Last Updated: April 8, 2019.
The protection of your personal data and the personal data administrated by you is important to us. According to the EU General Data Protection Regulation (EU GDPR), we are obligated to inform you for what purpose we collect, save or forward the data. From the information you can also learn, which rights you have in regard to privacy.
We have divided the declaration into the website itself and the activities within our provided cloud services.
Name and address of the responsible person for data processing
The person responsible for data processing according to the GDPR is:
Processing activities: website
Within the Pertuniti app, only such details are transmitted through the contact form to employees of Pertuniti GmbH, which you enter into the form, as well as the time of your request. The contact form is exclusively accessible via SSL. After successful submission, the contents are saved within our cloud service, which exclusively allows access via SSL.
For this website, we do not record server logs ourselves. However, this website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files, which are saved on your computer and which allow an analysis of your use of the website. The information about your use of this website generated by the cookie is normally transmitted to a server of Google in the USA and saved there. In the case of the activation of the IP anonymization on this website, your IP address will be shortened beforehands by Google within the member states of the European Union or in other contract states of the treaty about the European Economic Area. Please note that on our website Google Analytics has been extended by the code for anonymizeIp, to guarantee an anonymized gathering of IP addresses (so-called IP-masking).
Only in exceptional cases, the full IP address will be transmitted to a server of Google in the USA and shortened there. On behalf of the operator of this website, Google will use this information to validate your use of the website, to arrange reports on the website activities and to perform other services related to the use of the website and the use of the internet to the website operator. The IP address transmitted by your browser within the framework of Google Analytics will not be brought together with other data of Google.
You can prevent the storage of the cookies through corresponding settings in your browser software; however, please note that in this case you may not be able to use all the functions of this website to full extent. Furthermore, you can prevent the gathering of the data related to your use of the website, which is generated by the cookie (incl. your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. You can also prevent the gathering by Google Analytics, by clicking on the following link. Hereby all the cookies of this website will be deleted, provided they have been set: Remove Google Analytics.
Processing activities: cloud service
Purpose of the data processing
The purpose of the offer is to allow you the data processing of your case, project or process data. For this, we process personal data, which you create, change or synchronize in our application. As a user, you remain “master of your data” and responsible position according to GDPR article 24.
We therefore process personal data automatically, to be able to display them in the different access options, and to connect, change and synchronize them within your team. Furthermore, by your support enquiries we may not be able to avoid seeing personal data saved by you or at specific questions (“How can I…”) also indeed content-relatedly referring to according information. Should such constellations occur, you can avoid corresponding processing, in re-enacting corresponding problems with purely fictitious data without direct personal references.
For our cloud service, we analyze the saved information on an aggregated level, to gather e.g. the average amount of linked elements, the type of links, the length of typical activity streams, not or scarcely used features and similar questions to improve the application. In this process we are not interested in the concrete contents, that also indeed do not regard us, but exclusively in the use of the application.
Above this, data processing also takes place to meet legal requirements and connected duties.
Categories of processed personal data
The categories of processed personal data of the by us collected information are limited to account data and support information.
The categories of processed personal data, which are saved within our cloud service, depend on captured categories of processed personal data that you collect. If you want to process specific categories of personal data (e.g. health data) with our application, you should contact us for a data processing agreement (DPA, before beginning the processing!).
Receiver of personal data
Our infrastructure is implemented through infrastructure-as-a-service offers of known cloud providers with high privacy standards. Currently, all stored information is processed in German data centers - except for Stripe, Inc. (see Order processing).
For payments by credit card, we use the payment service provider Stripe, Inc. (hereinafter “Stripe”). Information is transmitted to Stripe in case you
- have chosen a credit card as your payment method and transactions are made for this credit card
- hhave enabled the dialog for adding a credit card in the settings: The Stripe API collects information to prevent fraud and transfers it to Stripe in addition to the actual credit card information. This mechanism remains active after the dialog is closed until the page is reloaded. For this reason, an icon (“Stripe”) in the title bar will draw your attention to the current transfer, which you can use to reload the page directly.
If you do not agree to a transfer to Stripe, Inc., please choose to pay by invoice or contact us for other payment options.
Planned duration of storage
We store personal data only as long as it is necessary by legal requirements and for a reasonable fulfillment of our service. That means concretely that we have to store data (e.g. invoice information), for which legal storage requirements exist, at least for this duration. Furthermore, we store information filed by our users in our application, until they remove this information themselves.
If you delete your organization from our platform, we hold the information, for which we do not need to implement longer legal storage durations, still for a maximum of three months, to be able to react to an unintended deletion flexibly. You can shorten this timespan with a request for direct deletion.
Rights of the concerned
Our customers remain in the responsible position according to GDPR article 24 and are thus your contact person, should personal data in these organizations be processed through our platforms. For your rights according to GDPR chapter III (article 12 - 23) we could not check ourselves, whether personal data concerning you are processed, respectively whether reasons exist, which would prohibit an information or action from our side.
For the data gathered by us, for which we are not active as data processor, we are however contact person and can guarantee your following rights:
Right of information
You have the right to obtain a confirmation, whether personal data related to you is being processed. If this is the case, you also have a right of information about this personal data and of the in GDPR article 15 paragraph 1 listed information, as e.g. processing purposes and categories of personal data, which are being processed.
Right of rectification
If you assume, e.g. after obtaining the information through the right of information, incorrect details of the by us saved personal data related to you, you can demand rectification.
Right of deletion (“Right to be forgotten”)
You have under certain conditions the right of deletion of your personal data. These conditions are described completely in GDPR article 17.
Right of restriction of processing
You have the right to demand the restriction of the processing of your personal data, if one of the prerequisites in GDPR article 18 paragraph 1 is met, e.g. if the correctness of the personal data is denied for a duration, which enables us to examine the correctness of the corresponding data.
Revocation of consents and contradiction of processing
Furthermore you can revoke the given consent for data processing at any time (GDPR article 7 paragraph 3) and contradict the processing according to GDPR article 21.
Right of data portability
You have the right of data portability, that means of obtaining your personal data in a structured, common and machine-readable format and of transmitting this information from us to another responsible person without hindrances, when the conditions in GDPR article 20 paragraph 1 are met, which means among others, that the processing takes place with the help of an automated procedure.
Consider also for this right, that we support numerous web standards and protocols, with which you can very easily import information into other systems via your corresponding client applications, e.g. address books.
Right of appeal at a supervisory authority
If in your opinion during processing your personal data we violate the General Data Protection Regulation or other regulatory requirements concerning data protection, you have the right to complain to the responsible supervisory authority for privacy. For Pertuniti GmbH, this involves the Bavarian State Office for Data Protection Autority:
Bayerisches Landesamt für Datenschutz
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Hausanschrift Postanschrift Promenade 27 (Schloss)
The processing of your personal data takes place through an order of you respectively our customer (GDPR article 6 paragraph 1 letter b), which means when an account has been created in our cloud service. Moreover, processing can take place through consent for specific purposes, as e.g. for support enquiries, which means on the basis of GDPR article 6 paragraph 1 letter a. When we get the order to process personal data for our customers, our customers are responsible for a corresponding legal basis for the processing, which means e.g. an explicit consent, an own processing in commission with corresponding legal basis or for further possible conditions in accordance with GDPR article 6.