Effective as of 29 November 2022
RAVNUR PRIVACY
NOTICE
General
This
privacy notice applies to
·
our
website
·
all
of the services that we offer on our own behalf, including our product
offerings and our web applications (“Web App”)
·
our
communications to you
Not
all sections will necessarily apply to you. It depends on how you interact with
us, our services and website.
Unless
otherwise stated, this notice does not cover any linked third-party websites or
services that we do not own or control.
For
cookies, please read the separate cookie notice on this site available via http://test.ravnew.ravnur.com/cookie-policy
and please check the cookie consent manager implemented on this website (see “Manage
Cookie Preferences” at the bottom of the page). The cookie notice applies in
addition to this privacy notice.
An overview:
broad categories of personal data we process
Ravnur
processes personal data in three broad categories:
·
data
we collect through our website or when you otherwise interact with us
·
data
from use of our services
·
data
that may be included in the content that customers manage in our services
Some
data protection and privacy laws talk about “personal data”, others about
“personal information”. For simplicity, we use the term “personal data” throughout
this privacy notice.
Who decides how personal data in
these categories is processed (who is the “data controller”)?
Data
protection and privacy laws in certain jurisdictions, like in the European
Union, distinguish between “controllers” and “processors” of personal data.
These concepts come from the European Union General Data Protection Regulation
(“GDPR”). A controller decides why and how personal data is processed. A
processor processes personal data on behalf of a controller.
The
California Consumer Privacy Act (“CCPA”) has similar concepts: “business” (similar
to the data controller) and “service provider” (similar to data processor). For
simplicity, when we talk about a “data controller”, we also mean a “business”.
And when we talk about a “data processor” we also mean a “service provider”.
Ravnur
is the data controller of personal data in the first broad category. This means
that we decide for what purposes and how we process this data. Generally
speaking, we use this data for our legitimate business interests, for example
to understand who our customers and potential customers are, what their
interests in our services are, to manage our customer and supplier
relationships.
Personal
data in the second category can be controlled by both our customers and us,
each for their own purposes. When we process such data for purposes of
providing services to our customers, we are the data processor and the customer
is the data controller. This includes purposes such as customer support. When
we process this data for example to manage the customer relationship and
billing, or to understand how our services are used for product development
purposes, we process this data for our own purposes and we are therefore the
data controller.
Personal
data in the third category, customer content, is controlled by our customers.
We are always the processor of personal data that may be included in customer
content and process it in accordance with our customer agreements.
Who we are and how to contact us
The
entity responsible for processing your personal data (the “data controller”) in
accordance with this privacy notice is Ravnur, Inc., with its registered office
at c/o InCorp Services, Inc., One Commerce Center – 1201 Orange St. #600, Wilmington,
DE 19899.
If
you have any questions about our processing of your personal data, you can
contact us at privacy@ravnur.net.
In
this privacy notice we refer to Ravnur, Inc. as “Ravnur”, “we”, “us”, “our”.
About this privacy notice
Brief
overview
This
privacy notice explains:
·
Who
we are and how to contact us
·
Your
rights
·
When
we collect personal data from you and from third parties
·
Data
transfers and how we share personal data
·
Data
collection on our website and in our Web App
·
Third-party
content and services on our website and in our Web App
·
Data
collection when contacting us and interacting in our communities
·
Data
collection when using our services
·
Data
collection when visiting our premises or participating in events or training
·
Personal
data we collect and process for marketing purposes
·
How
we keep personal data safe
Changes to
this privacy notice
Please
read this privacy notice carefully and note that we may change it. We may
change it specifically if our products and services or the website we offer
evolve or if the relevant laws or their application change. We recommend that
you read this privacy notice from time to time and make a copy for your files.
We will post new versions of this privacy notice on our website and identify
new notices with the date they take effect.
Your rights
This
section explains what rights you have in relation to our processing of your
personal data. If you want to make use of your rights, please contact us
(please see contact details above in “Who we are and how to contact us”).
Your
European rights under the GDPR
If
our processing of your personal data is subject to the European Union General
Data Protection Regulation (“GDPR”), you have the following rights with respect
to your personal data:
·
Right
of access: You can request information about your personal data that we process
in accordance with GDPR article 15.
·
Right
to erasure: You have the right to request the deletion of your personal data in
accordance with GDPR article 17.
