Privacy policy for visitors and interested parties
1. Legally responsible
Responsible for data processing on and via platoyo.io within the meaning of Art. 4 No. 7 GDPR is
Atalanda GmbH
Münchener Str. 1, 83395 Freilassing, Germany
E-mail: partner@platoyo.com
Phone: +49 8654 774 17 21
Fax: +49 8654 403 99 65
Represented by: Roman Heimbold (Managing Director)
In the following "Platoyo".
2. Data Protection Officer
Address see above.
E-Mail: datenschutz@platoyo.com
Tel.: +49 8654 774 17 22
Fax: +49 8654 403 99 65
3. Subject matter of data protection
The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information that relates to an identified or identifiable person. This includes, for example, information such as names, postal addresses, email addresses or telephone numbers, but also usage data such as the IP address or content data from the email correspondence that you exchange with us.
4. Scope and purpose of data collection and storage
In the following, we explain the scope of data collection, storage and use (hereinafter referred to as "data processing", used within the meaning of Art. 4 No. 2 GDPR), the purpose of the respective data processing on platoyo.io (Section 5) and the processing of personal data of interested parties (Section 6).
5. Data processing in the context of the use of the platoyo.io websites
For the simple use of platoyo.io, only the processing of your IP address is absolutely necessary in the short term; we will explain this to you in section 5.1.
Of course, we also use cookies. Without your consent, however, only to the extent that this is technically necessary. We provide more information on this and on the integration of various social plug-ins in section 5.2.
If you subscribe to our newsletter, we require your email address; more information on this can be found in section 5.4.
5.1. IP-Adresses and Logfiles
We store the IP address and the log files for 60 days in order to be able to quickly detect brute force attacks and other manipulations and take countermeasures.
The legal basis for this data processing is regularly Art. 6 para. 1 b) GDPR, as we need your IP address and the other automatically transmitted data mentioned here in order to be able to provide you with the website and the information contained therein.
Further storage for the purpose of technical support of our IT security is based on Art. 6 I f), as we have a legitimate interest in protecting our services from attacks and manipulation. A predominantly legitimate interest of the data subject is not discernible, as only the IP address is stored, which we as the controller cannot de-pseudonymize; i.e. we cannot establish a personal reference using the IP address.
5.2. Cookies & Social PlugIns
Cookies are small text files that are stored on your computer by websites in order to make the site usable at all (so-called necessary cookies) or to be able to set long-term preferences on the part of the user or to personalize content (so-called preference cookies) or to enable the analysis of the use of the website (so-called statistics cookies) or to provide third-party providers with information about users (marketing cookies).According to the Data Protection Conference (DSK, the association of national data protection authorities), cookies may only be set without consent if they are technically necessary for the operation of the site. We adhere to this.
When you visit our website for the first time, a cookie banner is displayed. You can use this cookie banner to decide individually (consent) whether all or only the technically necessary cookies may be set.
Incidentally: You can prevent any installation of cookies by preventing the installation of cookies by making the appropriate setting in your browser software (to be found under "Settings" in most browsers); however, please note that in this case you may not be able to use all functions to their full extent.
Furthermore, cookies that have already been set can also be deleted (also found under "Settings" in the browser).
In addition, we would like to inform you specifically about the integration of session cookies (section 5.2.1), Universal Analytics (formerly: Google Analytics, section 5.2.2) and Hotjar (section 5.2.4). Finally, we would like to inform you about the use of social plug-ins.
5.2.1. User-ID-Cookie
A web application like platoyo.io has no memory per se. Every time a (sub)page is called up, it is treated as a new visit. This is unfortunate if - like you as a provider - you want to log in to the application and work within it. As a result, we set a cookie. This cookie is used to assign a so-called user ID so that we or the technology can (re-)recognize that it is (and remains) you who is currently on the application and has just logged in. This cookie is stored persistently, i.e. for the long term, in order to make working with the application more convenient for you. However, no personal data is processed with this cookie itself.
Of course, you can also select your browser settings so that this cookie is also automatically deleted after each session (i.e. when you close the page) or not allow this cookie to be set at all (these functions can usually be found under "Settings" in the browser).
