Name and address of controller:
sipgate GmbH (hereinafter referred to as “sipgate”)
Represented by the managing directors, Tim Mois and Thilo Salmon,
Gladbacher Str. 7440219 Düsseldorf, Germany
Tel.: +49 211-63 55 55-0
info@sipgate.dewww.sipgate.de
Name and address of the Data Protection Officer of sipgate GmbH:
Data Protection Officer
℅ sipgate GmbH
Gladbacher Str. 74
40219 Duesseldorf, Germany
Tel.: +49 211 63 55 55 0
datenschutz@sipgate.de
Content:
1. Scope of personal data processing
This Data Protection Declaration applies to the websites of sipgate as well as the websites operated by sipgate for its affiliated companies.
sipgate only processes personal data insofar as required for providing a functioning website as well as contents and sipgate services. Users’ personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user’s consent. Cases where it is impossible to obtain prior consent for effective reasons and the data processing is permitted by law form an exception to this rule.
2. Legal basis for personal data processing
In the event of sipgate obtaining consent from the data subject for personal data processing activities, Art. 6 (1) lit. a of the General Data Protection Regulation (hereinafter referred to as “GDPR”) forms the legal basis.
When processing personal data required for fulfilling an agreement to which the data subject is party, Art. 6 (1) lit. b GDPR forms the legal basis. The same applies to processing activities required for implementing pre-contractual measures.
In the event of personal data having to be processed for fulfilling a legal obligation of sipgate, Art. 6 (1) lit. c GDPR forms the legal basis.
Should essential interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is required to maintain a legitimate interest of sipgate or a third party, and if the interests, basic rights and freedoms of the data subject do not outweigh the interest stated above, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.
3. Data deletion / storage period
The personal data of the data subject is deleted or blocked as soon as the purpose for its storage ceases to exist. Data may also be stored if stipulated by European or national legislation in EU directives, laws or other regulations which apply to sipgate. Data is also blocked or deleted if a storage period stipulated by the above standards expires, unless it is necessary to continue storing the data for the conclusion or fulfilment of an agreement.
4. Data processing in third countries
All data processing activities performed in a third country (i.e. a country outside the European Economic Area (EEA) and European Union (EU)) comply with the provisions of the GDPR.
We only initiate the processing of personal data in third countries that maintain adequate data protection standards. Adequate data protection standards exist in countries for which the European Commission has issued an adequacy decision. An adequate data protection standard is further assumed for US providers that are certified in accordance with the Privacy Shield. An adequate data protection standard can also be secured with corresponding guarantees, such as the standard contract clauses of the European Commission, existing certifications or binding internal data protection regulations.
Personal data is furthermore only processed in third countries with explicit consent from the data subject or if prescribed by law or contract.
5. Rights of the data subject
If a user’s personal data is processed, this user becomes a data subject within the meaning of the GDPR. As a data subject, you have the following rights against sipgate, unless stated otherwise in the individual data processing regulations above:
You have the right to request information regarding the question if your personal data is transferred to a third country or international organisation. You may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR relating to the data transfer in this respect.
You have the right to request the correction and/or completion of the data from the controller if your processed personal data is incorrect or incomplete. The controller must correct the data immediately.
Obligation to delete data
You may request for the controller to delete your personal data immediately. The controller is obliged to delete such data if one of the following reasons applies:
a) Your personal data is no longer required for the purposes for which it was collected or processed in any other manner.
b) You withdraw your consent for the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for such processing.
c) You object against the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate interests for the processing or you object to the processing in accordance with Art. 21 (2) GDPR.
d) Your personal data has been processed illegally.
e) Your personal data has to be deleted in order to fulfil a legal obligation under EU law or the law of the member states applicable to the controller.
f) Your personal data was collected with regard to services offered by the information company in accordance with Art. 8 (1) GDPR.
If the controller has published your personal data and is obliged to delete it in accordance with Art. 17 (1) GDPR, the controller shall implement adequate measures, including technical measures that take into consideration the available technology and implementation costs, to inform the controllers that are processing the personal data that you, the data subject, have requested the deletion of all links to this personal data, copies or duplicates thereof.
The right to deletion does not exist if the processing is required for
a) Exercising the right to freedom of speech and information;
b) Fulfilling a legal obligation which is governed by EU law or the law of the member states applicable to the controller, or performing a task transferred to the controller which is in the interest of the general public or necessary to enforce the orders of a public authority;
c) Reasons of public interest with regard to public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
d) Archiving purposes that are in the interest of the general public, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR if the right stated in Section a) can be expected to make the realisation of the objectives of such processing impossible or if it would significantly impair it; or
e) Asserting, enforcing or defending legal claims.
