Privacy Policy – Website

Last updated: July 15, 2021

This Privacy Policy provides you with information regarding which personal data we collect when you use scanbot.io and for what purpose these data are used. You can access this Privacy Policy at any time by visiting our website: https://scanbot.io/en/privacy.

1. Controller/contact

The controller within the meaning of applicable data protection law is:

doo GmbH
Joseph-Schumpeter-Allee 25
53227 Bonn
Germany

If you have questions or suggestions regarding any data protection matter, you can also write to us via email; our email address is legal@scanbot.io.

You can reach our data protection officer at dataprivacy@scanbot.io.

2. The data protected

The data protected are personal data. Article 4(1) GDPR defines personal data as any information relating to an identified or identifiable natural person; this definition includes data such as names and identification numbers.

3. Automated data collection

Whenever you access our website, your device automatically transmits data for technical reasons. These data are stored separately from other data, which you may transmit to us under certain circumstances:

  • date and time of access;
  • browser type, browser version;
  • operating system used;
  • URL of the website visited prior to access;
  • IP address (truncated by an octet).

These data are non-personal data, logged exclusively for technical reasons, and are not attributed to any determinate person at any time.

4. Making contact

  • Contact via email
    If you send a request via email, we process any information you provide in your email, including the contact information provided there (name and email address and the content of your request) in order to respond to that request.
  • Online meeting
    If you schedule an online meeting with us, we process any information you provide in your meeting request (name, email address, and the content of your request) in order to schedule the meeting requested and to send you invitations to the online meeting and to respond to your request. If you provide email addresses of other participants, we also process those email addresses for the abovementioned purposes.

    We will send to the email addresses you provide an invitation to the meeting you requested, together with any dial-in credentials required to join the online meeting. Once you confirm the invitation, we also process your confirmation for the abovementioned purposes.

We collect said data not only during the contact process and online meetings, as the case may be, so that we can take into receipt and process your response; we also collect said data whenever a request is made in connection with contracts, so that we can initiate and perform each contractual relationship (Article 6(1)(f) GDPR). Therein also lies our legitimate interest. If you yourself make a request and become a (potential) party to a contract with us, then data are processed for purposes of initiating and performing the corresponding contractual relationship (Article 6(1)(b) GDPR).

In the case of requests, which have potential legal relevance, we reserve the right to retain the requests for a period equal to the respective statutes of limitation, that is: three years, commencing as of the end of the year in which we have received your request. Apart from said cases, we erase requests once we no longer need them for the purpose for which we collected them. Such is the case once we have processed your request completely.

5. Carrying out online meetings

5.1 Data, which you yourself provide

We use Zoom to carry out online meetings. Zoom is a service of Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, whose registered office is located in the United States (“Zoom, Inc.”).

If you visit the Zoom website, Zoom, Inc. is the controller. However, using Zoom requires that you visit its website only when you download the Zoom software.

You can also use Zoom, if you enter, directly into the Zoom app, your meeting ID and, where applicable, further meeting dial-in credentials. If you prefer not to use the Zoom app, you also have the option of using the basic browser version, which you will also find on the Zoom website.

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Zoom, Inc. entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Your personal data are processed whenever you use Zoom.

These data include

  • your name,
  • your email address,
  • your password,
  • your IP address,
  • your end device information, and
  • the topic of the online meeting.

Beyond the foregoing, you have the option to provide further information. Such includes

  • your telephone number,
  • your department, and
  • your profile picture.

If you dial in by telephone, the following data are processed:

  • incoming and outgoing number,
  • country name,
  • start and end time of the online meeting, and
  • where applicable, additional connection data such as your device’s IP address.

To the extent that you use the question or polling features during an online meeting, the text you input will be processed in order to display it in the online meeting and, where applicable, to log it. Displaying video and relaying audio requires that, for the duration of the meeting, the data from your device’s microphone and, where applicable, that from your end device’s video camera be processed. However, in the Zoom applications, you can turn off or mute your camera or microphone at any time.

The legal basis for the data processed during online meetings is Article 6(1)(f) GDPR. We have a legitimate interest in effectively carrying out the online meetings, whenever you request a meeting; in responding to your requests, whenever you make one; and in allowing the initiation and performance of each contractual relationship, whenever you inquire about one. If you yourself become the (potential) party to a contract with us, then data are processed for the purposes of initiating and performing the respective contractual relationship (Article 6(1)(b) GDPR).

