Privacy policy - EPAR-service GmbH

Below we inform you about how your personal data is processed when you use our website and products and what rights you have in this regard.

Data protection notice

For EPAR-SERVICE GmbH, Haller Straße 71 - 74613 Öhringen (hereinafter referred to as EPAR-SERVICE), the protection of your personal information is a top priority. It goes without saying that we comply with the relevant data protection laws and would like to provide you with comprehensive information on the handling of your data in the following data protection information.

1. information and contact details of the person responsible

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

EPAR-SERVICE GmbH

Haller Street 71
74613 Öhringen

If you have any questions about data protection, please contact our data protection officer:

EPAR-SERVICE GmbH
The Data Protection Officer
Haller Street 71
74613 Öhringen

or by e-mail to info@epar-service.com

2. visit our website

We also collect personal data when you visit our websites. This concerns data that we collect as soon as you place an order with us, but also data that is collected when you view our websites or our social media profiles. We explain the details below.

2.1 Cookies and their use - my choices

We use cookies to optimise our websites for you, to improve our products for you and, together with third-party providers, to show you interest-based advertising.

You can find more detailed information on cookies on our separate cookie page. There you will also find information on how you can change your cookie settings.

2.2 Use of social media

In order to optimise our corporate presence, we maintain company pages in various social media. There we want to inform our interested parties about our services and also communicate with you via these channels. The links to social media platforms are integrated in such a way that no data is transferred directly to the social media operator. The integration on our websites takes place via direct links. Data is only transferred once you have clicked on the link.

These channels are used for the following purposes:

Provision of information about our company and our products
Statistical analyses for business management analysis and further development of services and products, as well as for the improvement of business processes
Communication with customers and interested parties.

Legal basis

The legal basis for this processing of your personal data is our legitimate interest in communicating with our interested parties and customers as well as analysing and further developing services and products and improving business processes (Art. 6 para. 1 lit. f GDPR). Direct customer contact also takes place via our social media support, whereby the processing is based on our contractual relationship or pre-contractual measures with interested parties (Art. 6 para. 1 lit. b GDPR).

Further information on the social media platforms:

Facebook and Instagram: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

We are jointly responsible with Facebook for the processing of Insights data on the Facebook fan page. The corresponding agreement in accordance with Art. 26 GDPR can be found here:
https://www.facebook.com/legal/terms/page_controller_addendum. Further information on Page Insights can be found at
https://www.facebook.com/legal/terms/information_about_page_insights_data.

The general use of Facebook is your own responsibility. You can find Facebook's data protection information directly on our Facebook fan page.

You can edit and object to your wishes regarding personalised advertising by Facebook at any time in your Facebook settings.

Twitter: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Information on the data collected by Twitter, purposes and all other data protection information can be found in the Twitter privacy policy (https://twitter.com/de/privacy).

You can find an opt-out option under: https://twitter.com/personalization

YouTube: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Further information on data protection and the personal data collected by Google/YouTube during integration can be found in the following privacy policy: https://www.google.com/policies/privacy/

An opt-out is also possible: https://adssettings.google.com/authenticated

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We also maintain a company profile on the LinkedIn networking platform.

If you are a member there, LinkedIn can assign the access to the content and functions on our profile to your user profile there. For further information, please refer to the data protection information of LinkedIn Ireland at:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Xing: New Work SEDammtorstraße 30, 20354 Hamburg, Germany.

We also maintain a company profile on the Xing networking platform.

If you are a member of Xing, Xing can assign access to the content and functions on our profile to your user profile there. For further information, please refer to the data protection information of New Work SE at:
https://privacy.xing.com/de/datenschutzerklaerung.

If EPAR-SERVICE GmbH transfers data to third countries, suitable guarantees for data transfer are agreed with any processors or controllers in accordance with the requirements of Chapter V of the GDPR or adequacy decisions of the EU Commission are used

2.3 Video content

2.3.1 YouTube and Vimeo

We embed videos on our website. The content of these videos is stored directly on the platforms and embedded on our site. If you call up such a video, the IP address, technical information such as browser, operating system and basic device information as well as the website you have visited will be communicated. We have also embedded the YouTube videos in privacy-friendly "extended data protection mode".

Personal data is only transferred when you access a video. Only then is a server connection to YouTube and Vimeo established and a corresponding cookie set, which is used to save your settings. When you call up the videos, you leave our area and enter the external platforms of YouTube and Vimeo, which are beyond our sphere of influence.

You will be informed again before you access a video. If you have an account with the provider of the video service, they may be able to identify you. You can avoid this by logging out of your account before playing a video.

Legal basis

The legal basis for the activation of these videos is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which is related to your consent to the use of cookies (cookie page).

Provider of the YouTube platform
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at Google/YouTube can be found here: https://www.google.com/policies/privacy/. A general advertising opt-out is possible here:
https://adssettings.google.com/authenticated.

Provider of the Vimeo platform
Vimeo, LLC, 555 West 18th Street, New York, NY 10011, USA. Further information on data protection at Vimeo can be found here: https://livestream.com/legal/cookie-preferences.

2.4 Friendly Captcha

Purpose and legal basis

We use the Friendly Captcha service. This involves integrating a JavaScript element into the source code, which loads the software in the background. Your end device calculates the solution to a crypto puzzle for the service, which is used to determine whether the visitor is a human or whether the use is abusive through automated, machine processing (e.g. bots).
To prevent fraudulent activities, the service is typically used in the following context: Forms (enquiries, contact, password reset), orders, login pages. The service helps EPAR-SERVICE to prevent automated attacks that can lead to risks in the company's infrastructure. It also provides protection for our customers against becoming potential victims of cybercrime.

Legal basis

The legal basis for this processing is therefore our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR and serves to prevent potentially fraudulent activities on our website.

Type of data

http request header data
in particular user agent (browser, operating system), origin and referrer (previous websites)
Date/time of the enquiry
Version of the Friendly Captcha service used
Customer account ID of the client's website (EPAR-SERVICE)
Hash value (one-way encryption) of the incoming IP address
(the IP address is discarded, only the hash value is saved)
Number of requests from the (hashed) IP address per time period
Answer to the maths problem solved by the visitor's computer
No cookies are used.

Provider of the service

Friendly Captcha GmbH, Wörthsee, Germany
Further information on data protection at FriendlyCaptcha can be found here:
https://friendlycaptcha.com/de/legal/privacy-end-users/

Friendly Captcha uses the following provider for the hosting and delivery of the service (CDN = Content Delivery Network):
Cloudflare Inc, San Francisco, USA

2.4.1 Google ReCAPTCHA

Purpose and legal basis

We use the reCAPTCHA service from Google. With reCaptcha, a JavaScript element is integrated into the source code, whereby the software is loaded in the background and your user behaviour is analysed. The data is already used and analysed before you have clicked on the "I am not a robot" checkbox. Google uses the data to calculate a score, which is used to determine whether the visitor is a human or whether the entries are being misused by automated, machine processing (e.g. bots). It also serves to prevent fraudulent mass orders, which can lead to risks in the company's infrastructure. ReCAPTCHA also protects our customers from becoming potential victims of cybercrime.