5.2.2. Use of Universal Analytics (Google Analytics)
Furthermore, the tracking service Universal Analytics (formerly: Google Analytics) is integrated on platoyo.io. We explain below how this service is integrated and how it works.
Universal Analytics is a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter: Google). Universal Analytics is a web analysis tool that is used to analyze the interaction of visitors with the online platform and thus further improve the online platform. Several cookies are set by Google for this purpose. These cookies allow the following data to be processed
- Browser type,
- the operating system used
- the IP address (shortened)
- Time of the server request
- user IDs
The information about the use of this website that can be used by the cookie is generally transmitted to a Google server in the USA and stored there. However, we have activated IP anonymization on our online platform. As a result, the IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use the above information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Universal Analytics will not be merged with other Google data.
Google uses the user ID to create a specific user profile about you. If you have an account with us and log in via several devices, we can use Google Analytics to recognize that it is you who has logged in with the devices (so-called cross-device tracking). This information is passed on to Google using a random ID such as 77463737.1937301.
For this form of tracking, however, we obtain your specific consent in accordance with the opinion of the DSK (see position statement of the Conference of Independent Data Protection Authorities of the Federal and State Governments - Düsseldorf, April 26, 2018). This is because you use the cookie settings - as explained above - to determine whether we may set cookies for statistical purposes or for re-marketing purposes. If you deny this, no cookies will be set. This form of data processing is therefore based on Art. 6 I a) in conjunction with Art. 7 GDPR.
Google is also obliged to us under data protection law via an order processing contract.
In addition, you can prevent Google from collecting the data generated by the cookie and relating to the use of the website (including the IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
If you use the site via a tablet or cell phone and would like to prevent Universal Analytics from recording visits to this website in the future, please click this link. Clicking the link will store an opt-out cookie in your mobile browser. If this cookie is deleted, the link must be clicked again.
5.2.3. Use of Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offer on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users' feedback. Hotjar works with cookies and other technologies to collect information about the behavior of our users and their devices (in particular IP address of the device (only collected and stored in anonymized form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language for displaying our website). Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users. Further information can be found in Hotjar's privacy policy here.
5.2.4 LinkedIn
Our platform uses "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser, which collects the following data Page views and other page events (e.g. clicks), IP address, device and browser characteristics. This data is encrypted and anonymized within 7 days. The anonymized data is deleted by LinkedIn within 90 days. LinkedIn does not share any personal data with us, but provides anonymized reports on ad performance and website audience. LinkedIn also offers the option of retargeting. Further information on data protection at LinkedIn can be found in the LinkedIn privacy policy. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out"), click here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5.3. Youtube
We use the YouTube.com platform to post videos on our platforms and make them publicly accessible. YouTube is a service provided by YouTube LLC, a third party not affiliated with us.
On some of our websites, Platoyo directly integrates videos stored on YouTube. Here, content from the YouTube website is displayed in parts of the browser window ("framing"). The YouTube videos are called up by clicking on them separately. When you call up a page on platoyo.io with YouTube videos, a connection to the YouTube servers is established and the content is displayed on your browser.
The YouTube content is displayed in "extended data protection mode". This mode is offered by YouTube. In this mode, YouTube ensures that no cookies are stored on your device. However, when you access the pages with YouTube content, your IP address and which of our websites you have visited are communicated. However, this information cannot be directly assigned to you unless you have logged in to YouTube or other Google services in advance.
As soon as you start a YouTube video on our pages by clicking on it, YouTube states that it only stores cookies in your browser through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to Google yourself. You can prevent the setting of cookies by selecting the appropriate browser settings and extensions.
Address and link to YouTube's privacy policy:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
5.4. Vimeo
We use videos from Vimeo on our website. For technical reasons, the integration of Vimeo videos causes the Vimeo servers to be called up. Data from your browser or device is transmitted to the Vimeo server. It is also transmitted which of our Internet pages you have visited. However, this information is not directly attributable to you unless you have registered with Vimeo or other Google services in advance.
The Vimeo content is displayed in "extended data protection mode". This mode is offered by Vimeo. In this mode, Vimeo ensures that no cookies are stored on your device. For the use of data from your browser or device associated with playing a video, please refer to the provider's privacy policy.
