Privacy Statement

In this Data Protection Statement, we are informing you about which personal data we collect in the context of your use of www.ecratum.com and for what purpose this data will be used. You can access this information at any time at https://www.ecratum.com/legal.

1. Controller/contact

The controller within the meaning of the Data Protection Act is:

ecratum GmbH
Turmstraße 28
D-10551 Berlin

You can contact our data protection officer at privacy@ecratum.com

Please note: If you use ecratum as an employee for a company, then ecratum is a processor for this company. In that case, the respective company is responsible for the registration and processing of data uploaded by you for data processing. In that case, please also note that company’s data protection statement.

2. Subject of data protection

The subject of data protection is personal data. According to Art. 4 Nr. 1 GDPR, this means any information relating to an identified or identifiable natural person; this includes e.g. names or identification numbers.

3. Collection and use of your data

3.1 Automated Data Collection

Due to technical reasons, when accessing our website, your end device automatically transmits data. The following data will be saved separately from other data which you may possibly send to us:

  • Date and time of access
  • Browser type / version
  • Operating system used
  • URL of the previously visited web page
  • Amount of data sent

This data is saved solely for technical reasons and is not at any time attributed to a specific person.

3.2 Queries

If you send queries to us by email or by mail, then your information from your query including the contact data you specified therein will be saved and used by us for the purposes of processing your query. Generally, we save your queries for the standard statute of limitations period, i.e. three years from the end of the year in which you sent the query to us, unless the data is subject to statutory retention periods or in specific cases is required for longer in order to protect, enforce or defend claims.

We collect this data in order to be able to accept and handle your query, Art. 6 (1) (b) GDPR.

3.3 Registration and use of ecratum

You can register to use ecratum's customer and supplier management platform. Any data that must be provided for the registration will be marked as such. Alternatively, as the affected company you can provide certain requested data even without registration or view or download provided information.

In the context of using the platform, you may also upload any (personal) data, save it on our servers and share it with third parties.

We collect and process this data in order to be able to provide the account to you (Art. 6 (1) (b) GDPR). The data will be saved, unless you delete the account or the data that you uploaded to us, plus the retention time of our backup (see Section 10).

Please note: ecratum is also a communication tool and functions like email. If you share the data with third parties (e.g. suppliers), we save this shared data for the respective recipient also – similar to an email that is saved in the recipient’s inbox. Thus, the data shared by you remains available to the recipient – even if you delete your account for the data in your account.

4. Newsletter

We offer a free newsletter. In our newsletter, we regularly inform you about general and industry-specific, product-specific or country-specific aspects of our supplier management solution and ways to optimize supplier management using our products and services that are usually of great interest to all users of ecratum.

In addition, ecratum provides information about the use of ecratum by you, the total of your colleagues and your suppliers. Anonymized figures provide information about your performance, the performance of your companies and your suppliers in relation to other users, companies and suppliers. You automatically receive the newsletter with user-related and performance-related information via email as part of the services after you register.

You may unsubscribe from the newsletter at any time at no charge. Each newsletter contains information about how you can unsubscribe with future effect. The collection and processing of your personal data takes place in this case in order to provide you with the newsletter as per your order, Art. 6 (1) (b GDPR.

5. Cookies

We save so-called “cookies” in order to offer you extensive functionality and to enable greater ease of use of our web pages. “Cookies” are small files that are saved on your computer using your Internet browser. If you do not want “cookies” to be used, then you can prevent “cookies” from being saved on your computer by changing the relevant settings in your Internet browser. Please note that the functionality and functional range of our offering can be thereby restricted.

Specifically, we use the cookies specified in the following link: https://www.ecratum.com/cookie-policy

We use session cookies for the technical operation of the website. These are deleted after the browser is closed.

These cookies cannot identify you as a person. In each case, the use of cookies is justified on the basis of our legitimate interest in a needs-based design of our website and on the statistical evaluation of our website, and the fact that your legitimate interests do not override these, Art. 6 (1) (f) GDPR.

6. Google Analytics

We use Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics collects pseudonymous data from you about the use of our website, including your truncated IP address, and uses cookies. This data is transferred to a Google server located in the US and is saved there. Google uses this information to evaluate your use of the website for us, in order to prepare reports about the use of our website and to generate further analyses and evaluations associated with the use of our website and Internet usage. Google will also transfer this information to third parties if required by law or to the extent that third parties process this data on behalf of Google.

Google is certified under the EU-U.S. Privacy Shield. With respect to the USA, in its ruling dated 12 July 2016, the European Commission decided that an adequate level of data protection exists under the provisions of the EU-U.S. Privacy Shields (adequacy decision, Art. 45 GDPR). Additional information is available under https://www.privacyshield.gov.

Your data will be saved by Google Analytics for a period of 14 months. After this period has elapsed, the data will be deleted and only aggregated statistics will be maintained.

You can find additional information about how Google uses your data in Google’s Data Protection Statement: https://www.google.com/policies/privacy/

You can deactivate Google Analytics using a browser add-on, if you do not want web page analysis. You can download the add-on here: http://tools.google.com/dlpage/gaoptout?hl=de. You can also cancel the use of Google Analytics via the following link: https://www.ecratum.com/cookie-policy

The use of Google Analytics is on the basis of our legitimate interest in a needs-based design of our website, the statistical evaluation of our website, efficient marketing of our services and the fact that your legitimate interests do not override these, Art. 6 (1) (f) GDPR

7. HubSpot

We use HubSpot, a service of HubSpot., Inc. on our websites for analytical purposes.

This is an online marketing software. We use it for our email marketing (newsletter and automated mailings, e.g. for providing downloads), social media publishing and analysis, reporting, contact management (CRM), landing pages and contact forms.

