Privacy policy

This privacy policy was created for the corporate website of Scoutbee GmbH – www.scoutbee.com – and for the product website www.scoutbee.io. This data protection declaration was written in English and German. In the event of contradictions between the English and German versions, the English version shall always prevail.

I. Name and contact details of the Controller

The Controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws is:

Scoutbee GmbH

Holundergasse 10, 97262 Hausen bei Würzburg
Phone: +49 (0)931 466219 60
E-mail: connect@scoutbee.com

Contact details of the internal Data Protection Officer

Scoutbee GmbH
Data Protection Officer

Lützowstraße 106
10785 Berlin
dataprotection@scoutbee.com

II. General information concerning the processing of personal data

Scope of processing of personal data

We (the “Controller” pursuant to the GDPR) take the protection of your data very seriously. In principle, we only process (Art. 4 (2) GDPR) the personal data of our users (“data subjects” within the meaning of GDPR) insofar as this is necessary to deliver a functional website along with our services and content. The collection and use of personal data concerning our users only regularly occurs with the user’s consent. Exceptions apply in cases where obtaining prior consent is not possible due to the factual circumstances and the data processing is permitted by statutory regulations. As a rule, our services are directed towards adults. Persons under the age of 18 should not transfer personal data to us without the consent of their parents or legal guardian(s).

Legal basis for the processing of personal data

Insofar as we obtain the data subject’s consent for the processing of personal data, Art. 6 (1)(a) GDPR is the legal basis for the processing of personal data.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract, Art. 6 (1)(b) GDPR is the legal basis.

Insofar as processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1)(c) GDPR is the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1)(f) GDPR is the legal basis for processing.

Duration of storage and deletion of personal data

The personal data concerning the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may extend beyond this period if this is stipulated by EU or national lawmakers in EU directives, laws or other regulations to which the controller is subject, particularly laws concerning taxes and accounting. The data will also be blocked or erased after the expiration of a storage period prescribed by the above regulations, unless continued storage of the data is necessary in order to enter into a contract or for contract performance.

Links to third-party providers

Insofar as our website contains links to third-party services purely as recommendations, partners or customers, such websites are not subject to our privacy policy, but rather to the privacy policy of the third-party provider. This does not include the third parties that are listed individually below.

Websites and languages

This privacy policy has been written for both www.scoutbee.com and www.scoutbee.io in English and German language. In case of inconsistencies between the English and the German version, the English version shall always prevail.

The specific services for each website have been categorised below.

III. General provisions for all our websites

Provision of website and log files

Description and scope of data processing

For each visit to our websites, our system automatically collects data and information from the computer system of the visiting device.

The following data is collected in this context:

your IP address
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer of smartphone
Time and date of server request

This data will also be stored in our system log files. This data will not be stored together with other personal data of the user.

Legal basis for data processing

The legal basis for temporary storage of data and log files is Art. 6 (1)(f) GDPR. We have a legitimate interest in improving the functionality and stability of the website.

Purpose of data processing

It is necessary for the system to temporarily store the IP address in order to deliver the website to the user’s device. For this purpose, the user’s IP address must be saved for the duration of the session. Storage in log files occurs in order to ensure the functional operation of the website. We also use this data to optimise the website and to ensure the security of our IT systems. The data will not be analysed for marketing purposes in this context.

Duration of storage

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. Where data is collected for the provision of the website, this is the case when the respective session has ended. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

In case of data storage in log files, this occurs after seven days at the latest. Storage for longer periods of time is possible. In this case, the IP addresses of the users will be deleted or disguised so that it is no longer possible to identify the visiting client.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or which the internet browser stores on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence that enables unambiguous identification of the browser when accessing our website again. On our website, we also use cookies that allow us to analyse the browsing patterns of users.

The following data may be transmitted in this way:

Search terms entered
Frequency of website access
Use of website functions

When accessing our website, the user will be informed about the use of cookies for analytical purposes and give consent to the processing of the personal data used in this context. Reference will also be made to this privacy policy.

