Privacy Notice & Cookie Information
Awaris GmbH
Genter Strasse 8
50672 Cologne (Köln)
Germany
acting as responsible data controller (and hereinafter referred as “we”, “our” and “us”).
We describe hereafter why we collect and process personal data of our users, on which legal basis, and how we treat the personal data which users provide us and the personal data we obtain from the users’ visit to the websites.
II. General information on data processing
1. Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is based on one of the following legal bases.
2. Legal basis for data processing
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Personal data may also be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be stored or deleted if a storage period prescribed by the aforementioned standards expires, unless further storage is necessary for the conclusion or fulfilment of a contract.
4. Provision of user’s personal data
In principle, you provide us with your personal data voluntarily. However, for some of the services we offer, it is necessary that you provide us with your personal data so that we can provide the service. For example, we need your e-mail-address to be able to deliver our products. If you do not provide us with your personal data, which is necessary for us to provide the service, we will not be able to provide them.
5. Technical and organisational measures
Communication between your end device and the web server we use when you visit our website takes place using a state-of-the-art encrypted procedure. We use the TSL (Transport Layer Security) procedure, which you can recognise by the "https://..." in the address line of your browser.
III. Data Transfer to Third parties
For the realisation of these websites, we transmit personal data to third parties. These are in particular IT and internet service providers.
IV. Data Transfer to Third Countries
Our service providers also transfer personal data to third countries (countries that are neither members of the European Union nor of the European Economic Area).
Not all third countries have a level of data protection recognised as adequate by the European Commission. For data transfers to third countries where there is no adequate level of data protection, our contractors have taken appropriate measures, such as in particular the agreement of so-called EU standard contractual clauses and supplemental guarantees to protect your personal data. We always reserve the right to transfer personal data if there is a legal obligation to do so.
V. Provision of the survey-website and creation of log files
1. description and scope of data processing
Each time our survey-website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
(1) information about the type of browser and the version used
(2) the user's operating system
(3) the IP address of the user
(4) date and time of access
(5) websites from which the user's system accesses our website
(6) websites that are accessed by the user's system via our website.
We reserve the right to store this data for seven (7) days at most. This data is not stored together and will not be combined with your other personal data.
In order to offer our service online, we use Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) as hosting provider to process meta and communication data of our website users, on our behalf and based on our legitimate interests in an efficient and secure provision of this website. The data centers used are based in Germany. We have concluded a Data Processing Agreement with Hetzner in accordance with Art. 28 GDPR, so that they only act on our instructions.
2. legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
3. purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
4. storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven (7) days at the latest. Storage beyond this period is possible. In this case, the IP addresses are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility to object.
VI. Survey
1. description and scope of data processing,
For our survey on this website and to provide you with the report afterwards, we process the following personal data, either given directly or given within your answers to the questions or in an open text field:
- Email address
- Name
- Age
- Gender
- Geographical distance to co-workers (yes/no answer)
- Remote status (yes/no answer)
- Period of employment in the respective team
The data of this survey will be stored firstly in our backend-database called MongoDB, an opensource database software of MongoDB, Inc., 1633 Broadway, 38th Floor, New York, NY 10019, USA hosted on our servers at Hetzner (see above at V.1.). Since we host the database ourselves there are no data transferred to MongoDB.
For further processing, we download the data and store them in Sharepoint as our frontend-database, a service offered by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399, USA. The data center used is based in Frankfurt am Main, Germany. We have concluded a Data Processing Agreement with Microsoft in accordance with Art. 28 GDPR, so that they only act on our instructions. Microsoft Corporation guarantees by means of standard contractual clauses to maintain the EU level of data protection.
2. legal basis for data processing
Legal basis of this data processing for the purpose of providing you with your team report is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by contacting us at
[email protected].
Please note that revoking your consent before the report is drafted will lead to exclusion of your data into the report. The revocation of your previously given consent does not affect the lawfulness of the previous data processing.
3. purpose of data processing
We use the data to analyse your specific team habits, teamwork and teamwork practices. Based on the analysis, we provide you and your team with a team report on your results with which you can identify your team potential and develop new collaborative habits.
Despite this, we process the aggregated on a team-level and anonymised data for the purpose of research and publication as well as marketing to show what our survey is able to do and how efficient it is in identifying old and developing new team habits. By aggregating and anonymising the personal data, the individual data subject cannot be identified anymore. For the above-mentioned purposes we do not process in particular your names or e-mail addresses.
4. storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of providing you with your team report, we store your personal data until twelve (12) month after we provided you with your report.
If in this period of time further team members participate in the survey, which requires a new evaluation and the creation of a new report, the personal data of the participants of the previous report will continue to be deleted after the initial 6 (six) months. The personal data of the additional team members will be deleted accordingly after twelve (12) additional months after the updated report has been sent.