If you are already a registered Zoom user, online meeting reports (meeting meta data; dial-in credentials, webinar polling features) can be saved for up to one month on Zoom.

We store information pertaining to contract inquiries or of potential legal relevance for a time period equal to the general statute of limitation, that is: three years, commencing as of the end of the year in which we have received your request. Apart from said cases, we erase your data as soon as we no longer need them for the purpose for which we collected them. Such is the case once we have processed your request completely.

5.2 Personal data that we have not obtained directly from you during online meetings

If you become an online meeting participate, because you were so designated by a third party (such as by one of your colleagues), and this third party specifies your email address for purposes of scheduling and sending the invitation, we process your email address for those purposes.

The legal basis for this processing is Article 6(1)(f) GDPR. We have a legitimate interest in inviting you to the meeting on behalf of the third party.

We erase your email address once we no longer need it for the purpose for which we collected it. Such is the case once we completed the transaction in connection with the online meeting.

You can find additional information regarding the collection of online meeting data under Section 5.1 of this Privacy Policy.

6. CRM System

We store your personal data in our CRM system in order to manage our customer relationships. By doing so, we can respond, specifically, to your requests contemplated under the foregoing sections. Processing data in connection therewith is based on the legitimate interests we have in managing our customer relationships, Article 6(1)(f) GDPR.

We erase these data from our CRM system once the customer relationship has ended or you cease to be our contact person on the side of our customer.

7. Webinsights

We use the service Webinsights of ZoomInfo Technologies, LLC., 170 Data Drive, Waltham, MA 02451, whose registered office is located in the United States („ZoomInfo“).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and ZoomInfo entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Provided you have given your consent; we use tracking pixels of the service Webinsights. Webinsights allows us to determine whether we can match the IP address with which you access our website to a specific company. In case, we can successfully match your IP address, we can then identify whether a specific company is interested in our products. These insights help us to customize and adapt our approach in contractual negations. However, we will not process your data to identify you personally or to gain personal insights about you. IP addresses that we cannot match to a specific company are immediately discarded and not subject to further processing.

If we can match your IP address to a specific company, these tracking pixels allow us to track which pages a specific company visits on our website. These insights enable us to optimize our website and tailor it to our corporate customers’ needs. For example, if companies regularly abandon our website after accessing a certain subpage, we can deduct, that this subpage is not optimally tailored to the interests of our corporate customers and modify this subpage accordingly.

We use the tracking pixels based on your consent (Article 6(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings by clicking on the link “Cookie settings.” The link is located in the footer of our website. Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

In addition, the legal basis for the processing of your IP address for the matching process is Article 6(1)(f) GDPR. The processing serves the legitimate interests we have in determining whether we can match your IP address to a company so that we measure the performance of our business operations and customize our website to our corporate customers’ needs.

8. Newsletter and performance measurement

We offer a free newsletter. The newsletter provides you with information about our company, our product trends, and everything you need to know about our products and services.

To receive our newsletter, you need only provide your email address when you visit the following link: https://scanbot.io/. Once you register, we will send you a registration confirmation email. Only after you have confirmed your registration will you receive our newsletter.

We send our newsletter with “HubSpot”, an email marketing service of the service provider of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA and its subsidiary in Ireland: HubSpot Ireland Ltd., Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland (“HubSpot”).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and HubSpot entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

HubSpot processes your email address to send you our newsletter on our behalf. Furthermore, HubSpot processes, on our behalf, further personal data of yours, as part of its so-called performance measurement service, for the purpose of evaluating and optimizing our newsletter.

For performance measurement purposes, our newsletters contain a so-called tracking pixel, also called a web beacon. A web beacon is an invisible image that connects to our service provider’s, HubSpot’s, server when you open the newsletter. Depending on the functionality of your email software, you can prevent this by disabling the download of embedded images.

As part of this retrieval, information is collected regarding your sign-up page and your IP address. Your IP address will also be used to identify where the newsletter was retrieved. Moreover, the time of retrieval – that is, whether and when you have opened the newsletter – and information regarding the links, on which you clicked in our newsletter, and further interactions of yours are collected. We can associate these data with your email address. We evaluate these data in order to continue optimizing our newsletter and to align our efforts with the needs of our users.

In this case, your personal data are collected and processed based on your consent (Article 6(1)(a) GDPR).

