Data Protection

It is important for us to inform you which of your personal data is collected when you use our website, our products or our social media presence, how it is processed and what rights you have in this regard. In the following data protection information, we summarize all this information clearly for you.

Notice

For gridscale GmbH, Oskar-Jäger-Str. 173, 50825 Cologne (hereinafter referred to as gridscale), the protection of your personal information has top priority. Of course, we comply with data protection laws and would like to inform you comprehensively about the handling of your data with the following data protection information.

Deine Daten zur Erfüllung deines Auftrags

When you order a product from us, we only ask you for as much information as we absolutely need to fulfill your order or for billing purposes. In most cases, the information is limited to your e-mail address and the data on the payment medium you have selected. In individual cases, it may be necessary for us to ask you for additional data about your company or to ask you for your name.

Information about the collection of personal data

Responsible person according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is:

gridscale GmbH, Oskar-Jäger-Str. 173, 50825 Köln

We will be happy to answer questions on the subject of data protection at:

gridscale GmbH
Der Datenschutzbeauftragte
Oskar-Jäger-Str. 173
50825 Köln

or via email to compliance@gridscale.io

Your rights as person affected:

Right to information (Art. 15 para. 1 GDPR)

You have the right to be informed by us about the categories of data stored, the purpose of the processing, the recipients, the planned storage period and your right. If your personal data is not collected directly from you, you also have the right to be informed by us about the origin of the data.

Right of rectification (Art. 16 GDPR)

You have a right to have your data corrected/corrected or completed if the personal data processed concerning you is inaccurate or incomplete. 

Right to erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data from us. The data will be deleted immediately if you so wish. In certain cases, however, we cannot delete your data. This is the case if we still need your data for an active contract. In addition, we cannot delete your data if legal retention periods or conflicting interests prevent deletion. In this case, however, we will immediately block the data stored by us for other purposes. 

Right to restriction of processing (Art 18 GDPR)

In the following cases, you can contact us regarding a restriction of processing: 

You have disputed the accuracy of data and you want us to stop using it in the meantime, pending final verification.
The processing is unlawful, but you do not want to obtain a deletion but prefer a restriction of processing.
We no longer need the data and would delete it, but you still need this data to assert, exercise or defend legal claims. 

  • You have filed an objection to the data processing, but we are still reviewing it.

In the event of a restriction, we ensure that your personal data cannot be further processed or changed by us. In any case, you will be informed by the person responsible before the restriction is lifted.

Right to data portability (Art. 20 GDPR)

You have the right to have your personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and, if necessary, to transfer it to third parties. This right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as controller.

Right of objection (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data that we process on the basis of a “Legitimate Interest” (Art. 6 (1) f DSGVO); this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object to data processing for the purpose of direct marketing at any time without giving reasons. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.
To exercise your right to object, you must declare an objection to us, as the data controller. You can do this in part directly online (e.g. in the case of cookies) or in your gridscale customer interface (e.g. with regard to advertising contact). You are also welcome to contact compliance@gridscale.io directly with your data protection concerns (e.g. your objection).

Right of withdrawal (Art. 7 para. 3 GDPR)

You have the right to revoke a consent you have already given (e.g. to contact us for advertising purposes) with effect for the future. Please send your revocation directly to compliance@gridscale.io.
If you would like to exercise one of your above-mentioned rights, please write to us via compliance@gridscale.io. and we will take care of your request immediately.

Right to complain to a supervisory authority (Art. 77 GDPR)

You also have the right to lodge a complaint with the competent data protection supervisory authority at any time.

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf

Visiting and using our website

When you visit our website, we also collect personal data. This concerns data that we collect as soon as you order something from us, but also data that is collected when you view our websites or our profiles in social media. We explain the details in the following section:

Cookies

In order to design our websites optimally for you, to improve our products for you and to show you interest-based advertising together with third-party providers, we use cookies.

