1. Controller, Serrala Companies
Unless otherwise stated in this Privacy Notice or in a specific product or specific notice, the responsible for the collection, processing and use of personal data according to Section 13 of the German Telemedia Act (TMG), and controller according to the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR) is:
Serrala Group GmbH
22848 Norderstedt, Germany
Phone: +49 (40) 51 48 08 - 0
2. Use of personal data
Personal data is any information relating to an identified or identifiable natural person (i.e. individual); this includes, in particular, personal or material information about you.
a) How we collect personal data
Serrala collects personal data when you visit our website (e.g. cookies), request free demos on our websites, register for webinars, contact us to subscribe to our newsletter, download content (e.g. whitepapers, success stories, etc.), or register to use certain areas of the website. Serrala collects and stores personal data that you explicitly share with us through our contact and registration forms, or when signing up for the newsletter or for webinars, as well as data deriving from cookies.
b) Use of personal data
We use the personal data you provide to process your request(s), for example:
- To respond to and fulfil your requests, such as sending you requested documents, information and marketing materials about our products and services, or the newsletter to which you subscribed
- To register for our webinars, events or training sessions/workshops
- To send marketing e-mails that may be of interest to you, insofar as you have not opposed to it
- To personalise our websites with information and product-related content tailored to your needs
- To register you for our partner portal or restricted customer areas
It is your decision whether to provide us with your data for the purposes mentioned above. To the extent that your request allows, you may also remain anonymous to us or use a pseudonym. Insofar as required, Serrala will obtain your consent to use your personal data for other purposes.
c) Type of personal data we collect
The data we collect varies by activity and may include personal information such as first and last name, e-mail address, telephone number, country, city, postcode, device ID and IP; in certain cases, we may also collect data regarding your job title and company, area of activity, as well as other information we may need to provide you with full access to our products and services.
3. Newsletter, Events & Webinars
If you request a newsletter, we will use your personal data to provide you the newsletter, as well as to inform you of additional events, webinars, trade fair dates and information about the products and services offered by Serrala. The legal basis for this data processing is Art. 6(1) lit. a) of the GDPR.
We use a double opt-in procedure when you request one of our newsletters. When you register for a newsletter or event, your personal data are collected and stored.
When you register for an event, we also collect your personal data. We may also transfer your data to other Serrala affiliates in order to improve the services we offer, for the purpose of marketing Serrala products and services, and to establish new business relationships (for more details please see section 8, 9 and 11). Once you have registered for the newsletter, we will send a confirmation e-mail to the address you provided, asking you to confirm that you wish to receive the newsletter. If you confirm the registration, the newsletter will be sent to your e-mail address on a continual basis.
To document that your agreement to receive the newsletter, we also store your IP address and the dates on which you registered for and confirmed the newsletter.
If you no longer wish to receive the newsletter, you can unsubscribe at any time to stop receiving the newsletter. To do so, click the link contained in each newsletter to be guided through the unsubscribe process. Alternatively, you can send us your request to unsubscribe by e-mail (see section 12).
4. Log Files
We also collect and store information from the log files that your browser transmits to us. This includes:
- IP (Internet Protocol) address of the computer accessing the website in order to maintain/improve the quality of our website, determine your geographic location, and enforce general security measures and access controls.
- Browser type/version and operating system used in order to ensure that the websites are displayed in a way that is most compatible with your device settings.
- Time of the server request in order to gather statistical information about which areas of our website were visited and how much time a visitor spent in each area.
The legal basis for this data processing is Art. 6(1) lit. f) of the GDPR. These data are collected for technical reasons. They are evaluated exclusively for statistical purposes and do not include any reference to a specific person. Unless the IP address is classified as a malicious one (e.g. attack, bot, etc.), log files and corresponding data are deleted after 6 months.
Cookies are small text files in which the web browser stores information about internet pages you have visited . This may include information about the page visit such as duration, login data, user inputs, etc.
