Version from [1.03.2021]
A. PRIVACY DECLARATION
The data controller for the platform is Moveagain GmbH, Holzgasse 7-11, 50676 Köln. If you have any data protection concerns, you can contact our data protection officer by e-mail or letter. You can reach him or her as follows:
- MoveAgain GmbH
- Alexander Renner
- Holzgasse 7-11, 50676 Köln
In the context of the GDPR, personal data means all personal data relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing means any handling of personal data, in particular its collection, storage, retention, use, modification, disclosure and deletion.
1. Data collected and processed on the platform
We process personal data that we receive from you or collect about you in connection with the operation and use of our platform and its applications. The entry of personal or business data on our platform and its applications is voluntary.
When we make our platform available, we process personal data from various sources. On the one hand, this is data that we automatically process for technical reasons each time a visitor accesses the platform. On the other hand, we only process certain data if you decide to contact us or to use certain functions of the platform.
a. Data that we process automatically when you visit our platform
As soon as you visit the platform, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case, we collect the following usage and web access data (which we call "usage data" below):
- the date and time of the visit and the duration of the use of the platform;
- Your location details (as far as you allow access in your browser and device);
- the IP address and MAC address of your device;
- the referral URL (the website from which you may have been referred);
- The data is used to identify the websites and content accessed and the functions used on the platform;
- further information about your device (device type, browser type and version, settings, installed plug-ins, operating system).
We process the usage data exclusively in a pseudonymous manner to enable you to use the platform and to ensure its functionality. At no time can we use the usage data to identify you as a person. In addition, we process the pseudonymous usage data to analyse the performance of the platform, to continuously improve it and to correct errors or to personalise the content of the platform for you. We also process the usage data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for processing this data is Art. 6 (1) lit. f) DSGVO
b. Data that you transmit to us yourself
In addition to the data we process for all visitors to our platform, we also process other data when you use our contact form on the platform. You can see the details in the contact form. We process this data exclusively for the purpose of processing your request.
We also process your data if you register for our newsletter. You can find the required data in the registration form for the e-mail newsletter.
The legal basis in each case is Art. 6 (1) lit. a) DSGVO (your consent).
2. Data that we process in the provision of our services on the platform
a. Data collected on the platform
In addition, we process other personal data when you use our services on the platform. These are:
- Your login details
- Usage data
We process this data to provide you with services via the Platform. We also process this data in order to detect and correct errors, to improve the platform (for example through pseudonymous A/B tests to optimise the user interface) or, in individual cases, to prevent use in breach of contract or the law.
The legal basis for the processing of your registration data and the usage data within the framework of the platform is, with regard to the provision of the platform and the services mediated via it, Art. 6 (1) lit. b) DSGVO, and with regard to the other purposes Art. 6 (1) lit. f) DSGVO.
b. Third party data
Furthermore, we process personal data that we receive about you from third parties, in particular information from public registers (e.g. commercial register). The legal basis for this is, depending on the individual case, either Art. 6 para. 1 lit. b DSGVO or Art. 6 para. 1 lit. f DSGVO.
If we make advance payments (e.g. in the case of an order on account), we obtain creditworthiness information about you in order to protect the legitimate interests of MoveAgain. For this purpose, we transmit the personal data required for a credit assessment to PowerPay [address] ("PowerPay") or SCHUFA [address] ("SCHUFA"). The information received about the probability of a payment default is used for a weighed decision about the establishment, implementation or termination of the contractual relationship. The legal basis for this is Art. 6 (1) lit. f DSGVO.
We also process data on your interests and other socio-demographic data for marketing purposes, provided you have given us your consent to do so. The legal basis for this is your consent (Art. 6 para. 1 lit. a DSGVO).
3. The purposes for which we process your data
We process personal data in general:
- with the consent of the data subject (Art. 6 para. 1 lit. a DSGVO),
- for the performance of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures (Art. 6 para. 1 lit. b DSGVO),
- to fulfil a legal obligation to which we are subject (Art. 6 para. 1 lit. c DSGVO) as well as,
- in order to safeguard the legitimate interests of us or of third parties, unless the interests or fundamental rights and freedoms of the data subject prevail (Art. 6 para. 1 lit. f DSGVO). Legitimate interests are in particular our business interest in being able to operate our platform and its applications, information security, the enforcement of our own legal claims and compliance with the law applicable to us.