·
Right
of rectification: If the information concerning you is not correct, you can
request a correction in accordance with GDPR article 16. If your data is
incomplete, you may request that it be completed.
·
Right
to restrict processing: In accordance with GDPR article 18, you have the right
to request a restriction of processing your personal data.
·
Right
to withdraw your consent: If you have given your consent for processing, you
have the right to revoke it according to GDPR article 7.3.
·
Right
to data portability: You have the right to receive your personal data that you
have provided to us in a structured, common and machine-readable format as well
as the right to transfer this data to another data controller, if the
conditions of GDPR article 20.1 (a), (b) are met.
·
Right
to file a complaint: You have the right to file a complaint with a data
protection supervisory authority about our processing of your personal data in
accordance with GDPR article 77.
·
Right
to object to processing: In accordance with GDPR article 21.1, you have the
right at any time to object, for reasons arising from your particular
situation, to processing your personal data on the basis of GDPR article 6.1
(e) or (f). In such a case we will not process your data unless we can
demonstrate compelling legitimate reasons to do so which outweigh your
interests, rights and freedoms, or if the processing is for purposes of
establishing, asserting, exercising or defending against legal claims.
Furthermore, according to GDPR article 21.2, you have the right at any time to
object to processing your personal data for the purpose of direct marketing;
this also applies to any profiling, insofar as it is connected with such direct
marketing.
Your
California rights under the CCPA
If
our processing of your personal data is subject to the California Consumer
Privacy Act (“CCPA”), you have the following rights with respect to your
personal data:
·
Right
of information and access: You can request information about and access to your
personal data that we process in accordance with the CCPA.
·
Right
to erasure: You have the right to request deletion of your personal data in
accordance with the CCPA.
·
Right
to opt-out of the sale of your personal data: We have third party cookies on
our website to assist us with analyzing our marketing effectiveness and potentially
to provide you with tailored content and advertising. We may share cookie data
as well as other data we may have on you with marketing companies (for example
using your email address to obtain firmographic information about the company
you work for) or with our business partners, such as in case of joint events
organized with such partners. If you would like to know more about how you can
control how we collect information through the use of cookies and similar
technologies, including how to opt-out of such data processing, please see the
separate cookie notice available via Ravnur.com/legal. To opt out of cookies
and of sale (as defined in the CCPA) of your personal data please use the
settings in the cookie consent manager implemented on our website and in our
Web App or contact us via the form “Do not sell / Data access request”
available on this site (click on the “Do not sell my personal information” link
at the bottom of this page) or contact us using the contact details provided
above in “Who we are and how to contact us”.
·
Right
to non-discrimination: You have the right to receive non-discriminatory
treatment if and when you exercise your rights to access, delete, or opt-out
under the CCPA. This means we cannot, for example, deny goods or services to
you or charge different prices or rates for goods or services, including
through the use of discounts or other benefits or imposing penalties, due to
you having exercised your rights.
When we collect personal data from you and from third parties
Collecting
personal data from you
We
collect personal data from you when you for example:
·
Visit
our website
·
Use
third party content integrated into our website or services
·
Contact
our company
·
Sign
up for newsletters or download whitepapers or reports
·
Read
our emails
·
Participate
in user research and surveys
·
Sign
up for and use our services
·
Communicate
with us via customer support tools
·
Register
for or attend our events and training
For
more information, please read further below in this privacy notice in the
applicable sections or feel free to contact us (contact details above in “Who
we are and how to contact us”) and we will be happy to answer your questions.
Collecting
your personal data from third parties
We
mostly collect personal data from you. However, we receive personal data about
you from third parties when you, for example:
·
Participate
in user research or surveys facilitated by third parties
·
Sign
up for our services using a social media or other third party account
·
Register
for an event or training through a third-party service
·
Marketing
service providers such as data enrichment providers
For
more information, please read further below in this privacy notice in the
applicable sections or feel free to contact us (contact details above in “Who
we are and how to contact us”) and we will be happy to answer your questions.
Data
transfers and how we share personal data
This
section gives you an overview of how we may transfer and share personal data.
Please note that other parts of this privacy notice and the separate cookie
notice on this site include more information that may be relevant to
transferring and sharing personal data.
How we share
your personal data
We
share your personal data with sub-processors and service providers that assist
us with the provision of our services, as well as in connection with our
business and business transactions or as necessary to comply with our legal obligations.
