1. General Information
2. Collection, Processing and Use of Personally Identifiable Data
2.1. We will collect, process and use personally identifiable data beyond the scope already permitted by law and without your required further consent only to the extent necessary for the conclusion and execution of a contractual relationship, performing requests or for billing purposes.
2.2. Your personal data (name, address, email address, IP-address, phone number, billing details) are used for the following purposes:
- The provision of our services and within them the acceptance, processing and execution of your orders.
- Ensuring an efficient customer service and / or technical support. When you contact us your details will be stored in order to process the enquiry and in case additional questions arise.
- Technical notifications concerning our service.
- Sending newsletters or other advertising material, providing that you have given us your corresponding approval.
2.3. We pass your data on to third parties where this is necessary for invoicing purposes (e.g. carrying out transactions or posting invoices) or for other reasons to enable us to fulfill our contractual obligations to you. We inform you about all of the third party services we use and the purpose of their data processing below.
2.4. To protect your personally identifiable data collected and processed by us from unauthorized access and abuse, we have put a number of technical and organizational security measures in place. These security measures are monitored on a regular basis and updated according to technical progress as necessary. Our staff is well informed about privacy rules and obliged to follow them.
2.5. Furthermore, we will not pass on personal data without your express consent, unless there is a legal exception, e.g. if we are legally obliged to surrender data (information to law enforcement authorities and courts; information to public authorities that receive data on the basis of statutory regulations, e.g. social insurance carriers, tax authorities, etc.) or if we involve third parties obliged to maintain professional secrecy in order to enforce our claims.
2.6. We delete the data if you revoke your consent to the storage or after it fulfilled its purpose unless we are legally obliged to retain the data (e.g. by trade law obligations).
3. Data collected by our software Tideways
3.1. By default Tideways will not transfer any personal data.
3.2. We further ensure by our Terms of Service that no personally identifiable data is transferred to us without legal permission or consent.
3.3. The transferred data is hosted on a server in Germany.
4. Sending Information by Newsletter and Email
4.1. Newsletters and emails that are not service-related, are not fulfilling our duties to perform our service and contain advertisement will only be send to you, if you have given us your prior consent. You can subscribe to our newsletter. To subscribe you have to send us your email address. Other information which are used to optimize the newsletter can be entered voluntarily. The subscription uses a double-opt-in-procedure. After the subscription on our website you receive a confirmation email, which requires you to confirm your subscription. This whole process is documented and saved. That includes the time of the subscription and of the confirmation and the IP address. With the subscription to our newsletter you agree in the reception of the newsletter. The email address used by your application will only be used to send you our newsletter, unless you have given us permission to use your email for different purposes.
4.2. Our newsletter contains information about new offers, internal news, etc..
4.3. It is always possible to withdrawal your consent in receiving our newsletter. If you no longer want to receive our newsletter you can opt to stop receiving it at any time. Opt-out possibilities are included in each mail.
4.4. You also give us the consent to store your IP addresses as part of the sign-up process. We are legally bound to record the log-on process so as to be able to verify that logging on is done in accordance with regulations.
5. Service-Related Emails
5.1. We may send service-related emails to our customers or users of our software (e.g., account verification, technical and security notices, notifications on crawl status, inactivity notifications, account invitations to other users, changes/updates to features of the service).
5.2. Note that you may not opt out of service-related emails.
6. Server Log-Files
6.1. During every visit of our websites information about IP address, referring URL, date/time, browser version and operating system, amount and state of transferred data is stored in the web server log files.
6.2. We use the log data without any other personal or pseudonymous profiling as required by law only for the purpose of the operation, security and optimization of our service
7. Incorporation of third party services and content
7.1. Third party content, such as videos from YouTube, map material from Google Maps, RSS feeds and graphics from other websites, for example, can be incorporated on the website.
7.2. This always presupposes that the provider of this content (hereafter referred to as the “third party provider”) always uses the user’s IP address. This is because without the IP address, they cannot send the content to the respective user’s browser. The IP address is thus required for displaying this content.
7.3. We endeavour only to use content of which the respective provider uses the IP address only for distributing the content. However, we have no influence on whether the third party provider saves the IP address for other purposes, such as statistical purposes, for example. If we are aware of this, we will clarify this in the following paragraphs.
8.3. Ads appearing on any of our websites may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.
8.4. You may opt-out from many ad-serving cookies by using the services provided by http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices/ for users form the European Union.
9. Payment Transaction
We have contracted Recurly, Inc., 400 Alabama St, Suite 202, San Francisco, California 94110, USA („Recurly“), to process payments and subscriptions. For this purpose Recurly needs your Name, E-Mail address, IP-address, payment and invoicing details, invoiced amounts and currency and transaction numbers. Recurly may use this information for the purpose of payment handling and pass this information along to us. Recurly is obligated to handle the information in accordance with European data privacy regulation.
