GRAEBERT GMBH – PRIVACY POLICY
Last amended: July 15, 2019
What this policy covers
This privacy policy covers the information we collect about you when using our Websites, Products, Services or when you interact with us. Your privacy is important to us and this policy aims at helping you to understand:
- What information we collect about you
- How we secure and use the information that is to say how we use and secure your Personal Data, and how we may transfer or share information with our partners such as resellers, corporate affiliates or third-party technologies we use
- Your choices that is to say how you can access and control your information
Legal basis for processing
If you are an individual from the European Economic Area (EEA), please note that we collect and process information about you only where we have legal basis for doing so under applicable laws of the European Union. Such legal basis will depend on the Products and Services you will use from us, the Personal Data collected and the specific context in which we collect it. This means we normally will collect Personal Data only where:
- We have your consent to do so, or
- We need it to provide you the Services, including to operate the Products, Websites and Services, provide customer support and personalized features, or
- We see a legitimate interest such as for research and development, for interacting with you regarding Products and Services, or for protecting our legal rights and interests
Where we rely on your consent to process your Personal Data for a specific purpose, you have the right to change your mind at any time, although this will not affect any processing that has already taken place. You have also the right to object to the processing of your Personal Data when we or a third-party such as your employer have a legitimate interest to do so. Please note however that in most cases, if you do not provide the requested information, we will not be able to provide some or all of the requested Services and/or Products.
What information we collect about you
Information gathered through our Websites
When you visit the Graebert Websites or Customer Portal, our Web server identifies the IP address of your computer and resolves it into a domain name (a domain name is a computer address by which one computer communicates with the other). By using programming scripts, we collect information about the type of browser, operating system, and system configuration that you use. In order to obtain access to portions of our Website we may ask you to complete a registration form that identifies Personal Data about you or solicits your comments. We refer to all of this information as Personal Data.
Information gathered through our Products
The Graebert Products may require that you create a Graebert Account on the Graebert Customer Portal. You will get in return credentials that will identify you in our Products and grant you access based on the Permissions you were granted.
Our Products and Services may also gather certain information about your computer, phone, tablet or other devices you use to operate and access. This may include log data and information about your operating system, browser type, IP address, device identifiers, country, language and/or connection type.
Graebert Products may include the option to participate in the Customer Involvement Program (CIP). The CIP feature collects information about how you use our applications by sending information to our servers when you are logged in to the application. The collected information is anonymous. When you start an application providing the CIP feature the first time, you will be prompted about participating. You can change your choice and join or opt out at any time. Learn more about the CIP in the application’s online help (topic „Participating in the Customer Involvement Program“).
Cookies and tracking technologies
We use automatically collected information and other information collected on our Websites, Products and Services through cookies and similar technologies to:
- Provide functionality and personalize our service, such as recognizing you across different Products, Services and devices or keeping a session open
- Monitor and aggregate usage metrics as well as analyzing how users interact with our Products, Services and Websites
You may visit http://www.allaboutcookies.org to learn more about cookies in general.
Information gathered through our Live Chat
Our Live Chat built-in on our Websites and/or Products is powered by a third-party technology operated by Intercom. It allows you to send messages and chat with our employees. Intercom will use cookies to identify you and aggregate information such as your IP address, browser, operating system, as well as the pages you visited before entering into discussion with us and other information related to your behavior on our Websites and/or Products. For example when you ask about a price we can see which product page you have last visited which will help us to give you a better answer. Intercom claims to process this information solely to improve its own Services. These cookies can also be avoided as described in the section “Cookies” but please note that the chat may no longer work properly if you prevent the installation of these cookies.
Information gathered through third-party Cloud storages or Identity providers
The Graebert Products, Websites and Services may offer or require the possibility to connect with your third-party Cloud storages (herein after “Cloud storages”). This is required in order to provide our service, namely the visualization and/or edition of your data in these accounts. For that purpose, the Graebert Product will remember your last used access token for each Cloud storage.
