Imprint

Name and address of controller:

sipgate GmbH (hereinafter referred to as “CLINQ”)
Represented by the managing directors, Tim Mois and Thilo Salmon,
Gladbacher Str. 74,
40219 Düsseldorf, Germany
Tel.: +49 (0)211 63 55 55 0
hello@clinq.com
www.clinq.ai

Name and address of the data protection officer of sipgate GmbH:

Data Protection Officer
℅ sipgate GmbH
Gladbacher Str. 74
40219 Düsseldorf, Germany
Tel.: +49 (0)211 63 55 55 0
datenschutz@sipgate.de

Privacy & Policy

Data Protection Declaration

  1. General information on data processing

    I. Scope of personal data processing
    This Data Protection Declaration applies to the websites of sipgate as well as the websites operated by sipgate for its affiliated companies.

sipgate only processes personal data insofar as required for providing a functioning website as well as contents and sipgate services. Users’ personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user’s consent. Cases where it is impossible to obtain prior consent for effective reasons and the data processing is permitted by law form an exception to this rule.

  1. Legal basis for personal data processing
    In the event of sipgate obtaining consent from the data subject for personal data processing activities, Art. 6 (1) lit. a of the General Data Protection Regulation (hereinafter referred to as “GDPR”) forms the legal basis.
    When processing personal data required for fulfilling an agreement to which the data subject is party, Art. 6 (1) lit. b GDPR forms the legal basis. The same applies to processing activities required for implementing pre-contractual measures.
    In the event of personal data having to be processed for fulfilling a legal obligation of sipgate, Art. 6 (1) lit. c GDPR forms the legal basis.

    Should essential interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
    If the processing is required to maintain a justified interest of sipgate or third party, and if the interests, basic rights and freedoms of the data subject do not outweigh the interest stated above, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.

    III. Data deletion / storage period
    The personal data of the data subject is deleted or blocked as soon as the purpose for its storage ceases to exist. Data may also be stored if stipulated by European or national legislation in EU directives, laws or other regulations which apply to sipgate. Data is also blocked or deleted if a storage period stipulated by the above standards expires, unless it is necessary to continue storing the data for the conclusion or fulfilment of an agreement.

 

  1. Data processing in third countries

All data processing activities performed in a third county (i.e. a country outside the European Economic Area (EEA) and European Union (EU)) comply with the provision s of the GDPR.

 

We only initiate the processing of personal data in third countries that maintain adequate data protection standards. Adequate data protection standards exist in countries for which the European Commission has issued an adequacy decision. An adequate data protection standard is further assumed for US providers that are certified in accordance with the Privacy Shield. An adequate data protection standard can also be secured with corresponding guarantees, such as the standard contract clauses of the European Commission, existing certifications or binding internal data protection regulations.

Personal data is furthermore only processed in third countries with explicit consent from the data subject or if prescribed by law or contract.

 

  1. Log files

  2. Description and scope of data processing
    The sipgate systems automatically collect data and information from the system of the accessing computer each time the sipgate websites are accessed.
    The following data is collected during this process:
    Information on the browser type and version, the user’s operating system, internet service provider and IP address, date and time of access, websites from which the user’s system is referred to sipgate’s website, and websites accessed by the user’s system through the sipgate website(s).

    The data is also stored in the sipgate log files. This data is not stored together with other personal data of the user.

  3. Legal basis for processing
    Data and log files are temporarily stored on the legal basis of Art. 6 (1) lit. f GDPR.

III. Purpose of data processing
The system has to temporarily store the user’s IP address to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose.
It is stored in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our IT systems. The data is not analysed for marketing purposes in this respect.

The above-stated purpose also constitutes the justified interest of sipgate in the data processing in accordance with Art. 6 (1) lit. f GDPR.

  1. Storage period
    The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for displaying the website, this is the point at which the respective session ends.
    If the data is stored in log files, it is deleted no later than seven days from being collected. Data may be stored for longer periods than the ones stated above. In such event, the user’s IP address is deleted or alienated so that it is no longer possible to allocate it to the accessing client and this data no longer links to a specific person.

