Legal

privacy policy

Last updated: August 25, 2024

initiation

Thank you for your interest in our company! We are one of the leading European providers of CAD service solutions.

At Wunderloop GmbH, protecting your data is a top priority. We enable you to use our website without providing any personal data. However, it may be necessary to process personal data if you want to use special services from our company via our website. Should such processing become necessary and there is no legal basis, we will obtain the consent of the person concerned. As the responsible body for data processing, Wunderloop GmbH has implemented numerous technical and organizational measures to ensure the best possible protection of personal data processed via our website. Despite these measures, there may be security gaps in Internet-based data transmission, meaning that absolute protection cannot be guaranteed. Data subjects are therefore free to choose alternative means of transmission of their personal data, for example by contacting them by telephone. Every data subject is therefore free to transmit personal data to us by alternative means, such as by telephone. We reserve the right to update this privacy policy from time to time. In the event that we make material changes that restrict your rights or Wunderloop's obligations under this Privacy Policy, we will post a prominent notice in this section of this Privacy Policy informing users when they are updated.

person responsible

The person responsible within the meaning of the General Data Protection Regulation is:

Wunderloop GmbH

Freddie Mercury-Strasse 5

80797 Munich

germany

+49 89-212314690

info@wunderloop.com

data protection officer

The data protection officer of the person responsible is:

Stefan Kratzert

Freddie Mercury-Strasse 5

80797 Munich

germany

+49 89-212314690

info@wunderloop.com

Any data subject can contact our data protection officer directly at any time.

Scope of processing

We only process personal data to the extent necessary to provide a functional website and our content and services. Processing is generally carried out only with the consent of the person concerned. There is an exception in cases where prior consent is not possible for factual reasons and processing is permitted by law.

legal basis

If we obtain consent from the data subject to process personal data, this is based on Article 6 (1) (a) GDPR.

The processing of personal data necessary to fulfill a contract to which the data subject is a party is carried out on the basis of Article 6 (1) (b) GDPR. This also applies to pre-contractual measures.

Should processing be necessary to fulfill a legal obligation to which our company is subject, this is based on Art. 6 (1) (c) GDPR.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests or fundamental rights and freedoms of the data subject do not prevail, Article 6 (1) (f) GDPR serves as the legal basis.

Storing and deleting your data

We only store personal data for as long as is necessary to fulfill contractual or legal obligations. After fulfilment of these obligations, the data will be deleted immediately, unless there are statutory limitation periods or storage obligations that require longer storage.

For evidence purposes, we must store contract data for six years from the end of the year in which the business relationship ends. Even after that, we must store some data for a specific period of time for accounting reasons in order to comply with legal storage obligations arising from the Commercial Code, the Tax Code and other regulations. These deadlines are generally two to ten years.

Personal data will be deleted or blocked as soon as the purpose of storage has been fulfilled. Storage can also take place if this is provided for by legal regulations of the EU or national legislator.

note

Your consent data will be processed to use this website and the integrated Consent Management Platform. We use Google Cloud Platform from Google Cloud EMEA Ltd., with server locations in Germany and Belgium. Please note that data transfer to the USA is not ruled out, where it could possibly be accessible to security authorities in accordance with 50 U.S.C. §1881 (b) (4), 50 U.S.C. § 1881a (FISA 702). In the event that personal data is transferred to the USA or other third countries, we have taken necessary measures with Google in accordance with Art. 44 ff. GDPR. For more information, please see Google's privacy policy. In addition, we have taken additional security measures to ensure the security of the data.

Collection of general data and information

The Wunderloop GmbH website collects a range of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server's log files. The following information can be collected:

browser types and versions used,

The operating system used by the accessing system,

The website from which the accessing system accesses our website (so-called referrer)

The sub-websites that are accessed via an accessing system on our website

The date and time of access to the website,

an Internet protocol address (IP address),

The Internet service provider of the accessing system, and

Similar data and information used to avert threats in the event of attacks on our information technology systems.