Likewise, our Products, Websites and Services may offer to use third-party technology to authenticate yourself (herein after “Identity providers”). This is required for example if you want to use a Google Account or a Microsoft account to authenticate and access our Products.
By connecting one or more Cloud storages to a Graebert Product, you are allowing Graebert to access your information and your are agreeing to the Cloud storages respective Terms of Use in your use of the Graebert Product(s). Graebert may receive information from your Cloud storage(s) and that information may be collected and used by Graebert (either as part of your profile or otherwise). We will use all information available from your Cloud storage(s) in accordance to their respective policies, and the privacy settings you can select through the account settings of each Cloud storage, so please consult such policies and settings.
Graebert will in particular collect and use information from your Cloud storage(s) or Identity providers aiming at:
- Authentication: We use information to authenticate and secure your access to our Products and Services and to your Cloud storages content.
- Access and Management of your files: We use information to let you browse, organize and access your files stored in the Cloud storage(s). This includes also the ability to read or edit them and to let you update the sharing settings (aka “Permissions”) defined in your Cloud storage(s) for each file.
- Performance: We may use information to identify common keywords within your files and indexing them in order to facilitate a quicker access and search results. Such information is fully encrypted before being cached.
- Statistical analysis: We may also use your Personal Data to create anonymous information records by excluding information personally identifiable to you. We generally use such information in statistical analysis to help us analyze the user experience and performance within our Products.
You can revoke Graebert’s access at any time from the settings page of each of your Cloud storages.
Payment information
When you order some specific Products or Services, we may collect, only with your explicit consent, payment and billing information. This includes:
- Payment information such as credit card details and/or bank account details
- Contact details such as name, email and/or phone
- Company details
We will share such information with third-party payment Services on the legal basis to fulfil our contract and secure the payment(s).
Information from other sources
We may receive information about you from your organization, from third-party Services, from our related companies such as our subsidiaries, and from our business and channel partners. This includes for example information sent by our resellers or by Digital River, the company operating our estore.
Outside parties and sites
Through Graebert you may be introduced to a variety of third-party partners and Websites. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third party, or the use of “cookie” technology by any third party, will be governed by the privacy policy of the operator of the Website that you are visiting. If you have any doubts about the privacy of the information you are providing to any such third-party, we recommend that you contact that third-party directly for more information and review its privacy policy.
For example, when you like to buy our Products online you will be likely to be redirected for purchase and checkout to a website operated by Digital River. In that case, you will buy the product(s) from them as an online reseller of our Products. We will not be responsible for the privacy or security practices of Digital River or its associates that may differ from our policy. We invite you therefore to check their privacy policy while placing your order and to direct any related data privacy questions directly to them.
Links with other sites
When you access other sites by way of hyperlinks at this Website, please remember that Graebert has no control over the content posted on those sites.
How we secure and use the information
Protecting your Personal Data
We take all reasonable steps to protect the Personal Data we receive from you against loss, unauthorized alteration or access and/or unlawful destruction. We have put in place generally accepted industry standards to secure, back-up and safeguard your information.
Yet, while we do our best to protect your Personal Data, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. What does this mean? You must protect yourself. You are responsible for maintaining the secrecy of your passwords and/or any account information. We recommend that you do not share your passwords with anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited e-mail. The Internet is not a secure medium of communication and privacy cannot be ensured. We cannot assume any responsibility, nor will we be liable, for any damages you or a third party may suffer as a result of the transmission of any information that you make to us through the Internet, or as a result of any communication made via our Products or Websites.
Unless otherwise explicitly stated herein any non-Personal Data or material sent to Graebert will be deemed not to be confidential.
International transfers
Graebert is a company headquartered in Germany with global activities. To facilitate our global operations we may transfer and access your Personal Data from different servers around the World.
Although our main servers are hosting your Personal Data in Germany, we may replicate some of your Personal Data to servers in other countries in order to improve the local performance of our Products and facilitate our global operations. For example, if you are located in India, we will make sure that a local server can facilitate a better performance of our Products and Services.
