Privacy & Data Protection Policy
In case of doubt, the German version of this privacy and data protection policy shall prevail, which can be found on our website at www.pidoco.com.
This having been said, a detailed explanation is given below of the extent to which we collect, process and use personal data, and for what purpose.
1. Type and scope of personal data collected and processed
We collect and process personal data when you register for the services on our website and when you send messages to other users or otherwise communicate with us or other users. To a certain extent, we also store data that accumulates during use of our website, but only in anonymous form or under a pseudonym. Moreover, when you design prototypes after registering, the content you create is stored electronically, so that the data can be retrieved by third parties as you have intended and to the extent that is required for our service in the first place.
a) Usage data and cookies
On principle, you can also view our website without specifically providing any personal data. Nonetheless, some data still accumulates during usage. The following applies to this so-called usage data:
aa) When our web pages are visited by registered users or by ordinary Internet users, we store certain data that is collected in so-called logfiles. A logfile consists of the IP address, the time when the visit to our web pages started and ended, the quantity of data transmitted, and the sub-pages called up on our website. We collect and store these logfiles, for one thing for security reasons, in order to be able to trace any instances of misuse of our services. From this data, we can analyse how our services are used – we can find out which pages are particularly popular, for instance, the times when our services are put to most intensive use, whether there is smooth navigation amongst the services, etc. This analysis produces results in statistical form that are anonymous. We use these results for improving our services both technically and editorially. So in fact, we do not know what your preferred use pattern is; we only know that a user with that use pattern exists. We have no interest whatsoever in using an IP address in order to identify you as an individual.
b) Master data
If you want to use our services beyond the mere browsing of our weg pages you have to register, whereupon you will be sent the access data for your account. During registration we always ask for and store the following data:
- your first name and surname,
- your user name, if you select one for your own profile later,
- your password for accessing Pidoco’s service, and
- an email address where we can contact you for providing our services.
As soon as you make use of Pidoco’s fee-paying services, we also collect the following master data:
- your address (street and number, postcode and location), and
- • your payment data, such as bank account details, credit card number, etc.
We need your master data in order to be able to identify you as our contractual partner, open and run your user account, actually provide our services, and contact you if necessary. For instance, we use your email address to inform you about using our services, to give you advance notice of downtimes for system maintenance, and to send you information relevant to your contract, such as confirmation of contract closure or notification about the expiry of a trial period. Your customer status, as embodied in your master data, also enables you to access your user account: you can log in to your user account with your user name.
The name of your company and your VAT number are added to the master data listed above, if you provide that information voluntarily. For handling payments for our services, we pass on the applicable information about your credit card, bank account, etc. to the payment service provider you have indicated, such as PayPal, Wirecard AG, etc., depending on the mode of payment you have chosen. The data protection provisions of the respective payment service provider you have selected then also apply in addition.
c) Logging in using your Google account
You can register for our services using Google by clicking on the button marked with the Google logo during registration. Upon clicking the button you will be redirected to Google. If you are not logged in at Google at that time, a new window will open, in which you will be asked to log in at Google using your access information or to register as a new Google user. Then Google will ask you whether you would like to register for our services using Google.
If you are registered with us via Google, we are able to retrieve data from your Google profile. This includes in particular your email address. We use this data to create your Pidoco profile, which we save.
When you intend to register at Pidoco using your Google access data, Google will obtain knowledge of your intention through your clicking the button marked with the Google logo. Furthermore, Google will install a cookie in your web browser when you click the button marked with the Google logo. With the help of this text file Google will be able to collect further information about you and your surfing habits. The information generated through the cookie are usually transferred to a Google server located in the United States of America, where they are stored and potentially connected to your Google profile data. This can lead to the creation of user profiles at Google which exceed the extent of information you have disclosed yourself.
d) Email newsletter
We also use your email address to send you a newsletter by email at reasonable intervals, provided you have expressly consented to this by clicking on the relevant checkbox. Apart from edited articles and information, the newsletter may also contain advertisements for our products or new services. However, you can cancel the newsletter at any time by sending an email to email@example.com or simply by clicking on the link provided in each newsletter.
In order to offer a professional newsletter we use “MailChimp”, a product of the company The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, Georgia 30318, USA.
“MailChimp” like other providers offers statistical analysis options of usage data etc. for newsletters. The analysis options, however, generally relate to goups of users. This means that we are able to see how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the email list upon receipt of an email. “MailChimp” also offers some person-specific analysis options based on email addresses, which we, however, do not use.
