Pidoco. Your wireframing tool.

Privacy & Data Protection Policy


In case of doubt, the German version of this privacy and data protection policy shall prevail, which can be found on our website at www.pidoco.com.

We, Pidoco GmbH, run a technical system on or through our web pages, which enables you to create interactive software prototypes – including visualisations of user interfaces and navigation processes – and then give other users an opportunity to edit and use them as well as comment on them. As a registered user, you can also at the same time contact other users and interact with them for the purpose of designing and testing the prototype. Basically, this involves exchanging all manner of information; in connection with creating user interfaces and prototypes, this will include data that you as a user have posted on the platform yourself and made visible for fellow users. Some of this information will be personal data.

 

Naturally, we always fully comply with the regulations laid down in current applicable data protection laws, especially the General Data Protection Regulation (GDPR) and the Federal Data Protection Act [Bundesdatenschutzgesetz], and will process your personal data to the extent specified in our Privacy Policy given below. With this data protection policy we also comply with our information obligation according to Article 13 of the GDPR.

 

 

1. Data controller and contact information of data protection officer

 

The data controller is:

 

Pidoco GmbH

Warschauer Str. 58a

10243 Berlin

 

E-Mail: contact@pidoco.com

Telephone: +49 30 4881 6381

The contact information of our data protection officer is:

Pidoco GmbH

- Data Protection Officer -

Warschauer Str. 58a

10243 Berlin

 

dataprivacy@pidoco.com

 

 

2. Type, scope, purpose and legal basis of data processing


We process personal data when you register for the services on our website and when you send messages to other users or otherwise communicate with us or other users. To a certain extent, we also store data that accumulates during use of our website, but only in anonymous form or under a pseudonym. Moreover, when you design prototypes after registering, the content you create is stored electronically, so that the data can be retrieved by third parties as you have intended and to the extent that is required for our service in the first place.

a) General use of our website and cookies

 

On principle, you can also view our website without specifically providing any personal data. Nonetheless, some data still accumulates during usage. The following applies to this so-called usage data:

 

aa) When our web pages are visited by registered users or by ordinary Internet users, we store certain data that is collected in so-called logfiles. A logfile consists of

 

- the IP address,

- the time when the visit to our web pages started and ended,

- the quantity of data transmitted, and

- the sub-pages called up on our website.

 

We collect and store these logfiles, for one thing for security reasons, in order to be able to trace any instances of misuse of our services. From this data, we can analyse how our services are used – we can find out which pages are particularly popular, for instance, the times when our services are put to most intensive use, whether there is smooth navigation amongst the services, etc. This analysis produces results in statistical form. We use these results for improving our services both technically and editorially. So in fact, we do not know what your preferred use pattern is; we only know that a user with that use pattern exists. We have no interest whatsoever in using an IP address in order to identify you as an individual.

 

The legal basis for this data processing is Article 6 (1) lit. f) of the GDPR. Our legitimate interest lies in the aforementioned purpose.

 

bb) We and – as described further below – third parties also use cookies on our web pages. Our cookies send us the log-in data, provide us with information about which browser you use and the browser version, and tell us the time and date of your visit to our website as well as the cookie number. Using cookies during registration (to the extent required – see above) and use of our services enables us to recognise you if you re-visit our website after the end of a session. Using these cookies also means that you do not have to log-in again next time you visit our service.

 

The legal basis for this data processing is Article 6 (1) lit. f) of the GDPR. Our legitimate interest lies in the aforementioned purpose.

 

In the event that you want to prevent cookies (including all others specified in this privacy policy) being used, your browser can be set such that it prevents new cookies being accepted and stored. In order to find out how this works in the particular browser you use, you can refer to its “help” function or ask the manufacturer. However, it is only by using cookies that we can achieve the all-round safety and convenience of the application which we constantly endeavour to provide.

