1. Controller, Serrala Companies
Controller responsible for the collection, processing and use of personal data according to Section 13 of the German Telemedia Act (TMG), and controller according to the Federal Data Protection Act (BDSG) and General Data Protection Regulation (GDPR):
Serrala Group GmbH
Oldesloer Straße 63
22457 Hamburg, Germany
Phone: +49 (40) 51 48 08 - 0
2. Use of personal data
Personal data are any information that relates to an individual or can be used to establish a connection to an individual. This includes, in particular, personal or material information about you.
a) Collection of personal data
Users can request free demos on our websites, register for webinars, contact us to subscribe to our e-mail newsletter, download content such as whitepapers and success stories, or register to use certain areas of the website. Serrala collects and stores only the personal data that you explicitly share with us through our contact and registration forms, or when signing up for the newsletter. The data we collect varies by activity and may include personal information such as first and last name, e-mail address, telephone number, postcode, city, and other address information. In certain cases, we may also collect your job title and area of activity, as well as other information we may need to provide you with full access to our products and services.
b) Use of personal data
We use the personal data you provide exclusively to process your particular request. For example:
- To respond to and fulfil your requests, such as sending you requested documents, information and marketing materials about our products and services, or the newsletter to which you subscribed
- To register you for our webinars, events or training sessions/workshops
- To provide customer services and handle support requests
- To send marketing e-mails that may be of interest to you, provided you have given us special permission to do so
- To personalise our websites with information and product-related content tailored to your needs
- To register you for our partner portal or restricted customer areas
It is your decision whether to provide us with your data for the purposes mentioned above. To the extent that your request allows, you may also remain anonymous to us or use a pseudonym. Serrala will always obtain your express consent to use your personal data for other purposes (in particular for marketing purposes).
Furthermore, various web analytics tools and plugins are used on our websites, some of which collect personal data. For details, see section 6.
The newsletters offered on our websites contain news, offers, invitations to webinars, trade fair dates and other information about the products and services offered by Serrala.
If you request a newsletter and have given your consent to receive the newsletter when you registered, we will use your personal data as follows:
We use a double opt-in procedure when you request one of our newsletters. When you register for a newsletter or event, your first name, surname and e-mail address are collected and stored. When you register for an event, we also collect/save your postcode, city, company and job title. We may also transfer your data to other companies belonging to Serrala in order to improve the services we offer, for the purpose of marketing Serrala products and services, and to establish new business relationships. Once you have registered for the newsletter, we will send a confirmation e-mail to the address you provided, asking you to confirm that you wish to receive the newsletter. If you confirm the registration, the newsletter will be sent to your e-mail address on a continual basis. If you do not confirm the registration, your registration will be automatically deleted.
To document that you submitted your declaration of consent, we also store your IP address and the dates on which you registered for and confirmed the newsletter.
If you no longer wish to receive the newsletter, you can unsubscribe at any time to stop receiving the newsletter. To do so, click the link contained in each newsletter to be guided through the unsubscribe process. Alternatively, you can send us your request to unsubscribe by e-mail (see section 12).
4. Log Files
We also collect and store information from the log files that your browser transmits to us. This includes:
- IP (Internet Protocol) address of the computer accessing the website in order to maintain/improve the quality of our website, determine your geographic location, and enforce general security measures and access controls.
- Browser type/version and operating system used in order to ensure that the websites are displayed in a way that is most compatible with your device settings.
- Time of the server request in order to gather statistical information about which areas of our website were visited and how much time a visitor spent in each area.
These data are collected for technical reasons. They are evaluated exclusively for statistical purposes and without any reference to a specific person. They are deleted after 6 months.
Cookies are stored on your computer when you use this website. Cookies are small text files in which the web browser stores information about internet pages you have visited. This may include information about the page visit such as duration, login data, user inputs, etc.
This website uses the following cookies:
– Transient cookies
– Persistent cookies
– Third-party cookies
– Flash cookies
(1) Transient cookies are automatically deleted when you close your browser. This category includes session cookies, among others. Session cookies store a session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to the site. Session cookies are deleted when you log out or close your browser.
(2) Persistent cookies are automatically deleted after a specified time period, which varies depending on the cookie. You can delete these cookies in your browser’s security settings at any time.
(3) Information on third-party cookies can be found in section 6. Use of Web Analytics Services.
