Data Privacy Declaration in German

DATA PROTECTION DECLARATION

Of 12GRAPES GMBH

§1 Information about the collection of personal data

1.1 In the following, the owner and operator of the website www.bunch.ai (“website”), 12grapes GmbH (cf. § 2, “12grapes”, “we”, “us”, “our”) informs about the collection of personal data when using our website and our software to analyze individual and collective working culture (bunch, “software”). Personal data are all data that are related to you as a person, e.g. name, address, e-mail addresses, user behaviour.

1.2 The entity responsible pursuant to Art. 4 para 7 EU General Data Protection Regulation (GDPR) is 12grapes GmbH, Invalidenstraße 112, 10115 Berlin, Germany, registered in the Commercial Register of the Charlottenburg District Court (Berlin) under the registration number HRB 175460 B, [email protected], +493045036582 (see our Imprint). Inquiries to our data protection officer can be sent to us via [email protected] or via our postal address with the addition “Data protection legal matter”.

1.3 When you contact us by e-mail or via a contact form, we will store the data you provide (your e-mail address, if applicable your name and your telephone number) in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.

1.4 If we make use of contracted service providers for individual functions of our website or if we would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. In this process, we also mention the set criteria for the storage period.

§2 Your rights

2.1 If you: wish to view, confirm, correct, revise, update, supplement, anonymize, block, restrict or delete your personal data; want to object to or restrict the use of your personal data by us; have questions about the processing of your personal data; or if you want us to share your personal data with another person or company, please contact us using the contact details given in § 1.

2.2 We grant you all rights in relation to your personal data to which you are entitled under applicable law. If you have any complaints about the handling of your personal data, you can contact a supervisory authority under data protection law (Art. 13 Para. 2 lit. d GDPR). Alternatively, you can contact us using the contact details given under § 1

§3 Objection or Revocation of Consent

  • If you have consented to the processing of your data, you can revoke this at any time by informing us accordingly using the contact data given in § 1. Such revocation covers the processing of your personal data from the point in time of the revocation.
  • As far as we base the processing of your personal data on a balance of interests (Art. 6 para. 1 sentence 1 f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which we describe in the following description of the features. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as done by us. In the event of an objection, we will check the situation and either stop or adapt the data processing or point out to you our compelling reasons warranting protection, as a result of which we will continue the processing.

§4 Collection, processing and use of your data

4.1 When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. We then collect the following data, which we require technically in order to display our website to you and to guarantee stability and security (legal basis is Art. 6 Par. 1 S. 1 lit. f GDPR, whereby our legitimate interest lies in the technical possibility of operating the website):

  • IP address;
  • Date and time of the request;
  • Time zone difference to Greenwich Mean Time (GMT);
  • Content of the request (specific page);
  • Access status/HTTP status code;
  • Amount of data transferred in each case;
  • Website from which the request comes;
  • Browser;
  • operating system and its interface; and
  • Language and version of the browser software.

These data we store for a period of 7 days.

4.2 When using our software, we collect the data provided by you as part of the cultural assessment offered, including information on working style, preferences and standards. We then link the data provided to create an individual cultural profile of you, your work unit and the company employing you. We send the data provided, usually in compressed form, to the company you work for or to which you have applied. All these processing procedures are carried out on the basis of the consents you have given when using the software (Art. 6 para. 1 s. 1 lit. a GDPR) and to fulfil your employment contract or to carry out pre-contractual measures in connection with your application (Art. 6 para. 1 s. lit. b GDPR).

4.3 In addition, we will only process your personal data if

a) there is a legitimate interest regarding the operation of the website, in particular:

  • for answering inquiries;
  • for the implementation of direct marketing measures;
  • for the provision of services and/or information intended for you;
  • for the operation and administration of our website;
  • for the technical support of users;
  • for the prevention and detection of fraud and criminal offences; and/or
  • for ensuring network and data security, insofar as these interests are in line with the prevailing law and with the rights and freedom of the user, respectively

b) you have consented to its use for the lawful purposes specifically stated; or

c) we are legally obliged to do so.

4.4 If you do not wish to provide the personal data requested by us, we may not be able to provide the information and/or services you request or to perform certain tasks for which the personal data is requested. However, your visit to the website remains unaffected.