Our website uses the following cookies:
- Transient cookies
- Persistent cookies
- Third-party cookies
- Flash cookies
(1) Transient cookies are automatically deleted when you close your browser. This category includes session cookies, among others. Session cookies store a session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to the site. Session cookies are deleted when you log out or close your browser.
(2) Persistent cookies are automatically deleted after a specified time period, which varies depending on the cookie. You can delete these cookies in your browser’s security settings at any time.
(3) Information on third-party cookies can be found in section 6. Use of Web Analytics Services.
(4) Flash cookies are not recorded by your browser but rather by your Flash plugin. These cookies store the necessary data independent of the browser used and have no automatic expiry date. Serrala does not use flash cookies.
You can configure your choice in our Consent Management Tool and also via your browser settings according to your needs, for example to refuse third-party cookies or all cookies, except those strictly necessary. If you do so, however, you may not be able to use all the functions of this website.
For clarity, the list of all cookies please check our Cookie Notice here.
6. Use of Web Analytics Services
The personal data we collect through cookies or web beacons may also be passed on to other Serrala companies for the purpose of improving our range of services, marketing Serrala products and services and establishing new business relationships.
For transparency we use the following services:
We use technologies from Marketo to send our newsletter and other mailings (information about fairs, invitations to webinars, etc.), to administer marketing permissions, and to collect statistical data about the use of our website and optimize our offerings accordingly. If you express interest in or purchase a product or service from us, your e-mail address will be transferred to Marketo so that we can send you personalized informational e-mails for similar goods or services in the future. The legal basis for this data processing is Art. 6(1) lit. a) and f) of the GDPR.
b) Google Analytics
We highlight that personal data processing carried out by Google may not be fully anonymized and may be used by Google for its own purposes (e.g. linking or profiling); in addition, please note that this data may be processed and stored in the USA and that government agencies may have access to this data; this data may also be linked to other data about the user, such as search history, personal accounts, usage data from other devices and any other data Google has about that user. For this reason, you are asked to consent to the placement of Google cookies; the legal basis for this data processing is Art. 49(1) lit. a) of the GDPR.
You can also prevent Google Analytics from collecting the data generated by the cookie relating to your use of the website (including your IP address) and prevent Google from processing these data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser plugin, you can also set an opt-out cookie for Google Analytics to prevent the collection of personal data by Google Analytics on our websites. Please click the following link to store this opt-out cookie on your hard drive: “Disable Google Analytics”.
c) Google Tag Manager
Our websites use Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed through an interface. The Tag Manager tool itself, which actually implements the tags, is a cookie-free domain and does not collect any personal data. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access these data. If tracking has been disabled at the domain or cookie level, this also applies for all tracking tags implemented with Google Tag Manager. The processing is carried out based on Art. 6 (1) a) and f) GDPR.
We use the tool “Mouseflow” on our website to find out which articles are interesting for our website visitors to analyze, understand and improve this (provider: Mouseflow, Inc,501 Congress Ave Suite 150, Austin, TX 78701, United States). Data processing is for the purpose of analyzing this website and its visitors, which is collected and stored anonymously for marketing and optimization purposes. From this data, user profiles can be created under a pseudonym. Cookies, dropped after consent, can be used for this purpose. With the web analysis tool Mouseflow, randomly selected individual visits (only with anonymized IP address) are recorded. This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. The data collected with Mouseflow will not be used to personally identify the visitor to this website without the separately granted consent of the data subject and will not be merged with personal data about the bearer of the pseudonym. The processing is carried out based on Art. 6 (1) a) and f) GDPR from the legitimate interest in direct customer communication and in the design of the website in line with requirements.
The following information is collected when you visit our website: Clicks, mouse movements/hovers, scrolling; browser; device (desktop/tablet/phone); language; operating system; screen resolution; duration (time on page); navigation (URLs), page content (HTML); ISP (not for visitors from EU and California, USA) and approximate ISP location (city, state/region, country); keystrokes (only for non-EU/EEA data subjects in non-EU/EEA accounts and never for any passwords, digits or excluded fields); referring URL, visitor type (first time/recurring), custom tags or variables and responses in the feedback tool. All data is collected and analyzed anonymously and does not allow any conclusion to your person.