(4) Flash cookies are not recorded by your browser but rather by your Flash plugin. These cookies store the necessary data independent of the browser used and have no automatic expiry date. If you do not want your computer to process Flash cookies, you must install a corresponding add-on. The legal basis for this data processing is Art. 6(1) lit. f) of the GDPR. We have a legitimate interest in processing this data because it enables us to carry out statistical evaluations regarding the use of our website and to optimize our online offerings for users.
You can configure your browser settings according to your needs, for example to refuse third-party cookies or all cookies. If you do so, however, you may not be able to use all the functions of this website.
If you do not wish our cookies to be stored, please do not confirm the opt-in prompt displayed when you first visit the website.
6. Use of Web Analytics Services
The personal data we collect through cookies or web beacons may also be passed on to other Serrala companies for the purpose of improving our range of services, marketing Serrala products and services and establishing new business relationships.
We use technologies from Marketo EMEA Ltd. to send our newsletter and other mailings (information about fairs, invitations to webinars, etc.), to administer marketing permissions, and to collect statistical data about the use of our website and optimise our offerings accordingly.
If you express interest in or purchase a product or service from us, your e-mail address will be transferred to Marketo so that we can send you personalised informational e-mails for similar goods or services in the future. The legal basis for this data processing is Art. 6(1) lit. f) of the GDPR.
You can prevent cookies from being stored by not confirming the cookie opt-in process. If you do so, however, you may not have full access to all functions of this website.
Marketo evaluates your user behaviour when it sends the newsletter or other requested information on our behalf. The e-mails sent contain tracking pixels to allow such an evaluation. Tracking pixels are single-pixel image files that link to our website and thus enable us to evaluate your user behaviour per session. This allows us to record when you read our newsletters, and which links you click in them, which allows us to infer your personal interests. Marketo stores this information on its server so that we can then evaluate it.
Tracking is not possible if you have image display disabled by default in your e-mail program. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you enable display of the images manually, the aforementioned tracking takes place.
Information about Marketo:
Marketo EMEA Ltd.
South County Business Park
b) Google Analytics
Google uses this information on our behalf to evaluate your use of our websites, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage.
Our websites employ IP address anonymisation for use with Google Analytics. This means that your IP address is truncated by Google on servers located within member states of the European Union or other states party to the Agreement on the European Economic Area before it is transferred to the United States. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and truncated there.
You can also prevent Google Analytics from collecting the data generated by the cookie relating to your use of the website (including your IP address) and prevent Google from processing these data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin, you can also set an opt-out cookie for Google Analytics to prevent the collection of personal data by Google Analytics on our websites. Please click the following link to store this opt-out cookie on your hard drive: “Disable Google Analytics”.
c) Google Tag Manager
Our websites use Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed through an interface. The Tag Manager tool itself, which actually implements the tags, is a cookie-free domain and does not collect any personal data. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access these data. If tracking has been disabled at the domain or cookie level, this also applies for all tracking tags implemented with Google Tag Manager.
We use the tool "Mouseflow" on our website to find out which articles are interesting for our website visitors to analyze, understand and improve this (provider: Mouseflow, Inc,501 Congress Ave Suite 150, Austin, TX 78701, United States). Data processing is for the purpose of analyzing this website and its visitors. For this purpose, data is collected and stored anonymously for marketing and optimization purposes. From this data, user profiles can be created under a pseudonym. Cookies can be used for this purpose. With the web analysis tool Mouseflow, randomly selected individual visits (only with anonymized IP address) are recorded. This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. The data collected with Mouseflow will not be used to personally identify the visitor to this website without the separately granted consent of the data subject and will not be merged with personal data about the bearer of the pseudonym. The processing is carried out based on Art. 6 (1) f) GDPR from the legitimate interest in direct customer communication and in the design of the website in line with requirements. If you do not wish this, you can deactivate a recording on all websites that use Mouseflow globally for your currently used browser under the following link: https://mouseflow.de/opt-out/
All data is collected and analyzed anonymously and does not allow any conclusion to your person.
The following information is collected when you visit our website:
- Clicks, mouse movements/hovers, scrolling.
- Device (desktop/tablet/phone)
- Operating system
- Screen resolution
- Duration (time on page)
- Navigation (URLs)
- Page content (HTML)
- ISP (not for visitors from EU and California, USA)
- Approximate ISP location (city, state/region, country)
- Keystrokes (only for non-EU/EEA data subjects in non-EU/EEA accounts and never for any passwords, digits or excluded fields)
- Referring URL
- Visitor type (first time/recurring)
- Custom tags or variables
- Responses in the feedback tool
The evaluated data is stored for 3 months and will then be deleted.