Refusing Advertising Communications: You have the right to object to the sending of advertising messages at any time free of charge. Please use the contact details given in this Data Protection Declaration or the “Unsubscribe” option, which is contained in all advertising emails sent by us and in other advertising communications.

§5 Deletion of stored data

Your stored personal data (including data collected in accordance with § 4.2 and § 4.3) will be deleted if the deletion does not conflict with statutory retention obligations or if the personal data is no longer required for its intended use in accordance with Art. 17 DSGVO, in particular after revocation of any consent (cf. § 3 of this policy). If there is a legally permissible purpose for the further storage of personal data, their processing is restricted in accordance with Art. 18 DSGVO in which these data are blocked and no longer processed. This applies in particular to data that must be kept for legal reasons.

§6 Use of cookies on our site

Information on the use of cookies on our website can be found in our cookie statement (see below).

§7 Use of social media plug-ins

7.1 We currently use the following social media plug-ins: Facebook, Google, Twitter and LinkedIn. For this we use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the mark on the box above its initial letter or logo. We offer you the option of communicating directly with the plug-in provider via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned in §3.1 of this policy will be transmitted. In the case of Facebook, the IP address is made anonymous immediately after it has been collected, according to the provider in Germany. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and eventually stored there (for US providers in the USA). The plug-in provider collects the data in particular via cookies. It is possible to delete all cookies via the security settings of your browser (cf. §6 of this statement) before clicking on the icon of the respective social media plug-in.

7.2 With regard to the plug-in providers, we have no influence on the data collected within the scope of the respective third-party offer and on the data processing activities, nor are we aware in detail of the full scope of data collection, the purposes of processing, the storage periods and the deletion process with regard to the plug-in providers.

7.3 The plug-in provider may save the data collected about you as user profiles and use these profiles for the purposes of advertising, market research and/or demand-oriented design of its website. In particular, such analysis may (even for users who are not logged in) be used to display demand-oriented advertising and – depending on the plug-in provider’s offer – to inform other users of the social network about your activities on our website in connection with the plug-in offer. You have the right to object to the creation of these user profiles, however you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users. The legal basis for the use of the plug-ins is Art. 6 para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer.

7.4 When you activate the field, the data is passed on regardless of whether you have an account with the plug-in provider and are logged in there or not. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider will also save this information in your user account and communicate it to your contacts publicly. You can avoid the assignment of information to your profile with the plug-in provider by logging out of the respective social network after using it, but in particular before activating the button on our website.

7.5 Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection policies of these providers linked below. They will also provide you with further information about your rights in this regard and the setting options to protect your privacy:

§8 Using the blog functions

8.1 In our blog, where we publish various blog entries on topics related to our activities, you can make public comments. Your comment will be published with your username. You can use a pseudonym instead of your legal name. User name and e-mail address are required, all other information is voluntary. If you make a comment, we save your IP address, which we delete after seven days, unless we are legally obliged to keep it for a longer period (cf. § 5 of this declaration). The storing we need so we can defend ourselves against liability claims in cases of possible publication of illegal content. We need your e-mail address in order to contact you if a third party should object to your comment as unlawful. The legal basis is Art. 6 para. 1 S. 1 lit. b and f GDPR. Comments will not be reviewed before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties.

8.2 When writing your comment you can check a box at our e-mail service. This will keep you informed when other users leave a comment to that blog entry. We use the double opt-in procedure for this service, i.e. you will receive an e-mail in which you must click to confirm that you are the owner of this e-mail address and wish to receive the notifications. You can unsubscribe from the notifications at any time by clicking on the link contained in the e-mail. Your personal data, including your e-mail address, the time of registration for the Service and your IP address will be stored by us until you unsubscribe from the notification service.