If you have asserted the right to correction, deletion or limitation of processing against the controller, the latter is obliged to notify all recipient to which your personal data has been disclosed of such correction and deletion of the data or its limitation of processing, unless this is impossible or would incur disproportionate costs and effort.
You have the right to be notified by the controller about such recipients.
You have the right to receive your personal data which you provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer this data to another controller without being restricted by the controller to whom the personal data has previously been provided, if
The processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or an agreement in accordance with Art. 6 (1) lit. b GDPR, and
Automated methods are used for processing the data.
In execution of this right, you further have the right to enforce that your personal data is transferred directly from one controller to another, insofar as this is technically possible. Such actions may not impair the freedoms and rights of other persons.
The right to data transferability does not apply to personal data processing that is required for fulfilling a task transferred to the controller that is in the interest of the general public or necessary to enforce the orders of a public authority.
You have the right to object against the processing of your personal data based on Art. 6 (1) lit. e or f GDPR at any time and for reasons arising from your specific situation; the same applies for any profiling based on these regulations.
The controller will no longer process your personal data in this case, unless it can provide evidence of compelling reasons worth protecting for the processing which outweigh your interests, rights and freedoms, or the processing serves to asset, enforce or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for such advertising purposes at any time; the same applies to profiling that is related to such direct advertising.
If you object to the processing for the purpose of direct advertising, your personal data will no longer be processed for such purpose.
You have the option to assert your right to object by using automated methods that employ technical specifications in connection with the use of services provided by the information company, regardless of Directive 2002/58/EC.
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of this consent does not affect the legality of the processing based on the consent until its withdrawal.
Notwithstanding any other remedy under administrative law or before the courts, you have the right to complain to a supervisory authority, particularly in the member state where you reside, work or where the alleged violation took place if you are of the opinion that the processing of the respective personal data violates the GDPR.
The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint, including the option of legal remedy in accordance with Art. 78 GDPR.
The sipgate systems automatically collect data and information from the system of the accessing computer each time the sipgate websites are accessed.
The following data is collected during this process:
Information on the browser type and version, the user’s operating system, internet service provider and IP address, date and time of access, websites from which the user’s system is referred to sipgate’s website, and websites accessed by the user’s system through the sipgate website(s).
The data is also stored in the sipgate log files. This data is not stored together with other personal data of the user.
Data and log files are temporarily stored on the legal basis of Art. 6 (1) lit. f GDPR.
The system has to temporarily store the user’s IP address to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose.
It is stored in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our IT systems. The data is not analysed for marketing purposes in this respect.
The above-stated purpose also constitutes the legitimate interest of sipgate in the data processing in accordance with Art. 6 (1) lit. f GDPR.
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for displaying the website, this is the point at which the respective session ends.
If the data is stored in log files, it is deleted no later than seven days from being collected. Data may be stored for longer periods than the ones stated above. In such event, the user’s IP address is deleted or alienated so that it is no longer possible to allocate it to the accessing client and this data no longer links to a specific person.
The collection of data for displaying the website and storage of data in log files is crucial for operating the website. The user therefore has no option to object.
By using consentmanager, the website users see a banner when visiting the website through which they can select and confirm consent for certain cookies and/or cookie-based applications. The tool blocks the installation of all consent-based cookies until the respective user gives the corresponding consent. This ensures that such cookies are only installed on the user's device once corresponding consent has been given.
To provide this functionality, page access has to be clearly allocated to individual users and the instances of consent given have to be individually recorded, logged and stored for a certain period of time. For this purpose, consentmanager collects certain information (such as IP address), transfers it to and stores it on consentmananger servers when our websites are accessed.
The initial legal basis for data processing is Art. 6 (1) lit. f GDPR. sipgate has a legitimate interest in legitimate, user-specific and user-friendly cookie consent management.
A further legal basis for the data processing described is Art. 6 (1) lit. c GDPR. sipgate, the controller, must base the use of technically unnecessary cookies on existing and logged user consent.
consentmanager stores the data for as long as the respective user settings remain up to date. No later than one year from the granting of consent, the data is deleted (and the user is requested to give their consent again).