It is also possible to register via our website for webinars conducted by Serrala. This registration is done via Marketo (see 6 a)) by entering your name and e-mail address. Your data is stored within Marketo and we clear our database at regular intervals. In addition, you will receive an email from us after the webinar has taken place.
The webinars are conducted via the providers ON24 (50 Beale Street, 8th Floor San Francisco, CA 94105) or via Go to Webinar (LogMeIn, 320 Summer Street, Boston, MA 02210, USA.). Which service we use to conduct our webinar depends on which tool we use to carry out our webinar.
The provider Go-to-Webinar does not receive any data from us, as the access link is created via Marekto.
The provider ON24 then only receives your mail address and your name in order to send you the link to the webinar. After the webinar has been held, your data will be deleted from the provider after ....
8. Social Plugins
Our websites employ social networking plugins. These plugins are usually labelled with the provider’s logo. We use plugins from “Twitter” (provider: Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103), “LinkedIn” (provider: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA) and “XING” (provider: XING AG, Dammtorstraße 30, 20354 Hamburg, Germany).
For data protection reasons, we have deliberately decided not to use direct plugins from social networks on our websites. Instead we use a solution named “Shariff”. The Shariff application lets you decide whether and when data are transmitted to the various social network operators. When you visit our websites, no data are automatically transmitted to social networks such as Twitter, LinkedIn or XING. Only when you actively click the button does your internet browser establish a connection to the servers of the corresponding social network. In other words, by clicking the button you agree to allow your internet browser to establish a connection to the servers of the social network and transmit usage data to the network operator.
We have no control over the nature and extent of the data collected by the social networks. Please refer to the privacy policies of the various social networks for information about the purpose and scope of the data collection, how your data are processed and used by the social networks, your rights under data protection law, and optional settings you can configure to protect your privacy.
Information about how your personal data are used can be found at http://twitter.com/privacy for Twitter, at https://www.linkedin.com/legal/privacy-policy for LinkedIn, and at https://www.xing.com/privacy for XING.
9. Use of Vimeo
To integrate video, we use a plugin for the video platform Vimeo, which is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, NY 10011, USA.
Further information about data processing and data protection by Vimeo can be found at https://vimeo.com/privacy.
10. Contact Form / Registration Form
On our website, you can send us a request using the encrypted contact field on the “Contact” tab. Cookies are automatically saved as soon as you fill out this field, even if you have rejected the saving of cookies. You may also use a registration form to register for webinars or other events. All of the following information applies to both the contact and registration forms.
In order to process your request as accurately as possible, we ask you to enter personal data in our input mask. This includes your company, your name, your e-mail address (to ensure we can contact you), your country (to assign you to the appropriate office) and your job title. We collect these data so that we may advise you as best we can.
The data you provide will only be used to contact you and process your request. These data are processed on the Marketo server; see section 6. a). The data will not be used for other purposes or passed on to third parties without your express consent (e.g. if you registered for our newsletter). The legal basis for this data processing is Art. 6(1) lit. f) of the GDPR. We have a legitimate interest in collecting this data because they are needed to process or answer your message.
11. Duration of Data Storage
The data you provide to us will only be stored for as long as is necessary to fulfil the purpose for which they were provided or to comply with statutory provisions.
12. Transfer to Third Parties
Your personal data will be passed on to third parties only in the following cases:
– If you have given your express consent in accordance with Art. 6(1) lit. a) of the GDPR
– If transferring the data is necessary to fulfil contractual obligations pursuant to Art. 6(1) s. 1 b) of the GDPR
– If we are legally obliged to disclose the data under Art. 6(1) lit. c) of the GDPR
– If disclosure of the data is in the public interest within the meaning of Art. 6(1) lit. e) of the GDPR
– If disclosure of the data pursuant to Art. 6(1) lit. f) of the GDPR is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests in protecting your data prevail
If you have given us your consent to do so, we may pass on the data collected during your visit to our websites to other Serrala companies in order to improve our range of services, to market Serrala products and services, and to establish new business relationships.
