This privacy statement of ekipa GmbH (hereinafter also referred to as “we”, “us” or “ekipa”) explains the type, scope and purpose of the processing of personal data within our online offering.
The German text of the contract shall prevail. The purpose of the contract in English is merely to simplify reading but should not develop any legal meaning.
ekipa GmbH
Kaiserstraße 56
60329 Frankfurt am Main
Authorized managing directors: Justin Gemeri and Nico Heby
E-mail: hello@ekipa.de
Phone: +49 1515 2592417
You can reach our data protection officer at:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 München
All questions and concerns abput data privacy at ekipa can be directed by email to data-protection@ekipa.de.
We process personal data in accordance with the provisions of Regulation (EU) 2016/679 (so called General Data Protection Regulation – GDPR) and the German Federal Data Protection Act (BDSG).
The terms used here correspond to those in Article 4 GDPR.
Categories of the persons concerned are employees as well as visitors and users of the online offer (in the following we will refer to the persons concerned collectively as “users”).
As a web-based open innovation platform, we process personal data in the course of providing our services. Personal data is either provided by the user himself or is collected automatically via technical information.
All data requested through the website are obligatory. If this data is not provided, this may result in this website not being able to provide its services. In cases where this website expressly states that some data is not obligatory, users may choose not to disclose such data without any consequences for the availability or functioning of the service. Users who are unsure as to which data are obligatory can contact the responsible person.
The following types of data are collected:
Additionally we process
In accordance with Art. 13 GDPR we inform you about the legal basis of our data processing. If no specific information on relevant legal bases is provided in the affected areas of this data protection declaration, the processing is based on the legal bases below. In principle, we collect, process and share the data described above on the basis of the following legal bases:
(1) Within the scope of the employment relationship (Art. 26 para. 1 s. 1 GDPR)
We process personal dara of our employees (including interns and working students) for the establishment, implementation and termination of the respective employment relationship.
(2) Based on consent (Art. 6 para 1. s. 1 lit. (a) GDPR)
Insofar as we are given consent to process personal data for certain purpose (e.g. contacting, sending newsletters), the lawfulness of this processing is based on the consent of the data subject. Consent given can be recoked at any time. The revocation of consent only takes effecr for the future and does not effect the lawfulness of the data processed until the revocation.
(3) For the fulfilment of (pre-) contractual obligations (Art. 6 para. 1 s. 1 lit. (b) GDPR)
The processing of personal data of our clients and the participants of the carious Challenge is carried out in order to properly provide and fulfill the services of the ekipa platform, including the General Terms and Conditions, the Conditions of Participation and the customer contracts of the respective challenge.
(4) Due to legal obligations (Art. 6 para. 1 s. 1 lit. (c) GDPR)
In addition, as a GmbH we ate subject to various legal obligations (e.g. from the German Commercial Code and tax laws). The purpose of the processing include, among others, the obligation to keep hand files and the fulfilment of reporting and retention obligations under tax law.
(5) Based on legitimate interests (Art. 6 para. 1 s. 1 lit. (f) GDPR)
To the extend necessary, we process data beyond the above-mentioned purposes to project legitimate interests on our part. Our legitimate interest is basically our economic interest in maintaining and optimizing business operations.
(6) For the protection of vital interests (Art. 6 para. 1 s. 1. Lit. (d) GDPR)
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 s. 1 lit. (d) GDPR serves as the legal basis.
The person in charge shall process the User Data in a proper manner and take reasonable security measures to prevent unauthorized access and disclosure, modification or destruction of the data.
The data processing is carried out by means of computers or IT-based systems, following an organizational procedure and mode strictly aimed at the stated purposes. In addition to the Controller, certain categories of Controllers may also be granted access to the data involved in the operation of the Site (Human Resources, Sales, Marketing, Legal, System Administrators) or external parties (such as third party technical service providers, delivery companies, hosting providers, IT companies or communications agencies), which may be used by the Owner as contract processors if necessary.
An up-to-date list of these parties may be requested by the responsible body at any time.
Personal data shall be processed and stored for as long as is necessary for the purpose for which they were collected.
Therefore:
Personal data will be deleted at the end of the legal retention period. Therefore, the right of access, the right to cancellation, the right to rectification and the right to transfer data cannot be exercised after the end of the retention period.
If the account is deleted and the contract terminated, information and contributions shared by the user on the platform may remain visible. However, these will be anonymised immediately.
We process personal data in order to provide and optimise the services of an open innovation platform.
Personal data is required to:
The personal data used for the purposes listed are listed in the relevant sections of this document.