Legal basis for data processing

The legal basis for the processing of personal data using cookies that are essential because of technical requirements is Art. 6 (1)(f) GDPR (essential cookies). We have a legitimate interest in providing a stable service and improving our website. The legal basis for the processing of personal data using cookies for the purposes of functionality and marketing, if the user has granted consent in this regard, is Art. 6 (1)(a) GDPR (functional and marketing cookies).

Purpose of data processing

Analytical cookies are used for the purpose of improving the quality of our website and its content. Analytical cookies allow us to learn how the website is used and allow us to optimise our services continually.

Duration of storage

Cookies are stored on the user’s device and transmitted to our website by the device. For this reason, you as user have complete control over the use of cookies. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

Contact form and e-mail contact

Description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input screen will be transmitted to us and stored. This data includes:

Name
E-mail

E-mail address and the time the message is sent, the following data will also be stored:

Data and time of registration
E-mail address
Name and phone number if provided

Alternatively, contact is possible via the e-mail address provided. In this case, the user’s personal data submitted with the e-mail will be stored.

In this context, the data will not be transferred to third parties. The data will exclusively be used to process the conversation.

Legal basis for data processing

The legal basis for the processing of data is contractual pursuant to Art. 6 (1)(b) GDPR, if the aim of e-mail contact is to enter into a contract.

The legal basis for the processing of data that is transmitted when sending an e-mail in other events is Art. 6 (1)(f) GDPR.

Purpose of data processing

We only process personal data from the input screen in order to establish contact. In case of contact via e-mail, we also have the required legitimate interest in data processing. Other personal data processed during the sending process helps to prevent misuse of the contact form and to guarantee the security of our IT systems.

Duration of storage

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input fields in the contact form and data sent via e-mail, this is the case once the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the situation in question has been resolved definitively.

Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

Registration

Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. Data is entered in an input screen and transmitted to us and stored. The data will not be transferred to third parties.

The following data is collected during the registration process:

Name
E-mail

At the time of registration, the following data will also be stored:

The user’s IP address
Data and time of registration
Legal basis for data processing

The legal basis for the processing of data is contractual pursuant to Art. 6 (1)(b) GDPR.

Purpose of data processing

User registration is required in order to provide certain content and services on our website since we only offer content within the closed system.

Duration of storage

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

This is the case for data collected during the registration process if registration for our website is cancelled or modified.

Usercentrics

Description and scope of data processing

This website uses Cookie Consent Management Tool, a cookie service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Usercentricsuses so-called “Cookies”. These are text files that are stored on your computer, making it possible to analyse your use of our website. The information generated by the cookie about your use of this website (including your IP address) is generally transferred to a Usercentrics server and stored there.

Legal basis for data processing

The legal basis for the processing of personal data using Usercentrics’s is Art. 6 (1)(f) GDPR. We have a legitimate interest in improving the functionality and stability of the website and a legal obligation to provide consent management tool.

Purpose of data processing

The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Usercentrics’s privacy policy at https://usercentrics.com/privacy-policy/.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://usercentrics.com/privacy-policy/.

Hotjar

Description and scope of data processing

This website uses hotjar, a web analysis service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. You can find more information about the use of this data at: https://www.hotjar.com/legal/policies/privacy.

Legal basis for data processing

The legal basis for the processing of personal data using Hotjar is Art. 6 (1)(a) GDPR.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our services technically and economically. With the help of Hotjar, we can detect errors on the website, identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 (1)(f) GDPR.

Purpose of data processing

The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://www.hotjar.com/legal/policies/privacy.

Google Fonts

Description and scope of data processing

For unified display of typefaces, this website uses the so-called Web Fonts that are provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. When accessing a page, your browser loads the necessary Web Fonts in your browser cache to display texts and fonts correctly and as desired. To this end, the browser you use must establish a connection to the Google servers. In this way, Google obtains knowledge that your IP address has accessed our website. If your browser does not support Web Fonts, your computer will use a standard font.

The information generated by the information call about your use of this website (including your IP address) is generally transferred to a Google server in the EU or USA and stored there. You can find more information in Google’s privacy policy at https://policies.google.com/privacy?hl=de.