  2. Option to object and delete the data
    The collection of data for displaying the website and storage of data in log files is crucial for operating the website. The user therefore has no option to object.

  3. Use of cookies

  4. Description and scope of data processing
    Our website uses cookies. Cookies are text files stored in the browser and/or by the browser on the user’s computer system. A cookie may be stored on the user’s operating system if the user accesses a website. This cookie contains a characteristic sequence which makes it possible to clearly identify the browser when the website is accessed again.
    We use cookies to create a more user-friendly website. Some elements on our website require for the accessing browser to be identified even after switching pages.
    The following data is stored and transferred in the cookies for this purpose:
    language settings, shopping basket items, log-in information, browser type, operating system, referrer URL (previously visited page), time of server request and IP address.

    We also use cookies that make it possible to analyse the user’s surfing behaviour on our website(s).
    The following data can be transferred in this manner:
    browser type, operating system, referrer URL (previously visited page), time of server request and IP address.

    The user data collected in this manner is pseudonymised by technical features. Once this process has been completed, it is no longer possible to allocate the data to the accessing user. The data is stored separately to other personal user data.

    When accessing our website(s), users are informed about the use of cookies for analysis purposes and referred to this Data Protection Declaration on an information banner. Information on how the storage of cookies can be prevented by adjusting the browser settings is also provided.

  5. Legal basis for data processing
    The legal basis for the processing of personal data and use of technically required cookies is Art. 6 (1) lit. f GDPR.
    Art. 6 (1) lit. a GDPR forms the legal basis for processing personal data whilst using cookies for analysis purposes with the user’s consent.

III. Storage period, option to object and delete the data
Cookies are stored on the user’s computer from where they are transferred to sipgate. You, the user, have full control over the use of cookies. You can adjust your browser settings to deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time (also automatically). Deactivating cookies on the sipgate website may result in not all of the website functions being fully usable.

 

You can also object to the use of cookies on the following websites:

 

http://optout.networkadvertising.org/

 

http://www.aboutads.info/choices

 

http://www.youronlinechoices.com/uk/your-ad-choices/



  1. Newsletter

  2. Description and scope of data processing
    Any email address entered by you when purchasing goods or services on the sipgate website may be used by sipgate to send you a newsletter. The newsletter exclusively contains direct advertising for our own goods and services. 

You can also subscribe to the newsletter of sipgate GmbH without purchasing goods and services. We use external service providers for sending the newsletter, namely the service Mailchimp of “The Rocket Science Group”, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

We record the number of opened and delivered newsletters in this respect.

The newsletters contain a web beacon, i.e. a one-pixel file which is accessed by the server of our service provider when the newsletter is opened. Technical information, such as on your browser and system as well as your IP address and time of request, is collected as part of this request. This information is used for improving the technical aspects of the service on the basis of technical data or the target groups and their read behaviour based on their request locations (which can be determined with the help of the IP address) or access times.

 

The statistical data collected also includes the determination if the newsletters have been opened and when and which links have been clicked. This information can be allocated to the individual newsletter recipients for technical reasons. However, neither we nor our service provider intend to monitor individual users. The analyses merely serve for us to recognise the read behaviour of our users and to adjust our contents accordingly or to send different contents that meet our users’ interests.

  1. Legal basis for data processing
    Section 7 (3) of the Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG) forms the legal basis for sending the newsletter following the sale of goods or services.


Art. 6 (1) lit. f GDPR forms the basis for recording the number of opened and delivered newsletters.

If the user explicitly subscribes to receive newsletters, the legal bases for sending the newsletter and recording the number of opened and delivered newsletters are Art. 6 (1) lit. a GDPR and Art. 7 GDPR.