You not only provide your email address freely, but also participate in the performance measurement freely.

You can withdraw your consent at any time with effect for the future, by unsubscribing from our newsletter. Each newsletter contains information regarding how one can unsubscribe with effect for the future. Withdrawing your consent or unsubscribing from the newsletter is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

What is more, we store information that enables us to demonstrate that you have given your consent. This information includes (1) the date and time you registered for the newsletter and you confirmed your registration, and (2) the location of your end device. This processing is based on Article 6(1)(c) in conjunction with Article 7(1) GDPR.

If you withdraw your consent, we will erase your data without undue delay. We will erase information, which we have stored to demonstrate that you have given your consent, once the statute of limitation has lapsed, that is, after three years, commencing as of the end of the year in which we received your withdrawal.

9. Cookies

We store so-called “cookies,” which make it possible for us to offer you all the features of our website and to make our website more user-friendly. Cookies are small files that are stored on your end device, with the aid of your browser. These cookies cannot identify you as a person.

If you prefer to avoid “cookies,” you can prevent “cookies” from being placed on your end device by setting your browser accordingly or by visiting https://www.youronlinechoices.com/uk/.

Please note that the functionality and the scope of our website’s features can be limited if you deactivate or disallow cookies.

Specifically, we use (unless additional cookies are mentioned at another juncture of this Privacy Policy) the following cookies:

  • 9.1 Strictly necessary cookies:
    These cookies are strictly necessary for the operation and functionality of our website. They allow our website to be accessible and available; they provide essential and basic functionalities such as the navigation to our website, the correct presentation of our website in your browser, or consent management. Without these cookies, our website cannot function properly.
  • 9.2 Analysis cookies (evaluation):
    These cookies permit us to measure online traffic and to analyze your behavior, so that we can not only understand better your use of our website, but also improve our services.
  • 9.3 Remarketing Cookies:
    With the help of these cookies, our advertising partners can display ads tailored to your interests on our website and on third-party site.

The legal basis for using strictly necessary cookies is § 15(1) of the Telemediengesetz (Tele-communications Act) and Article 6(1)(b) GDPR, to the extent that these cookies are necessary for the use of our website and the features used by you. Apart from the foregoing, we use cookies on the basis of the consent given by you, Article 6(1)(a) GDPR.

To the extent that we use cookies based on your consent, you have the right to withdraw your consent at any time with effect for the future. You can withdraw your consent at any time with effect for the future, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

We use the following cookies:

10. Google services

We use the services, described below, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Your data are also processed by Google LLC in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Google LLC entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR. Basic information concerning your personal data, as processed by Google, can be found here: https://policies.google.com/privacy?hl=en.

Google also provides you with the following settings options:

10.1 Google Analytics

Provided you have given your consent, we use Google Analytics, a web-based service. Google Analytics uses cookies and collects pseudonymized data from you concerning your use of our website, including your truncated IP address. The information generated by the cookies regarding your use of the website (including your truncated IP address) are transferred to, and stored on, a Google server located in the United States. Google will use this information to evaluate your use of the website, to compile website activity reports for the website operator, and to generate further analyses and evaluations in conjunction with the use of our website and internet use. Google can also link these data with other data such as your search history, your personal account, the usage data of other devices, and additional data, which Google has stored regarding you. Where applicable, Google will also transfer this information to third parties insofar as such is required by law (such as government authorities) or to the extent that third parties process such data on behalf of Google.

The data logged with Google Analytics are stored for a time period of 14 months. Once this time period has lapsed, only aggregated statistics will be retained by Google Analytics. Google Analytics is used on the basis of your consent (Article 6(1)(a) GDPR).

You can deactivate Google Analytics through your browser add-ons, if you prefer not to allow the website analysis it performs. You can download this here: https://tools.google.com/dlpage/gaoptout?hl=en.

Alternatively, you can withdraw your consent at any time with effect for the future by clicking here to deactivate Google Analytics.

You also have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

10.2 Google Ads

  • 10.2.1 Google Ads Conversion Tracking
    Provided you have given your consent, we use Google Ads Conversion Tracking to analyze and to improve the performance and effectiveness of our advertising efforts within the Google network. For this purpose, we incorporate a Google tag into our website. If you interact with an advertisement within the Google network, a cookie will be dropped on your end device. With the help of this cookie, we know that users have clicked on our advertisements. From Google, we receive information regarding the number of users, who have clicked on our advertisements, and additional information regarding user interactions, after they have clicked on our advertisements. The cookie is deleted automatically 30 days after you clicked on an advertisement.