Legal basis for data processing

Google Web Fonts is used in the interest of a unified and attractive display of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1)(a) GDPR.

Purpose of data processing

The purpose of use is the unified and attractive display of our website.

Duration of storage

We do not store the data in this process. Regarding the storage of data by Google, we refer to the privacy policy: https://policies.google.com/privacy?hl=de.

Google Tag Manager

Description and scope of data processing

We use Google Tag Manager, which is a provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, that allows companies to manage website tags via an interface. It is a cookie-less domain that does not collect any personal data. Google Tag Manager is responsible for triggering other tags, such as Google Analytics, which may in turn collect data. This data is not accessed via Google Tag Manager. If you prevent the acceptance of cookies via this site in your browser settings, this shall remain applicable for all tracking tags.

Legal basis for data processing

Google Tag Manager is used in the interest of a unified and attractive display of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1)(a) GDPR.

Purpose of data processing

The purpose of use is the unified and attractive display of our website.

Duration of storage

We do not store the data in this process. Regarding the storage of data by Google, we refer to the privacy policy: https://policies.google.com/privacy?hl=de.

Google reCaptcha

Description and scope of data processing

We use Google reCaptcha, which is a provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, that allows companies check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis is not profiling, or marketing behaviour analysis. Its sole purpose is to recognise the automated programs. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background.

Legal basis for data processing

Google reCaptcha is used in the interest of protecting our site from abusive automated crawling and spam. This constitutes a legitimate interest within the meaning of Art. 6 (1)(f) GDPR.

Purpose of data processing

Google reCaptcha is used in the interest of protecting our site from abusive automated crawling and spam.

Duration of storage

We do not store the data in this process. Regarding the storage of data by Google, we refer to the privacy policy: https://policies.google.com/privacy?hl=de.

Right to object and option of removal

Since we do not collect any data in this context, withdrawal is not possible. Apart from this, we refer to the right to object against Google. Contact for this purpose: https://www.google.de/contact/impressum.html.

Google Analytics

Description and scope of data processing

On our website we use Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. Google utilizes the Data collected to track and examine the use of Scoutbee, to prepare reports on its activities and share them with other Google services.

Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1)(a) GDPR.

Within the scope of processing by Google Analytics, data may be transmitted to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Google Analytics consent management system in accordance with Art. 49 (1) (a) DSGVO.

Purpose of data processing

The purpose of use is the unified and attractive display of our website.

Duration of storage

We do not store the data in this process. Regarding the storage of data by Google, we refer to the privacy policy: https://policies.google.com/privacy?hl=de.

Matomo (formerly Piwik)

Description and scope of data processing

This website uses Matomo, an open-source software for statistical analysis of user visits provided by Innocraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo uses so-called “Cookies”. These are text files that are stored on your computer, making it possible to analyse your use of the website. The information generated by the cookie about your use of this website is potentially transferred to servers outside the EU and stored there. The IP address is anonymised immediately after processing and before storage. The information generated by the cookie about the use of this website is not transferred to third parties. You can prevent the installation of cookies by changing the settings of your browser software accordingly. However, we inform you that in this case it may not be possible to use all features of this website to their full extent. You can find more details in the privacy policy at: https://matomo.org/privacy-policy.

Legal basis for data processing

The legal basis for the processing of personal data using Matomo is Art. 6 (1)(a) GDPR. We have a legitimate interest in improving the functionality and stability of the website.

Purpose of data processing

The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Matomo’s privacy policy at https://matomo.org/privacy-policy.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://matomo.org/privacy-policy.

IV. Services implemented on the main business website www.scoutbee.com

Newsletter

Description and scope of data processing

On our website, we offer the option of subscribing to a free newsletter. Upon subscribing for the newsletter, the data from the input screen will be transmitted to us.

This includes the user’s name and (usually professional) e-mail address.

The following data is also collected during subscription:

IP address of the accessing computer
Data and time of registration
E-mail address

During the registration process, your consent will be obtained for data processing and reference will be made to this privacy policy.