In addition to the purposes for the data processing listed above (see points 1. and 2.), we process personal data for the following purposes:
- Management of your customer account (Art. 6 para. 1 lit. b DSGVO)
- Conclusion and processing of contracts for services that you order on our platform and its application (Art. 6 para. 1 lit. b DSGVO)
- Ensuring the operation of our platform and its applications (Art. 6 para. 1 lit. f DSGVO)
- Responding to enquiries you send us via contact and feedback forms on our platform and its applications (Art. 6 para. 1 lit. a DSGVO)
- Fulfilment of our legal obligations at home and abroad (Art. 6 para. 1 lit. c DSGVO)
In addition, we also process personal data, insofar as legally permissible and this appears to us to be appropriate, for the following purposes in which we have a legitimate interest corresponding to the purpose:
- Further development of our platform and its applications as well as our offers and services
- Marketing (e.g. sending newsletters), provided you have registered to receive our newsletter and have not objected to the use of your personal data for marketing purposes.
- Assertion of legal claims and defence in connection with legal disputes and official proceedings
4. To whom we transfer your data
Your personal data will only be disclosed to third parties if this is necessary for the provision of the platform and/or provision or use of the mediated services.
a. Disclosure to technical service providers
We share your data with the hosting providers, software suppliers and IT service providers listed below.
Our platform is hosted on [DigitalOcean - The developer cloud]. All these data recipients have entered into strict contractual agreements with us to process data exclusively within the scope of our instructions (so-called order processing agreements).
If you have registered to receive our newsletter, we will also pass on your data to the technical provider for the newsletter dispatch. We use MailChimp, a service of The Rocket Science Group LLC in Atlanta, USA ("MailChimp"), for the newsletter dispatch.
We use the data you provide as part of the newsletter registration or separately to send you our newsletter regularly by e-mail based on your consent. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the addresses given above or via a link provided for this purpose in the newsletter. After unsubscribing, your e-mail address and the other data provided as part of the newsletter registration will be deleted, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this in accordance with this data protection declaration.
In our newsletters, where permitted, we use techniques (e.g. visible and invisible image elements and/or links) to determine whether and when you have opened the newsletter and which links have been clicked on, and to measure and better understand how you use our offers and tailor them to you.
By agreeing to receive newsletters, you consent to the use of the techniques used in our newsletters. Most email applications are pre-set to allow the use of these techniques. If you do not want this, then you must adjust the settings of your e-mail application (e.g. Microsoft Outlook) accordingly.
The data recipients also include the other third-party providers mentioned in our overview of cookies and analysis tools. Detailed information about the third-party providers we use in this context, e.g. for processing customer requests or web analytics, can be found in the information about cookies, web analytics and other tracking technologies at the end of this document (section B).
b. Disclosure to providers of services brokered via the platform
As we do not offer the services mediated via the platform ourselves, we pass on your personal data to the providers of the services that we have mediated to you via the platform in order to process the mediated contractual services.
c. Disclosure to payment service providers
Please note that we do not permanently store your credit card details (credit card number, CSV and expiry date), but only process them in order to transmit them in encrypted form to the service provider we refer via our platform. If you choose a MoveAgain product, we will use your payment data to collect the fee. We use the services of our partner Stripe, 510 Townsend Street, San Francisco, CA 94103, USA ("Stripe") in some cases. Where Stripe is involved, your credit card details are requested via an iFrame from the partner. Stripe collects and stores the data in order to transmit it in encrypted form to the organiser you have selected. Your credit card details are not transmitted to us in this case. You can find more information about Stripe here: https://stripe.com/en-gb-gr/privacy
In the event of default of payment, we may pass on your data to a bank or a debt collection service provider.
5. Data processing outside the EEA
We do not transfer your personal data to countries outside the EEA (so-called "third countries") without taking appropriate protective measures.
However, we will ensure that an adequate level of data protection is guaranteed at all times. We will ensure that either a so-called adequacy decision is in place, EU standard contractual clauses (including any necessary additional measures) are included in our contracts with processors or that other appropriate safeguards (such as Binding Corporate Rules or approved codes of conduct) are in place to ensure security of processing and an adequate level of data protection at all times.
6. Duration of storage
We process and store your personal data to the extent necessary to fulfil our contractual or legal obligations. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as required by law (e.g. for the purpose of retention and documentation obligations). If the data is no longer required for the fulfilment of legal obligations (e.g. tax or commercial law), it will be deleted, unless further processing is necessary for the preservation of evidence or for the enforcement or defence of legal claims.
We store usage data within the scope of our services for a period of 3 years.
As soon as your personal data is no longer required for the above-mentioned purposes, we will delete it or make it anonymous. In the case of longer-term storage obligations, we restrict processing.
