Brainloop AG (hereinafter: "Brainloop") and its affiliated companies take the issue of data protection very seriously and want to ensure that your privacy is protected as a Brainloop customer and user of the Brainloop website.
We have thus prepared this statement on data protection in which we explain how your data is handled. We reserve the right to change the content of this statement from time to time; we therefore recommend that you review it at regular intervals.
In individual areas of the Brainloop website (e.g. the Help section) less data processing takes place than the extent described here.
We process your personal data only with your consent or if permitted by law. We process only the data required to provide our services and to use our website, or data that you voluntarily provide to us.
2.1 Personal data
Personal data includes all information relating to an identified or identifiable natural person (hereinafter “person concerned”). A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular through assignment to an identifier such as a name, ID number, location data, an online ID, or one or more particular characteristics that express the natural person’s physical, physiological, genetic, psychological, economic, cultural, or social identity.
2.2 Data subject (person concerned)
Data subject is any identified or identifiable natural person whose personal data is processed by the party responsible for data processing (Brainloop).
Processing means any executed operation in connection with personal data such as collecting, recording, organizing, arranging, storing, editing or changing, selecting, querying, utilizing, disclosing through transmission, dissemination or other means of delivery, comparing, linking, restricting, deleting, or destroying.
A processor is a natural person or legal entity, authority, institution, or other office that processes personal data on behalf of the responsible party.
Consent is any statement of intent voluntarily given by the person concerned in an informed and unambiguous manner for the particular case, in the form of a declaration or other clear affirmative action with which the person concerned indicates that he or she is agreement with the processing of the personal data pertaining to him or her.
3.1 We process the data that you have provided to us when completing a survey, registering for our services, or concluding a contract, for example, to the extent respectively necessary for the following purposes:
Registration: for your test access to our services (e.g. your name and email address);
Contacting you: to answer your questions (e.g. your name and email address);
Providing Services: to manage (provide, charge, and ensure quality) and process our contractual relationship when you utilize our services (e.g. your name and email address);
Supplier relationship: we process the data necessary for executing the contract (auditing, quality assurance);
Marketing purposes: if you have agreed to data use for this purpose or have not objected, we will send you information about our products and services (further information on marketing and your opportunities to object can be found in sections 6 and 8);
3.2 Brainloop saves and uses Data entered by the user on the website (e.g. first name, last name, email address) on the systems of the company Salesforce.com Sàrl, Route de la Longeraie 9, 1110 Morges, Switzerland (hereinafter “Salesforce”) for the purpose of customer relationship management. Salesforce is Brainloop’s data processor and acts exclusively in accordance with Brainloop’s instructions. Brainloop has concluded appropriate contractual agreements with Salesforce in order to comply with the applicable legal requirements.
3.3 The period of data storage is based on the legal retention requirements.
In particular, Brainloop uses the following cookies on the website:
4.2 This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). The operating company of the Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351. Google Analytics utilizes “cookies” to enable analysis of the use of our website. Information created by the cookie about your visit to this website is generally transmitted to a Google server in the USA and stored there. Your IP address, however, is first abbreviated by Google within member states of the European Union or other countries party to the Agreement on the European Economic Area. Google Analytics adds the code “anonymizeIp” for this purpose in order to ensure that IP addresses are recorded anonymously (so-called IP masking). In exceptional cases, the complete IP address is transmitted to a Google server in the USA and only then abbreviated. Google will use this information on behalf of Brainloop AG to evaluate your visit to this website, prepare reports about visitor activity there, and provide further services to Brainloop in connection with the use of this website and the internet. The IP address conveyed from your browser to Google in the context of Google Analytics is not combined with other data of Google. Brainloop`s legitimate interest in data processing lies in these purposes. The legal basis for the use of Google Analytics is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR. The data sent by Brainloop and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. You can prevent cookies from being saved by selecting the appropriate settings in your browser software. You can also prevent the transmission of the data about your website visit generated by the cookie (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=en. You can also prevent Google Analytics from recording data by clicking this link:
In this case an opt-out cookie will be set that will prevent the collection of your data when visiting this website in the future. Further information is available at http://www.google.com/analytics/terms/us.html and at https://policies.google.com/?hl=en. We also use Google Analytics to evaluate data from the double-click cookie for statistical purposes. If you do not wish this, you can deactivate it using Google ads personalization (https://support.google.com/ads/answer/2662922?hl=en).
Further information is available at http://www.google.com/analytics/terms/gb.html and at https://www.google.com/intl/en/policies/.
4.3 Our website utilizes the remarketing function of Google Inc. (“Google”). The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351. This function allows us to address visitors to our website with specific advertising by displaying ads that are personalized and based on their interests when they visit other websites in the Google Display Network.
