Privacy Policy.
Any collection, processing and use (hereinafter "use") of data is solely for the purpose of providing our services. Our services have been designed to use as little personal information as possible. For that matter, "personal data" is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called "affected person"). The following statements on data protection describe what types of data are collected when accessing our website, what happens with these data and how you may object to data usage.
1. General information on data processing
1.1. Person Responsible (Controller)
Responsible within the meaning of the EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is:
Home HT GmbH
Address: Mulackstraße 19, 10119 Berlin
Phone: +49 30 88789123
Email: datenschutz@buena.com
Homepage: www.buena.com
1.2. Name and address of the Data Security Officer
The data protection officer is:
DataCo GmbH
Nymphenburger Str. 86
80636 München, Deutschland
https://www.dataguard.de
1.3. Protection of your data
We have taken technical and organizational measures to ensure that the requirements of the EU General Data Protection Regulation (GDPR) are met by us, as well as, by external service providers working for us.
If we work with other companies to provide our services, such as email and server providers, this will only be done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. This selection procedure will be documented in writing and an agreement on the order processing of data (data processing agreement) will only be concluded if the third party complies with the requirements of Art. 28 GDPR.
Your information will be stored on specially protected servers. Access to it is only possible for a few specially authorized persons. Our website is SSL/TLS encrypted, as can be seen by the https:// at the start of our URL. This also involves e-mail communications, which is encoded via SSL certificate.
1.4. Erasure of personal data
We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.
2. Use of data on this website and in logfiles
2.1. Scope of processing personal data
When visiting our website, our web servers temporarily store every access in a log file. The following data is collected and stored until automated erasure:
• IP-address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Transmitted amount of data
• Message if the retrieval was successful
• Detection data of the browser and operating system used
• Website from which access is made
We or our partners may process additional data occasionally. You will find information about this below.
2.2. Legal basis for processing personal data
The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interest is to make our website accessible for you.
2.3. Purpose of data processing
The processing of this data serves: the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure, as well as to optimize the website. The IP address is evaluated only in case of attacks on our network infrastructure or the network infrastructure of our internet provider.
2.4. Duration of storage
As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out. This happens as soon as you close our website. Our hosting service might use data for statistical purposes. Any personal data will be anonymized for this. Our hosting service will delete this data after a period.
2.5. Right of objection and erasure
The data processing is necessary in order to present the website and to ensure the website’s operation. Therefore, objecting is impossible.
2.6. Hostingprovider - Amazon Web Services (AWS)
Our website uses the services of the hosting provider AWS. Data processing is carried out by: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg 1855, Luxembourg (a subsidiary of Amazon.com Inc., 410 Terry Avenue North, Seattle WA 98109, USA).
You can find more information on the data protection of the service provider here: https:// aws.amazon.com/de/privacy
2.7. Hostingprovider – Vercel Inc.
As part of hosting, we also use the service of the cloud deployment platform Vercel. The data processing is carried out by: Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA.
For more information on data protection at Vercel: https://vercel.com/legal/privacy-policy
3. Use of cookies
3.1. Description and scope of data processing
Our website uses cookies. This means that when using the website, cookies are stored on your computer. Cookies are small text files which are assigned to the browser you are using and which are stored on your hard drive. Through this information flows to us or the party who set the cookie. Cookies cannot run programs on or transmit viruses to your computer. They are used to analyze the use of our website in anonymized or pseudonymized form and to enable personalized advertisements on this website. The following data may be transmitted:
• Frequency of website visits
• Which functions of the website are used by you
• Language settings
Upon entering our website, a cookie banner informs you about the use of cookies on this website and asks for your consent to the use of cookies. Also, you are pointed to the data privacy statement of this website.
3.2. Legal basis for data processing
The legal basis for the processing of data by cookies, which do not only serve the functionality of our website, is Art. 6 para. 1 s. 1 lit. a) GDPR.
The legal basis for the processing of data for cookies, which serve only the functionality of this website, is Art. 6 para. 1 s. 1 lit. f) GDPR.
3.3. Purpose of data processing
Our legitimate interests are to provide you with a working website connection and to ensure a comfortable use of this website. Also, we need to process your personal data to solve occurring safety and security issues, as well as to ensure system stability.
The data processing takes place to make a statistical evaluation of our website possible.
3.4. Duration of storage
This website uses the following types of cookies. The extend and function of each are being explained below:
• Transient cookies (see a)
• Persistent cookies (see b)
a) Transient cookies are automatically deleted when you close the browser. This is especially true for session cookies which store your session ID, with which various requests from your browser can be assigned to your session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
3.5. Right to objection and erasure
You have the possibility to revoke your consent to the data processing by means of cookies, which do not only serve the functionality of the website. In addition, we do not set cookies until you have agreed to set cookies when you visit the site. In this way, you can prevent data processing via cookies on our website. You can also delete the cookies in your browser's security settings at any time. Please note that you may not be able to use all the features of this website. The setting of cookies can also be prevented at any time by appropriate settings in your internet browser.
