Privacy Policy

The following translation is for your information only. In the event of any conflict or inconsistency between this translated version and the German version (including as a result of delays in translation), the German version shall prevail.

 

Privacy policy

This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles, our web application and our mobile application (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). The terms used can be found at the end of the document.

 

In principle, you can use our online offer without providing personal data. However, other regulations may apply to individual services, to which we will refer you separately below.

 

The purpose of the processing of data within the scope of this online offer is the provision of the presentation and the offer of services for the storage of purchase documents. In this privacy policy, we would like to answer the following questions, among others:

  • How can you contact us?

  • What types of data are processed?

  • Why is data processed?

  • On what legal basis is data processed?

  • What security measures are taken?

  • Who are the recipients of the data?

  • Is data transferred to a third country and what is the legal basis for this?

  • What rights do you have?

 

How can you contact us?

If you have any questions about the processing of your data or would like to notify us of any changes to your data, please contact us:

 

warrify smart product assistance GmbH

Martinstraße 25/4, 3400 Klosterneuburg, Austria

UID: ATU74586325

FN: FN 515283 w of the company register of the HG Korneuburg

 

E-mail: office@warrify.com

https://warrify.com/imprint/

 

What types of data are processed?

We process the following types of data

Inventory data (e.g.: name)

Contact data (e.g.: e-mail)

Content data (e.g.: purchase data, text entries, photographs)

Usage data (e.g. websites visited, interest in content, access times)

Meta/communication data (e.g., device information, IP addresses)

Categories of data subjects

Visitors and users of the online offer (hereinafter, we also refer to the data subjects collectively as "users").

 

Why is data processed?

warrify processes data for two reasons.

 

First, we want to offer an error-free use of our online offer. Therefore, data is needed for the administration and troubleshooting of our online offer. In order to constantly improve the user experience and offer optimized services, data is processed exclusively in pseudonymized form (through user profiles).

 

Secondly, data is processed for the performance of our online offer. This involves the possibility of creating a user account in order to store receipts collectively in one place. The user account can be created in various ways. Both login information (e.g.: the e-mail address) and purchase information (e.g.: the receipt data) must be processed. In order to improve the user experience in the context of our service provision, analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details, for example, of the services they have used. The analyses serve to increase the user-friendliness, the optimization of our offer and the business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with only aggregated values.

 

Below is a detailed overview and corresponding information on the registration options:

 

Registration on our online offer

You can register on our online offering in order to use our services. We use the data entered for this purpose only for the purpose of using the respective offer for which you have registered. The mandatory information requested during registration, such as name and e-mail address, must be provided, otherwise the registration cannot be completed.

 

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

 

The processing of the data entered during registration is carried out at your request and is necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO in order to be able to fulfill the contract of use concluded with you, including pre-contractual measures for this purpose.

 

The data collected during registration will be stored by us as long as you are registered for our services and will then be deleted. Legal retention periods remain unaffected.

 

Registration and login with Facebook Connect

Instead of a direct registration/login on our online offer, you can register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

 

If you decide to register with Facebook Connect and click on the "Log in with Facebook" button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to their data stored on Facebook. These are mainly:

 

Facebook name | Facebook profile and cover picture | email address and Facebook ID stored with Facebook.

 

This data is used to set up, provide and personalize your account.

 

For more information, please see the Facebook Terms of Use and Facebook Privacy Policy. Facebook observes the data protection provisions of the "US Privacy Shield", is registered with the "US Privacy Shield" program of the US Department of Commerce and thus provides appropriate guarantees for an adequate level of data protection.

 

Registration and login with Google Connect

Instead of registering/logging in directly on our website/app, you can also register via Google. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

If you decide to register/login with Google and click on the "Log in with Google" button, you will automatically be redirected to Google's platform. There you can log in with your usage data. This will link your Google profile to our website or services. Through this link, we gain access to their data stored at Google. These are mainly:

 

First name | Last name | E-mail address | User name | Google profile URL | Profile picture.

 

This data is used to set up, provide and personalize your account.

