Imprint

Name and address of controller:

sipgate GmbH (hereinafter referred to as “CLINQ”)
Represented by the managing directors, Tim Mois and Thilo Salmon,
Gladbacher Str. 74,
40219 Düsseldorf, Germany
Tel.: +49 (0)211 63 55 55 0
hello@clinq.com
www.clinq.ai

Name and address of the data protection officer of sipgate GmbH:

Philip Haas
℅ sipgate GmbH
Gladbacher Str. 74
40219 Düsseldorf, Germany
Tel.: +49 (0)211 63 55 55 0
datenschutz@sipgate.de

Privacy & Policy

A. General information on data processing

I. Scope of personal data processing
CLINQ only processes personal data insofar as required for providing a functioning website as well as contents and CLINQ services. Users’ personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user’s consent. Cases where it is impossible to obtain prior consent for effective reasons and the data processing is permitted by law form an exception to this rule.

II. Legal basis for personal data processing
In the event of CLINQ obtaining consent from the data subject for personal data processing activities, Art. 6 (1) lit. a of the General Data Protection Regulation (hereinafter referred to as “GDPR”) forms the legal basis.
When processing personal data required for fulfilling an agreement to which the data subject is party, Art. 6 (1) lit. b GDPR forms the legal basis. The same applies to processing activities required for implementing pre-contractual measures.
In the event of personal data having to be processed for fulfilling a legal obligation of CLINQ, Art. 6 (1) lit. c GDPR forms the legal basis.

Should essential interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is required to maintain a justified interest of CLINQ or third party, and if the interests, basic rights and freedoms of the data subject do not outweigh the interest stated above, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.

III. Data deletion / storage period
The personal data of the data subject is deleted or blocked as soon as the purpose for its storage ceases to exist. Data may also be stored if stipulated by European or national legislation in EU directives, laws or other regulations which apply to CLINQ. Data is also blocked or deleted if a storage period stipulated by the above standards expires, unless it is necessary to continue storing the data for the conclusion or fulfilment of an agreement.

B. Log files

I. Description and scope of data processing
The CLINQ systems automatically collect data and information from the system of the accessing computer each time the CLINQ website (and the websites of its affiliated companies) is accessed.
The following data is collected during this process:
Information on the browser type and version, the user’s operating system, internet service provider and IP address, date and time of access, websites from which the user’s system is referred to CLINQ’s website, and websites accessed by the user’s system through the CLINQ website(s).

The data is also stored in the CLINQ log files. This data is not stored together with other personal data of the user.

II. Legal basis for processing
Data and log files are temporarily stored on the legal basis of Art. 6 (1) lit. f GDPR.

III. Purpose of data processing
The system has to temporarily store the user’s IP address to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose.
It is stored in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our IT systems. The data is not analysed for marketing purposes in this respect.

The above-stated purpose also constitutes the justified interest of CLINQ in the data processing in accordance with Art. 8 (1) lit. f GDPR.

IV. Storage period
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for displaying the website, this is the point at which the respective session ends.
If the data is stored in log files, it is deleted no later than seven days from being collected. Data may be stored for longer periods than the ones stated above. In such event, the user’s IP address is deleted or alienated so that it is no longer possible to allocate it to the accessing client and this data no longer links to a specific person.

V. Option to object and delete the data
The collection of data for displaying the website and storage of data in log files is crucial for operating the website. The user therefore has no option to object.

C. Use of cookies

I. Description and scope of data processing
Our website uses cookies. Cookies are text files stored in the browser and/or by the browser on the user’s computer system. A cookie may be stored on the user’s operating system if the user accesses a website. This cookie contains a characteristic sequence which makes it possible to clearly identify the browser when the website is accessed again.
We use cookies to create a more user-friendly website. Some elements on our website require for the accessing browser to be identified even after switching pages.
The following data is stored and transferred in the cookies for this purpose:
language settings, shopping basket items, log-in information, browser type, operating system, referrer URL (previously visited page), time of server request and IP address.

