European Union.
However, a transfer of data by LinkedIn to so-called third countries cannot be excluded. These third countries may not offer an adequate level of data protection according to the GDPR. If the data is transferred to the USA, for example, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal remedies. Below is a list of countries to which data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America
Where necessary, so-called standard contractual clauses are concluded for such a transfer for the services used.
Storage period
The pseudonymised data is deleted within 90 days if it is not processed or used in active campaigns.
You can also prevent the (further) collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to LinkedIn as well as the processing of this data by LinkedIn by making use of the options set out below.
Legal basis and withdrawal
The legal basis for this data processing is your consent, Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.
You can find more information on the terms of use for the LinkedIn Ads and on data protection at LinkedIn at https://www.linkedin.com/legal/sas-terms#additional-terms-for-optional-conversion-tracking and at https://www.linkedin.com/legal/privacy-policy.
Google Tag Manager
Insofar as you have given your consent, this website uses “Google Tag Manager”, a tag management system of Google LLC in connection with Google Ads (see below). The responsible service provider in the European Union is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland.
Scope of processing
Google Tag Manager uses cookies to allow measurement codes and associated code fragments, collectively referred to as tags, to be updated on our website and to determine when tags are triggered. The information collected by means of the cookies is transmitted to a Google server and stored there.
We use the “anonymizeIP” function (so-called IP masking) for the Google Tag Manager: Due to the activation of IP anonymisation on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of the Google Tag Manager will not be merged with other Google data.
The following data is collected during your visit to the website:
- Aggregated data on tag triggering.
The Google Tag Manager is used under joint responsibility with Google. A data processing agreement has been concluded with Google for this purpose, which, however, currently gives both parties full responsibility for processing operations assigned to them.
Purposes of processing
For us, Google will use this information to load our tags integrated by means of the Google Tag Manger (e.g. Google Ads Conversion Pixel).
Recipient
The recipient of the data is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), as well as Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Alphabet Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA), if applicable.
Transfer to third countries
The primary place of processing of your personal data is the European Union.
However, a transfer of data by the Google Tag Manager to so-called third countries cannot be excluded. These third countries may not offer an adequate level of data protection according to the standards of the GDPR. If the data is transferred to the USA, for example, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal remedy. Below is a list of countries to which data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America, Singapore, Chile, Taiwan.
Where necessary, so-called standard contractual clauses are concluded for such transfers for the services used.
Storage period
The data sent by us and linked to cookies are automatically deleted 14 days after retrieval.
In addition, you can prevent the (further) collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by making use of the options listed below.
Legal basis and withdrawal of consent
The legal basis for this data processing is your consent, Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.
More information on the terms of use for the Google Tag Manager and on data protection at Google can be found at https://support.google.com/tagmanager/answer/7157428 and at https://policies.google.com/?hl=de.
Google Ads
Insofar as you have given your consent, this website uses “Google Ads”, a service for displaying advertisements by Google LLC.
The responsible service provider in the European Union is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”).
Scope of processing
Google Ads uses cookies so that attention can be drawn to our offers in an optimal way through various advertising media (so-called Google Ads) on external websites and so that certain parameters for measuring success, such as display of the ads or clicks by users of our website, can be measured.
Through the integration of ads, Google receives the information that you have called up the corresponding part of our website or clicked on the ad from us. The information collected by means of the cookies is transmitted to a Google
server and stored there.
During your visit to the website, the following data is collected:
- Browser language, browser type
- Cookie ID, cookie information
- Date and time of visit
- IP address
- Referrer URL
- Usage data/ ads clicked on (events/ labels provided)
- Web request.
Google Ads are used under joint responsibility with Google. A data processing agreement has been concluded with Google for this purpose, but this agreement currently gives both parties full responsibility for processing operations assigned to them. Google combines your usage data with usage data collected elsewhere and uses the resulting profiles to display
individualised advertising and to provide analyses.
Your data will only be made available to us in aggregated and encrypted form.
Purposes of processing
The use of Google Ads enables us to identify which advertising measures are particularly effective.
Recipient
The recipient of the data is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), as well as Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Alphabet Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA), if applicable.
Transfer to third countries
The primary place of processing of your personal data is the European Union.
However, a transfer of data by Google Ads to so-called third countries cannot be excluded. These third countries may not offer an adequate level of data protection under the GDPR. If the data is transferred to the USA, for example, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly having any legal remedies. Below is a list of countries to which data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America, Singapore, Chile, Taiwan.
