Data Privacy

 

Our Privacy Policy

 

The legal regulations for the protection of your data can be found in the General Data Protection Regulation (GDPR) , the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).

Opinari UG, Plazerstrasse 15. 81375 München, Germany, info@opinari.co ; +49 172 317 0937, is the responsible controller in terms of the GDPR.

Below you will find information about what personal data - that is all data that identifies or makes you identifiable, such as name, address, e-mail address or even user behavior - we collect during your visit to our website and how this data is used. Should you have any further questions, please feel free to contact us at info@opinari.co.

You also have the right to file a complaint to any supervisory authority in the event of unlawful use of the data. The competent supervisory authority for us is:

Bavarian State Office for Data Protection Supervision

- Bayerisches Landesamt für Datenschutzaufsicht -

Postfach 1349

91504 Ansbach

Deutschland

Telefon: +49 (0) 981 180093-0

Telefax: +49 (0) 981 180093-800

E-Mail: poststelle@lda.bayern.de

 

1. Hosting and Server Data

We host our website with the hosting of HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. When you visit our website, various server statistics are automatically stored, which your browser transmits to our provider's server: the time of the page views, number of page views, duration of the session, IP address and host name of the user, information about the requesting client (usually browser), search engine used including search query and the operating system used are logged.

This data is used for the statistical evaluation of visits to our site and cannot be assigned to specific persons.

The legal basis for the collection of data is Art. 6 para. 1 lit. f) GDPR. A consolidation of this data with other data sources is not carried out. The IP address will be anonymized. Our legitimate interest in the collection of this data is based on the fact that we can use the data to optimize our offer for users, e.g. by preventing access from malicious sites or by optimizing access via certain browsers, and that the log of the IP address is what makes the delivery of the site to the visitor possible in the first place.

Generally, you have the right to object to this collection of data. This is actually not possible in this case, because otherwise the content of this site can´t be carried out and the use of the site would not be possible. The data will be deleted as soon as they are no longer required for the above-mentioned purposes.


1a. Security of data transmission

For the transmission of your data, we use a secure server with SSL technology (Secure Socket Layer) with 128-bit encryption. In this way, your data is transmitted to us securely and unreadable for unauthorised persons.

It is possible that data may be transferred to third countries via subcontractors or companies associated with them in the course of calling up and using our website and associated offers. Potential risks here may be unenforceable data subject rights and a lower level of data protection. We minimize the risk as far as possible by concluding order processing agreements (if such an order relationship exists) and standard contractual clauses including effective supplements required by the supervisory authorities.

2. Processing and disclosure of personal data

2a. General information

Insofar as you have provided us with personal data, we use this data to answer your enquiries, to advise you and to process contracts concluded with you and for technical administration. Except in the cases explicitly mentioned in this declaration, your personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of processing the contract, if this is necessary for billing purposes or if you have given your prior consent. You have the right to revoke your consent at any time with effect for the future, see also section 6 on your data subject rights.

2b. Request by Contact form and by e-mail

When using our contact form, we collect and store your e-mail address and the content of the message for the purpose of answering your enquiry. Further data is optional.

If you send us an enquiry by e-mail, we collect and store the e-mail address and the data contained in the e-mail for the purpose of answering your enquiry.

The legal basis for storing the data you provide in the contact form is Art. 6 para. 1 lit. a GDPR, as you give your consent to this storage. If a contractual relationship develops from the enquiry by way of contract initiation or if the enquiry relates to an existing contractual relationship, the legal basis is Art. 6 para. 1 lit. b) GDPR, as the storage of the data is necessary for the fulfilment of a pre-contractual or contractual obligation. Furthermore, we also have a legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR in processing the data for the purpose of communication and answering your enquiries.

The data will be deleted when the purpose for which it was stored no longer applies, i.e. after your e-mail inquiry has been answered or when the matter associated with the inquiry has been finally clarified. In the case of an existing contractual relationship or a contractual relationship resulting from the inquiry, the data will be deleted after expiry of the statutory retention periods.

For information on the right to deletion and information, see section 10 below on your rights as a data subject.


3. Cookies

The Internet pages use so-called cookies in several places. They serve to make our offer more user-friendly, effective and secure. A cookie is a piece of text information that our website places on the end device you are using via the web browser. The cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest results from the fact that with the aforementioned cookies we merely facilitate the retrievability of the page for you, do not collect any tracking data in the process and thus there is no interference with your personal rights and fundamental freedoms.

You can exclude the acceptance of cookies in your web browser. However, this may impair the functionality of the site. For more information on your rights as a data subject, see section 10 below.

These cookies are only valid for the duration of your browser session and are deleted when you end your visit to our site.


3a. Cookie Consent by Hubspot

To obtain your consent, we use HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. If you give your consent, Hubspot will automatically log the following data:

- The end user's IP number in anonymized form (the last three digits are set to '0')

- Date and time of consent

- User agent of the end user's browser

- The URL from which the consent was sent

- An anonymous, random and encrypted key

- The consent status of the end user, which serves as proof of consent

The stored data is used to ensure that web analytics services only collect data with your consent and to document that consent, and to create and display cookie statements to end users.

The key and consent status are also stored in the end user's browser in the cookie " __hs_cookie_cat_pref" so that the website can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 6 months.

The legal basis for processing your data is Art. 6 para. 1 lit. a), f) GDPR, because we are required by law to be able to prove consent and our legitimate interest arises from the fact that this is the only way we can obtain necessary consent.

 

4. Newsletter

With our newsletter we inform you regularly about news and new offers. If you would like to receive our newsletter you need to enter a valid email address. We will then send you a confirmation email with which you can verify your email address and your wish to receive the newsletter. To verify your registration, we store the IP address, both when you register and when you activate the confirmation link. In addition, we store the date and time of registration, the specified email address and the date and time of activation of the link in the confirmation email for a legally secure proof of your registration.

You can object to receiving further newsletters at any time by clicking on the unsubscribe link at the end of each newsletter, without incurring any transmission costs other than those according to the basic rates of your telecommunication provider. You can also send an e-mail with the corresponding request to unsubscribe from the mailing list to us at info@opinari.co.

The legal basis for the collection and processing of your data for newsletter marketing is, as a result of your express consent, Art. 6 para. 1 lit. a) GDPR. The conditions for consent and its withdrawal have their legal basis in Art. 7 GDPR.

In order to organize and analyze the newsletter dispatch, we use the HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on Hubspot’s servers (as in section 1).


5. LinkedIn

For the purpose of exchanging information with our customers and interested parties as well as for general information about our company and its employees, we operate a page on www.linkedin.com by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). If you access the page via our website using the LinkedIn icon and are logged into your account at the same time, LinkedIn can directly assign the visit to our website to your LinkedIn account. If you do not want LinkedIn to assign your data to your account, you must log out of LinkedIn before visiting our website.

If you access interactive functions of the site (liking, commenting, sharing, news, etc.), a LinkedIn - login screen will appear. After any login, you will again be recognizable to LinkedIn as a specific user.

For more information, see LinkedIn's privacy policy at https://de.linkedin.com/legal/privacy-policy. You can check the privacy settings in your LinkedIn account. You can activate the "Block third-party cookies" function in your browser settings. However, blocking cookies may result in limited functionality of the site.

We, as the operator of our LinkedIn fan page, do not collect or process any data beyond this. For more information on LinkedIn and other social networks and how you can protect your data within the framework of the private settings, see, for example, youngdata.de.

The legal basis for the use of the LinkedIn fan page is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest is based on the fact that we enable customers to have a direct exchange with our company via this social media service, also for complaints, and thus constantly optimize our service.

For your data subject rights, see section 10 below.

 
6. Instagram

For the purpose of exchanging information with our customers and for the purpose of advertising new products or services as well as for general information about our company we operate a page on the platform "Instagram". This service is offered by Meta Platforms, Inc 1 Hacker Way, Menlo Park, California 94025 USA (hereinafter "Instagram").

The data controller for individuals living outside the United States is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If you access the page via our website using the Instagram icon and are logged into your Instagram account at the same time, Instagram can directly assign the visit to our website to your Instagram account.

If you do not want Instagram to assign your data to your account, you must log out of Instagram before visiting our website.

When you access interactive features of the site (liking, commenting, sharing, messaging, etc.), an Instagram login screen will appear. After any login, you will again be recognizable to Instagram as a specific user. For information on how to manage or delete information about you, please refer to Instagram's data policy at https://help.instagram.com/519522125107875/?maybe_redirect_pol=0.

We, as the operator of our Instagram fan page, do not collect or process any data beyond this. For more information on Instagram and other social networks and how you can protect your data within the framework of the private settings, see, for example, youngdata.de.

The legal basis for the use of the Instagram fan page is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on the fact that we enable customers to have a direct exchange with our company via this social media service, also for complaints, and thus to constantly optimize our service.

For your data subject rights, see below section 10.