If have consented to this cookie and do not wish this you can manage your cookie choices in our consent management tool or you can deactivate a recording on all websites that use Mouseflow globally for your currently used browser under the following link: https://mouseflow.de/opt-out/. For further details please refer to Mouseflow’s Privacy documents.
Insofar as you consent to the placement of LinkedIn cookie(s), we will use such to help us gather data about our website users and to provide us additional insights about users interacting with our websites and LinkedIn adverts and campaigns; this includes the collection of metadata (e.g. IP address information, timestamp) and events such as page views. If accepted, the LinkedIn cookie is stored on a visitor‘s browser until they delete the cookie or the cookie expires (see Cookie Notice). The processing is carried out based on Art. 6 (1) a) and f) GDPR.
We embed videos from YouTube using its privacy-enhanced mode; this mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. The legal basis for this data processing is Art. 6(1) lit. a) of the GDPR. For further details, please refer to YouTube’s information page
i) Google Ads
We highlight that personal data processing carried out by Google may not be fully anonymized and may be used by Google for its own purposes (e.g. linking or profiling, personalized and non-personalized advertisement); in addition, please note that this data may be processed and stored in the USA and that government agencies may have access to this data; this data may also be linked to other data about the user, such as search history, personal accounts, usage data from other devices and any other data Google has about that user. For this reason, you are asked to consent to the placement of Google cookies; the legal basis for this data processing is Art. 49(1) lit. a) of the GDPR.
We use GoogleAds cookies to provide us information (e.g. online identifiers, including cookie identifiers, IP address, device identifiers and client identifiers) when someone converts on our website and to enable re-marketing/re-targeting campaign and communication; these cookies may be used for both personalized and non-personalized ads; the personal data collected may be used for tracking and shared with third parties
We utilize the services of ClickCease (a product by CHEQ AI Technologies Ltd) to enhance the security and reliability of our website, including identifying and preventing suspicious or fraudulent activities, ensuring a safe and legitimate user experience on our website, namely invalid clicks and click fraud; this is done by using a script on our website for traffic originating from paid search ads. The data collected may include IP addresses, device information, browsing patterns, and interaction data. The legal basis for this data processing is Art. 6(1) lit. c) and f) of the GDPR. If necessary, to investigate and take appropriate actions against fraudulent activities, the information may also be shared with third-party service providers and authorities. Data is retained for a period of three months solely for reporting purposes. After this period, the data is securely deleted to ensure its confidentiality and protection.
Serrala uses G2 for review generation, lead generation and intent data gathering along, this processing is carried out based on Art. 6 (1) a) and f) GDPR. In addition, insofar as you consent to it, a pixel embedded on our website enable us to identify in-market accounts for marketing activities; if you consent, then this pixel collects an individual’s IP address (which is used to generate firmographic information), date of visit, and site activity on G2.com.G2 leads are generated when buyers access gated content such as videos and downloads by filling out a lead form or when they fill out a request for contact or demo form on our G2 product profile page, in which case the data shared with us is your contact details, company size and field.
Our website uses Capterra for review generation and lead generation, including Capterra’s PPC (Pay-per-Click) service to advertise our solutions to generate leads; such processing is carried out based on Art. 6 (1) a) and f) GDPR. Insofar as you consent, we use Capterra cookies to provide us information (e.g. online identifiers, including cookie identifiers, IP address, device identifiers and client identifiers) when someone converts on landing pages hosted by either Instapage* or by ourselves, and to enable re-marketing/re-targeting campaigns and communication; these cookies may be used for both personalized and non-personalized ads. Insofar as you consent, Serrala uses the digital markets conversion pixel, which is a script that can be installed on a specified landing page to record clicks directed to the Serrala website.
n) Microsoft Advertising
These technologies collect data about your visit to our website, such as event action, event category, event label, event value, event type, variable revenue currency, variable revenue, as well as browser data (e.g. language, type, session ID). Microsoft may this data for own purposes related to reporting and performance analysis.