Legal basis

The legal basis for this processing is therefore our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR and serves to prevent potentially fraudulent activities on our website.

Type of data

Previous websites (referrer URL)
IP address
Operating system
Cookies
Scrolling and mouse clicks on the page
Date and language settings
Screen resolution

The IP address transmitted to Google is truncated and not merged with other Google data.

Provider of the ReCAPTCHA service

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at Google can be found here:
https://www.google.com/policies/privacy/.

To have data deleted directly from Google, please contact Google support at
https://support.google.com/?hl=de&tid=331578294933.

If you want as little data as possible to be transmitted to Google about you and your behaviour, you must log out of Google and delete any Google cookies before visiting our website or using the reCAPTCHA software.

2.5 HubSpot

We use the HubSpot service for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing. The following data and the content of our website are stored on HubSpot's servers.

a) E-mail marketing:

HubSpot is used for our email marketing, among other things. Our website visitors can subscribe to topic-related newsletters and mailings as well as download certain documents (e.g. white papers). This requires, for example, the name and e-mail address. This data is used by us to contact visitors to our website.

In this context, Hubspot makes it possible to track your interactions with emails. This includes, for example, the so-called link evaluation with regard to your click behaviour within an email. Hubspot records whether and when a link was clicked and can assign this information to the respective email recipient.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent to receive newsletters, mailings or downloads at any time via a link at the end of each e-mail or by sending a message to info@epar-service.com revoked. If you withdraw your consent, your contact details will be deleted immediately.

b) Reporting and contact management

In addition to email marketing, we use HubSpot for reporting (e.g. traffic sources, visits) and contact management purposes (user segmentation and CRM). This involves the use of cookies, which are stored on your computer and enable us to analyse your use of the website. This information is analysed by HubSpot on our behalf in order to generate reports on visits to our website. This enables us to determine which of our company's services are of interest to you. This enables us to constantly improve our products and make our offers more customer-orientated.

If you have registered for our registration service (see "Email marketing"), we can also use HubSpot to link a user's visits to our website with their personal details (name, email address) so that you receive personalised and targeted information on preferred topics.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR via the cookie banner. You can find more information about cookies at: https://epar-service.com/cookies

If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings accordingly. You can change your cookie settings at https://epar-service.com/cookies.

c) GMX/WEB.DE mailbox

If you have clicked on the EPAR-SERVICE advert via your GMX or WEB.DE mailbox in order to receive free e-books or other free offers and have agreed to EPAR-SERVICE GmbH receiving information about our products and services in return, we will send you the relevant information to your GMX or WEB.DE mailbox.

Legal basis

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time via a link at the end of each e-mail or at the following e-mail address: info@EPAR-service.com.

d) Notes on HubSpot/data transfer to third countries

HubSpot is a software company from the USA (25 First Street, Cambridge, MA 02141 USA) with a branch in Ireland (2nd Floor 30 North Wall Quay, Dublin 1, Ireland) and Germany (Koppenstraße 93, 10234 Berlin). Data may be transferred to the USA as part of processing via HubSpot. In addition to the order processing contract, standard contractual clauses and other suitable guarantees have been agreed to ensure the security of data transmission.

Further information on HubSpot's data protection can be found in the terms of use and privacy policy at
https://legal.hubspot.com/de/privacy-policy or
https://legal.hubspot.com/de/legal-stuff

2.6 EPAR-SERVICE-Blog

You can find our EPAR-SERVICE blog at https://EPAR-service.blog/de/. The EPAR-SERVICE blog contains a comment function that you can use to comment on posts. Our comment function stores the IP addresses of users who post comments. In order to use the comment function, you must enter your e-mail address, as we do not check comments on the blog before they are activated and can therefore take action against the author in the event of legal violations such as insults, threats or untrue statements of fact. We reserve the right to delete comments with such content. All other details such as URL or customer number are optional.

If you enter your surname and/or first name when publishing your comment, these will be published. Your e-mail address as well as all voluntary information and the time the comment was created will be saved and not passed on to unauthorised third parties.

Third country transfers do not take place in the context of the blog.

Your customer number can be used by our social media support to process your contract-related enquiry via the comment function and to contact you via the email address you have provided.

For the comment function on this page, in addition to your comment, information about the time the comment was created, your e-mail address and, if you are not posting anonymously, the user name you have chosen will be saved.

As a user of the site, you can also subscribe to comments after registering. You will receive a confirmation email to check whether you are the owner of the email address provided. You can unsubscribe from this function at any time via a link: blog@EPAR-service.com. In this case, the data entered when subscribing to comments will be deleted.

Legal basis

You use the comment function on a voluntary basis, therefore the legal basis is your implied consent pursuant to Art. 6 para. 1 lit. a GDPR, as well as our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR for the corresponding storage of your data for the aforementioned purpose, as well as for the review of unlawful comments and, if necessary, their prosecution.

Duration of storage/ cancellation and removal

The comments and the associated data (e.g. IP address) are stored and remain on our blog until the content commented on has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments). In the case of offensive comments or other illegal behaviour on the blog, we reserve the right to retain the data for criminal prosecution for a longer period of time.

You have the option to revoke your consent to the storage of your data at any time via info@EPAR-service.com. All personal data stored in the course of the comment function will be deleted immediately upon cancellation.

2.7 Book a Demo

We offer free product consultations and presentations to provide customers or interested parties with the best possible support in selecting the right product. You have the option of registering voluntarily for a product consultation/presentation. We process your registration data in order to carry out the product consultation/presentation. You will then receive an invitation by e-mail via Google Calendar. Your data will be transmitted to Google and used by Google for its own purposes. Further information on data processing by Google can be found here: Privacy Policy

Legal basis

The legal basis for participation in the product presentation is your consent in accordance with Art. 6 para. 1 lit. a GDPR

Storage duration

Your registration data will be deleted after the end of the event at the latest, unless further counselling is requested.

Data recipient

Google Ireland Ltd.

Gordon House, Barrow Street

Dublin 4

Ireland

2.8 Use of inventory data with marketing partners

We use services such as Meta Custom Audiences, LinkedIn Matched Audiences, TikTok Custom Audiences, Reddit Custom Audiences and Google Customer Match to deliver targeted advertising in the form of adverts on our marketing partners' portals. We transmit inventory data (email address, telephone number, postcode, country) to our marketing partners. However, the data is not sent in plain text, but hashed in advance using the SHA 256 algorithm and then transmitted. The marketing partner then compares the data with its own, identical data in order to display targeted, personalised advertising in the form of advertisements on the portals of the respective marketing partner.

