Data Privacy Policy

We take the protection of our users’ (hereinafter the “User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations. Below we provide you with an overview of what data we collect, for what purpose and how we ensure the protection of data.

The responsible authority according to the German Federal Data Protection Act, (Bundesdatenschutzgesetz, BDSG) is Social Enterprise Holding Berlin AG, Wöhlertstraße 12-13, 10115 Berlin/Germany, registered at the local court (Amtsgericht) of Charlottenburg under HRB 185964 B, represented by the board (Vorstand) Kaspar von Grünberg and Kathrin Wieland, the chairman of the supervisory board (Aufsichtsratsvorsitzender) is Jochen Beutgen (hereinafter “Humanitec” or “we/us/our”).

We offer a platform (hereinafter “Platform”) which provides businesses (hereinafter “Customer”) with certain services related to the software of Humanitec (as defined in the Terms of Use available at www.toladata.com (hereinafter the “ToU”). The Customer will create an admin account via our website and make the services of the software also available to other Users.

According to the ToU, the Customer is responsible for the (personal) data included by him in the Platform or software of Humanitec, including but not limited to required consents by the affected individuals. Therefore, each affected User may also contact the Customer regarding the use of his/her personal data in the software or Platform. The Customer may also use the User’s data in connection with other third party services. For this purpose, the User may also contact the Customer or ask us to contact the Customer about this.

Please read the following information regarding the privacy policy carefully. In case you have further questions, please do not hesitate to contact us at any time at info@toladata.com.

  1. Collection, Storage and Use of Personal Data

    “Personal Data” is individual information about personal or factual affairs of a certain natural person (for instance, name or address).

    If personal data (such as name, address or email address) are collected on our website, they are not transferred to third parties without an applicable legal basis and/or your explicit consent.

    We will point out that the data transfer on the internet (e.g. communication via email) may cause safety issues.  Complete protection of the data from third parties is not possible.

  2. Server-Log-Files; Use of Mobile Device

    If you search and browse the website www.toladata.com and related sub-sites (the “Website”) the provider of the Website collects and stores information automatically in so-called Server-Log-Files that your browser transfers to us. These are:

    type/version of the browser, system software used, referrer URL, hostname of the computer/device, time of the server request

    as well as the following, if a mobile device is being used:

    country code, language, name of device, name of operating system and version

    This data is usually not assigned to particular persons. A match of this data with other data sources does not happen. We hereby reserve the right to check this data afterwards if particular indications for an illegal use become apparent to us.

  3. Registration

    In order to fully use the Humanitec services on the Platform, you will need to register and thereby submit the following Personal Data:

    email address, username and password

    We will collect, store and use personal data as described below.

    We will use the double-opt-in process to verify your registration. That means immediately after your registration, we will send you an email containing a link, which you will need to open in order to confirm your registration. After successful confirmation, we may use your email address for our notification services, until you opt out of the notification or terminate the use of Humanitec’s services.

  4. Use of Services

    For the further use of the Platform on the Website, you submit more data depending on the way of use of our services, such as your telephone number, details for projects etc.

    Such data may include special categories of data, i.e. information on a person’s racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, health or sex life. In so far as such special categories of personal data are collected, processed or used, the respective consent will expressly refer to these data.

    We use the information collected, including your Personal Data, in order to (i) provide and improve our services on the Website; (ii) to ensure the technical functionality of our services and to analyse your use of our services; (iii) to contact you in matters regarding our services, also by means of emails and messaging;  (iv) to implement this Privacy Policy and the ToU; and (v) as otherwise explained in this Privacy Policy.

  5. Data Processing

    Humanitec processes personal data of Users or other individuals provided by a Customer (as business that uses the Humanitec software) on behalf of the Customer, i.e. the Customer remains the controller of such data and Humanitec acts as data processor.

  6. Use and Analysis of Customer Data

    In general, the Customer shall be responsible for the (personal) data included by him in the Platform or software of Humanitec, which includes but is not limited to required consents by the affected individuals. Humanitec only processes and uses such data within the instructions of the Customer.

    Therefore, each affected User may also contact the Customer regarding the use of his/her personal data in the software or Platform.

    We may also use data and databases provided by Users and the related Customer for analysis purposes.

    Any data and databases provided by Users and the related Customer not being special categories of data, i.e. information on a person’s racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, health or sex life (“Customer Data”) may be used by Humanitec

  • for purposes of transferring data in anonymous form, if the characteristics enabling information concerning personal or material circumstances attributed to an identified or identifiable individual are stored separately and such characteristics are only combined with the information where necessary for storage or scientific purposes and if there is no reason to assume that the data subject has a legitimate interest in excluding such data from collection, processing or use, and/or
  • for purposes of market or opinion research, if there is no reason to assume that the data subject has a legitimate interest in excluding such data from collection, processing or use.

    We use Customer Data as set forth above, in particular, for the use in pseudonymised form for analysis based on statistical methods to create statistics for our internal use to improve our service and to transfer such statistics and data to third parties, whereas to such third parties the transferred data are considered anonymised.

