Privacy Policy of ready2order GmbH

In this privacy policy, we therefore inform you as transparently as possible about the most important aspects of data processing within the framework of our website. They should be given an overview of the type, scope and purpose of the collection and use of personal data. Personal data is any information relating to an identified or identifiable natural person. This includes information such as your name, email address, mailing address, or phone number. If we speak of data in this privacy policy, this always refers to personal data.

Note: This is a translation of the German version of the Privacy Policy. In case of any conflict or contradiction between the translated and the German version, only the German version shall prevail.

All data collected by ready2order is protected against misuse by technical and organizational measures to the best of our ability. In particular, we use state-of-the-art encryption on our website. Personal data will be deleted as soon as it is no longer needed for the respective purpose and the data is not subject to any legal retention obligation.

We take the protection of your personal data very seriously. Of course, we always treat your personal data in accordance with the statutory data protection regulations. We have appointed an expert and reliable external data protection officer. The external data protection commission is carried out by UIMC Dr. Voßbein GmbH & Co KG (www.uimc.de/datenschutz).

In the following, we would like to inform you about the processing of personal data:

  • Privacy Policy of the Website
  • Register on our website for an online demo
  • Use of our online shop and mail order business
  • Subscribe to the newsletter
  • Participation in surveys
  • Appointments
  • Plugins
  • Cookies and analysis of the use of our website
  • Data protection in the processing of personal data of our business partners (B2B)
  • Data protection in the context of application procedures
  • Rights of data subjects (applies to everyone)

We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, e.g. when new services are introduced. The new privacy policy will then apply to your return visit.

Responsible body

ready2order GmbH
Hintere Zollamtsstraße 17
1030 Vienna
Austria

E-mail: [email protected]
Phone: +43 1 240 99 82

Managing Director: Markus Bernhart

Contact the external data protection officer

UIMC Dr. Voßbein GmbH & Co. KG
Dr. Jörn Voßbein
Address: Fleischmarkt 1/6/12, A-1100 Vienna
Phone: +43 1 20 5107 3383

Contact the data protection team at ready2order

If you have any further questions about data protection, please feel free to contact our data protection coordinator directly via e-mail: [email protected] 

 

Privacy Policy of the Website

In principle, you can use our online services without disclosing your identity. If we request personal data (such as name, address or e-mail address) on the website, e.g. in the context of contact forms or during registration, this is done on a voluntary basis. We use this information for our own business purposes (such as sending the requested materials/information).

If you contact us by e-mail or contact form on the website, the information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions. The personal data voluntarily transmitted to us in this context is used by us to process your request and to contact you. The legal basis for the transfer of the data is Art. 6 para. 1 lit. a or Art. 6 para. 1 lit. b GDPR. This personal data will not be passed on to third parties. The personal data collected by us for the use of the contact form will be deleted after the enquiry you have made has been completed and after the expiry of the retention obligations under tax and commercial law.

Disclosure of data / order processing

A transfer to third parties, for commercial or non-commercial purposes, will not take place without your express consent. We will only share your personal data with third parties if this is legally permissible [such as on the basis of Article 6 GDPR] and/or required. In some cases, we use service providers as part of order processing in accordance with Article 28 GDPR. Full responsibility for data processing remains with us and the processors are bound by contractual provisions.

For the purposes of hosting our platforms and back-up services, we use processors, so that personal data stored on our platforms is transmitted to these processors. These processors are Amazon Web Services Inc. (server location: Frankfurt), for https://support.ready2order.com/l/de HelpDocs Ltd (Evolution House Iceni Court, Delft Way, Norwich, Norfolk, England, NR6 6BB).

We also use Cloudflare, a service of Cloudflare Inc. (101 Townsend Street, San Francisco, 94107 CA), for our website. Cloudflare is used as a CDN ("Content Delivery Network"). This is an intermediate memory that optimizes loading times on our website and protects it from security risks. For these purposes, a cookie is placed on the computer of the website visitor (see below for the definition and functioning of cookies). The collected raw data is usually deleted within 4 hours, at the latest after 3 days. Here you can find more detailed information about the data collected there  and about security and privacy at Cloudflare. Standard contractual clauses have been concluded to secure data transfer to the USA.

Logging

Each time the website is accessed, logs are created and processed for statistical purposes, whereby the individual user remains anonymous as long as he or she does not register:

 - IP address- Date and time of the request- Time zone difference to Greenwich Mean Time (GMT)- Content of the request (specific page)- Access status/HTTP status code- Amount of data transmitted in each case- Website from which the request comes- Browser- Operating system and its interface- Language and version of the browser software- The country from which the visitor comes

The aforementioned data is processed by us on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the following purposes:

 - Ensuring a smooth connection to the website, - Ensuring comfortable use of our website and - Evaluating system security and stability.

 We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use. The data will be deleted immediately when it is no longer required to achieve the purpose, but no later than six months.

Register on our website for an online demo

When registering to use the trial version of our software, some personal data is collected, such as name, company name and contact details. If this information is mandatory, we will need it to set up your account and provide you with the trial version. For the performance of the contract, we therefore rely on the legal basis of Art. 6 (1) (b) GDPR. In the case of additional voluntary information, we rely on your consent in accordance with Art. 6 (1) (a) GDPR. The data will be retained for the duration of the use of the online demo and to comply with statutory retention periods.

Use of our online shop and mail order business

If you want to order something in our online shop, we process personal data in order to be able to process the order and payment. You have the choice of providing your existing ready2order contact details or whether you want to create an account where your data will be stored for the use of the software. Mandatory information required for the execution of the contracts is marked separately, further information is voluntary. We will use the data you provide to process your order. To this end, we pass on your contact details and payment data to selected payment and shipping service providers who support us in this area. For the performance of the contract, we therefore rely on the legal basis of Art. 6 (1) (b) GDPR.

We also store your contact details and order data for financial accounting purposes, if required by law. We rely on a legal obligation pursuant to Article 6 (1) (c) GDPR for this processing.

Subscribe to the newsletter

When subscribing to our newsletter, you will receive information on the following products and topics: Changes in the legal situation on the subject of cash registers, event information, new products, discount campaigns, referral programs, advertising content, promotions and solutions as well as the development of the ready2order GmbH company. For this purpose, your name and email address will be processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Our newsletters contain so-called cookies or tracking pixels (see below for the definition and functionality of cookies). This means that data, such as when the newsletter was opened and which links were clicked, is processed and stored by our shipping service provider. If you subscribe to the newsletter, you also consent to this data processing in accordance with Art. 6 (1) (a) GDPR, as we need this data to improve the mailings to the newsletter recipients and to adapt them to their reading habits.

You can revoke your consent to the above-mentioned processing at any time via the link in each newsletter with effect for the future. If this is not technically possible, you can also send this revocation to [email protected] by e-mail  .