When you click the corresponding checkbox, you email address will initially be temporarily stored at MailChimp. The email address is only used in order to send you an email, in which you can confirm that you wish to receive the newsletter (“Double-Opt-In”). Once the email address has been confirmed, it will be permanently stored at MailChimp until it is removed by the owner of the email address or by us. In order to document your consent and protect themselves against potential claims of sending unsolicited emails, MailChimp stores the date of your consent and the IP address under which the consent was given. We do not have any influence on the fact that the IP address is stored and how it is stored.
You can find further information about the use of data by MailChimp at http://mailchimp.com/legal/privacy/.
e) Live chat
We use SnapEngage in order to offer you a website chat. SnapEngage is a website chat service of SnapEngage LLC, 1919 14th Street, Suite 505, Boulder, CO 80302, USA.
You can find further information about SnapEngage and the use of your data at SnapEngage at http://snapengage.com/privacy-policy/.
f) Web analytics tools
Google will use this information on our behalf in order to analyze your use of the web page, to generate reports about the website activities and to provide further services relating to the use of the web page and the internet to the operator of the web page, e.g. to display targeted advertising content on the Google Display Network. The IP address which your browser transmits in the context of Google Analytics and Google Remarketing will not be connected with other data of Google.
If you do not consent to the storage and use of usage data by Google Analytics and Google Remarketing described above, you can deactivate the tools.
You can deactivate Google Analytics using a corresponding browser add-on by Google and thereby state your objection to the data collection and use connected to this web analytics method. The add-on notifies Google Analytics that you do not wish that information about your visit to our web page is transmitted to Google Analytics. You have to download and install the add-on. You can find further information on how to deactivate Google Analytics as well as all information about the download of the add-on at http://tools.google.com/dlpage/gaoptout?hl=en.
In this case as well, the web analysis will (only) remain deactivated as long as the add-on is installed. Therefore, please do not delete the add-on as long as you do not wish any web analysis. If you are accessing our web pages from different computer or with different browsers, you have to add the add-on separately for each computer or browser you use.
If you do not consent to the storage and analysis of these data from your visit, you can object to the storage and use at any time by unchecking the checkbox below. In this case a so-called opt-out cookie will be stored in your browser, which results in Piwik not collecting any session data. When you delete your cookies, the opt-out cookie will also be deleted and may have to be reactivated by you.
g) Social networks
On our web pages we use buttons of several social networks. We use a “two-click-solution”, i.e. you have to activate the buttons by clicking on a special button provided by us in order to use them. Only then can you make use of the buttons. You can only activate or deactivate all social networks jointly; it is not possible to use only individual ones.
In particular, our web pages contain buttons of the following networks:
aa) We use social media buttons (“Like” and “Share”) by Facebook. Facebook is a social network of the U.S. American company Facebook, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook buttons are marked by the Facebook logo. Depending on the type of button, further information can be added. When you activate the buttons and access one of our web pages containing a Facebook button, you browser will establish a direct connection with the servers of Facebook and the button will be loaded from there. Thereby Facebook will receive the information that the respective web page has been accessed.
If you are a Facebook user and are simultaneously logged in at Facebook, Facebook will be able to attribute the page impression to your profile. When you click on a Facebook button embedded in our web page and subsequently log in at Facebook (or already are logged in), the information “liked” or “recommended” by you will be published in your Facebook profile in short form. Facebook may be able to collect and store further user data. This can lead to the creation of Facebook user profiles which exceed the extent of information you have disclosed on Facebook yourself.
bb) In addition we use buttons of the network Twitter on our web pages. Twitter is a micro blogging service of the U.S. American company Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107). You can recognize Twitter buttons by the Twitter logo. When you activate the buttons and access web pages within our offering which contain a Twitter button, your browser will establish a direct connection with the servers of Twitter and the button will be loaded from there. Thereby Twitter will receive the information that the respective web page has been accessed. Even when you are not logged in, Twitter may be able to collect and store usage data this way.
When you click on a Twitter button on our web pages and “tweet” information via the opening Twitter window, you transmit the tweeted information to Twitter. This information will then be published in your Twitter user profile.
cc) In addition we have integrated buttons of Google+1 on our web pages. Google+1 is provided and operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA. When you activate the buttons and access a web page containing such a plug-in, your browser will establish a direct connection with the servers of Google. Thereby Google will receive the information that you have accessed the respective web page.