When using these general data and information, the Wunderloop GmbH does not draw any conclusions about the data subject. Rather, this information is needed to

to deliver the content of our website correctly,

to optimize the content of our website and advertising for it,

to ensure the long-term functionality of our information technology systems and the technology of our website, and

Provide law enforcement agencies with the information necessary to prosecute in the event of a cyber attack.

Wunderloop GmbH therefore analyses anonymously collected data and information statistically and on the other hand with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process.

We collect technical information in so-called “log files” so that you can see our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of securing our computer systems and networks. These purposes also include a legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Typically, this technical information is deleted or made unrecognizable after seven days at the latest.

The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

The Wunderloop GmbH website uses cookies to provide you with a more user-friendly experience. A web browser cookie is a small text file that is sent from a website to your computer or mobile device and stored there by your web browser. These cookies can store information such as your IP address, the type of browser you use, and details about the content you interact with on our digital services. This allows cookies to save your preferences and settings and enable analysis of how you use our services.

In addition, tracking technologies such as web beacons, pixels, tags, and scripts are used, which are embedded in emails or mobile applications, for example, to record how you interact with them. This information helps us to continuously analyze and improve our services.

Many websites and servers use cookies with a unique cookie ID, which makes it possible to identify the respective browser. In this way, returning users can be identified and their user experience optimised. One example is a shopping cart cookie in an online shop, which stores the items that a customer has placed in the virtual shopping cart.

You can prevent cookies from being saved at any time by setting your Internet browser accordingly and delete cookies that have already been saved. Please note, however, that by disabling cookies, some features of our website may only be limited or not available at all.

newsletters

We send newsletters, emails and other electronic notifications containing promotional information (hereinafter “newsletter”) only with the recipient's consent or legal permission. Insofar as the content of a newsletter is specifically described, it is decisive for the consent of users. Our newsletters also contain information about Wunderloop GmbH and its programs and events, as well as programs and events that are relevant to our target groups.

DOUBLE OPT-IN AND LOGGING

Registration for our newsletter takes place in a so-called double opt-in process. This means that after signing up, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can log in with foreign email addresses. Registration for the newsletter is logged in order to be able to prove the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Changes to your data stored with MailChimp are also logged.

USING THE “MAILCHIMP” SHIPPING SERVICE PROVIDER

The newsletters are sent via “MailChimp”, a distribution platform for newsletters from Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients and their other data described in these notes are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate newsletters on our behalf. In addition, MailChimp may use this data based on its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of newsletters or for economic purposes to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.

We rely on MailChimp's reliability, IT and data security. We have concluded a “data processing agreement” with MailChimp based on the EU standard contractual clauses. MailChimp is committed to complying with EU data protection requirements. This is a contract in which MailChimp is committed to protecting our users' data, processing it on our behalf in accordance with data protection regulations and, in particular, not sharing it with third parties. You can view MailChimp's privacy policy here.

To sign up for the newsletter, please enter your email address as well as your first and last name. This information is used exclusively to personalize the newsletter.

STATISTICAL COLLECTION AND ANALYSES

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are first collected. This information is used to technically improve the services based on technical data or target groups and their reading behavior, which is used to evaluate it based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be assigned to individual newsletter recipients for technical reasons, it is neither our aim nor that of MailChimp to monitor individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

ONLINE AND DATA MANAGEMENT

There are cases where we direct newsletter recipients to MailChimp's websites. For example, our newsletters contain a link that newsletter recipients can use to access the newsletters online (e.g. in case of display problems in the email program). Newsletter recipients can also correct their data, such as the email address, retrospectively. MailChimp's privacy policy is also only available on their website. In this context, we would like to point out that cookies are used on MailChimp's websites and personal data is therefore processed by MailChimp, its partners and service providers used (e.g. Google Analytics). We have no influence on this data collection. For more information, see MailChimp's privacy policy. We also refer to the options to object to data collection for advertising purposes on the websites http://www.aboutads.info/choices and Your Online Choices | EDAA (for the European area).