8.3 Our commenting function uses the “Disqus” plug-in operated by Disqus, Inc., http://www.disqus.com, which is responsible for processing the comments (“Disqus”). With Disqus you can comment on our blog entries and your comment is stored and displayed as long as the blog entry itself is online on our website, if you do not delete your comment before. You can use the comment function as a guest without registration as well as a registered Disqus user on all websites that use Disqus. You can also sign in using your accounts with third-party providers Facebook, Twitter or Google. When registering via your access data to a third party provider, the latter will also process your personal data, the details of which we do not know. Disqus provides us with the data collected by the commenting function. The legal basis is Art. 6 Par. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer. The contact details of the person responsible are as follows: Disqus, Inc, 123 Townsend Street, Suite 400 San Francisco, California 94107, USA. For more information about Disqus’ processing of your data, please see Disqus Terms of Use and Privacy Policy. Disqus has submitted to the EU-US Privacy Shield.

§9 Use of Google Analytics

9.1 This website uses Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help analyze how you use the site. The information generated by the cookie about your use of this website is generally transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. At the order of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

9.2 The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data, according to Google.

9.3 You may refuse the storage of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: browser plug-in (https://tools.google.com/dlpage/gaoptout?hl=de).

9.4 This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are shortened before further processing, so that a personal relationship can be ruled out. As far as the data collected about you is person-related, this will be excluded immediately and the personal data will thus be deleted immediately.

9.5 We use Google Analytics to analyze and regularly improve the use of our website. With the statistics gained we can improve our website and make it more interesting for you as a user. For the cases of exception, in which personal data are being transmitted into the US, Google has submitted to the EU-US Privacy Shield, EU-US Privacy Shield. The legal basis for the use of Google Analytics is Art. 6 para 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

9.6 You can request information from the third party provider by post: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Here you will find the user conditions, the data protection overview, as well as the data protection declaration.

§10 Use of Google Tag Manager

10.1 In order to ensure the use of Google Analytics and Hotjar on our website, we use Google Tag Manager, a service provided by Google, to implement them. This enables us to implement code snippets such as tracking codes or conversion pixels on our website. The Tag Manager captures interactions that occur on our website. It then sends these to the connected tools. The analysis of your data is not possible with the Tag Manager, but is done in the respective analysis tool (e.g. Google Analytics, Hotjar etc.). The legal basis for the use of Google Tag Manager is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

10.2 Further information on this service can be found right here. Further information on the processing of your data can be found in the data protection provisions of the provider: Privacy Policy.

10.3 For the transmission of data to Google in connection with the Google Tag Manager see §9.5 of this policy.

§11 Use of Hotjar

11.1 This website uses the web analysis service Hotjar. With this tool, movements on the website on which Hotjar is used can be traced (so-called heatmaps). For example, you can see how far users scroll and which buttons users click and how often. It is also possible to request feedback directly from website users. This provides us with valuable information to make our websites even faster and more customer-friendly. The legal basis for the use of Hotjar is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

11.2 When using this tool, we pay particular attention to the protection of your personal data. So we can only reconstruct which buttons you click and how far you scroll. Areas of the website in which personal data of you or third parties is displayed are automatically hidden by Hotjar and are therefore at no time reproducible.

11.3 Hotjar offers every user the option of using a “Do Not Track Header” to prevent the use of the tool Hotjar, so that no data about the visit of the respective website is recorded. This is a setting that supported by all common browsers in their current versions. To do this, your browser sends a request to Hotjar with the instruction to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you must set up the “Do Not Track Header” for each of these browsers/computers separately. Detailed instructions with information about your browser and the possibility to choose the opt-out function can be found here.

11.4 Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788). More information about Hotjar Ltd. and the Hotjar tool can be found here. The privacy policy of Hotjar Ltd. can be found here.

§12 Use of Smartlook

12.1 This website uses the web analysis service Smartlook. With this tool, movements on the website on which Smartlook is used can be traced. For example, you can see how far users scroll and which buttons users click and how often. It is also possible to get feedback directly from the users of the website. This provides us with valuable information to make our websites even faster and more customer-friendly. The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

12.2 When using this tool, we pay particular attention to the protection of your personal data. This way we can only see which buttons you click and how far you scroll. Areas of the websites in which personal data of you or third parties are displayed are automatically hidden by Smartlook and are therefore at no time reproducible.

12.3 Smartlook offers every user the possibility to prevent the use of the tool Smartlook with the help of a “Do Not Track Header”, so that no data about the visit to the respective website is recorded. This is a setting supported by all common browsers in their current versions. For this your browser sends a request to Smartlook, with the instruction to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you must set up the “Do Not Track Header” for each of these browsers/computers separately. Detailed instructions with information about your browser can be found under the following link.