 

III. Purpose of data processing
Email addresses and user names are collected for delivering a personalised newsletter.

The number of opened and delivered newsletters is recorded to recognise potential technical problems and to improve the contents. This purpose also constitutes sipgate’s justified interest in accordance with Art. 6 (1) lit. f GDPR.

  1. Storage period
    The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. The user email address is therefore stored for as long as the newsletter subscription remains active.

  2. Option to object and delete the data
    The affected user can cancel the newsletter subscription at any time. A corresponding link is included in every newsletter for this purpose.

  3. Contact form

  4. Description and scope of data processing
    The sipgate website contains contact forms that can be used for contacting the company via electronic channels. If the user decides to use this option, the data entered in the input mask is transferred to sipgate and stored.
    This data includes: email address, customer number and phone number, if required.

  5. Legal basis for storage
    Art. 6 (1) lit. a GDPR forms the legal basis for data processing with the user’s consent.

    The legal basis for processing data transferred as part of an email is provided by Art. 6 (1) lit. f GDPR. If the email contact aims at concluding an agreement, Art. 6 (1) lit. b GDPR forms an additional legal basis for processing.

III. Purpose of data processing
sipgate exclusively processes personal data from the input masks for processing the contact request. In the case of contact being made via email, this also constitutes the necessary and justified interest in processing the data.
The other personal data processed during the send process serves to prevent the misuse of the contact form and ensure the security of sipgate’s IT systems.

  1. Storage period
    The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent via email, this is the case once the respective conversation with the user has ended. The conversation has been concluded once the respective matter has been clarified in full and final.

  2. Option to object and delete the data
    The user may withdraw its consent for processing the personal data at any time. In such case, the conversation cannot be continued.

 

  1. Fonts

  2. Description and scope of personal data processing
    We engage the services of the copyright holders of fonts for displaying various fonts. To do so, the IP address of the querying computer is transferred to the copyright holder supplying the font.

  3. Legal basis for personal data processing
    Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.

III. Purpose of processing
The display of the sipgate website(s) in the requested font.

  1. Storage period, deletion, option to object and delete the data
    The IP address is deleted immediately after accessing the font.

 

  1. Gravatar

 

  1. Description and scope of personal data processing

Website visitors can leave comments on some of the websites of sipgate GmbH. To do so, visitors have to give an email address.

When a new comment is stored, sipgate GmbH fully automatically checks if the website visitor has a Gravatar account based on the email address provided by the visitor.

Gravatar is a service by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, that is used to ensure that a profile picture is uploaded only once centrally to be displayed on all websites visited that contain a comment or similar function.

 

If no Gravatar account has been created for the requested email address, Gravatar immediately deletes the requested email address.

 

If a Gravatar account has been created for the requested email address, the profile picture of the respective user is automatically displayed on the websites of sipgate GmbH, together with the comments of this user.

 

No other data is stored in this respect.

 

  1. Legal basis for personal data processing

Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.

 

III. Purpose of data processing

Displaying the profile pictures of users of the websites of sipgate GmbH.

 

  1. Google

 

  1. Description and scope of personal data processing
    We use the services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, for our work as well as internal and external communication. As part of our work, various personal data (such as IP address of the querying computer, your name, your email address and other data processed during the conclusion of an agreement and/or its performance by us) is stored on Google servers, if required for the performance of the agreement or communication with the customer.

  2. Legal basis for personal data processing
    Art. 6 (1) lit. b and f GDPR forms the basis for the processing of personal data.

III. Purpose of processing
Customer contacts and other various processes that are required for the performance and fulfilment of the agreement.

  1. Storage period, deletion, option to object and delete the data
    The data is deleted if no longer required and we are not obliged to store it by law.

  2. Google Maps

 

  1. Description and scope of personal data processing

sipgate uses the service of Google Maps by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on some of its websites. When using Google Maps, information on the use of the accessed webpages, including your IP address and the start address entered during route planning, may be transmitted to Google. When you access a webpage containing Google Maps, your browser establishes a direct connection to Google servers. Google transmits the map content directly to your browser which integrates it in the website. We do not have any influence over the scope of the data thus collected by Google.

