Privacy and Data Protection

Privacy Policy of G&L Geißendörfer & Leschinsky GmbH for www.choirmanager.com

1. General information

 

We are very pleased about your interest in our company. Data protection is of particular importance to us. In this privacy policy we inform you about the data processing in our company, as far as this data processing concerns your data.

If you would like to read an introduction to the topic of data protection and general information on the terms used in the General Data Protection Regulation, you will find further information on the website of the Federal Data Protection Officer, available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html (German language only).

 

2. Information regarding controller and data protection officer

 

2.1 G&L Geißendörfer & Leschinsky GmbH, Maarweg 149-161, D-50825 Cologne, is responsible for the processing of your personal data. You can reach us for general questions either by phone on + 49 (0) 221 99809-0 or by email at kontakt@gl-systemhaus.de. Further information on how to contact us can also be found here on our website at Contact as well as in our Imprint.

2.2 If you have any questions about data protection or exercising your rights under  data protection law (see section 4), you can contact our data protection officer either by post at our address given above or by email at datenschutz@gl-systemhaus.de.

 

 

3. Activities, in which we process your personal data

 

3.1. Visiting our website (without registration)

If you visit our website without logging in, registering or otherwise filling in the input fields on the website, we process your personal data as follows:

3.1.1. For the purpose of providing our website, we process the IP address, access time, browser information, operating system, language setting, and screen resolution of all website visitors. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The data is deleted after the end of your visit to our website, unless specific data is processed for one of the following purposes.

3.1.2. For the purpose of recognizing and defending against attacks on our website and the technical infrastructure (e.g. hacking, denial-of-service attack), we process the IP addresses, access time, accessed subpage (s) and transferred data volume of all website visitors. The processing serves to fulfill our legal obligation to take protective measures (Art. 6 Para. 1 c GDPR). The data will be deleted seven (7) days after the end of your visit to our website, provided no attempted attack is detected. In the event that an attempted attack is detected from your connection, the data will be processed further for complete technical and, if necessary, legal processing.

 

3.1.3. Cookies

We use cookies on our website. Cookies are small text files. They allow us to store specific user-related information in the context of the use of our website.

Such cookies are necessary so that you on the website can move freely and use its features; this also includes access to secure areas of the website. Cookies allow us to understand who has visited the page(s) and from this we can deduce how often certain pages are visited and which parts of the page are particularly popular. Session cookies store information about your activities on our website.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies

Persistent cookies

Third-party cookies

Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These save a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website . The session cookies are deleted as soon as you log out or close the browser.

Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can also delete cookies at any time in the security settings of your browser.

You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may then not all functions of this website be able to use. You in the upstream cookie banner can also set which type of cookies are allowed or rejected.

3.2 Cookies used

  1. a) Akamai

For the purpose of accelerating the delivery of our website, we use the content delivery network of the company Akamai. For this purpose, several cookies are set on the end device of every website visitor, which they recognize using a random pseudonym as long as the browser window is open. The cookies do not contain any other personal data. The cookies are transmitted to the company Akamai Technologies, 145 Broadway, Cambridge, MA 02142, USA as a processor (Art. 28 GDPR). The processing is technically necessary to enable the use of our website (Art. 6 Para. 1 b GDPR). The cookies are deleted after one year, unless another setting in your web browser provides for an earlier deletion.

 

To analyze visitor behavior through the services of Akamai, we store cookies on the end device of the website visitor. The IP address, from which website a person concerned came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed, is sent to Akamai Technologies, 145 Broadway, Cambridge, MA 02142, USA as a processor (Art. 28 GDPR) and processed there. The processing there is used to evaluate the use of our website and for the cost-benefit analysis of Internet advertising, in particular to compile online reports for us on the activities on our website. Hubspot also compares the public IP address of the device used with the known assignments of IP address ranges to company networks and sends us information about the company and the use of our website by devices in this company's network. The processing takes place on the basis of your voluntary consent (Art. 6 Para. 1 a GDPR). The transfer of information (including personal data) by Hubspot to a server in a third country cannot be ruled out. However, the transfer to the United States of America takes place on the basis of the EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR. The cookies are deleted after ten years at the latest, unless another setting in your web browser provides for an earlier deletion.

