Qreuz Privacy Policy

Last updated: February 21st, 2020

If you have questions about how we collect, store, and process your data, contact us at any time. Our contact details can be found in our legal notice.

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for the conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.

1. Definitions

Personal data” is any information relating to an identified or identifiable natural person.

GDPR” means EU General Data Protection Regulation 2016/679.

2. Server log files 

You can use our websites without submitting personal data.  

Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes, for example, the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.    

3. User accounts

When you register to our service and open a user account, we will collect your personal data in the scope given there. The data processing is for the purpose of providing you access to our software-as-a-service services and the required authentication of you with the service. The processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your user account will then be deleted.

4. Collection, processing, and transfer of personal data in orders 

When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfillment of your order as well as the processing of your queries. The provision of data is necessary for the conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Art. 6 (1) lit. b GDPR and is required for the fulfillment of a contract with you.  

Your data is transferred here to the applicable payment service provider in order to process the payment, and to an email service provider (as specified in Annex 1) in order to send you email notifications about your order and the relevant wording of the contract. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.

5. Collection and processing when using the contact form  

When you use the contact form, we will only collect your personal data (name, email, message text) in the scope provided by you. The data processing is for the purpose of making contact. By submitting your message you agree to the processing of your transmitted data. Processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. We will only use your email address to process your request. Finally, your data will be deleted, unless you have agreed to further processing and use.

6. Data collection when you post a comment  

When you comment on an article or a contribution, we collect your personal data (name, email address, comment text) only in the scope provided by you. The processing serves to allow you to comment and to display comments. By submitting the comment, you agree to the processing of the transmitted data. The processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your personal data will then be deleted.

On publication of your comment, only the name you have entered will be published.

On submission of your comment, your IP address will also be saved in order to prevent misuse of the comment function and to ensure the security of our IT systems. By submitting the comment you agree to the processing of the transmitted data. The processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your IP address will then be deleted.

7. Use of email and text messages

We are utilizing the email and text message service provider Sendinblue SAS (55, rue d’Amsterdam, 75008 Paris, France) to send transactional electronic communication during orders, notifications relating to your user account, newsletters, and other marketing emails. You can find the privacy policy of our email and text message service provider at https://sendinblue.com/legal/privacypolicy/

7.1. Use of your email address for mailing of newsletters 

We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the mailing list. Your data will be forwarded to our email service provider in the course of subscribing to our newsletter.

7.2. Notifications in relation to your user account and direct marketing

We use your email address, which we obtained when you registered to our service, to electronically send you relevant notifications and status messages relating to your use of our service. Furthermore, we may send you marketing messages for our services which are similar to those you have already signed up for unless you have objected to this use. If you store your phone number in your user account, we may use this as well to send you electronic notifications.
In your user account, under “Notifications”, you are able to adjust which kind of electronic communication we may send you.

The processing will be carried out on the basis of Art. 6 (1) lit. f GDPR due to our justified interest in providing our service and in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our legal notice. You can also use the link provided in the respective marketing email. This will not involve any costs other than transmission costs at basic tariffs.

7.3. Use of your email address for authentification requests

We use your email address, which we obtained when you started the process to authenticate a new website with our service, to electronically send you an authentification email. This email will include an encrypted link to authenticate with our service. We will not use your email address which we obtained in this context in any other way. Your data will be forwarded to our email service provider in the course of authenticating a new website with our service. The processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your email address will then be deleted.

8. Payment service providers      

8.1. Use of PayPal

All PayPal transactions are covered by the PayPal Data Privacy Statement. You can find this at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en

8.2. Use of Stripe

On our service, we are offering payments with a credit card. If you select this payment method, the transaction will be conducted by the Stripe Payments Europe Ltd., C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1, IRELAND (“Stripe”). Only for the processing of the payment, and only if required, we will transfer your encrypted data based on Art. 6 (1) lit. b GDPR to Stripe. All Stripe transactions are covered by the Stripe Privacy Policy. You find this at https://stripe.com/privacy

9. Cookies 

9.1. Use of cookies and technical countermeasures

Our website uses cookies. Cookies are small text files that are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.

Cookies will be stored on your computer. You, therefore, have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies that have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website. Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

9.2. Technically necessary cookies

Insofar as no other information is given in the privacy policy below we use only these technically necessary cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognize your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognized again after a page change.

Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.

You have the right to veto this processing of your personal data according to Art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

10. Analysis and advertising  

10.1. Use of Qreuz

Our website uses our own analysis and marketing automation tool “Qreuz”. We are using Qreuz to analyze our website content, traffic flows, and the website visitors’ behavior. This data processing is conducted for marketing and optimization purposes. The following data will be transmitted to and processed by our own analysis and marketing automation software:

  • website address (URL) and page path
  • date and time of your visit
  • referring website that brought you to our website (if applicable)
  • search terms (if applicable)
  • an anonymized derivative of your IP address
  • operating system of your device, browser, and version
  • language and country

     

Unless you are authenticating with our service (e.g. by logging in into your user account), there will not be set any tracking cookies or other browser-based mechanisms that would allow us to identify you as the source of the transmitted data. A pseudonymized usage profile can be created from the transmitted data and if you are a registered user to our service, we may be able to attribute previously generated pseudonymized profiles to your user account.
The collected data will be stored in a database within the European Union.
This data processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in improving our services, observing visitor behavior by tracking conversions, and the needs-based design of our website. You have the right to veto this processing of your personal data according to Art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

10.2. Use of Intercom

Our website uses the live-chat, communication, and marketing automation service Intercom by Intercom R&D Unlimited Company (2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Ireland). The system serves to facilitate communication between you and us in our role as the provider. A usage profile can be generated from this data under a pseudonym. We have implemented Intercom’s live-chat and marketing automation tracking tag on our website for this purpose. The Intercom tag is using cookies for this purpose. Cookies facilitate recognition of your internet browser.