During the visit of the website www.ekipa.de and its subdomains, the browser of the user’s terminal device automatically sends information to the website servers used by ekipa. This information is temporarily stored in a log file. This includes the IP address assigned to the respective computer, which is required for the transmission of the retrieved contents of the website. In addition, information about the use of the website, the version of the operating system, the model of hardware used, the hardware settings, the type of browser used, the browser language, the website from which the request comes, as well as the date and time of the website use is collected and stored. This information is stored for a maximum of 7 days in connection with the associated IP address for purposes of abuse detection and tracking. Usage data will be further deleted immediately or anonymized as soon as they are no longer required for the purposes stated in this declaration. Anonymized usage data may be used to design the website according to the needs and optimized for the USER.
More detailed information on the nature of the data, purpose and external services can be found in Section 14 of this Privacy Policy.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details are used to process the contact enquiry and to process it in accordance with Art. 6 Para. 1 lit. b. (within the framework of contractual/pre-contractual relationships), Art. 6 Para. 1 lit. f. (other inquiries) GDPR. The data of the users can be stored in a customer relationship management system (“CRM SYSTEM”) or comparable inquiry organization.
We delete the enquiries if they are no longer necessary. We check the necessity every two years; furthermore, the legal archiving obligations apply.
More detailed information on the type of data, purpose and external services can be found in Section 14 of this Privacy Policy.
With the following information we inform you about the contents of our newsletter, the registration, dispatch and statistical evaluation procedures as well as any rights of objection. By subscribing to our newsletter, users agree to receive it and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.
Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means that after registration, users receive an e-mail in which they are asked to confirm their registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of the data stored with the dispatch service provider are logged.
Registration data: To subscribe to the newsletter, it is sufficient to provide an e-mail address. Optionally we ask for a name in order to address you personally in the newsletter.
The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on our legitimate interests in direct marketing pursuant to Art. 6 para. 1 f GDPR in conjunction with § Section 7 (3) UWG.
The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests, meets users’ expectations, and allows us to provide evidence of consent.
Cancellation / revocation: The receipt of our newsletter can be cancelled at any time, i.e. the consents can be revoked. A link to cancel the newsletter can be found at the end of all newsletters. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.
More detailed information on the nature of the data, purpose and external services can be found in Section 14 of this Privacy Policy.
It is possible to become a member of the ekipa community in order to participate in innovation projects. Registration is required for this.
Registration and Profile
Users can create a user account or profile on the ekipa platform. Within the scope of registration, the required mandatory data will be communicated to the users and processed on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account. The processed data includes in particular the login information (name, password, e-mail address). The data entered during registration will be used for the purposes of using the user account. The user has the possibility to further individualize his innovator profile on the ekipa platform. The profile can include information on education, skills, knowledge or other contact details.
Users can be informed by e-mail about information relevant to their user account, such as technical changes. If users have terminated their user account, their data will be deleted with respect to the user account, subject to a statutory retention obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
When using our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 para. 1 lit. c. GDPR. The IP addresses will be anonymized or deleted after 7 days at the latest.
Comments, posts and uploads
We collect and process personal data provided and uploaded by the user during the course of using the ekipa platform via the website, for example when a user registers for a challenge, requests or joins a particular team, chats with other team members or submits contributions, ideas and solutions for challenges (hereinafter “Contributions”).
If users leave contributions, their IP addresses may be stored on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR for 7 days. This is done for our security, if illegal contents are left behind in contributions (insults, forbidden political propaganda, etc.). This serves to indemnify ekipas.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to process user data for the purpose of spam detection.
On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the duration of the surveys and to use cookies in order to avoid multiple votes.
The data provided in the context of the contributions will be stored permanently by us until the user objects
Insofar as we disclose data to other persons, other users and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data, this shall only occur on the basis of:
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
The profile of the users and their teams is visible for all logged in users of the platform when participating in challenges during the team compilation. Certain data (e.g. name, team affiliation, team name, university or department) may under certain circumstances also be released to the public, if this is the case the consent of the user will be obtained. Contributions in the form of messages, ideas, solutions or other submissions are always accessible to all team members when they are members of a team.
After submission of entries in the course of a Challenge, certain data will be made available to the client, his representatives, his jury or other persons to whom the client grants access exclusively for the administration of the Challenge. This includes certain information from the user profiles (e.g. name, university, department, skills) and/or team profiles (e.g. team name, description, university) as well as user contributions in the form of submissions for the challenges concerned.