We only transmit the information above to Recurly’s servers into the US. The US is a so called insecure third party country. However Recurly has voluntarily committed itself to comply to the US-EU „Privacy Shield“ treaty and has committed to implement and uphold EU data privacy regulation.
9.2. Stripe Payments Europe Ltd.
We have contracted credit card processor Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland („Stripe“) with the processing of credit card transactions. If you decide to pay Tideways with credit card we transmit your name, invoice address, IP-address and credit card number and validity as well as a transaction number. Stripe may use this information for the purpose of transaction and credit card processing and pass this information along to us.
We have contracated FastBill GmbH, Wildunger Str. 6, 60487 Frankfurt am Main („FastBill“), with the creation of invoices. For this purpose we transmit your name and invoicing data such as address, amount and currncy and a transaction number to FastBill. FastBill may use this information for the purpose of invocing.
If you contact us via e-mail or phone, we will use personal data transmitted by you only for the processing of your immediate inquiry. Transmitted data will be kept confidential at all times.
11. Email Sending and Tracking with Mailgun
11.1. For sending e-mails we use „Mailgun“, a service of Mailgun Technologies, Inc., 535 Mission St., 14th Floor, San Francisco, California 94105, USA („Mailgun“). Mailgun analyses and stores at which date and time you opend an e-mail and at which time you interacted with an e-mail such as clicking on links. For the purpose of sending e-mails we also transmit your e-mail address and the subject and contents of each mail.
11.2. We only transmit the information above to Mailgun servers into the US. The US is a so called insecure third party country. However Mailgun has voluntarily committed itself to comply to the US-EU „Privacy Shield“ treaty and has committed to implement and uphold EU data privacy regulation.
12. Email Sending with Postmark
12.1. We also use „Postmark“, a service of Wildbit LLC, 225 Chestnut St., Philadelphia, PA, 19106 USA („Postmark“), for sending e-mails. For the purpose of sending e-mails we transmit your e-mail address, your IP-address and contents of emails, sent through Postmark.
12.2. We only transmit the information above to Postmark servers into the US. The US is a so called insecure third party country. However Postmark has voluntarily committed itself to comply to the „US-EU Privacy Shield“ treaty and the „Swiss-U.S. Privacy Shield“ treaty as set forth by the U.S. Department of Commerce regarding of personal information transferred from the European Union an Switzerland to the United States.
13. Help Scout
13.1. To answer and reply to support requests we use the software-tool helpscout.net, a customer service platform by the company Help Scout Inc. 131 Tremont Street, 3rd Floor, Boston, MA 02111-1338 („Help Scout“). To process your support requests through our contact form or directly to [email protected] or other support mailboxes, necessary data such as Firstname, Lastname, E-Mail address, subject and message are transmitted to Help Scout, located in the United States of America. If you contact us via phone as part of a customer relationship, we will store your name, phone number, date of the call as well as notes and summary of our employees with regard to the call and they are transmitted to Help Scout into the United States of America.
We only transmit the information above to Help Scout servers into the US. The US is a so called insecure third party country. However Help Scout has voluntarily committed itself to comply to the US-EU „Privacy Shield“ treaty and has committed to implement and uphold EU data privacy regulation.
14. Website Analysis with Matomo
14.3. If you don‘t want to allow us to the storing and analysis of your visitor data, then you can object to our use of Matomo at any time. In this case your browser will store a so called opt-out cookie that prevents Matomo from storing any data on our servers.
15. Google Gsuite
15.1. For our e-mail correspondance and for storing files and documents we use Gmail, Drive and Gsuite, a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“).
15.3. Google data is stored on servers in the US, an so called insecure third party country. Google is EU-U.S. privacy shield and Swiss-U.S. privacy shield certified. For this reason, compliance with European data protection law is guaranteed.
16.1. We use „Basecamp“, a project management and team communication software of Basecamp LLC. XY, Chicago, Illinois, USA („Basecamp“), to share content company-wide, within a team oder for a specific project. For the purpose of team communication we transmit contents and possibly also personal data.
16.2. When using Basecamp, data is stored on Basecamp servers in the US, an so called insecure third party country. Basecamp is EU-U.S. privacy shield and Swiss-U.S. privacy shield certified. For this reason, compliance with European data protection law is guaranteed.
17. Erasing and Blocking of Data
17.1. We process and store your personal data only for the period necessary to achieve the storage purpose until you revoke your consent for storage or if this has been provided for by the European Directive and Ordinance Giver or another legislator in laws or regulations to which we are subject.
17.2. If the purpose of storage ceases to apply, you revoke your consent or if a storage period prescribed by the European Directive and Ordinance Giver or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
18. Right of confirmation
You have the right to request confirmation from us whether personal data concerning you will be processed. If you would like to make use of this right of confirmation, you can contact us at any time.