    If the Customer or affected individual does not wish any such collection and/or use of data in the future, the Customer shall delete his/her account at our service and terminate the ToU respectively.

    We may also analyse data and databases provided by Users and the related Customer in form of special categories of data, i.e. information on a person’s racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, health or sex life. However, such special categories of data may only be analysed and used with your explicit consent expressly referring to such data and/or

  • in pseudonymised form for purposes of market or opinion research, if there is no reason to assume that the data subject has a legitimate interest in excluding such data from collection, processing or use and such special types of personal data were collected, processed or used for a certain research purpose only;
  • this is necessary in order to protect the vital interests of the data subject or of a third party, in so far as the data subject is unable to provide consent for physical or legal reasons;
  • the data concerned have evidently been made public by the data subject;
  • this is necessary in order to assert, exercise or defend legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in excluding such collection, processing or use; or
  • this is necessary for the purposes of scientific research, where the scientific interest in carrying out the research project substantially outweighs the data subject’s interest in excluding collection, processing and use and the purpose of the research cannot be achieved in any other way or would otherwise necessitate disproportionate effort.
  • If the Customer or affected individual does not wish any such collection and/or use of data in the future, the Customer shall delete his/her account at our service and terminate the ToU respectively.

    Humanitec may further analyse and use both personal data and special categories of data and databases provided by Users and the related Customer, if the applicable jurisdiction, legal provisions and laws allow such use and/or analysis.

    If the Customer or affected individual does not wish any such collection and/or use of data in the future, the Customer shall delete his/her account at our service and terminate the ToU respectively.

    Newsletter

    If you order Humanitec’s newsletter via double opt-in process, you agree to Humanitec sending you a newsletter. At any time, you may opt-out of receiving the newsletter by using the unsubscribe-link contained in each newsletter.

    Any further use of your Personal Data requires your explicit consent, whereby your consent or refusal will be documented. At any time, you may revoke your consent to the future use of your personal data by clicking the unsubscribe-link or informing us at info@toladata.com.

    At any time you may consult the specifications of your consents and change your Personal Data in the settings in your user account.

    After you end the use of the Humanitec services, your Personal Data will be blocked for further use and deleted after the mandatory storage periods as defined in the applicable laws and regulations have expired.

  1. Data Transfer to Third Parties

    We will transfer your Personal Data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or if applicable legal provisions authorise the transfer. Please also refer to ‘Analysis of Customer Data’ above.

  2. Third Party Providers

    Our services may also include services and products by third party providers, whereas this might involve the transfer of data as described in detail in III. below.

  1. Cookies

    In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”) containing information to identify returning visitors for the time of their visit to the Website. Cookies are usually saved on the hard disk of your computer and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.

    When we use Cookies no personally identifiable information will be collected.

    You can deactivate the use of Cookies in the settings of your internet browser at any time. To find out how to change the settings, please consult the help function of your internet browser.

  2. Google Analytics

    The service offered here uses Google Analytics a web analytics tool offered by Google Inc., Mountain View, CA, USA (hereinafter “Google“). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymisation is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyse your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.

    Adjusting the settings of your browser software can prevent the use of cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the “cookies” in relation to the use of this website, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

  3. Facebook Pixel

    Our Website uses the analytics tool Facebook Pixel by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter “Facebook”) in order to improve and analyse certain advertising measures. By using this Facebook Pixel the User’s behavior may be tracked after the User was forwarded to the Website from other pages. This to analyse the effectiveness of advertising for statistical and marketing research purposes and optimise future advertising measures. The data collected are anonymous to us; however, such data are collected and stored by Facebook and may be used by Facebook for its own (marketing) purposes. For this purposes cookies may be stored on your device.

    For further information, please refer to https://www.facebook.com/business/help/651294705016616 or https://www.facebook.com/privacy/explanation.

  4. Stripe

    For any processes regarding payments we use the services of Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (hereinafter “Stripe”). Regarding any processes of payments we do not receive, collect and/or store any payment data. Stripe will use such data for the purpose of managing the payments relating to our services.

    For further information please refer to https://stripe.com/de/privacy.

  5. Chargebee

    We use the subscription billing and recurring payments software by ChargeBee Inc., 340 S. Lemon Avenue, Suite 1537, Walnut, California 91789, USA (hereinafter “Chargebee”). Chargebee collects, stores and uses data for the purpose of managing payments and billings for us.

    For further information please refer to https://www.chargebee.com/privacy.html.

  6. Trello

    For the purpose of organising the services provided in connection with the Platform, we use the software and services offered by Trello Inc., 55 Broadway, 25th Floor, New York, NY 10006, USA (hereinafter “Trello”).

    For further information please refer to Trello’s privacy policy: https://trello.com/privacy

  7. GitHub

    For the purpose of providing and further developing our software and services on the Platform we use the software development platform by Github Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA (hereinafter “Github”).