CANCELLATION/WITHDRAWAL

You can unsubscribe from our newsletter at any time, i.e. withdraw your consent. At the same time, your consent to its sending via MailChimp and the statistical analyses expires. Unfortunately, it is not possible to cancel the shipment via MailChimp or the statistical evaluation separately. You can find a link to unsubscribe from the newsletter at the end of each newsletter.

THE LEGAL BASIS OF THE PRIVACY POLICY

In accordance with the provisions of the General Data Protection Regulation (GDPR), which apply from May 25, 2018, we inform you that consent to the sending of email addresses is based on Art. 6 para. 1 lit. a, 7 GDPR and § 7 para. 2 no. 3 and paragraph 3 UWG. The use of the mailing service provider MailChimp, the carrying out of statistical surveys and analyses and the logging of the registration process are based on our legitimate interests in accordance with Article 6 (1) (f) GDPR. We are interested in using a user-friendly and secure newsletter system that both serves our business interests and meets user expectations. We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements in accordance with Article 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.

Contact via the website

The Wunderloop GmbH website contains legal information that enables quick electronic contact and direct communication with us, including a general e-mail address. When a person contacts the person responsible by e-mail or via a contact form, the personal data transmitted is automatically stored. This data, which is provided voluntarily by the data subject, is used for processing or contacting and is not passed on to third parties.

Data protection in the application process

The person responsible collects and processes the personal data of applicants to manage the application process. This processing can also be carried out electronically, in particular if an applicant sends his application documents electronically, for example by e-mail, to the person responsible. If an employment contract is concluded with the applicant, the submitted data will be stored to process the employment relationship in accordance with legal requirements. If there is no employment contract, the application documents will be automatically deleted six months after notification of the rejection decision, unless there are legitimate interests of the person responsible that prevent deletion. One such legitimate interest could be, for example, the preservation of evidence in proceedings under the General Equal Treatment Act (AGG).

Routine deletion and blocking of personal data

The person responsible processes and stores the data subject's personal data only for as long as is necessary to achieve the storage purpose or as provided for by the European Directive and Regulation or other applicable laws and regulations.

As soon as the storage purpose ceases to apply or a storage period prescribed by the European Directive and Regulation or other competent legislation expires, the personal data is routinely blocked or deleted in accordance with legal provisions.

Rights of the person concerned

Every data subject has the right to:

information in accordance with Article 15 of the GDPR,

correction in accordance with Article 16 of the GDPR,

deletion in accordance with Article 17 of the GDPR,

restriction of processing in accordance with Article 18 of the GDPR,

objection in accordance with Article 21 of the GDPR and

Data portability in accordance with Article 20 of the GDPR.

With regard to the right to information and the right to deletion, the restrictions of Sections 34 and 35 BDSG apply. There is also a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

You can withdraw your consent to the processing of personal data at any time.

Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal remains unaffected.

Privacy: Social networks

Online presences on social networks

Wunderloop GmbH maintains online presences on various social networks to communicate with customers and interested parties and to provide information about our products and services. This involves processing user data that may also be stored outside the European Union. This can pose risks for users, as it could be more difficult to enforce their rights.

User data is usually processed on social networks for market research and advertising purposes. This allows user profiles to be created that are based on the behavior of users and reflect their interests. These profiles are used to place targeted advertising within and outside social networks. For this purpose, cookies and other identifiers are usually stored on users' devices, which record their usage behavior. In addition, cross-device data can be stored, especially if the users are members of the respective platforms and are logged in there.

We would like to point out that, as operators of our online presences, we can access information such as aggregated statistics provided by social networks. These statistics include demographic data and information about interaction with our online presences and the content published there.

legal basis:

The data is processed on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR in order to remain in touch with our customers, to inform them and to carry out pre-contractual measures with future customers and interested parties.