You can object to the processing of your data at any time. To do so, please contact consentmanager directly at info @ consentmanager.net
Google Tag Manager is a solution that permits us to manage website tags via an interface (and therefore integrate Google Analytics and other Google marketing services in our websites). The Tag Manager does not process any personal user data in itself. Please refer to the descriptions of the individual Google services with regard to the processing of personal user data.
The sipgate website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies which are stored on the user’s computer and which make it possible to analyse the user’s use of the website. This way, sipgate can analyse how the website(s) is/are being used and use this knowledge to create (a) more user-friendly website(s). The additional function, “User ID”, is used on some websites. The User ID is a unique, permanent and non-personalised character sequence which we allocate to you as a person rather than to a specific device.
It enables us to record your visit and user behaviour on our website from various devices (e.g. smartphone, tablet or laptop). The User ID is only allocated to you if we can clearly identify you as a user. This generally is the case when you register for the first time on our website. We do not combine the data collected under the User ID with personal data. We only transfer the pseudonymised User ID to Google Universal Analytics and use it as your pseudonym when dealing with Google. Other data and information relating to your account is not transferred to Google. Your user behaviour on our websites is then transferred to the Google servers in the USA, together with your User ID, where it is stored and processed for analysis purposes. Google links the transferred information to pseudonymised user profiles and provides sipgate with a summary of them. sipgate does not combine these transferred user profiles with your personal data. This makes it impossible to allocate the data to specific persons at all times.
sipgate has activated IP anonymisation (“_anonymizeIP()” extension) on this website. This means that IP addresses are recorded anonymously by way of IP masking to remove any direct link to persons. The full IP address is only transferred to Google servers in the USA and abbreviated there in exceptional circumstances.
The IP address is usually abbreviated within the member states of the European Union or other contracting states of the Agreement on the European Economic Area and transferred to Google servers in the USA in abbreviated form.
Art. 6 (1) lit. a and f GDPR forms the basis for the processing of personal data. The above purpose also constitutes sipgate’s justified interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR.
Google uses this information on behalf of sipgate for analysing the use of the latter’s website, for compiling website activity reports and for providing other services relating to the use of the internet and website for sipgate. Google does not combine the IP address transferred by your browser within the scope of Google Analytics with other data.
The data is stored for a maximum period of 26 months.
You can manage your consent to the storage of cookies for Google Analytics directly on the Consent Management Platform. You can access this at any time by clicking on “Cookie settings” in the footer.
You can adjust your browser settings to block the storage of cookies.
However, we would like to point out that you may no longer be able to fully use all of the functions on this website in this case. You can also prevent the transfer of the data created by the cookie that relates to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the respective browser plug-in from the following link (http://tools.google.com/dlpage/gaoptout?hl=de). The web analysis remains deactivated until the Google add-on is deactivated and/or deleted. Please therefore do not delete this add-on as long as you wish to prevent the web analysis. The add-on has to be installed in every browser on every computer. You have to install the add-on separately if you access sipgate services and/or websites from different browsers / computers.
By using this website you agree for us to collect and process your personal data in the manner and for the purpose stated above if you have not installed the above browser plug-in.
The data collected in connection with your user ID when you installed the add-on can be deleted at any time. To do so, please send us an email with your user ID and request for deletion of the previously collected data.
As part of the use of Google products, data is stored on servers located within the United States of America. This data usually (see Section VIII. A. 1.) does not relate to a person as it has been anonymised prior to being transferred. Data transfer to the United States of America is justified by the conclusion of the agreement between sipgate and Google which contains standard contractual clauses developed by the EU Commission.
The only information that your browser sends to Facebook during this process is that your device has accessed the respective page. sipgate does not use the “extended comparison” function, i.e. the transfer of customer data in hash format to Facebook. If the user is also a Facebook user, Facebook is able to allocate the website visit to the user account. Please note that sipgate, as the provider of the websites, does not obtain any knowledge of the content of the transferred data nor its further use by Facebook. sipgate can merely determine which Facebook users (selected by parameters such as age and interests) are to see the advertising. sipgate uses Custom Audiences so that no data sets, and particularly no emails, are transferred to Facebook, neither in encrypted or unencrypted form.
We use Segment.io, a service by Segment.io, Inc., 100 California Street Suite 700, San Francisco, CA 94111, USA (“Segment”) on some of our websites for data analyses. This services helps us to collect and analyse the access data created when using our websites and apps as well as to assess this data and use it for optimisation purposes with the help of the additional third-party-provider user analysis tools described in this Privacy Policy. The user data collected is always pseudonymised before use and IP addresses are abbreviated accordingly once collected.