Address and link to Vimeo's privacy policy:
Vimeo, LLC, 555 West 18th Street, New York 10011
Privacy policy: https://vimeo.com/privacy
5.5. Google Maps
To make it easier for you to find us when you visit us on site, we have integrated map material from the Google Maps service via an API into our website. In order for you to see this content, Google must receive your IP address, otherwise Google would not be able to provide you with this integrated content (see section 4.1. IP address).
With regard to Google's data processing, Google's privacy policy applies: Link. Further information on data processing in the context of the Google Maps API can also be found here: Link.
5.6. Newsletter-Abonnement
If you register for our newsletter, we will of course need your e-mail address to send you the newsletter.
We use the newsletter to inform you about current company developments and offers in connection with our services.
To this extent, data processing is based on Art. 6 I b) GDPR.
In addition, we statistically record which users have opened the newsletter and which users have clicked on links in the newsletter in order to understand which content is of interest to our users.
These last two data processing operation are based on your consent in accordance with Art. 6 I a in conjunction with Art. 7 GDPR.
We obtain your consent as part of the double opt-in procedure. You first register for our newsletter in order to receive an e-mail with a reference to this information on data processing and a confirmation link. You will only be added to the newsletter mailing list after clicking on the confirmation link. We do this to ensure that you have actually registered your e-mail address with us and wish to receive the newsletter and to be able to prove this in case of doubt. For the aforementioned verification purposes, we log your registration for the newsletter by storing the time of registration and confirmation as well as your full IP address at the time of registration or confirmation. We process this data on the basis of Art. 6 I f) GDPR, as we have a legitimate interest in proving that you have subscribed to the newsletter in the event of any legal disputes. There is no apparent overriding legitimate interest on your part for us not to process this data. Rather, the double opt-in process is also in your interest, as this is the only way to ensure that unauthorized third parties do not register on your behalf.
Furthermore, we would like to inform you that we use the newsletter service Mailchimp of Rocket Science Group LLC. for the purpose of sending our newsletter. The Rocket Science Group LLC (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) is a US company. As a result, your data will be processed in the USA. However, Rocket Science Group LLC is certified with regard to the Mailchimp service. In addition, data processing is secured under data protection law via an order processing contract.
If you do not give the above-mentioned consent or do not want data to be transferred to the USA in the aforementioned context, we can understand this, but unfortunately we cannot offer you the newsletter.
Of course, you can unsubscribe from the newsletter at any time. See also section 10.3.
5.7. Hubspot
Our website uses HubSpot, a digital marketing platform provided by the US company HubSpot, Inc. This company is located at 25 First Street, 2nd Floor in Cambridge, MA, USA, and also operates a branch in Ireland (1 Sir John Rogerson's Quay, Dublin 2, Ireland).
HubSpot also processes some of your data in the United States. As a participant in the EU-US Privacy Shield, HubSpot ensures that the data transfer of your personal data from the EU to the USA complies with the necessary security and accuracy standards. Further information on this can be found under the following link:
Adequacy decision for the EU-US Data Privacy Framework | European Commission.
In addition, HubSpot uses the so-called standard data protection clauses in accordance with Article 46 (2) and (3) of the GDPR. These clauses, which are provided by the European Commission as a template, guarantee that your data will comply with European data protection standards even if it is transferred to third countries such as the USA. HubSpot is obliged by the EU-US Privacy Shield and the standard data protection clauses to maintain the European level of data protection when processing your data - even if the data is stored and processed in the USA. These clauses are based on a decision by the EU Commission, which you can find here together with the associated clauses: Implementing Decision - 2021/914 - EN - EUR-Lex.
The data processing agreement, which corresponds to the standard data protection clauses, is available at Data Processing Agreement.
For more details on the data that HubSpot processes in the course of its services, please refer to the privacy policy at this link: HubSpot Privacy Policy.
6. Data processing in the context of inquiries from interested parties
If you contact us as an interested party, for example by e-mail, contact form, online chat, by telephone or at a trade fair, we process the following data:- First name and surname of the contact person
- Company affiliation
- position
-Telephone number
- e-mail address
- Postal address
- Areas of interest
Contact points such as newsletter subscriptions, trade fair contact with key accounts, meeting notes
Appointment calendar entries
Platoyo processes the data of interested parties for the implementation of pre-contractual measures within the meaning of Art. 6 I b) GDPR, for example when you first contact us by email. However, if you as a prospective customer describe further interest in Platoyo's services with your message, your call or the conversation, the contact details and the reason for the request are transferred to the CRM system. This processing is carried out on the basis of Art. 6 I f) GDPR. Platoyo has a legitimate interest in maintaining and intensifying contact with interested parties. This is only possible if the data is not deleted immediately. A conflicting interest of the interested party is not apparent in this case, as you have provided Platoyo with the data yourself as part of an expression of interest.