We also use cookies that make it possible to analyse the user’s surfing behaviour on our website(s).
The following data can be transferred in this manner:
browser type, operating system, referrer URL (previously visited page), time of server request and IP address.

The user data collected in this manner is pseudonymised by technical features. Once this process has been completed, it is no longer possible to allocate the data to the accessing user. The data is stored separately to other personal user data.

When accessing our website(s), users are informed about the use of cookies for analysis purposes and referred to this Data Protection Declaration on an information banner. Information on how the storage of cookies can be prevented by adjusting the browser settings is also provided.

II. Legal basis for data processing
The legal basis for the processing of personal data and use of technically required cookies is Art. 6 (1) lit. f GDPR.
Art. 6 (1) lit. a GDPR forms the legal basis for processing personal data whilst using cookies for analysis purposes with the user’s consent.

III. Storage period, option to object and delete the data
Cookies are stored on the user’s computer from where they are transferred to CLINQ. You, the user, have full control over the use of cookies. You can adjust your browser settings to deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time (also automatically). Deactivating cookies on the CLINQ website may result in not all of the website functions being fully usable.

D. Fonts

I. Description and scope of personal data processing
We engage the services of the copyright holders of fonts for displaying various fonts. To do so, the IP address of the querying computer is transferred to the copyright holder supplying the font.

II. Legal basis for personal data processing
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.

III. Purpose of processing
The display of the CLINQ website(s) in the requested font.

IV. Storage period, deletion, option to object and delete the data
The IP address is deleted immediately after accessing the font.

E. Google

I. Description and scope of personal data processing
We use the services of Google (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA) for our work as well as internal and external communication. We have concluded a data processing agreement with this company. As part of our work, various personal data (such as IP address of the querying computer, your name, your email address and other data processed during the conclusion of an agreement and/or its performance by us) is stored on Google servers, if required for the performance of the agreement or communication with the customer (such as email, conclusion of agreements via Google drive).

II. Legal basis for personal data processing
Art. 6 (1) lit. b and f GDPR forms the basis for the processing of personal data.

III. Purpose of processing
Customer contacts and other various processes that are required for the performance and fulfilment of the agreement.

IV. Storage period, deletion, option to object and delete the data
The data is deleted if no longer required and we are not obliged to store it by law.

F. Web analysis

I. Google Analytics

  1. Description and scope of personal data processing
    The CLINQ website uses Google Analytics, a web analysis service provided by Google Inc.. Google Analytics uses cookies which are stored on the user’s computer and which make it possible to analyse the user’s use of the website. This enables CLINQ to analyse the use of the website(s) and thus create even more user-friendly contents.

The additional “User ID” function is also integrated on some websites.

The User ID is a unique, permanent and non-personalised character sequence which we allocate to you as a person and not to a specific device. It enables us to record your visit and user behaviour on our website from various devices (e.g. smartphone, tablet or laptop). The User ID is only allocated to you if we can clearly identify you as a user. This generally is the case when you register for the first time on our website. We do not combine the data collected under the User ID with personal data. We only transfer the pseudonymised User ID to Google Universal Analytics and use it as your pseudonym when dealing with Google. Other data and information relating to your account is not transferred to Google. Your user behaviour on our websites is then transferred to the Google servers in the USA, together with your User ID, where it is stored and processed for analysis purposes. Google links the transferred information to pseudonymised user profiles and provides CLINQ with a summary of them. CLINQ does not combine these transferred user profiles with your personal data. This makes it impossible to allocate the data to specific persons at all times. You can object to the transfer of a User ID to Google by sending us an email with the following subject: “Data Protection: User-ID”.