Social media

In order to optimally design the appearance of gridscale for you, we maintain company and profile pages in various social media. There, we want to inform you and our interested parties about our services and also communicate with you and our interested parties via these channels.
These channels are used for the following purposes:

Provision of information about our company and our products.
Statistical evaluations for business analysis and further development of services and products, as well as for the improvement of business processes.
Communication with customers and interested parties.
The legal basis for this processing of your personal data is our legitimate interest in communicating with our prospects and customers, as well as the analysis and further development of services and products, and the improvement of business processes (Art. 6 para. 1 lit. f. GDPR). Direct customer contact also takes place via our service, whereby the processing is based on our contractual relationship or the pre-contractual measures with interested parties (Art. 6 para. 1 lit. b GDPR).

Further information on the social media platforms:

Facebook and Instagram: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We are jointly responsible with Facebook for the processing of personal data on the Facebook fan page. You can find the corresponding agreement according to Art. 26 DSGVO here:
https://www.facebook.com/legal/terms/page_controller_addendum
The general use of Facebook is your own responsibility. You can find Facebook’s privacy policy directly on our Facebook fan page. You can edit and object to your wishes for personalized advertising by Facebook at any time in your settings on Facebook.
Twitter: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Information about the data collected by Twitter, purposes and all other privacy information can be found here:
https://twitter.com/de/privacy
YouTube: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For information on data protection and the personal data collected by google/YouTube during integration, please see the following privacy policy:
https://www.google.com/policies/privacy/
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
For information on data protection and the personal data collected during the integration of LinkedIn, please refer to the following data protection declaration:
https://www.linkedin.com/legal/privacy-policy
Xing: New Work SE Dammtorstraße 30, 20354 Hamburg, Germany
Information on data protection and the personal data collected during the integration at Xing can be found in the following data protection declaration:
https://privacy.xing.com/de/datenschutzerklaerung
If data is transferred to third countries on the part of gridscale, suitable guarantees for data transfer are agreed with any processors or data controllers in accordance with the requirements of Chapter V of the GDPR. Alternatively, we make use of adequacy decisions of the EU Commission.

Social media links

We carry out the connections to social media platforms technically in such a way that no data is transferred directly to the operator of the respective social media platform. The integration on our websites takes place via direct links. A data transmission only takes place if you have clicked on a link to one or more of these platforms.

Video content on Youtube

We partially embed videos on our website. The content of these videos is stored directly on the Youtube platform and embedded from there on our site. If you call up such a video, your IP address, technical information such as browser, operating system and basic device information as well as the website from which you view the embedded video are communicated.
Personal data is only transmitted when you call up a video. Only then is a server connection to Youtube established. The operator of the Youtube platform sets a corresponding cookie to save any settings you may have made. By calling up a video, you leave our area and enter the external platform of Youtube, which is beyond our control.
The legal basis for the activation of these videos is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Provider of the YouTube platform:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
    Information on data protection and the personal data collected by google/YouTube during integration can be found in the following privacy policy:
    https://www.google.com/policies/privacy/

Marketing Automation

We use self-powered software for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing. The following data as well as the contents of our website are stored on our servers for this purpose.

a) E-Mail-Marketing:
Among other things, we use our marketing automation for our e-mail marketing. As a website visitor, you can register for topic-related newsletters and mailings or request certain documents from us (e.g., white papers). This requires, for example, the provision of your name and e-mail address. We use this data to contact you as a visitor to our website.
The legal basis for this is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
You can revoke your consent to receive newsletters, mailings or downloads at any time by sending a message to compliance@gridscale.io. Your contact data will be deleted immediately after your revocation.

b) Reporting and contact management:
In addition to email marketing, we use our marketing automation for reporting (e.g. traffic sources, hits) and contact management purposes (user segmentation and CRM). In doing so, we set cookies that are stored on your computer. These cookies allow us to analyze your use of our website. This information is collected exclusively by us and used by us to generate reports about your visit to our website. This allows us to determine which of our services are of interest to you and enables us to continually improve our products and make our offers to you more customer-oriented.
If you have registered for our service and are browsing our website, we can use our software to link your visitors to our website with the company data and personal data (name, e-mail address) you provided when registering. This enables us to inform you individually and in a targeted manner about preferred topics.
The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a DSGVO via the cookie banner.

