PRIVACY NOTICE

Thank you for your interest in our online platform Capmo (hereinafter referred to as "Platform") as well as our services provided and offered there (hereinafter referred to as "Capmo Services"). The protection of personal data in the context of the use of the platform and the Capmo services is of particular concern to us. We respect your privacy. Therefore, we collect and process your personal data exclusively in accordance with the relevant legal provisions.

1. responsible person and data protection officer

1.1 The responsible party within the meaning of the EU General Data Protection Regulation (Art. 4 No. 7 DSGVO) is Capmo GmbH, Sonnenstraße 15, 80331 Munich, Germany, phone +49 (0)89 21540420, e-mail info@capmo.de (hereinafter “Capmo”, “we”, “our”, “us” etc.).

1.2 You can contact Capmo’s data protection officer by post at Nextwork GmbH, represented by Marco Peters, Sophienstraße 20, 80333 Munich, Germany, or by e-mail at datenschutz@nextwork.dereach.

2 What is personal data

Personal data are all information that can be assigned to you individually (cf. Art. 4 No. 1 DSGVO). These are, for example, your name, your address, your telephone number, your e-mail address and your payment information. Non-personal data, on the other hand, is information of a general nature that cannot be used to determine your identity. These are, for example, the number of users of the platform.

3. what types of personal data we collect and process and for what purposes

3.1 Web server logs (including IP address)

When you visit the Platform, our web server automatically records your full IP address, the date and time you are on the Platform, the web pages you visit on Platform, the web page you were on before, the browser you use (e.g. Google Chrome etc.), the operating system you use (e.g. Windows 10, macOS etc.) as well as the domain name and address of your internet provider (e.g. Deutsche Telekom) as a technical necessity. This information is necessary for the technical transmission of the platform’s web pages and secure server operation.

We process this information for the purpose of observing and monitoring the stability, functionality and technical performance of the Platform and the Capmo Services and for the purpose of detecting, identifying, correcting and resolving any problems and errors on the Platform and the Capmo Services. The legal basis for the processing of this information is our legitimate interests (Art. 6(1)(f) DGSVO), which are to ensure and improve the integrity, stability and functionality of the Platform and the Capmo Services, as far as technically possible and reasonable.

For reasons of technical security, in particular to defend against attempted attacks or other misuse of the platform, the Capmo services and/or our web server, this information will continue to be stored for a short period of time. It is not possible for us to draw any direct conclusions about individual persons on the basis of this information. After seven (7) days at the latest, this information is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a link to an individual person. However, for the period of time until the IP address is shortened, we may process this information in the event of a security incident (attempted attack or misuse, etc.) in cooperation with your Internet service provider and/or local authorities to determine the originator of the security incident. The legal basis for this is our legitimate interests (Article 6(1)(f) DSGVO), which are to protect the integrity of the Platform, the Capmo Services, our system and our users.

3.2 Personal data that you provide to us in the course of using the Capmo Services

(a) We also collect personal data from you if you have voluntarily provided it to us in order to provide, operate and administer the Platform and provide the Capmo Services to you in accordance with our Terms and Conditions, available at. https://www.capmo.com/en/agb/ (hereinafter “Terms and Conditions“), to provide, operate and administer the Platform and to provide the Platform and the Capmo Services to you.

In particular, we collect (i) your name, email address, telephone number, position with the Company, industry in which the Company operates, language you choose, and payment information; and (ii) -optional- your profile picture, if you register a customer account on the platform as our contractual partner and thereby specify yourself as the contact person of the customer account. The legal basis for this is the fulfilment of our contractual obligations (Art. 6 para. 1 letter b DSGVO).

Furthermore we collect in particular (i) your name, email address, telephone number, position with the Company, industry in which the Company operates and the language you choose; and (ii) – optionally – your profile picture, if you register a user account assigned to the customer account as a person authorized to use the service (hereinafter “user“) or if you are registered as a user by the owner of the corresponding customer account or by Capmo with your consent. The legal basis for this is our legitimate interests (Art. 6(1)(f) DSGVO), which are to provide you with the Platform and Capmo Services in accordance with our T&Cs (available at. https://www.capmo.com/en/agb/).

In this context, the e-mail address of the user can also be provided to us by the owner of the customer account, with the request to send the user an invitation to the platform.

When we collect your personal data, we will inform you whether the provision of the respective personal data is required or merely optional, as well as the possible consequences if you do not provide the corresponding information.