How
we share information with our sub-processors and service providers is described
in various parts of this privacy notice, including:
·
Data
collection on our website
·
Third-party
content and services on our website
·
Contacting
us
·
Using
our services
·
Events
and training
·
Marketing
Please
also view our cookie notice available via http://test.ravnew.ravnur.com/legal/cookie-policy
to learn about data collection and sharing via cookies.
Transferred
data is protected by appropriate agreements
In
general, we use service providers across our services and website with
locations outside of the European Economic Area, including in the United States
of America. We transfer data from our services and website to such locations.
If
we transfer or otherwise process personal data in a country outside of the
European Economic Area that has not been determined by the European Commission
to offer adequate protection to personal data, we will ensure that such
transfers and processing are covered by lawful data processing agreements and
data transfer mechanisms (such as the EU Commission approved “standard
contractual clauses” (https://ctfl.io/link_to_EU_SCC) in accordance with GDPR
article 46.2(c)).
The
sub-processors and service providers to whom we transfer personal data are vetted
by our security team.
Third
parties with whom we share personal data
Service
providers –
We share your identifiers, internet activity or billing details with the
relevant service providers such as security service providers or our customer
relationship and billing management providers or with third parties who conduct
research and surveys on our behalf. The legal basis for sharing your
information is our legitimate interest in providing our services efficiently.
Some
of such data sharing, marketing tools integrated in our website and
firmographic data providers (please see “Marketing”) may be deemed a “sale”
under the CCPA. To exercise your right to opt-out of such sharing please
contact us using the contact details provided above in “Who we are and how to
contact us”.
Firmographic
data providers –
when you visit our website or use our services we may share your identifiers
(like email address) with third parties who provide us with firmographic data
(such as the name of the company you work at) related to your identifiers (for
example based on your email address domain).
Customer
support services and customer engagement – when you communicate with us through our website or the
Web App, we share your identifiers, internet activity, and any personal data
you choose to include in your communication with customer support service
providers (please see in “Contacting us and interaction in our communities” and
“Using our services”).
Events
and training hosts and facilitators – when you register for or attend an event, we share your
identifiers and other registration information with such third parties. These
third parties may include our business partners that participate in or organize
such events with us. Please see in “Events and training”.
Between
our group companies and investors; due to corporate transactions – We may share your
personal data if we are involved in a merger, acquisition, consolidation,
change of control, or sale of all or a portion of our assets or if we undergo
bankruptcy or liquidation. Such activity might involve us disclosing personal
data to prospective or actual purchasers, sellers and their advisers. Such
disclosures will only take place under appropriate confidentiality undertakings
and if necessary for such purpose and your interests, rights and freedoms do
not outweigh such disclosure. The legal basis for this sharing is our
legitimate interest in carrying out our business operations.
Pursuant
to your instructions –
when requested, we will share or facilitate sharing your data with third
parties pursuant to your instructions. The legal basis for this sharing is your
request and the performance of our contract with you.
To
comply with our legal obligations, protect our rights and those of others – we may share your
personal data to comply with our legal obligations, and to protect our rights.
We will share your personal data if we are legally required to do so, such as
in response to a court order or legal process, or to establish, protect, or
exercise our legal rights or to defend against legal claims or demands, or to
comply with requirements of mandatory applicable law. We will also share your
data as necessary to enforce terms of contract that you have agreed to,
including to protect the rights, property, or safety of Ravnur, its users, or
any other person.
To
prevent fraud and abuse of our services – we will share your identifiers, internet activity,
sensory data, and other relevant data to prevent or detect fraud or to address
technical issues and if we believe it is necessary to investigate, prevent, or
take action regarding situations that involve abuse of our services or the
Internet in general, such as spamming, denial of service attacks, or attempts
to compromise the security of our infrastructure or our services.
Data collection on our website and in the Web App
This
section applies to our website and Web App, and the various methods of
communicating with us via these properties. For information on cookies (and
similar technologies) integrated in our website and the Web App, please read
the cookie notice (which forms part of this privacy notice) accessible on this
site via http://test.ravnew.ravnur.com/cookie-policy and check the cookie consent manager
implemented on this website (see “Manage Cookie Preferences” at the bottom of
the page).