After the period of twelve 12) we will anonymise the personal data, in particular delete personal data like your name and e-mail address. The further personal data (e.g. gender, geographical information) will be aggregated so that no re-identifying of your person is possible. The aggregated and anonymised data will currently be stored without limitation.
VII. Newsletter
1. description and scope of data processing
At the end of our survey, we provide to you the option to opt into our newsletter via double-opt-in by activating the respective checkbox.
We process the following data you already gave while answering the survey under the condition you opt into our newsletter: first name, last name, e-mail address. If you do not opt into our newsletter, we do not process the before mentioned data other than already mentioned in this privacy policy (in particular as mentioned under VI. Survey).
To provide you with our newsletter we use an opensource software called SugarCRM Community Edition, which we host ourselves at Serverprofis GmbH (Mondstr. 2-4, 85622 Feldkirchen, Germany). The servers used are based in Germany. We have concluded a Data Processing Agreement with Serverprofis in accordance with Art. 28 GDPR, so that they only act on our instructions.
2. legal basis for data processing
Legal basis for the data processing to provide you with our newsletter is your consent according to Art. 6 para. 1 lit. a GDPR.
You can revoke your consent and subscribe from the newsletter at any time by contacting us at
[email protected] or clicking “unsubscribe” at the end of each newsletter. Please note that the revocation of your previously given consent does not affect the lawfulness of the previous data processing.
3. purpose of data processingThe purpose of our newsletter is to inform you about news on our company, new products, and services like live webinars, coaching courses.
4. storage period
We store your data as long as you are a newsletter subscriber. When you unsubscribe, we do delete your data without undue delay according to Art. 17 GDPR.
VIII. Use of Cookies
1. description, purpose, legal basis and duration of storage
Our website uses cookies. Cookies are text files that are stored by the internet browser on the user's device used (computer system, smartphone, tablet). This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We will go into more detail about cookie providers in another section.
a) technically necessary cookies
These cookies are technically necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. There is no consent required for using technically necessary cookies.
b) functionality
Functionality cookies are used for the remembrance of the user’s website preferences and choices they make on the website, like giving their consent for certain cookies, which are not necessary or functional cookies. Functionality cookies can include first party, third party, persistent or session cookies.
Except for the cookie of Cloudflare, the legal basis is your consent given via the privacy settings according to Art. 6 para. 1 lit. a, Art. 7 GDPR, which can withdraw at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can revoke your consent by setting your
Cookie Preferences.
For the Cloudflare cookie, the legal basis is Art. 6 para. 1 lit. f) GDPR, as it is in our legitimate interest since we use Cloudflare to safeguard the usage of our website. For more information on Cloudflare, please look at VII.
On our survey- website we use the following functionality cookies:
|
functionality
|
_surveys_session
|
1st party
|
|
Current visitor session
|
|
functionality
|
_cfduid
|
3rd party
|
30 days
|
Cloudflare session id
|
|
functionality
|
cookieConsent
|
1st party
|
30 days
|
Cookie consent user selection
|
|
functionality
|
cookieControl
|
1st party
|
30 days
|
Cookie to determine whether the user has accepted the tracking
|
c. statistics
We use the following cookies for statistical purposes. With these cookies we collect information about the use of the website. Visitors can be counted and access sources and visit durations analyzed. Data collected via statistics cookies is immediately anonymized. An evaluation is only carried out on the basis of aggregated data.
The legal basis is your consent given via the privacy settings according to Art. 6 para. 1 lit. a, Art. 7 GDPR, which you can withdraw at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can revoke your consent by setting your
Cookie Preferences.
On our website we use the following functionality cookies:
|
statistics
|
_gid
|
3rd party
|
24 hours
|
Google Analytics. Used to distinguish users.
|
|
statistics
|
_ga
|
3rd party
|
2 years
|
Google Analytics. Used to count and track pageviews
|
|
statistics
|
_gat
|
3rd party
|
1 minute
|
Google Analytics. Used to throttle request rate.
|
2. possibility of objection and removal
a) General information on revocation and objection (opt-out)
Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further instructions on how to object in the context of the information on the service providers and cookies used.
b) You can revoke your consent by setting your preferences. Please refer to this
link
Depending on the setting, the user-friendliness of our website may be limited as a result. You also have the option of deleting cookies in the above settings after a session.
VII. Security, Performance and Analytics
1. Cloudflare
This website uses Cloudflare (Service Provider: Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA) to safeguard our internet presence and optimise loading times.