If you are logged in at Google Plus or Google via your personal user account during your visit to our web pages, Google will be able to attribute the website visit to your account. Through the interaction with plug-ins, e.g. the clicking of the button or the posting of a comment, the respective information will be transmitted directly to Google and stored there. If you wish to avoid such transfer of data you have to log out of your Google Plus or Google account before visiting our web pages.
dd) In addition we have integrated buttons of the social network LinkedIn of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. You can recognize the LinkedIn buttons by the LinkedIn logo. When you activate the buttons and visit our web pages and access a web page containing a LinkedIn button, your browser will establish a direct connection with the server of LinkedIn via the plug-in. Thereby LinkedIn will receive the information that you have accessed our web page.
If you are logged in at LinkedIn via your personal user account during your visit to our web pages, LinkedIn will be able to attribute the website visit to your account. Through the interaction with plug-ins, e.g. the clicking of the button, the respective information will be transmitted directly to LinkedIn and stored there. If you wish to avoid such transfer of data you have to log out of your LinkedIn account before visiting our web pages.
ee) In addition we have integrated buttons of the social network “Pinterest”. Pinterest is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. You can recognize Pinterest buttons by the Pinterest logo. When you activate the buttons and visit our web pages and access a web page containing a Pinterest button, your browser will establish a direct connection with the server of Pinterest via the plug-in. Thereby Pinterest will receive the information that you have accessed our web page.
If you are logged in at Pinterest via your personal user account during your visit to our web pages, Pinterest will be able to attribute the website visit to your account. Through the interaction with plug-ins, e.g. the clicking of the button, the respective information will be transmitted directly to Pinterest and stored there. If you wish to avoid such transfer of data you have to log out of your Pinterest account before visiting our web pages.
h) Content data
When you design prototypes and use the message function to contact other users, you are given a possibility of posting texts, images, videos, websites and other content on our servers, and of altering your content as well. You can invite other users to adapt or view your prototype and also communicate with them, and for this purpose you make your email address, user name and where applicable your avatar visible to them. You also make this information visible when as a user you accept an invitation from a fellow user to adapt or view his or her prototype. We store this content in order to provide it for retrieval in the Internet and enable our service in the first place – and if you provide personal data in connection with your prototype, this obviously includes that data as well. At the same time though, you decide entirely independently which information you want to disclose about yourself, and by deciding whom to invite you decide which users you disclose it to. In technical terms, we ensure that the data you have provided and released is posted in the relevant places on our website. On no account is your password or any data other than that specified above visible for the Internet public or even for other registered users.
After terminating the contract on use, your user account and your personal data are erased irrevocably if you so request. The other content you have posted can still be retrieved on principle though – this applies in particular to messages and interactions with other users. However, you can contact us by email and request that certain content be deleted.
2. Disclosure of data to third parties, publication of content data
We only pass your data on to third parties
- if and insofar as this is necessary in order to implement the contract we have with you, or to assert any rights and claims on our own part;
- where official enquiries are involved, in particular if requested by judicial or supervisory authorities, and if disclosure is required in order to avert a threat to public safety or law and order, and for prosecuting criminal offences; and/or
- if we are otherwise under obligation to do so by law.
The content data that you have transmitted to our servers so that it can be uploaded is “published” so-to-speak when we make it available technically on the designated page on the Internet, such that other users can retrieve it as described above.
3. Links to other websites
Our website contains links to the websites of other providers with whom we are in no way associated. After you have clicked on one of these links, we have no further influence on how any personal data is processed that is automatically transmitted to the other provider by the hyperlink (such as your IP address, or the URL where the link is installed), because evidently third-party conduct is entirely beyond our control. We can therefore accept no responsibility whatsoever for the processing of your personal data by third parties.
4. Information, correction, erasure, blocking
We will inform you at any time which of your personal data we have stored if you so request in writing or in text form. You can also request us at any time to block or erase your data. Only that data is excluded from erasure which we need for completing any unfinished tasks or for asserting our rights and claims, or which we are obliged to retain by law.
We take technical and organisational steps to ensure that our users’ personal data is protected against loss, manipulation or unauthorised third-party access. Moreover, we only ever allow entitled persons to access your personal data, and even then only to the extent required for the above purposes.
Revised: October 2013