The legal basis for using said tag and said cookies is your consent (Article 6(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

11. HubSpot Analytics

We use the service HubSpot Analytics of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA and its subsidiary in Ireland: HubSpot Ireland Ltd., Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland (“HubSpot”).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and HubSpot entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Provided you have given your consent, we use HubSpot on our website to analyze and optimize your interactions with us on our website as well to improve the management of requests via our contact form and our customer relationships. For these purposes, we collect information about your visit (including, but not limited to, the referring URL, pages visited, time and duration of your visit).

The legal basis for the processing is your consent (Article 6(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

Further, the legal basis for the processing of your data is Article 6(1)(f) GDPR. We have legitimate interests in the efficient management of your requests as well as the management of our customer relationships

12. Microsoft Advertising

Provided you have given your consent; we use Microsoft Advertising of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P52 Ireland (“Microsoft”).

Your data are also processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Microsoft entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Provided you have given your consent; we use Microsoft Advertising conversion tracking cookies. If you have accessed our website via a Microsoft Bing ad, these cookies allow us to recognise that you have interacted with our ad and have been redirected to our website. For more information about how Microsoft processes your data, please see Microsoft's privacy policy at https://privacy.microsoft.com/en-GB/privacystatement.

Microsoft uses Cookies to track how you use our website to display interest-based advertising for our products across devices on other sites within the Microsoft advertising network. Microsoft uses these cookies to process information from which pseudonymous usage profiles are created. These usage profiles are used to analyse visitor behaviour and to display ads. This includes, but is not limited to, Bing search and other sites operated by Microsoft and its subsidiaries, as well as sites operated by Microsoft's advertising partners. Further data processing will only take place if you have consented to Microsoft linking your browsing history to your Microsoft account and using information from your Microsoft account to personalize ads that see you on the Internet. In this case, if you are logged into Microsoft while visiting our website, Microsoft will use your information to create and define targeting lists for cross-device remarketing.

The data collected are transferred to Microsoft servers and stored for 13 months.

The legal basis for the processing is your consent (Article 6(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal.

You can prevent Microsoft from collecting your data generated by the cookie and related to your use of the website, as well as the processing of this data by withdrawing your consent here: https://choice.microsoft.com/en-EN/opt-out.

13. Google Fonts

We use Fonts, a service of Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, United States (“Google”), to incorporate typefaces into our website. In using this service, we do not transfer personal data to Google. Nor does Google use cookies. Upon loading our website, however, your browser establishes a connection to Google servers and loads the required Google Font from your browser to your cache. While making this connection and loading the Google Font, it is necessary for technical reasons to transmit the following data to Google: your IP address, the version and the name of your browser, your monitor resolution, and your language settings. These data are transmitted to ensure that our website is presented homogeneously. Google will use your data only to present Google Fonts and will not compile your data with other data from other Google services. However, Google will evaluate your user data in aggregated form in order to measure the popularity of Google Fonts.

Google Fonts are saved for a period of one year in your cache. Google itself stores the data transmitted to Google for a time period of 12 months.

Google’s Privacy Policy can be found here: https://policies.google.com/privacy?hl=en; additional information regarding Google Fonts and processing can be found here: https://developers.google.com/fonts/faq.

14. Our social media efforts

14.1 Facebook fan page

You will also find us on Facebook at https://www.facebook.com/ScanbotSDK/. For users outside the United States and Canada, Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook Ireland”). For users inside the United States and Canada, Facebook is operated by Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, United States.

Even if you are not a registered Facebook user and you visit our Facebook fan page, Facebook can collect pseudonymized usage data from you. You can find additional information in Facebook’s Privacy Policy not only at https://facebook.com/about/privacy/, but also at https://www.facebook.com/legal/terms/information_about_page_insights_data. This Privacy Policy also contains information regarding settings options for your Facebook account.

It is possible that Facebook Ireland will share your data within the Facebook group and with other third parties. That sharing can entail that personal data are transferred to the United States and to other third countries, for which no adequacy decision of the EU Commission exists. In this case, Facebook Ireland relies on the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR. Here, too, you can find additional information in Facebook’s Privacy Policy.

