Privacy Policy

The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR / GDPR), is:

Hecht + Marciniak GbR Kronshagener Weg 61 24116 Kiel - Germany

Your data subject rights

You can exercise the following rights at any time using the contact details provided by our data protection officer:

  • Information about your data stored by us and its processing (Art. 15 GDPR),
  • Correction of incorrect personal data (Art. 16 GDPR),
  • Deletion of your data stored by us (Art. 17 GDPR),
  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data by us (Art. 21 GDPR) and
  • Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us consent, you can revoke it at any time with effect for the future.

You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your device (laptop, tablet, smartphone or similar) when you visit our website.

You can delete individual cookies or the entire cookie inventory. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you can find the necessary information under the following links:

Storage duration and cookies used:

The following cookies may be used on our websites:

  • Session cookie. Storage duration 1 month (only when signed in).
  • CSRF token: security cookie to prevent cross-site request forgery attacks (e.g. preventing execution of actions as a logged-in user by third parties). Storage duration: browser session.

Technically necessary cookies

Type and purpose of processing:

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

  • Registration, sign in, functionality of the application.

Processing is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a user-friendly design of our website.

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Third country transfer:

No

Provision mandatory or required:

The provision of the aforementioned personal data is not required by law or contract. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be restricted.

Objection

Please read the information about your right to object according to Art. 21 GDPR below.

Registration on our website

Type and purpose of processing:

For registration on our website, we require some personal data, which is transmitted to us via an input mask or the selected authentication provider (sign in with Google / Apple).

At the time of registration, the following data is also collected:

  • E-mail address,
  • Date of registration.

Your registration is necessary for the provision of certain content and services on our website.

The processing of the data entered during registration is based on the user's consent (Art. 6 para. 1 lit. a GDPR).

Recipients:

Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Third country transfer:

Your E-mail address may be transferred to the following third countries:

  • United States of America

The following data protection guarantees are in place:

  • Standard contractual clauses

Storage period:

Data will only be processed in this context as long as the corresponding consent has been obtained.

Provision mandatory or required:

The provision of your personal data is voluntary, based solely on your consent. Without the provision of your personal data, we cannot grant you access to our offered content.

Generation of questions in the application

Type and purpose of processing:

When generating questions, the selected text excerpts may be transferred to technical service providers that operate in the United States of America.

The processing of the data entered during registration is based on the user's consent (Art. 6 (1) lit. a GDPR).

Recipients:

Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Third country transfer:

The collected data may be transferred to the following third countries:

  • United States of America

The following data protection guarantees are in place:

  • Standard contractual clauses

Storage period:

Data will only be processed in this context as long as the corresponding consent has been obtained.

Provision mandatory or required:

The provision of text data is voluntary. However, without the provision of these, certain functions of the app cannot be used.

Newsletter

Type and purpose of processing:

For the delivery of our newsletter, we collect personal data that is transmitted to us via an input mask.

For an effective registration, we require a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the registration for the newsletter, the sending of a confirmation e-mail and the receipt of the response requested herewith. No further data is collected.

Based on your express consent (Art. 6 (1) a GDPR), we will regularly send you our newsletter or comparable information by e-mail to your specified e-mail address.

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. You will find a link to this effect in every newsletter. In addition, you can also unsubscribe directly on this website at any time or inform us of your revocation using the contact option provided at the end of this privacy notice.

Recipients:

Recipients of the data are, if applicable, order processors.

Third country transfer:

No

Storage period:

In this context, the data will only be processed as long as the corresponding consent has been obtained. After that, they will be deleted.

Provision mandatory or required:

The provision of your personal data is voluntary, based solely on your consent. Without existing consent, we can unfortunately not send you our newsletter.

You can revoke your consent to the storage of your personal data and its use for newsletter dispatch at any time with effect for the future. Unsubscribing can be requested via the link contained in every e-mail or from the data protection officer listed below or the person responsible for data protection.

Contact / Feedback form

Type and purpose of processing:

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address and your name. This is used for the assignment of the request and the subsequent response to the same. The provision of further data is optional.

The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR).