It is also possible to register via our website for webinars conducted by Serrala. This registration is done via Marketo (see 6 a)) by entering your name and e-mail address. Your data is stored within Marketo and we clear our database at regular intervals. In addition, you will receive an email from us after the webinar has taken place. The webinars are conducted via the providers ON24 (50 Beale Street, 8th Floor San Francisco, CA 94105) or via Go to Webinar (LogMeIn, 320 Summer Street, Boston, MA 02210, USA.). Which service we use to conduct our webinar depends on which tool we use to carry out our webinar. For more information, please see the privacy policies of ON24 and Go to Webinar. In case of deviations, a specific privacy notice will be provided.
8. Recipients of Data
Our global presence means that your personal information may be transferred across the Serrala Group worldwide due, for example, to our shared IT systems and data centres, and cross-border working practices. Personal data transfers between Serrala entities rely on contractual agreements and other appropriate safeguards required under applicable law to such transfers of personal data, which include obligations on entities outside the EU, UK and other countries, considered adequate by the European Commission, the existence of Standard Contractual Clauses, as well as additional supplementary measures, such as to resist and challenge demands for data made by local government agencies, to the extent possible.
9. Contact Form / Registration Form
On our website, you can send us a request using the encrypted contact field on the “Contact” tab. Cookies are automatically saved as soon as you fill out this field, even if you have rejected the saving of cookies. You may also use a registration form to register for webinars or other events. All of the following information applies to both the contact and registration forms.
In order to process your request as accurately as possible, we ask you to enter personal data in our input mask. This includes your company, your name, your e-mail address (to ensure we can contact you), your country (to assign you to the appropriate office) and your job title. We collect these data so that we may advise you as best we can.
The data you provide will only be used to contact you and process your request. These data are processed by Marketo; in addition this data may be further processed in Salesforce. The legal basis for this data processing is Art. 6(1) lit. f) of the GDPR. We have a legitimate interest in collecting this data because they are needed to process/answer your message, as well as to enable us to contact you about our products and solutions.
10. Duration of Data Storage
The data you provide to us will only be stored for as long as is necessary to fulfil the purpose for which they were provided or to comply with statutory provisions.
11. Transfer of data
Your personal data may be passed on to third parties only in the following cases:
- If you have given your express consent in accordance with Art. 6(1) lit. a) of the GDPR
- If transferring the data is necessary to fulfil contractual obligations pursuant to Art. 6(1) lit. b) of the GDPR
- If we are legally obliged to disclose the data under Art. 6(1) lit. c) of the GDPR
- If disclosure of the data is in the public interest within the meaning of Art. 6(1) lit. e) of the GDPR
- If disclosure of the data pursuant to Art. 6(1) lit. f) of the GDPR is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests in protecting your data prevail
- If, the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of transfers of personal data to a third country, due to the absence of an adequacy decision and appropriate safeguards, within the meaning of Art. 49(1) lit. a) of the GDPR.
In addition, when processing your request, it may be necessary for Serrala to disclose your personal data to other Serrala companies or to external service providers acting on our behalf, including in non-European third countries. These service providers may be tasked with operating servers or sending news messages, for example. In all cases, we aim to ensure that your personal information is handled and protected in accordance with data protection law.
Where personal data is processed by suppliers, processors or third parties outside the EEA in countries that the EU have not assessed as providing an adequate level of protection, we ensure that personal data is adequately protected in accordance with applicable data protection law, namely in accordance with Article 46 of the GDPR, thereby ensuring information security and other appropriate safeguards are in place, and using approved standard contractual clauses. In exceptional cases, when reliance on Article 46 is not possible to perform a personal data transfer to a third country, Serrala will rely on one of the derogation set forth in Art. 49(1) GDPR.