The newsletter is sent by the shipping service provider Customer iO, a shipping platform of the provider Peaberry Software Inc., 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105. The processor acts as a processor and is accordingly contractually bound by the conclusion of the order processing agreement. For data transfers to the USA, there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework. Information about the data protection regulations of the shipping service provider can be found at:https://customer.io/legal/privacy-policy/. The following personal data will be transferred to the shipping service provider: first name, last name, email address and customer number.

The data will be stored until you revoke the sending of the newsletter.

In order to ensure that you do not receive any further mailings from us in the future, we will store your data internally in a blocking file ("blacklist") in this case. This is the only way to ensure that you will not receive any further mailings from us in the future. The legal basis for this is Article 21 (3) in conjunction with Article 17 (3) (b) and Article 6 (1) (f) of the General Data Protection Regulation. If you wish to have your data completely deleted, you can inform us informally (e.g. by sending an e-mail to [email protected]).

 

Sending direct advertising via e-mail / in-app notifications / SMS without the consent of the customer or former customers / interested parties

We will send you promotional e-mails / in-app notifications / SMS that are sent to you for direct marketing purposes (incl. e-mails with the offer to subscribe to the newsletter; Application of Friend Bonus Programs; or invitations to customer events), even without consent, and process your data for this purpose if:

  1. We have received the contact information for the message relating to the sale or service to you as our customer or prospect, and
  2. this message is for direct advertising of its own similar products or services, and
  3. you are clearly and unambiguously given the opportunity in this e-mail / in-app notification / SMS to reject such use of the electronic contact information free of charge and without any problems at the time of its collection and additionally at each transmission and
  4. You have not refused to send them from the outset, in particular not by entering them in a list maintained by an authority (RTR) (= the list mentioned in Section 7 (2) of the E-Commerce Act).

We would like to emphasise that these advertising measures are carried out exclusively by us and via our products on the basis of our legitimate interest and that your data will not be passed on to third parties.

In any case, electronic mail will not be sent for direct marketing purposes if:

  1. the identity is concealed or concealed by us in the email, or
  2. the provisions of Section 6 (1) of the E-Commerce Act are violated, or
  3. You are encouraged to visit websites that violate this provision, or
  4. there is no authentic address to which you can send a request to stop such messages.

The legal basis for this data processing is legitimate interest in accordance with Article 6 (1) (f) GDPR (direct marketing).

 The data will be processed until you object to such data processing. As part of the direct marketing in the application (In-APP Notification), appropriate settings can be made in the application to deactivate this function.

The information is generally sent by the shipping service provider Customer iO, a shipping platform of the provider Peaberry Software Inc., 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105. The processor acts as a processor and is accordingly contractually bound by the conclusion of the order processing agreement. There is an adequacy decision (Data Privacy Framework) for data transfer to the USA and the service provider has registered for the Data Privacy Framework. Information about the data protection regulations of the shipping service provider can be found at:https://customer.io/legal/privacy-policy/.  The following personal data will be transferred to the shipping service provider: first name, last name, email address and customer number.

In order to ensure that you do not receive any further mailings from us in the future, we will store your data internally in a blocking file ("blacklist") in this case. This is the only way to ensure that you will not receive any further mailings from us in the future. The legal basis for this is Article 21 (3) in conjunction with Article 17 (3) (b) and Article 6 (1) (f) of the General Data Protection Regulation. If you wish to have your data completely deleted, you can inform us informally (e.g. by sending an e-mail to [email protected]).

The targeting of the In-APP Notification is carried out by DATO SRL, via Botticini 13, Firenze, Italy. The processor acts as a processor and is accordingly contractually bound by the conclusion of the order processing agreement. In this case, such an in-app notification is sent to all users of a certain country. For information about DATO SRL's privacy policy, please visit https://www.datocms.com/legal/privacy-policy. The following of your personal data will be processed by this shipping service provider for us: customer number, email address and country.

If the dispatch takes place via SMS, then the dispatch service provider is Twilio Ireland Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland and Twilio Inc, 101 Spear Street, 5th Floor, San Francisco, CA 94105. These act as processors and are contractually bound accordingly by the conclusion of the data processing agreement. In some cases, data is transferred to the USA. There is an adequacy decision (Data Privacy Framework) for this third country transfer and binding internal data protection regulations approved by the European Commission (Binding Corporate Rules: see: https://www.twilio.com/en-us/legal/binding-corporate-rules). The following personal data will be transferred to this shipping service provider: First name, last name, customer number, telephone number, country and language preference. Information about the data protection provisions of the shipping service provider can be found at: https://www.twilio.com/en-us/privacy.

Sending e-mails regarding data anonymization/deletion

We process your data (in particular company name, account number/customer number, first name, last name, e-mail address and date of termination) in order to draw your attention to the fact that you should notify us if you wish us to continue to store your data for a fee and to agree a contract for the fee-based storage of your data. Furthermore, we will continue to store all your personal data stored up to that point for this purpose, as we will still give you the option of deciding to continue to store your data with us for a fee after termination. The legal basis for data processing is Art. 6 (1) point b GDPR.

The information is generally sent by the shipping service provider Customer iO, a shipping platform of the provider Peaberry Software Inc, 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105. This acts as a processor and is accordingly contractually bound by the conclusion of the data processing agreement. An adequacy decision (Data Privacy Framework) exists for the transfer of data to the USA and the service provider has registered for the Data Privacy Framework. Information about the shipping service provider's data protection provisions can be found at: . The following personal data is transferred to the shipping service provider: first name, last name, email address and customer number.

Your personal data will be processed and stored for this purpose for up to 180 days after termination. If there are legal retention requirements, the data will also be stored beyond this.

Corporate Social Responsibility - Projects

We process your data (company name, account number/customer number, address, first name, last name and email address) to check whether you are active in the non-profit sector and to send you emails for the implementation of our corporate social responsibility projects (in particular by offering you that our employees will support you in your work for a day) and the associated appointment arrangement.

This data processing is carried out on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 lit f GDPR (interest in operating as a non-profit company).

If you do not wish to receive such mailings from us, you can request the further use of your data for the purpose of realizing corporate social responsibility at any time by sending a text message to ready2order GmbH, Hintere Zollamtsstraße 17/5, 1030 Vienna or by email to [email protected] . Your data will be processed until you object to the sending of such emails/revoke your consent.

So that we can ensure that you do not receive any further mailings from us in the future, we store your data internally in a blacklist. This is the only way to ensure that you will not receive any further mailings from us in the future. The legal basis for this is Article 21 paragraph 3 i. V. m. Article 17 paragraph 3 letter b) and Article 6 paragraph 1 letter f) of the General Data Protection Regulation. If you would like your data to be completely deleted, you can inform us of this informally (e.g. by sending an email to [email protected]). 

