Privacy Policy

PRIVACY POLICY

Unless otherwise specified regarding certain legal relationships, the controller for the processing of personal data – „personal data“ means any information relating to an identified or identifiable natural person („data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person – set out in this Privacy Policy, is:

Cloud Gems GmbH,

Eichendorffstr. 13, 60320 Frankfurt am Main, Deutschland

(hereinafter “Cloud Gems” or “we” or “us”)

E-mail: info@cloudgems.de

This Privacy Policy applies to personal data that we process when you (i) visit our website, (ii) submit information to us in connection with a (potential) business relationship with us.

  1. GENERAL INFORMATION ON DATA PROTECTION

Cloud Gems as the controller of personal data and its processing – as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”) – takes the protection of your personal data very seriously and adheres strictly to the rules of the data protection regulations.

Personal data is processed on the website of Cloud Gems and within the scope of our entire business activity only to the extent that it is necessary. Under no circumstances will your personal data be made available to third parties without your consent or without another legal basis.

Below we give you information of how we ensure the protection of your personal data and what kind of personal data is processed for what purpose.

  1. PERSONAL DATA PROCESSING ON OUR WEBSITE

The processing activities regarding your personal data when visiting our website and using our services are set out below.

    1. Website visit for purely informational purposes

CLOUD GEMS automatically processes personal data transmitted to us by the browser and other applications of your terminal device on the directly accessible Internet presences and services via the service providers commissioned by us (jointly “log data”). The relevant processed personal data is:

  • Browser type/ version / plug-ins
  • Operating system used
  • General system information (such as end device, end device ID, screen resolution, etc.)
  • Referrer URL (e.g. the page you visited previously)
  • Host name of the accessing terminal device (e.g. IP address)
  • Time of the server request
  • Geo- and location data
  • Device identification data of your end device.

The personal data mentioned will be processed by us for the following purposes:

  • to ensure a smooth connection for our services,
  • to ensure a comfortable use of our services,
  • to ensure basic functionality of our services,
  • to evaluate the system safety and stability, as well as
  • for other administrative purposes.

The legal basis for personal data processing for the use of our services on our website is Art. 6 (1) (b) or (f) GDPR.

Automatically collected log data is deleted after the purpose of the processing has been fulfilled, usually 7 days after it has been collected, unless longer storage is necessary in individual cases for reasons of data and system security or for error identification and correction.

Without processing the personal data, the website may not be displayed optimally.

    1. Contact

In order to answer other enquiries/quote requests from you, we process the following personal data:

  • Email address,
  • The content of your message,
  • Name and phone number if provided.

Your details from your contact message are processed by us for the purposes of

  • processing the enquiry,
  • the associated technical administration, as well as
  • in the event that follow-up questions arise.

In the case of (pre-)contractual measures, this personal data is processed in accordance with Art. 6 (1) (b) GDPR, otherwise due to mutual interest in processing in accordance with Art. 6 (1) (f) GDPR.

We will retain your personal data under this section only for as long as it is necessary for the transmission of the information you have requested from us and the establishment of the possible business relationship with you.

To the extent that we are required by applicable law to retain certain personal data for legally defined periods of time (such as in connection with business transactions), we will continue to store such personal data for as long as necessary. In this case, the legal basis for processing the personal data is Art. 6 (1) (c) GDPR. Your personal data will be deleted immediately if it is no longer required for the purposes of fulfilling the legal obligations.

We collect the personal data listed under this section directly from you by providing the personal data yourself. Without processing the personal data (with the exception of any voluntary information), it is not possible to process your request.

  1. COOKIES

We use cookies and related technologies on our website (hereinafter jointly “Cookies”). These are small (text) files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site and/or use our services. Cookies fundamentally do not cause any damage to your end device and do not contain any viruses, Trojans or other malware to the best of our knowledge and will.

Cookies are used to store information that is generated in connection with the specific end device used. This does not mean, however, that we will gain immediate knowledge of your identity.

We use different categories of cookies for following purposes:

  • to statistically record the use of our website and to evaluate it,
  • to optimise our services,
  • to improve the website and to better achieve website goals,
  • to enable to reach out to us through our website, as well as
  • for marketing.

Where the providers of cookies or related technologies are considered to be our processors or joint controllers, we have entered into appropriate agreements with these providers, where available. To the extent required by law, we will provide you on request with a description of the main terms of any joint controller agreements we have entered into with the relevant cookie providers.

In the following, we explain which categories of cookies we use based on which legal basis in generel. The specific information regarding cookies actually used and related information is set out in our cookie consent tool.

    1. Essential cookies

Our use of essential cookies is based on Section 25 (2) of the German Telecommunications-Telemedia Data Protection Act (“TTDSG”) and Art. 6 (1) (f) GDPR.

Essential cookies enable basic functions and are necessary for the proper functioning of the website. Without such cookies, our website would not work properly. We therefore process personal data such as cookie banner settings. Such personal data processing and use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website.