 

For more information, please see the Google Terms of Use and the Google Privacy Policy. Google observes the data protection provisions of the "US Privacy Shield", is registered with the "US Privacy Shield" program of the US Department of Commerce and thus offers suitable guarantees for an appropriate level of data protection.

 

On what legal basis is data processed?

warrify In accordance with Art. 13 DSGVO, we will inform you of the legal basis for our data processing activities. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfill our services and carry out contractual measures and respond to inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

 

What security measures are taken?

We take appropriate technical and organizational measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

 

The measures shall include, in particular, ensuring the confidentiality, integrity and availability of data. This is ensured by controlling physical access to the data, as well as the relevant access, input, transfer, ensuring availability and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data and response to data compromise.

 

Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).

 

Your data will be processed and stored in encrypted form at all times. Nevertheless, it is important for us to point out that data transmission on the Internet can have security gaps, as completely seamless protection against access by unauthorized third parties is not possible.

 

Who are the recipients of the data?

If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of data to third parties, such as payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

 

If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO.

 

Is data transferred to a third country and what is the legal basis for this?

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing, or transferring data to third parties, this is only done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

 

What rights do you have?

You, as a data subject, have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 DSGVO.

 

You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

 

You have the right, in accordance with Art. 17 DSGVO, to request that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to request restriction of the processing of the data.

 

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 DSGVO and to request that it be transferred to other data controllers.

 

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.

 

Right of withdrawal

You have the right to revoke any consent given in accordance with Art. 7 (3) DSGVO with effect for the future.

 

Right of objection

You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for direct marketing purposes.

 

Cookies and right to object to direct advertising

Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies").

 

We may use temporary and permanent cookies. Currently, the following types of cookies are used:

 

Essential cookies

We use browser cookies necessary for the use of the site. For example, we store your cookie settings. You can turn off these cookies in your browser settings, which may cause this site to stop working as expected.

 

Performance Cookies

We use performance cookies to understand user behavior and improve usability. For example, we collect data about which pages you visit on our homepage. The Google Analytics tool is used for this purpose. You can find more details about the tool and its use below.

 

If you do not want cookies to be stored on your computer, you will be asked to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

 

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

 

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

 

According to legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

 

According to legal requirements in Austria, retention is in particular for 7 years pursuant to Section 132 (1) BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real property and for 10 years for records in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

 

Social media

Use of Facebook social plugins

We use social plugins ("plugins") of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

 

Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

 

When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer by the latter. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

 

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.

 

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

 

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

 

Analytics tools

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google AdWords, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

 

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking, you can object to this use by deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

 

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.

 

The storage of "conversion cookies" is based on Art.6 para.1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.

 

More information about Google AdWords and Google Conversion Tracking can be found in Google's privacy policy. Google observes the data protection provisions of the "US Privacy Shield", is registered with the "US Privacy Shield" program of the US Department of Commerce, and thus offers suitable guarantees for an appropriate level of data protection.

 

Google Analytics

Our pages use functions of the web analytics service Google Analytics for the purpose of demand-oriented design and continuous optimization. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (USA). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

 

The storage of Google Analytics cookies is based on Art. 6 para.1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.

 

Google complies with the data protection provisions of the "US Privacy Shield" and is registered with the "US Privacy Shield" program of the US Department of Commerce and thus offers appropriate guarantees for an adequate level of data protection.

 

Below you will find details about our use of Google Analytics:

 

IP anonymization: We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

 

Browser plugin: You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under this link.

 

Object to data collection: by using this browser add-on to disable Google Analytics JavaScript, you can prevent Google Analytics from using your data during future visits to this website. More information on how Google Analytics handles user data can be found in Google's privacy policy.

 

Commissioned data processing: We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the Austrian data protection authorities when using Google Analytics.

 

Demographic characteristics with Google Analytics: This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

 

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

 

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google account. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting. You can permanently opt out of cross-device remarketing/targeting by disabling personalized advertising in their Google account.

 

The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke at Google (Art.6 para.1 lit. a DSGVO). In the case of data collection processes that are not merged in your Google Account (e.g. because you do not have a Google Account or have objected to the merger), the collection of data is based on Art.6 para.1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.