In addition, we and Facebook Ireland are joint controllers for so-called insights data, which are generated whenever you visit our Facebook fan page. Insights data help Facebook Ireland to analyze the behavior exhibited on our Facebook fan page, and Facebook Ireland provides these data to us in anonymized form. For this purpose, we have entered into a joint controller addendum with Facebook Ireland, which you can review here: https://facebook.com/legal/terms/page_controller_addendum. In this addendum, Facebook Ireland agrees to assume primary responsibility under the GDPR for the processing of insights data and to comply with all applicable obligations under the GDPR with respect to its processing of insights data. This processing serves the legitimate interests we have in optimizing and curating our Facebook fan page to align with our needs, Article 6(1)(f) GDPR. Furthermore, we advise you of the following:

Facebook Ireland collects personal data from you whenever you visit, or if or like, our Facebook fan page as a registered Facebook user. If you are not a registered Facebook user and if you visit our Facebook fan page, Facebook Ireland can collect pseudonymized data from you.

Specifically, the following information is collected by Facebook Ireland:

  • viewing a page, post, or video associated with a page;
  • following or unfollowing a page;
  • liking or unliking a page or post;
  • recommending a page in a post or comment;
  • commenting on, sharing, or reacting to a page’s post (including the type of reaction);
  • hiding a page’s post or reporting it as spam;
  • clicking on the link to another Facebook page or on a link on a website outside Facebook, which directs to the page;
  • hovering over a link to a page or a page’s name or profile picture to see a preview of the page’s content;
  • clicking on a website, phone number, “Get Directions” button, or other button on a page;
  • the information whether you are registered through a computer or a mobile device while you visit a page or interact with it or its content.

You can find additional information in Facebook’s Privacy Policy for Page Insights Data at https://www.facebook.com/legal/terms/information_about_page_insights_data.

14.2 Twitter

We maintain a Twitter page. You can find our profile at https://twitter.com/scanbotsdk.

For users outside the United States, Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland (“Twitter International”). For users inside the United States, Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. You can find Twitter’s Privacy Policy at https://twitter.com/en/privacy. This Privacy Policy also contains information regarding settings options for your Twitter account.

We use Twitter Analytics. By using Twitter Analytics, we receive from Twitter International non-personal information regarding the use of our account. With this information, we are able to analyze and to optimize the effectivity of our Twitter activities.

Please note that Twitter International also transfers personal data to the United States and other third countries outside the European Economic Area, for which no adequacy decision of the EU Commission exists. In this case, Twitter International relies on the standard contractual clauses adopted by the Commission in accordance with Article 46(2)(c) GDPR.

14.3 LinkedIn

We also have a LinkedIn profile, located at https://www.linkedin.com/company/10507725/.

For users residing within the European Economic Area and in Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”). For all other users, LinkedIn is operated by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, United States. LinkedIn Ireland’s Privacy Policy can be found at https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. This Privacy Policy also contains information regarding settings options for your LinkedIn profile.

LinkedIn Ireland also transfers personal data to the United States and other third countries outside the European Economic Area, for which no adequacy decision of the EU Commission exists. You can find relevant information at https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en. According to the text linked to, LinkedIn relies on the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

In addition, we and LinkedIn Ireland are joint controllers for so-called page insights data, which are generated whenever you visit our LinkedIn page. For this purpose, we have entered into a joint controller addendum with LinkedIn Ireland, which you can review here: https://legal.linkedin.com/pages-joint-controller-addendum. In this addendum, LinkedIn Ireland agrees to assume primary responsibility under the GDPR for the processing of page insights data and to comply with all applicable obligations under the GDPR with respect to its processing of page insights data. This processing serves the legitimate interests we have in optimizing and curating our LinkedIn page to align with our needs, Article 6(1)(f) GDPR. Furthermore, we advise you of the following:

From LinkedIn Ireland, we receive non-personal information and analyses regarding the use of our account and interactions with our posts in connection with page insights. With this information, we are able to analyze and to optimize the effectivity of our LinkedIn activities. For this purpose, LinkedIn Ireland processes data including, but not limited to, the data you have provided to LinkedIn Ireland through the information in your profile. That information includes, for instance, the following data:

  • job title information,
  • country,
  • industry,
  • age,
  • company size, and
  • employment status.

LinkedIn Ireland also processes information regarding how you interact with our LinkedIn page: for example, whether you follow us on LinkedIn.