Types of data affected:

contact details (e.g. e-mail, telephone numbers)

Content data (e.g. entries in online forms)

usage data (e.g. websites visited, interest in content, access times)

Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status)

Affected persons:

users (e.g. website visitors, users of online services)

Processing purposes:

Contact requests and communication

Feedback (e.g. collecting feedback via online forms)

marketing

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks. We would also like to point out that data protection concerns can most effectively be raised directly with the respective social network provider, as only these providers have access to the data and can take appropriate measures. Should you still need assistance, feel free to contact us.

Social networks in which we operate online presences:

Facebook (USA and Canada: Facebook Inc., all other countries: Facebook Ireland Ltd.)

Information about the processed Page Insights data and data protection: Facebook

Unsubscribe: https://www.facebook.com/settings?tab=ads and Your Online Choices | EDAA

Instagram (Facebook Ireland Ltd.)

Google/YouTube (Google Ireland Limited)

Unsubscribe: Ads Settings

Twitter (Twitter International Company)

Unsubscribe: personalization

LinkedIn (LinkedIn Ireland Unlimited Company)

Information about the processed Page Insights data and data protection: https://legal.linkedin.com/pages-joint-controller-addendum

Unsubscribe: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Google My Business (Google Ireland Limited)

Note: For information about how we handle your data and other protective measures when you interact with us via Google My Business, please see the Google Privacy Policy. We do not collect or process any further data from your use of this service and do not use any Google features on our website

Instagram: social network;

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;

legal basis: Legitimate interests (Article 6 (1) (f) GDPR);

Site: Instagram;

Facebook pages: Profiles on the social network Facebook — Together with Meta Platforms Ireland Limited, we are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content that users view or interact with or the actions they take (see “Things you and others do and provide” in the Facebook Privacy Policy: Meta Privacy Policy - How Meta collects and uses user data), as well as information about the users' devices used (e.g. IP addresses, operating system, browser type, language preferences, cookie data; see “Device Information” in the Facebook Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta Privacy Policy: Meta - How Meta collects and uses user data). As described in the Facebook privacy policy under “How do we use this information? “Facebook also explains, collects and uses information to provide analytics services, so-called “page insights,” for site operators so that they gain insights into how people interact with their pages and associated content. We have a special agreement with Facebook (“Page Insights Information”, Facebook), which regulates in particular which security measures Facebook must comply with and in which Facebook has committed itself to fulfilling the rights of data subjects (i.e. users can, for example, direct requests for information or deletion directly to Facebook). Users' rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. More information can be found in the “Information about page insights” (Facebook);

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;

legal basis: Legitimate interests (Article 6 (1) (f) GDPR);

Site: Facebook - log in or sign up;

Standard contractual clauses (ensuring the level of data protection when processing in third countries): Facebook

More information: Joint Responsibility Agreement: Facebook.

LinkedIn: social network;

Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland;

legal basis: Legitimate interests (Article 6 (1) (f) GDPR);

Site: LinkedIn: Log In or Sign Up;

Order processing contract: https://legal.linkedin.com/dpa;

standard contractual clauses (ensuring the level of data protection when processing in third countries): https://legal.linkedin.com/dpa;

Opt-out: https://www.linkedin.com/psettings/guest-controls

Twitter: social network;

Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;

legal basis: Legitimate interests (Article 6 (1) (f) GDPR);

Google Analytics 4

This website uses Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

By default, Google Analytics sets four cookies when you visit the website, which are stored as small text files on your device and collect certain information. This information also includes your IP address, which is, however, abbreviated by the last digits by Google to exclude direct personal reference.

The information is transferred to Google servers and processed there. Transfers to Google LLC based in the USA are also possible. Google uses the information collected on our behalf to evaluate your use of the website, to prepare reports on website activity for us and to provide other services related to website and Internet usage. The IP address transmitted and abbreviated as part of Google Analytics is not combined with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, only takes place if you have given us your express consent in accordance with Article 6 (1) (a) GDPR.

Google Analytics 4 will not be used during your visit to the website without your consent. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service using the “Cookie Consent Tool” provided on the website.

We have concluded an order processing agreement with Google, which ensures the protection of the data of our website visitors and excludes unauthorized transfer to third parties.