You can object to the processing in accordance with the preceding letters a) to c) at any time in accordance with section 4.2.3 if the requirements of Art. 21 GDPR are met. You can also prevent the storage and processing in accordance with the above letters a) to c) by presetting in your browser, e.g. B. by activating the measures offered there to protect against tracking of your activities. You can also prevent the storage of cookies in accordance with letter e) above by answering the question (in the "cookie banner") whether we are allowed to use cookies that record your behavior when you visit our website.

3.3. Contact form on our website

For the purpose of providing a contact option to initiate business and to answer general questions, we process the following data entered in the contact form: surname, first name, e-mail address, name of the company, IP address and message about the request. These data are only processed in order to process the respective request of the inquirer, the mandatory information (name and email address) are required in order to assign the inquiry to an existing contractual relationship and to respond to the inquirer with a personal salutation can. All data entered will be transferred to Hubspot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA as a processor (Art. 28 GDPR) and processed there so that we can make the data available for further use. Further processing (e.g. for the transmission of advertising) only takes place if the request requires this (e.g. if you have expressed interest in the products, but not a support request). The processing is necessary for the execution or fulfillment of the contract (Art. 6 Para. 1 b GDPR). The transfer to the United States of America takes place on the basis of the EU standard contractual clauses in accordance with Art. 46 (5) sentence 2 GDPR. Immediately after completion of the processing of the requesting person's request, the processing is restricted to the fulfillment of statutory, in particular commercial and tax retention obligations, and automatically deleted after the end of the last retention period.

 

3.4. Use of our “Choir Manager” service

3.4.1. For the provision of the web-based “Choir Manager” service and fulfilment of the service agreement, we process the following data categories of all users registered as manager of a choir: name, first name, email address, password hash, language and time zone, choir name, short choir name, choir size and choir voices. We process the following data categories of all users registered as singers in a choir: name, first name, email address, password hash, names of all choirs the singer is a member of, and choir voice. Additionally, all users may freely enter their postal address, date of birth, and upload a photograph. Furthermore, we process data created in the normal use of the “Choir Manager” service, in particular appointment topics and confirmations. Users may also upload files of any type, which may contain any categories of personal data, for sharing with the other members of a choir. We process the data given by users to provide user management and authentication in our “Choir Manager” service, enable communication between the members of a choir, and to provide the overall functionality of the service (e.g. scheduling of meetings, management of contact details, and availability of files for download). Personal data is transferred to recipients or categories of recipients as follows:

  1. a) All aforementioned personal data are made available for view and download by the manager and all singers of choir, which the user is a member of, to enable the use of all features of the “Choir Manager” service.
  2. b) All aforementioned personal data are transferred to Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States as our data processor (Art. 28 GDPR) to provide the technical availability of the “Choir Manager” service (hosting). The servers are located in Germany.
  3. c) Name, first name, email address and email content are transferred to SendGrid Inc. 1801 California Street, Suite 500, Denver, CO 80202, USA as our data processor (Art. 28 GDPR) to enable the feature of sending emails to other choir members and to send service emails for user management purposes. The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR.
  4. d) User name and email address of users who submitted a request for support, as well as other data related to the individual support case, are transferred to Zendesk Inc., 1019 Market St, San Francisco, CA 94103, USA as our data processor (Art. 28 GDPR) to enable us to receive and attend to support requests. The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR.
  5. e) Username and email address of users who are affected by a technical malfunction or similar incident are transmitted to Sentry, 132 Hawthorne St, San Francisco, CA 94107, USA as our data processor (Art. 28 GDPR) to detect errors in the software or its operation and to provide technical information for error correction to our programmers. The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR.
  6. f) Username and email address of users who are affected by a technical malfunction or similar incident are transmitted to Atlassian Pty Ltd., 341 George Street, Sydney, NSW, 2000, Australia as our data processor (Art. 28 GDPR) to exchange information about incidents, problems or malfunctions of the “Choir Manager” service within our team. The servers are located in the United States of America and in Ireland. The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR.
  7. g) Username and email address of users who are affected by a technical malfunction or similar incident, or who have submitted a support request are transmitted to Slack Technologies, Inc, 500 Howard Street, San Francisco, CA 94105, USA as our data processor (Art. 28 GDPR) to exchange information about problems or malfunctions of the “Choir Manager” service and the content of support requests within our team. The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR.
  8. h) Username and email address of users who are affected by a technical malfunction or similar incident, or who have submitted a support request are transmitted via the Google-Mail service to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA as our data processor (Art. 28 GDPR) to send email notifications about new support requests and detected incidents to our employees. The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR.