 

  1. Legal basis for personal data processing

Art. 6 (1) lit. f GDPR

 

III. Purpose of processing

Displaying an interactive map with route planner.

 

  1. Duration of storage, erasure, option to object and remove the data

You can deactivate JavaScript in your browser if you object to the collection of data by Google Maps. However, you will not be able to see the map or plan your route in this case.

 

  1. Web analysis

  2. Google Tag Manager

 

Google Tag Manager is a solution that permits us to manage website tags via an interface (and therefore integrate Google Analytics and other Google marketing services in our websites). The Tag Manager does not process any personal user data in itself. Please refer to the descriptions of the individual Google services with regard to the processing of personal user data.

 

  1. Google Analytics

  2. Description and scope of personal data processing
    The sipgate website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies which are stored on the user’s computer and which make it possible to analyse the user’s use of the website. This enables sipgate to analyse the use of the website(s) and thus create even more user-friendly contents.

    The additional “User ID” function is also integrated on some websites.

    The User ID is a unique, permanent and non-personalised character sequence which we allocate to you as a person and not to a specific device. It enables us to record your visit and user behaviour on our website from various devices (e.g. smartphone, tablet or laptop). The User ID is only allocated to you if we can clearly identify you as a user. This generally is the case when you register for the first time on our website. We do not combine the data collected under the User ID with personal data. We only transfer the pseudonymised User ID to Google Universal Analytics and use it as your pseudonym when dealing with Google. Other data and information relating to your account is not transferred to Google. Your user behaviour on our websites is then transferred to the Google servers in the USA, together with your User ID, where it is stored and processed for analysis purposes. Google links the transferred information to pseudonymised user profiles and provides sipgate with a summary of them. sipgate does not combine these transferred user profiles with your personal data. This makes it impossible to allocate the data to specific persons at all times.

    sipgate has activated IP anonymisation (“_anonymizeIP()” extension) on this website. This means that IP addresses are recorded anonymously by way of IP masking to remove any direct link to persons. The full IP address is only transferred to Google servers in the USA and abbreviated there in exceptional circumstances. The IP address is usually abbreviated within the member states of the European Union or other contracting states of the Agreement on the European Economic Area and transferred to Google servers in the USA in abbreviated form.

 

  1. Legal basis for personal data processing
    Art. 6 (1) lit. a and f GDPR forms the basis for the processing of personal data. The above purpose also constitutes sipgate’s justified interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR.

  2. Purpose of data processing
    Google uses this information on behalf of sipgate for analysing the use of the latter’s website, for compiling website activity reports and for providing other services relating to the use of the internet and website for sipgate. Google does not combine the IP address transferred by your browser within the scope of Google Analytics with other data.

  3. Storage period
    The data is stored for a maximum period of 26 months.

  4. Option to object and delete the data
    You can adjust your browser settings to block the storage of cookies. However, we would like to point out that you may no longer be able to fully use all of the functions on this website in this case. You can also prevent the transfer of the data created by the cookie that relates to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the respective browser plug-in from the following link (http://tools.google.com/dlpage/gaoptout?hl=de). The web analysis remains deactivated until the Google add-on is deactivated and/or deleted. Please therefore do not delete this add-on as long as you wish to prevent the web analysis. The add-on has to be installed in every browser on every computer. You have to install the add-on separately if you access sipgate services and/or websites from different browsers / computers.

By using this website you agree for us to collect and process your personal data in the manner and for the purpose stated above if you have not installed the above browser plug-in.

The data collected in connection with your user ID when you installed the add-on can be deleted at any time. To do so, please send us an email with your user ID and request for deletion of the previously collected data.

  1. Data processing in third countries
    As part of the use of Google products, data is stored on servers located within the United States of America. This data usually (see Section VIII. A. 1.) does not relate to a person as it has been anonymised prior to being transferred.