The information is generally sent by the shipping service provider Customer iO, a shipping platform of the provider Peaberry Software Inc., 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105. This acts as a processor and is contractually bound by the conclusion of the order processing contract. There is an adequacy decision (Data Privacy Framework) for data transfer to the USA and the service provider has registered for the Data Privacy Framework. Information about the shipping service provider's data protection regulations can be found at: https://customer.io/legal/privacy-policy/ .  The following personal data is passed on to the shipping service provider: first name, last name, email address and customer number.

 Direct mailing (direct mail)

We process your data (esp. Company name, account number/customer number, first name, last name and address) on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR (sale of products and information of customers about legal changes).

We collect some of the data for the mailing from public registers if this was not collected directly from you in order to inform you about our offer. In the case of such mailings where your data has been collected from public registers, we will only send you a one-off mailing out of consideration for your rights and interests.

For shipping, we use a lettershop (Lettershop & More GmbH, FN 418460h, FB Court LG Korneuburg, Brünner Straße 241 – 243 / GHI-Park H03 + H04, 2201 Gerasdorf-Seyring; [email protected]), who acts as our processor and is contractually bound by a data processing agreement with us. We transmit your data to them (in particular company name, account number/customer number, first name, last name and address).

If you do not wish us to advertise, you can object to the further use of your data for advertising purposes at any time by sending a message in text form to ready2order GmbH, Hintere Zollamtsstraße 17/5, 1030 Vienna or by e-mail to [email protected] .

Your data will be processed until you object to the sending of direct mailings (direct mailings) / revoke your consent.

In order to ensure that you do not receive any further mailings from us in the future, we will store your data internally in a blocking file ("blacklist") in this case. This is the only way to ensure that you will not receive any further mailings from us in the future. The legal basis for this is Article 21 (3) in conjunction with Article 17 (3) (b) and Article 6 (1) (f) of the General Data Protection Regulation. If you wish to have your data completely deleted, you can inform us informally (e.g. by sending an e-mail to [email protected]).

 

Contact within the framework of the "Friends Bonus Program"

As part of this bonus program, we receive your data from an acquaintance of yours who has informed you about the disclosure of your contact details to us and has asked for your permission. We therefore process your data on the basis of the consent given to us by this person in accordance with Art. 6 (1) (a) GDPR in order to contact you and make our offer.

Your data will be used to provide you with information about our products and to inform you directly about the bonus program. If you are interested, enter into a pre-contractual relationship with us and we will continue to process your data in accordance with Art. 6 (1) (b) GDPR. You can find more information about our customer data processing under the item "Data protection in the processing of personal data of our business partners (customers/suppliers; B2B)" (see below).

If you are not interested, you can revoke your consent at any time with effect for the future (e.g. by e-mail to [email protected]) or by using the unsubscribe link in the e-mail.

We process your data for the purposes mentioned above until you withdraw your consent or for a period of up to 1 year. If you have become a customer in the meantime, the customer retention periods will apply to you. You can find more information about our customer data processing under the item "Data protection in the processing of personal data of our business partners (customers/suppliers; B2B)" (see below).

The information is sent by the shipping service provider Customer iO, a shipping platform of the provider Peaberry Software Inc., 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105. The data controller acts as a processor and is accordingly contractually bound by the conclusion of the data processing agreement. For information about the shipping service provider's privacy policy, please visit: https://customer.io/legal/privacy-policy/

 

Participation in competitions

We also occasionally organize competitions. The raffle will take place behind closed doors by drawing lots by an impartial person. Participation in the competition is voluntary and no purchase is necessary to participate or increase the chances of winning.

The winners will be notified via e-mail. Personal data (name, e-mail address and, if applicable, telephone number) will be processed exclusively for the implementation of this competition and will not be passed on to third parties. The legal basis for the data processing is Article 6 (1) (b) or (f) GDPR, as the data processing is necessary for participation in and implementation of the competition. The legitimate interest here is to increase customer satisfaction.

A condition of participation is often that we ask you to reply to our e-mail with individual words or short sentences. By submitting these answers, you declare your voluntary participation in the competition and the associated data processing for the fulfilment of the competition contract.

However, you can object to the data processing at any time by replying to this e-mail, but you will no longer be able to participate in the competition in the event of an objection. The objection does not affect the lawfulness of the data processing carried out before the revocation.

After the end of the competition, the data will no longer be processed for the purpose of conducting the respective competition. After the expiry of the retention obligations under tax and company law, the winners' data will be deleted. This retention obligation is usually equivalent to 7 years.  

Participation in surveys

General surveys:

Occasionally, we send our customers e-mails with external links to participate in a survey. The following personal data is processed: first name, last name, e-mail address and customer number.  If you access the external link to participate in an evaluation or survey (e.g. customer satisfaction survey) by clicking on the link in one of our e-mails, no information will be stored that would allow us to identify you as a participant in the survey.

From the moment you click on the link, only the date, time and duration of your participation in the survey are recorded, along with your IP address. To carry out these surveys, we use the service provider Survicate S.A. (Warsaw (postal code 02– 786 at ul. Zamiany 8 LU2). The data mentioned is required to deliver the survey content correctly and to optimise it for our users. The service provider acts as a processor and is contractually bound by the conclusion of the data processing agreement. Survicate S.A.'s servers are located within the EU. Therefore, no third-country transfer takes place.

The data is stored for 6 months from the date of sending the e-mails and then deleted.

Surveys after interaction:

We will also send this customer an SMS/e-mail with a request for feedback after an interaction with a customer (e.g. providing support). If the interaction takes place via SMS, your name, customer number, telephone number and timestamp will be processed; otherwise, first name, last name, e-mail address and customer number.

In this case, your survey results (e.g. ratings) are imported into the Salesforce instance of ready2order. Salesforce Inc. acts as a processor and is accordingly contractually bound by the conclusion of the data processing agreement. An adequacy decision (Data Privacy Framework) exists for the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA) and the service provider has registered for the Data Privacy Framework. 

Furthermore, your data will also be transferred to Domo Inc. Domo Inc. acts as a processor and is accordingly contractually bound by the conclusion of the data processing agreement. An adequacy decision (Data Privacy Framework) exists for the data transfer to Domo Inc. (data transfer to Domo Inc., i.e. to the USA) and the service provider has registered for the Data Privacy Framework. 

The data will be stored for as long as you have a valid contractual relationship with ready2order and for as long as ready2order is subject to retention obligations – whichever date is later.

General provisions regarding surveys via SMS/e-mail:

We will send you such e-mails/SMS, which are used to measure customer satisfaction and improve our services, even without your consent, and we will process your data for this purpose if:

We have received the contact information for the message in connection with the sale of a product or service to you as our customer or prospective customer and this message is for the direct advertising of our own similar products or services and you have been given the opportunity in this e-mail/text message to refuse such use of the electronic contact information at no cost and with no hassle when it is collected and additionally with each transmission and you have not rejected the sending from the outset, in particular by not registering on a list maintained by an authority (RTR) (= the list mentioned in § 7 para. 2 E-Commerce Act).

