Data Privacy Policy Website

Last change: Nov 26, 2019

Derdack GmbH (in the following also “Derdack” or “we”) appreciates your interest in our website www.signl4.com (in the following also “SIGNL4 website” or “website”). We attach great importance to protecting your privacy. In the following we provide detailed information on how your data is handled.

1. Controller

The data controller is:

Derdack GmbH
Friedrich-Ebert-Straße 8, 14467 Potsdam, Germany
Managing director: Matthes Derdack
Email address: info@signl4.com

2. Contact details data protection officer

Our data protection officer, Mr Steffen Wiesenbach of „dsb.W – datenschutzbüro.WIESENBACH“, can be contacted at the email address dataprivacy@signl4.com.

3. Visit the website, contact requests

3.1 As a rule, you can visit our SIGNL4 website without telling us who you are. When you visit our website, however, the browser used on your terminal device automatically sends information to the server of our SIGNL4 website and temporarily saves it in so-called log files. We have no influence on this. During this process, the following information will be collected without any action on your part and stored until it is automatically erased or deleted:

  • the IP address of the requesting Internet-enabled device,
  • the date and time of the access,
  • is the name and URL of the accessed file,
  • the website from which the access was made (referrer URL),
  • the browser you are using and, if applicable, the operating system of your Internet-capable device as well as the name of the access provider.

The legal basis for the processing of these data is Art. 6 (1) (f) EU General Data Protection Regulation (hereinafter: “GDPR”). From the collected data no conclusions on your identity are possible and are also not drawn by us. Our justified interest in data collection is to be seen in the following purposes:

  • to ensure a smooth connection setup,
  • to ensure a convenient use of our website,
  • to analyse of system safety and stability as well as
  • other administrative purposes.

3.2 If you would like to send us a message via the contact page on our website, e.g. via our feedback form, we collect your name, e-mail address and the name of your company. The indication of your telephone number is voluntary. We use your data exclusively to answer your message. The legal basis for this is Art. 6 (1) (b) GDPR. The data is processed for the purpose of processing your inquiry. We store your personal data for as long as is necessary to process your request.

3.3 In our feedback form we use “Google reCAPTCHA” (hereinafter: “reCAPTCHA”) of the provider Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). The purpose of reCAPTCHA is to check whether the data input in the contact form is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analysis runs completely in the background. Website visitors are not advised that an analysis is taking place. The integration of reCAPTCHA is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in protecting our Websites from abusive automated spying and from SPAM. For more information about reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4. Registration and login via the website

4.1 If you wish, you can also register for a SIGNL4 account via our website as an alternative to registering via the SIGNL4 mobile app. When you register, we will ask you for your e-mail address and a password to be set by you. You will then receive an email with an activation link to activate your Signl4 account at the email address you provided. If you click on the activation link, the login page opens again, where you can enter your e-mail address and password again. You will then be registered and logged in and will receive an e-mail message containing APIs created specifically for this purpose (an e-mail address and a webhook allowing you to use SIGNL4 as a team).

4.2 Alternatively, you can use the “Sign in with Google” or “Sign in with Microsoft” buttons to register if you have an identity account with one of these two providers. Google and Microsoft offer the possibility to log in to other websites via their API with your log-in data, if available. These are services over which we have no control.

4.2.1 Sign in with Google: Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Foogle”). An additional registration or login is therefore not necessary. If you decide to register with Google Sign In and click on the “Login with Google” / “Connect with Google” button, you will automatically be redirected to the Google platform. There you can log in with your usage data. This will link your Google profile to our website or services. This link gives us access to your data stored by Google. This is above all:

  • the e-mail address stored with Google

The integration of the Google Sign In takes place on the basis of Art. 6 (1) (f) GDPR. This data is used to simplify the registration of your account. This makes it easier to use our services. This is in our legitimate interest. For more information about Google Sign In and Google’s privacy policy, please see the following links: https://policies.google.com/terms and http://www.google.de/intl/de/policies/privacy

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4.2.2  Sign in with Microsoft: If you have a Microsoft account, you can alternatively register via Microsoft. This service is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft”).