Data processing agreements have been concluded with the clients to ensure joint compliance with the GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third party services or disclosure or transfer of data to third parties, this only occurs if it is done to fulfil our (pre)contractual obligations, on the basis of consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. of the German Data Protection Act are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or the observance of officially recognized special contractual obligations (so-called “standard contractual clauses”).
Personal data is collected using the following services and for the following purposes.
Analytics
The services listed in this section allow the owner to monitor and analyze traffic and track user behavior. We use such services on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f.). GDPR).
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the information collected to track and investigate how this website is used, to report user activity, and to share it with other Google services.
Google may use the information collected to contextualize and personalize the ads on its own advertising network.
IP anonymisation has been activated on this website so that the IP address of Google users within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area is shortened beforehand. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Personal data collected: Cookie and usage data.
The purpose of this type of service is to host data and files so that this website can be managed and used. In addition, these services may provide a ready-made infrastructure that handles specific functions or entire components for this website. We use such services on the basis of the fulfilment of our services and the execution of our services (i.e. execution of an open innovation platform within the meaning of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. c GDPR) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f). GDPR).
Some of these services operate on geographically distributed servers, making it difficult to determine where personal data is stored
Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites as part of the voting feature. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
The purpose of reCAPTCHA is to verify whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.
For more information about Google reCAPTCHA and Google's privacy policy, please see the following links:
https://www.google.com/intl/de/policies/privacy/
https://www.google.com/recaptcha/about/
Our website uses technologies from Google Firebase. Google Firebase is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Firebase is a development platform and offers various services. An overview of services offered by Google Firebase can be found at: https://firebase.google.com/terms/.
Google Firebase
In part, the Google Firebase services use so-called "Instance IDs". "Instance IDs" are uniquely assigned identifiers that are provided with a time stamp and enable the linking of different events or processes in connection with the app. This data is used to analyze and optimize user behavior, such as evaluating crash reports. According to Google, Instance IDs do not process any personally identifiable data.
Further information on the "Instance IDs" used and on the management of the data concerned can be found at: https://firebase.google.com/support/privacy/manage-iids
Google Cloud Storage
Firebase Cloud Storage is a web hosting service provided by Google Inc.
Personal data collected: Usage data and various types of data, as described in the Service’s Privacy Policy.
If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA. For
more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.
Prismic (Prismic Networks Inc.)
For our internet presence we use Prismic as a content management system. This is a service of Prismic Networks, Inc. 185 Alewife Brook Parkway, #410 Cambridge, MA 02138, hereinafter referred to as “Prismic”.
Personal Data Collected: By connecting to Prismic when you access our website, Prismic can determine which website your request was sent from and the IP address to which the content should be sent.
Prismic offers more information at:
and points out that Prismic’s privacy policy complies with EU data protection laws (GDPR).
Testing the performance of content
With the services listed in this section, the Owner can track and analyze the response of users to the traffic on the Site or their behavior after this application has been modified in terms of structure, text, or other components. We use these services on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f.). GDPR).
Firebase Remote Conifg (Google Inc.)
Firebase Remote Config is a service provided by Google Inc. to perform A/B testing and configuration.
Personal data collected: various types of data as described in the Service’s Privacy Policy.
If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA For
more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.
Login and Authentication
By registering or authenticating, users authorize this application or website to identify them and provide them with access to specific services.
Depending on what is specified below, third-party providers may provide login and authentication services. In this case, this site may access some of the information stored by these third parties for registration or identification purposes.
We use such services on the basis of the fulfilment of our services and the execution of our services (i.e. execution of an open innovation platform within the meaning of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. c GDPR) as well as our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f). GDPR).
Firebase Authentication (Google Inc.)
Firebase Authentication is a login and authentication service provided by Google Inc. To simplify the login and authentication process, Firebase Authentication can use third-party identity services and store the information on their platform.
Personal data collected: E-mail, username, password
If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USA For
more information about Google Firebase and privacy, visit https://policies.google.com/privacy and firebase.google.com.
Facebook Authentication (Facebook Inc.)
Facebook Authentication is a login and authentication service provided by Facebook, Inc. that is connected to the social network Facebook.
Further information on Facebook and data protection can be found at https://www.facebook.com/about/privacy/.
Google OAuth (Google Inc.)
Google OAuth is a sign-in and authentication service provided by Google Inc. that is connected to the Google network.
Personal data collected: various types of data as described in the Service’s Privacy Policy.
If possible, we use servers with a location within the EU. However, it cannot be ruled out that data may also be transferred to the USAYou can find more information about Google and data protection at https://policies.google.com/privacy.