Further information on data processing at Meta can be found at:

https://www.facebook.com/privacy/policy

Further information on data processing at Google can be found at:

https://policies.google.com/privacy

Further information on data processing at TikTok can be found at:

https://www.tiktok.com/legal/page/row/privacy-policy/en

Further information on data processing at LinkedIn can be found at:

https://de.linkedin.com/legal/privacy-policy

Further information on data processing at Reddit can be found at:

https://www.reddit.com/de-de/policies/privacy-policy

If data is transferred to third countries, suitable guarantees for data transfer are agreed with any processors or controllers in accordance with the requirements of Chapter V of the GDPR. Further information on data transfer to third countries by our marketing partners can also be found under the links above.

Legal basis

The legal basis for the use of your data is the consent you have given in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time in the customer area.

Storage duration

Your personal data will be deleted immediately if you have withdrawn your consent.

Data recipient

Google Ireland Ltd.

Gordon House, Barrow Street

Dublin 4

Ireland

Meta Platforms Ltd.

4 Grand Canal Square

Dublin 2

Ireland

Tiktok Technology Limited

10 Earlsfort Terrace

Dublin

Ireland

LinkedIn Ireland Unlimited Company

Wilton Pl,

Dublin

Ireland

Reddit Ireland Ltd.

70 Sir John Rogerson's Quay,

Dublin 2

Ireland

3. ordering and order processing

3.1 Contract data

When you order one of our products, we ask you to provide the personal data that we require to fulfil the contract. This contract data is stored by us for the duration of the contractual relationship, as we need it to fulfil the contract. If you cancel your contract, we will store your contract data for longer if there are objections and claims that have yet to be clarified. We also store your data for longer if there are statutory retention obligations. In this case, the processing of the data will be restricted to compliance with the statutory retention periods and the data will no longer be processed for any other purposes.

You can make changes to this data yourself at any time via our secure customer login. You will receive information on the creation of your personal access data after your order has been checked, usually by e-mail and in exceptional cases by post.

Type of data

-Salutation
-First name and surname
-e-mail address
-Telephone number
-Company name (for business)
-Address
-Product contracts and utilisation
-Contract data
-Payment data
-Tax number

When concluding a contract for an EPAR-SERVICE Cloud product, you agree that EPAR-SERVICE Cloud may use your directly personal usage data for a maximum of 6 months for the needs-based design of websites, products and services as well as for personalised advertising.

Legal basis

We require your data for contract initiation and execution in accordance with Art. 6 para. 1 lit. b GDPR).

Storage duration

The processing of contract data is restricted after the end of the contract, after expiry of the 10-year statutory retention period in accordance with § 257 HGB and § 147 AO they are deleted.

3.2 Chat

If you use the chat function on our website, various cookies are placed by our chat provider. These are technically necessary for the chat function. Some of these cookies are also used for analysis purposes. You can find out more about these cookies on our cookie page.

In addition, we store the conversation history for 90 days for quality purposes. By analysing the stored chat histories, we have the opportunity to continuously improve our customer support and therefore base this processing on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. At the beginning of the chat, customers are informed about this storage and have the opportunity to object to the storage. If you wish to object at a later date, you can send your objection to us at any time via info@EPAR-service.com.

In addition, the chat history is stored if it leads to a sales conversation and results in the conclusion of a contract. In this case, only the sales part of the conversation is stored for the duration of the contractual relationship. The quality part will continue to be deleted after 90 days. We need this data to document the conclusion of the contract.

Legal basis
The legal basis is therefore the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR.

Storage duration
Sales part of the conversation: The processing of contract data is restricted after the end of the contract, after expiry of the 10-year statutory retention period in accordance with § 257 HGB and § 147 AO they are deleted.
Quality part of the dialogue: 90 days

Data recipient
Genesys Telecommunications Laboratories B.V., DD Naarden, Netherlands

3.3 Voice files

When orders are placed by telephone, we record a short voice file as part of the conclusion of the contract or as proof of an opt-in, in which all the key features of your order or consent are summarised. If you also consent to this, we will also record the entire conversation in order to optimise our service quality.

Legal basis

The legal basis for the processing to prove the conclusion of the contract and the consent is Art. 6 para. 1 lit. b GDPR, as we need this data in the context of the contract initiation, as well as for the later execution of the contract.

The storage of the entire conversation history for quality purposes takes place exclusively with your consent. The legal basis for this is therefore consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage duration:

Voice files relating to the conclusion of a contract or cancellation will be deleted after 2 years at the latest. Voice files that we store exclusively for quality purposes with your consent will be deleted at your request or after 90 days at the latest. If you consent to being contacted for advertising purposes during a call, this part of the voice file will be stored for 10 years.

3.4 Fraud prevention

Purposes and legal basis

When you place an online order with us, we check whether there are any indications of misuse of our web service or attempted fraud using the end device you are using.

In addition, your device data will be compared with data on devices from which fraudulent actions were carried out in the past or from which there was a suspicion of fraud. It is also possible in this respect for employees of EPAR-SERVICE or a service provider to manually check the results in individual cases. The legal basis for data processing in the context of "device fingerprinting" is the legitimate interest pursuant to Article 6(1)(f) GDPR, as EPAR-SERVICE has a legitimate interest in protecting itself against fraud and/or misuse.

The usage data processed as part of fraud prevention includes, for example, IP addresses, information on website visits and information on the amount of time spent on the websites visited. The device and browser data used as part of "device fingerprinting" are e.g. language and country settings, browser, screen information, plug-ins, software versions. Transaction data such as the object of purchase, shopping basket, name, postal address, email address, delivery address, payment method and bank details are also processed. This data is processed exclusively for reasons of abuse and fraud prevention.

Based on the aforementioned device data, a device ID is first created, which can be used to recognise end devices when they visit the website again. A cookie is set so that we can recognise this. The cookie contains a cookie ID, but no personal usage or transaction data. This allows the device to be identified without knowing the name of the person behind it or linking it to the device ID.

In the event that the comparison described above is successful, i.e. fraud or attempted fraud has already been committed via the respective device in the past, a contract will be refused in the specific individual case.

In order to optimise fraud prevention processes, your data will be transmitted to ThreatMetrix (information and contact details for the service provider/sub-service provider used can be found below) if you have given your consent. Personal data is stored there in pseudonymised form in a pool in which pseudonymised data from other ThreatMetrix customers is also stored. This serves in particular to prevent device-related, cross-border waves of attacks or mass attacks with possible abuse or fraud backgrounds at an early stage. Your data is only checked there to determine whether there is any suspicion of fraud or misuse. ThreatMetrix may also make suspicious device IDs available to other companies for reasons of fraud prevention, such as companies based in a third country without an adequate level of data protection. The legal basis for the transfer of data for fraud checks is your consent (Art. 6 para. 1 lit. a GDPR).