14.4 Community features

Whenever you visit us on social media (Facebook fan page, Twitter, LinkedIn), we process certain data of yours: for instance, whenever you interact with our page or our account; whenever you like, respond, or comment on a post; or whenever you provide other content. As a matter of routine, such data are processed based on the legitimate interest we have in providing you with relevant social media features (Article 6(1)(f) GDPR) and on the consent you have given to the respective platform operators (such as Facebook Ireland, Twitter International, LinkedIn Ireland), Article 6(1)(a) GDPR; or on your contractual relationship with the operators of the respective platforms (Article 6(1)(b) GDPR).

We advise that these areas are publicly accessible and that all personal information, which you give or provide during registration, can be seen by others. We cannot control how other users use this information. In particular, we cannot prevent undesirable messages from being sent to you by third parties.

Content uploaded to community areas can be stored for an unlimited period of time. If you would like us to remove content uploaded by you, send us an email with your request by using the address specified in Section 1 above.

15. Job applications

If you apply for a job via our website, we process your email address and the additional contact information provided by you and the information contained therein in order to process your application or to decide whether we wish to pursue your candidacy. Your application will be made available only to the persons responsible for job applications within our company. The legal basis for processing these data is § 26(1) and § 26(3) of the Bundesdatenschutzgesetz (Federal Data Protection Act, the “BDSG”).

Should we be in the unfortunate position of not being able to offer you a position, we will retain your application for up to 3 months after the application process has been completed, so that we are able to respond to any questions you might have in connection with your application.

16. Sharing data

As a matter of principle, your personal data will be shared without your express prior consent only in the cases specified below:

  • 16.1 If necessary for purposes of investigating the unlawful use of our services or for purposes of establishing our rights, personal data will be shared with law enforcement agencies and, where applicable, with injured third parties. Personal data will be shared, however, only if specific evidence exists, which is indicative of illicit or abusive conduct. Personal data can also be shared, when sharing that data serves to enforce terms of use or other agreements. Furthermore, we are required by law to provide information to certain public agencies. These include law enforcement agencies, government authorities that prosecute misdemeanors subject to fines, and fiscal authorities.

    Personal data will be shared not only on the basis of the legitimate interest we have in combatting abuse; in prosecuting crimes; and in securing, establishing, and enforcing claims, Article 6(1)(f) GDPR, but also on the basis of a statutory obligation, as contemplated by Article 6(1)(C) GDPR.
  • 16.2 In providing our services, we rely on third-party undertakings and outside service providers (“Processors”), each bound by contracts. In these cases, personal data are shared with these Processors for further processing. These Processors are carefully selected by us and audited at regular intervals in order to ensure that your rights and freedoms are preserved. Processors may use the data only for the purposes specified by us and are also required by contract to handle your data only in compliance with this Privacy Policy and with applicable data protection law.

    Data are shared with Processors on the basis of Article 28(1) GDPR, alternatively on the basis of the legitimate interest we have in the economic and technical benefits associated with the engagement of specialized Processors, Article 6(1)(f) GDPR. Beyond the Processers already specified in this Privacy Policy, we engage the following categories of Processers:
    - IT service provider
    - Cloud service provider
    - Hosting service provider
    - Software service provider
  • 16.3 In the course of developing our business, it is possible that the structure of doo GmbH will be changed, by changing its legal form; by establishing, selling, or buying subsidiaries or business divisions. In the event of such transactions, customer information will be passed on, together with any portion of the business to be transferred. In the event personal data are shared with third parties within the scope described above, we shall ensure that those data are shared in accordance with this Privacy Policy and with applicable data protection law.

Sharing personal data is justified on the grounds that we have a legitimate interest in changing the form of our undertaking to align, whenever necessary, with the economic and legal particularities on the ground, Article 6(1)(f) GDPR.

17. Transfers to third countries

We also process data in countries outside the European Economic Area (“EEA”), in so-called third countries, and/or transfer data to recipients in these third countries. The foregoing also includes the United States. Please note that, at present, there exists no adequacy decision of the EU Commission; that, in general, these third countries have an adequate level of data protection. In particular, there exists, at present, no adequacy decision of the EU Commission for the United States. For this reason, we rely on the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR, to structure the contractual relationships with third-country recipients. These can be viewed at any time by visiting: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. We and our service providers that process your data on our behalf (“Processors”) enter into the standard contractual clauses for data transfers to processers established in third countries (so-called EU controller to non-EU or EEA processor standard contractual clauses). For transfers to third parties in third countries, we use the relevant standard contractual clauses for transfers to third parties (so-called EU controller to non-EU or EEA controller standard contractual clauses).