12.4 Smartlook is a European company based in the Czech Republic (Smartlook, Milady Horakove 13, 60200 Brno, Czech Republic (EU), e-mail: [email protected]). More information about Smartlook and the Smartlook tool can be found here. You find the data security policy of the software Smartlook under the following link.

§13 Use of Amplitude

13.1 We use the Amplitude software to improve our website applications. When you visit our website, this software creates behavioral product analyses to meet your needs. The legal basis for this application is Art. 6 para. 1 sentence 1 f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly website and its continuous optimization.

13.2 If you have any questions regarding the collection, processing or transfer of your data, please contact Amplitude Inc. 501 2nd Street, Suite 100, San Francisco, CA 94107, E-mail: [email protected] Or use the website for more information. You can find the data protection policy under this link. Amplitude is in accordance with the EU-US Privacy Shield.

§14 Use of Intercom

14.1 To improve the user experience in our applications, we use the Intercom service of Intercom Inc. for sending messages by e-mail and for live chats. “(“Intercom”). When using the chat window at the bottom right of our website, we transmit your e-mail address and your name to Intercom as personal data. The legal basis for this use is Art. 6 Par. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer.

14.2 Intercom is an American company based in San Francisco, 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA. You can contact Intercom directly via the contact form on the Intercom website. If you would like more information about Intercom, please visit the website. Intercom has agreed to the EU-US Privacy Shield. Further information on data protection at Intercom can be found at this link.

§15 Use of Mixpanel

This website uses Mixpanel, a web analysis service from the United States of America. You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Mixpanel by following this link and declaring an opt-out.

§16 Using Facebook Pixels

16.1 Our website uses the remarketing function “Custom Audiences” of Facebook Inc. “(“Facebook”). This function is used to present interest-based ads (“Facebook Ads”) to you as a visitor to our website when you visit the social network Facebook. For this purpose, Facebook’s remarketing tag has been implemented on this website. This tag establishes a direct connection to the Facebook servers when you visit the website. When you visit this website, the tag is sent to the Facebook server and Facebook assigns this information to your personal Facebook user account. The legal basis for this use is Art. 6 Par. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer.

16.2 For more information about Facebook’s collection and use of the information, and your related rights and choices to protect your privacy, please see Facebook’s Privacy Policy. Alternatively, you can deactivate the remarketing function “Custom Audiences” here (Opt-Out). You must be logged in to Facebook to do this.

16.3 For the transmission of data to Facebook in connection with the Facebook pixel, see § 5 of this policy.

§17 Use of wordpress.com-stats/Jetpack

17.1 This website uses the web analysis service Jetpack (formerly WordPress.com-Stats) to analyze and regularly improve the use of our website. We can improve our website and make it more interesting for you as a user. We also use the system for measures to protect the security of the website, e.g. the detection of attacks or viruses. For the exceptional cases in which personal data is transferred to the USA, Automattic Inc. has agreed to the EU-US Privacy Shield. The legal basis for the use of Jetpack is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

17.2 For this analysis, cookies (more details in § 3) are stored on your computer. The information collected in this way is stored on a server in the USA. If you prevent the storage of cookies, we point out that you may not be able to use this website in its entirety. It is possible to prevent the storage of cookies by settings in your browser or by clicking the “Click here to Opt-out” button.

17.3 This website uses Jetpack with an extension that shortens IP addresses immediately after they are collected in order to exclude any possible personal identification.

17.4 Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA, https://automattic.com/privacy, and the third-party tracking technology provider: Quantcast Inc., 201 3 rd St, Floor 2, San Francisco, CA 94103-3153, USA, https://www.quantcast.com/privacy.

§18 Integration of Vimeo videos

18.1 We have included Vimeo videos in our online offer, which are stored on https://vimeo.com/de/ and can be played directly from our website.