What data we
collect (“Website Data”)
When
you visit individual pages of our website ravnur.com or our Web App we
generally collect the following data from you (also referred to as “Website
Data”):
Identifiers,
such as:
·
hostname
of the accessing device
·
IP
address
·
cookie
ID
Internet
activity, such as:
·
browser
type/browser version
·
operating
system used
·
language
and version of the browser software
·
website
from which the request comes
·
content
of the request (specific page)
·
date
and time of the server request
·
access
status/HTTP status code
·
referrer
URL (website visited before)
·
volume
of data transferred
·
time
zone difference from Greenwich Mean Time (GMT)
Additionally,
in the Web App, we log the user activity, including log-in time-stamps and actions
taken in the Web App.
Legal basis
for and purpose of processing personal data
Unless
otherwise stated below, the legal basis to process this type of personal data
is GDPR article 6.1(f), our legitimate interests to enable the provision of a
functioning and appealing website and user experience and to ensure that our
marketing messages are more relevant to the user. We will retain your data for
as long as we consider it reasonably likely for you (or your organization) to
become or remain a customer. For retention of cookie data, please refer to the
cookie consent manager integrated on our website. To the extent that we use any
tracking technologies, such as cookies, that are not technically essential, the
legal basis for processing such data originating from the European Union is
GDPR article 6.1(a), that is your consent that we request via the cookie
consent manager.
Third-party
content and services on our website and in our services
The
below sections apply to various third-party services and content that are
integrated into our website and our Web App. Please note that information about
cookies (and similar technologies) integrated in our website and services is in
a separate cookie notice on this site available via http://test.ravnew.ravnur.com/legal/cookie-policy.
The
website and the Web App may integrate third-party content such as videos, maps,
RSS feeds and graphics from other websites. When you use the third-party
content, we provide these third parties with your identifiers such as your IP
address and Website Data. Without such data they would not be able to properly
deliver the content to the requesting browser.
Some
of the third parties may process data outside of the European Union and European
Economic Area. For more information on data transfer please see above in “Data
transfers and how we share personal data”.
Integration
of certain Google services
Our
website and the Web App use Google Maps enabling you to conveniently use the
map function directly on our website or in the Web App.
When
you use the Google Maps feature, we collect your Website Data. We use this
information to provide you with the Google Maps integration. When you use this
integration, we also share your Website Data with Google. If you are logged in
to a Google Account, Google may associate your data with your account.
For
more information about the purpose and scope of processing by Google, please
refer to Google’s privacy policy. There you will also find further information
about your rights in this regard and settings options to protect your privacy:
policies.google.com/privacy.
Sharing
such information with Google may constitute a “sale” of personal data under the
CCPA. To exercise your rights to opt-out of such sharing, please see the page
“Do not sell / Data access request” available on this site or contact using the
contact details provided above in “Who we are and how to contact us”. Please
note that if you opt out of sale we may not be able to provide you with the
Google service.
We
use Google reCAPTCHA on certain pages of our web pages. The purpose of
reCAPTCHA is to check whether the data input on our webpages (e.g. in a contact
form) is by a human or by a bot. For this purpose, reCAPTCHA analyzes the
website visitor’s behavior based on different characteristics. This analysis
starts automatically as soon as the website visitor enters the website. For
analysis purposes, reCAPTCHA evaluates various information (e.g. IP address,
time spent on the website or mouse movements). The data collected during the
analysis is forwarded to Google. The analyses can run completely in the
background. Website visitors are not necessarily notified that an analysis is
taking place. Further information about Google reCAPTCHA and the Google privacy
policy can be found at the following links: policies.google.com/privacy and
google.com/recaptcha/about.
The
provider of Google services is Google Inc, 1600 Amphitheatre Parkway, Mountain
View, CA 94043, U.S.A.
Integration
of certain analytics and marketing services
We
use services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View,
CA 94043, U.S.A.) and InnoCraft Ltd. d/b/a Matomo (7 Waterloo Quay, PO Box 625,
6140 Wellington, New Zealand) to better understand our website users’ needs and
to optimize the experience by for example tracking how much time users spend on
which pages, which links they choose to click and so on. They use cookies and
other technologies to collect data on our users’ behavior and their devices.
