Data Privacy

Please find below the current version of our privacy notice. In order to make this as clear as possible for you, it is structured according to the individual scopes of application:

1. General Information Concerning all Scopes of Application

2. Use of Our Website

3. Use of Our SaaS Services

4. Application at Our Company

5. Receipt of Our Newsletter

For instance, if you only want to know how your data is processed in connection with your visit to our website, you only need to read sections 1 and 2.

Version: November 3, 2018

The information in this Section 1 on the collection of personal data applies to all subsequent sections. Personal data is any and all data that can be related to you personally, such as your name, address, e-mail address, telephone number, e-mail address, and so on,e.g. name, address, e-mail addresses, user behavior.

1. Controller pursuant to Art. 4 (7) General Data Protection Regulation (EU) (GDPR) is

   wintercloud GmbH & Co. KG
   Emil-Maier-Str. 16

   D-69115 Heidelberg

   You will find further information on our company, details of authorized representatives, and other contact details in the contact section on our website: https://wintercloud.de/en/contact/#impressum

1. Pursuant to Art. 37 GDPR and Section 38 of the German Federal Data Protection Act [Bundesdatenschutzgesetz − "BDSG"] in the version valid from May 25, 2018, we are not obliged to appoint a data protection officer; accordingly, we have not appointed one on a voluntary basis.

1. You have the following rights against us with regard to your personal data:

   • Right of access by the data subject (Section 15 GDPR)

   • Right to rectification or to erasure (Sections 16 and 17 GDPR)

   • Right to restriction of processing (Art. 18 GDPR)

   • Right to object to the processing (Art. 21 GDPR)

   • Right to Data Portability (Art. 20 GDPR)

2. Furthermore, you have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us (Art. 77 GDPR). For instance, you can exercise such right with the competent authority:

   Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit [The State Commissioner for Data Protection and Freedom of Information]
   Königstrasse 10a
   D-70173 Stuttgart
   

   Website with further contact details: https://www.baden-wuerttemberg.datenschutz.de

3. In the case of a request for information, which is not made in writing, you need to understand that we might ask you to provide proof that you are actually the person you claim to be.

1. Due to the further development of our services and/or our website or due to changes in legal or official requirements, it may be necessary to amend this privacy notice. You can call up and print out the current data protection declaration on our website at https://wintercloud.de/en/data-privacy/.

1. Within the scope data processing in compliance with Art. 28 GDPR, we use service providers for the operation and maintenance of our information technology systems, which/who might obtain knowledge of your personal data in this connection. Therefore, we have taken appropriate legal, technical, and organizational measures with the respective service providers to ensure the protection of your personal data in accordance with the statutory provisions.

2. The data is processed exclusively in computer centers in the European Union and Switzerland.

1. When you contact us by e-mail, the data you provide (your e-mail address, as the case may be, your name and telephone number) will be stored by us in order to answer your questions. The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR for general enquiries.

2. If the e-mail contact is aimed at the conclusion of a contract, the legal basis for the processing is Article 6(1)(b) GDPR. We delete the data arising in this connection as soon as the storage is no longer necessary, or restrict the processing in the event of legal storage obligations. However, certain storage obligations result from commercial and tax law. In accordance with the legal requirements, the documents are stored for 6 years in accordance with Section 257 (1) German Commercial Code [Handelsgesetzbuch – "HGB"] (e.g. accounting vouchers) and for 10 years in accordance with Section 147 (1) German Tax Code [Abgabenordnung – "AO"] (e.g. accounting vouchers, commercial and business letters, documents relevant for taxation).

3. Should we like to inform you about our products and services by telephone or e-mail, this will be done in accordance with the provisions of Section 7 German Law Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb – "UWG"] or with your consent in accordance with Art. 6 (1)(a) GDPR (see also Section 5).

1. A transmission of data to third parties only takes place to the extent permitted by law. We transmit such data, if, for instance, this is necessary pursuant to Art. 6 (1)(B) GDPR for contractual purposes, we are obliged to do so to comply with a legal obligation pursuant to Art 6 (1)(c) GDPR, or in case we have a legitimate interest in the economic and effective operation of our business pursuant to Art. 6 (1)(f) GDPR.

2. In the event that we involve external service providers to process your data, they have been carefully selected and commissioned by us, are bound by our instructions, and are controlled on a regular basis. We have concluded a so-called order processing contract with all service providers whom we commission; this ensures that the data processing is carried out in a permissible manner (on this, see Section 1.5). Any inclusion of external service providers is explicitly pointed out in the section of the respective scope of application (on this, see Section 2.4, Section 3.3, Section 4.3, and Section 5.3).

3. For any and all of our services and communication channels, we involve the following service providers:

   • Proton Technologies AG for the encrypted storage of e-mail communication

   • Tresorit AG for encrypted data storage

   • Stackfield GmbH for the encrypted internal organization of support requests

You are currently visiting our website. Hereinafter, we would like to inform you about the collection of personal data when using our website wintercloud.de. In addition to the information in this section, all provisions set forth in Section 1 shall apply.