18. Changes in purpose

Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).

19. Erasure of your data

Unless otherwise specified in this Privacy Policy, we erase or anonymize your personal data once they are no longer needed for the purposes for which we have collected or used them in accordance with the foregoing sections.

They will be stored for a longer period of time only to the extent required by law, including, but not limited to, for purposes of establishing, securing, or defending against claims.

The data are stored on the basis of our legitimate interest, of the requirement to create proper documentation of our business operations, and of our need to secure our legal position (Article 6(1)(f) GDPR). Insofar as your data are relevant for purposes of initiating a contract or performing contracts, they are stored for purposes of initiating and performing each individual contractual relationship (Article 6(1)(b) GDPR).

To the extent that we are bound by law to retain your data, we will store your data throughout the time period prescribed by law (Article 6(1)(c) GDPR). In particular, statutory rules and regulations governing storage of data can arise from the retention periods contemplated by the Handelsgesetzbuch (Commercial Code) or by the Abgabenordnung (German Fiscal Code). As a rule, the retention periods contemplated by these statutes are 6 years, commencing as of the end of the year in which we received your request.

20. Providing your personal data

Neither by law nor by contract are you required to provide your personal data.

To some extent, however, it is necessary that you provide personal data, so that we can provide you with our services and the features available on our website. In particular, it is necessary that you provide your personal data, so that we can take into receipt and process any requests you send to us; so that you can participate in requested online meetings; so that we can allow for contract initiations and performances; and so that you can use available social media community features. And it is necessary that you provide your data, so that we can take into receipt and process your job application.

Wherever it is necessary for you to provide certain data, we have identified that data by making it a required field. Providing further data is voluntary. The consequence of not providing required data is that we will be unable to provide the relevant services and features, including, but not limited to, our inability to take into receipt and to process your requests or to allow your participation in online meetings and/or to initiate or to perform contracts. Also, you will be unable to use our social media community features. If you do not provide us with the data required in connection with your job application, we will be unable to consider your job application. Where voluntary information is concerned, the consequence of your not providing it will be that we will be unable to provide the relevant features and services or that we will be unable to provide them as they are intended to be provided.

21. Automated individual decisions or profiling measures

We do not use automated processing processes to make decisions, including profiling.

22. Your rights as data subject

22.1 Right of access

Within the scope of Article 15 GDPR and § 35 BDSG, you have the right to obtain from us, at any time you request, access to the personal data concerning you. To exercise this right, you can submit your request by mail or via email by using the address given in Section 1 above.

22.2 Right to rectify inaccurate data

You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you. To exercise this right, please use the contact address specified in Section 1 above.

22.3 Right to erasure

Given the prerequisites described in Article 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you. In particular, these prerequisites prescribe a right of erasure, whenever the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed as well as in cases of unlawful processing, of the existence of an objection, or in case the data have to be erased for compliance with a legal obligation under European Union law or the law of any Member State, to which we are subject. To exercise your right set out in the foregoing, please use the contact address specified in Section 1 above.

22.4 Right to restriction of processing

Under Article 18 GDPR, you have the right to obtain from us the restriction of processing. This right exists in cases including, but not limited to, those in which the accuracy of the personal data is contested between you and us, for the period required to verify the accuracy, as well as in case you have a right to erasure, but request a restriction of processing instead of erasure; further in case the data are no longer necessary for the purposes pursued by us, but you need them to establish, to exercise, or to defend against legal claims, as well as if the successful exercise of an objection remains contested between us. To exercise your right as set out above, please use the contact address specified in Section 1 above.

22.5 Right to data portability

Under Article 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. To exercise your right as set out above, please use the contact address specified in Section 1 above.

22.6 Right to object

Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1). We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.

Unless otherwise specified in this Privacy Policy, please use the contact address specified in Section 1 to exercise your right, as set out above.

22.7 Right to lodge a complaint

You have the right to lodge a complaint with a competent supervisory authority. In this case, the supervisory authority for North Rhine-Westphalia is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2–4
40213 Düsseldorf
Germany
Telephone: +49 211 38424 0
Fax: +49 211/38424-10
Email: poststelle@ldi.nrw.de

22.8 Data processed when you exercise your rights

Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. This processing is based upon the legal basis of Article 6(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG.