Further legal information about Google Analytics 4 can be found under Privacy Policy — Privacy Policy & Terms of Use — Google and How Google uses information from sites or apps that use our services — Privacy & Terms — Google.

Google Analytics 4 uses the special “demographic characteristics” function and can therefore generate statistics that contain information about the age, gender and interests of website visitors. This is done by analyzing advertising and information from third parties. This makes it possible to identify target groups for marketing activities. However, the collected data cannot be attributed to a specific person and is deleted after a storage period of two months.

As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google can, subject to your consent to use Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can turn off the “Personalized Advertising” feature in your Google Account settings. To do so, follow the instructions on this page: Manage displayed ads directly from ads - My Ad Center Help For more information about Google Signals, visit the following link: [UA] Enable Google Signals - Google Analytics Help

As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have agreed to the use of Google Analytics 4 in accordance with Article 6 (1) (a) GDPR, have set up an account on this website and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Partner portal

We use the partner portal as a partner management tool. When using this portal, personal data from our partners may be processed, including: name, email address, company name and information, information about completed transactions (e.g. business data, partner level), information about the partner's customers (including email address and name), behavior in the partner portal, and possibly transaction-related information. This data processing is carried out to fulfill our contractual relationship. The data is stored for as long as is necessary to fulfill the respective purpose. The collected data will not be passed on to third parties.

Customer portal

We use the customer portal as a customer and project management tool. When using this portal, personal data of our customers may be processed, including: name, email address, company name and information, information about completed transactions (e.g. business data, partner level), information about the partner's customers (including email address and name), behavior in the customer portal and transaction-related information. This data processing is carried out to fulfill our contractual relationship. The data is stored for as long as is necessary to fulfill the respective purpose. The collected data will not be passed on to third parties.

Support tickets

When you create a support ticket with Wunderloop, we process the data you enter in the ticket to evaluate and answer your request. To do this, we use the Zendesk service, provided by Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA, as our support system, which enables communication with Wunderloop. For this purpose, the data entered in the ticket (e.g. name, email address) and the IP address are processed. The legal basis for this processing is your consent in accordance with Article 6 (1) (a) GDPR.

By creating a ticket via Zendesk, you also agree to use the following Zendesk features: Zendesk Advanced AI, Intelligent Triage, Context Panel Intelligence, Generative AI for Agents, Macro Suggestions for Administrators, Autoreply and Internal Note Trigger Actions, and Generative AI for the Help Center. Learn more about Zendesk's use of AI here. The data is deleted as soon as it is no longer required for the purpose for which it was collected.

For more information about Zendesk's data processing, see Zendesk's privacy policy. If you have any further questions, you can contact Zendesk at privacy@zendesk.com.

Google Tag Manager

Service description:

Google Tag Manager is a tag management system that makes it possible to manage tags centrally via a user interface. Tags are small pieces of code that can be used to track activity. Google Tag Manager integrates script codes from other tools and allows you to control when a specific tag is triggered.

Processing company:

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company:

The email address of the processing company's data protection officer can be found at the following link:

Contact a data protection officer

Data processing purposes:

Google Tag Manager is used to manage website tags.

Technologies used:

The service uses technologies such as web page tags to collect data. Typical technologies include cookies and pixels that are placed in the browser.

Collected data:

Aggregated data about tag triggering is collected.

Legal basis:

The processing of data is carried out on the basis of Article 6 (1) (a) GDPR and Section 25 (2) No. 2 TTDSG.

Place of processing:

The primary processing of the collected data takes place in the European Union. Should data processing also take place in other countries, this will be announced separately.

Time to save data:

The collected data will be deleted as soon as they are no longer required for the specified processing purposes.

Transfer to third countries:

When using Google Tag Manager, the collected data may be forwarded to the following countries, which may not have the necessary data protection standards: Singapore, Taiwan, Chile, United States of America. For more information about the security measures, please refer to the respective provider's privacy policy or contact the provider directly.