However, this consent will only be requested if you wish to place your order online. If you do not wish to give such consent to data processing for risk assessment as part of fraud prevention, it is unfortunately not possible to place an order online. Alternatively, you can still place your order by telephone.

Cancellation option:

If you have given us your consent under data protection law, you can revoke this at any time via info@EPAR-service.com with effect for the future. This cancellation will also be sent to ThreatMetrix so that you can also have your data deleted there at any time.

Your data will be transmitted to the following service providers for fraud prevention purposes:

To implement the measures described above, we have commissioned CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany, as a service provider, which has subcontracted ThreatMetrix B.V, The Base 3/F, Tower C, Evert van de Beekstraat 1, 1118 CL Schiphol, Netherlands, for parts of the data processing, in particular the creation of the device ID. Data processing (including data storage) by CRIF Bürgel GmbH and ThreatMetrix takes place in data centres in Germany and Europe. CRIF Bürgel acts exclusively as a processor and in accordance with the instructions of EPAR-SERVICE.

With regard to the storage of pseudonymised data in a comprehensive data pool, ThreatMetrix acts as an independent body. The data that ThreatMetrix receives is encrypted with an individual key from EPAR-SERVICE so that ThreatMetrix has no access to transmitted clear data. All data transmissions between EPAR-SERVICE, CRIF Bürgel GmbH and ThreatMetrix are SSL-encrypted according to the state of the art.

Storage period/criteria for determining the storage period:

The data collected as part of fraud prevention is stored for a maximum of six months for reasons of traceability, process optimisation and responding to customer enquiries, and then deleted.

3.5 Real-time translator in the chat

If you use the chat function on our website, you can use the translation function. You can communicate with customer support in your selected language and will also receive an answer in your pre-set language. For translation purposes, data and information that you enter in the chat are transmitted to the translator in order to translate your input into the customer support's pre-set language. Customer support entries are also sent to the translator to translate the content into your selected language and send it to you.

Legal basis

The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 6 para. 1 sentence 1 lit. f GDPR, our legitimate interest in simple communication with customers in their desired language.

Storage duration

The message content entered is deleted immediately after translation.

Data recipient

Amazon Web Services, Inc, 410 Terry Avenue North, Seattle, WA 98109-5210,

DeepL SE Maarweg 165, 50825 Cologne Germany

4. during the contractual relationship

4.1 Contract information and invoices

We need your personal data to fulfil the contract.
We need this data in particular to enable the necessary communication for a regulated process, information transfer through process communication and the billing of services. This data is also used to manage the company and further develop the products. We have a legitimate interest (Art. 6 para. 1 lit. f GDPR) in analysing the data we collect in order to improve our products and services. We protect your privacy through a range of technical and organisational measures that are appropriate in this context and respect your decisions about how we use your data.

Stored and used data

-Salutation
-First name and surname
-e-mail address
-Telephone number
-Company name (for business)
-Address
-Product contracts and utilisation
-Contract data
-Payment data
-Tax number
-In the case of an authorisation, the master data of the authorised representative

Legal basis

The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Storage duration

We process your data until the termination of your contract. In addition, we store your contract data if there are objections and claims that have yet to be clarified. We also store your data for longer if there are statutory retention obligations. In this case, the processing of the data will be restricted to compliance with the statutory retention periods and the data will no longer be processed for any other purposes. The deletion of personal data takes place a maximum of 10 years after the end of the calendar year following the termination of the contract.

4.2 Customer communication

Newsletter and product advertising

We will send you useful and complementary product solutions by e-mail so that you can make the most of all product benefits. In addition, we will inform you from time to time by telephone and e-mail about interesting new products. You can give us the legally required consent for the respective contact when ordering online or in the Control Centre (Art. 6 para. 1 lit. a GDPR). If you no longer wish to receive such information, you can revoke your consent at any time in the Control Centre or via info@EPAR-service.com.

Legal basis

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage duration:

Your data will be deleted after fulfilment of the purpose or if you withdraw your consent.

Advertising with own similar goods and services

In addition, we regularly offer you similar goods and services of our own by email (Section 7 (3) UWG). If you object to this processing, you will not incur any transmission costs in accordance with the basic tariffs.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. In this respect, we have a legitimate interest in using the email address you received in connection with the sale of our products for direct advertising for our own similar or identical products, provided you have not objected to its use for this purpose.

4.3 Surveys and market research

To improve our products and services, you have the opportunity to rate us via our partner "Trustpilot" of Trustpilot A/S, Pilestræde 58, 5th floor, 1112 Copenhagen, Denmark. You can submit a review, for example, as part of a product purchase. The reviews are entered using an integrated review form or via a simple link. If you leave a review using the integrated review form, we will send your name, email address, a reference number (usually your order number) and your review to Trustpilot as soon as you click on the review link. The transmission is used exclusively to verify your online purchase with us to ensure that it is an authentic review. If you receive a review invitation via the simple link, you will be forwarded directly to the review form on Trustpilot. Alternatively, you can also rate us at any time via the Trustpilot platform. To submit a review on Trustpilot, you need to create a user profile so that it can be published on the portal.

In the event that you have given us your consent to receive "surveys" in the EPAR-SERVICE Control Panel, we can send you a corresponding evaluation invitation with a link to the survey.

If you would like to find out more about how Trustpilot processes your data, you can view the company's privacy policy here.

Legal basis

The legal basis for data processing is Art. 6 para. 1 lit. a GDPR in the case of e-mail notification by us.

The legal basis for the transmission as part of the integrated evaluation form is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in continuously improving our services.

Storage duration

The consent will be deleted at the latest upon termination of your contract. The storage period of the published rating depends on the specifications on Trustpilot.

a) Surveys to improve product and service quality

In order to improve our product and service quality, you have the opportunity to participate in EPAR-SERVICE surveys. Participation in such surveys is voluntary. The data will only be processed for evaluation purposes and will not be used for other purposes. The evaluation of the data is also anonymised. If the evaluation is not anonymised in individual cases, you will be informed of this in advance. In addition, depending on the type of survey, we use one of the service providers listed below.

Legal basis
The legal basis for participation in the survey is your implied consent pursuant to Art. 6 para. 1 lit. a GDPR and our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in a corresponding evaluation to improve our products and services.

Storage duration
Your data will be deleted no later than 24 months after completion of the survey.

Data recipient

Talkwalker S.à r.l.
33, avenue John F. Kennedy
L-1855 Luxembourg

Survalyzer AG
Technoparkstrasse 1
CH-8005 Zurich
Switzerland

Virtuatell Limited
59 St Martin's Lane
London
WC2N 4JS
UK

Rogator AG
Emmericher Str. 17
90411 Nuremberg
Germany

4.4 Communication in the context of your customer concerns

The satisfaction of our customers is important to us, which is why you can contact our customer support team at any time. We need your data to clarify your concerns.
We process the following of your personal data for this purpose:

-Contact details
-Data for identification and authentication
-Contract data
-Contents of your enquiries
-Payment data

We store the communications with you until the end of the contract term and beyond that only until open enquiries to us have been finally concluded or insofar as statutory retention obligations provide for this.