 

b) Registration on our website

 

If you want to use our services beyond the mere browsing of our weg pages you have to register, whereupon you will be sent the access data for your account. During registration we always ask for and store the following data:

 

  • your first name and surname, 

  • your user name, if you select one for your own profile later, 

  • your password for accessing Pidoco’s service, and 

  • an email address where we can contact you for providing our services. 

As soon as you make use of Pidoco’s fee-paying services, we also collect the following master data:

 

  • your address (street and number, postcode and location), and 

  • your payment data, such as bank account details, credit card number, etc. 

 

We need your master data in order to be able to identify you as our contractual partner, open and run your user account, actually provide our services, and contact you if necessary. For instance, we use your email address to inform you about using our services, to give you advance notice of downtimes for system maintenance, and to send you information relevant to your contract, such as confirmation of contract closure or notification about the expiry of a trial period. Your customer status, as embodied in your master data, also enables you to access your user account: you can log in to your user account with your user name.

 

The name of your company and your VAT number are added to the data listed above, if you provide that information voluntarily. For handling payments for our services, we pass on the applicable information about your credit card, bank account, etc. to the payment service provider you have indicated, such as PayPal, Wirecard AG, etc., depending on the mode of payment you have chosen. The data protection provisions of the respective payment service provider you have selected then also apply in addition.

 

The legal basis for the data processing described here is Article 6 (1) lit. b) of the GDPR.

c) Logging in using your Google account

If you own a Google user account you can use your Google access information to register for and access our services. Registration and use of Google are subject to Google’s privacy policies and terms of use, which you can find at http://www.google.de/intl/en/policies/.

You can register for our services using Google by clicking on the button marked with the Google logo during registration. Upon clicking the button you will be redirected to Google. If you are not logged in at Google at that time, a new window will open, in which you will be asked to log in at Google using your access information or to register as a new Google user. Then Google will ask you whether you would like to register for our services using Google.

If you are registered with us via Google, we are able to retrieve data from your Google profile. This includes in particular your email address. We use this data to create your Pidoco profile, which we save and in which we process data according to the principles and for the purposes stated in lit. b).

When you intend to register at Pidoco using your Google access data, Google will obtain knowledge of your intention through your clicking the button marked with the Google logo. Furthermore, Google will install a cookie in your web browser when you click the button marked with the Google logo. With the help of this text file Google will be able to collect further information about you and your surfing habits. The information generated through the cookie are usually transferred to a Google server located in the United States of America, where they are stored and potentially connected to your Google profile data. This can lead to the creation of user profiles at Google which exceed the extent of information you have disclosed yourself.

You can review in detail which data Google collects and for which purpose the data is collected or used in Google’s privacy policy. You can also find further information about your rights regarding the collection and processing of your data. Google’s privacy policy can be found at http://www.google.de/intl/en/policies/privacy/. In addition you can find information about your data and information stored in connection with applications on the Google dashboard at https://www.google.com/settings/dashboard?hl=en.

Processing of your data, which we obtain from Google upon your request, is based on Article 6 (1) lit. b) of the GDPR, just like the processing described in lit. b) above.

d) Logging in using OpenID Connect

You can access our services using the service OpenID Connect. OpenID will inform you during the sign in process about all personal data collected and their respective use. All further processing occurs according to the principles and for the purposes stated in lit. b) above.

e) Email newsletter


We also use your email address to send you a newsletter by email at reasonable intervals, provided you have expressly consented to this by clicking on the relevant checkbox. Apart from edited articles and information, the newsletter may also contain advertisements for our products or new services. However, you can cancel the newsletter at any time by sending an email to
service@pidoco.com or simply by clicking on the link provided in each newsletter.

 

In order to offer a professional newsletter we use “CleverReach”, a product of the company CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Deutschland.

 

“CleverReach” like other providers offers statistical analysis options of usage data etc. for newsletters. The analysis options, however, generally relate to goups of users. This means that we are able to see how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the email list upon receipt of an email.