These will be deleted automatically after leaving our website or terminating the service.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a specified period of time. If you visit our site again or use our services again, it will automatically be recognised that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.

    1. Statistical and Functional cookies

We also use statistical and functional cookies based on your consent according to Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR.

We use such cookies in order to statistically record the use of our website, to evaluate it for you for the purpose of optimising our offer (see also section 2) and to provide certain functions.

These cookies are automatically deleted after a defined period of time.

    1. Analytics cookies

We also use analytics cookies based on Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR.

We use such cookies in order to e.g. measure our web audience to improve the website and to better achieve website goals (e.g. increase page views) or for web analytics and marketing purposes.

These cookies are automatically deleted after a defined period of time.

    1. Cookie Settings/withdrawal of consent/cookie providers

You can withdraw your consent to the storage of cookies (and similar technologies), except in relation to “strictly necessary cookies”, at any time by changing your cookie settings via the link at the footer area of our website: https://cloudgems.de/#contact

Most browsers and devices automatically accept cookies. However, you can configure your browser or end device so that no cookies are stored on your end device or a message always appears before a new cookie is created. If you disable cookies completely, you may not be able to use all the functions of our website.

If you use several devices/browsers, you must carry out the opt-out/deletion of cookies on each individual device/browser. If you delete all cookies in your browser, this will also delete the opt-out cookies, so that it may be necessary to carry out the opt-out again. Further, if you delete all cookies, your experience on the website may be degraded.

To the extent the providers of the cookies/similar technologies are considered as our processors or joint controllers, we have entered into the according agreements with these providers to the extent available. Upon request, we will provide you with a description of the material provisions of any joint controller agreements we have entered into with a cookie provider to the extent required by law.

  1. PERSONAL DATA PROCESSING WHEN CONTACTING CLOUD GEMS OUTSIDE OF THE WEBSITE

The processing activities regarding your personal data nor related to visiting our website are set out below.

    1. Contacting us

If you have any questions or concerns, we offer you the opportunity to contact us via the contact details provided on the respective website (email/phone).

Personal data as a valid e-mail address or phone number, the first and last name, customer number, as well as the content of your request is necessary, so that we know from whom the inquiry originates and to enable us to answer it. You can provide further personal data voluntarily, which we will then use according to your contact request.

In the case of (pre-)contractual measures, this personal data is processed in accordance with Art. 6 (1) (b) GDPR, otherwise due to mutual interest in processing in accordance with Art. 6 (1) (f) GDPR.

The personal data processed by us for the use of the contact form will be completely deleted automatically after completion of the request made by you at the end of reasonable retention periods.

    1. Google meet

We use the „Google meet“ tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: „Online Meeting(s)„). „Google meet“ is a service provided by Google Ireland Ltd, a service company of Google LLC based in the USA.

Scope of processing

When using „Google meet“, various types of personal data are processed. The scope of the data processing also depends on the data you provide before or when participating in an „Online Meeting“. The following personal data are subject to processing:

  • User details: first name, last name, telephone (optional), e-mail address, password (if „single sign-on“ is not used), profile picture (optional).
  • Department (optional).
  • Meeting metadata: Topic, description (optional), date and time, participant/user IP addresses, device/hardware information.
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
  • For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
  • Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an „Online Meeting“. In this respect, the text entries you make are processed in order to display them in the „Online Meeting“ and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the „Google Meet“ applications.

To participate in an „Online Meeting“ or to enter the „meeting room“, you must at least provide information about your name.

Purposes of the processing

We use „Google Meet“ to conduct „Online Meetings“. If we want to record „Online Meetings“, we will transparently inform you in advance and – if necessary – ask for your consent/consent. The fact of the recording will also be displayed to you in the „Google Meet“ app.

If it is necessary for the purposes of recording the results of an Online mMeeting, we will record the chat content. However, this will not usually be the case.

If you are registered as a user with „Google Meet“, then reports of „Online Meetings“ (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by „Google Meet“ for up to 6 months. We are not responsible for this, „Google Meet“ is. Further information on the data protection of Google Meet Video Communications, Inc. can be found at:

https://policies.google.com/privacy?hl=de?tid=331710269820

Legal basis for data processing

The legal basis for data processing when conducting „Online Meetings“ is Art. 6 (1) (b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. Here too, our interest lies in the effective implementation and conduction of „Online Meetings”.

If, exceptionally, a recording is made, the legal basis is consent, Art. 6 (1) (a) GDPR.

Recipients

Personal data processed in connection with participation in „Online Meetings“ will generally not be passed on to third parties, unless it is intended to be passed on. Please note that the content of „Online Meetings“, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of „Google Meet“ necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with „Google Meet“.

Transmission to third countries

„Google Meet“ is a service provided by a provider whose affiliated company is from the USA. A processing of personal data therefore also takes place in a third country. We have concluded a data processing agreement with the provider of „Google Meet“ which complies with the requirements of Art. 28 GDPR.

An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses, on the other hand due to the affiliated company of the provider being certified under the EU-US Data Privacy Framework. As additional protective measures, we have also configured our Google Meet system in such a way that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct „Online Meetings“.