Legal basis

The legal basis for this processing is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

Customer information

We will send you information on the function and use of your products or added contract components. In particular, we will inform you about tips and tricks and the functions of your products.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.

4.5 Troubleshooting within the scope of our contractual relationship

Traffic data includes information about the type, scope and time of use of our websites. This data identifies you or your device directly and is stored on EPAR-SERVICE systems, e.g. as log files.

Some traffic data is collected when you use our services and products. This data enables us to quickly recognise and rectify any errors that occur and to continuously develop our services for you.

Storage duration

Your data will be deleted after 12 months at the latest.

Legal basis

The legal basis for this processing is the fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR with regard to use for troubleshooting.

4.6 Crawling

EPAR-SERVICE Crawler is EPAR-SERVICE's web crawler. Its task is to continuously crawl the Internet so that we can improve and expand our first-class hosting services. Further specific data protection information can be found here

Type of data

-HTML code
-Page text
-Information derived from this

Storage duration

Outdated crawled data is deleted after 60 days at the latest as part of a continuous re-crawling process.

Legal basis

The legal basis for this processing is Article 6(1)(f) GDPR. We are interested in gaining insights into the use of publicly accessible domains in order to improve our products and services, offer personalised advertising and monitor the market for web hosting and domains.

4.7 Business Intelligence

Business Intelligence (BI) refers to the collection, analysis and presentation of data in electronic form with the aim of helping executives, managers and other end users to make better business decisions, as well as to fulfil legal reporting obligations and contractual obligations to customers. EPAR-SERVICE also uses BI processes for these purposes. In addition to anonymised aggregates, personal data is also processed.

Type of data:

-Inventory data
-Utilisation data
-Traffic data

Storage duration:

The storage period depends on the respective legal basis (see below):

-Consent: Directly personalised usage data that is processed on the basis of consent is deleted after 6 months.
-Contract fulfilment: The data will be deleted after two years at the latest.
-fulfilment of legal obligations: The data will be deleted at the latest after expiry of the 10-year statutory retention period in accordance with § 257 HGB and § 147 AO.
-Weighing up of interests: The data will be deleted after two years at the latest.

Legal basis:

The legal bases for this processing are

-Consent, Article 6(1)(a) GDPR; example: processing of directly personal usage data for the purposes of product and sales management
-Contract fulfilment, Article 6(1)(b) GDPR; example: filtering of customers with expiring products with subsequent notification
-fulfilment of legal obligations, Article 6(1)(c) GDPR; example: reporting obligations under the German Commercial Code (HGB)
-Balancing of interests, Article 6(1)(f) GDPR; example: product and sales management. Our interest is: Provision of information about our company and our products; statistical evaluations for business analyses and further development of services and products, as well as for the improvement of business processes.

4.8 Use of inventory data with marketing partners

Further information on data processing at Meta can be found at :

https://www.facebook.com/privacy/policy

Further information on data processing at Google can be found at:

https://policies.google.com/privacy

Further information on data processing at TikTok can be found at:

https://www.tiktok.com/legal/page/row/privacy-policy/en

Further information on data processing at LinkedIn can be found at:

https://de.linkedin.com/legal/privacy-policy

Further information on data processing at Reddit can be found at:

https://www.reddit.com/de-de/policies/privacy-policy

Legal basis

The legal basis for the use of your data is the consent you have given in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time in the customer area.

Storage duration

Your personal data will be deleted immediately if you have withdrawn your consent.

Data recipient

Google Ireland Ltd.

Gordon House, Barrow Street

Dublin 4

Ireland

Meta Platforms Ltd.

4 Grand Canal Square

Dublin 2

Ireland

Tiktok Technology Limited

10 Earlsfort Terrace

Dublin

Ireland

LinkedIn Ireland Unlimited Company

Wilton Pl,

Dublin

Ireland

Reddit Ireland Ltd.

70 Sir John Rogerson's Quay,

Dublin 2

Ireland

5 Supplementary data protection information for the EPAR-SERVICE Cloud Computing offer

5.1 Contractual communication and newsletter

We send you contractual information and advertising for our own products by e-mail. We use your master data for this purpose. Your interactions with advertising emails are recorded. This includes, for example, the so-called link evaluation with regard to your click behaviour within an email. It is recorded whether and when a link was clicked and can assign this information to the respective email recipient.

The emails are either sent by us or we use an external tool Pardot MAS. Further details on Pardot MAS can be found below.

The legal basis for sending contractual information is Art. 6 I b GDPR.

When sending and analysing newsletters, we rely on our legitimate interest, Art. 6 I f GDPR. You can object to the sending of newsletters at any time.

In addition, we can track the extent to which individuals have interacted with our website, clicked on certain links and/or registered in forms. For this purpose, cookies requiring consent are requested or used (category: marketing), which in turn enable your browser to be recognised. The legal basis for the processing of personal data is therefore Art. 6 para. 1 lit. a GDPR. You can find more detailed information on the cookies used on our separate cookie page.

If you have consented to the use of cookies, you can withdraw your consent at any time. Existing cookies will then be deleted. You can change your cookie settings at https://epar-service.com/cookies. There you will also find detailed information on the respective validity period of the cookie. In addition, you can deactivate the creation of pseudonymised user profiles at any time by configuring your Internet browser so that cookies from the domain "pardot.com" are not accepted. This may lead to certain restrictions in the functions and user-friendliness of our website.

5.2 Pardot MAS

Purposes and legal basis

EPAR-SERVICE uses the Pardot Marketing Automation System ("Pardot MAS"), a special software for recording and analysing the use of a website by website visitors, as well as for sending newsletters and other promotional and operational e-mails.

Pardot MAS is a service of salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, Germany, which belongs to Salesforce Inc ("Salesforce"), Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. In the event that personal data is transferred to a third country, such as the USA, we have appropriate safeguards in place within the meaning of Art. 44 GDPR, such as the conclusion of standard contractual clauses with Salesforce. Binding Corporate Rules also apply at Salesforce. Further information can be found here.

5.3 MaxMind

Purposes and legal basis

Our website uses an API from maxmind.com, which is operated by MaxMind Inc. The operator of the site is MaxMind Inc, 14 Spring Street, 3rd Floor, Waltham, MA 02451, USA.

To prevent fraud and to make the registration process as smooth as possible, MaxMind determines your approximate location once per visit based on the IP address transmitted. This localisation is not suitable for identifying you as a user and only shows us the city or district of your location. This information is not saved for future visits and is not listed in logs. You can also use the website without this information, but you may have to solve so-called reCaptchas in order to communicate with us via contact forms.