4. Contact
4.1. Description and scope of data processing
Via our website it is possible to contact us via contact form by Typeform. This will require different data to answer the request, which will be automatically saved for processing. The following data are required to process your request: E-Mail-Adresse
Your data will not be passed on to third parties, unless you have given your consent.
4.2. Legal basis for data processing
The legal basis depends on Art. 6 para. 1 s. 1 lit. b) GDPR.
4.3. Purpose of data processing
The processing of personal data from the input form is used solely handling the contact request.
4.4. Duration of storage
The data will be deleted as soon as we answer your request. There might occur rare cases when legal or contractual retention periods interfere with the erasure of your personal data. In this case your data will be deleted after these periods.
4.5. Right to objection and erasure
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us, they can object to storage of their personal data at any time. In such cases, the conversation cannot be continued. All personal data that has been stored in the course of the contact will be deleted.
4.6. Typeform
4.6.1. Description and scope of data processing
Our We use forms on our website that are hosted by Typeform. This enables us to respond to the concerns of our users and provide you with an easier way to contact us. The data processing is carried out by: TYPEFORM SL, c/ Bac de Roda, 163 (local), 08018 Barcelona – Spain.
For this purpose, the following personal data is processed as a minimum when the page is accessed
• IP address
Optionally, the following data is also processed for the purpose of initiating a contract
• Name of the form sender
• Name of the company
• Delivery address
• Billing address
• Name of the contact person
• Telephone number of the contact person
• E-mail address of the form sender
• Details of the desired product
• Other contact options
No further personal data is collected for the purpose of the customer survey.
We have concluded an order processing contract (AV contract) with Typeform for the data protection-compliant use of your data. Typeform is ISO27001 and SOC2 certified. You can view the data processing agreement provided by Typeform and the privacy policy here: https://admin.typeform.com/to/dwk6gt/?typeform-source=www.typeform.com
4.6.2. Legal basis for data processing
This data is processed for the purpose of initiating a contract on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
This data is processed for the purposes of customer surveys on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is based on offering you clear guidance and advice on our services through our service provider.
4.6.3. Purpose of data processing
We use the forms hosted by Typeform to respond to users' questions and, if necessary, to initiate or conclude a contract.
4.6.4. Duration of storage
Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, usually immediately after the enquiry has been answered. In rare cases, however, we may store your data for a longer period of time. This may result from legal, official or contractual obligations.
4.6.5. Right to objection and erasure
The rights of persons affected by data processing at Typeform, in particular the right to object, rectification, erasure and blocking, must be asserted against us. Please contact our data protection officer for this purpose.
4.7. AirCall
Description and scope of data processing
We use a cloud telephone system on our website that is hosted by Aircall. This enables us to respond to the concerns of our users and provide you with an easier way to contact us. The data processing is carried out by: Aircall SAS, 11 Rue Saint-Georges, 75009 Paris, France.
For this purpose, the following personal data is processed as a minimum when the page is accessed
• IP address
• your name
• telephone number
Optionally, the following data is also processed for the purpose of initiating a contract
• E-mail address of the form sender
• Details of the request
No further personal data is collected for the purpose of the customer survey.
We have concluded an order processing contract (AV contract) with Aircall for the data protection-compliant use of your data. Aircall is ISO27001 and SOC2 certified. You can view the AV contract provided by Aircall and the privacy policy here: https://aircall.io/privacy/
4.7.1. Legal basis for data processing
This data is processed for the purpose of initiating a contract on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.
4.7.2. Purpose of data processing
We use the cloud telephone system hosted by Aircall to respond to users' questions and, if necessary, to initiate or conclude a contract.
4.7.3. Duration of storage
Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, usually immediately after the enquiry has been answered. In rare cases, however, we may store your data for a longer period of time. This may result from legal, official or contractual obligations.
4.7.4. Right to objection and erasure
The rights of persons affected by data processing at Aircall, in particular the right to object, rectification, erasure and blocking, must be asserted against us. Please contact our data protection officer for this purpose.
5. Registration on the website
5.1. Description and scope of data processing
The data subject can register on our website. This requires the data subject to enter personal data in the registration form. The following data is at least collected for this:
• First name
• Last name
• Email address
• Address of the rental property/properties
• Details of the rental property to determine the rental price (Rental period, size, floor, year of construction, renovation/modernization, equipment, furnishings)
The information provided by the data subject in the registration mask will be used exclusively for processing and will not be disclosed to third parties.