This includes for example a device’s IP address (processed during your session
and stored in a de-identified form), device screen size, device type (device
identifiers), browser information, and geographic location (country only). The
service stores this information on our behalf in a pseudonymized user profile
and does not sell the data collected on our behalf. The legal basis of our
processing your data with such service providers is your consent as per GDPR
article 6.1(a) which we request via the cookie consent manager implemented on
our website. If you consented to cookies set by Google or Matomo, you can
withdraw your consent on their website or by adjusting your cookie settings
either in the cookie consent manager implemented on our website or in your
browser.
Social
networks integrations
Some
social network plug-ins are integrated in our website and services. When you
use these plug-ins, we collect your identifiers and Website Data. We use this
information to provide the social network integration in our website and
services. We will also share your identifiers and Website Data with these
social networks. The legal basis for processing your data provided to us via
social media integrations is GDPR article 6.1(b) if you are using the social
media to register or sign in to our services. Additionally we process your data
based on GDPR article 6.1(f) to provide easy access to social media outlets via
our website and also to improve our services by making them more interesting
and convenient to you as a user.
The
social networks may process your personal data for their own purposes. Please
review their policies to learn more. The
social media integrations are provided for your convenience and are subject to
change. Always review the current social media providers and their privacy
practices when interacting with us through such providers. We do not have any
control over these social media networks and how they process the personal data
they collect. Please refer to their privacy policies and privacy controls.
Please note that the social media networks may transfer your data to countries
outside of the European Economic Area (such as the United States of America).
Since the social media networks collect data also via cookies, we recommend you
familiarize yourself with their cookie practices and check the cookie settings
in your browser.
Sharing
your personal data with these social networks may constitute a “sale” of your
personal data under the CCPA. To exercise your rights to opt-out of such
sharing, please contact us using the contact details provided above in “Who we
are and how to contact us”. If you opt out of sale we may not be able to offer
these integrations to you.
Using our services
This
section describes how we process personal data and customer content in the Ravnur
services. This is in addition to “Data collection on our website and our
services” above which is focused on third-party integrations generally across
our website and Web App and how we collect and process Website Data.
Personal
data in the context of our services includes
·
data
related to you as the user of our service (that is, when you are logged in as a
registered user), such as identifiers like email address and IP address
·
personal
data that may be included in the customer content managed in our services if
our customers choose to manage such content in our services, and
·
request
headers in the API calls from customer applications (like websites to which the
customer content is delivered from our service) can include personal data such
as IP addresses that may belong to the end user of the customer application –
like in any Internet service.
Purposes and
legal basis for processing personal data
In
respect of any of the personal data mentioned above, to the extent required to
provide our services, we process such data as a data processor on behalf of our
customers pursuant to an agreement with such customer. The legal basis for such
processing is GDPR article 6.1(b).
To
register for our services, we collect your identifiers such as your email
address, name or alias, and IP address. We will also collect the date and time
of registration and log-ins and log the actions taken in the services. For paid
use of our services, we will also request additional personal data from you or
your organization, including identifiers such as address and payment details.
Due to mandatory commercial and tax regulations, we are obliged to keep your
address, payment and subscription data for a period of ten years. We share your
identifiers and payment information with our service providers for service
provision and payment processing purposes.
We
collect Website Data from logged-in users and combine it with identifiers (such
as your signup data) and information about how you use our services as well as
firmographic data about the business you work in and your role in that
business. In such cases we process the data as a controller based on GDPR
article 6.1(f), our legitimate interests to provide our product development and
engineering teams with accurate usage data and to make our customer success
operations, marketing and sales messages more helpful and relevant. We will
retain the data for as long as we consider the data being valuable for purposes
of product development, customer success and support as well as marketing.
To
the extent that we use any tracking technologies, such as cookies, the legal
basis for processing such data is GDPR article 6.1(a) in respect of data
originating from the European Union, that is your consent that we request via a
cookie consent manager. Please see the separate cookie notice on this site
available via http://test.ravnew.ravnur.com/cookie-policy.
Customer
content published through our services and end user interaction
This
section explains how the Ravnur services work. This section doesn’t apply to
anyone visiting our website or using our services but the actual operation of
our content management infrastructure and services.