Data recipient:

The following companies are recipients of the collected data:

Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the data processor's privacy policy

Cookie Policy:

Click here to read the data processor's cookie policy

Google Ad Exchange

Service description:

Google Ad Exchange is an advertising service that makes it possible to place targeted ads and analyze their performance.

Processing company:

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company:

The email address of the processing company's data protection officer can be found here:

Contact a data protection officer

Data processing purposes:

The processing is carried out for the following purposes:

promotion

Technologies used:

The service uses technologies such as cookies and web beacons to collect data.

Collected data:

The data collected through this service includes:

IP address

usage data

number of page views

User Agent

Legal basis:

Data processing is based on the following legal bases:

Art. 6 para. 1 p. 1 lit. a GDPR

Section 25 (1) (1) TTDSG

Place of processing:

The primary processing of the collected data takes place in the European Union. If the data is also processed in other countries, you will be informed separately.

Time to save data:

The data will be deleted as soon as they are no longer required for the specified processing purposes.

Transfer to third countries:

When using the Google Ad Exchange service, the collected data may be transferred to the following countries, which may not have the necessary data protection standards:

chile

taiwan

singapore

United States of America

For more information about the security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

Data recipient:

The collected data will be passed on to the following recipients:

Google LLC

Google Ireland Limited

Alphabet Inc.

Click here to read the data processor's privacy policy

Cookie Policy:

Click here to read the data processor's cookie policy

Withdrawal options:

Click here to cancel on all domains of the processing company

Google Ads

Service description:

Google Ads is an advertising service that makes it possible to place targeted ads and analyze their performance.

Processing company:

Google Ireland Limited

Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Data protection officer of the processing company:

The email address of the processing company's data protection officer can be found here:

Contact a data protection officer

Data processing purposes:

The data is collected and processed for the following purposes:

promotion

analysis

stats

Remarketing

Conversion tracking

Technologies used:

The service collects data using the following technologies:

Collected data:

The data collected by Google Ads includes:

Ads viewed

Cookie ID

date, time, and duration of the visit

device information

Geographical location

IP address

search terms

Advertisements displayed

Customer ID

impressions

Online identifiers

Browser information

Hashed contact information

referrer URL

usage data

user behavior

Pages visited

click path

Legal basis:

Data processing is carried out on the basis of Article 6 (1) (a) GDPR.

Place of processing:

The primary processing of the collected data takes place in the European Union. If the data is also processed in other countries, you will be informed separately.

Time to save data:

The data is deleted as soon as it is no longer required for the purposes of processing. Log data is anonymized after 9 months and cookie information after 18 months.

Data recipient:

The collected data will be passed on to the following recipients:

Alphabet Inc.

Google LLC

Google Ireland Limited

14. Google Maps

This website uses an online map service provided by the following provider: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Maps is a web service for displaying interactive maps that visually display geographical information. By using this service, you'll be shown our location, making it easier for you to find us.

When using pages on which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there; this information can also be forwarded to Google LLC servers in the USA. This is done regardless of whether you are logged in to Google via a user account or whether such a user account exists. If you are logged in to Google, your data is directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them.

The collection, storage and analysis of this data is carried out in accordance with Article 6 (1) (f) GDPR on the basis of Google's legitimate interest in displaying personalized advertising, market research and/or designing Google websites in line with needs. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly. If you do not want your data to be transmitted to Google as part of using Google Maps, you also have the option to completely deactivate the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot then be used.

To the extent required by law, we have obtained your consent to process your data as described above in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please follow the objection procedure described above.

Zapier

To integrate various databases and tools, we use Zapier, a service from Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA. In this process, customer data, with the exception of payment data, can be transferred. For more information about Zapier's privacy policy, see Zapier Privacy Policy.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or processing is carried out in connection with the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is done exclusively in accordance with legal requirements.

Subject to express consent or a transfer required by contract or law, we process data in third countries or have data processed there only if there is a recognized level of data protection, there is a contractual obligation through so-called standard contractual clauses of the EU Commission, certifications are available or binding internal data protection regulations are applied (Art. 44 to 49 GDPR, information page of the EU Commission: International dimension of data protection

Events and pictures

If you attend an event organized by Wunderloop GmbH, personal data will be processed for the purpose of organizing the event in accordance with the following instructions.