When you load our website, your requests are routed by the Cloudflare Server and statistical data about your visit is being collected and stored on a cookie on your device. This data includes your IP-address, accessed websites, type and version of your browser, your operating system, the referrer-URL (the site, from where you reached us), the length of your stay and the frequency of requests on our pages.
Cloudflare guarantees by means of standard contractual clauses to maintain the EU level of data protection.
The legal basis is our legitimate interest in safeguarding and optimising the functionality of our website according to Art. 6 para. 1 lit. f GDPR.
We use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Holding company: Google LLC, 1600 Amphitheatre Parkway Mountain View,California 94303, USA). Google Analytics uses cookies that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. On our website, we use the code extension "anonymizeIp", which serves to activate IP anonymization on this website. By using this extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Google will use this information exclusively on our behalf for the following purposes: to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The shortened IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
The legal basis for the data processing is your consent according to Art. 6 para. 1 lit. a, Art. 7, Art. 49 para. 1 lit. a GDPR. You can revoke your consent at any time, in which case your personal data will be deleted immediately. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection.
The data stored by tracking is deleted as soon as it is no longer required for our recording purposes. We keep the data for 14 months. However, the anonymous data are stored indefinitely.
VIII. Google Fonts
1. description and scope of data processing
This website uses Google Fonts of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Holding Company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Fonts is an interactive register with over 800 fonts, that Google provides free of charge.
Google Fonts is an important tool, to keep the high quality of our website. With Google Fonts we can use fonts without having to upload them to our servers. These fonts are automatically optimised for the web and there save data traffic and result in quicker loading times.
Google Fonts does not set any cookies on your device. The data is requested via the google-domains fonts.googleapis.com and fonts.gstatic.com. According to Google, these requests are processed separately from other services Google provides. This includes your Google account, if you have one.
Google captures the usage of CSS (Cascading Style Sheets) as well as the fonts used and saves this data securely. Google stores CSS-requests for a day on their servers, which mostly are located outside of the EU. Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection. Google’s goal is to improve loading time of websites by caching the fonts once and then using them again on any other website that uses Google Fonts. Next to this data, every Google Fonts request also automatically transmits data like your IP-address, language settings, screen resolution, name, and version of your browser to the Google Servers. This is necessary to ensure a correct graphical display.
2. legal basis and purpose of data processing
The legal basis is our legitimate interest in the efficient and secure provision of the website, Art. 6 para. 1 lit. f GDPR.
IX. Communication
1. description and scope of data processing
To provide you with our service, e.g. by sending you the participation link as well as the report afterwards, we use a third-party service for the purpose of handling electronic communication with you, which includes sending, receiving and storing e-mails on e-mail servers. The data concerned is content data (in particular your texts, your contact details if you provide them) and information relating to the technical e-mail transport, such as the e-mail addresses of the parties involved in the communication and the time stamps. For the e-mail communication we use as an e-mail provider Serverprofis GmbH (Mondstr. 2-4, 85622 Feldkirchen, Germany). The servers used are based in Germany. We have concluded a Data Processing Agreement with Serverprofis in accordance with Art. 28 GDPR, so that they only act on our instructions.
2. legal basis and purpose of data processing
The processing of communication data serves the electronic communication with you and the prevention of abuse (e.g. SPAM). It is also our legitimate interest to provide a good customer service or is necessary to fulfil a contract or to process operations necessary for the implementation of pre-contractual measures insofar as the contacts are related to contractual performance obligations. We are thus safeguarding our legitimate interests; the legal basis is Art 6 para.1 lit. f GDPR and/or Art. 6 para. 1 lit. b GDPR for contractual purposes.
3. storage period and possibility of objection and removal
When we send you the invitation link via automated e-mail to participate in our survey, our e-mail provider stores for seven (7) days the following personal data: e-mail-address of recipient and date and time of transmission.
X. Children on the survey
The survey is not meant to be used by children under the age of 16. If you are if you are younger than 16, we request that you do not use the survey. If you are the parent or guardian of a child who is aged under 16 and you believe or become aware that your child has provided us with information without your consent, please contact us at
[email protected].
XI. Your rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If there is such processing, you may request information from the controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and para. 4 of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.
2. right of rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller must make the rectification without undue delay.
3. right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the controller's legitimate grounds override your grounds.
Where the processing of personal data relating to you has been restricted, such data may only be processed - apart from being stored - with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. right to erasure
a) Obligation to erase
You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 of the GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 para. 8 of the GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.
c) Exceptions
The right to erasure does not apply insofar as the processing is necessary
(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and lit. i and Art. 9 para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 of the GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) for the assertion, exercise or defence of legal claims.
5. right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.
6. right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
8. right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
XVI. Data Protection Officer
Data Protection Officer
Matthias Nitsche
Genter Str. 8
50672 Köln
Version June 2021