7. Data processing for a specific purpose, recipients of data, disclosure of data
We observe the principle of earmarked data use. We process all of the aforementioned data only for the purposes stated here.
In addition to the recipients of data already mentioned here, such as
- Google
- Mailchimp Inc.
- Hotjar
- LiveChat
There are of course other recipients of data. For example, we do not host our servers ourselves, but with hosting providers. And, of course, we also use software-as-a-service solutions such as project management tools in our work.
You can obtain a list of specific recipients at any time on request. However, for reasons of our own IT and data security, we do not wish to publicly name the recipients of data at this point.
However, you can be assured that we have obligated every provider who processes data on our behalf via an order processing contract in accordance with Art. 28 GDPR and that, if and insofar as data is transferred to a so-called unsafe third country such as the USA, this transfer will only take place in a permissible manner under the conditions of Art. 44 GDPR.
Personal data will not be passed on to third parties outside the framework described here without express consent.
Data will also only be transferred to state institutions and authorities entitled to receive information within the scope of the statutory duty to provide information or if we are obliged to provide information by a court decision.
8. Processing Time
8.1. Due Dates for deleting IP-Adresses, Logfiles and Cookies
The IP address and the data in the log files are only stored temporarily in the web server log files to establish a connection and are stored for 60 days for the purpose of detecting attacks and manipulation and then deleted immediately.
Persistent cookies are used as described. However, these do not store any personal data themselves and can be deleted by you at any time. (under "Settings" in the browser).
8.2. Deletion periods for data processed via Universal Analytics
Die Daten, die wir im Rahmen des Nutzungsprofils von Universal Analytics erheben, werden automatisch nach 14 Monaten gelöscht.
8.3. Deletion periods as part of the newsletter subscription
We will use your e-mail address for the purpose of sending e-mails until you unsubscribe from our newsletter. After you unsubscribe, we will delete your e-mail address from the newsletter's e-mail distribution list and also immediately inform the local partners that they must delete your e-mail address from the corresponding e-mail distribution lists without delay.
8.4. Deletion periods for prospective customer data
Prospect data is deleted two years after the last point of contact.
A contact point means, for example, the download of a white paper, interaction with an employee at a trade fair, via social media, by email or telephone or participation in a webinar, seminar or event. The long retention period is due to the sometimes long planning and budget cycles of the retail sector.
Unless there are retention periods to be fulfilled in accordance with §§ 257 HGB. In this case, the data is stored for up to 6 years and then deleted. In this case, the data will be limited in use to the fulfillment of the retention obligation after the two years in accordance with Art. 18 GDPR and deleted after the above-mentioned periods have expired
If deletion of individual data and data records is only possible with disproportionate effort in terms of extraction and separation with regard to different deletion periods, this data will be restricted uniformly after the request has been dealt with and deleted 6 years after the last point of contact.
The period begins at the end of the calendar year in which the respective date was collected.
9. Rights of data subjects (including rights to information, revocation, objection and deletion)
You have the right to request information about your data processed by us in accordance with Art. 15.
You can object to the processing of your data at any time, provided that the requirements of Art. 21 GDPR are met, and revoke any additional consent to the processing of the data at any time. If you withdraw your consent to data processing or object to the use of your data, this will not affect the lawfulness of data processing up to the time of withdrawal or objection.
You can also have the data processed by us corrected, restricted or deleted at any time. We expressly point out that there may be legal obligations - such as retention obligations - to continue to store data. In this case, the data can only be restricted. This means that the data will only be processed for the purpose of complying with legal obligations and will not be used for any other purpose.
In addition, you also have the right to data portability in accordance with Art. 20 GDPR and the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
If you have any questions, please contact us at any time at team@platoyo.com or contact our data protection officer directly by email at datenschutz@platoyo.com