19. Right of information
19.1. You also have the right to receive free information from us at any time about your personal data stored and a copy of this information. You also have a right of access to the following information:
- the processing purposes
- the categories of personal data to be processed
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration the existence of a right of rectification or deletion of personal data concerning him or of a restriction on processing by the controller or of a right of opposition to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data is not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject
19.2. You also have a right of access to information on whether personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transmission.
19.3. If you would like to make use of this right to information, you can contact us at any time.
20. Right to correction
20.1. You have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
20.2. If you would like to make use of this right of correction, you can contact us at any time.
21. Right to cancellation
21.1. You have the right to demand that we erase personal data concerning you immediately, provided that one of the following reasons applies and insofar as processing is not necessary:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
- The person concerned withdraws his/her consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
- The person concerned objects to processing under Article 21(1) GDPR and there are no overriding legitimate grounds for processing or the person concerned objects to processing under Article 21(2) GDPR.
- The personal data have been processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
21.2. If you would like to make use of this right of deletion, you can contact us at any time. We will comply with the request for deletion without delay.
21.3. If the personal data has been made public by us and we are responsible pursuant to Art. 17 Para. 1 GDPR to delete personal data, we shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, insofar as processing is not necessary.. We shall also take appropriate measures to inform other data processors who process the published personal data, that the deletion of all links to your personal data or of copies or replications of such personal data from these other data processors, insofar as processing is not necessary.
22. Right to limitation of processing
22.1. You have the right to request us to restrict processing if one of the following conditions is met:
- a. The accuracy of the personal data is disputed by the data subject for a period that enables the data controller to verify the accuracy of the personal data.
- b. The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
- c. The data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims.
- d. The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data subject outweigh those of the data subject.
22.2. If one of the above conditions is met and you would like to request the restriction of your personal data stored by us, you can contact us at any time. We will arrange for processing to be restricted.
23. Right to data transferability
23.1. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without our interference, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1(b) GDPR and processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on us.
23.2. Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly by us to another person responsible, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
23.3. You can contact us at any time to assert your right to data transferability.
24. Right of objection
24.1. You have the right to object at any time to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f) of the GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions.
24.2. We will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
24.3. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If you object to our processing for direct advertising purposes, we will no longer process your personal data for these purposes.
24.4. You also have the right to object, for reasons arising from your particular situation, to the processing of your personal data concerning you, which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary to fulfil a task in the public interest.
24.5. You can contact us at any time to exercise your right of objection. You are also free to exercise your right of opposition in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
25. Right to automated decisions in individual cases including profiling
25.1. You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against you or significantly affects you in a similar manner, provided that the decision
- a. is not necessary for the conclusion or performance of a contract between you and us, or
- b. is admissible by law of the Union or of the Member States to which we are subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
- c. with your express consent.
Is the decision
- necessary for the conclusion or performance of a contract between you and us, or
- if it is done with your express consent, we will take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain our intervention, to state one’s position and to challenge the decision.
25.2. If you wish to assert rights relating to automated decisions, you can contact us at any time.
26. Right to revoke consent under data protection law
26.1. You have the right to revoke your consent to the processing of personal data at any time.
26.2. If you would like to exercise your right to revoke your consent, you can contact us at any time.
27. Legal basis of the processing
Art. 6 I lit. a GDPR serves us as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which you are a party, as is the case for example with processing operations which are necessary for the delivery of goods or the rendering of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If we are subject to a legal obligation by which a processing of your personal data becomes necessary, for example for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of your personal data may be necessary to protect your or someone else’s vital interests. This would be the case, for example, if you were injured as a visitor to our company and your name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to protect a legitimate interest of us or a third party, provided that your interests, fundamental rights and freedoms do not prevail. Such processing procedures are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if you are a customer of ours (recital 47 sentence 2 GDPR).
28. Justified interests in processing
If the processing of your personal data is based on Article 6 I lit. f GDPR, it is in our legitimate interest to conduct our business for the benefit of all our employees and our shareholders. In all other respects, we have stated our purposes and interests within the scope of the above list of processing.
29. Duration for which the personal data is stored
The criterion for the duration of the storage of your personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer necessary for the fulfilment or initiation of the contract.
30. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide them
30.1 We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for you to provide us with personal data, which we will subsequently have to process. For example, you are obliged to provide us with your personal data when you conclude a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.
30.2 You must contact us before providing your personal data. We will inform you on a case-by-case basis whether the provision of your personal data is required by law, contract or contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
31. Party responsible
Tideways Gesellschaft mit beschränkter Haftung (GmbH)
Königswinterer Straße 116
E-Mail: [email protected]
Phone: +49 228-38758328
Last Revised: 30.07.2018