The aforementioned processing is necessary for the fulfilment of the service agreement (Art. 6 (1) b GDPR). The data that is stored and processed in the user account, and transferred in accordance with lit. a) and b), is deleted within 90 days after deletion of the user account by the user, if all mutual claims are finally fulfilled. This shall not apply to files uploaded by the user and shared with other choir members; these files will only be deleted, if either the user who uploaded them or a manager of the choir deletes them manually. The data that is processed and transferred in accordance with lit. c) to h) is deleted automatically at the end of the third calendar year after the completion of the respective processing activity (e.g. support request) on the systems of the recipients of the data, without regard to whether the user account has been deleted or not.

 

3.4.2. Cookies used in the “Choir Manager” service

To provide the functionality of the “Choir Manager” service, we store the following cookies. A SessionID cookie stores a random unique identifier to recognize a correctly authenticated user and to distinguish users accessing the service simultaneously. Another cookie stores the language preference of the user (e.g. German or English), and a CSRF (cross-site request forgery) cookie stores a different random unique identifier to secure the data connection between the user and the server against certain types of attack. This processing is necessary to enhance security of the use of the service (Art. 6 (1) b GDPR). The data is not transmitted to third parties. The cookies are deleted at the end of the web-browser session (i.e. upon closing the browser application), unless the web-browser settings stipulate a different retention period.

 

3.5. Processing of requests by telephone

To process general or mandate-related telephone inquiries, we process names, first names, telephone numbers, customer number and other personal data communicated by the caller via telephone as well as details of the content of the telephone request. The processing is necessary to handle the request of the caller (Art. 6 (1) lit. b GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). The telephone numbers of all callers, as well as data, time and duration of calls are stored in our telephone system for a maximum of about three months (limited number of records, the oldest ones are overwritten) in order to be able to give evidence of past phone calls. After the fulfilment of the respective purpose, the data is deleted automatically.

 

3.6. Processing inquiries via social media

In order to process inquiries directed at us via our presence in the social networks Facebook, Twitter, LinkedIn, Xing or Google+, we process the personal data that you have published on the respective social network. The processing of your data is required to process your request (Art. 6 (1) lit. b GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax retention requirements, the data is deleted.

 

3.7. Processing email requests

To process all inquiries that reach us by email, we process the surname, first name, email address, customer number or user name of the sender, and other personal data communicated in the e-mail as well as information on the content of the request. These data are transferred via the Google-Mail service (email hosting) to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA as our data processor (Art. 28 GDPR). The processing is necessary to handle the request or inquiry (Article 6 (1) lit. b GDPR). The transfer to the United States of America is based on EU standard contractual clauses in accordance with Art. 46 Paragraph 5 Sentence 2 GDPR. Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax law retention requirements, the data is deleted.