4.4 We use the marketing automation software HubSpot on our website.
(1) HubSpot uses a cookie that it places on the user’s computer to collect data.
It collects the following data: information about the computer you are using, your visit to our website, especially your IP address, your location, your browser, the referral source and the duration of your visit to our website. This information is stored on one of HubSpot’s servers. The legal basis for the processing of aforementioned data is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR.
(2) When you register for one of our offers using a web-based form, you give Brainloop consent to use the data collected via the web-based form after you fill it out and confirm the data protection notice. Your contact information – including your name, email address, company name, address and phone number are collected and saved. We only use this data for statistical analyses in order to ensure the trouble-free operation of our offering and to optimize it on an ongoing basis. We also use the data to optimize our marketing activities. We hereby confirm that your data is stored in HubSpot databases and under certain conditions also in Salesforce CRM database. The data stored in Salesforce will only be passed on to affiliated companies of the Diligent group of companies, in particular Diligent Corp., who process the data as contract processors for Brainloop while observing appropriate guarantees in accordance with Art. 44 ff. GDPR -(for details see section 10 below). The personal information we process includes information about you that is freely available on the internet and that HubSpot also stores. We reserve the right to use the information to contact visitors to our website by mail or phone, assuming they have provided their contact details for this purpose, to enable us to find out which of our company’s services they are interested in.
HubSpot is a software company based in the USA with a subsidiary in Ireland. Contact: HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. Phone: +353 1 518 7500. HubSpot complies with the TRUSTe Privacy Seal standard. Brainloop and HubSpot have signed an agreement that comprises the standard EU contractual clauses in order to regulate data transmission. Further information about HubSpot and its privacy protection is available at http://legal.hubspot.com/privacy-policy. If you do not want the information about your visit to be used, please do not hesitate to contact us (see section 10 for contact details).
4.5 Deactivating tracking:
If you do not want data regarding your usage to be collected by HubSpot and Google Analytics, you can disable the tracking function of both tools by clicking on the link below.
This places an opt-out cookie in your browser that will prevent your data from being collected in the future when you visit this website.
4.6 If you do not wish cookies to be used, you may use your browser settings to view and delete stored cookies and manage the handling of cookies in general. Further information is available in your browser’s help menu or from the manufacturer. It is possible, however, that important parts of the Brainloop website and its services will no longer function properly if cookies are not permitted
Brainloop offers social plugins from various social networks (e.g. Xing, LinkedIn, Twitter, etc.) on its website.
Access to XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) can be found on our website via the “X” or “XING” icon. When you click to activate the “XING” icon a connection with the XING server is established and the XING Share Button functions (especially the calculation/display of the counter value) are loaded on the respective Internet page. XING does not save any personal data from you when you access this Internet page; XING also does not save any IP addresses in particular. There is no evaluation of your usage behavior through cookies in connection with the XING Share Button. The respective current data protection information regarding the XING Share Button as well as supplementary information may be found at https://www.xing.com/app/share?op=data_protection.
In order to protect your privacy regarding the other social plugins (e.g. YouTube), we use a technical solution to integrate them which prevents data (e.g. IP addresses) from already being sent to the respective social networks just through opening our website.
6.1 If you consent into our Data Privacy notice and by completing our web-based-forms we are allowed to use your data (e.g. first and last name, email address) for sending information on Brainloop products and services if you have expressly requested this (e.g. using the contact form) or subscribed to the Brainloop information services. A confirmation email is sent to the email address first entered for information mailing in a double opt-in process for legal reasons. We also send a confirmation email to prospects who contact us via web-based-form. This confirmation email serves to check whether the owner of the email address has authorized receipt of the information email.
In order for Brainloop to receive information about the interactions on the email recipient’s side, a function called “tracking pixel” is used in the HubSpot products. This function uses image resources to recognize when a recipient opens an email sent via one of the HubSpot products. When an email is sent via the HubSpot marketing or sales product, an image tag for a miniscule image is inserted in the body of the email. If the recipient opens the message with an appropriately configured email client, the client sends a request for the image to the HubSpot platform. This request is converted into the email opening rate, which is available to Brainloop for evaluation. These pixel requests contain no information that may be traced back to persons and are masked by a long, randomly generated character sequence.
You may revoke your statement of consent given to us and your consent to the storage of personal data at any time with effect for the future in accordance with section 8 of this Data Privacy notice. If you have subscribed to the Brainloop information services, you may also revoke your consent by clicking the link contained in the respective email.
In addition, you can use the “deactivate tracking” function according to section 4.5.
6.2 We may additionally use your date as permitted by law for sending you information on our products and services through the post, for example. You may object to this use of your data at any time with effect for the future; information on your right to object can be found in section 8.