 

Further information and the data protection provisions can be found in Google's privacy policy. Google observes the data protection provisions of the "US Privacy Shield", is registered with the "US Privacy Shield" program of the US Department of Commerce and thus offers suitable guarantees for an appropriate level of data protection.

 

Facebook Pixel

Our website uses the visitor action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304 (USA) ("Facebook") for conversion measurement. This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

 

In the privacy policy of Facebook you will find further information on the protection of their privacy. Facebook observes the data protection provisions of the "US Privacy Shield", is registered with the "US Privacy Shield" program of the US Department of Commerce and thus offers suitable guarantees for an appropriate level of data protection.

 

You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings area. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.

 

The storage of "conversion cookies" is based on Art.6 para.1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.

 

Mixpanel

The online offer uses the analysis service Mixpanel, a service of Mixpanel Inc, 405 Howard St., Floor 2, San Francisco, CA 94105, USA, a company incorporated under the laws of the State of Delaware in the United States of America. The Mixpanel service logs page views and page activity. To make this possible, log data is transferred to Mixpanel (and Mixpanel Inc.). You can get more information about the use of your data on the English privacy page of the service Mixpanel (http://mixpanel.com/privacy) in the designated paragraphs. If you do not want the transmission of log data of your activities on this website to Mixpanel (and Mixpanel Inc.), you can stop the recording of logs of your activity with the so-called "opt out cookie", which you can get at http://mixpanel.com/optout/aktivieren. Please note, however, that this cookie and thus the recording ban will be deleted as soon as you delete your cookies in the settings of your browser (Internet access program). Please note that we, as the operator of the online offer on which you are located, have no influence on the use of your data.

 

Our online offer provides you with the opportunity to receive current information about our offer, news and relevant advertising by means of so-called push messages. Push messages are messages that appear on your end device without opening the respective application.

 

For sending the push messages, we use the technology of Mixpanel as mentioned before. For this purpose, individual identification numbers are assigned for each end device (so-called "device token" or "instance ID") during the app installation for iOS devices and Android devices. No other data such as IP address is collected. You can find more information on data privacy from Google and Firebase here www.google.com/policies/privacy/ and firebase.google.com.

When a push message is sent, the message text and the respective identification number are transferred to the Apple or Google server, which then sends the message to the user's device.

 

You can activate or deactivate the receipt of push messages at any time as follows:

 

(1) After installation, the app can be found on your end device under the menu item "Settings > APPs". There you can set the receipt of messages at any time under "App settings > Notifications".

(2) Likewise, you can set the receipt of messages on your end device under the menu item "Settings" of your end device and there under "Notifications".

The legal basis for this data processing is Art. 6 (1) p. 1 lit. f DS-GVO, as we as entrepreneurs have a legitimate interest in sending advertising for our product and you can stop receiving it at any time.

 

UX-Cam

In our applications, data is collected and stored for optimization purposes using technologies from UXCam Ltd (www.uxcam.com). From this data, usage profiles can be created under a pseudonym. The data collected with UXCam technologies will not be used to personally identify the user of the application without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. The collection and storage of data can be objected to at any time with effect for the future.

 

We base the use of the aforementioned analysis tool on Art. 6 (1) (f) DSGVO: the processing is carried out to analyze user behavior and is therefore necessary to protect our legitimate interests.

 

For our application, we use the tracking service "Firebase" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google"). Google Firebase uses tracking technologies that enable an analysis of your use of our application, e.g. for performance monitoring, for error logs and for analyzing user behavior, e.g. which screens are viewed and which publications are opened how often. The purpose of using Firebase is to analyze the use of our application, to improve it regularly and thus to operate it more economically. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for this data processing is Art. 6 (1) p. 1 lit. f DS-GVO, as we have a legitimate interest in the analysis, optimization and economic operation of our application and the data processing is necessary to protect this interest.

With Firebase, information about the use of our application is collected and transmitted to Google in Ireland or the USA and stored there. The data is only collected anonymously and transmitted to Firebase. It is not linked to other user data.

Google will use the aforementioned information to evaluate your use of our application and to provide us with other services related to the use of applications.

For personal data transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant.

