Who can I contact?
Responsible for this website is:
Via the contact data you can reach our Data Protection Officer or another data protection relevant contact. Don’t hesitate to contact us if you have specific questions about your personal data, deletion of your personal data or similar things.
What are my rights?
You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:
- Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to cancel a previously given consent to a newsletter)
- Right to access your data in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
- Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and we should replace your old e-mail address)
- Right to have your data deleted in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
- Right to limit data collection in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to use your e-mail address for newsletters, but only to send absolutely necessary e-mails)
- Right to take your data with you in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data in a zipped format, if you want to upload it to another website)
- Right to send complaints to the supervisory authority in accordance with Art. 57 para. 1 f GDPR (e.g. you can contact the data protection supervisory authority directly)
Deletion of data and storage periods
Unless otherwise stated, we will delete or anonymize your data as soon as it is no longer needed (e.g. your e-mail address after you have unsubscribed from a newsletter). Your data will also be deleted or anonymized automatically if the mandatory storage period expires (e.g. those required by law for payment transactions). Such data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you.
Visiting our website
If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser sends to us, e.g.:
- IP address (e.g. 96.92.316.example or 2a02:7122:8337:1112:bdb2:651f:example)
- Approximate location based on IP range (e.g. “Luxembourg city”)
- Internet provider (e.g. “Telecom” or „AT&T“)
- Internet connection speed (e.g. 100 Mbit)
- Date and time of visit (e.g. 11:45 on 25.05.2018)
- Last visited website (e.g. google.com)
- Browser and version (e.g. Chrome v65 or Safari 11.1)
- Operating system (e.g. Mac OS)
- Hardware (e.g. Intel processor)
As a safeguard to protect your privacy, we delete or anonymise your IP address after your visit. Therefore, all other data possibly attached to it can no longer be traced back to you. It will only serve anonymous and statistical purposes to optimise our website. The purpose of temporarily storing this data is necessary to establish a connection as well as loading our website the way it was designed to. Such data is therefore required to display the website on your screen, to avoid display problems and other technical error messages. The legal basis for EU visitors is the legitimate interest in accordance with the European data protection requirements under Art. 6 para. 1 lit. f GDPR. In addition, we apply the aforementioned safeguards to protect your data.
Personal data you provide voluntarily
If you contact us via the Website, we will only collect such data and information that you will provide when describing the reason for your request. The provision of personal data is not required to this end. Should any personal data be provided, it will only be used to process your request and reply to it.
If you contact us via the e-mail address specified on our website, you will provide the following personal data:
- e-mail address
- your company name
This information will only be used to process your inquiry and reply to it.
These purposes constitute our legitimate interest, which justifies data processing pursuant to art. 6 par. 1 lit. f) GDPR. In some cases, the reason why you contact us may be a pre-contractual measure, in which case the legal basis for processing is art. 6 par. 1 lit. b) GDPR.
We collect and process the personal data of applicants for the purpose of carrying out the application procedure. The processing can also be done electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, e.g. by e-mail. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If there is no employment, the application documents will be deleted 6 months after the end of the application procedure, provided that no other legitimate interests of ours oppose the deletion. Another legitimate interest in this sense is, for example, the burden of proof in proceedings under the General Equal Treatment Act. To process the applications, we use a service provider (Personio) with whom we have concluded a data protection contract with the requirements of Art. 28 GDPR.
If you are interested in receiving updates about our company or our products, you can subscribe to our newsletter. We will then save your e-mail address until you unsubscribe from the newsletter. For this purpose you will find a corresponding link to unsubscribe in every e-mail of our newsletter. The delivery of the newsletter is carried out by a professional service provider.
As a safeguard to protect your privacy, we have entered into a data processing agreement with the assigned service provider. You also have the possibility to unsubscribe from the newsletter at any time and thus delete your e-mail address from the service provider's database. The purpose of the data requested is to send the newsletter to your personal e-mail address in order to fulfil your request for updates about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.
If cookies do not contain an exact expiration date, they are stored only temporarily and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date will still be stored even when you close your browser or restart your device. Such cookies will not be deleted until the specified date or if you delete them manually.
We use the following three types of cookies on our website:
- required cookies (cookies that are required, e.g. to display the website correctly for you and to store certain settings temporarily)
- functional and performance-related cookies (cookies that help us improve our website, e.g. to evaluate technical data of your visit and avoid error messages)
- advertising and analytics cookies (cookies that provide analytics and personalized ads, e.g. advertising for shoes is displayed if you have previously searched for shoes)
You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly.
Transfer to third countries
Unless otherwise stated, all data processing operations take place within the EU or the EEA countries.
Data processing operations carried out by third-party providers established outside the mentioned geographical area may be carried out in part or in full in the countries the respective providers are based in, in accordance with the relevant and applicable data protection regulations.
A transfer of personal data outside the EU or the EEA shall only take place on the basis of on an adequacy decision of the European Commission, or subject to appropriate safeguards, including but not limited to standard data protection clauses adopted by the European Commission.
We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses the advertising and analytics cookies described above to analyze our website with regard to your usage behavior. The information generated by these cookies is transferred to a Google server in the USA and stored there. However, your IP address is shortened before the usage statistics are evaluated, so that no direct connection to you as a person can be made. For this purpose, we use the "anonymizeIp" function to ensure anonymous collection of IP addresses. Google will use the anonymous information collected by the cookies to evaluate the usage of the website and to compile reports on website activity. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
Google Tag Manager
Mailchimp is an all-in-one marketing platform that helps Payrails automate the newsletter sending process. Mailchimp is a GDPR compliant solution and ensure the data privacy. In case of an opt-out request from the newsletter, your data is removed from Mailchimp.
We use Hotjar to track users’ activities in our website during their visit. It helps us understand what users want, care about and do on our site by visually representing their clicks, taps and scrolling behavior. Hotjar assigns all users a unique identifier called a Hotjar User ID within Recordings when they visit our website, allowing us to find Recordings from a specific user, while still allowing the user to remain otherwise anonymous. Categories of the collected data is specified by Hotjar in their website. Hotjar is a GDPR compliant solution and secures the data and the privacy.
We have also entered into contract processing agreements with all external recipients to comply with European law requirements. Depending on your location, some of the above service providers - if specified - will also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have a level of data protection equivalent to the EU and authorities may be able to access data without due process. Additional safeguards are therefore required to ensure a sufficient level of data protection. To meet this requirement, we have concluded additional contracts for commissioned processing called standard contractual clauses. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong data encryption.