We process personal data regarding you for the purposes of your application for employment, in so far as it is required for the decision on employment. The legal basis is § 26 Par. 1 along with Par. 8 S. 2 of the German Federal Data Protection Act (FDPA). This applies to data in connection with your application, such as data on your identity (first and last name, address, contact information), information on your professional qualifications and education, information on professional training, or other information that you provide to us in connection with your application. In addition, we may process professional information that you have made publicly available, such as on profiles in social media networks.
Further, we may process your personal data to the extent necessary to defend against legal claims arising from the application process. The legal basis is Art. 6 Par. 1 lit. f GDPR.
Should an employment relationship be established between us, we may process your personal data already received for the purposes of the employment relationship as well, if required for carrying out or terminating the employment relationship (legal basis: § 26 Par. 1 FDPA).
Applicant data are stored as long as necessary for the decision regarding your application. If no employment relationship is established between us, your application data are deleted four months after the negative decision is announced, if a longer period of storage is not required to avoid litigation.
8. Rights of the person concerned
8.1. Right to confirmation
You have the right to request a confirmation from Brainloop regarding whether your personal data are being processed. You may contact our data protection officer or the address provided in section 10 at any time for this purpose.
8.2 Right to information
You have the right to receive information from Brainloop free of charge at any time regarding the personal data stored about you, and a copy of such information. You also have a right to information about the following:
In addition, you have the right to know whether your personal data were transmitted to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate guarantees in connection with the transmission.
If you would like to exercise this right to information, you may contact our data protection officer or the address provided in section 10 at any time.
8.3 Right to correction
You have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, under consideration of the purposes of the data processing, to request that incomplete personal data be made complete – including by means of a supplementary statement.
If you would like to exercise this right to correction, you may contact our data protection officer or the address provided in section 10 at any time.
8.4. Right to deletion (right to be forgotten)
You have the right to request that Brainloop delete your personal data right away, if one of the following reasons applies and if the processing of your data is not required:
In so far as one of the reasons above applies and you would like to effect the deletion of your personal data saved at Brainloop, you may contact our data protection officer or the address provided in section 10 at any time.
If the personal data were made public by Brainloop and if Brainloop is obliged to delete them as the responsible party according to Art. 17 Par. 1 GDPR, Brainloop will take appropriate measures under consideration of the available technology and the implementation costs to inform other responsible parties processing the published personal data that you have requested that they delete all links to the data and copies of the data, in so far as the data processing is not required.
8.5 Right to limitation of processing
You have the right to request a limitation of the data processing by Brainloop if one of the following prerequisites exists:
If one of these prerequisites is given and you would like to request the limitation of personal data stored by Brainloop you may contact our data protection officer or the address provided in section 10 at any time.
8.6 Right to data portability
You have the right to receive the personal data that you have provided Brainloop outside of the Brainloop Secure Dataroom or MyRoom offered by Brainloop in an organized, accessible, and machine-readable format. You are also entitled to transmit the personal data to another responsible party without interference by Brainloop, in so far as the processing is based on consent according to Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR, or on a contract according to Art. 6 Par. 1 lit. b GDPR, and in so far as the processing is done with automated procedures and is not necessary for performing a task in the public interest or in the exercise of public authority delegated to the responsible party.
When exercising your right to data portability according to Art. 20 Par. 1 GDPR, you have the further right to have the personal data transmitted directly from one responsible party to another responsible party, if this is technically feasible and does not infringe upon the rights and freedoms of other persons.
If you would like to exercise this right to data portability, you may contact our data protection officer or the address provided in section 10 at any time.
8.7 Right to object
You have the right to object at any time, for reasons resulting from your particular situation, to the processing of your personal data taking place based on Art. 6 Par. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.
Brainloop no longer processes personal data in the case of an objection unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights, and freedoms of the person concerned, or unless the data processing serves to assert, exercise, or defend legal claims.
If personal data are used for direct advertising purposes, you have the right at any time to object to the processing of your personal data for such advertising. If you object to Brainloop to the data being processed for direct advertising purposes, Brainloop will no longer process your personal data for these purposes.
If you would like to exercise this right to object, you may contact our data protection officer or the address provided in section 10 at any time.
8.8 Right to revoke data protection consent
You have the right to revoke your consent to the processing of personal data at any time.
If you would like to exercise this right to revoke consent, you may contact our data protection officer or the address provided in section 10 at any time.
8.9 Right to complain to a supervisory authority
Without prejudice to any other judicial remedy, you have the right to complain to a supervisory authority responsible for data protection if you are of the opinion that the processing of your personal data violates the GDPR. The responsible supervisory authorities are those of the Member State of your residence, your workplace, or the place of alleged infringement. The supervisory authority to which the complaint was made will inform the complainant of the status and results of the complaint including the possibility of legal remedy according to Art. 78 GDPR.