For more information on Google Firebase and data protection, please visit www.google.com/policies/privacy/ and firebase.google.com.

 

Newsletter

Mailchimp

Our online offer uses the services of MailChimp for sending newsletters (or Mandrill for sending information relevant to the user). The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (USA).

 

MailChimp is a service that can be used, among other things, to organize and analyze the sending of newsletters. If you have entered data for the purpose of receiving newsletters (e.g. e-mail address), this will be stored on MailChimp's servers in the USA.

 

MailChimp has a certification according to the "EU-US Privacy-Shield". The "Privacy Shield" is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.

 

With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

 

If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

 

The data processing is based on your active newsletter subscription and our legitimate interests (Art.6 para.1 lit. f DSGVO) in optimizing our newsletter content according to the interests of our recipients. You can object to this at any time by unsubscribing from the newsletter.

 

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter.

 

You can find more details in the privacy policy of MailChimp. We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data and not to pass it on to third parties.

 

Hosting & Analysis

Amazon Web Services

We use the following services provided by Amazon Web Services, Inc, 420 Montgomery Street, San Francisco CA 94163, USA:

 

AWS Data Center

This AWS service helps us with the hosting of our backend applications. User data such as e-mail, address, first name, last name, interaction data are stored in the AWS Data Center. The data processing is based on our legitimate interests (Art.6 para.1 lit. f DSGVO) in the technically error-free and optimized provision of our services.

AWS Pinpoint

This AWS service is used to evaluate mobile interaction data. For this purpose, AWS stores user data such as pseudonymized warrify ID, device identification number and interaction data. The data processing is based on our legitimate interests (Art.6 para.1 lit. f DSGVO) in analyzing user behavior and optimizing our online offer.

 

You can find more information on data processing by Amazon Web Services in the Amazon Web Services privacy policy and the underlying Amazon privacy policy. Amazon Web Services observes the data protection provisions of the "US Privacy Shield", is registered with the "US Privacy Shield" program of the US Department of Commerce and thus offers suitable guarantees for an appropriate level of data protection. We have concluded a so-called "Data Processing Agreement" with Amazon Web Services, in which we oblige Amazon Web Services to protect our customers' data and not to pass it on to third parties.

 

Segment

Our online offer uses the software of Segment.io, Inc. 101 15th St San Francisco, CA 94103 USA. Data is collected and stored, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are evaluated to improve our offer. Cookies can be used for this purpose, which enable recognition when our website is visited again. The pseudonymized usage profiles are not combined with personal data about the bearer of the pseudonym without a separate, explicit consent. You can generally find out more about Segment.io's privacy policy and data protection guidelines at the following weblink. https://segment.com/docs/privacy/.

 

Sentry

We use the Sentry service provided by Functional Software Inc, 132 Hawthorne Street, San Francisco, California 94107, to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted. For more information, please see Sentry's privacy policy: https://sentry.io/privacy/. This transfer is permitted under Article 45 of the GDPR, as Functional Software Inc. is Privacy Shield certified and thus an adequate level of data protection exists under Commission Implementing Decision (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TNDzAAO&status=Active. The legal basis for the use of Sentry is a legitimate interest according to Art. 6 para. 1 p. 1 f DSGVO. Our legitimate interest here is the user-friendly design of our offers.

 

Business-related processing

In addition, we process

- Contract data (e.g., subject matter of the contract, term, customer category).

- Payment data (e.g., bank details, payment history)

of our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

 

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and users of our online offer are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

 

In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

 

Furthermore, based on our business interests, we store information on suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This data, which is mostly company-related, is generally stored for a maximum of 7 years after the conclusion of the last campaign.

 

Business analyses and market research

In order to run our business economically, to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.

 

Changes to the Privacy Policy

We may need to change this Privacy Policy as we continually add new features and capabilities to our Service Offering to make it easier for you to handle receipts. In addition, changes may be made to the legal basis. We will notify you when important changes are made. In addition, the latest version of the Privacy Policy is always available for you to view at: https://warrify.com/datenschutzerklaerung/.

 

Terminology used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.

 

"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

 

"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

 

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.