Interaction with external social networks and services
These types of services enable interaction with social networks or other external platforms directly through this website. The interaction and the information collected through this website are always subject to the privacy settings made by the users for the respective social network or service.
If a service is installed for interaction with social networks, it may collect data from traffic on the pages on which it is installed even if users do not use the service.
We use these services on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f.). GDPR).
Google Maps
On this website we use the offer of Google Maps, offered by Google Inc.. This allows us to show the user interactive maps directly on the website.
By visiting the website, Google obtains the information that the users have called up a corresponding subpage of our website. This takes place regardless of whether a user account exists with Google that the user is logged on to or not. When a user is logged in to Google, the data is assigned directly to the respective account.
Further information on the use of data by Google, setting and objection possibilities, can be found in Google’s data protection declaration (https://policies.google.com/privacy).
If users do not wish to be associated with their Google user account, they must log out of Google before accessing the website. Google stores the data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Users have the right to object to the creation of these user profiles, whereby they must contact Google to exercise this right.
Functions and contents of the Xing service, offered by XING AG, can be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Xing. If the users are members of the Xing platform, Xing can assign the access to the above-mentioned contents and functions to the profiles of the users there.
Personal data collected: Cookie and usage data
Further information on Xing and data protection can be found at https://privacy.xing.com/de/datenschutzerklaerung.
If a user is a Xing member and does not want Xing to collect data about him via this online service and to link it with his member data stored at Xing, he must log out of Xing before using our online service and delete his cookies.
The functions and content of the LinkedIn service offered by the LinkedIn Ireland Unlimited Company can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within LinkedIn. If the users are members of the platform LinkedIn, LinkedIn can assign the call of the above contents and functions to the profiles of the users there.
Personal data collected: Cookie and usage data.
For more information on LinkedIn and privacy, please visit https://www.linkedin.com/legal/privacy-policy, for an for opt-out, please visit https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
If a user is a LinkedIn member and does not want LinkedIn to collect information about him or her through this online service and link it to his or her LinkedIn stored member data, he or she must log out of LinkedIn before using our online service and delete his/her cookies.
Facebook Social Plugins
Within our online offer, social plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. (“Facebook”), can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online service within Facebook. The list and appearance of the Facebook Social Plugins can be seen here: https://developers.facebook.com/docs/plugins/.
Personal data collected: Cookie and usage data.
Further information on Facebook and data protection can be found at https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online service and link it with his or her member data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within Instagram. If the users are members of the Instagram platform, Instagram can assign the call of the above contents and functions to the profiles of the users there.
For more information on Instagram and Privacy, please visit http://instagram.com/about/legal/privacy/.
If a user is an Instagram member and does not want Instagram to collect information about them through this online service and link it to their Instagram stored member information, they must log out of Instagram and delete their cookies before using our online service.
Communication with external business partners
This type of serc´vice enables communication with external business partners as well as internal company communication. In conjunction with this, information such as the name an dIp address of the respective person is collected and stored. We use such services on the basis of the fulfillment of our services and performance of our services within the meaning of Art. 6 para. 1 s. 1 lit. b and Art. 6 para. 1 s. 1 lit. c GDPR.
Microsoft Office 365
Microsoft Office 365 is a productivity, collaboration and exchange platform for individual users, teams, communities and networks, which is used across the board within ekipa GmbH and with external partners. The service provider collects and stores data such as name and contact details, login information, demographic data, data on licenses and subscriptions and interactions. The data collected depends on the context of the interaction with Microsoft, the preference (including privacy settings), the products and features used, the location and the laws applicable there.
For more information about Microsoft Office 365 and privacy, please visit: https://privacy.microsoft.com/de-de/privacystatement
Manage contacts, send messages, and prepare data
This type of service enables the management of a database containing, for example, e-mail contacts, any other contact information, profile data, user contributions, order data or other information.
In certain cases, the Services may also collect information about the date and time at which messages were read by the User and when the User interacts with incoming messages, for example by clicking on links contained therein.
We use such services on the basis of the fulfilment of our services and the execution of our services (i.e. execution of an open innovation platform within the meaning of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. c GDPR) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f). GDPR).
Mailjet (SAS Mailjet)
Mailjet is a service provided by SAS Mailjet for managing e-mail addresses and sending messages. The shipping service provider can use the recipient’s data in pseudonymised form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the shipping and display of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Personal data collected: email
SAS Mailjet implements the European Basic Data Protection Regulation.
Further information on Mailjet and data protection can be found at https://www.mailjet.de/privacy-policy/.
Crisp.chat (Crisp IM S.A.R.L.)