    Data transfer to the United States of America is justified by the conclusion of the agreement between sipgate and Google which contains standard provisions developed by the EU Commission.

 

III. Facebook Pixel


  1. Description and scope of data processing

Some of the sipgate websites use the “Conversion Pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. By accessing this pixel in your browser, Facebook is able to recognise if a Facebook ad has been successful, in other words if it lead to the conclusion of a contract. Facebook provides sipgate with statistical data that does not have any correlation to specific persons only for this purpose. This enables sipgate to record the effectiveness of Facebook ads for statistical and market research purposes.

 

In particular if you are logged into Facebook, please refer to the Facebook Privacy Policy for further information: https://www.facebook.com/about/privacy/.

 

  1. Option to object and delete the data

Please click here if you wish to withdraw your consent for the Conversion Pixel: https://www.facebook.com/settings?tab=ads#_=_ .

 

Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance website: http://www.aboutads.info/choices/

 

  1. Facebook Website Custom Audience

 

  1. Description and scope of data processing

sipgate uses the Facebook Pixel by Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA) on some of its websites for direct marketing purposes. Tracking pixels have been integrated in some of our websites for this purpose. The tracking pixel creates a direct connection between your browser and the Facebook server when you visit these websites. The only information that your browser sends to Facebook during this process is that your device has accessed the respective page. sipgate does not use the “extended comparison” function, i.e. the transfer of customer data in hash format to Facebook. If the user is also a Facebook user, Facebook is able to allocate the website visit to the user account. Please note that sipgate, as the provider of the websites, does not obtain any knowledge of of the content of the transferred data nor its further use by Facebook. sipgate can merely determine which Facebook users (selected by parameters such as age and interests) are to see the advertising. sipgate uses Custom Audiences so that no data sets, and particularly no emails, are transferred to Facebook, neither in encrypted or unencrypted form.

 

  1. Option to object and delete the data

For further information, please read the Facebook Privacy Policy at https://www.facebook.com/about/privacy/.

 

Please click here if you do not wish for your data to be collected by Custom Audiences: https://www.facebook.com/settings?tab=ads#_=_

 

Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance website: http://www.aboutads.info/choices/

 

  1. Google Ads / remarketing

 

  1. Description and scope of data processing

sipgate uses the service of Google Adds by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on some of its websites. Google Ads is an online advertising service which enables advertisers to place ads in the Google search results as well as the Google advertising network. Google Ads enables advertisers to determine specific key words and target groups in advance. These are then used for displaying an advert in the Google search results when the user calls up a search result that is relevant to the key words. In the Google advertising network, the ads are distributed via an automatic algorithm and based on the previously determined key words and target groups on relevant websites. The purpose of Google Ads is to advertise our website by displaying relevant advertising on third-party websites and in the Google search results.

 

We also use the Google Ads remarketing function. This function enables us to target our advertising by placing adverts that are personalised and relevant to the interests of the visitors to our website when they visit other websites in the Google Display network or use the Google search engine. Google uses cookies for performing the web analysis, which forms the basis for creating interest-related ads.

Google stores a cookie in the user’s browser when the user visits Google services or websites in the Google advertising network. This cookie records the user’s website visits. This cookie enables Google and us to trace if you generate sales, in other words complete or cancel a purchase of goods, when you have accessed our website through an ad.

 

The cookie stores personal information, such as the websites visited by you. Personal data, including the IP address of the internet connection used, is transferred to Google at every visit to our website. Google stores this personal data. Google may transfer the personal data that has been collected through the technical process to third parties.

 

  1. Option to object and delete the data

You can permanently object to the installation of cookies by our website, as described above, at any time by adjusting your browser settings to block cookies. Such browser settings would also prevent Google from installing a cookie in your browser.

You can also delete any cookies previously installed by Google Ads using your browser or other software programmes.