(b) Furthermore, we collect your name, your e-mail address and, if applicable, other information provided by you when you fill out any forms on the platform or send us an e-mail inquiry in order to process and handle your inquiry. The legal basis for this is the fulfilment of our pre-contractual or contractual obligations (Art. 6(1)(b) DSGVO).

(b) If you have given us your consent, we will also collect your name, e-mail address and the language you have selected when you register for our newsletter. We process this personal data in order to send you our newsletter. The legal basis for this is your consent (Art. 6 (1) a DSGVO).

You can revoke your consent at any time with effect for the future. You can declare this revocation at any time by following the revocation instructions included in each newsletter or by contacting the contact options mentioned in section 1.2 with your revocation request.

4. disclosure of personal data

We do not pass on any personal data to third parties unless this is necessary for the performance of the contract, is otherwise permitted by relevant statutory provisions or you have given us your consent.

To this extent, in order to provide the Capmo Services, we must provide certain information for processing purposes to (a) other involved users of the platform (i.e., users also involved in the activities and operations); and; (b) integrated service providers (i.e. payment service providers). This information is shared with these individuals solely for the purpose of providing Capmo services on the Platform, and in no event for marketing purposes. The legal basis for this is the fulfilment of our contractual obligations (Art. 6(1)(b) DSGVO) and our legitimate interests (Art. 6(1)(f) DSGVO), which are to provide you with the Platform and the Capmo Services in accordance with our GTC (available at https://www.capmo.com/en/agb/).

Furthermore, we are entitled to outsource the processing of personal data in whole or in part to external service providers who act for us as processors (Art. 4 No. 8 DSGVO) within the framework of the data protection regulations. If these service providers are located outside the European Union (EU) or the European Economic Area (EEA) Treaty Area, we will take appropriate security measures in accordance with legal and regulatory requirements to ensure the security of your personal data.

5. safety

We take appropriate and reasonable technical measures to secure your personal data against loss, destruction, manipulation and unauthorized access. The platform uses transport encryption (TLS) to protect the transmission. All our employees as well as external service providers working for us (order processors in the sense of Art. 4 No. 8 DSGVO) are obliged to comply with the applicable data protection laws.

Our security measures are subject to a continuous improvement and optimisation process. Please always use the latest version of the Google Chrome web browser to ensure that your personal data is protected in the best possible way.

6. storage period

Your personal data will only be stored by us for as long as is necessary to achieve the purposes for which they were collected or – insofar as legal retention periods exist that go beyond this (e.g. § 147 AO and § 257 HGB) – for the duration of the legally prescribed retention period. Afterwards your personal data will be deleted.

7. web analysis, cookies and local storage

7.1 Cookies and local storage are used on the Platform and as part of the Capmo Services in order to (a) better understand how the Platform and Capmo Services are used; (b) to provide and maintain, so far as is technically possible and reasonable, a stable, secure, functional and accurate platform; and (c) provide and enable you to have an optimal and meaningful user experience.

Cookies and Local Storage help us to make your visit to the Platform and use of Capmo’s services more enjoyable, efficient and meaningful.