5.2. Legal basis for data processing
If the data subject enters mandatory personal data in the registration form, the legal basis of the data processing is based on Art. 6 para. 1 s. 1 lit. b) GDPR. However, if the user also enters personal data in the optional input field, the data processing is based on Art. 6 para. 1
s. 1 lit. a) GDPR.
5.3. Purpose of data processing
The processing of personal data is used solely for us to finish your registration and organize your website-account.
5.4. Duration of storage
The data are deleted as soon as the purpose of storage is no longer required. This is the case if you delete your account and no statutory or regulatory retention periods of erasure contradict.
5.5. Right to objection and erasure
During and after the registration, the data subject is free to change, correct or delete their personal data.
6. Data processing for applications
6.1. Description and scope of data processing
We offer the opportunity to apply for jobs through an application portal "Join.com". For this purpose, personal data is processed and stored for further processing during the respective application process.
6.2. Legal basis for data processing
Data processing will be based on Art. 88 GDPR and § 26 BDSG.
6.3. Purpose of data processing
We process your data exclusively for the purpose of carrying out the application process.
6.4. Duration and storage
In case of successful application and employment, the personal data is stored in accordance with the legal requirements. In case of unsuccessful application, the data will be deleted in accordance with the rules of the local erasure concept. In doing so the provisions of the AGG (German Employment Law), especially the existing evidence pursuant to § 22 AGG, are taken into account.
This does not apply if we are obliged to any legal erasure periods or if you have given consent to store your data for further communication with us (e.g. we have another suitable job in the future). If you have given consent the legal basis for further storage of your data is Art. 6 para. 1 s. 1 lit. c) or lit. a) GDPR.
6.5. Right to objection and erasure
You can contact us at any time and object to further processing of your data. All personal data of the application process will be deleted in this case.
6.6. Join.com
6.6.1. Description and scope of data processing
We use the "Join.com" application tool on our website. This enables us to attract applicants, find the right employees and provide you with an easier application process. The data processing is carried out by: JOIN Solutions GmbH, Schönhauser Alle 36, 10435 Berlin, Germany.
For this purpose, the following personal data is processed as a minimum when the page is accessed
• Email address
• First name
• Surname
• Curriculum vitae
Optionally, the following data is also processed for the purpose of initiating a contract:
• Cover letter
You can view the privacy policy here: https://join.com/de/datenschutz
6.6.2. Legal basis for data processing
The legal basis for the processing of your personal data in this application procedure is Art. 88 GDPR in conjunction with. § 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.
Data processing via Join.com is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is the organised processing of applicant data.
6.6.3. Purpose of data processing
We process your data exclusively for the purpose of carrying out the application procedure.
6.6.4. Duration and storage
If the application leads to an employment relationship, the personal data will be stored accordingly in compliance with the statutory provisions. If the applicant's application is not considered in the selection of a potential candidate, it will be deleted in accordance with the rules of the deletion concept here, taking into account the provisions of the AGG, in particular the existing burden of proof under Section 22 AGG.
This does not apply if statutory provisions prevent deletion or if you have given your consent to longer storage. In this case, the further storage of your personal data takes place on the basis of Art. 6 para. 1 sentence 1 lit. c) or lit. a) GDPR.
6.6.5. Right to object and erasure
You can contact us at any time and object to further processing of your data. You can also request the deletion of your personal data yourself via the data protection officer of JOIN Solution GmbH datenschutz@join.com. All personal data processed by us in the course of the application process will be deleted in this case, unless deletion is prevented by mandatory statutory provisions.
7. Conclusion of contract on the website
7.1. Description and scope of data processing
If you commission us to manage your real estate, we will process your name, address, telephone number and e-mail address.
7.2. Legal basis for data processing
The legal basis for the associated data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR,
i.e. the processing of your data is necessary for the fulfillment of the service contract.
7.3. Purpose of data processing
We process your data in order to conclude the service contract with you, to process the service contract including invoicing by e-mail or post and receipt of payment, to ensure punctual performance and to inform you of changes.
7.4. Duration of storage
Your data will only be stored for as long as is necessary to fulfil the purpose and as long as we are obliged to store your data due to legal, contractual or official obligations.
7.5. Right to objection and erasure
Data processing is absolutely necessary in order to be able to fulfil your service contract, which is why it cannot be dispensed with. There is therefore no possibility of cancellation.
7.6. Stripe
7.6.1. Description and scope of data processing
We offer Stripe as a payment service. With Stripe, you can use payment information stored in your Stripe account to make purchases quickly and securely. To use the payment service through Stripe, prior registration is required. The data processing is carried out by: Stripe Payments Europe Ltd (subsidiary of Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA).