Please note that if deleting all cookies on the device, this opt-out cookie will also be deleted. Should you therefore wish to continue to object, you will have to install the cookie again by clicking on the link above. The opt-out cookie is installed for each top level domain and device and prevents data collection for this website only.

 

Alternatively, you can deactivate the use of third-party cookies by going to the deactivation website of the network Initiative, http://www.networkadvertising.org/choices/, and implementing the additional opt-out information stated therein.

 

You can also object to interest-based Google advertising. To do so, go to https://www.google.de/settings/ads from every browser you are using and implement the required settings.

 

For further information, please read the applicable Google Privacy Policy at https://www.google.de/intl/de/policies/privacy/.

 

  1. Google Optimize

 

  1. Description and scope of data processing

We use the web analysis and optimisation service Google Optimize by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on some of our websites.

 

We use the Google Optimize service for improving the attractiveness, content and functionality of our website by displaying new functions and contents to a certain percentage of users and statistically analysing the changes of use.

 

Google Optimize is a sub-section of Google Analytics.

Google Optimize uses cookies that make it possible to optimise and analyse your use of our website. The information on your use of our website generated by this cookie is usually transferred to, and stored on, a Google server in the USA. We use Google Optimize with activated IP anonymisation, meaning that Google first abbreviates the IP address within member states of the European Union or in other contracting countries of the European Economic area. The full IP address is only transferred to a Google server in the USA and then abbreviated in exceptional circumstances. Google uses this information for analysing your use of our website, compiling reports on the optimisation tests and related website activities and for providing further services to us related to the use of our website and the internet.

 

  1. Option to object and delete the data

You can block the installation of cookies by adjusting your browser settings accordingly. In addition, you can prevent the transfer of the data created by the cookie that relates to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the respective browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

For further information on the collection and processing of data by Google, please read the Google Privacy Policy at http://www.google.com/policies/privacy.

 

  1. Information transfer

    We transfer data only in the following circumstances:

  2. Payment types
    sipgate transfers the personal data that has been collected and stored to our service providers within the scope of contractual regulations if this is necessary for processing your agreement. Obviously, these service providers are requested to comply with the applicable data protection regulations.
    We cooperate with external service providers for the various payment methods available:

    Credit card payments: SIX Payment Services Germany GmbH, Langenhorner Chausee 92-94, 22415 Hamburg, Germany.

    Paypal payments: PayPal Deutschland GmbH, Am Marktplatz 1, 14532 Europaparc Dreilinden, Germany.

  3. Affiliated companies
    Affiliated companies are companies that are controlled by sipgate. Data may be transferred to affiliated companies. However, we only transfer data if these companies are either governed by this Data protection Declaration or comply with guidelines that provide at least the same level of protection as this Data Protection Declaration.

III. Legal or official obligation
We only disclose the personal data of our customers if required to do so by law or if such transfer is necessary to assert our general terms and conditions of business or other agreements or to protect our rights and the rights of our customers and third parties. This includes an exchange of data with companies specialising in the prevention and minimisation of misuse and credit card fraud. No data is transferred for commercial use by these companies, it is exclusively transferred for the purposes stated above.

  1. Social networks

    sipgate maintains a presence on the following social networks:

 

  1. Facebook
    Facebook is a social network operated by Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland). sipgate maintains a Facebook page (fan page).

If you have logged into your Facebook account and use the sipgate Facebook fan page, Facebook gives us access to your “public information” on Facebook that you make available to the public or approve for the respective application via a technical interface. On Facebook, “public” means that everyone, including persons outside of Facebook, can see your data. This includes your name, profile picture, cover photo, gender, networks, “Likes”, user name (Facebook URL) and user ID (Facebook ID). 

Based on the Facebook data protection policy, Facebook decides which data is permanently accessible to the public and which you can make accessible by adjusting your privacy settings.

  1. Twitter
    sipgate maintains a Twitter account. Twitter is a microblogging service operated by the US company Twitter, Inc. (795 Folsom Str., Suite 600, San Francisco, CA 94107, USA).