7. Automated individual rulings and user profiles
We do not process your personal data in the context of exclusively automated processing for the purpose of making decisions that produce legal effects vis-à-vis you or similarly significantly affect you. We do not use your data to create a personal user profile. Any evaluations of usage data are carried out exclusively anonymously on the basis of aggregated data of sufficiently large comparison groups to be able to exclude any identification of your person.
8. Data security
We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse (e.g. encryption of data carriers and data transfers, access restrictions). Access to our platform and its applications is via SSL/TLS encryption.
9. Your legal rights under the GDPR
Under the GDPR, you can assert the following rights towards us:
- Your right to information and access according to Art. 15 DSGVO,
- Your right to rectification pursuant to Art. 16 of the GDPR,
- Your right to deletion pursuant to Article 17 of the GDPR,
- Your right to restriction of processing pursuant to Article 18 of the GDPR, and
- Your right to data portability pursuant to Art. 20 of the GDPR.
You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR). You can file this complaint both at your place of residence, at your place of work or at the place of the data protection breach you are complaining about. You can also file a complaint with the supervisory authority at our place of business.
In addition, you can also revoke any consent you have given at any time. However, this revocation only applies for the future. Any processing that took place before the revocation remains unaffected. If you wish to exercise your rights as a data subject, you can also do so by contacting: [email@example.com].
B. COOKIE AND ANALYSIS GUIDELINES
2. Adjustment of the browser settings
3. Third-party providers of tracking techniques and analysis tools
Google Analytics, Google Web Fonts and Google TAG
Google Ads and Google Conversion-Tracking:
Google Maps, Google Invisible reCAPTCHA and YouTube:
Google Dynamic Remarketing
On our platform, we use the dynamic remarketing function of Google AdWords. The technology enables us to display automatically generated, target group-oriented advertisements after your visit to our platform. The ads are based on the products and services that you clicked on during your last visit to our platform. The provider of Google Dynamic Remarketing is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
You can object to the collection or analysis of your data by this tool by following these application instructions from Google: https://support.google.com/ads/answer/7395996
Facebook Pixel, Facebook Custom Audiences and Facebook-Conversion:
We use so-called social plugins from social networks such as Facebook, Twitter and Pinterest on our platform. You can usually recognise the social plugins by the logos/symbols of the respective social networks. The social plugins enable you, among other things, to share certain content of our platform (e.g. a blog post). When you access our platform, your browser establishes a connection to the servers of the respective social network and transmits certain usage data (including the information that you are on our platform) to its operator.
We have no influence on the type and scope of the data collected in this process or its subsequent processing by the operators of the respective social networks. These operators are responsible for processing the data in accordance with their data protection regulations. You can find these under the following links:
We use the CRM system of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, in order to be able to process user enquiries more quickly and efficiently (legitimate interest pursuant to Art. 6 Para. 1 lit. f. DSGVO).
Salesforce only uses the users' data for the technical processing of the enquiries and does not pass them on to third parties. To use Salesforce, at least a correct e-mail address is required. Pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address, telephone number, etc.).
If users do not agree to data collection via and data storage in Salesforce's external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post.
When you visit our Platform or use our products and services, this information is further processed in a business intelligence system operated by Tableau Software, LLC, The Oval, Shelbourne Road, Dublin 4, Ireland ("Tableau").
The categories of information collected on Tableau depend on your interactions with MoveAgain: Contact information, such as name, title, email address, physical address, phone number and similar contact information, usernames and passwords. Payment and financial information. Credit card number, bank information and billing address. Demographic information. Employment status, occupation, region. If you participate in a survey or enquiry, you will have the opportunity to provide additional information such as gender, origin, salary, age and other personal information. From the surveys, in turn, data such as inclinations and attributes that Tableau generates can help us further understand you and your preferences. In addition, information generated during the course of your transaction with MoveAgain, including account information, logins, passwords and purchase history is processed and analysed, including travel information, scheduling information, furniture selection or accessibility requirements, and usage and geographic data. Tableau collects information related to your use of our products, services and websites and the Platform.
We use the rating platform Trustpilot A/S, Pilestræde 58, DK-1112 Copenhagen, Denmark (www.trustpilot.de). Trustpilot is the responsible party in terms of data protection with regard to the data provided by customers on the Trustpilot website. The rating is published on Trustpilot's website and can also be displayed on our website in so-called widgets. Further details can be found in the data protection provisions (https://de.legal.trustpilot.com/end-user-privacy-terms) of Trustpilot and their GTC (https://de.legal.trustpilot.com/end-user-terms-and-conditions).