18.2 Vimeo will be informed if you have accessed the corresponding subpage of our website. In addition, the data mentioned in §1 of this policy will be transmitted. This is independent of whether Vimeo provides a user account through which you are logged in or whether no user account exists. Vimeo stores your data as a user profile and uses it, possibly for the purposes of advertising, market research and/or the design of its website according to demand. In particular (even for users who are not logged in), such an evaluation can lead to demand-oriented advertising and – depending on the offer of the provider – to information of other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Vimeo to exercise this right.

18.3 Further information on the purpose and scope of data collection and processing by Vimeo can be found in Vimeo’s Privacy Policy. There you will also find further information about your rights and setting options to protect your privacy.

§19 Integration of YouTube videos

19.1 Our online offer may include YouTube videos that are stored on YouTube and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data specified in 19.2 be transmitted. We have no influence on this data transmission.

19.2 YouTube will be informed that you have accessed the corresponding subpage of our website. In addition, the data specified in § 3.1 of this policy will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation can take place in particular (even for not logged in users) for the provision of demand-oriented advertising and if necessary – depending on the offer of the provider – for the information of other users of the social network about your activities in connection with the offer on our website. You have the right to object to the creation of such a user profile, whereby you must contact YouTube to exercise this right.

19.3 Further information on the purpose and scope of data collection and processing by Youtube can be found in Youtube’s Privacy Policy. There you will also find further information about your rights and setting options to protect your privacy. For the cases of exception, in which personal data are being transmitted into the US, Google has submitted to the EU-US Privacy Shield.

§20 Use of Sentry

20.1 On our website, we use the Sentry (“Sentry”) software from Functional Software, Inc. to help us identify programming errors as quickly as possible and to make the use of the website more efficient and user-friendly. The legal basis for this use is Art. 6 para. 1 S 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly website and its continuous optimization.

20.2 Functional Software Inc. can be reached via 132 Hawthorne St, San Francisco, CA 94107, or by e-mail ([email protected]). You can access Sentry’s privacy policy here.  Functional Software, Inc. has made itself subject to the EU-US privacy shield.

§21 Auth0

21.1 In order to increase the user-friendliness of our product, we use Auth0 from Auth0 Inc. With Auth0, our users have the option of logging in directly with their social accounts (e.g. Gmail or LinkedIn) instead of creating an account manually. We share our users’ information with Auth0 Inc., primarily name, email address, gender, location and IP address. The legal basis for the use of Auth0 is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

21.2 Auth0, Inc. can be reached via 10900 NE 8th Street, Suite 700, Bellevue, Washington 98004, tel. +1 888 235 2699. Further information about Auth0 can be found here, the corresponding data protection policy can be found here. Auth0 Inc. has adopted the EU-US Privacy Shield.

§22 Slack

22.1 On our website it is possible to log in with the Slack software (“Slack”) using a Slack account. Slack is in relation to us a third party provider to whom we provide information about you (e.g. name and e-mail address). The legal basis for the transmission is Art. 6 para. 1 S 1 f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

22.2 Slack is operated by Slack Technologies, Inc. If you are a customer within the USA and Canada, please contact Slack Technologies Inc. at 500 Howard Street, San Francisco, CA 94105, USA. For customers outside the USA and Canada the following address applies: Slack Technologies Limited, 4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland.

22.3 Slack’s Privacy Officer can be contacted by post at Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland, tel. +353578684757 and via e-mail [email protected] The data protection regulations of Slack can be found here. Slack has sumbitted to the EU-US Privacy Shield.

 

§23 Use of Amazon Web Services

23.1 We use the cloud-based products of Amazon Web Services Inc. for the storage, analysis and processing of personal data obtained on the website, on the legal basis of Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly website and its continuous optimization.

23.2 Amazon Web Services, Inc. can be reached by post at 410 Terry Avenue North, Seattle WA 98109, United States or by phone +12062667010. More information about Amazon Web Services can be found here. The privacy policy is here, Amazon Web Services, Inc. has submitted to the EU-US Privacy Shield.

§24 Using HelloSign

24.1 When concluding contracts and sending offers to conclude a contract, we partly work with the HelloSign software. This enables us to process contracts quickly and in a customer-friendly manner. The legal basis for the use of the software is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimization.

