1. Information on the collection of personal data
In the following we inform about the collection of personal data when using our website under the domain ororatech.com. Personal data is all information that relates to an identified or identifiable person (the so called data subject) (i.e. in particular you as a user of the website and our services), e.g. name, addresses, billing data, IP address, e-mail addresses, user behavior.
2. Name and address of the controller responsible for processing
Responsible according to Art. 4 para. 7 GDPR is OroraTech GmbH St.-Martin-Str. 112
81669 Munich Germany E-Mail: info@ororatech.com In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are checked regularly. If we wish to use contracted service providers for individual functions of our offer or to use your data for advertising purposes, we will inform you in detail about the respective processes as set out below.
3. Rights of data subjects
You have the following rights in relation to your personal data:
- Right to information (Art. 15 GDPR),
- Right of rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR),
- Right to restrict processing (Art. 18 DPA),
- Right to object to processing (Article 21 DPA),
- Right to data transferability (Art. 20 GDPR).
You also have the right to complain to a data protection supervisory authority about any wrongful processing of your personal data by us.
4. Processing of personal data when visiting our website in general
When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
5. Use of our services / creation of accounts
Contractual partners can create a customer or user account (“Account”) for the use of our services. If the registration of an account is required, contractual partners are informed of this fact as well as of the information required for registration. The customer accounts are not public and cannot be indexed by search engines. Within the scope of registration and subsequent logins and use of the account, we store the IP addresses of the customers together with the access times in order to be able to prove the registration and prevent possible misuse of the account. If customers have cancelled or deleted their account, the relating data will be deleted, subject to the retention of such data for legal reasons. It is the responsibility of the customers to save their data when the account is cancelled. Economic analyses and market research: For economic reasons and in order to be able to identify market trends, wishes of contractual partners and users, we analyse the data available to us on business transactions, contracts, enquiries, etc. The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we can take into account the profiles of registered users, if available, including their details, e.g. on services used. The analyses are solely for our use and will not be disclosed to third parties, unless they are anonymous analyses with summarized, i.e. anonymized, values. Furthermore, we respect the privacy of the users and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarized data). Offer of our services: We process the data of our users registered via their account in order to provide them with our contractual services and on the basis of legitimate interests in order to guarantee the security of our services and to be able to further develop them. The required information is marked as such in the context of the order or comparable contract conclusion and includes the information required for the provision of services and invoicing as well as contact information in order to be able to make any necessary arrangements. Payment provider: For the billing of our services, we offer payment via payment providers. The data processed by the payment providers includes inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times), or meta/communication data (e.g. device information, IP addresses). However, the data entered is only processed by the payment providers and stored by them. This means that we do not receive any account or credit card-related information, but only information about the payment process. Under certain circumstances, the payment service providers may transfer the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the applicable terms and conditions and the data protection information of the payment providers. For payment transactions, the terms and conditions and the data protection information of the respective payment providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of affected persons. The legal basis for the above-mentioned processing is Art. 6 para. 1 b) GDPR, or, if the use of our services is not by you personally (but e.g. for your employer), Art. 6 para. 1 f) GDPR; the legitimate interest is the processing of the contractual relationship with our contractual partner (or the user as his employee). We use the following service providers for the aforementioned processing:
- PayPal: payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); service providers: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; website: https://www.paypal.com/de; privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
- Stripe: payment services; service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; website: https://stripe.com/de; privacy policy: https://stripe.com/de/privacy .
6. Contacting us by e-mail or contact form
When you contact us by e-mail or via a contact form, the data you provide us with will be stored by us to answer your questions. We delete the data arising in this connection when storage is no longer necessary or we restrict processing if there are legal storage obligations. Mandatory data when contacting us via the contact form are marked as such, all other data are voluntary. If you use the contact form to inquire about the purchase of our services or to create an account or to use services, the legal basis for the above-mentioned processing is Art. 6 para. 1 b) GDPR. In case of other enquiries by you or if the enquiry is not for the use of our services by you personally (but, for example, for your employer), the legal basis for the above-mentioned processing is Article 6 Paragraph 1 f) GDPR, the legitimate interest is communication with existing and potential customers (or the user as their employee) and the provision of a customer service for the purpose of customer acquisition and customer loyalty. We use the following service providers to contact us via our contact form:
- HubSpot: E-mail marketing platform; service provider: HubSpot, Inc. 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; website: https://www.hubspot.de; privacy policy: https://legal.hubspot.com/de/privacy-policy.
7. Newsletter
We send newsletters, e-mails and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or on the basis of a statutory legal basis. Insofar as the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our services and our company. To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of personal contact in the newsletter, or other details if these are necessary for the purposes of the newsletter. We process the following data categories of the communication partners for the purpose of sending the newsletter: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times). The legal basis for the above processing is the consent of the recipient (Art. 6 Para. 1 S. 1 lit. a GDPR) or our legitimate interest (Art. 6 Para. 1 S. 1 lit. f. GDPR) in advertising for us and our services. Cancellation / possibility of objection (opt-out): As recipient of our newsletter, you can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link for the cancellation of the newsletter either at the end of each newsletter or you can use one of the above mentioned contact options, preferably e-mail. We use the following service providers for the above mentioned processing:
- HubSpot: e-mail marketing platform; service provider: HubSpot, Inc. 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; website: https://www.hubspot.de; privacy policy: https://legal.hubspot.com/de/privacy-policy .
- Mailchimp: email marketing platform; service provider: “Mailchimp” – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; privacy statement: https://mailchimp.com/legal/privacy/ ; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
8. Storage period
By processing the abovementioned personal data, we store personal data only for the period of time required to achieve the respective purpose of storage or due to a legal obligation. If the storage purpose ceases to apply or the prescribed storage period ends, the personal data is routinely blocked or deleted in accordance with the statutory provisions. With regard to necessary cookies as well as those cookies for the use of which you have given your consent, the information on the expiry of the respective cookie applies. For further information about storage periods any data subject can contact us. We will be pleased to inform the data subject on a case-by-case basis about applicable storage periods for processing activities.
9. Legal or contractual regulations for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; Possible consequences of not providing the data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject makes personal data available, he or she can contact us. We will be pleased to inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
2. Name and address of the controller responsible for processing
Responsible according to Art. 4 para. 7 GDPR is OroraTech GmbH St.-Martin-Str. 112 81669 Munich Germany E-Mail: info@ororatech.com In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are checked regularly. If we wish to use contracted service providers for individual functions of our offer or to use your data for advertising purposes, we will inform you in detail about the respective processes as set out below.