12. Rights of the Data Subject
You have the following rights regarding the processing of your data:
Pursuant to Art. 15 of the GDPR, you have the right to obtain from us information about the processing of your personal data regarding the purpose of the processing, the categories of data processed, the recipients or categories of recipient to whom the data have been or will be disclosed, and the envisaged duration of storage or the criteria for determining the duration. You also have rights of rectification, deletion, restriction of processing or objection to processing for your data, as well as the right to lodge a complaint with a supervisory authority. You also have the right to obtain information on the origin of the data, if applicable, information on the existence of any automated decision-making and, if data are transferred to a third country or international organizations, information on safeguards for the transfer pursuant to Art. 46 of the GDPR.
Pursuant to Art. 16 of the GDPR, you have the right to immediate rectification of incorrect or incomplete personal data.
Pursuant to Art. 17 of the GDPR, you have the right to deletion of stored personal data if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if the data subject has withdrawn their consent and there is no other legal basis, or if an objection to processing has been filed and the data may no longer be processed pursuant to Art. 21(1) or Art. 21(2) of the GDPR. You also have the right of deletion if the data have been unlawfully processed, if the deletion is necessary to fulfil a legal obligation, or if the data have been collected in relation to information society services offered pursuant to Art. 8(1) of the GDPR. This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend against legal claims.
Pursuant to Art. 18 of the GDPR, you have the right to restrict the processing if you dispute the accuracy of the personal data (for the duration necessary to verify the accuracy) or if the processing is unlawful but you demand restriction of use rather than deletion. The right to restriction also applies if we no longer need your data for the purposes of processing, but you need the data to assert, exercise or defend against legal claims, or if you have lodged an objection to the processing pursuant to Art. 21(1) of the GDPR, provided it has not been established that Serrala’s legitimate reasons prevail over yours.
Pursuant to Art. 20 of the GDPR, you have the right to data portability, i.e. the right to receive the personal data that you have provided to Serrala in a structured, commonly used and machine-readable format or to transmit the data to another controller.
You have the right to object at any time to the processing of your personal data pursuant to Art. 21 of the GDPR (para. 2 if the data are processed for the purpose of direct marketing), or pursuant to Art. 21(1) of the GDPR (if the processing is based on Art. 6(1) lit. e) or f) of the GDPR) on grounds relating to your particular situation, unless Serrala has compelling legitimate reasons for the processing that outweigh your interests or the processing serves to assert, exercise or defend against legal claims.
Pursuant to Art. 7(3) of the GDPR, you have the right to revoke consent at any time. As a result, Serrala will cease processing the data from the time of revocation.
Pursuant to Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. The right of complaint shall be without prejudice to other administrative or judicial remedies. The supervisory authority to which we are subject is listed in section 13.
Please direct all queries, requests for information or objections to data processing to email@example.com.
13. Supervisory Authority
The address for the presiding supervisory authority is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Postfach 71 16
Phone: +49 0431 988-1200
Fax: +49 0431 988-1223
14. Liability for Content
The content on our website was created with the utmost care. However, we cannot guarantee the accuracy, completeness or timeliness of the content.
Pursuant to Section 7(1) of the TMG, we are responsible according to general statutory provisions for any of our information that we make available for use. According to Sections 8 to 10 of the TMG, we as service provider are not obliged to monitor transmitted or stored third-party information or to monitor for circumstances that indicate illegal actions. Our obligation to remove or block the use of information in accordance with general statutory provisions remains unaffected. However, our liability does not start until we become aware of a concrete violation of the law. As soon as we become aware of such infringements, we will remove the content immediately.
15. Liability for Links
Our website may contain links to external, third-party websites over whose content we have no control. We therefore assume no responsibility for third-party content. The provider or operator of a linked website is always responsible for the content on the site. The linked site was checked for possible legal violations at the time of linking. No illegal content was discernible at the time of linking. Constant monitoring of the content on linked sites is not reasonable without concrete evidence of a legal violation. If we become aware of an infringement, we will remove such links immediately.
16. Data Security
We have taken technical and organizational measures to protect your data from loss, alteration or unauthorized access. We continuously improve these security measures in line with technological developments. Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This guarantees the confidentiality of your personal data when transmitted over the internet.
17. Updates and Modifications
18. Data Protection Officer
If you have questions, please contact our Data Protection Officer, Mr. André Agreira, at firstname.lastname@example.org.