The user information is transferred to and stored on a Segment server in the EU. For the event of personal data being transferred to the USA or other third countries, we have concluded standard contractual clauses with Segment in accordance with Art. 46 (2) lit. c GDPR.
For more information, go to the privacy policy and data protection guidelines of Segment.io at https://segment.com/docs/legal/privacy/.
Please use consentmananger to object to the cookie-based processing of the use of Segment.
Art. 6 (1) lit. f GDPR forms the legal basis for the processing of data by Segment. The legitimate interest is the analysis of the use of our websites.
The data is deleted after 180 days.
Any email address entered by you when purchasing goods or services on the sipgate website may be used by sipgate to send you a newsletter. The newsletter exclusively contains direct advertising for our own goods and services.
You can also subscribe to the newsletter of sipgate GmbH without purchasing goods and services.
We use an external service provider for sending the newsletter, namely MailChimp by The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308 USA.
We record the opening and delivery rate of the newsletter.
The newsletters contain a web beacon, i.e. a one-pixel file which is accessed by the server of our service provider when the newsletter is opened. Technical information, such as on your browser and system as well as your IP address and time of request, is collected as part of this request. This information is used for improving the technical aspects of the service on the basis of technical data or the target groups and their read behaviour based on their request locations (which can be determined with the help of the IP address) or access times.
The statistical data collected also includes the determination if the newsletters have been opened and when and which links have been clicked. This information can be allocated to the individual newsletter recipients for technical reasons. However, neither we nor our service provider intend to monitor individual users. The analyses merely serve for us to recognise the read behaviour of our users and to adjust our contents accordingly or to send different contents that meet our users’ interests.
Section 7 (3) of the Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG) forms the legal basis for sending the newsletter following the sale of goods or services.
Art. 6 (1) lit. f GDPR forms the basis for recording the number of opened and delivered newsletters.
If the user explicitly subscribes to receive newsletters, the legal bases for sending the newsletter and recording the number of opened and delivered newsletters are Art. 6 (1) lit. a GDPR and Art. 7 GDPR.
Email addresses and user names are collected for delivering a personalised newsletter.
The number of opened and delivered newsletters is recorded to recognise potential technical problems and to improve the contents of our offers. This purpose also constitutes sipgate’s legitimate interest in accordance with Art. 6 (1) lit. f GDPR.
The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected. The user's email address is therefore stored for as long as the newsletter subscription remains active.
The affected user can cancel the newsletter subscription at any time. A corresponding link is included in every newsletter for this purpose.
II. Mixpanel
We use the software of Mixpanel Inc., 406 Howard Street, Floor 2, San Francisco, CA 94105, USA, for the statistical analysis of the use of our apps and some emails.
Mixpanel uses a programming interface, which is accessed from the app and/or our systems, for this purpose. The following data is collected during this process: Time stamp and duration of app sessions, screens accessed, app functions used as well as data for recording email opening and delivery rates (see Section D).
The user data is processed in an anonymised format, i.e. no clearly identifiable user data (such as name) is processed and user IP addresses are not collected at all. All of these processing activities are exclusively based on an online ID and technical ID. Any IDs disclosed to Mixpanel (e.g. those of a customer service system) or email addresses are encrypted as hash values and stored as a series of characters that make it impossible to identify the data.
Art. 6 (1) lit. f GDPR forms the basis for the processing of personal data.
The data collected through Mixpanel is used for continuously improving and optimising our website and to create a more user-friendly experience.
III. Freshworks, including Freshdesk and Freshsales
sipgate uses tools provided by Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA, including Freshdesk and Freshsales, for collecting and processing customer requests and Help Centre enquiries (FAQ).
When customers contact sipgate via email or our website, their email address, customer number and any other information sent are stored by Freshworks.
Your data is stored exclusively on servers located within the EU.
Art. 6 (1) lit. f GDPR forms the legal basis for processing data which is transferred as part of an email. If the contact aims at concluding or fulfilling an agreement, Art. 6 (1) lit. b GDPR forms the legal basis for processing.
The personal data is exclusively processed for finding a specific solution to customer queries whilst recording and/or processing them. It is essential in this respect for sipgate to be able to contact the respective customer.
Users may request the deletion of their personal data at any time. In such case, the conversation cannot be continued.
IV. Google Mail
As of 13 December 2023