Logged-in
users can upload to (or create in) our services a variety of content such as
texts, images and videos. Such customer content may include personal data, such
as images of individuals. Our customers are responsible for the customer
content uploaded to or authored in our services. We will only process such
customer content as necessary to provide our services. Customer content is
hosted in our services running on Microsoft Azure in the United States of
America and delivered via globally distributed Content Delivery Networks
(“CDN”) as described in Ravnur’s product documentation. If you have questions
about personal data possibly processed in our services as part of customer
content, please contact the applicable customer who controls that content.
We allow
our customers to integrate their web and mobile applications with our services
to deliver customer content into such applications. This happens through an
application programming interface (API). The customer applications and data
they collect from end users is under our customers’ control and their
responsibility. We merely log the “request header” (such as browser
information, operating system and IP address) of an end user from the API
request to be able to properly deliver the customer content to the customer
application. That’s basically how any Internet service works. We process this
data for purposes of providing our services in accordance with our customer
agreements. The legal basis for processing is GDPR article 6.1(b) (customer
contract). We do not have any means to trace such data back to individual end
users of customer applications because we have no other information on them and
our customers must not provide us with any such end user information. If you
are a visitor of an application or a website, the contents of which are
delivered from our services, the privacy policy of the provider of such app or
website applies, not this privacy notice.
Contacting us
In
this section we give an overview of data collection and processing when you
interact with us directly, not on our website or in our services.
General
We
may use third parties to process the data you submit to us (our customer
relationship management tools or providers of communication services) and we
may combine such data with other data we may have, for example data regarding
your subscription and contract in our billing tools or firmographic information
about your business and your role in the business. We do this to ensure we
provide the best possible customer support and user experience and we may also
use the data for our product development and marketing purposes if we are
legally allowed to do so, including through the use of web beacons and pixels
in our newsletters (additionally, please see “Marketing” and the separate cookie
notice available via [_____________]).
We
do not have any influence over whether certain of such third-party providers
process personal data for their own purposes. This can be the case if you, for
example, use a social media platform to communicate with us. Please review the
privacy policy of the applicable third party to ensure you are aware of such
processing. For general information about our sharing and transferring personal
data, please see “Data transfers and how we share personal data”. If such sharing
constitutes a “sale” of your personal data under the CCPA, you may be able to
exercise your rights to opt-out of such sharing. In such a case, please contact
us using the contact details provided above in “Who we are and how to contact
us”. If you opt out of such a sale we may not be able to provide the relevant
service to you.
Contact
forms and support requests
There
are various ways to contact us, for example by email or by using contact or
support forms or a feedback tool on our website or via various social media
platforms. If you contact us, we collect your identifiers such as your email
address or social media profile name, and other personal data you choose to
include in such contact. We will use your personal data to respond to your
inquiry. If you do not provide us with any additional information we may
request, we may not be able to properly handle your request. The contact forms
or the applicable web page will inform you in more detail about the use and
sharing of your personal data in that specific context (for example a sign-up
form may explain with whom we may share data for that specific sign-up, such as
for an event).
The
legal basis for processing your data is GDPR article 6.1(f) and 6.1(b). The
former, to be able to address your inquiry and provide you with the information
and services you request and to improve our services. Additionally, the latter,
if the contact is made with the intention of concluding a contract or if you
are already a Ravnur customer, for example to provide customer support that you
may request.
Because
the communications services we may use are subject to change, please contact us
to inquire what services we use at any given time.
Video
conferencing
When
attending a video conference organized by us, your personal data will be
necessarily processed.
Such
data includes: identifiers (such as name, email address, optional profile
photo), content (such as voice and video calls, chat messages, files,
whiteboards and other information shared in the video conferencing service),
metadata related to the meeting and telephony or other connectivity data (such
as meeting topic, start and end time, participant IP addresses, device/hardware
information, phone number).
Ravnur
currently uses services provided by Zoom Video Communication, Inc. (55 Almaden
Boulevard, Flr 6, San Jose, CA 95113, U.S.A.), Google Meet [_____________] and
Microsoft Teams [_______________].
While
using such services, some data will be disclosed to other call participants and
to meeting hosts. For example, when you attend a meeting, your name may appear
in the attendee list. Turning on your video camera, your image and possibly
your surroundings will be shown. If you send chat messages or share content or
your screen, they can be viewed by others in the chat or the meeting.
Calls
will not be recorded without permission.
