DATA PROTECTION STATEMENT FOR THE HUMANOO PORTAL

1. Contact

If you have any questions or suggestions regarding this information or if you wish to contact us regarding the exercise of your rights, please address your request to:

eTherapists GmbH

Invalidenstraße 117, 10115 Berlin, Germany

Email: dataprivacy.support@humanoo.com
The supervisory authority responsible is the Berlin Commissioner for Data Protection and Freedom of Information, who you can reach by emailing: mailbox@datenschutz-berlin.de.

The data protection term “personal data” refers to all information relating to an identified or identifiable person. We process personal data in compliance with applicable data protection regulations, in particular the GDPR and the BDSG. Data processing by us is only carried out on the basis of a legal permission. We process personal data only with your consent (Art. 6 para. 1 letter a GDPR), for the performance of a contract to which you are a party or for the implementation of pre-contractual measures at your request (Art. 6 para. 1 letter b GDPR), for compliance with a legal obligation (Art. 6 para. 1 letter c GDPR), or if the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 letter f GDPR).

Unless otherwise indicated in the following information, we only store the data for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax regulations. From the end of the calendar year in which the data was collected, we will keep personal data contained in our accounting data for ten years, and personal data contained in commercial letters and contracts for six years. Otherwise, we will keep data related to consent that requires proof, as well as claims for complaints and debts, for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to the processing for this purpose.

In the course of processing your data, we use processors. Processing operations carried out by such processors include, for example, hosting, email delivery, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures, or file and data destruction. A processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the controller  and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transmit your personal data to entities such as postal and delivery services, banks, tax consulting/auditing firms, or financial authorities. Further recipients may arise from the following information.

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such transfer is permissible if the European Commission has determined that an adequate level of data protection is offered in such a third country. If such an adequacy decision of the European Commission is not available, transfer of personal data to a third country occurs only if appropriate safeguards are available according to Art. 46 GDPR, or if one of the conditions of Art. 49 GDPR is met. An adequacy decision applies to the following countries: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. For data transfers to the U.S., the adequacy decision applies to companies certified under the Privacy Framework and listed on this list (https://www.dataprivacyframework.gov/s/participant-search).
Unless otherwise indicated below, we use the EU standard contractual clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of obtaining or viewing a copy of these EU standard contractual clauses. Please contact the address provided under Contact to request this. If you consent to the transfer of personal data to third countries, the transfer will be made on the basis of Art. 49 para. 1 letter a GDPR.

If you exercise your rights according to Art. 15 bis 22 GDPR, we will process the personal data transmitted for the purpose of implementing these rights and to be able to provide proof thereof. Data stored for the purpose of providing information and preparing for it will only be processed for this purpose and for the purposes of data protection control, and in all other respects, processing will be restricted in accordance with Art. 18 GDPR.

These processing activities are based on the legal basis of Art. 6 para. 1 letter c GDPR i.V.m. Art. 15 bis 22 GDPR and § 34 para. 2 BDSG.

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• You have the right of access in accordance with Art. 15 GDPR and § 34 BDSG as to whether and to what extent we process personal data about you or not.
• You have the right to request rectification of your data from us in accordance with Art. 16 GDPR.
• You have the right to request the erasure of your personal data from us in accordance with Art. 17 GDPR and § 35 BDSG.
• You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
• You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit this data to another controller.
• If you have given us separate consent to process your data, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such revocation does not affect the lawfulness of the processing that took place on the basis of the consent prior to revocation.
• If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

You have the right, in accordance with Art. 21 para. 1 GDPR, to object to processing based on the legal basis of Art. 6 para. 1 letter e or f GDPR for reasons arising from your particular situation. If personal data about you is processed by us for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.

You can reach our data protection officer at the following contact details:

Email: datenschutz@humanoo.com

Herting Oberbeck Datenschutz GmbH

Hallerstr. 76, 20146 Hamburg

https://www.datenschutzkanzlei.de

When using the portal, we collect information that you provide to us yourself. In addition, certain information about your use of the portal is automatically collected by us during your visit. In data protection law, the IP address is generally considered to be personal data. An IP address is assigned by the internet provider to every device connected to the internet so that it can send and receive data.

When you use our portal for purely informational purposes (i.e. without registering), general information that your browser transmits to our server is automatically stored. This includes the following by default: browser type/version, operating system used, page accessed, previously visited page (referrer URL), IP address, date and time of server request, and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after ten days, unless there is concrete evidence of illegal use and further examination and processing of the information is necessary for this reason. We are not able to identify you as the data subject based on the stored information. Art. 15 bis 22 GDPR therefore do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide us with additional information to exercise your rights laid down in these articles, which enables us to identify you.