The information collected by Stripe includes:
• Payment method
• Payment method information (e.g. credit or debit card number or bank account details)
• Purchase amount
• Date of payment.
Different payment methods may require the collection of different categories of data. The payment method information Stripe collects depends on the payment method you choose. When you complete a transaction, Stripe may also receive:
• Name
• Email address,
• Billing address
• and in some cases your transaction history to authenticate you.
For more information, please see Stripe's privacy policy: https://stripe.com/en-lu/privacy
7.6.2. Legal basis for data processing
Our legal basis is based on Art. 6 para. 1 s. 1 lit. b) GDPR.
7.6.3. Purpose of data processing
The transmission of the data is necessary to prevent any misuse. We inform you that Stripe may transmit the personal data to credit agencies. This is because Stripe reserves the right to check your identity and creditworthiness.
7.6.4. Duration of storage
We will only store your data for as long as is necessary to process your payment and invoice you. If you are a Stripe user, Stripe will retain your personal data for as long as the services are provided to you. The data will then be deleted unless there are regulatory, contractual or legal retention obligations that prevent deletion.
7.6.5. Right to objection and erasure
The data processing is mandatory in order to be able to process your payment via Stripe, which is why it cannot be dispensed with if you have chosen this payment method. There is therefore no possibility to opt out.
8. Tracking and analytics
For the continuous improvement of our website we use the following tracking and analytics tools. Below you can find information on which personal data is processed in each case and how you can reach the respective service providers:
8.1. Amplitude
8.1.1. Description and scope of data processing
Our website uses the Amplitude analytics service. The data processing is carried out by: Amplitude Inc, 631 Howard Street, Suite 300, San Francisco, CA 94105, USA.
This tool collects technical information about the type of your device and the operating system used, as well as local data such as the country from which you are accessing our website. Data about your language selection, your server upload time and your session ID may also be collected.
You can find additional information on data protection at: https://amplitude.com/privacy
8.1.2. Legal basis of data processing
The legal basis for data processing is your consent in accordance with Art. a) GDPR.
8.1.3. Purpose of data processing
Amplitude helps us to understand how you use our services so that we can improve their use.
8.1.4. Duration of storage
The data will be deleted as soon as the purpose of the data processing has been achieved and no contractual, official or legal regulations prevent deletion.
8.1.5. Right of objection and erasure
You have the option to withdraw your consent to data processing at any time. To do so, please contact our data protection officer.
8.2. Facebook Custom Audience / Facebook-Pixel
8.2.1. Description and data processing
Our website uses Meta’s Facebook Custom Audience or Facebook Pixel to measure conversions. Data processing is carried out by: Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.
With the help of the Facebook Pixel, we can analyze the behaviour of our website’s visitors. As a result, the effectiveness of Meta advertisements can be evaluated. Meta receives the following data:
• the redirect URL,
• browser information,
• and the person's Facebook user ID if they have a Facebook account
The data is stored and processed by Meta, a connection to the user profile is possible. Meta can use the data for its own advertising purposes. This use of data cannot be influenced by us as the site operator.
The data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, according to the Meta data usage directive. As a result, Meta can enable ads to be displayed on Facebook and outside of Facebook. This use of data cannot be influenced by us as the site operator.
You can find Meta’s data privacy policy here: https://www.facebook.com/about/privacy/
8.2.2. Legal basis of data processing
The legal basis for processing data is your given consent, Art. 6 para. 1 s. 1 lit. a) GDPR.
8.2.3. Purpose of data processing
We process your data to continue the optimization of our website and our advertising activities.
8.2.4. Duration of storage
The data will be deleted as soon as they are no longer needed for our recording purposes.
8.2.5. Right to objection and erasure
You can deactivate the remarketing feature "Custom Audiences" in the Ads Settings section of Meta: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, if you have a Facebook account. If you do not have a Facebook account, you can disable Meta’s usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/
8.3. Google Analytics 4
8.3.1. Description and scope of data processing
Our website uses Google Analytics 4, a service for analysing access to websites provided by Google LLC. ("Google") and enables us to improve our website. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The information collected is sometimes:
• IP address
• Time of access
• Duration of access
• From which website you came to our website
• Interaction on the website
• Demographic characteristics, if the website visitor is logged into their Google Account
• Device categories, browser type, operating system, screen resolution
and are transmitted to a Google server in the USA and stored there. The analysis of your activities on our website is transmitted to us in the form of reports. Google may pass on the information collected to third parties if this is required by law or if third parties process this data on behalf of Google. IP anonymisation is carried out by Google by default and cannot be deactivated, so IP addresses are only processed in abbreviated form in order to exclude any possible direct personal reference to you.