We would like to emphasise that these measures are carried out by us and through our products on the basis of our legitimate interest and that your data will not be passed on to third parties.

The sending of electronic mail for the purpose of measuring customer satisfaction and improving our services will not take place in any case if we disguise or conceal our identity in the e-mail, or
the provisions of Section 6 (1) of the Austrian E-Commerce Act are violated, or you are asked to visit websites that violate the aforementioned provision, or no authentic address is provided to which you can send a request to stop such messages.

The dispatch of e-mails/text messages is carried out by the dispatch service provider Customer iO, a dispatch platform of the provider Peaberry Software Inc, 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105 (hereinafter ‘Customer.io’). The latter acts as a processor and is accordingly contractually bound by the conclusion of the data processing agreement. An adequacy decision (Data Privacy Framework) exists for the transfer of data to the USA and the service provider has registered for the Data Privacy Framework. Information about the data protection provisions of the shipping service provider can be found at: https://customer.io/legal/privacy-policy/. The following personal data is transferred to the shipping service provider: first name, last name, email address and customer number.

In addition, customers' names, email addresses and telephone numbers are transmitted to Twilio Ireland Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland and Twilio Inc., 101 Spear Street, 5th Floor, San Francisco, CA 94105 (hereinafter “Twilio”).

Twilio acts as a processor and is contractually bound by the conclusion of the data processing agreement. Data is sometimes transferred to the USA for this purpose. An adequacy decision (Data Privacy Framework) and binding internal data protection rules (Binding Corporate Rules) approved by the European Commission exist for this third-country transfer (see: https://www.twilio.com/en-us/legal/binding-corporate-rules). The following personal data is transferred to this shipping service provider: first name, last name, email address and telephone number.
Information about the privacy policy of the shipping service provider can be found at: https://www.twilio.com/en-us/privacy.

With regard to the associated data processing, we refer to the legal basis of Art. 6 (1) (a) GDPR (consent) or – if no such consent has been given – Art. 6 (1) (f) GDPR, our legitimate interests (direct marketing).

As a matter of principle, you will receive e-mails inviting you to participate in surveys for as long as you are a customer of ours. However, you can object to the data processing at any time by sending an e-mail to [email protected]. The legality of the data processing carried out up to the point of revocation is not affected by the objection.

To ensure that you do not receive any further mailings from us in the future, we store your data internally in a blacklist. This is the only way to ensure that you will not receive any further mailings from us in the future. The legal basis for this is Article 21(3) in conjunction with Article 17(3)(b) and Article 6(1)(f) of the General Data Protection Regulation. If you wish your data to be completely deleted, you can inform us of this informally (e.g. by sending an e-mail to [email protected]).

Participation in reviews on online portals

We occasionally send our customers e-mails with an external link to participate in an evaluation of ready2order on online portals. If you click on this link independently, no information is stored that allows us to draw conclusions about you as a participant in the evaluation. The following personal data is processed: First name, surname, email address and customer number.

The legal basis for data processing is Article 6(1)(a) GDPR (consent) or, alternatively, Article 6(1)(f) GDPR (legitimate interest). The legitimate interest here is to obtain feedback in order to improve customer satisfaction and the company's image.

The emails are sent by the mailing service provider Customer iO, a mailing platform of the provider Peaberry Software Inc, 9450 SW Gemini Dr, Suite 43920 Beaverton, Oregon 97008-7105, which acts as a processor and is contractually bound accordingly by the conclusion of the data processing agreement. An adequacy decision (Data Privacy Framework) exists for data transfers to the USA and the service provider has registered for the Data Privacy Framework. Information on the data protection provisions of the shipping service provider can be found at: https://customer.io/legal/privacy-policy/. The following personal data is transferred to the shipping service provider: First name, surname, email address and customer number.

The personal data will be stored for the purpose of sending e-mails with external links to participate in an evaluation of ready2order on online portals until you are no longer a customer with us.

However, you can object to the data processing at any time by sending an e-mail to [email protected]. You can object at any time by replying to this e-mail. The revocation does not affect the legality of the data processing carried out up to the revocation. We do not use automated decision-making.

Appointments

We use the service provider Calendly LLC, 115 E Main St., Ste A1B, Buford, GA 30518 (‘Calendly’) for the online appointment booking we offer. Calendly provides an external platform for our employees and our clients to manage joint appointments. The appointment booking service can be accessed via the corresponding link in one of our e-mails. You automatically use the Calendly service when you use appointment scheduling. The data collected generally includes the name entered, the IP address at the time of the booked appointment, the date and the time.

In some cases, we use personalised links in the contract initiation process that pre-fill the email address, telephone number and Salesforce account number fields in the appointment booking form to make it easier for you to fill in the form and for us and Calendly to assign your data. This data is used exclusively for the administration of business appointments.

We therefore base the processing of this data on the legal basis of Art. 6 para. 1 lit. b GDPR, as these appointments are necessary for the initiation of a contract. Further information can be found at https://calendly.com/pages/privacy. The service provider acts as a processor and is contractually bound accordingly by the conclusion of the order processing contract. An adequacy decision (Data Privacy Framework) exists for the transfer of data to Calendly (i.e. to the USA) and the service provider has registered for the Data Privacy Framework. This data will be deleted after the appointment has been held. 

Plugins

GoogleMaps

To simplify the provision of information, we offer you the use of Google Maps to display maps, provided that you have consented to data processing (Art. 6 para. 1 lit. a GDPR). Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043. These pages will be marked accordingly. When you access a website on which Google Maps is embedded on our website, a connection to Google's servers is established and your IP and browser data is transmitted to Google. Corresponding data protection agreements have been concluded with Google. Google may transfer this information to third parties, such as U.S. government agencies, if required to do so by law, or if third parties process this information on Google's behalf. The third-country transfer takes place on the basis of Google's registration for the Data Privacy Framework. For more information about data processing, please refer to Google's privacy policy at https://policies.google.com/privacy?gl=DE&hl=de [external page].

YouTube

Our website uses plug-ins from YouTube, which is operated by Google, for marketing purposes. The operator is Google Ireland Limited; Gordon House, Barrow Street, Dublin 4, Ireland, ("Google"). When you visit our website equipped with the YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed of the IP address of the visitors to our website as well as which of our pages you have visited, provided that you have given us your consent to the collection and transmission of your personal data in accordance with Art. 6 (1) (a) GDPR. This happens regardless of whether you have a YouTube user account or not. If you are logged in to your YouTube account, you also enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube may transfer the processed information to third parties, such as U.S. government agencies, if required to do so by law, or if third parties process this data on behalf of YouTube. The third-country transfer takes place on the basis of Google's registration with the Data Privacy Framework. Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy [external page].