The legal basis for the processing of personal data in connection with MaxMind is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to secure our systems against fraudulent use and to simplify the registration process.

Further information on the handling of user data can be found in the privacy policy of MaxMind Inc. at: Privacy Policy | MaxMind.

Storage duration

The data collected as part of fraud prevention is stored for up to 15 months.

5.4 Registration/contract fulfilment for EPAR-SERVICE Cloud products

To be able to use the EPAR-SERVICE Cloud products, you must register with us with a user account. We collect your personal data, which you enter in the input fields (name, business e-mail address, business address, business telephone number, company, etc.). The mandatory input fields are marked accordingly. As part of the registration process, you must enter a telephone number so that you can receive a "one-time code" to confirm your registration. We will contact you via this telephone number in order to support you in the event of problems with user activation. You may also be contacted by telephone by our account managers after completing registration in order to provide you with comprehensive information when setting up the EPAR-SERVICE Cloud products. If we process metadata (data on resource utilisation, session and connection logs, API calls and service requests, errors and diagnostic data) as part of the execution of the contract, this serves exclusively to provide the cloud service, for billing purposes, to rectify faults or errors and to process security incidents. Metadata is not used commercially or passed on to third parties in any other way. However, anonymised metadata may be processed as part of the provision and improvement of our product. In this case, however, any personal reference is excluded.

To manage our customer database, we use the CRM tool "Salesforce" from salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, Germany, which belongs to Salesforce Inc. ("Salesforce"), Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. In the event that personal data is transferred to a third country, such as the USA, we have appropriate safeguards in place within the meaning of Art. 44 GDPR, such as the conclusion of standard contractual clauses with Salesforce. Binding Corporate Rules also apply at Salesforce. Further information can be found here.

Legal basis

The legal basis for the aforementioned data processing is the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR.

The legal basis for contacting us by telephone is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in comprehensive support in the use of our products, based on your presumed interest pursuant to Section 7 para. 2 no. 1 Alt. 2 UWG.

Storage duration

We process your data until the termination of your contract. In addition, we store your contract data if there are objections and claims whose clarification is still pending. We also store your data for longer if there are statutory retention obligations. In this case, the processing of the data will be restricted to compliance with the statutory retention periods and the data will no longer be processed for any other purposes. The deletion of personal data takes place a maximum of 10 years after the end of the calendar year following the termination of the contract. Metadata is stored for the above-mentioned purposes. The deletion takes place immediately as soon as the stated purposes have been achieved

5.5 Webinars

We offer you the opportunity to take part in our webinars. The webinars are used to present our products, for training purposes or other topics that may be relevant to the use of cloud products. To participate and organise the webinar, we need your contact details, such as email address, name, company, position. After registering, you will receive an e-mail from us with the dial-in details.

We use the applications "GoToWebinar" and "GoToTraining" from LogMeIn Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland ("LogMeIn") to conduct webinars and training courses. Further information on how LogMeIn processes your data can be found here.

Legal basis

The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b GDPR, for the realisation of the webinar.

Storage duration

We store your personal data as long as this is necessary for the realisation of the webinar.

6. service-specific data protection information

Domain suggestions

Purpose of the processing
Domain availability requests are stored and processed to improve domain suggestions and the product. These requests are never used to register domains for EPAR-SERVICE.

Categories of personal data
The processed domain names have no reference to a customer.

Domain suggestions with the help of artificial intelligence

Purpose of the processing
The generation of suggestions for a domain name using artificial intelligence (AI). For this purpose, the content details are transferred to an external service at the request of the interested party. The AI output is checked for the availability of domain names and issued as a recommendation to the interested party.

Categories of personal data
Content data

Legal basis
Implementation of pre-contractual/contractual measures, Art. 6 para. 1 lit. b GDPR
Legitimate interest, Art. 6 para. 1 lit. f GDPR

Data recipient
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy

Website Design Service

Website Content Management System (CMS) & Webspace

Purpose of the processing
Operation of the platform for editing and publishing the website, as well as hosting the website.

Categories of personal data
Inventory data, traffic data, usage data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
CM4all GmbH, Cologne, Germany

Design Service

Purpose of the processing
Creation and modification of the website on behalf of the customer.
Website project organisation and communication with the customer.

Categories of personal data
Inventory data, traffic data, usage data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
45 days after the end of the contract

Data recipient
we22 Solutions GmbH, Berlin, Germany

EPAR-SERVICE Service Status

Purpose of the processing
Information on the availability of the various EPAR-SERVICE services and products. Announcement of maintenance. Registration for automatic transmission of status information by e-mail or SMS.

Categories of personal data
Contact details, traffic data

Legal basis
Contract fulfilment, legitimate interest Art. 6 para. 1 lit. b,f GDPR

Data recipient
Atlassian. Pty Ltd, Sydney NSW 2000, Australia

https://www.atlassian.com/legal/privacy-policy

Customer service

Purpose of the processing
Call centre services for customer service and product advice.

Categories of personal data
Inventory data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR and legitimate interest, Art. 6 para. 1 lit. f GDPR

Data recipient
CONTACT & SALES GmbH, 77746 Schutterwald, Germany

IQ to Link GmbH, 10000 Pristina, Kosovo

Spotzer Media Group B.V., Amsterdam, Netherlands

STRÖER Dialog Group GmbH, 04103 Leipzig, Germany

we22 Solutions GmbH, Berlin, Germany

7 Product-specific data protection information

Overview of data recipients

For some of our products, we rely on the expertise of specialised partner companies. This ensures that you can always expect the best performance and services from EPAR-SERVICE. If you no longer use a product, we will delete your personal data immediately in most cases.

Web hosting (incl. managed server)

Content Delivery Network CDN

Purpose of the processing
When using the CDN, content data is stored in Cloudflare data centres to improve the loading time of the website.

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Cloudflare, San Francisco, USA
https://www.cloudflare.com/privacypolicy/

SiteLock

Purpose of the processing
Protection of the website against malware, removal of malware on the website.

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
SiteLock stores the customer's web space for 30 days (grace period). Deletion of all personal data within 90 days after the clean-up.

Data recipient
SiteLock, Scottsdale, USA

Shared WordPress Hosting

Loop feedback function

Purpose of the processing
The 'Loop' function is offered for continuous product improvement. If the customer consents, information on the use of product functions is transferred and aggregated anonymously. The customer has the opportunity to submit suggestions for improvement and feedback.

Categories of personal data
Content data, usage data

Legal basis
Consent, Art. 6 para. 1 lit. a GDPR

Storage period
Cyclical updating, immediate deletion if consent is withdrawn.

MyWebsite

MyWebsite Now (current product generation)

Website Editor & Webspace

Purpose of the processing
The editing and publication of the website, as well as the hosting of the website.