Order and order processing

Contract Data

When creating a user account to order one of our products, we ask you to provide your personal data. We need this data for the conclusion of our contract. The contract data will be stored by us for the duration of the contractual relationship, as we need them for the fulfillment of the contract. If you terminate your contract, we will store your personal data for a longer period of time if there are objections and claims that have yet to be clarified. In addition, we also store your data longer if there are legal retention obligations. In this case, we restrict the processing of personal data to compliance with the statutory retention obligations and no longer process your personal data for any other purposes.
You can make changes to this data yourself at any time via your customer access. 

Type of Data

Salutation
First and last name
E-mail address
Telephone number
Company name (for business)
Address
Product contracts and usage
Contract data
Payment data
Tax number

The legal basis for the processing is the contract initiation and execution according to Art. 6 para. 1 lit. b DSGVO).
For contract data, processing is restricted after termination of the contract; after expiry of the 10-year statutory retention period pursuant to § 257 HGB and § 147 AO, they are deleted.

Fraud Prevention

When you place an online order with us, we check your order to see if there are any indications of misuse of our services or if there are any indications of attempted fraud using the terminal device you are using.
For this purpose, we evaluate your device data and compare it with lists from which fraudulent actions have been carried out in the past or for which there was a corresponding suspicion. There is also the possibility that employees of gridscale or one of our service providers manually check these results in individual cases.
The legal basis for data processing in the context of “device fingerprinting” is the legitimate interest pursuant to Article 6(1) lit. f GDPR, as there is a legitimate interest on the part of gridscale to protect itself against fraud and/or misuse.
The usage data processed by us in the context of fraud prevention are, for example, IP addresses, information on website calls as well as information on the temporal scope of the websites visited. The device and browser data used in the context of “device fingerprinting” are, for example, language and country settings, browser, screen information, plug-ins, software versions. Transaction data, such as the object of purchase, name, postal address, e-mail address, delivery address, payment method and bank data, are also processed. These data are processed exclusively for reasons of abuse and fraud prevention.
In the event that the comparison described above is successful, i.e. fraud or a corresponding fraud attempt has already taken place via the respective device in the past, we may refuse to conclude a contract in the specific individual case.
If you do not wish to give us such consent to data processing for risk assessment as part of fraud prevention, we are unfortunately unable to offer you an online order. Alternatively, you can contact us by telephone to place an order.

Storage Duration

We store the data collected as part of fraud prevention for a maximum of six months for reasons of traceability, process optimization and to answer customer questions. Afterwards, this data is automatically deleted by us.

Revocation option

If you have given us your consent under data protection law, you can revoke this at any time via compliance@gridscale.io with effect for the future. 

During the contractual relationship

Contract information and invoices

For the execution of the contract we need your personal data (Art. 6 para. 1 lit. b DSGVO). We need this data in particular to enable the necessary communication for a regulated process, information transfer through process communication as well as the billing of the services. In addition, this data is also used to manage the company and the further development of the products. We have a legitimate interest (Art. 6 para. 1 lit. f DSGVO) to analyze the data we collect in order to improve our products and services. We protect your privacy through a range of technical and organizational measures that are appropriate in this context and respect your decisions about how we use your data.

Data stored and used

Salutation
First and last name
E-mail address
Telephone number
Company name (for business)
Address
Product contracts and usage
Contract data
Payment data
Tax number

The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Storage duration

The contract data is stored by us for the duration of the contractual relationship, as we need it for the fulfillment of the contract. If you terminate your contract, we will store your personal data longer if there are objections and claims that have yet to be resolved. In addition, we also store your data longer if there are legal retention obligations. In this case, we restrict the processing of personal data to compliance with the statutory retention obligations and no longer process your personal data for any other purposes. The deletion of personal data takes place 10 years after the end of the calendar year following the termination of the contract.
You can make changes to this data yourself at any time via your customer access.

Customer communication

Newsletter and product promotion

To help you take full advantage of all product benefits, we will send you useful and complementary product solutions by e-mail. In addition, we will inform you from time to time by telephone and e-mail about interesting new products. You can give us the legally required consent to contact you at any time via your customer access (Art. 6 para. 1 lit. a GDPR) or revoke it.
You can also revoke your consent at any time via compliance@gridscale.io.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR.
The consent will be deleted at the latest with the termination of your contract.

Communication in the context of your customer concerns

The satisfaction of our customers is important to us, which is why you can contact our service department at any time. For the clarification of your concerns, we need your data. For this purpose, we process the following personal data:
Contact details
Identification and authentication data
Contract data
Contents of your inquiries
Payment data
We store the communication with you until the end of the contract period and beyond that only until open inquiries to us could be finally concluded or as far as legal storage obligations provide for this.
The legal basis for this processing is the fulfillment of our contract with you according to Art. 6 (1) lit. b DSGVO.

Customer information

We will send you important information about the function and use of your ordered products or added contract components by e-mail. Furthermore, we will inform you in case of security-relevant updates or corresponding settings.
The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO.

Usage data within our services and products

According to § 15 TMG, usage data includes information about the type, scope and time of use of our websites. This data identifies you or your device directly and is also partly stored on your device, e.g. as log files.
Some usage data is collected during the use of our services and products. With this data, it is possible for us to quickly identify and correct any errors that occur and to continuously develop our services for you.
Your data will be deleted after 24 months at the latest.
The legal basis for this processing is the fulfillment of the contract according to Art. 6 para. 1 lit. b GDPR regarding the use for troubleshooting.

Law enforcement

In a few cases, the legislator obliges us to provide information to law enforcement authorities and courts for law enforcement purposes.
The legal basis for this processing is Art. 6 (1) lit. c DSGVO.

Reports in the event of bad debts or misuse

In the event of bad debts or disagreements between the contractual partners, we always endeavor to reach an amicable agreement. If this fails, we carefully consider when and to whom payment defaults or an abusive claim are reported.
The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO as well as Art. 6 para. 1 lit. f DSGVO

Cookies and their use

Like almost all websites and apps, our applications also use small text files, so-called cookies, which are stored on the hard drive of your computer or in the app cache of your mobile device. These cookies do not allow us to personally identify you, but are essential for the user-friendly operation and central functions of our website.
Types of cookies used on the gridscale website:
Cookies are classified by origin, purpose or expiration time. The cookies used by gridscale serve different purposes; their validity period is variable.

Origin

First-party cookies: deposited and managed directly by gridscale. Third-party cookies: deposited and managed by partners in order to perform statistical analyses of navigation on gridscale’s site. These analyses are of course only carried out pseudonymously.

Purpose

Technical cookies: Among other things, this ensures smooth use of navigation on the website. In addition, access to tools with restricted access is also enabled.
Cookies for analysis and advertising purposes: allow us to realize statistics of visitors to the website – this includes, for example, the number of visits to different areas of the website, frequency of visits or behavior and habits of users. This allows us to improve gridscale’s navigation, services and offers.

Validity

Session cookies: These cookies collect and store data for the duration of your visit to our website.

Persistent cookies: These cookies collect and store data in the browser for a variable period of time, depending on their purpose. Through specific browser settings, you can accept, block or disable all or some cookies on your device. Even if your browser settings have been changed to block certain cookies, you can still access information on the gridscale website. However, operation or convenience of certain services offered by gridscale could be limited.
If you have agreed to the use of cookies, you can withdraw this agreement at any time. Existing cookies will then be deleted.
gridscale reserves the right to change this cookie policy if changes are made to the configuration and/or use of cookies. An updated version will be published on this website.