By providing the contact form, we would like to enable you to contact us in an uncomplicated manner. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Recipients:

Recipients of the data are, if applicable, order processors.

Third country transferG:

No

Storage period:

Data will be deleted no later than 6 months after processing the request.

If a contractual relationship arises, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and will delete your data after these periods have expired.

Provision mandatory or required:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the request.

Third parties

Some of the personal data collected is shared with third party service providers and our business partners.

Cloudflare, Inc.

Cloudflare, Inc. is a Content Delivery Network (CDN) that caches and delivers static assets, such as HTML documents, images, and videos, quickly. To transfer this data to your browser, your IP address is sent to Cloudflare servers.

Cloudflare, Inc. privacy policy can be found at: https://www.cloudflare.com/de-de/privacypolicy/

Formbricks

Formbricks runs all questionnaires, and stores your responses as well as the device you used to fill it out (desktop/laptop computer, smartphone, or tablet).

Formbricks's privacy policy can be found at: https://formbricks.com/privacy-policy

Google

We use G Suite by Google for our email and document management. All incoming and outgoing emails pass through Google Mail, and any associated data such as email addresses and headers are stored by Google. Additionally, we use Google Drive to store documents that may contain your email address.

Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en-US

Hetzner Online GmbH

We user servers and services of the Hetzner Online GmbH to host our website, and run the QuestionAid application and database. Your E-Mail Adress is stored in our database.

Hetzner Online GmbH privacy policy can be found at: https://www.hetzner.com/legal/privacy-policy

Lexoffice

We use Lexoffice to keep our books. In order to do that, we store your billing contact information in Lexoffice.

Lexoffice's privacy policy can be found at: https://www.lexoffice.de/datenschutz/

Posthog

Posthog is an open-source analytics software developed by Posthog, Inc. We use it to analyze anonymously (Anonymized IP, Browser & Device Information) how our service is utilized.

Posthog’s privacy policy can be found at: https://posthog.com/docs/privacy

Postmark

We use Postmark by ActiveCampaign, LLC to send transactional emails to customers, including the magical sign-in link. To accomplish this, we provide them with your email address whenever such an email is sent.

Postmark's privacy policy can be found at: https://postmarkapp.com/privacy-policy

Sendinblue

We use Sendinblue to send newsletters to customers and subscribers. To accomplish this, we provide them with your email address whenever such an email is sent.

Sendinblue's privacy policy can be found at: https://www.sendinblue.com/legal/privacypolicy/

Stripe

If you are a paying customer, your credit card data, name, office address and email address are securely stored and processed by Stripe, our payment provider. We can access this information, but we can only see the expiry date and the last four digits of your card. We cannot see your credit card number or CVC.

Stripes's privacy policy can be found at: https://stripe.com/en-de/privacy

We will only share your personal data when you have given us explicit consent, or when it is necessary for the performance of a contract, legal obligation, or legitimate interests of Hecht + Marciniak GbR. Additionally, we may be obliged to disclose your personal data based on a request or order from a competent authority.

If your personal data is transferred to parties outside of the European Union, we will ensure that there is an adequacy decision from the European Commission or other appropriate safeguards in place. You have the right to obtain a copy of these safeguards by sending an email to [email protected].

Embedded YouTube videos

We embed YouTube videos on our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA (hereinafter "Google"). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. In the process, YouTube is informed which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behavior.

For more information about the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy of the provider, There you will also find more information about your rights in this regard and settings options to protect your privacy (https://policies.google.com/privacy).

No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent tracking of your activities on our website, please revoke your consent for the relevant cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website, or only to a limited extent.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Information about your right to object according to Art. 21 GDPR

Individual right of objection.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipients of an objection

Malte Hecht ([email protected])

Changes to our privacy policy

We reserve the right to adapt this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new data protection statement will then apply to your next visit.

Questions for the data protection officer

If you have any questions about data protection, please write us an e-mail or contact the person responsible for data protection in our organization directly:

Malte Hecht ([email protected])

This privacy statement was created with the help of activeMind AG, the experts for external data protection officer (version #2020-09-30).