You can find more information on the terms of use and data protection of Google Analytics at https://www.google.de/intl/de/policies/, Data protection - Google Analytics Help and under Data protection settings in Google Analytics - Google Analytics Help.
8.3.2. Legal basis for data processing
The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.
8.3.3. Purpose of data processing
The processing of your personal data enables us to analyse your surfing behaviour. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.
8.3.4. Duration of storage
The data will be deleted 14 months after your last visit to our website.
8.3.5. Right to objection and erasure
You have the option to withdraw your consent to data processing at any time. To do so, please contact our data protection officer. You can also prevent the installation of cookies from Google Analytics by making the appropriate settings in your browser software. In this case, however, you may not be able to use all the functions of our website to their full extent. Google Analytics can also be deactivated and controlled by browser extensions, e.g. http:// tools.google.com/dlpage/gaoptout?hl=de.
8.4. Google Tag Manager
8.4.1. Description and scope of data processing
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google marketing services into our online offer). The Tag Manager serves as a "manager" of the implemented tags. This allows us to centrally manage integrated Google products or other analysis tools on our website. The tags embedded on the website are referred to as sections of code that make it possible to track your activities on our website. By using our website, users download the Google Tag Manager, which automatically results in the user's IP address being forwarded to Google With regard to the processing of personal data, please refer to the information on Google services. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
You can access the usage guidelines of the Google Tag Manager here: https:// www.google.com/intl/de/tagmanager/use-policy.html
8.4.2. Legal basis for data processing
The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1
s. 1 lit. a) GDPR.
8.4.3. Purpose of data processing
Google Tag Manger simplifies the management and organization of the analysis tools used for the website. In order to integrate an analysis tool, JavaScript codes must be integrated into the website. By using Google Tag Manger, it is possible for us to manage these embedded codes from one place.
8.4.4. Duration of storage
Since data storage is not carried out directly by Google Tag Manager, but the data is forwarded to the tracking tools, it is necessary to check with the individual embedded tracking tools how long the data is stored.
8.4.5. Right to objection and erasure
You have the option at any time to revoke a given consent to data processing with effect for the future. For this, you would have to contact the respective data protection officers of the tools. Further information regarding the management of your data can be found in the data protection statements of the tools used.
9. Tools for advertisement and marketing
Tools are also included on our website to ensure that our website is displayed to you during an internet search, as a relevant search result or as an advertisement. Below, the programs used in connection with our website have been broken down for you:
9.1. Braze
9.1.1. Description and scope of data processing
We use the services of the marketing tool Braze for our email marketing. The data processing is carried out by Braze, Inc, 318 West 39th Street, 5th Floor New York, NY 10018, USA.
We use Braze to send marketing messages (push notifications). Braze processes the following data, among others, for this purpose
• Email address
• push token
• Interaction data
• IP address
This data processing enables us to coordinate the sending of messages and analyse user interactions.
Furthermore, we have concluded an order processing contract with Braze in accordance with Art. 28 para. 3. This is a contract in which Braze undertakes to protect the data of our users, to process it on our behalf in accordance with the applicable data protection regulations and, in particular, not to pass it on to third parties. Further information on data protection at Braze can be found at: https://www.braze.com/company/legal/privacy.
9.1.2. Legal basis of data processing
The data processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.
9.1.3. Purpose of data processing
The purpose of data processing is to optimise our offer and to interact with our customers.
9.1.4. Duration of storage
Braze does not store your personal data for longer than is strictly necessary for the purposes for which your data was collected. The data will be deleted or anonymised when it is no longer required for the purposes for which your data was collected, unless there is a legal obligation that requires longer storage.
9.1.5. Right of objection and erasure
You have the option to withdraw your consent at any time. To do so, please contact our data protection officer. If you have any questions about data security at Braze, you can contact Braze's data protection officer directly at the following email address: privacy@braze.com.
You can also deactivate the receipt of push notifications via your browser settings.
9.2. Google Ads
9.2.1. Description and scope of data processing
We have integrated the services of Google Ads (formerly Google AdWords) on our website. Google Ads is an internet advertising service. We use Google Ads to gain relevance in the results of Google's search engine. Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
If the user accesses our website through a Google ad, Google will set a so-called conversion cookie on the user's system. For the explanation of the cookies, please refer to the pass to the cookies. The conversion cookie is used to create and analyze web-use statistics.
The conversion cookie stores the IP address when visiting the website. This data is stored in the USA. It is possible that Google will share this information with third parties.
For further privacy notices of Google refer to: https://policies.google.com/privacy? hl=en&gl=de
9.2.2. Legal basis of data processing
The legal basis is your consent pursuant to Art. 6 para. 1 s. 1 lit. a) GDPR.