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
CM4all GmbH, Cologne, Germany

How to find us

Purpose of the processing
Display of the location of the company / customer on a map (directions).
To do this, the product transfers the address data to the card provider.

Categories of personal data
Inventory data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Google LLC, Mountain View, USA

Contact form

Purpose of the processing
When using the contact form, incoming enquiries are sent to the customer by e-mail.

Categories of personal data
Inventory data, content data, contact data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
EPAR-service GmbH Haller Straße 71, 74613 Öhringen, Germany

Storage period
28 days for log files

Online appointment booking Mail dispatch

Purpose of the processing
The Bookingpress appointment booking app can optionally be integrated for the customer.
An EPAR-SERVICE service is used to send e-mails from the APP, which is exclusively the subject of this description.

Categories of personal data
Content data, contact data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
EPAR-service GmbH Haller Straße 71, 74613 Öhringen, Germany

Storage period
28 days for log files

Content generator with the help of artificial intelligence

Purpose of the processing
Creation of editorial content with the help of artificial intelligence. At the customer's request, the content information is transferred to an external service. The service includes the creation of texts or images of all kinds, which can then be used and published in the product. The applications listed here are not exhaustive.

Categories of personal data
Content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR
Legitimate interest, Art. 6 para. 1 lit. f GDPR
Consent, Art. 6 para. 1 lit. a GDPR

Data recipient
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy

Website Translator

Purpose of the processing
When using the Website Translator, the content of the published website is transferred to Google Translate in order to translate it into one or more other languages and display it to the website visitor.

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Google LLC, Mountain View CA, USA

Shop

Purpose of the processing
Seamless integration of an online shop into the website editor.

Categories of personal data
Contact data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Ecwid, Encinitas CA, USA

MyWebsite Creator, Shop and Essential
(current product generation)

Website Editor

Purpose of the processing
The editing and publication of the website

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Duda Inc., Palo Alto, USA

Webspace

Purpose of the processing
Hosting of the website

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
AWS - Amazon Web Services, data centre Frankfurt, Germany
Amazon Web Services, Inc., Seattle WA, USA

Content Delivery Network CDN

Purpose of the processing
Storage of website content for site visitors in several data centres to improve the loading time of the website.

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
AWS - Amazon Web Services, data centre Frankfurt, Germany
Amazon Web Services, Inc., Seattle WA, USA

Online Business Card

Purpose of the processing
Quick publication of an online business card website. You can choose what information is displayed on this website. User data is sent to Google and Facebook to retrieve publicly available information. This data serves as the starting point for the user's online business card.

Categories of personal data
Contact data, usage data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Google LLC, Mountain View CA, USA
Facebook, Menlo Park CA, USA

Shop

Purpose of the processing
Seamless integration of an online shop into the website editor.

Categories of personal data
Contact data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Ecwid, Encinitas CA, USA

How to find us

Purpose of the processing
MyWebsite uses the address data to display the location of the company / customer on a map (directions). To do this, the product transfers the data to the map provider Mapbox. This is done when the project is created.

Categories of personal data
Inventory data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Mapbox, Washington D.C., USA

Website Translator

Categories of personal data
Content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Google LLC, Mountain View CA, USA

Multi Location

Purpose of the processing
MyWebsite uses the address data to place one or more markers on a map so that the locations of the company / customer are displayed (directions). To do this, the product transfers the data to the map provider Mapbox. This happens automatically when the widget is added and with additional locations when they are added to the widget.

Categories of personal data
Inventory data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Mapbox, Washington D.C., USA

Consent management

Purpose of the processing
Provision and operation of a consent management function for the website.
Website visitors can give their consent for processing and the setting of cookies and receive information about the functions used and the use of the data.

Categories of personal data
Inventory data, traffic data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Usercentrics GmbH, Munich, Germany

MyWebsite (earlier product generation - before Sept. 2017, version 8)

Google Maps

Purpose of the processing
MyWebsite 8 transmits the customer's address data to Google in order to pre-fill the Google Maps module with the correct address or sends another specified address to Google.

Categories of personal data
Inventory data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Google LLC, Mountain View, USA

My Data

Purpose of the processing
Publishing the MyWebsite homepage adds customer and other custom data in schema.org format to the website to help search engines and improve SEO results.

Categories of personal data
Inventory data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

MyShop

Purpose of the processing
Processing, maintenance and operation of the online shop

Categories of personal data
Inventory data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Shop data will be deleted 31 days after the end of the contract.

Data recipient
ePages, Hamburg, Germany

Domain & SSL Certificates

Domain

Purpose of the processing
Registration, transfer, configuration, maintenance and cancellation of the domain name for the customer

Categories of personal data
Inventory data

Legal basis
Contract initiation or contract performance, Art. 6 para. 1 lit. b GDPR

Storage period
This period is different for the various Top Level Domains (TLDs) and depends on the Registrar Accredation Agreement (RAA) of the registry.

SSL certificate

Purpose of the processing
Registration, configuration, maintenance and cancellation of SSL certificates for customers. Automated processing in MyWebsite products when connecting the domain to the website project.

Categories of personal data
Inventory data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Sectigo Limited, West Yorkshire, England
DigiCert, Lehi UT, USA

Remark
When procuring and/or maintaining SSL certificates, EPAR-SERVICE only acts as an intermediary in the relationship between the customer and the respective certificate issuer. EPAR-SERVICE has no influence on the issuance of certificates. EPAR-SERVICE does not guarantee that the certificates requested for the customer will be issued at all or that they will be permanently valid

Shop

Shop Integration / Social Buy Button
(current product generation)

Purpose of the processing
Integration of an online shop with an existing website or social media accounts.

Categories of personal data
Contact data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Ecwid, Encinitas CA, USA

MyWebsite Shop

-> Please refer to the section 'MyWebsite Creator, Shop and Essential' for more information.

Shop (previous product generation)

Purpose of the processing
Processing, maintenance and operation of the online shop

Categories of personal data
Inventory data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Shop data will be deleted 31 days after the end of the contract.

Data recipient
ePages, Hamburg, Germany

E-Mail & Office

Mail Basic / Business

Purpose of the processing
Provision of e-mail services, including the creation, configuration and deletion of e-mail addresses

Categories of personal data
Inventory data, content data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
7 days after cancellation/end of contract
28 days for log files

Data recipient
EPAR-service GmbH Haller Straße 71, 74613 Öhringen, Germany
Open-Xchange, Cologne, Germany

Content generation and analysis with the help of artificial intelligence

Purpose of the processing
The creation of email content, generation of suggestions for email texts (e.g. replies) and summaries of email content using artificial intelligence (AI). For this purpose, the content information is transferred to an external service at the request of the interested party.