Ravnur
processes personal data for these purposes based on legitimate business
interests (effective communication with relevant stakeholders) in accordance
with GDPR Article 6.1(f). If the video conference relates to a contract, we
additionally process data based on GDPR Article 6.1(b). Where applicable, call
recording is based on consent as per GDPR article 6.1(a). Data is retained for as
long as reasonably needed for each specific purpose.
Personal
data will generally be shared with such service providers to provide the
underlying service. Recordings may be stored in Zoom cloud or other
repositories such as Google Drive. Meeting invitations, which may include
personal data, are typically sent using email and calendar services provided by
Google. Both providers are committed to EU data protection principles under
data processing agreements containing the EU Commission approved “standard contractual
clauses” (https://ctfl.io/link_to_EU_SCC) in accordance with GDPR article
46.2(c)).
Newsletters,
whitepapers and reports
This
section explains how you can subscribe to or otherwise obtain more information
about our company.
You
may have the possibility to subscribe to email newsletters on our website,
which we use to inform you regularly about various topics related to our
company and services. You may also have the opportunity to download white
papers and reports from our website. In such cases you may also have the
opportunity to opt in to receive marketing communications from us.
When
you subscribe to a newsletter or when you download whitepapers or reports, we
collect the personal data requested in the applicable form, such as email
address to be able provide the requested information and materials. Processing
your personal data in this context is based on GDPR article 6.1(f) where our
legitimate interest is to promote our company by serving you with information
and materials that you are interested in. Additionally we may ask your
permission in such request forms to approach you with marketing communications.
Giving your permission is of course optional. In such a case processing your
data is based on your consent as per GDPR article 6.1(a), as may be applicable
to you. All our newsletters include a link to manage your subscription
preferences: you can always opt out of our newsletters. You can also always
contact us through the contact details given above in “Who we are and how to
contact us” for assistance.
We
analyse how recipients interact with the newsletters. They may contain
so-called web beacons or tracking pixels. We use them to collect your
identifiers such as your email address and to collect your internet activity,
such as when the newsletter is read and which links are clicked. We use this
personal data, combined with other personal data we may have on you, such as
your employer as well as your role in that organization, to create inferences
about you. We use this data to tailor the newsletter to your inferred interests
and your organization. We perform this type of analysis and process the related
data for as long as we reasonably believe that you (or your organization) could
become or remain a customer. After such time or after you have opted out of
such communications, we retain contact details to ensure we no longer send
newsletters to those who have unsubscribed. The legal basis of this kind of
processing is GDPR article 6.1(f) where our legitimate interest is to analyze
the use of our newsletters and to optimize and tailor them to provide more
suitable information to the subscriber.
Surveys and
user research
We
occasionally send out surveys, conduct user and other research and may invite
you to participate in such surveys and research so that you can provide us with
your feedback and ideas. Participation in our surveys and user research is
voluntary.
We
will process personal data in that context for purposes of our legitimate
interests in accordance with GDPR article 6.1(f): to provide our product
development and marketing teams with relevant information and to enable such
research projects, for example to organize meetings and video or phone calls.
To record video or audio calls or to make screen captures, we will ask for your
permission. In such cases processing your data is subject to your consent in
accordance with GDPR article 6.1(a), as may be applicable to you.
The
surveys and research may take different forms from face-to-face discussions to
video or audio calls or online survey forms. You may be able to participate via
different methods, such as via our website, through a third-party website or a
survey form. Please note that such third-party tools (such as web forms or
survey tools that you may be directed to) may process personal data for their
own purposes, such as via cookies. Because third-party tools are subject to
change, please ask us at the time of participating if you would like to know
more.
In
each case we will collect your identifiers such as your contact details and IP
address, as well as sensory information such as video and audio recording (if
you give us your consent, where applicable). A video usually captures your
device screen while you are interacting with our services but may also capture
images of you or your surroundings. An audio recording typically captures your
comments while you use our product and your answers to our questions. We will
also collect the personal data that you voluntarily give to us in such surveys
and research, for example as may be included in your answers.
We
collect and use your personal data to the extent needed to carry out the
research and to stay in touch with you for any possible follow-up. We may share
your personal data, including your identifiers and sensory information, with
third parties who act as our service providers. Such service providers are
subject to change, so please ask us at the time of participating in the
research and familiarize yourself with the privacy practices of the applicable
provider.