3.8. Acquisition of new customers

In order to advertise our company's products by telephone, letter post, e-mail and electronic messages via the Xing and LinkedIn platforms, we process the surname, first name, postal address, e-mail address, telephone number and electronic ID of employees of potential customers on the platform used, the position in the company and the information available on the company's specific interest in our products and services. If we have not received this data from the (representative of a) potential customer himself (e.g. as a contact at a trade fair or event, via the contact form on the website or as part of a call), we collect the data via the respective platform used (Xing or LinkedIn), as far as these are generally visible there or have been released, as well as from public directories The processing is necessary to safeguard our overriding legitimate interest (Art. 6 Para. 1 f GDPR) to provide our customers with direct advertising for our products and thus to increase sales of our products. Data processing for direct marketing only takes place if this has not been objected to and only to the extent that the potential customer can expect within the scope of the contractual relationship without unreasonable annoyance being assumed. The data will be deleted or the connection on the Xing or LinkedIn platforms will be terminated if the employee (s) objects to our address for advertising purposes. The data will also be deleted manually after the decision of the sales department, if during the course of the conversation it is either finally clear that there is no current or future interest in the products and services of our company, or if there is no response from the potential customer so much time has passed that a final reaction can no longer be expected.

3.9. Data transfer for the maintenance of the website

We will not pass on your personal data to third parties unless we inform you about a transfer.

Our IT service providers have access to our stored data in order to correct errors and enable us to carry out the required technical organizational measures. In doing so, we refer to our legitimate interest in securing our IT in accordance with Art. 6 Paragraph 1 lit.

The IT service provider (s) were carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly checked by us. The service providers will not pass this data on to third parties.

 

3.10 Video conferencing via Zoom

We use the "Zoom" tool to hold telephone conferences, online meetings, job interviews, video conferences and / or webinars (hereinafter: "Online Meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

The form of data processing depends on how the service is used. Zoom enables flexible organization of online meetings. As a host or moderator, the personal data stored in your zoom account are processed to manage the zoom rooms. As a participant, you can decide whether you want to take part in the chat or share your microphone or camera. Further information on this is available at:

https://zoom.us/de-de/privacy.html

 

3.11 Use of the Okta tool

To simplify the handling of the applications made available to you on this website, we use the service of Okta Inc., 100 First Street, 6th Floor, San Francisco, CA 94105, USA, short “Okta”.

We have concluded an order processing contract with the processor Okta, including the EU standard contractual clauses.

Further information on data protection from Okta is available at:

https://www.okta.com/privacy-policy/

 

4.Your data subject rights

4.1. You may at any time exercise your rights as a data subject by contacting us by mail to our address mentioned in section 2.1 or by e-mail to the e-mail address mentioned in section 2.2. Please keep in mind that we do not answer any inquiries about personal data by telephone, because generally the identity of the caller cannot be determined with sufficient certainty.

4.2. You have the following rights with respect to your personal data:

4.2.1. You may exercise your right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing, i. e. blocking for certain purposes, (Art. 18 GDPR) at any time, if the respective statutory prerequisites are met.

4.2.2. Your right to data portability (Art. 20 GDPR) also stipulates that, if the statutory prerequisites are met, you may demand that your personal data stored by us will be transferred to you – or insofar as technically feasible, to another controller designated by you – in a structured, commonly used and machine-readable format.

4.2.3. You have the right to object to processing (Art. 21 GDPR) for some processing purposes, in particular advertising purposes. Insofar as we process your data based on a balancing of interests (pursuant to Art. 6 (1) lit. f GDPR), you have the right to object to this processing at any time based on grounds related to your particular situation. Such grounds may be compelling, in particular, if they give special weight to your interests, which thereby outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests.

You can send your objection to the following email address: datenschutz@gl-systemhaus.de

4.2.4. You have the right to revoke the consent you have given us (Art. 7 Para. 3 GDPR) to process your data. The revocation can be declared at any time, related to all or only individual processing on the basis of your consent, and without giving reasons with effect for the future. The lawfulness of the processing of your data until you withdraw your consent remains unaffected. We show you simple ways in which you can declare your revocation in section 3 above for the respective processing activity.

4.3. You also have the right to contact the responsible data protection supervisory authority if you have any questions or complaints regarding our processing of your personal data.

To be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 

5. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.