In order to measure reach and conversions, HubSpot also collects pseudonymous use statistics for our website on the basis of cookies. You may cancel the collection thereof under the following link: https://www.ecratum.com/cookie-policy

We use HubSpot on the basis of our legitimate interest in efficient marketing of our services and the fact that your legitimate interests do not override these, Art. 6 (1) (f) GDPR.

HubSpot processes data in the United States. There is no adequacy decision by the European Commission regarding the United States. However, HubSpot is certified under the EU – U.S. Privacy Shield Framework. Additional information is available under https://www.privacyshield.gov

You can find additional information regarding data processing by HubSpot in the data protection statement of HubSpot Inc., which can be viewed at: https://legal.hubspot.com/de/privacy-policy

8. Automated individual decisions or profiling

We do not use any automated processing steps to procure any decision or profiling.

9. Transfer of data

In general, your personal data will not be transferred without your express prior consent except in the following specified cases:

  • When it is necessary to clarify an unlawful use of our services or for prosecution, personal data will be sent to the law enforcement authorities and, if applicable, sent to injured third parties. However, this will occur only if there are concrete indications of unlawful or fraudulent conduct. A transfer can also occur if this is necessary to enforce terms of use or other agreements. We are also legally obligated to provide information upon request to specific public authorities such as law enforcement agencies, authorities that prosecute administrative offences which are subject to a fine, and the tax authorities. The transfer of this data occurs on the basis of our legitimate interest in combatting fraud, the prosecution of crimes and securing, asserting and enforcing claims and the fact that your rights and interests in the protection of your personal data do not override these, Art. 6 (1) (f) GDPR, or based on a statutory obligation pursuant to Art. 6 (1) (c) GDPR.
  • We are reliant on contractually bound third-party companies and external service providers (“Processors”) for the performance of the services. In such cases, personal data will be forwarded to these Processors for further processing. These Processors will be carefully selected by us and regularly monitored to ensure that your rights and freedoms are protected. The Processors may use the data solely for the purposes specified by us and shall furthermore be contractually obligated by us to handle your data solely in accordance with this Data Protection Statement and with the German data protection laws. Specifically, we use the Processors listed under https://www.ecratum.com/privacy/technical-providers The transfer of data to Processors is done on the basis of Art. 28 (1) GDPR, or alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialized Processors and the fact that your rights and interests in the protection of your personal data do not override these, Art. 6 (1) (f) GDPR.
  • In the context of the future development of our business, it could happen that the structure of ecratum GmbH will alter, through a change in the legal form, subsidiaries, business units or components being formed, purchased or sold. In the event of such transactions, the customer information will be transferred together with the part of the company being transferred. For every transfer of personal data to third parties in the aforementioned scope, we will ensure that this occurs in accordance with this Data Protection Statement and with the relevant data protection laws. Any such transfer of personal data is justified by the fact that we have a legitimate interest in adjusting our corporate form based on the financial and legal situation as needed, and your rights and interests in protecting your personal data do not override this, Art. 6 (1) (f) GDPR.

10. Erasure of your data

We will delete or anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it according to the foregoing Sections. Generally, we save your personal data for the duration of the user relationship or the contractual relationship through the website plus a reasonable period of time for which we keep backup copies after the erasure, provided this data is no longer needed for statutory reasons or for criminal prosecution or to secure, assert or enforce legal claims.

To the extent that data must be kept for legal reasons, it will be blocked. The data will then be no longer available for further use.

11. Your rights as the data subject

11.1 Right to information

You have the right to request from us at any time upon application information about the data we process that is related to you in accordance with Art. 15 GDPR. In this regard, you can send an application by mail or by email to the address specified above.

11.2 Right to correction of incorrect data

You have the right to demand the immediate correction by us of personal data relating to you if such data is incorrect. Please use the above-specified contact address for this.

11.3 Right to erasure

You have the right, subject to the requirements of Art. 17 GDPR, to demand the erasure by us of personal data relating to you. In particular, these requirements provide for a right of erasure when the personal data is no longer needed for the purposes for which it was collected or otherwise processed, and in cases of unlawful processing, the existence of an objection or an obligation to erase which we are subject to under EU law or under the right of the Member State. With respect to the period of data storage, see also Section 10 of this Data Protection Statement. To assert your aforementioned right, please reach out to the contact address specified above.

11.4 Right to restriction on the processing

You have the right to request from us that processing be limited pursuant to Art. 18 GDPR. This right will exist particularly if the accuracy of the personal data is contested between the user and us, and will remain enforceable for the duration of time while the accuracy is being verified, and in cases where there is a right to erasure, but the user requests restricted processing instead of erasure, and furthermore in the event that the data is no longer required by us for our purposes, but the user requires the data to establish, exercise or defend legal claims, and if the successful assertion of an objection between us and the user is still contested. To enforce your aforementioned right, please reach out to the contact address specified above.

11.5 Right to data portability

To the extent that you have provided us with your personal data, you have the right to receive such data from us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To enforce your aforementioned right, please reach out to the contact address specified above.

11.6 Right to object

You have the right at any time to file an objection pursuant to Art. 21 GDPR against the processing of your personal data and to do on grounds relating to your particular situation arising inter alia under Art. 6 (1) (e) or (f) GDPR. We will cease processing your personal data, unless we can prove compelling and legitimate grounds for processing that override your interests, rights and freedoms, or if the processing is required to establish, exercise or defend legal claims.

11.7 Right of complaint

Furthermore, you have the right to file a complaint with a competent supervisory authority. For example, the competent supervisory authority for Berlin is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstraße
219 10969 Berlin
mailbox@datenschutz-berlin.de

A list of all European data protection authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

12. Changes to this Data Protection Statement

The current version of this Data Protection Statement is always accessible at https://www.ecratum.com/legal.

As of: October 1st, 2018