However, the transfer of data to the USA as a third country cannot be ruled out. This third country may not offer an adequate level of data protection according to the GDPR. If the data is transferred to the USA, there is a risk that your data will be processed by US authorities for control and monitoring purposes without you possibly being able to appeal.

Duration of storage

The personal data concerning you will be stored until the purpose of the data processing no longer applies or after the expiry of legal or official retention obligations.

Locally stored chat messages are deleted if they are older than 30 days. Storage in the cloud has been deactivated.

Note: Insofar as you call up the website of „Google Meet“, the provider of „Google Meet“ is responsible for data processing. However, calling up the website is only necessary for using „Google Meet“ in order to download the software for using „Google Meet“.

You can also use „Google Meet“ if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the „Google Meet“ app.

If you do not want to or cannot use the „Google Meet“ app, the basic functions can also be used via a browser version, which you can also find on the „Google Meet“ website.

    1. Payment

We also collect your personal data such as name, surname, payment methods, invoices, credit card numbers or similar to enable you to make payment transactions within the scope of any contracts with us.

This processing of personal data is based on Art. 6 (1) (b) GDPR for purposes of the performance of a contract.

The personal data processed by us for the payment will be automatically deleted in full after completion of the payment transaction or the business relationship, including after expiry of appropriate retention periods.

  1. HOW YOUR PERSONAL DATA MAY BE SHARED

Your personal data will generally only be transmitted if you have given us your consent, if it is necessary for the establishment, execution or termination of a contractual obligation or if it is necessary to safeguard the legitimate interests of the controller and there is no reason to assume that your interests worthy of protection in the exclusion of the processing or use outweigh or there are statutory transmission obligations.

If we transfer personal data to companies commissioned by us or cooperating with us or to other third parties, we have entered into agreements with them in accordance with applicable law, in particular in accordance with Art. 26 and 28 GDPR. Under this provision, the other personal data processing bodies undertake to guarantee an adequate level of data protection. Please contact us for details regarding this; we will be pleased to meet your justified claims for information.

With recipients in so called „third countries“ within the meaning of the GDPR and where applicable, we agree to apply EU standard contractual clauses, binding corporate rules or other means (like the EU-US Data Privacy Frameworks) to provide an „adequate level of protection“ in accordance with legal requirements. We will be happy to provide you with more specific information on this via the contact details below.

  1. INFORMATION ABOUT THE CONTROLLER

Please contact us using the contact details from above if you have any questions or requests for information, if you wish to assert your rights or if you wish to withdraw any consent you may have given to the use of your personal data.

  1. YOUR CHOICE

You are not obliged to give us your personal data or consent for processing of your personal data. You have moreover certain choices about personal data, e.g. where you have consented to the processing of your personal data, you may withdraw that consent at any time and prevent further processing by contacting us as described above. Even if you opt out, we may still collect and use non-personal data regarding your activities on our services and for other legal purposes as described above.

You can also use our cookie banner on our website to pre-select the use of cookies.

Please note that if you do not want to share your personal data for the purposes described above, we may not be able to perform some of our services properly.

  1. TECHNICAL AND ORGANISATIONAL MEASURES

We make use of suitable technical and organisational security measures – also via our service providers, which we contractually commit to comply with data protection – to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our and the service providers’ security measures are continuously improved in line with technological developments. We therefore reserve the right to change these security and data protection measures if this becomes necessary due to technical changes.

When visiting our website and when using our services, we always use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your browser (software-dependent).

  1. AUTOMATED DECISION-MAKING

Automatic decision making does not take place.

  1. YOUR RIGHTS

You have in general the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or to object to processing, the existence of a right to object, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on their details;
  • in accordance with Art. 16 GDPR to immediately request the rectification of incorrect or incomplete personal data stored by us;
  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
  • in accordance with Art. 7 (3) GDPR to withdraw your consent once given to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future; and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our place of business. The supervisory authority responsible for the controller is:


Der Hessische Beauftragte für Datenschutz und Informationsfreiheit

vertreten durch Prof. Dr. Alexander Roßnagel

Gustav-Stresemann-Ring 1, 65189 Wiesbaden

Telefon: 0611-1408 0

E-Mail: poststelle@datenschutz.hessen.de

Further information on the respective responsibilities, activities and personal data processing by the supervisory authority can be found in the relevant information, e.g. at https://datenschutz.hessen.de/.

INDIVIDUAL RIGHT OF OBJECTION according to Art. 21 GDPR

You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 (1) (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions.

If we use personal data for direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you object to the processing for the purpose of direct marketing, the personal data will no longer be processed for these purposes.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

For the execution of your rights set out in this section, please use the contact details from above.

  1. UPDATE AND AMENDMENT OF THIS PRIVACY POLICY

This Privacy Policy is currently valid in the version of March 2024.

Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection notice. The current data protection information can be retrieved and printed any time via the website at:

https://cloudgems.de/

Nach oben scrollen