The portal is hosted on servers of Amazon Web Services EMEA SARL (AWS) (Luxembourg/EU). When using AWS, the transfer of your personal data to the USA cannot be ruled out. Please refer to the information in the section “Transfer of data to third countries”.

We use cookies and similar technologies (“cookies”) on our portal. Cookies are small data records stored by your browser when you visit a website. This identifies the browser used, which can be recognized again by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can generally object to the use of cookies through your browser settings or for specific cases.

The use of cookies is technically necessary for the operation of our portal and is therefore permissible without the consent of the user.

Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by “https” in the address bar of the browser). All data fields marked as mandatory are necessary to process your request. Failure to provide this data means that we cannot process your request. Providing additional data is voluntary. You can also send us a message via the contact email as an alternative. We process the data for the purpose of answering your request. If your request relates to the conclusion or implementation of a contract with us, Art. 6 para. 1 letter b GDPR is the legal basis for data processing. Otherwise, we process the data based on our legitimate interest in contacting inquiring persons. In this case, the legal basis for data processing is Art. 6 para. 1 letter f GDPR. The contact forms are provided by HubSpotForms, a service of HubSpot Germany GmbH (Germany, EU). HubSpot processes the data solely on our behalf as a processor. The transfer of data to the USA cannot be ruled out. For further information, please refer to “Transfer of data to third countries”.

To use the HUMANOO portal, registration via the website is required. The required information is visible in the registration input mask. This usually includes first and last name, business email address, and possibly additional business information if not already provided to us. Providing the information that is marked as mandatory is necessary in order to complete the registration. The data provided will be processed for the purpose of providing the service. The processing of your data as a contact person is based on the legal basis of Art. 6 para. 1 letter f GDPR and serves our legitimate interest in fulfilling the contract with our customer.

If you wish to purchase additional licenses for your employer via our HUMANOO portal, we will process personal data solely to process the request and provide your company with additional licenses. We will process your personal data, such as your name and business contact information. All other data pertains to your company and is not personal. The processing of this data is based on our legitimate interest in fulfilling the contract with our customers. The legal basis is Art. 6 para. 1 letter f GDPR. All data fields marked as mandatory are necessary to process your booking or order. Failure to provide this data means we cannot process your booking or order.

We send transactional emails to administer your access to our portal. Emails are sent, for example, when you set up your account or forget your password. In doing so, personal data such as name and email address are processed. We base the sending of emails on our legitimate interest in providing our portal. The legal basis is Art. 6 para. 1 letter f GDPR. The emails are sent via the Sengrid service of Twilio Inc. (USA). As a result, data transfer to the USA cannot be excluded. Twilio has binding corporate rules approved by the supervisory authority that ensure an appropriate level of data protection.

We use the Amazon Cloudfront service from the provider Amazon Web Services EMEA SARL (Luxembourg/EU) on our website to display content. For such integration, processing of your IP address is technically necessary so that content can be sent to your browser. Your IP address is therefore transmitted to Amazon Web Services.

The processing of your data is based on Art. 6 para. 1 letter f GDPR and is based on our legitimate interest in optimizing and operating our website economically. You can object to this data processing via the settings of the browser used or certain browser extensions. Please note that this may result in limitations to the functionality of the website.When using the service, data transfer to the USA cannot be excluded. Please refer to the section “Data transfer to third countries” for more information. Further information on data protection at Amazon Web Services can be found in the privacy policy of Amazon Web Services at https://aws.amazon.com/de/privacy/?nc1=f_pr.

We use the Vimeo service from Vimeo, Inc. (USA) to embed videos on our website. For this purpose, the processing of your IP address is technically necessary so that the content can be sent to your browser. Therefore, your IP address is transmitted to Vimeo and Vimeo may possibly set its own cookies. The processing of your data is based on our legitimate interest in optimizing our portal and is based on Art. 6 para. 1 letter f GDPR. When using the service, the transfer of your data to the USA cannot be excluded. Please refer to the section “Data Transfer to Third Countries” for more information. You can find more information on data protection at Vimeo in the Vimeo privacy policy at https://vimeo.com/privacy.

Through our portal, you have access to our Knowledge Base, whose technical infrastructure is provided by Hubspot Germany GmbH (Germany/EU). For this integration, the processing of your IP address is technically necessary so that the content can be sent to your browser. Therefore, your IP address is transmitted to Hubspot. The processing of your data is based on Art. 6 para. 1 letter f GDPR and is based on our legitimate interest in providing a user-friendly knowledge base. When using the service, the transfer of your data to the USA cannot be excluded. Please refer to the section “Data Transfer to Third Countries” for more information. You can find more information on data protection at Freshworks/Hubspot in the privacy policy at https://legal.hubspot.com/privacy-policy.