 

  1. Information for participants in usability tests and user research activities

 

  1. Description and scope of data processing
    sipgate conducts usability tests and user research activities. These activities serve to create user-friendly sipgate services and to further develop our products based on external feedback. Participation in all such activities is voluntary. We use the lookback tool by Lookback Inc, 470 Ramona St, Palo Alto, CA 94301, USA, which acts as order processor within the meaning of Art. 28 GDPR, for these tests.

 

Within the scope of these tests, the names, email addresses of participants as well as recordings with time stamp and technical metadata of their participation are stored.

  1. Legal basis for processing
    The participant’s consent in accordance with Art. 6 (1) lit. a GDPR forms the basis for the processing of this data.

III. Purpose of data processing
The data is exclusively stored for the analysis of the test results for the purpose of internal product development. The data is not compiled with any other personal data that has been stored.

  1. Storage period
    The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. As the test results are not always analysed immediately, the data is deleted no later than one year from participation in the test.

  2. Option to object and delete the data
    The user may withdraw its consent for processing the personal data at any time. In this case, the participant cannot participate in the test or cannot continue their participation.

 

  1. Data processing during the provision of telephone services (existing / traffic data)

 

  1. Description and scope of personal data processing
    We collect your title, name, address, date of birth and payment information within the scope of the conclusion of an agreement.

    In addition to the existing data, e.g. from the customer order, sipgate also uses your traffic and user data. Traffic and user data includes data created during telephone calls or through other methods via the network used by sipgate (SMS / MMS, data services).

 

  1. Legal basis for personal data processing
    Art. 6 (1) lit. b GDPR forms the basis for the processing of this data.

 

III. Purpose of personal data processing
The traffic data is created when the telecommunication connection is established and maintained and is required for invoicing purposes. It is stored, processed and used for a maximum period of six months from dispatch of invoice.

The existing data is required for performing the agreement.

The email address is also required for contacting the customer (sending invoices and other product-related information).

  1. Storage period, option to object and delete the data
    Traffic data is stored for a maximum period of six months from dispatch of invoice.

 

In accordance with the German Telecommunications Act (Telekommunikationsgesetz – TKG), we are obliged to store the existing data until the close of the calendar year following the termination of the agreement. Any longer data storage periods required in accordance with commercial law, such as for invoices (German Commercial Code (Handelsgesetzbuch – HGB) or German Tax Code (Abgabenordnung – AO)) are binding.

Users may request the deletion of their personal data at any time. Upon receipt of such request, sipgate deletes the personal data, unless obliged to store it in accordance with commercial law.

Please also refer to the general terms and conditions of business and specification of services applicable to the respective product.

 

  1. Rights of the data subject

    If a user’s personal data is processed, this user becomes a data subject within the meaning of the GDPR. As a data subject, you have the following rights against sipgate, unless stated otherwise in the individual data processing regulations above:

  2. Right to information
    You may request confirmation if sipgate processes your personal data.

    In the event of your personal data being processed, you may request the following information from the controller:

    1. Purposes for which your personal data is being processed;

 

  1. Categories of personal data being processed;

 

  1. Recipients and/or categories of recipients to whom your personal data has been, or will be, disclosed;

 

  1. Planned storage period for your personal data or criteria for determining the storage period if it is impossible to specify;

 

  1. Existence of the right to correction or deletion of your personal data, the right to limit its processing by the controller or the right to object against such processing;

 

  1. Existence of the right to complain to a supervisory authority;

 

  1. All information available on the origin of the data if the personal data is not collected from the data subject;

 

  1. Existence of an automated decision-making process, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved as well as the consequences and intended effects of such processing on the data subject.

 

You have the right to request information regarding the question if your personal data is transferred to a third country or international organisation. You may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR relating to the data transfer in this respect.

 

  1. Right to correction
    You have the right to request the correction and/or completion of the data from the controller if your processed personal data is incorrect or incomplete. The controller must correct the data immediately.