Crisp.chat is a live chat service provided by Crisp IM S.A.R.L. for communicating with users of our online services, which we use to improve the user experience. This gives us the opportunity to contact users faster and more directly and to process their requests in accordance with their expectations. With crisp.chat, we can send users messages via live chat, email, SMS or push messages, if legally permitted. In order for this to be possible, we must synchronise our contact information with the users of Crisp IM S.A.R.L. via an interface.
Personal data collected: various types of data as described in the Service’s Privacy Policy.
Crisp IM S.A.R.L. implements the European Basic Data Protection Regulation: https://www.help.crisp.chat/en/article/whats-crisp-eu-gdpr-compliance-status-nhv54c
Further information on Crisp.chat and data protection can be found at https://crisp.chat/en/privacy/.
HubSpot (HubSpot Inc.)
This is an integrated software solution that covers various aspects of our online marketing. With HubSpot, we have concluded an order data processing contract in accordance with the GDPR specifications.
This includes, among other things: E-mail marketing (newsletters as well as automated mailings, e.g. to provide downloads), reporting (e.g. traffic sources, access, etc. …), contact management (e.g. user segmentation & CRM) and landing pages and contact forms.
Our registration service enables users of our website to learn more about our company, download content and provide their contact information and other demographic information. They may be used by us to contact users of our website and to determine which services of our company are of interest to them. All information we collect is subject to this Privacy Policy. We use all information collected exclusively to optimize our marketing activities. HubSpot is a software company based in the USA with an office in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
Personal data collected: Email address, usage data and various types of data as described in the Service’s Privacy Policy.
More information about HubSpot’s privacy policy can be found here: https://legal.hubspot.com/privacy-policy
More information from HubSpot on EU data protection rules can be found here: https://legal.hubspot.com/data-privacy
Our website and platform use cookies. “Cookies” are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. Third-Party-Cookie” are cookies that are offered by other providers than the responsible person who operates the online service (otherwise, if they are only their cookies, one speaks of “First-Party Cookies”). Personal data can be stored in Cookies,
We use temporary and permanent cookies. If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can become the EU website http://www.youronlinechoices.com/erklärt for a large number of services, especially in the case of tracking, via the US American website http://www.aboutads.info/choices/oder . Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all functions of this online offer can be used in this case
We distinguish between Cookies that are mandatory for the technical functions of the website and the platform of ekipa and optional Cookies.
Necessary cookies help make a website usuable by enabling basic functions like page navigation and access to secure areas of website. The website cannot function properly without these cookies. We use the service of the third-party provider crisp and the cookie crisp-client%2Fsession%2F#GUID# for this purpose. The data stored in this way is automatically deleted after 6 months.
The legal basis of the data processing by the above cookies is Sec. 6 para. 1 s. 1 lit. c GDPR.
2. Preference Cookies
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like the preferred language or the region that the user is in.
The following cookies belong to this category:
The legal basis of the data processing by the above cookies is Art. 6 para. 1 p. 1 lit.a GDPR.
3. Statistics Cookies:
Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
The following cookies belong to this category:
The legal basis of the data processing by the above cookies is Sec. 6 para. 1 s. 1 lit. a GDPR.
4. Marketing-Cookies and third-party cookies
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. The cookies are not necessarily set by ekipa, bit can be setz by third parties through the inclusion of third-party services, such as google-tag-manager.
Cookies in this category are used to enable the following activities:
Analyzing aggregated data about website and platform usage to better understand our users
The following cookies belong to this category:
The legal basis of the data processing by the above cookies is Sec. 6 para. 1 s. 1 lit. a GDPR.
In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure that data subjects’ rights are exercised, that data is deleted and that we react to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR)
The data controller reserves the right to make changes to this privacy policy at any time by informing its users on this page. Users are therefore advised to visit this page regularly and check the date of the last change indicated at the bottom of the page. If a user rejects a change to the data protection declaration, he may no longer use this website and may request the responsible authority to delete his personal data. Unless otherwise stated, the current data protection declaration applies to all personal data stored by the data controller about a user.
The German text of the contract shall prevail. The purpose of the contract in English is merely to simplify reading but should not develop any legal meaning.
You may exercise your rights to rectification or erasure or to restriction of processing or to exercise your right to object to processing and the right to data portability at any time. You can address all questions and concerns about data protection at ekipa by e-mail to hello@ekipa.de or by letter to our company address. In addition, you have the right to contact the data protection supervisory authority responsible for us, the Hessian Commissioner for Data Protection and Freedom of Information, in the event of complaints. You can find our general contact details here.
Privacy policy status: Juni 2021