If you click the “Log in with Microsoft” button, you will automatically be redirected to a Microsoft page where you can enter your Microsoft e-mail address or telephone number. This will link your Microsoft account to our website or services. This link gives us access to your data stored with Microsoft. This is above all:

  • the e-mail address stored with Microsoft

The integration of Microsoft is based on Art. 6 (1) (f) GDPR. This data is used to simplify the registration of your account.

For more information about Microsoft and Microsoft’s privacy statements, see the following links: https://privacy.microsoft.com/de-de/privacystatement

Microsoft also processes your personal information in the United States and has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4.3 Even if you are already registered and log in via the website, we will ask you for your email address and password to protect your account.

5. Cookies

5.1 “Cookies” are small files that allow us to store information specific to you, the user, on your PC when you visit our website. Cookies help us to determine the frequency of use and the number of users of our Internet pages, as well as to make our offers as comfortable and efficient as possible for you.

5.2 On the one hand, we use so-called “session cookies”, which are stored exclusively for the duration of your use of one of our Internet pages. On the other hand, we use “permanent cookies” to record information about computers that repeatedly access our website. This enables us to offer you optimal user guidance, as well as to “recognize” you and to present you with a website that is as varied as possible and new content when used repeatedly. The content of a permanent cookie is basically limited to an identification number. Name, IP address or other information about your real identity will not be stored, and we do not create individual profiles about your usage behavior. However, if you log in to our chat with an e-mail address, a visit and chat history will be stored by us (see below under point 8).

5.3 A use of our offers is also possible without Cookies. You can disable the storage of cookies in your respective browser under Extras/Internet Options, restrict it to certain websites or set your browser to notify you as soon as a cookie is sent. You can also delete cookies from your PC’s hard drive at any time (e.g. Firefox: Tools > Settings > Privacy > Show cookies > Remove cookies / Remove all cookies; Internet Explorer: Tools > Internet Options > Delete general browser history / Cookies). Our website automatically considers the browser setting “do not track”. Please note, however, that in this case you must expect a restricted presentation of our web pages and a restricted user guidance.

6. Newsletter/MailChimp

6.1 If you, as a user of the SIGNL4 service or the SIGNL4 app, have given us your permission to send you our e-mail newsletter, we will use your e-mail address to send you the newsletter. The legal basis for data processing is Art. 6 (1) (a) GDPR.

6.2 You can revoke your consent at any time with effect for the future (by sending a message to the contact data given in section 1). In the case of newsletters, revocation may also be effected by clicking on the link provided in each newsletter e-mail.

6.3 Your data will only be processed for the purpose of sending you our newsletter until you revoke your consent. Your data will then no longer be used for the purpose of sending you the newsletter.

6.4 If you have registered as a user via our website or the app, we will list you as an existing test-user/lead. In this case, we will process your name and e-mail address to send you information about new products and services by e-mail outside of the existence of a concrete consent. The legal basis for this is Art. 6 (1) (b) GDPR in conjunction with § 7 para. 3 UWG (Gesetz gegen den Unlauteren Wettbewerb, German Unfair Competition Law Code). The processing of existing customer data in this way for own advertising purposes is to be regarded as a legitimate interest.

6.5 As a test-user or existing customer, you can also object to the processing of your personal data for advertising purposes at any time (“advertising objection”).

6.6 The e-mail addresses of our newsletter recipients are stored on the MailChimp servers in the USA. MailChimp is a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. The integration of MailChimp is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in efficient and secure email delivery. The privacy policy of MailChimp can be found here: https://mailchimp.com/legal/privacy. Mailchimp is committed to complying with the principles of the EU-US Privacy Shield. Information on the participants of the EU-US Privacy Shield can be found here: www.privacyshield.gov/list

7. Google analytics and Twitter Pixel

7.1 Derdack GmbH uses the analysis services Google Analytics, a web analysis service of Google, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, as well as Twitter Pixel, an analysis service of Twitter International Company, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as “Twitter”) with the aim of continuously improving its offer. The integration of both services is based on Art. 6 (1) (f) GDPR. We use the analysis results to gain knowledge about the preferences of our users and thus continuously improve our offer. This is in our legitimate interest.