24.2 HelloSign can be contacted by post at 301 Howard, Suite 200, San Francisco, California 94105, USA, or by e-mail: [email protected] For more information about HelloSign, please click here. Further information on data protection at HelloSign can be found here. HelloSign has submitted to the EU-US Privacy Shield.

§25 Newsletter; Hubspot

25.1 You can subscribe to our newsletter, with which we inform you about our current offers (for example company or product updates, market developments and blog posts with relevant topics, etc.). The advertised goods and services are named abstractly in the declaration of consent.

25.2 We use the double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to detect a possible misuse of your personal data.

25.3 The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we save your e-mail address for the purpose of sending the newsletter; if you cancel the newsletter, your e-mail address and any other data collected from you in connection with sending the newsletter will be deleted within one week, unless the data may be retained on the basis of a consent independent of the newsletter or another legal basis (cf. Art. 17 para. 1 b DSGVO). The legal basis for storage is Art. 6 para. 1 S. 1 lit. f GDPR.

25.4 You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can declare your revocation by clicking on the link provided in each newsletter e-mail.

25.5 To send our newsletter to a large number of subscribers, we use Hubspot’s e-mail transmission system. This software enables us to send the same content of the newsletter to all our customers and interested parties simultaneously, individualized if so desired. If you register to receive the newsletter by e-mail, you agree to the data transfer to Hubspot. You can revoke this consent at any time by clicking on the link provided in each newsletter e-mail (in this case you can no longer receive the newsletter). For more information about the purpose and scope of data collection and processing by the plug-in provider and your rights and privacy choices, please contact Hubspot, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States, +1 888 4827768 or review the privacy policy. Hubspot has also submitted to the EU-US Privacy Shield.

25.6 We would like to point out that we evaluate your user behavior when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For the evaluations we link the data mentioned in § 3.1 and the web beacons with your e-mail address and an individual ID. If you do not agree with the tracking, you can unsubscribe from the newsletter at any time by clicking on the link provided in each newsletter e-mail. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously.

25.7 In addition to sending newsletters, we also use Hubspot in other areas of the customer relations system. Hubspot can in particular track the receipt and reading of e-mails sent by us. The legal basis for the use of Hubspot is Art. 6 para. 1 S. 1 lit. a and f GDPR, whereby in the latter case our legitimate interest is the provision of an interactive and user-friendly web offer and its continuous optimisation.

25.8 If you would like to know more about Hubspot and the services of this software, please contact Hubspot, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States, Tel. +1 888 482 7768. The data protection declaration of Hubspot can be found here.

§26 Iterative consent concept

26.1 Bunch works with an iterative consent concept according to which your separate consent is required in order to carry out the following essential processing steps in the use of the software:

  1. login to the software
  2. create an individual cultural profile of yourself based on the data you entered in the assessment process;
  3. share your profile with your (potential) employer, and link your individual cultural profile with the profiles of your colleagues to enable a comparison and to create a team profile.

26.2 If you give your consent only for the first or only for the first two steps, the software can only be used to this limited extent. The further processing steps are then not carried out.

26.3 The legal basis for the processing steps described under § 1 is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by sending a message to our contact data given in §1 (cf. §3 of this policy).

§27 Data Security

Our website is hosted on servers operating in the EEA (European Economic Area). We take reasonable precautions to protect your personal data from unauthorized access. Data is stored in a sealed, certified data center on secure computers. The data is stored in encrypted form as far as possible. We regularly review our security policies and procedures to ensure the security of our systems. However, when transmitting data over the Internet, we cannot guarantee 100% security of the data transmitted to our website.

§28 Confidentiality

The data that you transmit to us will be treated confidentially. Personal data will not be sold, distributed, given to third parties for a fee or used commercially in any other way, but will be passed on to third parties exclusively for the purposes stated in this data protection policy. The confidentiality and security of your data will be maintained in accordance with our privacy policy and applicable law.

§29 Right of modification

29.1 We will always keep this privacy policy up to date. We therefore reserve the right to adapt this data protection policy in the event of legal and/or technical requirements, for reasons of clarifying explanations or changes to the software or our offer as well as data processing. However, the changes only apply with regard to declarations on data processing. To the extent, however, that parts of the data protection policy contain provisions of the contractual relationship with the users or that user consents are required, the respective change shall only take place with the consent of the users.