III. Right to deletion

1. Obligation to delete data

You may request for the controller to delete your personal data immediately. The controller is obliged to delete such data if one of the following reasons applies:

 

  1. a) Your personal data is no longer required for the purposes for which it was collected or processed in any other manner.

 

  1. b) You withdraw your consent for the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for such processing.

 

  1. c) You object against the processing in accordance with Art. 21 (1) GDPR and there are no overriding justified interests for the processing or you object to the processing in accordance with Art. 21 (2) GDPR.

 

  1. d) Your personal data has been processed illegally.

 

  1. e) Your personal data has to be deleted in order to fulfil a legal obligation under EU law or the law of the member states applicable to the controller.

 

  1. f) Your personal data was collected with regard to services offered by the information company in accordance with Art. 8 (1) GDPR.
  2. Information transfer to third parties

If the controller has published your personal data and is obliged to delete it in accordance with Art. 17 (1) GDPR, the controller shall implement adequate measures, including technical measures that take into consideration the available technology and implementation costs, to inform the controllers that are processing the personal data that you, the data subject, have requested the deletion of all links to this personal data, copies or duplicates thereof.

  1. Exceptions

The right to deletion does not exist if the processing is required for

  1. a) Exercising the right to freedom of speech and information;

 

  1. b) Fulfilling a legal obligation which is governed by EU law or the law of the member states applicable to the controller, or performing a task transferred to the controller which is in the interest of the general public or necessary to enforce the orders of a public authority;

 

  1. c) Reasons of public interest with regard to public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

 

  1. d) Archiving purposes that are in the interest of the general public, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR if the right stated in Section a) can be expected to make the realisation of the objectives of such processing impossible or if it would significantly impair it; or

 

  1. e) Asserting, enforcing or defending legal claims.
  2. Right to information
    If you have asserted the right to correction, deletion or limitation of processing against the controller, the latter is obliged to notify all recipient to which your personal data has been disclosed of such correction and deletion of the data or its limitation of processing, unless this is impossible or would incur dis- proportionate costs and effort.

    You have the right to be notified by the controller about such recipients.

  3. Right to data transferability
    You have the right to receive your personal data which you provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer this data to another controller without being restricted by the controller to whom the personal data has previously been provided, if

    The processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or an agreement in accordance with Art. 6 (1) lit. b GDPR, and Automated methods are used for processing the data.

    In execution of this right, you further have the right to enforce that your personal data is transferred directly from one controller to another, insofar as this is technically possible. Such actions may not impair the freedoms and rights of other persons.

    The right to data transferability does not apply to personal data processing that is required for fulfilling a task transferred to the controller that is in the interest of the general public or necessary to enforce the orders of a public authority.

  4. Right to object
    You have the right to object against the processing of your personal data based on Art. 6 (1) lit. e or f GDPR at any time and for reasons arising from your specific situation; the same applies for any profiling based on these regulations.

    The controller will no longer process your personal data in this case, unless it can provide evidence of compelling reasons worth protecting for the processing which outweigh your interests, rights and freedoms, or the processing serves to asset, enforce or defend legal claims.

    If your personal data is processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for such advertising purposes at any time; the same applies to profiling that is related to such direct advertising.

    If you object to the processing for the purpose of direct advertising, your personal data will no longer be processed for such purpose.

    You have the option to assert your right to object by using automated methods that employ technical specifications in connection with the use of services provided by the information company, regardless of Directive 2002/58/EC.

VII. Right to withdraw the data protection consent declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of this consent does not affect the legality of the processing based on the consent until its withdrawal.

VIII. Right to complain to a supervisory authority
Notwithstanding any other remedy under administrative law or before the courts, you have the right to complain to a supervisory authority, particularly in the member state where you reside, work or where the alleged violation took place if you are of the opinion that the processing of the respective personal data violates the GDPR.

The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint, including the option of legal remedy in accordance with Art. 78 GDPR.

© 2020 sipgate GmbH