7.2 Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our website will generally be transmitted to and stored by Google on servers in the United States. If you do not wish this, you can use our cookie button to set a Google Analytics deactivation cookie.

If you do not deactivate Google Analytics, the following applies: However, due to the activation of IP anonymisation on our websites, your IP address will be shortened by Google in advance within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of our website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

We would like to point out that on our web pages Google Analytics was extended by the code ga(‘set’, ‘anonymizeIp’, true) in order to guarantee an anonymous recording of IP addresses (so-called IP masking). For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy

Twitter Pixel: We also use conversion tracking with Twitter Pixel on our website. The provider of this service is Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). This service enables us to statistically record the use of our website in order to optimize it. Conversion tracking uses Twitter to set a cookie on your device when you visit the site by clicking on a Twitter ad. Conversion tracking is used to generate statistics and not to identify you. Rather, we just want to know which Twitter ads or interactions bring users to our website. Further information can be found at https://business.twitter.com/de/help/campaign-measurement-and-analytics/conversion-tracking-for-websites.html

In this context, the following data will be processed: Twitter Cookie ID, Browser User Agent String, Browser IP Address, Website Tag ID, Timestamp, URL of the page.

Third Party Information: Twitter Inc, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

Twitter is certified in Privacy Shield: www.privacyshield.gov/participant. You can prevent the storage of cookies by setting your browser accordingly. Further information can be found at: www.twitter.com/en/privacy

8. Integration of the live chat service Drift

8.1  In order to optimise the offer, the Drift service is integrated into the Derdack GmbH website. This enables us to communicate directly and in real time with website visitors.

8.2 Drift: Drift is a live chat software from Drift.com Inc. 222 Berkeley St 6th floor, Boston, MA 02116, USA. Drift processed your personal data under a contract with us on our behalf. Your communicated chat name and chat content will only be collected and stored for the course of the chat after your express consent. In addition, after your consent, browser information, cookie information, date and time, operating system, IP address and page views are stored. All information is stored on Drift servers in the USA. Cookies are used to operate the chat function. Cookies are small text files that are stored locally in the cache of the Internet browser of the page visitor. The cookies enable the recognition of the Internet browser of the site visitor in order to ensure a differentiation of the individual users of the chat function of our website. In order to avoid the storage of cookies, you can set your browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored are deleted. However, switching off all cookies may prevent you from using the chat function on our website. If the information has a personal reference, it is processed in accordance with Art. 6 (1) (f) GDPR, since it is in our legitimate interest, to provide for effective customer services and to optimize such service with the help of statistic data regarding the use of the service.

Drift, Inc.’s Privacy Statement (in English language) can be found here: https://www.drift.com/privacy-policy/

Drift is committed to complying with the principles of the EU-US Privacy Shield. Information on participants in the EU-US Privacy Shield can also be found at: www.privacyshield.gov/list

9. Embedded content from third-party platforms

9.1 Our website contains embedded content from third-party platforms, including platforms such as YouTube and Vimeo. The videos are integrated on the basis of Art. 6 (1) (f) GDPR. The integrated contents should make our offer more descriptive and attractive. We have a legitimate interest in this.

9.2 YouTube: For the integration of videos we use the provider YouTube. YouTube is operated by YouTube LLC, headquartered in 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These are sent with the WordPress Youtube Lyte Cookie https://de.wordpress.org/plugins/wp-youtube-lyte/eingebunden, which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the next paragraph be transmitted. We have no influence on this data transmission. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in section 2 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. When you’re logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-

9.3 Vimeo: We also use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011 (hereinafter “Vimeo”).

On some of our websites we have included videos that are located on the Vimeo platform. For this we use plugins of the provider Vimeo. If you call the Internet pages of our Internet presence provided with such a plugin, a connection to the Vimeo servers will be established and the plugin will be displayed. By doing so, the Vimeo server will be informed which of our Internet pages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the plugin, e.g. clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

Further information on data processing and Vimeo’s privacy policy can be found at https://vimeo.com/privacy. Vimeo has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

10. Social Network Buttons

10.1 On our websites, social network buttons are used to share content. We use buttons of the provider “Twitter” (provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103), of the provider “Facebook”, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for the German website facebook.de, the “LinkedIn” button (provider): LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA “XING” (provider: Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany) as well as the “Pinterest” button (provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA) and the “Tubmlr” button (Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA).