9.2.3. Purpose of data processing
In particular, we use Google Ads to gain relevance in the results of Google's search engine.These advertisements are carried out to reach a greater audience.
9.2.4. Duration of storage
30 days after setting the conversion cookie the cookie loses its validity. This means that the user can no longer be identified. Within these 30 days both- us and Google can track which subpages have been accessed.
9.2.5. Right to objection and erasure
The setting of cookies can be prevented by appropriate settings in the user's Internet browser at any time. The already set cookies can also be deleted in the settings of the Internet browser. We express our concern that preventing cookies from being set may mean that not all features are fully available.
The user may separately object to interest-based personalized advertising by Google. Please refer to the following link: www.google.de/settings/ads
9.3. LinkedIn Insight Tag
9.3.1. Description and scope of data processing
We place advertising on LinkedIn. We also use LinkedIn analytics and conversion tracking technology to test the effectiveness of this advertising.
The data processing is carried out by: LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
LinkedIn places a cookie on your computer, from which information about the delivery of advertising can be obtained. The cookie text files contain information about your visits to our website, to the pages you have viewed in order to provide specific product recommendations for subsequent visits to our website or third-party websites. The cookie contains a randomly assigned alias. If you revisit our LinkedIn website or LinkedIn within a certain period, LinkedIn will recognize you through this alias. However, this information cannot be linked to your person. Neither we nor LinkedIn will share this information with your personal information and will not share your personal information with third parties.
9.3.2. Legal basis of data processing
The data processing is based on Art. 6 para. 1 p. 1 lit. a) GDPR.
9.3.3. Purpose of data processing
It is in our legitimate interest to inform you about our offer and to make it clear and user- friendly for you. This also represents the purpose of the data processing.
9.3.4. Duration of storage
The data will be deleted as soon as it is no longer needed for our recording purposes.
9.3.5. Right to objection and erasure
You may object to the storage and use of data in a LinkedIn cookie by following the link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Call up and select "Decline".
If you choose this option, a new cookie (opt-out cookie) will be set in your browser informing LinkedIn that no data regarding your browser behavior may be stored. Please note that the setting must be made for all browsers you use. If all your cookies are deleted in a browser, this will also affect the LinkedIn opt-out cookie.
9.4. Zapier
9.4.1. Description and scope of data processing
We use the services of the provider Zapier. The data processing is carried out by: Zapier Inc, 548 Market St, #62411, San Francisco, California 94104, USA.
With the help of these services, it is possible to integrate and create commands for various third-party services. If this link between a third-party provider and Zapier is activated, for example by logging in, various data is transmitted to Zapier. Cookies are set on your browser to enable the services.
We trust Zapier to process the data in compliance with data protection regulations. According to Zapier, appropriate measures are taken to ensure this.
Further information on data processing by Zapier can be found in the privacy policy: https:// zapier.com/privacy/
9.4.2. Legal basis of data processing
Data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on enabling simplified use of our website, which is therefore more customer-friendly.
9.4.3. Purpose of data processing
The purpose of data processing is to grant access to the Zapier services in order to provide this website and our services in a user-friendly manner.
9.4.4. Duration of storage
The data will be deleted as soon as the purpose of the data processing has been fulfilled and no legal regulations prevent deletion. Certain fully anonymised data may be retained for the purpose of improving Zapier's services.
9.4.5. Right to objection and erasure
You can prevent the setting of cookies in your browser settings at any time. We would like to point out that in this case it may happen that some functions and displays of the website can no longer be provided.
If you have any questions about data protection at Zapier or how to exercise your rights, please contact our data protection officer or contact Zapier at contact@zapier.com
10. Other tools of third-party providers
We also use third-party providers to help us with the site's appearance and functionality. These are listed below:
10.1. Slack
10.1.1. Description and scope of data processing
We use the services of the provider Slack to enable effective collaboration and to link all software tools and services with each other. The data processing is carried out by: Slack Technologies Limited, Salesforce Tower, 60 R801, North Dock, Dublin, Ireland.
With the help of these services, it is possible to integrate and create commands for various third-party services. If this link between a third-party provider and Slack is activated, for example by logging in, various data is transmitted to Slack. Cookies are set on your browser to enable the services.
We trust Slack to process the data in compliance with data protection regulations According to Slack, appropriate measures are taken to ensure this.
You can find more information on data processing by Slack in the privacy policy: https:// slack.com/intl/de-de/trust/privacy/privacy-policy?geocode=de-de
10.1.2. Legal basis of data processing
Data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on enabling simplified use of our website, which is therefore more customer-friendly.
10.1.3. Purpose of data processing
The purpose of data processing is to grant access to the Slack services in order to provide this website and our services in a user-friendly manner.