Use of Personal Data
Use of Personal Data
Graebert or its Agents uses registration, e-mail, and other Personal Data for internal purposes only. We do not and will not sell your information to third parties. We consider the privacy of our users to be of utmost importance. Personal Data is used to:
- Secure and facilitate access to our Products and Services,
- Communicate with you about our Products and Services
- Update and maintain the information related to your Licenses and Subscriptions on our Servers, and
- Obtain information regarding Websites, Products and Services usage so that we can tailor our content and infrastructure to meet your needs.
Communications about Products and Services may include communications via email, phone, within the Products, Websites or Services, or other means by Graebert, its affiliates or partners. We may use your contact information to for send Transactional Communications such as:
- Account creation, product activations, remind expiring subscriptions and permissions,
- Respond to your comments, questions and requests,
- Send information about updates, new features, security alerts, technical notices and administrative messages
- Tailored messages based on your activity and interactions with us. For example, certain actions you take may trigger automatically a message to help you discover or get started with specific features or Products.
Such Transactional Communications are part of our service and in most cases you may not be able to opt out from them unless you delete your account. We send such Transactional Communications on the legal basis of our legitimate interest to operate our Products, Websites and Services and fulfil our contract with you.
Communications about Products and Services may also include Promotional Communications such as newsletters, new product offerings and promotions. You can control whether you receive these Promotional Communications as described below under “Communication preferences”.
We do not sell Personal Data to other companies. We may, in certain cases, share this information with our Partners such as our resellers or subsidiaries to ensure that we provide better service to our customers.
Graebert reserves also the right to use data in connection with suspected inappropriate use, fraud, violations of Graebert Product’s Terms of Use, or any other activity that threatens to impede Graebert’s and/or its users’ ability to use the Graebert Products or Services efficiently, legally and effectively.
Use of Information gathered through our Customer Involvement Program
The purpose of identifying preferences and common use cases of our applications through the Customer Involvement Program (CIP) is to improve and adapt our applications in future releases to meet the needs of our customers.
Data Aggregation
We may aggregate data we acquire about our customers and their end-users, for example we may assemble customer data collected from our different Websites, Products and Services for the purposes of processing this data, delivering and improving our service to you and, obviously, honor promptly any request to opt-out. This may include for example to aggregate information from our licensing database and our Live Chat to understand the context of the questions you may ask us like typically which Products or Services you are using.
Organizations accounts and administrators
Most of our Products are intended for use by organizations. Organizations have the possibility to create an account enabling one or more administrators to manage the Products and licenses acquired by the organization.
If you are an administrator for a particular group of users we may share your contact information with current or past users within your organization to facilitate service or product-related requests.
If you are an end-user which license is managed by an administrator, we will share with your organization and administrator(s) certain information about you including your name, contact information as well as current and past usage of your account. In this case, please direct your data privacy questions to your administrator(s) as your use of our Products and Services will be subject to your organization’s policies.
For the avoidance of doubt, we will not be responsible for the privacy or security practices of your administrator(s) that may differ from our policy. For your understanding, Administrators rights include:
- Create, edit or delete a Graebert Account with Personal Data about you
- Assign or remove permissions to you to access our Products and Services
- Access or retain information stored as part of your account such as Personal Data you entered or devices you use
Even if your license is not currently managed by an administrator, your organization may later request control over your account and use of the Products and Services at a later date. You will be notified if this happens.
Third party use access to Personal Data
We work with third-party technology or service providers providing hosting, website, maintenance, backup, storage, virtual infrastructure, application development, and other Services to us. This includes for example our Live Chat system, our CRM (Customer Relationship Management) solution, solutions to provide our technical support and analytic tools. We may grant such providers access to some of your Personal Data if it is reasonably necessary for them to perform their function. In such case we will ask the provider to sign a Data Processing Agreement in order to keep the data safe.
From time to time we may employ third parties to help us improve our Products or Websites. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the Products or Websites or the learning tools and they will not be able to use the information about our users or registered members for any other purpose. Similarly we will ask these third parties to sign a Data Processing Agreement to keep the data safe.