  1. Legal basis for personal data processing
    Art. 6 (1) lit. a and f GDPR forms the basis for the processing of personal data. The above purpose also constitutes CLINQ’s justified interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR.
  2. Purpose of data processing
    Google uses this information on behalf of CLINQ for analysing the use of the latter’s website, for compiling website activity reports and for providing other services relating to the use of the internet and website for CLINQ. Google does not combine the IP address transferred by your browser within the scope of Google Analytics with other data.
  3. Storage period
    The data is stored for a maximum period of 26 months.
  4. Option to object and delete the data
    You can adjust your browser settings to block the storage of cookies. However, we would like to point out that you may no longer be able to fully use all of the functions on this website in this case. You can also prevent the transfer of the data created by the cookie that relates to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the respective browser plug-in from the following link (http://tools.google.com/dlpage/gaoptout?hl=de). The web analysis remains deactivated until the Google add-on is deactivated and/or deleted. Please therefore do not delete this add-on as long as you wish to prevent the web analysis. The add-on has to be installed in every browser on every computer. You have to install the add-on separately if you access CLINQ services and/or websites from different browsers/computers.
    By using this website you agree for us to collect and process your personal data in the manner and for the purpose stated above if you have not installed the above browser plug-in.
  5. Data transfer to third countries
    As part of the use of Google products, data is stored on servers located within the United States of America. This data usually (see Section VIII. A. 1.) does not relate to a person as it has been anonymised prior to being transferred.

Data transfer to the United States of America is justified by the conclusion of the agreement between CLINQ and Google which contains standard contractual clauses developed by the EU Commission.

II. Gravatar

  1. Description and scope of personal data processing
    Website visitors can leave comments on some of the websites of sipgate GmbH. To do so, visitors have to give an email address.
    When a new comment is stored, sipgate GmbH fully automatically checks if the website visitor has a Gravatar account based on the email address provided by the visitor.
    Gravatar is a service that is used to ensure that a profile picture is uploaded only once centrally to be displayed on all websites visited that contain a comment or similar function.

If no Gravatar account has been created for the requested email address, Gravatar immediately deletes the requested email address.

If a Gravatar account has been created for the requested email address, the profile picture of the respective user is automatically displayed on the websites of sipgate GmbH, together with the comments of this user.

No other data is stored in this respect.

  1. Legal basis for personal data processing
    Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
  2. Purpose of data processing
    Displaying the profile pictures of users of the websites of sipgate GmbH.

G. Social networks

CLINQ maintains a presence on the following social networks:

I. Facebook
Facebook is a social network operated by Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland). CLINQ maintains a Facebook page (fan page).
If you have logged into your Facebook account and use the CLINQ Facebook fan page, Facebook gives us access to your “public information” on Facebook that you make available to the public or approve for the respective application via a technical interface. On Facebook, “public” means that everyone, including persons outside of Facebook, can see your data. This includes your name, profile picture, cover photo, gender, networks, “Likes”, user name (Facebook URL) and user ID (Facebook ID).

Based on the Facebook data protection policy, Facebook decides which data is permanently accessible to the public and which you can make accessible by adjusting your privacy settings.

II. Twitter
CLINQ maintains a Twitter account. Twitter is a microblogging service operated by the US company Twitter, Inc. (795 Folsom Str., Suite 600, San Francisco, CA 94107).

H. Rights of the data subject

If a user’s personal data is processed, this user becomes a data subject within the meaning of the GDPR. As a data subject, you have the following rights against CLINQ, unless stated otherwise in the individual data processing regulations above:

I. Right to information
You may request confirmation if CLINQ processes your personal data.

In the event of your personal data being processed, you may request the following information from the controller:

  1. Purposes for which your personal data is being processed;
  2. Categories of personal data being processed;
  3. Recipients and/or categories of recipients to whom your personal data has been, or will be, disclosed;
  4. Planned storage period for your personal data or criteria for determining the storage period if it is impossible to specify;
  5. Existence of the right to correction or deletion of your personal data, the right to limit its processing by the controller or the right to object against such processing;
  6. Existence of the right to complain to a supervisory authority;
  7. All information available on the origin of the data if the personal data is not collected from the data subject;
  8. Existence of an automated decision-making process, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved as well as the consequences and intended effects of such processing on the data subject.

You have the right to request information regarding the question if your personal data is transferred to a third country or international organisation. You may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR relating to the data transfer in this respect.

II. Right to correction
You have the right to request the correction and/or completion of the data from the controller if your processed personal data is incorrect or incomplete. The controller must correct the data immediately.

III. Right to deletion

  1. Obligation to delete data
    You may request for the controller to delete your personal data immediately. The controller is obliged to delete such data if one of the following reasons applies:

a) Your personal data is no longer required for the purposes for which it was collected or processed in any other manner.

b) You withdraw your consent for the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for such processing.

c) You object against the processing in accordance with Art. 21 (1) GDPR and there are no overriding justified interests for the processing or you object to the processing in accordance with Art. 21 (2) GDPR.

d) Your personal data has been processed illegally.

e) Your personal data has to be deleted in order to fulfil a legal obligation under EU law or the law of the member states applicable to the controller.

f) Your personal data was collected with regard to services offered by the information company in accordance with Art. 8 (1) GDPR.

  1. Information transfer to third parties
    If the controller has published your personal data and is obliged to delete it in accordance with Art. 17 (1) GDPR, the controller shall implement adequate measures, including technical measures that take into consideration the available technology and implementation costs, to inform the controllers that are processing the personal data that you, the data subject, have requested the deletion of all links to this personal data, copies or duplicates thereof.
  2. Exceptions
    The right to deletion does not exist if the processing is required for

a) Exercising the right to freedom of speech and information;

b) Fulfilling a legal obligation which is governed by EU law or the law of the member states applicable to the controller, or performing a task transferred to the controller which is in the interest of the general public or necessary to enforce the orders of a public authority;

c) Reasons of public interest with regard to public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

d) Archiving purposes that are in the interest of the general public, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR if the right stated in Section a) can be expected to make the realisation of the objectives of such processing impossible or if it would significantly impair it; or

e) Asserting, enforcing or defending legal claims.

IV. Right to information
If you have asserted the right to correction, deletion or limitation of processing against the controller, the latter is obliged to notify all recipient to which your personal data has been disclosed of such correction and deletion of the data or its limitation of processing, unless this is impossible or would incur disproportionate costs and effort.

You have the right to be notified by the controller about such recipients.

V. Right to data transferability
You have the right to receive your personal data which you provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer this data to another controller without being restricted by the controller to whom the personal data has previously been provided, if

The processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or an agreement in accordance with Art. 6 (1) lit. b GDPR, and
Automated methods are used for processing the data.

In execution of this right, you further have the right to enforce that your personal data is transferred directly from one controller to another, insofar as this is technically possible. Such actions may not impair the freedoms and rights of other persons.

The right to data transferability does not apply to personal data processing that is required for fulfilling a task transferred to the controller that is in the interest of the general public or necessary to enforce the orders of a public authority.

VI. Right to object
You have the right to object against the processing of your personal data based on Art. 6 (1) lit. e or f GDPR at any time and for reasons arising from your specific situation; the same applies for any profiling based on these regulations.

The controller will no longer processes your personal data in this case, unless it can provide evidence of compelling reasons worth protecting for the processing which outweigh your interests, rights and freedoms, or the processing serves to asset, enforce or defend legal claims.

If your personal data is processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for such advertising purposes at any time; the same applies to profiling that is related to such direct advertising.

If you object to the processing for the purpose of direct advertising, your personal data will no longer be processed for such purpose.

You have the option to assert your right to object by using automated methods that employ technical specifications in connection with the use of services provided by the information company, regardless of Directive 2002/58/EC.

VII. Right to withdraw the data protection consent declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of this consent does not affect the legality of the processing based on the consent until its withdrawal.

VIII. Right to complain to a supervisory authority
Notwithstanding any other remedy under administrative law or before the courts, you have the right to complain to a supervisory authority, particularly in the member state where you reside, work or where the alleged violation took place if you are of the opinion that the processing of the respective personal data violates the GDPR.

The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint, including the option of legal remedy in accordance with Art. 78 GDPR.

© 2020 sipgate GmbH