Where necessary, so-called standard contractual clauses are concluded for such transfers for the services used.
Storage period
We have set a conversion tracking period of 90 days, so that the corresponding cookies are deleted after the 90 days following a click.
In addition, you can prevent the (further) collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by making use of the options listed below.
Legal basis and withdrawal of consent
The legal basis for this data processing is your consent, Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.
For more information on terms of use for the Google Ads and data protection at Google, please visit https://policies.google.com/?hl=de.
Cookie Settings/withdrawal of consent/cookie providers
You can withdraw your consent to the storage of cookies (and similar technologies), except in relation to “strictly necessary cookies”, at any time by changing your cookie settings via the link at the footer area of our website.
Most browsers and devices automatically accept cookies. However, you can configure your browser or end device so that no cookies are stored on your end device or a message always appears before a new cookie is created. If you disable cookies completely, you may not be able to use all the functions of our website.
If you use several devices/browsers, you must carry out the opt-out/deletion of cookies on each individual device/browser. If you delete all cookies in your browser, this will also delete the opt-out cookies, so that it may be necessary to carry out the opt-out again. Further, if you delete all cookies, your experience on the website may be degraded.
To the extent the providers of the cookies/similar technologies are considered as our processors or joint controllers, we have entered into the according agreements with these providers to the extent available. Upon request, we will provide you with a description of the material provisions of any joint controller agreements we have entered into with a cookie provider to the extent required by law.
3. PERSONAL DATA PROCESSING WHEN CONTACTING RIVACY OUTSIDE OF THE WEBSITE
The processing activities regarding your personal data nor related to visiting our website are set out below.
Contacting Us
If you have any questions or concerns, we offer you the opportunity to contact us via the contact details provided on the respective website (email/phone).
Personal data as a valid e-mail address or phone number, the first and last name, customer number, as well as the content of your request is necessary, so that we know from whom the inquiry originates and to enable us to answer it. You can provide further personal data voluntarily, which we will then use according to your contact request.
In the case of pre-contractual measures, this personal data is processed in accordance with Art. 6 (1) (b) GDPR, otherwise due to mutual interest in processing in accordance with Art. 6 (1) (f) GDPR.
The personal data processed by us for the use of the contact form will be completely deleted automatically after completion of the request made by you at the end of reasonable retention periods.
Zoom meeting with us
We use the “Zoom” tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service
provided by Zoom Video Communications, Inc. which is based in the USA.
Scope of processing
When using “Zoom”, various types of personal data are processed. The scope of the data processing also depends on the data you provide before or when participating in an “online meeting”. The following personal data are subject to processing:
- User details: first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional),
- Department (optional)
- Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
- For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
- Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text
entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of
video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are
processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications.
To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
Purposes of the processing
We use “Zoom” to conduct “Online Meetings”. If we want to record “online meetings”, we will transparently inform you in advance and – if necessary – ask for your consent/consent. The fact of the recording will also be displayed to you in the “Zoom” app.
If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will not usually be the case.
If you are registered as a user with “Zoom”, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars,
survey function in webinars) may be stored by “Zoom” for up to 12 months. We are not responsible for this, “Zoom” is. Further information on the data protection of Zoom Video Communications, Inc. can be found at https://zoom.us/de-de/privacy.html.
Legal basis for data processing
The legal basis for data processing when conducting “online meetings” is Art. 6 (1) (b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. Here too, our interest lies in the effective implementation of “On
If, exceptionally, a recording is made, the legal basis is consent, Art. 6 (1) (a) GDPR.
Recipients
Personal data processed in connection with participation in “Online meetings” will generally not be passed on to third parties, unless it is intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of “Zoom” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Zoom”.
Transmission to third countries
“Zoom” is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” which complies with the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured our Zoom system in such a way that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “Online Meetings”.
However, the transfer of data to the USA as a third country cannot be ruled out. This third country may not offer an adequate level of data protection according to the GDPR. If the data is transferred to the USA, there is a risk that your data will be processed by US authorities for control and monitoring purposes without you possibly being able to appeal.
Duration of storage
The personal data concerning you will be stored until the purpose of the data processing no longer applies or after the expiry of legal or official retention
obligations.
Locally stored chat messages are deleted if they are older than 30 days. Storage in the cloud has been deactivated.
Note: Insofar as you call up the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the website is only necessary
for using “Zoom” in order to download the software for using “Zoom”.