(a) Cookies
Cookies are text information files that are sent from our web server to your computer and stored there when you visit the Platform. Most browsers automatically accept cookies, but they can be configured not to use them via the browser’s settings function. You can refuse the use of cookies or delete the correspondingly collected data at a later time. It is not necessary that you allow cookies to be set in order to use the platform in general. However, there are certain areas and features on the Platform that you will not be able to use without cookies.
(b) Local Storage
Local storage technology is described in more detail in point 7.2(a). The use of local storage cannot be deactivated for the reasons stated there, because it is required for authentication and security purposes in connection with your customer account or user account.
7.2 The following types of cookies and local storage are used on the Platform:
(c) Local Storage
Local Storage is a technology that allows your browser to store data on your computer or mobile device in order to recognize multiple uses by the same user; the data collected remains stored for this purpose even after you close the browser or exit the program. For example, Local Storage records whether you are logged in to the platform. This serves authentication and security purposes and is necessary to enable you to navigate and use the platform when logged in (allocation to your customer account or user account). The legal basis for this is the fulfilment of our contractual obligations (Art. 6(1)(b) DSGVO) or our legitimate interests (Art. 6(1)(f) DSGVO), which consist in providing you with the Platform and the Capmo Services in accordance with our GTC (available at https://www.capmo.com/en/agb/).
(b) Technically necessary cookies
Technically necessary cookies are cookies that are required for navigation on the Platform and for the use of different options of Capmo services provided there, in particular the necessary data communication, identification of your user account, access to restricted areas of the Platform or storage of content in order to share it. The legal basis for this is our legitimate interests (Article 6(1)(f) DSGVO), which are to provide you with the Platform and Capmo Services in accordance with our Terms and Conditions (available at https://www.capmo.com/en/agb/).
(c) Personalizing cookies or customization cookies
Customization cookies are cookies that allow access to the platform with certain general default settings according to different specifications of your end device, such as language settings, browser type and regional settings, etc. The legal basis for this is our legitimate interests (Art. 6 (1) f DSVO). The legal basis for this is our legitimate interests (Art. 6 (1) (f) DSGVO), which consist of providing you with a personalized service in accordance with our GTC (available at https://www.capmo.com/en/agb/) to provide a user-friendly and meaningful platform and Capmo services that meet your expectations and needs.
(d) Third party analytics and advertising cookies (external service providers)
Analysis and advertising cookies from external service providers are used on the platform. These cookies allow the storage, administration and analysis of information about user behavior, which is obtained through the continuous monitoring of user behavior. These cookies allow us on the basis of usage profiles, (a) manage advertising space on the platform in a highly efficient manner based on different information (e.g. content edited or frequency of advertising displayed); (b) determine the number of users visiting the Platform and the most popular areas of the Platform in order to improve the browsing experience on the Platform and provide you with better Capmo services. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. Our legitimate interests in this regard are to provide you with a user-friendly and meaningful platform that meets your expectations and needs, as well as our commercial interests.
7.3 We use the following services from external service providers who use cookies. If you do not agree to such use, you can disable these services on the one hand by rejecting the corresponding cookies in your browser. On the other hand, you can also deactivate the use of the service directly via an appropriate opt-out link or other measures. You will find this opt-out link and, if applicable, other options for deactivation in the following overview under the heading “Opt-Out”. Further information on the respective services can be found in the data protection notices of the respective services, which you can access via the respective link in the following overview under the heading “Data protection notices”. Under the heading “Recipient countries and adequate safeguards” you will also find information about the recipient country and whether adequate safeguards are in place.