1. When you visit our website, your browser transmits certain data to our web server for technical reasons. This involves the following data (so-called server log files):

   • IP address

   • Date and time of the request

   • Time zone difference to Greenwich Mean Time (GMT)

   • Contents of the request (specific page)

   • Access status/HTTP status code

   • Amount of data transferred in each case

   • Website from which the request originates

   • Browser, language, and version of the browser software

   • Operating system and its interface

   The collection of the IP address is required for technical reasons to be able to display our website. The collection of further data is necessary to ensure the stability and security of our website. The storage of IP addresses in log files is necessary in order to detect and ward off possible attacks.

   Legal basis for the processing of such personal data is Art. 6 (1) 1st sentence (f) GDPR. Our legitimate interest results from the purposes of data collection mentioned above. Under no circumstances will we use the collected data for the purpose of drawing conclusions about your person.

2. This site does not use cookies, tracking tools such as Google Analytics, or social media plug-ins.

1. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case the date is collected to provide the website, this is the case when the respective session is terminated. If the data is stored in log files, this is the case after 90 days at the latest.

1. Your personal data will be transmitted securely by us through encryption. In doing so, we use the so-called HTTPS procedure (Hypertext Transfer Protocol Secure). The data is encrypted and a bug-proof connection can be established between us as the operator of the website and your browser. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. As a matter of precaution, we point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

1. Our website is provided by the following service providers:

   • Amazon Web Services Inc.

We are pleased that you would like to use our SaaS services. In the following, we will inform you about the collection of personal data when using our SaaS services on the website wintercloud.de. In addition to the information in this section, all provisions set forth in Section 1 shall apply.

1. If you wish to use our SaaS services, it is necessary for the conclusion of the contract that you provide us with your personal data, which we need for the processing of your order. Mandatory information required for the execution of contracts is marked separately, further information is voluntary. As a rule, mandatory information includes an e-mail address and the full name.

   We process the data provided by you to process your order. Legal basis for this is Art 6 (1) 1st sentence (b) GDPR.

2. We may also process the information you provided to send you e-mails with technical information (e.g. concerning the temporary unavailability of our offer due to maintenance reasons).

1. We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years we will restrict the processing, i.e. your data will only be used to comply with legal obligations. The data will be deleted as soon as the legal storage obligations have expired.

1. Our SaaS services are provided by the following service providers:

   • Akenes SA (Exoscale)

2. Our payment processing involves the following service providers:

   • heidelpay GmbH

We are pleased that you are interested in us and are applying or have applied for a job in our company. In the following, we would like to provide you with information on the processing of your personal data in connection with your application. In addition to the information in this section, all provisions set forth in Section 1 shall apply.

1. We process the data that you have sent us in connection with your application to examine your suitability for the position (or any other open positions in our company) and to carry out the application process.

2. The legal basis for the processing of your personal data in this application procedure is mainly Section 26 Federal Data Protection Act [Bundesdatenschutzgesetz − "BDSG" ] in the version valid from May 25, 2018. It allows the processing of the data required in connection with the decision to establish an employment relationship.

   Should the data be necessary for the legal prosecution after completion of the application procedure, data processing can be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 (1)(f) GDPR. In this event, our interest lies in the assertion or defense of claims.

1. In the event of rejection, candidate data will be deleted after 6 months. In the event that you have given your consent to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted from the pool after two years.

   If you have been accepted for a position during the application process, the data from the applicant data system will be transferred to our personnel information system.

1. We will view your applicant data upon receipt of your application. As a matter of principle, only those persons within the company who need your data for the proper course of our application procedure have access to it.

We are pleased that you would like to receive our newsletter. Below we inform you about the collection of personal data when you register for our newsletter. In addition to the information in this section, all provisions set forth in Section 1 shall apply.

1. By giving your consent you can subscribe to our newsletter in which we inform you about our current interesting offers. The services advertised are set forth in detail in the declaration of consent.

2. For the registration to our newsletter we use the so-called double opt-in process. This means that after your registration we will send you an e-mail to the given e-mail address in which we will ask you to confirm your wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

3. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data, which is marked separately, is voluntary and will be used to address you personally. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. Legal basis is Art. 6 (1) 1st sentence (a) GDPR.

4. You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by sending an e-mail to contact@wintercloud.de or by sending a message to the contact details provided in the contact section.

1. Your data will be stored as long as it is needed to send the newsletter. As soon as you revoke your consent to receive the newsletter, your e-mail address will be blocked first and subsequently deleted; any further data provided on a voluntary basis will also be deleted.

1. The sending of our newsletter involves the following service providers:

   • Newsletter2Go GmbH