Data privacy statement
This website (hereinafter "website") is provided by heyport GmbH (hereinafter "us" or "we"). Further information on the website provider can be found in our Imprint.
A. Dealing with personal data
In the following, we would like to inform you about our handling of personal data when using this website. Unless otherwise described in the following sections, the legal basis for handling your personal data follows from the necessity of handling for the provision of the functionalities requested by you on this website (Art. 6 (1)(b) General Data Protection Regulation).
B. Use of the website
1. Calling the website
When you call up our website, your browser transmits certain data to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following data is collected, stored for a short time and used:
Date and time of the request, time zone difference to Greenwich Mean Time (GMT)
Content of the request (concrete page)
Operating system and its access status / HTTP status code
data volume transferred
Website from which the request comes
Browser, language and version of the browser software.
In addition, in order to protect our legitimate interests, we store this data for a limited period of time in order to initiate a derivation to personal data in the event of unauthorised access or attempted access to local servers (Art. 6(1)(f) of the General Data Protection Regulation).
a) What cookies are
We use so-called "cookies" on this website. Cookies are small text files that are stored in the memory of your end device via your browser. Cookies store certain information (e.g. your preferred language or page settings) that can be sent back to us by your browser when you visit the website again (depending on the lifetime of the cookie).
3 . Optimisation of the website
We use the provider Pendo Inc, 301 Hillsborough St, Suite 1900, Raleigh, NC 276031, USA to provide guided tours/guides, create usage profiles to tailor the software to your needs, collect user feedback and communicate with users. Pendo is a technology service that helps us facilitate the onboarding of new users with role-specific tours. At the same time, Pendo allows us to better understand our users' experiences (e.g. how much time they spend on which pages, which links they click, what users like and dislike, etc.) so that we can provide user-centric services.
UUID of the users in anonymised form
Progress status in the tour/guide
Name and version of the browser used
First and last visit
Click and focus events
The data submitted to Pendo and Pendo's application are processed and stored in a secure, multi-tenant environment provided by Google Cloud Platform and hosted in Google's data centres in the European Union.
All data storage is encrypted by default and various logical separation techniques are used to prevent one client from accessing another client's data.
We use the email ticketing system of Freshworks, Inc, 2950 S. Delaware Street, Suite 201, San Mateo, California 94403, USA ("Freshdesk"). If users of our website send contact requests by email, these are stored and organised in the ticket system to enable chronological processing and to improve the service experience. Users can always view the current status of the processing of their request via the individually assigned ticket number.
Exclusively for the organisation of the requests and their processing, personal data is collected to the extent provided in the request, but in any case name, first name and e-mail address, transmitted to Freshdesk, stored there and read out.
The legal basis for the processing of this data is our legitimate interest in the efficient design of our customer service, in answering your request as quickly as possible and in optimising our service offer in accordance with Art. 6 Para. 1 lit. f DSGVO.
We have concluded an order processing agreement with Freshdesk ("Data Processing Addendum", viewable here), with which we oblige Freshdesk to protect our customers' data and not to pass it on to third parties. For the transfer of data outside the European Economic Area, Freshdesk relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
Your data will be deleted after your request has been processed. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
You can find more information about Freshdesk's data protection here.
When contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted when the circumstances indicate that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
4. External services and content on our website
We integrate external services or content on our website. When you use such a service or when third-party content is displayed to you, communication data is exchanged between you and the respective provider for technical reasons.
In addition, the provider of the respective services or content may process your data for further, own purposes. We have configured services or content from providers known to process data for their own purposes to the best of our knowledge and belief in such a way that either communication for purposes other than displaying the content or services on our website does not take place, or communication only takes place when you actively decide to use the service. However, since we have no influence on the data collected by third parties and their processing, we cannot provide any binding information on the purpose and scope of the processing of your data.
For further information on the purpose and scope of the collection and processing of your data, please refer to the data protection notices of the respective providers responsible under data protection law for the services or content we integrate.
On our website you have the option of registering for our newsletter in order to be kept up to date by e-mail about new online magazine articles. For the registration we only need your e-mail address. We use the so-called double opt-in procedure to register for the newsletter. In this process, after registration on the website, we send you a message to the e-mail address you have provided, in which we ask you to confirm your registration. The legal basis for the processing is your consent (Art. 6 (1)(a) DS-GVO)). You can unsubscribe from the newsletter at any time. To do so, you can use the unsubscribe link provided in each newsletter or object to the processing. To do so, please use the contact details in the imprint or contact our data protection officer.
6. Confirmation emails
We use the Sendgrid service of Twilio Sendgrid Inc, 1801 California St #500 Denver, CO 80202, USA (hereinafter "Sendgrid") to send some emails. Sendgrid is used to send confirmation emails, transaction confirmations and emails with important information regarding existing requests. The dispatch via a specialised service provider is necessary to ensure the delivery of the e-mails to your e-mail account and to reduce the probability of these e-mails being classified as "spam" by your e-mail provider. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) DSGVO. In addition, the use of Sendgrid is necessary for the fulfilment of the contract with you (Art. 6 para. 1 lit. b) DSGVO.
The data provided with the respective request, including e-mail address, name and requested service, are processed.
We have concluded a contract with Sendgrid that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to the USA).
7. transfer of data for processing on our behalf
We sometimes use specialised service providers to process your data. Our service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for commissioned processing.
Processing of data outside the EU / EEA is only envisaged if an adequate level of data protection is guaranteed.
8. Information about your rights
The following rights are available to you under applicable data protection laws:
Right to information about your personal data stored by us;
Right to rectification, erasure or restriction of processing of your personal data;
Right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;
Right to data portability;
Right to complain to a supervisory authority;
You can revoke your consent to the collection, processing and use of your personal data at any time with effect for the future. You can find more information on this in the respective sections above, where data processing based on your consent is described.
If you wish to exercise your rights, please address your request to the contact person named below.
For your data protection concerns, please use the following e-mail address: email@example.com. We process the data transmitted in this way exclusively for processing your enquiry on the basis of Art. 6 (1)(f) DS-GVO.
Status: 2 May 2023