Besides the legal basis listed in sec. 4.2, 4.3 and 4.4. above, the following applies: If we obtain consent for the processing of data, the legal basis is Art. 6 Par. 1 lit. a GDPR. If processing personal data is required to fulfil an agreement (e.g. agreement on the use of the Brainloop Services) or to process inquiries regarding Brainloop services before an agreement is concluded, the processing takes place according to Art. 6 Par. 1 lit. b GDPR. If Brainloop is under a legal obligation that requires the processing of personal data, such as meeting tax and social security obligations, the legal basis of such processing is Art. 6 Par. 1 lit. c GDPR.
10.1 Brainloop ensures a high level of security when passing on your data. We therefore only transmit your data to partner companies and service providers who have been carefully selected beforehand and who are contractually obliged in accordance with the relevant data protection regulations (order processing relationships).
In addition, a transfer of data to partner companies and service providers only occurs if this is necessary to perform the services offered, if you have given us your consent, or if the transfer is legally required or permissible. Your data will neither be sold to third parties nor marketed in any other way. The transmission of data to state agencies and authorities only takes place within the framework of mandatory legal provisions.
In order to ensure a uniform level of data protection, data will only be transferred to partner companies and service providers in third countries outside the scope of the GDPR if suitable guarantees in accordance with Art. 44 ff. GDPR have been made with the contract processor. This is done in particular through agreement on "standard contractual clauses (contract processors) pursuant to Article 26(2) of Directive 95/46/EC for the transfer of personal data to contract processors established in third countries where an adequate level of protection is not ensured" ("EU standard contractual clauses (contract processors)") pursuant to Article 46(2)(c) GDPR. A copy of these regulations is available upon request from the office listed in section 11.
An up-to-date list of all partner companies and service providers is available upon request from the office listed in section 11.
10.2 Brainloop will also share your data with companies of the Diligent Group affiliated with Brainloop, in particular Diligent Corp., USA (1385 Broadway, 19th Floor, New York, NY 10018). An up-to-date list of all Diligent Group companies affiliated with Brainloop is available upon request from the office listed in section 11.
10.2.1 This includes, in particular, contact information such as name, e-mail address, company name, address, telephone number and, in general, data collected and processed for accounting and billing purposes, as part of Customer Relationship Management (see 3.2 above) or by or for marketing purposes (see 4.2 (2) and 6.1 above). The data transfer takes place here in particular
10.2.2 The applicant data collected by Brainloop (see section 7 above) will be passed on, for example, for the implementation of personnel planning and development measures concerning several companies of the Diligent Group.
10.2.3 Brainloop remains responsible for the processing of personal data when passing on data to affiliated companies of the Diligent Group, in particular Diligent Corp., USA (1385 Broadway, 19th Floor New York, NY 10018). The affiliated companies of the Diligent Group act exclusively as contract processors for Brainloop hereby.
10.2.4.1 A uniform level of data protection is established by agreement on “standard contractual clauses (contract processors) pursuant to Article 26(2) of Directive 95/46/EC for the transfer of personal data to contract processors established in third countries where an adequate level of protection is not ensured” (“EU standard contractual clauses (contract processors)”) pursuant to Article 46(2)(c) GDPR. A copy of these regulations is available upon request from the office listed in section 11.
10.2.4.2 Diligent Corp., USA (1385 Broadway, 19th Floor New York, NY 10018), also participates in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework and is certified for compliance with these Privacy Shields. Diligent Corp., in trusting the respective Privacy Shield, has committed to subjecting all personal data received from member states of the European Union (EU) or Switzerland to the respective principles of the Privacy Shield. For more information about the Privacy Shield, visit the U.S. Department of Commerce's Privacy Shield List: https://www.privacyshield.gov/list.
responsible according to GDPR:
Brainloop AG, Franziskanerstr. 14, 81699 Munich, Germany
Tel.: 089 444 699 0
Data protection officer of the party responsible for data processing:
Dr. Sebastian Kraska, IITR GmbH, Marienplatz 2, 80331 Munich, Germany
Tel.: +49 89 18917360
Website: www.iitr.de Any person concerned may contact our data protection officer directly at any time regarding all data protection questions and suggestions.
The representative according to Art. 27 GDPR of contract processors not established in the European Union of the affiliated companies of the Diligent Group is Diligent Boardbooks Limited, 1 Strand, Grand Buildings, First Floor, London, WC2N 5HR, United Kingdom.
Tel.: +49 (0)89 444 699 0
©Brainloop AG; 2017