We
will keep the research data, including your personal data, for as long as we
consider the research data to be useful for example for product development
purposes. The exact time depends on the research, the answers and the possible
use case.
Events and training
In
this section we describe how personal data is processed in an online training
environment.
Training;
Webinars
We
may provide you with opportunities to participate in training and webinars. We
will make additional and more detailed information available in conjunction
with the training (e.g., by linking relevant privacy policies to our learning
portal or the web page or registration form that we may use). Feel free to
approach our organizers for more information on processing your personal data
or get in touch with us via the contact details provided above (see “Who we are
and how to contact us”).
Data
processing may vary depending on the venue, partners and organizers or tools
and facilities used to provide the training. In some instances, if we record
the training, we will collect your sensory data as may appear in such
recordings. The organizers or host venue may also collect additional personal
data for their own purposes. Please refer to their privacy notices for their
use of your personal data.
When
we provide online training or webinars, we may share your personal data with
third parties to facilitate the provision of training content (such as online
video or webinar providers or third-party learning management portals) or the
business partners participating in or facilitating such training or webinars.
Some of such providers (especially online training service providers) may
reside outside of the European Economic Area, e.g., in the United States of
America (please see “Data transfers and how we share personal data” above).
Processing
your personal data for training purposes is based on GDPR article 6.1(b) if you
have a contract with us for such training, and additionally GDPR article 6.1(f)
where our legitimate interests are ensuring a better customer experience and
customer satisfaction and more efficient use of our services. The data is
retained for as long as reasonably necessary for the training purposes and any
legitimate follow-up, such as for certification purposes.
Marketing
In
this section we elaborate on our marketing practices. Please note that our
cookie notice available on this site as well as other sections of this privacy
notice may be relevant for marketing purposes too, such as “Newsletters,
whitepapers and reports”.
Email
marketing
We
may send various email newsletters and marketing messages to different groups
of customers and those who have expressed interest in receiving such messages
from us (for example by expressing their interest at an event or by opting in
in a web sign-up form). By way of example, we may send developer newsletters to
customers and customer personnel that are likely to be developers. We may also
send a newsletter to our premium/enterprise customers and partner newsletters
to our technology and solution partners. The newsletters may include offers from
our portfolio, news articles, information about our company events or events
that we will attend, technical information, updates from our blog and updates
from the Ravnur community.
The
newsletters discussed above in “Newsletters, whitepapers and reports”, as well
as other communications from us, may be considered marketing. We only approach
existing customers in accordance with and on the basis of statutory
requirements related to marketing (including in accordance with GDPR article
6.1(f)) or based on newsletter subscriptions or marketing consent you may have
given in accordance with GDPR article 6.1(a), as may be applicable to you. We
will not process your personal data for such purposes if you request not to do
so. In such a case we will block your data for the relevant marketing purposes
when you cancel your newsletter subscription or otherwise object to marketing
communications or withdraw your consent, where applicable. Our newsletters will
always include a link to unsubscribe or to manage your subscriptions.
Marketing
tools integrated in our website
We
use various marketing tools integrated in our website. These tools use cookies
and similar technologies, which are discussed in the separate cookie notice on
this site available via http://test.ravnew.ravnur.com/cookie-policy. Many of the marketing
tools set so called third-party cookies and thereby collect and process data
for their own purposes. Some of them are based outside of the European Economic
Area, for example in the United States of America. Their own use of data
collected from our website is subject to their privacy policy available on
their websites. Please review the cookie inventory available in the cookie
consent manager implemented on our website and in the Web App for more details.
Use
of cookie data for these purposes is based on your consent (GDPR article
6.1(a), as may be applicable to you) which we request via a cookie consent
manager implemented on our website and in our Web App. In other cases, you can
opt out of cookies by following the instructions in the cookie notice or by
managing your cookie preferences in the cookie consent manager implemented on
our website (see “Cookie Preferences” at the bottom of the page) and in the Web
App (see the “Account Settings” page in the Web App). Sharing your personal
data with these third-party marketing service providers may constitute a “sale”
under the CCPA. To exercise your right to opt-out of such sharing, please
contact us by using the contact details provided above in “Who we are and how
to contact us”.
Security of personal data
We take appropriate
technical and organizational measures to protect your personal data from
unauthorized access, abuse, loss and other disruption. To this end, we
regularly review our security measures and adapt them to current standards.