Categories of personal data
Content data

Legal basis
Implementation of contractual measures, Art. 6 para. 1 lit. b GDPR
Legitimate interest, Art. 6 para. 1 lit. f GDPR
Consent, Art. 6 para. 1 lit. a GDPR

Data recipient
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy

trustedDialogue labelling of e-mails

Purpose of the processing
Within the EPAR-SERVICE webmailer of Mail Basic/Business, e-mails received as part of the trustedDialogue programme are marked with a special e-mail trust seal for the user. User interaction with emails of this quality standard is analysed by the service partner by means of pixel tracking on its own responsibility, provided that the necessary consent has been given.

Categories of personal data
Usage data, traffic data

Legal basis
Consent, Art. 6 para. 1 lit. a GDPR

Storage period
Usage data 41 days
Traffic data 3 months

Data recipient
United Internet Media GmbH, Montabaur, Germany
https://www.united-internet-media.de/de/datenschutzhinweis/

E-mail archiving

Purpose of the processing
Archiving e-mails

Categories of personal data
Inventory data, content data, usage data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
60 days after the end of the contract

Data recipient
Strato AG, Berlin, Germany

Hosted Exchange

Purpose of the processing
Provision of e-mail services, including the creation, configuration and deletion of e-mail addresses

Categories of personal data
Inventory data, content data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
End of the contract term

Data recipient
Fasthosts Internet Limited, Gloucester, England
EPAR-service GmbH Haller Straße 71, 74613 Öhringen, Germany

Microsoft Office 365

Purpose of the processing
Use of Microsoft Office 365, including the creation, configuration and deletion of accounts and users.

Categories of personal data
Inventory data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
User data is stored for up to 1 year after the last licence has been removed.

Data recipient
Microsoft, Redmond WA, USA

OX App Suite

Purpose of the processing
Using the OX App Suite: setting up, configuring and deleting accounts and users

Categories of personal data
Inventory data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Up to one year after cancellation of the last licence.

Data recipient
Open-Xchange, Cologne, Germany

Google Workspace | G Suite

Purpose of the processing
Use of Google Workspace | Google G Suite including setup, configuration, deletion and customer service.

Categories of personal data
Inventory data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
Google LLC, Mountain View CA, USA
https://workspace.google.com/intl/en/terms/subprocessors.html

https://policies.google.com/privacy

HiDrive online storage & HiDrive Share

Purpose of the processing
Provision of online storage for you and your users to be able to access it worldwide and at any time from different end devices. Hi Drive Share: Provision of the option to share files via a share link.

Categories of personal data
Inventory data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Up to four months after the end of the contract.
With HiDrive Share, the data is stored for 7 days.

Data recipient
Strato AG, Berlin, Germany

Managed Nextcloud

Purpose of the processing
Provision of an online storage solution for you and your users to be able to access them colloboratively, worldwide and at any time from different end devices.

Categories of personal data
Inventory data, content data, usage data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Storage duration of the data according to the settings/deletions you have made.
Cancellation at the end of the contract term at the latest.

MyDefender

Purpose of the processing
Provision and use of a backup.
Customer support and operation of the platform.

Categories of personal data
Inventory data, usage data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Storage duration of the data according to the settings you have made.
At the latest at the end of the contract term.

Data recipient
Acronis Germany GmbH, Landsberger Str. 110, 80339 Munich, Germany
Arsys Internet S.L.U., C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain

Video chat

Purpose of the processing
Provision and operation of an online video conference with invitation function for participants.

Categories of personal data
Content data, contact data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Traffic data is deleted after 7 days, content data and contact data are not stored.

Marketing and other products

List Local

Purpose of the processing
Publication and synchronisation of company data in online directories to improve local search rankings in search engines. Publication of posts on social media platforms.

Categories of personal data
Inventory data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
30 days after the end of the contract

Data recipient
uberall, Berlin, Germany

rankingCoach

Purpose of the processing
Optimisation of your website's search results on Google. If you use the Pro version, you can also set up Google Ads campaigns.

Categories of personal data
Inventory data, contact data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
rankingCoach, Cologne, Germany

Google Ads Management Service (Search Engine Marketing)

Purpose of the processing
Set up and manage Google Ads campaigns for your website.

Categories of personal data
Inventory data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
30 days

Data recipient
Jellyfish, Warrington, England

E-mail marketing

Purpose of the processing
Creation, dispatch and management of newsletter campaigns.

Categories of personal data
Inventory data, content data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
User data is stored for up to 1 year after the last licence has been removed.

Data recipient
Xqueue GmbH, Offenbach, Germany

Content generator with the help of artificial intelligence

Categories of personal data
Content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR
Legitimate interest, Art. 6 para. 1 lit. f GDPR
Consent, Art. 6 para. 1 lit. a GDPR

Data recipient
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy

Hosting Mobile App

Purpose of the processing
Mobile access to the EPAR-SERVICE Control Centre.

Categories of personal data
Inventory data, usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Inventory data is stored until the app is uninstalled.
12 months for usage data

Tracking
Exclusively internal statistical evaluation of app accesses. Your IP address is anonymised and not merged with other data. The data collected in this way does not allow any conclusions to be drawn about your identity.

Data recipient
Google LLC, Mountain View CA, USA

WebAnalytics

Purpose of the processing
Statistical analysis and technical optimisation of the website.

Categories of personal data
Anonymised usage data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Data recipient
EPAR-service GmbH Haller Straße 71, 74613 Öhringen, Germany

Server

Server and EPAR-SERVICE Cloud Computing

The following information applies equally to servers (vServer (VPS), Cloud Server, Dedicated Server and VPS) and EPAR-SERVICE Cloud Computing (EPAR-SERVICE Cloud / IaaS, Private Cloud, S3 Object Storage and Managed Kubernets):

For the above-mentioned products, the customer alone and exclusively decides which personal data is processed and how.

Categories of personal data
At your discretion

Storage period
At your discretion

Legal basis
At your discretion

Data recipient
At your discretion

vServer (VPS), Cloud Server, Dedicated Server, Private Cloud

Purpose of the processing
Customer support and operation of the platform

Categories of personal data
Inventory data, usage data, traffic data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
End of the contract term.

Data recipient
Arsys Internet S.L.U., C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain

In addition, the following instructions apply to the use of certain (partial) functions for these products:
vServer (VPS), Cloud Server, Dedicated Server, VPS, Private Cloud and Cloud Backup

Cloud backup

Purpose of the processing
Provision and use of the cloud backup.
Customer support and operation of the platform.

Categories of personal data
Inventory data, usage data, content data

Legal basis
Performance of the contract, Art. 6 para. 1 lit. b GDPR

Storage period
Storage duration of the data according to the settings you have made.
At the latest at the end of the contract term.

Data recipient
Acronis Germany GmbH, Landsberger Str. 110, 80339 Munich, Germany
Arsys Internet S.L.U., C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain