Policies
Last updated: 16/11/2023
The website is provided by the company constellr GmbH with business address at Heinrich-von-Stephan-Straße 5C, 79100 Freiburg im Breisgau, Germany. This privacy policy will explain how we use the personal data we collect from you when you use our website. Furthermore, data subjects are informed, by means of this privacy policy, of the rights to which they are entitled. We use your personal data strictly in accordance with the applicable data protection provisions, including without limitation the European General Data Protection Regulation (GDPR).
The data controller in accordance with the purpose of the GDPR and other data protection regulation is:
In general, we only process the personal data of our users to the extent necessary in order to provide a functioning website with our content and services. The processing of personal data regularly only takes place with the consent of the user. Exceptions include cases where prior consent technically cannot be obtained and where the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.
As for the processing of personal data required for the performance of a contract of which the data subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual activities.
When it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing of data is necessary to safeguard the legitimate interests of our company or that of a third party, and the fundamental rights and freedoms of the data subject do not outweigh the interest, Art. 6 (1) (f) GDPR will serve as the legal basis for the processing of data.
The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if it was provided for by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.
If we as a company process personal data as data controller, then you as the data subject have certain rights derived from Chapter III GDPR, which depend on the legal basis and the purpose of the processing. These rights include the following:
In accordance with Art. 15 GDPR, each data subject has the right to request from the controller the information about the data stored about him or her.
In accordance with Art. 16 GDPR, each data subject has a right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
In accordance with Art. 17 GDPR, each data subject can obtain from the controller the erasure of personal data concerning him or her.
In accordance with Art. 18 GDPR, each data subject has the right to obtain from the controller the restriction of the processing under the circumstances if one of the circumstances mentioned in Art. 18 (1) (a) through (d) GDPR applies.
In accordance with Art. 20 GDPR, each data subject has the right to receive the personal data concerning him or her that he or she has provided to the controller in a structured, common and machine-readable format.
To the extent your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation. To exercise this right to object, it is sufficient to contact us. We will then no longer process your data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defence of legal claims.
Pursuant to Art. 77 GDPR, each data subject has the right to lodge a complaint with a supervisory authority. You can generally contact the supervisory authority at your usual place of residence or workplace or at our seat for this purpose. The address of the supervisory authority responsible for our company is:
- Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
- Postfach 10 29 32
- 70025 Stuttgart
- Telphone: +49 711 6155410
- E-Mail: poststelle@lfdi.bwl.de
Each data subject has the right to withdraw his or her consent to process his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact us.
This website collects a series of data and information when a data subject or automated system calls up the website. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the internet service provider of the user, (4) the internet protocol address (IP address), (5) the date and time of access, (6) Web pages from which the user’s system accessed our website, (7) Web pages accessed by the user’s system through our website. This data and information are stored in the log files of our system. The data is not stored with the user’s other personal data.
When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The processing of this data is carried out in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest in being able to properly display the website to you as well for the purpose of the security of our systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The session is complete when the collection of data for the provision of the website is accomplished. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility of objection.
Our website uses cookies. Cookies are small text files that are stored in a computer system via an internet browser when visiting a website. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies in order to make our website more functional. It is a technical requirement of certain elements of our website that the accessing browser can also be identified after a page change. Furthermore, we use cookies on our website that enable an analysis of the user's surfing behavior. The following data can be transmitted:
The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 (2) TTDSG is Article 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his consent in this regard, is Art. 6 (1) (a) GDPR. The legal basis for the processing of personal data using technically necessary cookies is otherwise Art. 6 (1) (f) GDPR.
The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.
Cookies for analysis purposes are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
These purposes also justify our legitimate interest in the following processing of personal data according to Art. 6 (1) (f) GDPR.
Cookies are stored on the user's computer system and transmitted from it to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are: (1) Name, (2) Email, (3) Telephone Number, (4) Name of Organization, (5) Country). In this case the personal data transmitted on a voluntary basis are stored for the purpose of the processing of the conversation.
For the processing of data, your consent is obtained during the submission process and reference is made to this privacy policy.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will be used exclusively for the processing of the conversation. There is no transfer of this personal data to third parties.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
The processing of the personal data from the contact form serves us solely to process the contact. In the case of contact by email, this also constitutes the legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been conclusively resolved.
The user has the possibility to withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail (dpo@constellr.com), he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of establishing contact will be deleted.
In order to provide and continuously improve our services, we are using the services of the following third parties which may also process personal data. These third-party providers have been selected diligently and in line with the requirements of the GDPR:
Unless otherwise stated in this privacy policy, the operator of all Google services mentioned here is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
i. Google Analytics
ii. Google Tag Manager
b. Brevo
This website uses the service of Brevo of the operator Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin for the sending of newsletters. Brevo is an email marketing software that allows us to organize and analyze the sending of newsletters. We will only use the data you enter for the purpose of subscribing to our newsletter, in which we provide you with information about our services and news. Following the registration, we will send you a confirmation email that contains a link that you must click on in order to complete your registration to our newsletter (double opt-in). The data you enter is transmitted to and archived on servers of Sendinblue GmbH in Germany.
You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link that appears in every newsletter. Moreover, you can also unsubscribe from the newsletter right on the website.
The legal basis for the use of Brevo is Art. 6 (1) (a) GDPR. You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
You can find further information on: https://www.brevo.com/gdpr/ and https://www.brevo.com/de/legal/privacypolicy/.
The data will be deleted as soon as you unsubscribe from the newsletter and you will be deleted from the newsletter distribution list after you unsubscribe from the newsletter.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that the operator of Brevo, Sendinblue GmbH processes personal data of our website visitors only based on our instructions and in compliance with the GDPR.
c. Jotform
This website uses the service of Jotform of the operator Jotform Inc., 4 Embarcadero Center, Suite 780, San Francisco CA 94111, USA. This is a tool which allows us to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse data from any responding users. When you enter text in the input mask of the contact form on our website and click the SEND button, the data entered in the input mask as mentioned above is transmitted to JotForm and stored on the European servers of JotForm Inc.
The legal basis for the use of Jotform is Art. 6 (1) (f) GDPR – a legitimate interest. Our legitimate interest for the usage of Jotform is an appealing presentation of website to create an opportunity for individuals and companies to request information directly.
You can find further information on: https://www.jotform.com/gdpr-compliance/ or https://www.jotform.com/privacy/The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been conclusively resolved.
This website uses the service of Pipedrive of the operator Pipedrive OÜ, Paldiski mnt 80, Mustamäe tee 3a, Tallinn 10615, Estonia. Pipedrive is a customer-relationship-management-tool (“CRM-tool”) for processing and storing contact data. When contacting us (via contact form or e-mail), the user’s details are recorded and processed in Pipedrive. The user’s details are limited to name and company e-mail. It allows us to process and answer requests and messages faster. For this purpose, data is transferred to Pipedrive and stored on Pipedrive servers.
The legal basis for the use Pipedrive is Art. 6 (1) (f) GDPR – a legitimate interest. Our legitimate interest for the usage of Pipedrive is a fast and effective processing of contact requests and organizing our CRM.
You can find further information on: https://www.pipedrive.com/en/privacy and https://support.pipedrive.com/de/article/pipedrive-and-gdpr.
We use the services of Recruitee by Recruitee B.V. Keizersgracht 313, 1016EE Amsterdam, The Netherlands. Recruitee is a recruiting tool for the organization and processing of the application process. We maintain the additional specific career website (https://constellr.recruitee.com) for our online application process. Please find the specific privacy policy for the online application process on Recruitee here: https://constellr.recruitee.com/data-privacy-policy-constellr
You can also find further information on: https://recruitee.com/de/privacy-policy.
This website may contain links to external websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s website. We strongly advise you to review the privacy policy of every website you visit.
We reserve the right to adjust this privacy policy at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced, or modifications are made on the website.