Cookies and analysis of the use of our website

Cookies are small text files that are stored on an end device with the help of the browser. They do not cause any harm. We use such cookies on our website and for our services to enable the use of certain functions (e.g. online shop), to make our offers more user-friendly and attractive based on the analysis of the website behaviour of our visitors, and to send targeted advertising. For this purpose, we may also use other techniques, such as tracking pixels. The legal basis for the setting of cookies is your consent in accordance with Section 165 (3) TKG 2021.

Most of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser the next time you visit (persistent cookies). Unless specifically specified below, you can find out the exact storage period of a cookie in the respective cookie by displaying the cookie in your browser.

You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies in certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Web analysis with Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited; Gordon House, Barrow Street, Dublin 4, Ireland, ("Google"), provided that you have given your consent to this in accordance with Art. 6 (1) (a) GDPR. Google Analytics uses so-called "cookies", which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies about your use of this website (including your shortened IP address) will be transmitted to a Google server in the USA and stored there for 14 months. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. In addition, Google may transfer this information to third parties, such as U.S. government agencies, if required to do so by law, or if third parties process this information on Google's behalf. The third-country transfer takes place on the basis of Google's registration for the Data Privacy Framework. If you have agreed to the use of analysis and tracking cookies and you would like to object to this at a later date, you can do so at any time in the cookie banner or the cookie settings via our website. Alternatively, you can install a so-called add-on in your browser. To do this, you can follow the following link, which will take you to Google's website: https://tools.google.com/dlpage/gaoptout?hl=de.

VWO

We use the web analysis service Visual Website Optimizer ("VWO") for our website, operated by Wingfy (14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India). With the help of VWO, pseudonymized visitor data is collected, evaluated and stored for optimization and marketing purposes on the basis of our legitimate interest in the statistical analysis of user behavior. We use VWO to create user tests for the optimization and further development of our website. VWO analyzes static data about the use of our website. In addition, the tool is used as an A/B testing tool. Data such as the number of visitors, click behavior and the average active dwell time of website users are assigned to the corresponding test variants.

VWO uses cookies, which are only set if you have given your consent. These are used to recognize the visitor's browser and thus enable a more precise determination of the statistical data. The user's IP address participates in the information collected, but is pseudonymised immediately after collection and before it is stored in order to exclude the personal reference. In order to object to the data collection and storage of your pseudonymised visitor data for the future, you can obtain an opt-out cookie from VWO under the following link, which means that no visitor data from your browser will be collected and stored by VWO in the future: https://vwo.com/opt-out/. The opt-out cookie is set by VWO.  You can also revoke your consent at any time via the cookie settings. More information on the subject of data protection can be found at: https://vwo.com/privacy-policy/.

Hotjar

We use Hotjar, a web analytics service provided by Hotjar Ltd. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) to optimize our services and the user experience on our website. Hotjar allows us to better understand the behaviour of visitors to our website (i.e. how much time users spend on which of our pages, which links they click, etc.) so that we can tailor our offers to this feedback. Hotjar uses cookies and other technologies where you have given your consent to do so to collect information about user behavior and user devices (in particular, the IP address of a device, which is collected and stored in anonymized form, screen size, device type (Unique Device Identifiers), browser information, geographic information on a country basis, preferred language to display our website). Hotjar stores this data in a pseudonymized user profile. Neither Hotjar nor we will use this information to identify individual users, nor will the data be merged with other data about individual users. For more details, please refer to Hotjar's privacy policy at this link: https://www.hotjar.com/privacy.

You can object to the creation of user profiles, the storage of data about your use of our site by Hotjar and the use of tracking cookies by Hotjar at any time for the future via the cookie banner or under the following link https://www.hotjar.com/opt-out.

Bing Conversion Tracking

We use conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). In this case, Microsoft Bing Ads places a cookie on the computer if you have given your consent and if a website visitor has reached our website via a Microsoft Bing ad. Microsoft Bing and we can use it to detect that someone has clicked on an ad, been redirected to our website and has reached a predetermined landing page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is shared. The required setting of a cookie can also be rejected – for example via the browser setting, which generally deactivates the automatic setting of cookies, or via the cookie banner. The third-country transfer takes place on the basis of Microsoft's registration with the Data Privacy Framework. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement/.

Conversion Tracking Google Ads

If you consent to the use of tracking cookies, this website uses Google Ads from Google Ireland Limited; Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. We use Google Ads Conversion to draw attention to our attractive offers on external websites with the help of advertising materials (so-called Google Ads). We can determine how successful each advertising measure is in relation to the data from the advertising campaigns. We are pursuing the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs. These advertising materials are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and information about a possible revocation (marking that the user no longer wants to be addressed) are usually stored as analysis values.

These cookies allow Google to recognise your internet browser. If a user visits certain pages of an ads client's website and the cookie stored on their computer has not yet expired, Google and the client can recognise that the user clicked on the ad and was redirected to that page (visit action analysis). Each Ads customer is assigned a different cookie. Cookies cannot be tracked through the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. By integrating Ads Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will learn and store your IP address.

Google may transfer this information to third parties, such as U.S. government agencies, if required to do so by law, or if third parties process this information on Google's behalf. The third-country transfer takes place on the basis of Google's registration for the Data Privacy Framework. Further information on the handling of user data can be found in Google's privacy policy at: https://www.google.de/intl/de/policies/privacy [external page].

If you do not want to participate in tracking, you can reject the setting of a cookie required for this purpose – for example, by using your browser setting, which generally deactivates the automatic setting of cookies, or setting your browser to block cookies from the domain "googleleadservices.com".

Google Remarketing

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick. The provider is Google LLC (1600 Amphitheatre Pkwy, Mountain View, 94043 CA, USA). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google Ads and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. This way, the same personalized advertising messages can be shown on every device where you sign in with your Google Account.

To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.

You can permanently opt-out of cross-device remarketing/targeting by opting out of personalized advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/. Google also offers you a browser plug-in that allows you to permanently disable the DoubleClick cookie. You can download the browser plug-in here: https://www.google.com/settings/ads/plugin?hl=de Further information and the privacy policy can be found in Google's privacy policy at: http://www.google.com/policies/technologies/ads/ 

Meta Pixel

This website uses the Meta Pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland) provided that you have consented to the associated processing of your personal data in accordance with Art. 6 (1) (a) GDPR. The Meta Pixel is a JavaScript code snippet that allows us to analyze the activities of visitors to our website. The analysis tool works by loading a small collection of functions that are triggered as soon as a site visitor performs an action (a so-called event). Such actions would be, for example, adding an item to the shopping cart or completing a purchase. We use the Meta Pixel to measure the effectiveness of our ads, set custom audiences for ad targeting, run dynamic targeted ad campaigns, and analyze the effectiveness of conversions. This means that we can use the Meta Pixel to show you as a user of our website advertising ("Meta Ads") that are of interest to you during your visit to the social network Facebook, Instagram or other websites that also use the tool.