You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
Payment
We also collect your personal data such as name, surname, payment methods, invoices, credit card numbers or similar to enable you to make payment transactions within the scope of any contracts with us.
This processing of personal data is based on Art. 6 (1) (b) GDPR for purposes of the performance of a contract.
The personal data processed by us for the payment will be automatically deleted in full after completion of the payment transaction or the business relationship, including after expiry of appropriate retention periods.
Rivacy as Contact Point
We may also process your personal data if we act as a contact point for us towards any authority in the EU to fulfill our contractual obligations for our customers.
4. HOW YOUR PERSONAL DATA MAY BE SHARED
UK Entity
If you are a citizen of the UK or the EU and contacted our subsidiary RIVACY Ltd., 87 Warriner Gardens, Unit G1/ G2, The Imperial Laundry, London, England, SW11 4XW (“RIVACY Ltd.”) to reach us, RIVACY Ltd. will process this personal data on our behalf and will transfer the personal data to us for the purposes set out above. RIVACY Ltd. may also process your personal data if RIVACY Ltd. acts as a contact point for us towards any authority in the UK to fulfill our contractual obligations for you or our customers.Swiss Entity
If you are a citizen of the UK or the EU and contacted our subsidiary RIVACY Switzerland GmbH, Hardturmstraße 11, c/o ePartners Rechtsanwälte AG, 8005 Zürich (“RIVACY Switzerland GmbH”) to reach us, RIVACY Switzerland GmbH will process this personal data on our behalf and will transfer the personal data to us for the purposes set out above. RIVACY Switzerland GmbH may also process your personal data if RIVACY Switzerland GmbH acts as a contact point for us towards any authority in Switzerland to fulfill our contractual obligations for you or our customers.Other Recipients
Your personal data will generally only be transmitted if you have given us your consent, if it is necessary for the establishment, execution or termination of a contractual obligation or if it is necessary to safeguard the legitimate interests of the controller and there is no reason to assume that your interests worthy of protection in the exclusion of the processing or use outweigh or there are statutory transmission obligations.
If we transfer personal data to companies commissioned by us or cooperating with us, to our subsidiary RIVACY Ltd. or to other third parties, we have entered into agreements with them in accordance with applicable law, in particular in accordance with Art. 26 and 28 GDPR. Under this provision, the other personal data processing bodies undertake to guarantee an adequate level of data protection. Please contact us for details regarding this; we will be pleased to meet your justified claims for information.
5. INFORMATION ABOUT THE CONTROLLER
Please contact us using the contact details from above if you have any questions or requests for information, if you wish to assert your rights or if you wish to withdraw any consent you may have given to the use of your personal data.
6. YOUR CHOICE
You are not obliged to give us your personal data or consent for processing of your personal data. You have moreover certain choices about personal data, e.g. where you have consented to the processing of your personal data, you may withdraw that consent at any time and prevent further processing by contacting us as described above. Even if you opt out, we may still collect and use non-personal data regarding your activities on our services and for other legal purposes as described above. You can also use our cookie banner on our website to pre-select the use of cookies. Please note that if you do not want to share your personal data for the purposes described above, we may not be able to perform some of our services properly.
7. AUTOMATED DECISION-MAKING
Automatic decision making does not take place.
8. YOUR RIGHTS
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or to object to processing, the existence of a right to object, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on their details;
- in accordance with Art. 16 GDPR to immediately request the rectification of incorrect or incomplete personal data stored by us;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
- in accordance with Art. 7 (3) GDPR to withdraw your consent once given to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future; and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our place of business. The supervisory authority responsible for the controller is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit,
Ludwig-Erhard-Straße 22,
20459 Hamburg
Telefon: 040/428544040
E-Mail: mailbox@datenschutz.hamburg.de
Further information on the respective responsibilities, activities and personal data processing by the supervisory authority can be found in the relevant information, e.g. at https://datenschutz-hamburg.de.
INDIVIDUAL RIGHT OF OBJECTION according to Art. 21 GDPR
You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 (1) (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions.
If we use personal data for direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.
If you object to the processing for the purpose of direct marketing, the personal data will no longer be processed for these purposes.
If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
For the execution of your rights set out in this section, please use the contact details from above.
9. UPDATE AND AMENDMENT OF THIS PRIVACY POLICY
This Privacy Policy is currently valid in the version of June 2023.
Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection notice. The current data protection information can be retrieved and printed any time via the website at rivacy.io/privacy-policy/