If you provide your email address with your explicit consent, it will be added to the previously generated usage profile. If you are a registered user to our website, additionally, a usage profile can be generated from the data of your user account.

The Intercom tag sets up a direct connection to Intercom’s servers when you visit our website. This informs the Intercom server which of our web pages you have visited. When you complete a purchase on our website, subscribe to our newsletter, or create a user account, you will then receive personalized, interest-related messages from us.

The Intercom tag will only be activated after you give us your consent to do so and, therefore, the data processing will be carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. Once activated, you can disable tracking for Intercom marketing automation and the live-chat here.

You can find more information about Intercom’s privacy policy for the protection of personal data at https://www.intercom.com/terms-and-policies#privacy

11. Plug-ins

11.1. Use of the Google Tag Manager 

Our website uses the Google Tag Manager from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is, therefore, the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimization of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use-policy.html.

11.2. Use of Google reCAPTCHA  

Our website uses the reCAPTCHA service by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). 

Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller responsible for your data if you have your habitual residence in the European Economic Area or Switzerland. Google Ireland Limited is, therefore, the company affiliated with Google which is responsible for processing your data and for compliance with applicable data protection laws.

The request serves to distinguish whether the input was made by a human or automatic machine processing. For this purpose, your input will be transmitted to Google and used by them further. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transferred to Google. This data will be processed by Google within the EU and potentially also in the USA. Transmission of data to the USA is covered by an adequacy decision by the European Commission, the “Privacy Shield”. Google participates in “Privacy Shield” and has submitted to its requirements.  

Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our legitimate interest in protecting our website from automated spying, misuse, and SPAM. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with Art. 6 (1) lit. f GDPR. 

You can find more detailed information on Google reCAPTCHA and the associated data protection declaration at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy

11.3. Use of Google invisible reCAPTCHA 

Our website uses the invisible reCAPTCHA service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This serves to distinguish whether the input was made by a human or automatic machine processing. In the background, Google collects and analyzes usage data which is also used by invisible reCaptcha to distinguish between regular users and bots. For this purpose, your input will be transmitted to Google and further used there. In addition, the IP address and, where applicable, other data required by Google for the invisible reCAPTCHA service will be transmitted to Google. This data will be processed by Google within the European Union and, where necessary, also in the USA. For data processing in the USA, in accordance with the US-EU Data Protection Agreement, Google has become subject to the “Privacy Shield” and is therefore obliged to observe European data protection laws. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our legitimate interest in protecting our website against automated spying, misuse, and SPAM. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with Art. 6 (1) lit. f GDPR.

You can find more detailed information on Google reCAPTCHA and the associated data privacy policy at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

11.4. Use of YouTube

Our website uses the function for embedding YouTube videos by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

This feature shows YouTube videos in an iFrame on the website. The option “advanced privacy mode” is enabled here. This prevents YouTube from storing information on visitors to the website. It is only if you watch a video that information is transmitted to and stored by YouTube. Your data may be transmitted to the USA. In accordance with the US-EU Data Protection Agreement, Google has become subject to the “Privacy Shield” and is therefore obliged to observe European data protection laws.

The data processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our legitimate interest in the needs-based and targeted design of the website. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out in accordance with  Art. 6 (1) lit. f GDPR.

Further information on the data collected and used by YouTube and Google and your associated rights and options for protecting your privacy can be found in YouTube’s privacy policy (https://www.youtube.com/t/privacy).

11.5. Use of Wordfence

Our website uses Defiant Inc.’s (800 5th Ave Ste 4100, Seattle, WA 98104, USA) service Wordfence. This service protects our website against unauthorized and malicious login attempts, data theft, and the use of malware. For this purpose, the service matches several visitor data (e.g. the IP address) and uses cookies.

In the case of an unauthorized and malicious access attempt, the attacker’s data (e.g. IP address, time of the attack, location, device data) will be transferred to Wordfence. Malicious access attempts are usually automated, multiple attempts to log in to our website with stolen or imitated user data. The data about malicious access attempts may also be transmitted to the USA. This transmission is conducted based on Standard Contractual Clauses according to Art. 46 (2) lit. c GDPR.

The data processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in protecting our website from automated spying, misuse, unauthorized access, and data theft.

You can find more detailed information on the data processing of Wordfence, the cookies of this service, and the Standard Contractual Clauses at https://www.wordfence.com/help/general-data-protection-regulation/.

12. Rights of persons affected and storage duration

12.1. Duration of storage  

After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.

12.2. Rights of the affected person 

If the legal requirements are fulfilled, you have the following rights according to Art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on Art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to Art. 21 (1) GDPR.

If you have questions about how we collect, store, and process your data, contact us at any time. Our contact details can be found in our legal notice.

12.3. Right to complain to the regulatory authority 

You have the right to complain to the regulatory authority according to Art. 77 GDPR if you believe that your data is not being processed legally.

12.4. Right to object 

If the data processing outlined here is based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect. 

If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defense of legal claims. 

If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process your personal data for the purposes of direct advertising.