Through the Meta Pixel, we process information about the activities of website visitors outside the Meta ecosystem. This includes, but is not limited to, information about the website visitor's device, web pages visited, purchases made, advertisements that the website user sees, and information about how the visitor uses our website. This happens regardless of whether the visitor to our website has an account with one of Meta's services or is logged in to it. Meta may transfer the processed information to third parties, such as U.S. government agencies, if required to do so by law, or to the extent that third parties process such information on Meta's behalf.

If you have consented to the processing of your personal data through the use of the Meta Pixel and you wish to withdraw your consent at a later date, you can do so by changing the settings of the cookie banner or your browser settings.

Alternatively, you can deactivate the Facebook marketing function as a logged in Facebook user under https://www.facebook.com/settings/?tab=ads# [external link]. For information on how to opt out of interest-based online advertising from Facebook and other companies participating in the European Interactive Digital Advertising Alliance in general, e.g. if you do not have a Facebook account, please visit: http://www.youronlinechoices.eu/ [external link].

Further information on data processing by Facebook can be found under https://www.facebook.com/about/privacy [external link].

FinanceAds

This website uses the tracking technology of financeAds GmbH & Co. KG, Karlstraße 9, 90403 Nuremberg, Germany ("FinanceAds"). If you have consented to the associated processing of your personal data in accordance with Art. 6 para. 1 lit a) GDPR, a cookie will be set. This cookie is automatically deleted after 30 days. It enables an automatic assignment of you as a website user to your acceptance of an offer and to a partner who transmits leads to us (see "Transmission and processing of lead IDs"; as defined herein "Affiliate Partner"), who has suggested you to us as a potential customer. We do not intend to process your personal data for any other purpose.

If you have consented to the processing of your personal data by using the FinanceAds cookie and you wish to revoke your consent at a later date, you can do so with effect for the future by changing the settings of the cookie banner or your browser settings.

The legal basis for data processing is Article 6(1)(a) GDPR. You are not obliged to consent to the setting of the cookie and there are no negative consequences for you if you do not consent to the setting of the cookie and the associated data processing. There is no automated decision-making (including profiling).

Your personal data will not be transmitted by us to anyone during this process.

 

Lead ID Submission and Processing

Expert Market

Expert Market (MVF UK) (idF "ExpertMarket") transmits lead IDs to us. These lead IDs are personal data on both the Expert Market side and us, because a natural person can be identified on both sides.

Expert Market transmits lead IDs to us, these are imported into the Salesforce instance of ready2order GmbH, we in turn enrich these lead IDs with data, namely time-stamps are inserted to the columns "Opportunity At", "Lost At" to the lead IDs and a "Status" (Status = e.g. Lost Lead/Opportunity, Lead, Opportunity) is added (idF "Additional Data EM"). ExpertMarket usually asks us to transmit these lead IDs with the additional data EM back to ExpertMarket. The legal basis for the data transfer is legitimate interest in accordance with Article 6 (1) (f) GDPR. ready2order GmbH has a legitimate interest in data processing, as ExpertMarket uses these lead IDs with the Additional Data EM to optimize lead generation and the sales process. Furthermore, the data from ready2order is used to initiate contracts. The legal basis for this is Article 6 (1) (b) GDPR and, in the alternative, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).

ExpertMarket is based in London and is also where ExpertMarket's servers are located. It is therefore a third-country transfer, but there is an adequacy decision for the destination country (UK). For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the lead IDs.

 

Payved

cpmo agentur für Informationsdesign OHG (idF "payved") transmits lead data (leads) to us, which contains personal data. The lead data transmitted by payved is then imported by us into the Salesforce instance of ready2order, classified as follows and then transmitted back to payved. The following categories are available: "No action", "Contacted, but not reached", "Fake MQL (Test/Spam)", "Lead Lost", "Ongoing", "Successfully contacted", "Offer sent", "Verbal Agreement", "Sales Meeting booking", "Contract closed – won". In addition, a reason for the successful conclusion or failure to conclude a deal is given. The legal basis is legitimate interest in accordance with Article 6 (1) (f) GDPR. ready2order GmbH has a legitimate interest in data transfer, as payved uses this information to optimize lead generation and the sales process. Furthermore, the data from ready2order is used to initiate contracts. The legal basis for this is Article 6 (1) (b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).payved is based in Monheim am Rhein and uses servers of Hetzner Online GmbH in Germany and Finland.Your data will be processed until you object to the transmission and processing of the lead data.

For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

 

Possibly.com

Yellow Cake Media Pty Ltd (idF "Possibly.com") transmits personal data (name, email address, telephone number) to us, which is then imported into the Salesforce instance of ready2order for the initiation of contracts. The legal basis is Article 6 (1) (b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).
Possibly.com is based in Bondi Junction, New South Wales, Australia and uses servers in the United States of America. However, we do not transmit your data back to Possibly.com, so that no third-country transfer takes place in this regard.

For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the data.

 

Meta

Meta Platforms Ireland Ltd. (idF "Meta") transmits lead IDs to us, which are imported into the Salesforce instance of ready2order. These lead IDs are personal data on both Meta's side and ours, because a natural person can be identified on both sides. Meta transmits lead IDs to us, we in turn enrich these lead IDs with data, namely when one of the leads ("qualified_lead") becomes an active customer ("customer") (idF "Additional Data Meta"). Furthermore, the data from ready2order is used to initiate contracts. The legal basis for this is Article 6 (1) (b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).

For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the lead IDs.

 

Kassensystemevergleich.com

ready2order uses the services of Vergeluk BV (idF "Kassensystemevergleich.com") for lead generation. For this purpose, Kassensystemevergleich.com transmits personal data (name, email address, telephone number) to the Salesforce instance of ready2order for the purpose of initiating a contract. The legal basis is Article 6 (1) (b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).

Kassensystemevergleich.com is based in Amsterdam, the Netherlands and uses servers in the European Union. For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the data.

 

TradingTwins

ready2order uses the services of tradingtwins GmbH (idF "tradingtwins") for lead generation. For this purpose, tradingtwins transmits personal data (name, email address, telephone number) to the Salesforce instance of ready2order for the purpose of initiating a contract. The legal basis is Article 6 (1) (b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).

tradingtwins is based in Cologne, Germany and uses servers in the European Union and the United States of America. For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. also to the USA), there is also an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the data. 

kassen-vergleich.com

ready2order uses the services of Ormigo GmbH (idF " kassen-vergleich.com") for lead generation. For this purpose, kassen-vergleich.com transmits personal data (name, email address, telephone number) to us, which is imported into the Salesforce instance of ready2order for the purpose of initiating contracts. The legal basis is Article 6 (1) (b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6 (1) (f) GDPR (direct marketing).

kassen-vergleich.com is based in Cologne, Germany and uses servers in the United States of America. It is therefore partly a third-country transfer, but there is an adequacy decision for the destination country. For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the data.