The plug-ins are marked with the corresponding logo icons of the different services.

10.2 For data protection reasons, we have deliberately decided not to use direct plug-ins from social networks on our websites. Instead, we use the so-called two-click solution.  If you click on the corresponding icon of the network of your choice, the presence of the social network opens in a new window via a link. So you can decide for yourself if and when data will be transmitted to the operators of the respective social networks. Therefore, when you visit our websites, no data is automatically transmitted to social networks. Only when you actively click on the respective button does your Internet browser establish a connection to the servers of the respective social network, i.e. by clicking on the respective button (e.g. “Share” or “Share with friends”), do you agree that your Internet browser establishes a connection to the servers of the respective social network and transmits usage data to the respective operator of the social network.

10.3 The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (also for users who are not logged in) in order to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

10.4 The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and link the page to  B., the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this allows you to avoid being assigned to your profile by the plug-in provider.

10.5 Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.

10.6 Addresses of the respective plug-in providers and URL with their data protection information:

  1. a) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
  2. b) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
  3. c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
  4. d) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA, http://about.pinterest.com/privacy/. Pinterest has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
  5. e) Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA. http://www.tumblr.com/policy/de/privacy. Tumblr hat sich dem EU-US-Privacy-Shield unterworfen, www.privacyshield.gov/EU-US-Framework.

11. Hosting

We use the services of GoDaddy.com LLC, 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260, United States of America.

The website Signl4 runs on a dedicated server of Derdack GmbH.

We have signed an order processing agreement with GoDaddy.com LLC.

GoDaddy has signed the EU-US Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000TN9xAAGtatus=Active

12. Data security, transfer of personal data to third countries

12.1 In order to ensure data security and the protection of your personal data, Derdack GmbH takes technical protective measures, in particular to prevent third parties from accessing your data. Derdack GmbH shall adapt the technical protective measures in accordance with the current state of the art.

12.2 To the extent described in this Privacy Policy, we may transfer your personal information to other countries (including countries outside the EEA). Please note that data processed in other countries may be subject to foreign laws and may be accessible to local governments, courts, law enforcement and regulatory authorities. In the event of a transfer to a state outside the EEA, the EU-US Privacy Shield and EU standard contractual clauses apply. For further information, please contact the data protection officer named under point 1 by e-mail.

13. Consents given

You may withdraw your consent to the processing of your data at any time with effect for the future. This does not affect the legitimacy of the processing of your personal data prior to the date of withdrawal.

14. Right of objection

Under the conditions set out in Art. 21 (1) GDPR, data subjects may object to the processing of data on grounds relating to their particular situation.

This general right to object applies to all purposes described in this data protection declaration which are processed on the basis of Art. 6 (1) (f) GDPR. We are required to implement such a general right to object only if you are able to present reasons of overriding importance (e.g. a possible risk to life or health).

15. Your other rights

15.1 You have the following rights against us with regard to your personal data:

  • Right of access (Art. 15 (1) and (2) GDPR)
  • Right to rectification (Art. 16 (1) GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR).

In order to assert your rights, please contact the responsible body mentioned under point 1.

15.2 You can view and change the data stored in your profile at any time. You can also delete your profile at any time. In the cases of § 35 Para. 3 BDSG (German Data Protection Act), the deletion shall be replaced by the blocking.

16. Right of appeal to the supervisory authority

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

17. Reference

In the event of a statutory obligation, we reserve the right to disclose information about you when required to do so by lawful authorities or law enforcement agencies. The legal basis for this is Art. 6 (1) (c) GDPR.

18. Change

18.1 In the course of technical development, Derdack will also continuously adapt its data protection declaration. Derdack will incorporate changes on this page in good time and, if necessary, obtain your renewed consent.

18.2 Irrespective of this, you should visit this page regularly in order to inform yourself about the current status of the data protection information.