External services of third parties that carry out tracking measures Service-providers Description of the service Privacy policy Opt-Out Beneficiary countries and appropriate safeguards
Google Analytics Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, email support-de@google.com Google Analytics tracks internet traffic and user behaviour on the platform and generates corresponding reports for us (see https://deve lopers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview#howAnalyticsGetsData) so that we can improve the user-friendliness of the platform. Your IP address is anonymised in this context by shortening the last octet of the IP address. Terms of use: https://www.google.com/analytics/terms/de.html
Privacy notice: https://support.google.com/analytics/answer/6004245?hl=de
https://tools.google.com/dlpage/gaoptout?hl=en EU (Ireland)
USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Google Tag Manager Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, email support-de@google.com Google Tag Manager is a cookie-less domain. It takes care of triggering other tags (e.g. Google Analytics). The tool does not access personal data. The Google Tag Manager only passes on data and does not process it itself. https://support.google.com/analytics/answer/6004245?hl=de
https://www.google.com/analytics/terms/de.html
https://tools.google.com/dlpage/gaoptout?hl=en EU (Ireland)
USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Google Ads Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, email data-protection-office@google.com Google Ads carries out so-called audience building and targeting measures via the Google marketing networks. https://www.google.com/intl/de/policies/privacy
https://services.google.com/sitestats/de.html
https://www.google.com/settings/ads/plugin USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Facebook Custom Audiences Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, email privacyshield@support.facebook.com Facebook Custom Audience performs viewing behavior analytics, serving personalized ads, measuring ad success, and billing ads. We exclusively use the pixel procedure, a comparison by means of customer lists does not take place with us. https://www.facebook.com/about/privacy/
https://www.facebook.com/policy.php
e-mail to the contact details given in point 1.2. USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)
LinkedIn Tracking LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, email privacyshield@linkedin.com LinkedIn Tracking performs viewing behavior analysis, serving personalized ads, measuring ad success, and billing for ads. https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/privacy-policy
e-mail to the contact details given in point 1.2. Ireland (EU)
USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active)
LuckyOrange Lucky Orange LLC, 8220 Travis Street Suite 210, Overland Park, KS 66204, USA LuckyOrange collects user interaction data to optimize the user experience and improve customer satisfaction. For this purpose, mouse clicks, mouse movements, scroll movements or keyboard inputs can be stored or evaluated. However, the recording does not take place in person. Lucky Orange does not record this data on websites that do not use the Lucky Orange system. https://www.luckyorange.com/privacy.php https://www.luckyorange.com/privacy.php USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt0000000TSvDAAW&status=Active)
Hubspot HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, email privacy@hubspot.com Customer relationship management (CRM) system, including marketing automation. https://legal.hubspot.com/privacy-policy
https://legal.hubspot.com/de/privacy-policy
Cookie Information:
https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser
https://knowledge.hubspot.com/account/hubspot-cookie-security-and-privacy
e-mail to the contact details given in point 1.2. USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active)
Hotjar Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit St., St. Julians STJ 1000, Malta, EU With Hotjar, any movements on the platform can be tracked in the form of so-called heat maps. For example, Hotjar can tell you how far you scroll and which buttons you click and how often. Furthermore, with the help of Hotjar, it is also possible to collect feedback directly from you. In this way, we obtain valuable information to make the platform even faster and more customer-friendly. https://www.hotjar.com/privacy https://www.hotjar.com/legal/compliance/opt-out EU (Malta)
Pendo Pendo.io Inc, Pendo Headquarters, 150 Fayetteville St., Suite 1400, Raleigh, North Carolina 27601, USA, email compliance@pendo.io Pendo is an analytics, guidance and tutorial service through which we receive usage statistics about the pages you visit and the length of time you visit the pages you visit in order to provide you with relevant guidance and tutorials about the Capmo Services in connection with your visit to the Platform. https://www.pendo.io/support/trust/ No additional opt-out option as required for the provision of Capmo services. USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt0000000PD5RAAW&status=Active)
Segment Segment.io Inc, 100 California St., Suite 700, San Francisco, California 94111, USA, email privacy@segment.com Tracking service for interactions in the platform’s mobile application, especially for troubleshooting purposes. https://segment.com/docs/legal/privacy/
https://segment.com/docs/legal/privacy/
No additional opt-out option as required for the provision of Capmo services. USA
EU-US Privacy Shield certified(https://www.privacyshield.gov/participant?id=a2zt00000008WCkAAM&status=Active)

8. your data protection data subject rights

In accordance with the applicable data protection law, you are entitled to the following rights in particular. For this purpose, please contact our data protection officer using the contact details given in section 1.2.
(a) Right to information: You have the right to request information about your personal data stored by us at any time. You can also view the master data of your customer account or user account (see section 3.2 letter a) directly in your customer account or user account.
(b) Right to rectification: When we process your personal data, we will endeavour to take reasonable steps to ensure that your personal data is accurate and up to date for the purposes for which it was collected. In the event that your personal data is inaccurate or incomplete, you may request that it be corrected. You can also change the master data of your customer account or user account (see section 3.2 letter a) directly in your customer account or user account.
(c) Right to erasure and restriction: You may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing under this Privacy Policy or applicable law and legal retention obligations do not prevent further storage.
(d) Right to data portability: You may have the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to transfer this data to another controller.
(e) Right to object: You may have the right to object to the processing of your personal data on specific grounds relating to your particular situation.
(f) Right to revoke your consent: If you have consented to the collection and processing of your personal data, you may revoke your consent at any time with effect for the future, but without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can also object to the use of your personal data for the purposes of market and opinion research and advertising. For more information on how to withdraw your consent to receive our newsletter, please also see section 3.2(c).
(g) Supervisory authority responsible for possible complaints: Furthermore, in case of a complaint, you can contact the Bavarian State Office for Data Protection Supervision (BayLDA), P.O. Box 606, 91522 Ansbach, Phone: +49 (0)981 180093-0, Fax: +49 (0)981 180093-800, e-mail: poststelle@lda-bayern.de as the supervisory authority responsible for Capmo. A list of other supervisory authorities that may be considered (e.g. that of your place of business) can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

9. links to other websites

The Platform may also contain links to other websites. The privacy policy described here does not apply to these other websites. We ask you to visit these other websites directly for information on data protection and the handling of your personal data.

10. subject to change

We reserve the right to change this privacy policy at any time in compliance with legal requirements. This may be necessary, for example, to comply with new legislation, due to new technologies or in the case of new services.
Status: November 2020