13. Rights of the Data Subject
You have the following rights regarding the processing of your data:
- Pursuant to Art. 15 of the GDPR, you have the right to obtain from us information about the processing of your personal data regarding the purpose of the processing, the categories of data processed, the recipients or categories of recipient to whom the data have been or will be disclosed, and the envisaged duration of storage or the criteria for determining the duration. You also have rights of rectification, deletion, restriction of processing or objection to processing for your data, as well as the right to lodge a complaint with a supervisory authority. You also have the right to obtain information on the origin of the data, if applicable, information on the existence of any automated decision-making and, if data are transferred to a third country or international organisations, information on safeguards for the transfer pursuant to Art. 46 of the GDPR.
- Pursuant to Art. 16 of the GDPR, you have the right to immediate rectification of incorrect or incomplete personal data.
- Pursuant to Art. 17 of the GDPR, you have the right to deletion of stored personal data if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if the data subject has withdrawn their consent and there is no other legal basis, or if an objection to processing has been filed and the data may no longer be processed pursuant to Art. 21(1) or Art. 21(2) of the GDPR. You also have the right of deletion if the data have been unlawfully processed, if the deletion is necessary to fulfil a legal obligation, or if the data have been collected in relation to information society services offered pursuant to Art. 8(1) of the GDPR. This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend against legal claims.
- Pursuant to Art. 18 of the GDPR, you have the right to restrict the processing if you dispute the accuracy of the personal data (for the duration necessary to verify the accuracy) or if the processing is unlawful but you demand restriction of use rather than deletion. The right to restriction also applies if we no longer need your data for the purposes of processing, but you need the data to assert, exercise or defend against legal claims, or if you have lodged an objection to the processing pursuant to Art. 21(1) of the GDPR, provided it has not been established that Serrala’s legitimate reasons prevail over yours.
- Pursuant to Art. 20 of the GDPR, you have the right to data portability, i.e. the right to receive the personal data that you have provided to Serrala in a structured, commonly used and machine-readable format or to transmit the data to another controller.
- You have the right to object at any time to the processing of your personal data pursuant to Art. 21 of the GDPR (para. 2 if the data are processed for the purpose of direct marketing), or pursuant to Art. 21(1) of the GDPR (if the processing is based on Art. 6(1) lit. e) or f) of the GDPR) on grounds relating to your particular situation, unless Serrala has compelling legitimate reasons for the processing that outweigh your interests or the processing serves to assert, exercise or defend against legal claims.
- Pursuant to Art. 7(3) of the GDPR, you have the right to revoke consent at any time. As a result, Serrala will cease processing the data from the time of revocation.
- Pursuant to Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. The right of complaint shall be without prejudice to other administrative or judicial remedies. The supervisory authority to which we are subject is listed in section 13.
Please direct all queries, requests for information or objections to data processing to firstname.lastname@example.org.
14. Supervisory Authority
The address for the presiding supervisory authority is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Johannes Caspar
20459 Hamburg, Germany
Phone: +49 40 / 428 54 - 4040
Fax: +49 40 / 428 54 - 4000
15. Liability for Content
The content on our website was created with the utmost care. However, we cannot guarantee the accuracy, completeness or timeliness of the content.
Pursuant to Section 7(1) of the TMG, we are responsible according to general statutory provisions for any of our information that we make available for use. According to Sections 8 to 10 of the TMG, we as service provider are not obliged to monitor transmitted or stored third-party information or to monitor for circumstances that indicate illegal actions. Our obligation to remove or block the use of information in accordance with general statutory provisions remains unaffected. However, our liability does not start until we become aware of a concrete violation of the law. As soon as we become aware of such infringements, we will remove the content immediately.
16. Liability for Links
Our website may contain links to external, third-party websites over whose content we have no control. We therefore assume no responsibility for third-party content.
The provider or operator of a linked website is always responsible for the content on the site. The linked site was checked for possible legal violations at the time of linking. No illegal content was discernible at the time of linking. Constant monitoring of the content on linked sites is not reasonable without concrete evidence of a legal violation. If we become aware of an infringement, we will remove such links immediately.
17. Data Security
We have taken technical and organisational measures to protect your data from loss, alteration or unauthorised access. We continuously improve these security measures in line with technological developments. Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This guarantees the confidentiality of your personal data when transmitted over the internet.
18. Updates and Modifications
19. Data Protection Officer
If you have questions, please contact our data protection officer Lars Hinrichsen at email@example.com.