 

When you click the corresponding checkbox, you email address will initially be temporarily stored at CleverReach The email address is only used in order to send you an email, in which you can confirm that you wish to receive the newsletter (“Double-Opt-In”). Once the email address has been confirmed, it will be permanently stored until it is removed by you or by us. In order to document your consent and protect themselves against potential claims of sending unsolicited emails, CleverReach stores the date of your consent and the IP address under which the consent was given.

 

The legal basis for the processing of your data for the purpose of sending the newsletter is Article 6 (1) lit. a) of the GDPR. The statistical analysis is justified based on Article 6 (1) lit. f) of the GDPR. Our legitimate interest is our goal to improve and optimize our newsletter using the statistical analysis.

f) Web analytics tools

 

aa) Our website uses the “eTracker” tool (etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany) for doing Web analysis. eTracker uses cookies, which are text files that are stored on your computer and allow your usage of the website to be analysed. The information about your usage of the website that is generated by the cookie is transmitted to a server run by etracker GmbH, where it is stored. Web analytics on our Internet platform are done with eTracker set to the data protection option “Extended data privacy compliance” [Erweiterte Datenschutzkonformität]; this means that complete IP addresses are not processed and that only an abbreviated version is stored. IP addresses are shortened by the last 8 Bit, which renders them anonymous.

 

etracker GmbH uses this information to analyse your usage of our website, to compile reports for us about activities on our website, and to provide additional services connected with use of our website and of the Internet. etracker GmbH on no account links your IP address with any other data or passes the data on to third parties. Details on how etracker GmbH handles the data can be obtained from its privacy policy at: http://www.etracker.com/en/datenschutz.html.

 

The legal basis for the analysis is Article 6 (1) lit. f) of the GDPR. Our legitimate interest lies in the purpose just described.

 

You can object to the use of cookies and hence the data collection by eTracker at any time by clicking on the following link and following the instructions given there:

 

Exclude from data storage.

bb) In addition, our web pages use the analytics tool Matomo (formerly Piwik). Matomo also uses cookies. With the help of these cookies we can analyze the use of the web page. For this purpose the usage information (including your (shortened) IP address) generated by the cookie is transmitted to our server and stored for the purpose of usage analysis in order for us to optimize the web page. Your IP address is immediately anonymized during this process so that you as a user remain anonymous for us. The information generated by the cookie about your use of the web page will not be transmitted to third parties by us.

 

The legal basis for this processing is Article 6 (1) lit. f) of the GDPR. Our legitimate interest lies in the purpose described above.

 

If you do not consent to the storage and analysis of these data from your visit, you can object to the storage and use at any time by unchecking the checkbox below. In this case a so-called opt-out cookie will be stored in your browser, which results in Matomo not collecting any session data. When you delete your cookies, the opt-out cookie will also be deleted and may have to be reactivated by you.

g) Prototyping and messaging function


When you design prototypes and use the message function to contact other users, you are given a possibility of posting texts, images, videos, websites and other content on our servers, and of altering your content as well. You can invite other users to adapt or view your prototype and also communicate with them, and for this purpose you make your email address, user name and where applicable your avatar visible to them. You also make this information visible when as a user you accept an invitation from a fellow user to adapt or view his or her prototype. We store this content in order to provide it for retrieval in the Internet and enable our service in the first place – and if you provide personal data in connection with your prototype, this obviously includes that data as well. At the same time though, you decide entirely independently which information you want to disclose about yourself, and by deciding whom to invite you decide which users you disclose it to. In technical terms, we ensure that the data you have provided and released is posted in the relevant places on our website. On no account is your password or any data other than that specified above visible for the Internet public or even for other registered users.

 

The data processing is based on Article 6 (1) lit. b) of the GDPR.

