Last Updated May 17, 2018
1. Data Controller
Avenga Germany GmbH as provider of the service wao.io.
Avenga Germany GmbH
50667 Köln (Cologne)
Tel. +49 221 84630 0
Jan Webering (CEO)
Data Protection Commissioner:
Roderich Pilars de Pilar
2. Information on data processing, legal bases and terms
The terms used, such as "personal data" or their "processing", refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). "Personal data" are all information relating to an identified or identifiable natural person; a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. "Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data. "Responsible person" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.
Based on Art. 6 para. 1 lit. f. GDPR we are legitimate to log data on every access to our server (so-called server log files).
We will collect personal data from you only (i) where we need the personal data to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our services and communicating with you as necessary to provide these services, for example when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
3. Safety measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
4. Data collected and stored
1. Data you voluntarily provide
- Account Registration. When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.
- Payment Information. When you add your financial account information to your Account, that information is directed to our financial department.
- Communications. If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us.
2. Data collected by using our services
- Cookies and other tracking technologies. When you use our services, we may collect certain information automatically from your device. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our services. Cookies contain a small amount of information that allows our web servers to recognize you. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our services, about the functionality of our services, frequency of visits, and other information related to your interactions with the services. We may track your use across different websites and services. In some countries, including countries in the European Economic Area ("EEA"), the information referenced above in this paragraph may be considered personal data under applicable data protection laws.
- Usage of our services. When you use our services, we may collect information about your engagement with and utilization of our services, such as domain names, IP address, browser type, operating system, access times and referring website addresses. This type of information does not personally identify you. We use this data to operate the services, maintain and improve the performance and utilization of the services, develop new features, protect the security and safety of our services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
5. Google Analytics
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection of data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link .
For more information about Google's data usage, hiring and opt-out options, please visit Google's websites: Google's use of your data when you use websites or apps our partners, Use of data for promotional purposes, Managing information that Google uses, to show you advertising.
6. Data transfer to third parties and third parties providers
- Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
- You may access other third-party services through the services, for example by clicking on links to those third-party services from within the services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.
- We are using features of the LinkedIn network. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. Each time you visit one of our pages that contains LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn's "Recommend Button" and are logged in to your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn. LinkedIn privacy statement, opt-out
- We are using features of the service Twitter. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. Privacy Statement from Twitter. You can change your privacy settings on Twitter in the Account Settings here.
- We are using features of the service Facebook. These features are available through Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland. By using Facebook and the "Facebook button", the websites you visit are linked to your Facebook account and shared with other users. This data is also transmitted to Facebook. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Facebook. Privacy Statement from Facebook. You can change your privacy settings on Facebook in the Account Settings here.
- We are using features of Microsoft to verify account information incl. the email address of our users. The Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA is certified for International Data Transfers. To comply with EU data protection laws around international data transfer, Auth0 self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Microsoft Privacy Statement.
7. Data retention
We may retain electronically submitted information as long as necessary to respond to your request, depending on the subject matter. Computer web server logs may be preserved as long as administratively necessary and are scheduled for destruction in accordance with approved guidelines. The information in the logs may be used at any time as necessary to prevent security breaches and to insure the integrity of the data on our servers. If you use an online form to receive or register for informational e-mail updates or for other purposes, information you provide may be retained so that we can notify you about changes or upgrades, where appropriate.
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
For the hosting of status.wao.io we use the service sloppy.io of Astralus BV, Londensekaai 1, 4331JG Middelburg, NETHERLANDS. As part of the hosting, the IP address of the user (anonymous) in the form of log files is transferred to the Astralus BV, where it will be deleted after 2 months at the latest. It processes the data on our behalf in accordance with Art. 28 (3) sentence 1 GDPR.
If you are a registered user, you may access certain information associated with your Account by logging into our services or emailing firstname.lastname@example.org. If you terminate your Account, any public activity on your Account prior to deletion may remain stored on our servers and may remain accessible to the public.
To protect your privacy and security, we may also take reasonable steps to verify your identity before updating or removing your information. The information you provide us may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your information may be temporarily limited where access and correction could: inhibit wao.io's ability to comply with a legal obligation; inhibit wao.io's ability to investigate, make or defend legal claims; result in disclosure of personal data about a third party; or result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to wao.io or a third party.
We use Auth0 to verify account information incl. the email address of our users. Auth0 is certified for International Data Transfers. To comply with EU data protection laws around international data transfer, Auth0 self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shieldframework.
9. Your personal Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the EEA, you have the following data protection rights:
- If you wish to access, correct, update, or request deletion of your personal data, you can do so at any time by emailing email@example.com.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you.
- Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
10. Live Support and customer care
Via the chat function on our website, users have the opportunity to directly contact the wao.io team, for example to clarify questions about the service. The use of the chat does not require the provision of personal data
For the service mentioned we use Intercom, a live-chat software of the company Intercom Inc. Intercom uses "cookies", text files that are stored on your computer and that allow for personal conversation in the form of a real-time chat on the Site with you.
Additionally we use Intercom to support our registered users. We store personal data includes name, address, e-mail address and any other data provided by our users. The processing of this data takes place in accordance with the explicit consent of the candidate in accordance with Art. 6 para. 1 lit. a. and Art. 7 GDPR.
Intercom is certified for International Data Transfers. To comply with EU data protection laws around international data transfer, Intercom self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shieldframework.
11. Your choices
You may unsubscribe from receiving certain promotional emails from us. If you wish to do so, simply follow the instructions found at the end of the email. Even if you unsubscribe, we may still contact you for informational, transactional, account-related, or similar purposes.
12. Children’s privacy
Description of contents of our newsletter as well as the registration, shipping and statistical evaluation procedures as well as your right of objection. We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only to our registered users with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters contain information about our products, offers, promotions and our company.
Termination / Revocation: The newsletter will be send to our registered users. You can terminate the receipt of our newsletter at any time, i. Revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter.
For shipping we use "Mandrill", a service of Mailchimp, provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Mandrill/MailChimp is certified for International Data Transfers. To comply with EU data protection laws around international data transfer, Mandrill/MailChimp self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shieldframework. See their Data Policy here.
The data controller of your personal information is Avenga Germany GmbH as owner and provider of the service wao.io.