10.1.4. Duration of storage
The data will be deleted as soon as the purpose of the data processing has been fulfilled and no legal regulations prevent deletion. Certain fully anonymised data may be retained for the purpose of improving Slack's services.
10.1.5. Right to objection and erasure
You can prevent the setting of cookies in your browser settings at any time. We would like to point out that in this case it may happen that some functions and displays of the website can no longer be provided.
If you have any questions about data protection at Slack or how to exercise your rights, please contact our data protection officer or contact Slack at: privacy@slack.com
10.2. Zendesk
10.2.1. Description and scope of data processing
We use the services of Zendesk on our website. The data processing is carried out by: Zendesk Inc, 1019 Market Street, San Francisco, CA 94103, USA.
For this purpose, Zendesk sets cookies that enable the website visitor's Internet browser to be recognised so that individual chat users can be distinguished. The following data is processed:
• chat name
• IP address
• address
• Other personal information, depending on the information provided (e.g. e-mail address, telephone number)
• Commercial information, such as purchase history and bank details
• System language
• Browser version
• Information about origin
The privacy policy of our ticket system provider Zendesk can be found here: https:// www.zendesk.de/company/customers-partners/privacy-policy/
10.2.2. Legal basis for data processing
Data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on enabling simplified use of our website, which is therefore more customer-friendly.
10.2.3. Purpose of data processing
The purpose of data processing is to provide a cloud-based customer support platform.
10.2.4. Duration of storage
The data will be deleted as soon as the purpose of the data processing has been achieved and no legal or contractual regulations prevent deletion.
10.2.5. Right to objection and erasure
You have the option to object to data processing at any time. To do so, please contact our data protection officer or the Zendesk data protection officer directly: euprivacy@zendesk.com or privacy@zendesk.com
11. Data privacy statement regarding our social media appearances
11.1. Responsible persons with regard to joint control in social media
We have appearances in the following social media:
• Facebook: https://www.facebook.com/homeht1/
• Instagram: https://www.instagram.com/withbuena/? igshid=MWFzYzg0NHdscTBkcQ==
• LinkedIn: https://de.linkedin.com/company/withbuenadotcom
• X: https://twitter.com/withbuena?s=21&t=iyxHSZcsNCtnU_3Achnviw Therefore, we use the services of:
• Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA beziehungsweise
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (“Facebook”)
• Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA beziehungsweise Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (“Instagram”)
• LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland and LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA (“LinkedIn”)
• Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“X”)
Pursuant to judgement of the European Court of Justice the operators of social media sites and the operators of social media services act as joint controllers. (http://curia.europa.eu/ juris/document/document.jsf? text=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=29 8398)
We would like to point out that you use our social media appearances and its functions in your own authority. This applies especially to the use of interactive features such as commenting on posts, sharing of posts and rating posts. In case you do not want to use social media to inform yourself about our company you may also find the information published on our website.
The data protection officer of the respective social media operator can be reached via the respective social media network:
The data privacy officer of Facebook and Instagram can be reached via the following contact link: https://www.facebook.com/help/contact/540977946302970
The data privacy officer of LinkedIn can be reached via the following contact link: https:// www.linkedin.com/help/linkedin/ask/TSO-DPO
The data privacy officer of X can be reached via the following contact link: https:// twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
11.2. Data processing in social media with regard to the operators of social media
When visiting our social media appearances, the social media operators may collect personal data, such as your IP address and further information gathered using cookies. Personal data will be used to provide us with statistical feedback about the use of our social media appearance. The collected personal data will be processed by the social media operator and may be transferred to countries outside the European Union. The information the operator of the respective social network receives and how it is used is described in the privacy statements of each social network. You can also find their contact information there.
Further information can be found under the following links:
Facebook: https://de-de.facebook.com/help/pages/insights. https://de-de.facebook.com/about/privacy https://de-de.facebook.com/full_data_use_policy
Instagram: https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/
LinkedIn: https://www.linkedin.com/legal/privacy-policy
X: https://twitter.com/de/privacy
As it is not conclusively and clearly stated by the social media operators, it is unknown to us in what way the social media operators use data, gathered from visits to our social media site, for their own purposes, to what extent activities on the social media site are attributed to individual users, how long the operators store this data and whether data from the social media sites is shared with third parties.
When visiting our social media appearances, the IP address of your device will be disclosed to the operator of the social network. Social media networks additionally store information on their user’s devices so that they might be able to match IP addresses to individuals.
If you are currently logged in to the respective social network as a user, you will find a cookie with your individual identifier in this social network on your device. This will allow you to understand that you visited a page and how you used it. Based on this data content or advertising can be tailored to suit you.