3. Recipients of personal data

a) Internal recipients

Internally, the respective responsible employees have access to your data.

b) External recipients

 

In addition to the recipients named above, we employ external service providers. These comprise primarily IT services, which we can not or not reasonably provide ourselves. Furthermore, we employ the service provider plan.io for support requests, which you send to any of the email addresses service@pidoco.com, support@pidoco.com, kontakt@pidoco.com or contact@pidoco.com. This service provider operates a ticketing system on our behalf, in which the respective requests are processed.

c) Publicity of content data

 

We transmit – if you will – your data, which you have transmitted to our servers for the purpose of uploading to other users by making them technically accessible for the other users to the extent described above on the designated internet sites.

4. Storage duration

As far as no other duration is stated, we delete your data which is collected during general use of our website after 36 months. This also applies insofar as personal data are processed in conjunction with the use of cookies, analytics or advertising services.

Data which we process in the context of use of your user account are stored as long as the user account exists.

After terminating the contract on use, your user account and your personal data are erased irrevocably. The other content you have posted can still be retrieved on principle though – this applies in particular to messages and interactions with other users. However, you can contact us by email and request that certain content be deleted. So far as we have no compelling legitimate grounds for processing, which outweigh your interests, rights and freedoms, or the processing does not serve the assertion, exercise and protection of our rights, we will delete your data.

Where we process data in order to send you email newsletters, we store the data until you revoke your consent vis-à-vis us. Upon your revocation we will erase your data without delay.

5. Rights of data subjects

The General Data Protection Regulation guarantees you certain rights, which you can assert vis-à-vis us – insofar as the legal requirements are met.

Article 15 of the GDPR – Information right of data subject: You have the right to obtain a confirmation from us, whether we process personal data relating to you, and if so, which data is concerned and the details regarding the processing.

Article 16 of the GDPR – Right to correction: You have the right to ask us to correct erroneous personal data relating to you without delay. In this context and considering the purposes of the processing you also have the right to request the completion of incomplete personal data – including through a supplementary statement.

Article 17 of the GDPR – Right to deletion: You have the right to request from us that personal data relating to you is deleted without delay. Please note the exception described under item II. 4.

Article 18 of the GDPR – Right to limitation of processing: You have the right to request from us the limitation of processing.

Article 20 of the GDPR – Right to data portability: In the case of processing based on consent or the fulfillment of a contract, you have the right to obtain the personal data relating to you, which you have provided to us, in a structured, common and machine readable format, and to transmit these data to another data controller without our interference or have them transmitted to another data controller, to the extent technically feasible.

Article 21 of the GDPR – Revocation right: You have the right to object to the processing of personal data relating to you, which occurs due to our legitimate interest or to observe a duty in the name of public interest or which occurs in the course of the exercise of public authority, based on reasons grounded in your special situation.

If you object, your personal data will no longer be processed, unless we can demonstrate compelling legitimate grounds for processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise and protection of rights.

Insofar as we process your personal data for direct marketing you have the right to object to the processing at any time. If you object to the processing for the purpose of direct marketing, we will cease to process your personal data for such purposes.

Article 77 of the GDPR in connection with § 19 Federal Data Protection Law [BDSG] – Right to complaint vis-à-vis a regulatory authority: You have the right to file a complaint with a regulatory authority at any time, especially in the member state of your residence, your workplace or the location of the alleged offence, if you deem the processing of the personal data relating to you to violate applicable law.

If the processing is based on your consent, you have the right to object at any time. Previous processing remains unaffected. In order to let us know about your objection, send us an email to dataprivacy@pidoco.com.

6. Duty to provide data


You are under no contractual or legal obligation to provide us with personal data, but we are unable to provide you with our service without the data you provide to us.

7. Automated decision-making (including profiling)

 

We do not use automated decision-making, which has legally binding effects on you or affects you.

8. Safety


We take technical and organisational steps to ensure that our users’ personal data is protected against loss, manipulation or unauthorised third-party access. Moreover, we only ever allow entitled persons to access your personal data, and even then only to the extent required for the above purposes.

 

 

Revised: May 2018