Hipto

ready2order uses the services of WEEDEV SAS (hereinafter ‘Hipto’) for lead generation. For this purpose, Hipto transmits personal data (name, email address, telephone number) to the Salesforce instance of ready2order for contract initiation. The legal basis is Article 6(1)(b) GDPR (contract initiation) and, alternatively, legitimate interest pursuant to Article 6(1)(f) GDPR (direct marketing).

Hipto is based in Boulogne-Billancourt, France and uses servers in the European Economic Area (EEA). An adequacy decision (Data Privacy Framework) also exists for the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. also to the USA) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transfer and processing of the data.

Bark.com 

ready2order uses the services of Bark.com Global Limited (hereinafter ‘Bark’) for lead generation. For this purpose, Bark transmits personal data (name, email address and telephone number) to the Salesforce instance of ready2order for contract initiation. The legal basis is Art. 6 para. 1 lit b GDPR (contract initiation) and alternatively also legitimate interest in accordance with Art. 6 para. 1 lit f GDPR (direct mail).

Bark is based in London, United Kingdom, and uses servers in the European Economic Area (EEA). There is an adequacy decision for the United Kingdom. There is also an adequacy decision for data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA) (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the data.

Telephone calls and sending emails/SMS to initiate a contract

ready2order will partly use the leads it receives itself for telephone calls and the transmission of SMS/e-mails for contract initiation and for advertising purposes and partly also external service providers (contract processors) for individual processes within the contract initiation (in particular appointments for contract initiation in relation to those offered by ready2order products and services). In this case, the contact details (name, e-mail address and telephone number) will be transmitted to this external service provider (processor) and processed by the external service provider (processor) to initiate the contract, in particular documenting which products/services the potential customer is interested in the lead is interested and an appointment is made to initiate the contract. This processed data is in turn imported into the ready2order Salesforce instance. For the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA), there is an adequacy decision (Data Privacy Framework) and the service provider has registered for the Data Privacy Framework.

Your data will be processed until you object to the transmission and processing of the lead IDs. The legal basis for the transfer of personal data to this external service provider (processor) is Art 6 Paragraph 1 lit f GDPR (legitimate interest). The legitimate interest is direct advertising and optimization of processes to make them more efficient.

The legal basis for data processing to initiate a contract (in particular calling the respective interested party and documenting the interest/needs) is Art 6 Paragraph 1 lit b GDPR (contract initiation) and alternatively Art 6 Para 1 lit f GDPR (legitimate interest). The legitimate interest is direct advertising and optimization of processes in order to make them more efficient. The external service providers (processors) for telephone calls/transmission of SMS/e-mails to initiate contracts are:

1) CALL NOW Telecommunications Service Gesellschaft mbH

  1210 Vienna, Brünner Straße 52, FN 186002h. The servers of this external service provider (processor) are all within the EU/EEA, so that transferring personal data to this external service provider (processor) does not result in the data being transferred outside the EU /EEA is coming. This external service provider acts as a data processor and is contractually bound by concluding a data processing agreement.

2) Customer.io, a shipping platform from Peaberry Software Inc., 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105.

This acts as a processor and is contractually bound by the conclusion of the order processing contract. There is an adequacy decision (Data Privacy Framework) for data transfer to the USA and the service provider has registered for the Data Privacy Framework. Information about the shipping service provider's data protection regulations can be found at: https://customer.io/legal/privacy-policy/. The following personal data is passed on to the shipping service provider: first name, last name, email address and customer number.

3) If sending via SMS, the shipping service provider is Twilio Ireland Limited, 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland and Twilio Inc., 101 Spear Street, 5th Floor, San Francisco, CA 94105. They act as Processors and are accordingly contractually bound by concluding the order processing contract. This sometimes involves data transfer to the USA. There is an adequacy decision (Data Privacy Framework) for this third country transfer and binding internal data protection regulations approved by the European Commission (Binding Corporate Rules: see: https://www.twilio.com/en-us/legal/binding-corporate-rules) . The following personal data about you will be passed on to this shipping service provider: first name, last name, customer number, telephone number, country and language preference. Information about the shipping service provider's data protection regulations can be found at: https://www.twilio.com/en-us/privacy. 

Data protection in the processing of personal data of our business partners (customers/suppliers; B2B)

As a contractual partner of your company, we process the personal data with regard to you on the basis of our legitimate interest in preparing an offer and fulfilling the contracts on the basis of Art. 6 (1) (f) GDPR. Processing for the purpose of accounting and cost accounting as well as for the fulfilment of legal obligations (e.g. commercial and tax law) is based on Art. 6 para. 1 sentence 1 lit c GDPR. The business relationship is between us and your company. If you act as a natural person (e.g. as a sole trader or self-employed person), your data will be processed for the purpose of carrying out pre-contractual measures and fulfilling contracts on the legal basis of Art. 6 (1) (b) GDPR. On the basis of Art. 6 para. 1 lit b GDPR, your data will also be used to send transactional e-mails (e.g. emails for order processing or when a credit card has been declined or expired).

 In the course of external requirements (e.g. in the context of customs/tax law), personal data about you may be compared with lists published by authorities.

As long as you are a customer of ours, we will send you an e-mail about 2 times a year asking you to update your customer data in order to remind you of your contractual obligation to update your company data.

The legal basis for data processing is Article 6 (1) (b) GDPR, as we have an interest in ensuring that your customer data is up-to-date, in particular so that we can reach you.

The data will no longer be processed for mailings to update customer data if you are no longer a customer of ours. After the expiry of the retention obligations under tax and company law, the winners' data will be deleted. This retention obligation is usually equivalent to 7 years.

Furthermore, data may also be processed for legitimate purposes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, such as marketing (e.g. sending new products for the POS system), internal market research and marketing purposes, internal statistics (further information on this can be found under the item "Sending direct advertising via e-mail"). The legitimate interests lie in particular in the optimisation of processes and cost-effective allocation; in doing so, your interests, fundamental rights and freedoms will be duly taken into account.

If you have given us your consent to this or if we have provided you with appropriate information in the context of data collection in accordance with § 7 UWG (DE) / § 107 TKG (AT), we will use your data to send you information about products, services, events and other interesting facts about our company. You can object to this sending at any time with effect for the future.

The data you provide is necessary for the performance of the contractual relationship. Without this data, we cannot fulfil the contract concluded with your company.

Passing

Some of your personal data will be passed on to external service providers (e.g. tax consultants, legal advisors). In some cases, external IT service providers may access your data (within the framework of order processing in accordance with Article 28 GDPR). In this case, the service providers act in accordance with instructions, which was ensured by appropriate contracts. Some of these service providers are located outside the EU/EEA; those service providers ensure an appropriate level of data protection by concluding EU standard contractual clauses / binding corporate rules. The regulations are available here / you have the opportunity to obtain a copy of these regulations at any time here.