29.2 We therefore ask you to observe the current version of this data protection policy and to inform yourself regularly about the content of this data protection policy.

29.3 A printout or storage of the data protection provisions is possible at any time.   

 

 

COOKIE DECLARATION

of 12GRAPES GMBH

§1 Operator

In the following, the owner and operator of the website www.bunch.ai (“Website”), 12grapes GmbH (“12 grapes”, “we”, “us”, “our”), Invalidenstrasse 112, 10115 Berlin, Germany, registered in the Commercial Register of the Charlottenburg District Court (Berlin) under the registration number HRB 175460 B (Mail: [email protected]; Tel. +493045036582), informs about the cookies used on the website.

§2 Description of cookies

A cookie is a small text file that is sent by the respective servers when the service is visited and stored temporarily on the hard disk of the respective user. If the corresponding server is called up again, the user’s browser sends the previously received cookie back to the server. The server can then evaluate the information obtained by this procedure in various ways. There are basically two different types of cookies. On the one hand, session cookies that are only stored for a particular visitor session. This means that the cookies are automatically deleted immediately when the respective service is closed by the visitor/user. Secondly, temporary/permanent cookies that are stored on the user’s data storage medium for a longer period of time or indefinitely.

§3 Use of Cookies

3.1 12grapes uses both session cookies and temporary/permanent cookies for its services. When a user visits a service, cookies are sent to the user’s browser and stored on the user’s hard disk. These cookies serve to make our website more user-friendly, effective and secure. The cookies do not contain any personal data or any personal information about the user, so that we are not able to identify the person with the information obtained using the cookies. The information obtained serves exclusively the purpose of producing statistics on the use of our offer. This enables us to adapt our offer to your customer requirements in the best possible way. The session cookies are automatically deleted from the customer’s hard drive at the end of the browser session. However, 12grapes also uses cookies that remain permanently on the user’s hard disk. These cookies are required in order to recognize which visitor is visiting and what settings and entries this visitor requires when making a new visit. These cookies remain on the hard disk and delete themselves after the prescribed time. You can delete the cookies from the security settings of your browser at any time (see § 4 of this policy).

3.2 You will find all statistical and tracking services with detailed explanations and respective contact data in our data protection policy. The legal basis for the use of cookies is Art. 6 Para. 1 S. 1 lit. f GDPR, whereby our legitimate interest is the provision of an interactive and user-friendly website and its continuous optimization.

3.3 In order to make our website particularly user-friendly, we use the following cookies:

  1. _cfduid: The cookie is used to identify individual users behind a common IP address and to apply individual security settings for the individual user. It does not correspond to any user ID in the user’s web application and does not store any personal data. This cookie is stored for one year.
  2. Intercom-id-<UNIQUE_ID>: This cookie is used by Intercom (for more information about Intercom, Inc.’s Intercom product, please refer to our Privacy Policy under § 14) to clearly identify users and allow them to talk to us. This cookie is stored for one year.
  3. Hubspot Cookies: Since we use the Hubspot software (for more details on the Hubspot product, please refer to our data protection policy under § 25), we also use the cookies listed under this link. The duration of storage varies depending on the individual cookies.
  4. Facebook Pixels: Since we use this software from Facebook (for more information about the product Facebook Pixels from Facebook Inc. please refer to our privacy policy under §§ 7 and 16), we also use the cookies listed under this link. The storage time varies depending on the individual cookies (see link for details).
  5. Google Analytics: Since we use the Google Analytics software (more details on the product Google Analytics from Google Inc. can be found in our privacy policy under §§ 7 and 9), we also use the cookies listed under this link. The storage time varies depending on the individual cookies (see link for details).
  6. Hotjar: Since we use the Hotjar software (more details about the Hotjar product from Hotjar Ltd. can be found in our privacy policy under § 11), we also use the cookies listed under this link. The storage time varies depending on the individual cookies (see link for details).