Important exceptions
We may disclose your information to a third party without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Website users or anyone else that could be harmed by such activities. We may disclose user information when we believe in good faith that such disclosure is required by and in accordance with the law.
We may also disclose your information in connection with a corporate re-organization, a merger or amalgamation with another entity, or a sale of all or a substantial portion of our assets provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.
Your choices
Your privacy is very important to us. To earn and maintain your trust we like to offer you the highest transparency and provide reasonable access to the Personal Data that you may have provided through our use of Products, Services and Websites.
Updating and correcting your Graebert Account
When you visit our Customer Portal you can access, update and correct some Personal Data that we use to authenticate you including for example your name or contact details unless these are managed by your Administrator (see above “Organization accounts and administrators”). Please note that the changes you make in our Customer Portal will be reflected in our active user database but we may retain any information you submit for any reason we reasonably believe we have a legitimate reason such as backups, archiving, legal obligations, fraud and abuses detection and license history.
Deletion and Correction of Personal Data
By contacting us at privacy@graebert.com, you can find out the details of any Personal Data we hold about you and correct or update that Personal Data, request that we delete that Personal Data. However, where the Products and/or Services are administered for you by an Administrator, you will need to contact him/them first to submit your request as explained above in “Organizations accounts and Administrators”.
In any case, please note that deleting all your Personal Data will imply to deactivate your account which implies that you will consequently lose access to our Products and Services.
Google Analytics
While some of the cookies we use are required to use our Products and Services (see section above “Cookies and tracking technologies”), you can opt out from the collection by Google Analytics of navigation information during your visits to our Websites. To do so we invite you to use the Google Analytics Opt-out feature available from Google.
Communication preferences
You can opt-out from receiving Promotional Communications by clicking on the link to unsubscribe that you will find in the bottom of the corresponding email. This will unsubscribe you from our mailing list for newsletters, promotions and new product offerings. You may subscribe again later at any time by manually subscribing to our newsletter from our Websites.
Minors and Children
Our Products, Services and Websites are not directed to children under the age of 16. If you are under 16 years old, then please do not use nor access our Products, Services and Websites in any manner. We do not knowingly collect Personal Data from children under the age of 16. Would we learn that any Personal Data has been collected, without verifiable parental consent, from individuals under 16 years old, then we would take any step required to delete such data. As a parent or guardian, you may alert us at privacy@graebert.com if your child has obtained a Graebert Account and you like to request that we close such account and delete the corresponding Personal Data from our systems.
Complaints to our Supervisory Authority
You have the right to complain about the improper processing of your Personal Data by us with our Supervisory Authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Besuchereingang: Puttkamerstr. 16 – 18 (5. Etage)
10969 Berlin, GERMANY
Tel.: +49 (0) 30 13889-0
How you can get in touch with us
Our contact information as responsible authority can be found in the imprint. If you want to exercise the rights mentioned in the privacy policy or have questions about privacy protection or the personal handling of data at Graebert or about this privacy policy in general, you could get in touch with us using the following address:
Gräbert GmbH
Dr. Antje Johst
Nestorstraße 36A, 10709 Berlin, DEUTSCHLAND
Our Data Protection Officer can be reached at: privacy@graebert.com
Translations of our policy
Non-English translations of this privacy policy are provided for convenience only. In case of conflicts, differences or ambiguity between translations, the English version will prevail at all times.
Changes to our policy
If it becomes necessary or desirable to change our privacy policy in the future, we will post changes as soon as they go into effect so that you are always aware of what information we collect, how it would be used, and under what circumstances we would disclose it. Any change to this policy will become effective on the date the change is posted. You can determine this date by looking at the date in the top of this page. We recommend that you print a copy of this policy for your reference and revisit this policy from time to time to ensure you are aware of any changes.
Your continued use of the Graebert Websites, Products and/or Services signifies your acceptance of any changes. If you disagree with any changes, you will need to stop using our Websites, Products and Services and deactivate your account(s) as specified above.