Retention and deletion of data

Your data will be kept for as long as is necessary for the respective purposes mentioned above. The data will be deleted at the latest after the termination of the contractual relationship and after the expiry of the statutory retention periods under civil, commercial and tax law.

Data processing of personal data of sales partners

We process personal data of our sales partners (in particular name, address and e-mail address) in order to inform them about changes to our sales partner contracts (including the contractual provisions for the ready2order sales partner program) and about discounts and promotions, for example, where the commission is changed. Furthermore, to send the partner all documents, messages, agreements and disclosures in connection with the sales partner contract (in particular invoices, credit notes, payment reminders, notices of termination, information on discounts and promotions) to the e-mail address last provided by the partner.

The legal basis for this is Art. 6 para. 1 lit. b GDPR (fulfillment of a contractual obligation) and alternatively Art. 6 para. 1 lit. f (legitimate interest) GDPR. Our legitimate interest in this case is direct advertising.

The data of the sales partners will be processed as long as ready2order has an upright contractual relationship with the sales partners (sales partner contract). If the data processing is based on legitimate interest, then until the contract with the sales partner is terminated or the sales partner objects to such a mailing (whichever is earlier).

The sales partners' data is also imported into our Salesforce instance. An adequacy decision (Data Privacy Framework) exists for the data transfer to the Salesforce instance (data transfer to Salesforce Inc., i.e. to the USA) and the service provider has registered for the Data Privacy Framework.

The information is generally sent by the shipping service provider Customer iO, a shipping platform of the provider Peaberry Software Inc, 9450 SW Gemini Dr., Suite 43920 Beaverton, Oregon 97008-7105, which acts as a processor and is contractually bound accordingly by the conclusion of the data processing agreement. An adequacy decision (Data Privacy Framework) exists for the transfer of data to the USA and the service provider has registered for the Data Privacy Framework. Information on the data protection provisions of the shipping service provider can be found at: https://customer.io/legal/privacy-policy/.  The following personal data is transferred to the shipping service provider: Name and email address.

To ensure that you do not receive any further mailings from us in the future, we store your data internally in a blacklist. This is the only way to ensure that you do not receive any further mailings from us in the future. The legal basis for this is Article 21(3) in conjunction with Article 17(3)(b) and Article 6(1)(f) of the General Data Protection Regulation. If you wish your data to be deleted completely, you can inform us of this informally (e.g. by sending an email to [email protected]).

Your rights

See below

Contact the Data Protection Officer

See below

 

Data protection in the context of application procedures

We process your personal data with regard to you in connection with the implementation of your application process and to examine your potential work-related employment. In doing so, we process the information provided by you for the purpose of a well-founded personnel decision on the basis of Art. 6 (1) sentence 1 I lit. b GDPR (esp. first name, last name, e-mail address, telephone, curriculum vitae, language skills). In addition, ratings are stored on the basis of objective, non-discriminatory criteria.

The data you provide is required to carry out the application process. Without this data, we will not be able to consider your application.

If you use the opportunity to apply with your LinkedIn profile, you instruct LinkedIn to transmit your data to us. Your transmitted data will be processed by us as described above. LinkedIn is responsible for the transmission. You can find information about this in LinkedIn's privacy policy at: https://de.linkedin.com/legal/privacy-policy

 

Service provider

To collect the application data, we use a service provider (Greenhouse Software Inc.) who supports us in the process as part of order processing. In some cases, the external IT service provider can access your data. In all cases, the service providers are bound by instructions, which has been ensured by appropriate contracts. The service provider has concluded standard contractual clauses with us to secure any data transfers to third countries. In the case of data transfers to the USA on servers of Greenhouse Software Inc., there is also an adequacy decision (Data Privacy Framework) to which the service provider has submitted.

Retention and deletion of data

Your data will be kept for as long as necessary for the above-mentioned purposes of the personnel selection process. If you object to data processing during the personnel selection process, the data will be deleted – unless otherwise required by statutory retention obligations. Without your explicit consent, we will delete your personal data after 7 months from the end of the application process. Your data is stored on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as we need this data in order to be able to comply with the burden of proof under the Equal Treatment Act.

If you have given your consent to save your application for further job offers, your data will be stored for up to two years. Unsolicited applications will be stored until your revocation or up to two years at most and then deleted.

 

Your rights

See below

 

Rights of data subjects

We hereby inform you that, in accordance with Article 15 et seq. of the GDPR, you have the right to information about the personal data in question, as well as to rectification or deletion or restriction of processing or a right to object to processing and the right to data portability, subject to the conditions defined therein. In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you infringes this Regulation. If the processing is based on Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR (consent), you also have the right to withdraw consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

Right to information, Art. 15 GDPR

You have the right to request information as to whether and to what extent your personal data is being processed (in particular the purpose of processing, recipients of the data, storage period, etc.).

Right to rectification, Art. 16 GDPR

You have the right to request the correction of your stored data if it is incorrect or incomplete. This includes the right to be completed by supplementary declarations or communications.

Right to erasure, Art. 17 GDPR

You have the right to request the erasure of your personal data. This is possible, for example, if the data is no longer required for the purposes for which it was collected or if the data must be deleted due to legal obligations. However, this right may be excluded in individual cases.

Right to restriction of processing, Art. 18 GDPR

They have the right to have the processing of their personal data restricted. This is possible, for example, if your data is incorrectly recorded or the data processing is unlawful. In the event of restriction of processing, the data may only be processed in narrowly defined cases.

Right to data portability, Art. 20 GDPR

You have the right to demand the release of the data concerning you in a commonly used electronic, machine-readable data format to you or to a controller to be designated by you, if you have provided this data yourself.

Right to object, Art. 21 GDPR

For reasons arising from your particular situation, you have the right to object to the processing of personal data concerning you at any time with effect for the future, provided that the data processing is carried out to safeguard legitimate interests (cf. Art. 6 para. 1 lit. e), f) GDPR). In the event of your objection, we will check whether the legal requirements for the processing of your data are met and, if this is not the case, refrain from any further processing of your data.

Right to lodge a complaint with the data protection supervisory authority, Art. 77 GDPR

You have the right to contact the competent supervisory authority of the Union or the Member States at any time in the event of any violations of data protection regulations.

Contact details of the competent supervisory authority:

Austrian Data Protection Authority: Barichgasse 40-42, 1030 Vienna, Tel +43 1 52 152-0, E-Mail: [email protected].

Changes to our privacy policy

The continuous improvement of our processes from a data protection point of view is a particular concern for us. We therefore reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to reflect changes to our services in the privacy policy, e.g. when new services are introduced. The new privacy policy will then apply to your return visit.