In the context of data processing for newsletter mailing, data will not be transferred to third parties. The data will exclusively be used to mail the newsletter. The newsletters are being send by Pardot. You can find a detailed description of this service below.

Legal basis for data processing

The legal basis for the processing of data after the user subscribes to the newsletter if consent has been granted is Art. 6 (1)(a) GDPR.

Purpose of data processing

The user’s e-mail address is collected in order to send the newsletter. Other personal data is collected during the subscription process in order to prevent misuse of the services or e-mail address used.

Duration of storage

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. The user’s e-mail address will then be stored as long as the newsletter subscription is active. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

Other personal data collected during the subscription process is generally erased after receiving a declaration of withdrawal.

Right to object and option of removal

The user in question can terminate the newsletter subscription at any time. To this end, a corresponding link is provided in every newsletter. This also enables withdrawal of consent to the storage of personal data collected during the subscription process.

Active Campaign

Description and scope of data processing

This website uses Active Campaign, a web analysis service of ActiveCampaign, Inc., 1 N Dearborn, 5th Floor, Chicago, Illinois 60602, USA. Active Campaign uses so-called “Cookies”. These are text files that are stored on your computer, making it possible to analyse your use of our website. The information generated by the cookie about your use of this website (including your IP address) is generally transferred to an Active Campaign server in the EU or USA and stored there.

Legal basis for data processing

The legal basis for the processing of personal data using Active Campaign is Art. 6 (1)(f) GDPR. We have a legitimate interest in improving the functionality and stability of the website.

Purpose of data processing

The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Active Campaign’s privacy policy at https://www.activecampaign.com/privacy-policy.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://www.activecampaign.com/privacy-policy.

Facebook Plugin

Description and scope of data processing

This website uses social media plugins (“Plugins”) for the social network facebook.com, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). The plugins are labelled with a Facebook logo, the “Like” button or the additional text “Facebook social media plugin”.

If you access a page on our website that contains one of these plugins, your browser creates a direct connection with the servers of Facebook if you click on the plugin. If you like, you can also grant your consent under data protection law to the transfer of data to Facebook.

The content of the plugins is directly sent to your browser by Facebook and embedded into the website. Embedding plugins means that Facebook will be informed that you have visited the corresponding page of our website. If you are logged in to Facebook, Facebook can attribute the visit to your Facebook account. If you interact with the plugins, for instance by pressing the “Like” button or publishing a comment, the relevant information will be transmitted by your browser directly to Facebook and stored there, potentially on servers in the USA.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1)(a) GDPR. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Facebook Plugin consent management system in accordance with Art. 49 (1) (a) DSGVO.

Purpose of data processing

The purpose of data processing is networking and publicizing our website. Please consult the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and optional settings in this regard to protect your privacy, in Facebook’s privacy policy at https://www.facebook.com/about/privacy/update.

Duration of storage

Facebook collects data in this process. The duration of storage is independent of our operation and thus unknown to us. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

Instagram

Description and scope of data processing

This website uses social media plugins for the social network Instagram, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA, 94025 USA. The embedded “Insta” button on this website informs Instagram that you have visited our website. If you are already logged into Instagram, Instagram can attribute your visit to our website with your Instagram account and link this data together. The data transmitted by clicking on the “Insta” button is stored by Instagram.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1)(a) GDPR. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Instagram consent management system in accordance with Art. 49 (1) (a) DSGVO.

Purpose of data processing

Please consult the purpose and scope of data collection and further processing and use of data by Instagram, as well as your rights and optional settings in this regard to protect your privacy, in Instagram’s privacy policy at https://help.instagram.com/519522125107875?help.

Duration of storage

Instagram collects data in this process. The duration of storage is independent of our operation and thus unknown to us. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

Twitter

Description and scope of data processing

This website uses features of the Twitter service. These features are provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites you visit are linked with your Twitter account and disclosed to other users. In this process, data is also transmitted to Twitter in the USA.

We hereby inform you that, as the website operator, we have no knowledge concerning the content of the data transmitted or how it is used by Twitter. You can find more information in Twitter’s privacy policy at https://twitter.com/de/privacy.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1)(a) GDPR. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Twitter consent management system in accordance with Art. 49 (1) (a) DSGVO.

Purpose of data processing

The purpose of data processing is networking and publicizing our website. Please consult the purpose and scope of data collection and further processing and use of data by Twitter as well as your rights and optional settings in this regard to protect your privacy, in Twitter’s privacy policy at https://twitter.com/de/privacy.

Duration of storage

Twitter collects data in this process. The duration of storage is independent of our operation and thus unknown to us. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.

Vimeo

Description and scope of data processing

Our website uses features provided by the Vimeo video portal, provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.

Legal basis for data processing

The legal basis of the processing is Art. 6 (1) (f) GDPR according to our interest in making the website more appealing and provide customers with presentation of our products.

Purpose of data processing

We use Vimeo to play our presentation videos about our products.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis, or the service and its evaluation has been performed. You can find more information at: https://vimeo.com/privacy.

DoubleClick

Description and scope of data processing

This website continues to use the online marketing tool DoubleClick provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland.. DoubleClick uses cookies in order to activate ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, DoubleClick may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Legal basis for data processing

The legal basis of the processing is Art. 6 (1) (a) GDPR.

Within the scope of processing by Google, data may be transmitted to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the DoubleClick consent management system in accordance with Art. 49 (1) (a) DSGVO.

Purpose of data processing

Purpose of processing is to better understand our audience and display them the relevant products.

Duration of storage

Chilipiper

Description and scope of data processing

Chili Piper is a suite of automated scheduling tools provided by Chili Piper, Inc., One Dock 72 Way, Brooklyn, NY 11205, USA, that helps our company convert leads. Chili piper helps schedule meeting after demo form requests. In the demo form we collect data like, Name, e-mail, telephone, company, job position, region, and industry.

Legal basis for data processing

The legal basis of the processing is contractual pursuant to Art. 6 (1) (b) GDPR. Any other form of using Chili Piper will require you consent pursuant to Art. 6 (1)(a) GDPR.

Purpose of data processing

We use ChiliPiper to automate meeting scheduling after filling out the demo form.

Duration of storage

Pardot

Description and scope of data processing

Pardot is the manufacturer of a web marketing automation software provided by salesforce.com Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA. Personal data is stored in Pardot/Salesforce when our visitors fill out a form, e.g. to register for events, contact/request forms or to subscribe to our e-mail messages. Non-personal data such as IP address, operating system, web browser and pages visited are collected by Pardot.

Legal basis for data processing

The legal basis of the processing is Art. 6 (1) (a) GDPR. For the newsletters we use the so called doble opt-in.

Purpose of data processing

We use the Pardot suite to collect information about visitors to our website and to send out newsletters.

Duration of storage

Campaign Webinars

Scoutbee provides Campaign Webinars. The user has the option to register and participate in a themed Campaign Webinars, where the user shall gain knowledge, collaborate and network with the hosts of the scheduled Campaign Webinar. The topic and partner is specific to each Campaign Webinar and listed always on the registration page. The user shall be contacted by the hosts and partners of the Campaign Webinar. Legal basis for the processing of personal data is Art. 6 S. 1 (1) lit. b GDPR.

Demio

Scoutbee uses Demio, a service provided by Banzai International, Inc., 435 Ericksen Ave, Suite 250 Bainbridge Island, WA 98110. Scoutbee uses Demio to provide registration for the campaign webinars and to separate the generated leads. Privacy Policy: https://www.banzai.io/legal/privacy-policy Legal basis for the processing of personal data is Art. 6 S. 1 (1) lit. b GDPR.

V. Services for product website – www.scoutbee.io

ZENDESK

Description and scope of data processing

We use Zendesk provided by Zendesk Inc. 989 Market Street #300, San Francisco, CA 94102, USA. To use Zendesk, you must provide at least one correct e-mail address. The service can also be used pseudonymized. During the processing of service requests, it may be necessary to collect further data (e.g. first name, last name, address, etc.). The use of Zendesk is optional. If you do not agree with Zendesk collecting your information, we will provide you with alternate contact options for submitting service requests by telephone or post.

Legal basis for data processing

The legal basis of the processing is Art. 6 (1) (f) GDPR according to our interest in a direct and customer-friendly communication. If the contact is aimed at the conclusion of a contract, then additional legal basis for the processing Art. 6 (1) (b) GDPR.

Purpose of data processing

We utilize the Zendesk chat on our website which is a live chat software. The messages and data received and sent when using this live chat will be processed and documented. The Zendesk chat aims at communicating directly with our website visitors in real-time which is also known as a live chat.

For everyone accessing our website which is equipped with the Zendesk chat software, data will be collected for the purpose of running the live chat and analysing the operation of this system.

Duration of storage

Heap Analytics Service

Description and scope of data processing

Heap Analytics is an analytics software provided by Heap Inc., 225 Bush St. Ste 200, San Francisco, CA 94104, USA, which captures and analyses user interactions to produce reports based on real-time data of user behaviour on your website or app. Heap Analytics uses cookies that are stored on your device. The anonymised information about the user behaviour of our website generated by the cookies is transferred to a server of Heap Analytics in the USA and stored there. The IP address provided by Heap Analytics from your browser is not merged with other data from Heap Analytics.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1)(a) GDPR. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Heap Analytics Service consent management system in accordance with Art. 49 (1) (a) DSGVO.

Purpose of data processing

The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Heap Analytics’ privacy policy at https://heap.io/privacy.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://heap.io/privacy.

Intercom

Description and scope of data processing

This website uses Intercom, a customer information service provided by Intercom, Inc., Intercom R&D Unlimited Company, 55 2nd Street, 4th Floor, San Francisco, California 94105, USA. You can find more information about the use of this data at: https://www.intercom.com/de/terms-and-policies.

Legal basis for data processing

The legal basis for the processing of personal data using Intercom is Art. 6 (1)(f) GDPR. We have a legitimate interest in improving the functionality and stability of the website.

Purpose of data processing

The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Intercom’s privacy policy at https://www.intercom.com/de/terms-and-policies.

Duration of storage

Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://www.intercom.com/de/terms-and-policies.

VI. Rights of the data subject

For the processing of personal data, you are a data subject within the meaning of the GDPR and have the following rights with respect to the controller:

1. Right of the data subject to access information

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

a) The purposes of the processing;

b) The categories of personal data concerned;

c) The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;

d) Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) The right to lodge a complaint with a supervisory authority;

g) Where the personal data is not collected from the data subject, any available information as to their source;

h) The existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data is transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

In case of processing for scientific or historical research purposes or statistical purposes, this right can be restricted insofar as this would make impossible or significantly impede the research or statistical purposes and the restriction is necessary in order to fulfil the research or statistical purposes.

2. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

a) The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b) The data subject withdraws consent on which the processing is based according to Art. 6 (1)(a) GDPR, or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.

c) The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.

d) Host name of the accessing computer

e) Time and date of server request

d) The personal data has been unlawfully processed.

e) The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

f) The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Where the controller has made the personal data public and is obliged pursuant to the above paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

The above paragraphs 1 and 2 shall not apply to the extent that processing is necessary

a) For exercising the right of freedom of expression and information;

b) For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) GDPR as well as Art. 9(3) GDPR;

d) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph 1 above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

e) For the assertion, exercise or defence of legal claims.

4. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

a) The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of is use instead;

c) The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;

d) The data subject has objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under paragraph 1 above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to paragraph 1 above shall be informed by the controller before the restriction of processing is lifted.

5. Right to be informed

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17(1) and Art. 18 GDPR to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

6. Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(b)
GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
The processing is carried out by automated means.

In exercising his or her right to data portability pursuant to the above paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to the right to erasure of data. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to withdraw consent for data processing

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) (GDPR), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest. This right of objection can be restricted insofar as this would make impossible or significantly impede the research or statistical purposes and the restriction is necessary in order to fulfil the research or statistical purposes.

9. Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The above paragraph 1 shall not apply if the decision:

a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller;

b) Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

c) Is based on the data subject’s explicit consent.

In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.