7. Content Delivery Network by Hubspot

We use a Content Delivery Network (CDN) by HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA (Hubspot) to integrate scripts and libraries on our website. With a content delivery network, the content of our website is stored on the server of the service and the service distributes this content to you or your browser via a network of regional servers when the web page is accessed. The purpose of this is to be able to better fend off attacks, such as DDos attacks, on our website and, in the case of large script and data volumes, to provide you with the content of our pages quickly and in an optimized manner.

Since the traffic of our website runs through servers of Hubspot, your IP address is also transmitted to them. We have also concluded an order processing agreement (data processing agreement) with Hubspot, with which this company documents to us the compliance with appropriate technical and organizational measures.

The legal basis for our use of the Hubspot CDN is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest arises from the fact that this service is technically necessary to be able to take security measures against attacks on our website and to deliver large amounts of data in an optimized manner. The encroachment on your fundamental freedoms is minor here, as Hubspot guarantees the level of data protection according to the GDPR https://knowledge.hubspot.com/privacy-and-consent/how-do-i-turn-on-gdpr-functionality-in-my-hubspot-account.

For your data subject rights, see below section 10.

 

8. Calendly

For the purpose of signing up for a meeting we use the online calendar "Calendly". "Calendly" is a service provided by Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.

When you press the online appointment setting link, you will automatically be connected to our appointment setting page at Calendly. After selecting your appointment, confirming it, and entering your contact information and concerns, you will receive an email from Calendly confirming your appointment. You can view more information about Calendly and Calendly's privacy policy here: https://calendly.com/privacy.

The information you provide in the Calendly form, including the data you enter there, will be stored by us and Calendly for the purpose of processing your request and in case of follow-up questions. This data remains with us and Calendly until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. appointment made). Mandatory legal provisions - in particular retention periods - remain unaffected.

The legal basis for the collection and processing of your data for newsletter marketing is, as a result of your express consent, Art. 6 para. 1 lit. a) GDPR. The conditions for consent and its withdrawal have their legal basis in Art. 7 GDPR.

 

9. Stripe

For payments we use the payment service provider Stripe. Stripe is a service by Stripe Payments Europe Ltd. in Ireland and the US-based Stripe Inc. respectively. Information on the type, scope and purpose of data processing by Stripe can be found in the global privacy policy of Stripe. We do not store any bank data or account information from you. Only the Stripe customer ID is stored as a token in the user account, through which the proper receipt of payment can be tracked.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b) GDPR, as the data is required for the fulfillment of the concluded booking contract.

 

10. Microsoft Teams

We use Microsoft Teams to conduct online meetings, video conferences or webinars. „Teams“ is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

"Teams" processes different data depending on the settings made, the specific method of use and your own personal information, such as first name and last name.

For example, first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional) or department (optional) may be processed initially. In addition, meeting metadata, such as the topic, description (optional), participant IP addresses or device/hardware information is processed.

If the meetings are recorded, MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat will be generated and processed.

Should you enter a meeting by phone, details of the incoming and outgoing phone number, country name, start and end time will be stored and processed. If necessary, further connection data such as the IP address of the device may be stored.

In the meeting, you have the option of using the chat, question or survey functions. To this extent, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Teams" applications.

To participate in an online meeting, you must at least provide information about your name. Further details are optional.

If it is necessary for the purpose of logging the results of an online meeting or for the purpose of recording and following up webinars, we will log or record the chat content. We will explicitly inform you of this.

If you are logged in to "Teams" as a registered user when you dial into an online meeting, "Teams" will recognize you and reports of "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, polling function in webinars) may be stored by "Teams" for up to one month.

You can find out more about the data protection provisions of Microsoft Teams in the provider's data protection declaration at https://privacy.microsoft.com/de-de/privacystatement.

 

11. Rights of the data subjects


a. Right to object

If we process your data to protect legitimate interests (Art. 6 Par. 1 lit. f) GDPR), you may object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

In the event of an objection to data processing for the purpose of direct marketing, processing for this purpose will no longer be carried out.

b. Right of access by the data subject

You have the right to request confirmation from us as to whether we are processing personal data concerning you and, if so, a right to access the personal data and related information in accordance with Article 15 of the GDPR.

c. Right of rectification

You have the right to ask us to correct or complete any incorrect or incomplete personal data concerning you without delay in accordance with Art. 16 GDPR.

d. Right to erasure (‘right to be forgotten’)

You have the right to demand the immediate deletion of personal data concerning you and we are obliged to delete them immediately if one of the reasons mentioned in article 17 GDPR applies

e. Right to restriction of processing

You have the right to ask us to restrict the personal data concerning you if one of the conditions mentioned in art. 18 GDPR is fulfilled.

f. Right to data transferability

You have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format and you have the right to request that we transfer the data to another controller, as far as this is technically feasible.