If you want to avoid this, you should log out of the respective social network or deactivate the function "stay logged in", delete the existing cookies on your device and stop and restart your browser. In this way, login information which you can be immediately identified by, will be deleted. This allows you to use our social media appearances without revealing your identifier. When you access interactive features of our social media appearance (like, comment, share, news, etc.), a login screen will appear. After logging in, you will be again recognizable as a specific user for the used social network.
For information on how to manage or delete existing information within the social media network, refer to the support pages listed above for each social network.
11.3. Data processing with regard to our social media appearances
11.3.1. Type and scope of data processing
We may process the information you provide to us via our social media appearances, including your username and content posted through your account, to react to your messages. In addition, your published posts, reviews and comments refer to your account in the respective social network. If you mention us using “@”, “#“ or other, this mention may be published in our social media appearance with regard to your user name. In this way data you published in a social media network may be included in our social media appearance in this network and thusly be accessible to other users of the respective social network. If you “like”, “follow” our social media appearance or interact with it in a similar way, we will be notified by the respective social media network with your username and link to your account.
11.3.2. Legal basis of data processing
The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interests are to provide information about our company and to keep in contact with our customers and prospective customers.
11.3.3. Purpose of data processing
We process personal data provided by you in this context exclusively for the purpose of customer communication and prospective customer communication. Our legitimate interest is to offer a platform where we can provide you with up-to-date information about our company and are able to quickly respond to your requests.
11.3.4. Duration of storage
Your data will be stored in accordance to the storage periods of the respective social media network and will be deleted whenever possible when cancelling a social media appearance.
12. Service providers from third countries
In order to be able to provide our services, we use the support of service providers from third party countries (non-EU countries). In order to ensure the protection of your personal data in this case, we conclude processing contracts with each - carefully selected - service provider. All of our processors provide sufficient guarantees to implement appropriate technical and organizational measures. Our third country data processors are either located in a country with an adequate level of data protection (Art. 45 GDPR) or provide appropriate safeguards (Art 46 GDPR).
Adequate level of protection: The provider comes from a country whose level of data protection has been recognized by the EU Commission. For more information, see: https:// ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy- protection-personal-data-non-eu-countries_en
EU standard contract clauses: Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. For more information, see: https://eur-lex.europa.eu/ eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
Binding Corporate Rules: Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR.
Consent: In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 sec. 1 lit. a) GDPR for this purpose.
13. Your rights
You have the following rights with respect to the personal data concerning you:
13.1. Right to withdraw a given consent (Art. 7 GDPR)
If you have given your consent to the processing of your data, you can withdraw it at any time. This will affect the admissibility of processing your personal data by us for the time after you have withdrawn your consent. To withdraw your consent, contact us personally or in written form.
13.2. Right of access (Art. 15 GDPR)
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and the following information:
• the purpose of processing;
• the categories of personal data concerned;
• the recipients or the categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in countries outside of the EU or international organisations;
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
• all available information on the source of your personal data;
• the existence of automated decision-making, including profiling, referred to Art. 22 para. 1 and 4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.
13.3. Right to rectification and erasure (Art. 16, 17 GDPR)
You have the right to obtain from us without undue delay the rectification and completion of inaccurate personal data concerning yourself.
You may also request the erasure of your personal data if any of the following applies to you:
• the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
• you withdraw consent on which the processing is based according to Art. 6 para. 1
s.1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground of processing;
• you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the you object to the processing pursuant to Art. 21 para. 2 GDPR;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
• the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1.
Where we made the personal data public and are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
These rights shall not apply to the extent that processing is necessary:
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance of Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, in so far as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
• for the establishment, exercise or defence of legal claims.
13.4. Right to restriction of processing (Art. 18 GDPR)
You shall have the right to obtain from us restriction of processing where one of the following applies:
• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.
Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.
13.5. Right to information (Art. 19 GDPR)
If you have asserted us your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort.
You also have the right to know which recipients have received your personal data.
13.6. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller, where
• the processing is based on consent pursuant of Art. 6 para. 1 s.1 lit. a) GDPR or of Art. 9 para. 2 lit. a) GDPR or is based on a contract pursuant of Art. 6 para. 1 s. 1 lit.
b) DS-GVO; and
• the processing is carried out by automated means.
In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.
13.7. Right to object (Art. 21 GDPR)
Where we based the processing of your personal data on a legitimate interest (Art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 s. 1 lit. e).
In this case, we ask you to explain the reasons why we should not process your personal data. Based on this we will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.
13.8. Right to lodge a complaint with supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.
14. How you perceive these rights
To exercise these rights, please contact our data protection officer:
DataCo GmbH
Nymphenburger Str. 86
80636 München, Deutschland
https://www.dataguard.de
15. Subject to change
We reserve the right to change this privacy policy in compliance with legal requirements. December 2023