In particular, the following categories of personal data may be processed to hold the event:

Name and contact details (email, telephone)

Information about the employment relationship (company, job title)

Information on participation in workshops

Event pictures

Data on participation in the event itself

If you provide other people's personal information as part of the sign-up or registration process, you agree that it is your responsibility to obtain consent from these third parties in accordance with applicable legal requirements.

Our events are regularly accompanied by photographers or film teams who take photos or video recordings (“recordings”) of the event. These recordings are made and published on the basis of the person responsible's legitimate interest in image reporting, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail (Art. 6 para. 1 sentence 1 lit. f GDPR).

The recordings are for public relations purposes and are published on our website, our social media channels or on the event website.

Legal basis for processing

The following is an overview of the legal basis of the GDPR, on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may also apply in your or our country of residence or establishment. Should more specific legal bases be relevant in individual cases, we will inform you about this in the privacy policy.

Consent (Article 6 (1) sentence 1 lit. a) GDPR): The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.

Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR): Processing is necessary to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR): Processing is necessary to fulfill a legal obligation to which the person responsible is subject.

Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR): Processing is necessary to protect the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

In addition to the data protection regulations of the GDPR, there are national data protection regulations in Germany. This includes in particular the Federal Data Protection Act (BDSG). The BDSG contains special rules on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and on transmission and automated decision-making in individual cases, including profiling. In addition, it regulates data processing within the framework of employment relationships (Section 26 BDSG), in particular with regard to the establishment, execution or termination of employment contracts and the consent of employees. In addition, the data protection laws of the individual federal states may apply.

Legitimate interests in processing

Our legitimate interest lies in carrying out our business activities and ensuring the well-being of our employees and shareholders. If the processing of personal data is based on Article 6 (1) (f) GDPR, we have a legitimate interest in carrying out our business activities for the benefit of all our employees and shareholders.

Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract.

Legal or contractual requirements to provide personal data; necessity to conclude a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide personal data.

We would like to point out that the provision of personal data is sometimes required by law (e.g. due to tax regulations) or may result from contractual regulations (e.g. information about the contractual partner). It may be necessary for a data subject to provide us with personal data in order to conclude a contract, which must then be processed by us. For example, the data subject is required to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract with the data subject cannot be concluded.

Before providing personal data, the data subject should contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

definitions

We use the following terms in this privacy policy, including:

Personal data: Any information relating to an identified or identifiable natural person.

Data subject: Any identified or identifiable natural person whose personal data is being processed.

Processing: Any process involving personal data, such as collection, storage, use, transfer, or deletion.

Restriction of processing: The marking of stored personal data with the aim of restricting their future processing.

Profiling: Any type of automated processing of personal data to evaluate personal aspects.

Pseudonymization: The processing of personal data in such a way that it can no longer be attributed to a specific person without additional information.

Responsible person: The natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.

Processor: A natural or legal person who processes personal data on behalf of the person responsible.

Recipient: A person or entity to whom personal data is disclosed.

Third party: A person or body that is not the data subject, the controller or the processor.

Consent: Any voluntary, informed and unequivocal statement of intent by the data subject to process their personal data.

Links to third parties

From time to time, we may, in our sole discretion, offer or link to third-party products or services. These third-party websites have their own independent privacy policies. We therefore assume no responsibility or liability for the content and activities of these linked sites. However, we strive to maintain the integrity of our website and welcome any feedback about these external websites.

Data security and integrity

Protecting the information that you provide to us or that we receive about you is our top priority. We take appropriate security measures to protect your information from loss, misuse, unauthorized access, alteration, disclosure, or destruction. Wunderloop has implemented measures to ensure the continuous confidentiality, integrity, availability, and resiliency of systems and services that process personal data. In addition, we ensure that availability and access to information is restored in a timely manner in the event of a physical or technical incident.

Status: 10.06.2024