A detailed summary of cookies that are used on this site can be found here.

Supplementary data protection information for the gridscale cloud offer

Google Analytics

Scope of the processing of personal data
This website uses Google Analytics a web analytics service provided by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies, which are stored on your computer and allow an analysis of the use. These are cookies from Google itself and so-called third-party cookies. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. For data protection compliant processing, we use the code “gat._anonymizeIp();” to ensure anonymized collection of IP addresses (so-called IP masking). However, in the event that IP anonymization is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
Legal basis for the processing of personal data The legal basis for the processing of personal data for the use of Google Analytics Art. 6 para. 1 lit. f DSGVO. The legal basis for the processing of data in the presence of consent of the user is Art. 6 para. 1 lit. a DSGVO.
Purpose of data processing
This website uses Google Analytics to enable an analysis of usage. The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f DSGVO. By anonymizing the IP address, the interest of users in their personal data protection is sufficiently taken into account. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

If data is transferred to third countries on the part of gridscale, suitable guarantees for data transfer are agreed with any processors or data controllers – in accordance with the requirements of Chapter V of the GDPR – or recourse is made to adequacy decisions of the EU Commission.
Third-party provider information:
Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User Terms:

https://www.google.com/analytics/terms/de.html
https://www.google.com/intl/de/analytics/learn/privacy.html
https://www.google.de/intl/de/policies/privacy

Web fonts

The purpose of the processing is to retrieve Google Web Fonts in order to improve the loading time of the website and to enable a consistent display of the website on different end devices and platforms.
Categories of personal data
Usage data
Legal basis is the execution of the contract according to Art. 6 para. 1 lit. b DSGVO

Information of the third party provider:

Google LLC, Mountain View CA, USA

Billing and payment information

The purpose of the processing is to handle the payment of your services obtained from gridscale. Depending on the payment method, additional data is collected to communicate with payment service providers. The selected payment method is up to you and can be changed by you at any time in the customer area.
Categories of personal data
Inventory data
Legal basis is the execution of the contract, Art. 6 para. 1 lit. b DSGVO
Involved subcontractors
Stadtsparkasse Wuppertal, Wuppertal, Germany
Paypal, Luxembourg
Stripe Payments Europe Ltd, Dublin, Ireland

Server and virtual instances

In the case of the services offered by gridscale and used by you, you alone and exclusively decide which personal data are processed in which way.
Categories of personal data
At your discretion

Storage period
At your discretion

Legal basis
At your discretion

Subcontractors involved
At your discretion

Transparency is our maxim

All data that we receive from you during the contractual relationship is primarily used for the service that you expect. Internal evaluations and analyses to improve our products and services are carried out exclusively within the legally defined framework and our internal data protection guidelines and processes.

Your rights

In accordance with Art. 15 GDPR, you have the right to obtain information about whether your personal data is being processed. You also have a right to rectification of your personal data (Art. 16 GDPR) if they are inaccurate, a right to erasure (Art. 17 GDPR), a right to restriction of processing under the conditions set out in Art. 18 GDPR and a right to data portability according to Art. 20 GDPR. According to the provisions of Art. 21 GDPR, you have the right to object to the processing of your personal data insofar as the processing is based on Art. 6(1) lit f GDPR.
If you would like to exercise any of your rights, please write to us at.

gridscale GmbH
The data protection officer
Oskar-Jäger-Str. 173
50825 Cologne

or by e-mail to compliance@gridscale.io.

Regulators

If, contrary to expectations, we are unable to resolve your data protection concerns to your satisfaction, you have the right to lodge a complaint with a supervisory authority at any time. The State Data Protection Commissioner of North Rhine-Westphalia is responsible for us. You can contact him as follows:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Germany

Last change: December 2020