    For further information please refer to Github’s privacy statement: https://help.github.com/articles/github-privacy-statement/ or use the contact form under https://github.com/contact/privacy

  8. Freshdesk

    Our software and Platform uses the ticketing and helpdesk online-tool “Freshdesk” by Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA (or the German office at Alte Jakobstraße 85/86, Hof 3, Haus 6, Berlin 10179, Germany). We use “Freshdesk” for the purpose of organising the helpdesk and support services provided in connection with the Platform and the software of Humanitec.

    For further information please refer for example to www.freshdesk.com, wwww.freshdesk.de, https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral or https://www.freshworks.com/privacy/gdpr/?_ga=2.175376737.292306692.1513174399-228235686.1513174399

  9. YouTube and External Links

    On our Website, we may link to videos and other external content, for example YouTube videos in our help section (see: https://help.toladata.com/).

    Such links and external content are governed by the provisions and privacy policies of the respective service providers offering the content behind those links, for example YouTube. We do not actively check such links and external content. If you discover wrong and/or inappropriate content please inform us, for example, via email to info@toladata.com, and we will delete and change such links immediately.

  10. Social Plugins

    The Website is connected to social networks, as Facebook, YouTube, LinkedIn and Twitter, via “Social Plugins“.

    Without any action by you as the user, the Social Plugins are deactivated and therefore no data are transferred. If you wish to share content, for example, you have to click the respective button first. Only with the click of the respective button a connection to the respective social network will be set up and data transferred thereto. In the event that you are already logged into your user profile within the social network, your visit of the Website is tracked instantly. In any case, you can deactivate this function anytime.

    If you do not want any collection of data throughout the Website by the social networks, you need to log out from the social network every time you visit the Website. However, with every visit of the Website, (a) Cookie(s) with an identification is/are set if the Social Plugin buttons are/were activated via clicking. Therefore through this function, data might be collected and a profile might be created, which could be tracked back to the individual person. If you do not want this, you can either deactivate the Social Plugin on the Website via clicking the button or you can change your browser settings accordingly and exclude the acceptance of any Cookies; we hereby inform you that in this event, the functionality of this Website could be restricted.

    Facebook

    The Website uses the Social Plugin for the social network Facebook under facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook“). The data and privacy policy of Facebook can be found here: https://www.facebook.com/privacy/explanation.

    YouTube

    The Website uses the Social Plugin for the video platform www.youtube.com by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA owned by Google (“YouTube”). The data and privacy policy of YouTube can be found here: https://www.google.de/intl/de/policies/privacy/

    LinkedIn

    The Website uses the Social Plugin for the social media platform by LinkedIn Inc., Mountain View, California, USA and LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The data and privacy policy of LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

    Twitter

    The Website uses the Social Plugin for the social network Twitter in twitter.com by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter“). The data and privacy policy of Twitter can be found here: https://twitter.com/privacy.

We have installed technical and organisational measures in order to safeguard our Website against loss, destruction, access, changes or the distribution of your data by unauthorised persons. However, we cannot guarantee a complete protection for data transmitted to us against all dangers at all times, because information via the internet is not completely secure.

The access to your user account is possible only after entering your username and password. You shall treat your access information confidentially and close the browser window, once you have ended your communication with us, particularly if you share the use of the computer with others.

Humanitec will store your data on servers, which are located in the EU, if not otherwise set forth in this Privacy Policy.

Humanitec is based in Germany. The applicable German and European laws govern the information we collect, store and use.

  1. Access and Changes to Data Protection Regulations

    This Privacy Policy is assessable under https://www.toladata.com/data-privacy-policy/ and may be downloaded and printed anytime.

    We reserve the right to change the regulations of this Privacy Policy at any time, taking into account currently applicable data protection provisions. In case of any changes, you will be notified and you will have to agree to the modified data protection regulations.

  2. Duration of Use; Revocation

    You have the right to revoke your consent in regard to the use, processing and transfer of your personal data anytime via notice to us, for example via email to info@toladata.com.

    In the event of revocation, we will delete your data stored without hesitation. However this does not apply if these data are necessary to process your request. We are allowed to process and/or use your data despite your revocation if this happens in the area of the purpose of a legal obligation or quasi-legal relation of trust (eg. for processing your request), and/or for protection of our legitimate interests and after considering a balance of interests there is no reason to believe that your legitimate interest in the exclusion of the processing and/or use predominates.

  3. Information; Deletion/Blockage

    You have the right to information free of charge at any time about your personal data stored by us, their source and recipient and the purpose of the data processing as well as the right to correct, block or delete these data. At any time, you may inform us at info@toladata.com respectively.

    For your own security, please understand that in the event of a request for information or a change we have to verify your data.

  4. Contact Details

    For acting out your rights and additional questions about the issue of personal data you can contact us at any time:

    Social Enterprise Holding Berlin AG
    Wöhlertstraße 12-13, 10115 Berlin/Germany
    email: info@toladata.com
    telephone: +49 30 25779605