3.4 The Bunch App (“App”) available at app.bunch.ai uses the following cookies:

  1. NPS_<UNIQUE_ID>_last_seen: This cookie is used by Wootrics to measure user satisfaction (NPS). The storage period is three months.
  2. _cfduid: The cookie is used to identify individual users behind a common IP address and to apply individual security settings for the individual user. It does not correspond to any user ID in the user’s web application and does not store any personal data. This cookie is stored for one year.
  3. ai: This cookie is used to track your use of the website. This cookie is stored for ten years.
  4. profile: This cookie contains information about the currently logged in user. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  5. unique_id: This cookie contains the unique_id of the registered user. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  6. intercom-state: This cookie records the status of the intercom device. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  7. id_token: This cookie is a security token used to authenticate the user when interacting with our system. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  8. Feedback: This cookie shows users the feedback you have given to various pages of our application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  9. expires_in: This cookie shows the expiration of the id-token in seconds from the moment it was granted. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  10. expires_at: This cookie represents the expiration date of the id_token, based on the expires_in cookie. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  11. auth0.auth.*: This cookie is used as a security block to protect the user from man-in-the-middle attacks when authenticating. This is an HTML5 storage cookie, the storage time of which you can find in § 3.5.
  12. ssodata: This cookie is a variable that is used to show users what email address they used the last time they logged in. This is an HTML5 storage cookie, the storage time of which you can find in § 3.5.
  13. amplitude_unsent_identify: This cookie is used to track the use of the website. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  14. amplitude_unsent: This cookie is used to track your use of the website. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  15. access_token: This cookie is a security token used to authenticate the user when interacting with our system. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  16. 16.  TEAM_PROFILE_EMPTY: This cookie registers the local status of the application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  1. SHOW_THANK_YOU: This cookie records the local status of the application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  2. ALERT_SURVEY_COMPLETED: This cookie registers the local status of the application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  3. ALERT_PERMISSIONS: This cookie registers the local status of the application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  4. ALERT_ONBOARDING: This cookie registers the local status of the application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  5. ALERT_FEATURE: This cookie records the local status of the application. This is an HTML5 storage cookie, the storage time of which you can find under § 5.
  6. For the software solutions of Google Analytics and Hotjar (for further information on this software please refer to §§ 9 and 11 of our data protection policy) we refer to the information provided under § 3.3 e) and f).

3.5 The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by activating private mode in your browser.

§4 Management of cookies; objection

4.1 The “Help” function of most Internet browsers provide information on how you can make various settings regarding cookies. You can prevent your browser from accepting new cookies or, in the event of a new cookie, you can receive notification from your browser or completely disable cookies. Please note that some features of the website and app may no longer be available if you disable cookies. Please also note that if the cookies set are deleted in your browser, the settings in connection with the processing of your data by us or third parties will also be deleted. If you delete the stored cookies in your browser, you must also re-enter the desired settings for processing your data by us or third parties.

You will find instructions on how to set your cookie settings on the most popular Internet browsers in the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647&p=cpn_cookies

Firefox: http://support.mozilla.org/en-US/kb/Blocking%20cookies

Safari: https://support.apple.com/kb/ph19214?locale=en_US

Opera: https://www.opera.com/help/tutorials/security/privacy/

You can learn more about cookies and the settings of your Internet browser on the following websites: www.meine-cookies.org, www.allaboutcookies.org.

You can object at any time to the use of cookies already used on the website by contacting the following e-mail address: [email protected]

4.2 Below you will find URLs to deactivation pages on which you can find out about a general objection to the use of cookies, i.e. to a general cookie opt-out

  1. deactivation page of the network advertising initiative (http://optout.networkadvertising.org/)
  2. deactivation page for US websites (http://www.aboutads.info/choices)
  3. deactivation page for European websites (http://www.youronlinechoices.com/uk/your-ad-choices/)

§5 Changes to the Cookie Policy

We keep this cookie policy up to date. We, therefore, reserve the right to adapt this cookie policy in the event of legal and/or technical requirements, for reasons of clarifying explanations or changes to the software or our offer as well as data processing. If we have already collected data about you and/or are subject to a legal obligation to provide information, we will additionally inform you about significant changes to our cookie policy and ask you for your consent.

 

All rights reserved. © bunch.aimade with love in berlin Terms & Conditions Legal Notice Data Protection
Yay cookies! We are using them too to improve your experience. Read more