Privacy Policy – App

Effective date: June 14, 2021

In this Privacy Policy, we inform you about which personal data we process in the context of your use of the Scanbot SDK Demo App for iOS and Android, and for which purposes your data is used.

You can access this Privacy Policy at any time under https://scanbot.io/en/privacy.html#app.

1. Controller/contact

The controller within the meaning of the data protection laws is:

doo GmbH
Joseph-Schumpeter-Allee 25
53227 Bonn
Germany

If you have any questions or suggestions concerning data protection, please email us at legal@scanbot.io.

You can reach our data protection officer at dataprivacy@scanbot.io.

2. Subject matter of data protection

The subject matter of data protection is personal data. Under Article 4(1) GDPR, this means any information relating to an identified or identifiable natural person; this comprises, for example, names or identification numbers.

3. Processing of personal data when using the app

We process personal data when using the app as described below.

3.1 Firebase Crashlytics
We use the service Firebase Crashlytics of Google Ireland Limited, Gordon House,Barrow Street, Dublin 4, Ireland (“Crashlytics”).

Your data are also processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Google entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

In the event of a crash or other technical error of the app, data on this specific event (e.g., which function of the app, which operating system, which type of device you were using, which type of error occurred and when it occurred) is processed using Crashlytics. We receive an anonymized crash report about the event.

The processing is based on Article 6(1)(f) GDPR as we have a legitimate interest to be informed about malfunctions of the app to enable us to quickly solve them and to prevent future malfunctions and crashes of the app.

The collected data will be deleted within a period of 90 days as soon as the troubleshooting is completed.

At any time, you have the option to prevent the aforementioned data processing by deactivating the corresponding setting within the app. On iOS, you can find the option to deactivate anonymous crash reports within the application settings of the app. On Android, you can find the option at the bottom of the main screen of the app under the tab “Crash Reporting”. Objecting is without prejudice to the lawfulness of the processing effectuated through the date of your objection.

4. Processing of personal data outside the app

Regarding information on the processing of personal data outside the App - for example, if you contact us by e-mail with questions, please refer to our privacy policy at https://scanbot.io/en/privacy.

5. Changes in purpose

Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).

6. Providing your personal data

Neither by law nor by contract are you required to provide your personal data.

7. Automated individual decisions or profiling measures

We do not use automated processing processes to make decisions, including profiling.

8. Your rights as data subject

8.1. Right of access
Upon request, you have the right to obtain from us at any time access to information on the personal data concerning you that are processed by us at the scope of Article 15 GDPR. For this purpose, you can send your request to the above address by mail or email.

8.2. Right to rectification of inaccurate data
You have the right to obtain from us without undue delay the rectification of the personal data concerning you if they are inaccurate. For this purpose, please contact the addresses named above.

8.3. Right to erasure
You have the right to obtain from us the erasure of the personal data concerning you under the prerequisites described in Article 17 GDPR. These prerequisites specifically stipulate an erasure right if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, and in cases of unlawful processing, upon objection or where there is an erasure obligation under European law or the law of the member state to which we are subject. In order to assert your above right, please contact the above addresses.

8.4. Right to restriction of processing
You have the right to request restriction of processing as contemplated by Article 18 GDPR. This right applies in particular when the accuracy of the personal data is disputed between the user and us, for the duration required to verify the accuracy, and if the user demands restricted processing instead of erasure if there is a right to erasure; furthermore, this right shall apply if the data is no longer required for the purposes pursued by us, but the user still needs them to establish, exercise or defend legal claims as well as if the successful exercise of the right to object is still disputed between us and the user. In order to assert your above right, please contact the above addresses.

8.5. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format as contemplated by Article 20 GDPR. In order to assert your above right, please contact the above addresses.

8.6. Right to object
You have the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, inter alia, on points (e) or (f) of Article 6(1) GDPR, as contemplated by Article 21 GDPR. We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Unless otherwise specified in this Privacy Policy, please use the contact address specified in Section 1 to exercise your right, as set out above.

8.7. Right to lodge a complaint
You have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:

North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information
(Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestr 2-4
40213 Düsseldorf
Germany
Phone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de


8.8 Data processed when you exercise your rights
Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. This processing is based upon the legal basis of Article 6(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG.