PRIVACY POLICY

Information on the processing of personal data pursuant to Art. 13 GDPR

The following information on the processing of personal data pursuant to Art. 13 GDPR (“privacy policy”) informs you about the processing of your personal data both on the websites https://www.vispa.io and https://www.myvispa.io and in the desktop app Vispa. Unless explicitly stated otherwise, the information applies to both the websites and the desktop app.

 
1. Name and Contact Details of the Controller

space one GmbH (in the following: „we“)
Mönchhaldenstrasse 27A
D-70191 Stuttgart
Germany
T: +49 (0) 711 400 543 – 43
E: contact@vispa.io

2. Name and Contact Details of the Data Protection Officer

Mr. Helmut Glaser
c/o space one GmbH
Mönchhaldenstrasse 27A
D-70191 Stuttgart
Germany
privacy@vispa.io

3. General Information on the Processing of your Personal Data

We collect and process personal data if you provide it to us during registration or via an input form on our website or in our app or when contacting us. We also collect and process usage data that is collected when you use our website. Your data is processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz) and other applicable laws. Personal data is any information relating to an identified or identifiable natural person. In the following, we explain in detail how we collect which data and on what legal basis. In addition, we explain what rights you have and how long your data will be stored.

4. Processing of your data when registering and purchasing a subscription plan and for follow-ups mails; data processing for analysis purposes
 
4.1 In order to use VISPA, you must register. For this purpose, we request your email address, your full name and a password of your choice. This data is processed on the basis of Art. 6 para. 1 sent. 1 lit. b GDPR because the processing is necessary for the performance of the contract to which you are a party or on the basis of Art. 6 para. 1 sent. 1 lit f GDPR if you act for a company. In the latter case we have a legitimate interest in having a natural person as contact person of a company. In order for you or your company to be able to access your dashboard and the services offered in VISPA, registration and login are necessary.
 
4.2 We perform analyses of logged-in users in order to be able to monitor the functioning and general use of our services. These analyses are completely anonymous, i.e. the da-ta cannot be traced back to individual users. The information is as follows: Number of Unique Users overall; average time spend per user in average in VISPA in minutes; av-erage number of spaces in average per user in VISPA (all spaces of all users); amount of referral invites to non-existing users from existing users total; number of downloads of app; number of new user logins (first time login). The legal basis is Art. 6 para. 1 sent 1 lit f GDPR because we have a legitimate interest in understanding how our services are used so that we can use this information to improve or change them.
 
4.3 If you give us your consent to do this when you register by ticking the relevant check-box, we will process the following information with your consent (which is also the le-gal basis) with reference to your User ID and person:
• Number of returning Unique Users
• Average time spend per user in VISPA in minutes
• Average number of spaces per user in VISPA (all spaces of all users)
• Amount of referral invites to non-existing users from existing users total and per us-er in average
• Number of downloads of app
• Number of new user logins (first time login)
• Number of daily active users (DAU=View AnalyticsReportDAU), weekly active users (WAU=View AnalyticsReportWAU) or monthly active users (MAU=View AnalyticsRe-portMAU)
• Timestamp when a user logged in the last time
• Number of logins of the user e.g. per month (Total Logins / Total active users)
• Amount of spaces per user (Total number of spaces/ Total users)
• Amount of referral invites per user
You can withdraw this consent at any time with future effect. For more information on your rights please read section 11.

4.4 When accepting our marketing cookies (see section 8) we store the information on your browsing behaviour on our website to your data set in your customer relationship management tool. The legal basis is your consent. You can withdraw this consent at any time with future effect. For more information on your rights please read section 11.
 
4.5 If you like to book a paid subscription plan, we need more information. The booking of a paid subscription plan is only possible after registration according to section 4.1. For the booking of a paid subscription, we ask for your company, the company’s billing address, VAT and payment data. For the execution of the payment, it may be necessary to pass on the information about your booking to payment service providers or other financial institutions. These process their data on their own responsibility, unless they are processors on our behalf. The legal basis is the same as described in section 4.1.

 

4.6 We use the email address you provided during registration to contact you if this is necessary for contractual reasons. This may be the case, for example, if we have to inform you about updates or changes to web dashboard or app as described in our terms of use or if we make changes to them in accordance with our terms of use, about which we also have to inform you. We also use the email address you provided during registration – if you have not objected to this – to keep you informed about our offers and services with an email newsletter. The legal basis for the processing of your data for this purpose is Art. 6 para. 1 sent. 1 it. f GDPR and sec. 7 para. 3 UWG (German Act against Unfair Competition). We have a legitimate interest in direct advertising. You can object to the use of your data for the sending of such e-mail newsletters at any time without incurring any costs other than the transmission costs according to the basic rates. You will find a link to unsubscribe from the newsletter at the end of each newsletter.

5. Visibility of your personal data to others

Vispa is a collaboration platform. Therefore, users can see personal data of other users if this is necessary for the use of the platform. This includes, for example, the full name or the first or last name depending on what is entered in the settings in the app. By default, the name entered when registering for our platform is stored in the settings. If a nickname has been chosen, only the nickname is visible to other users. Moreover, other users can see the chosen avatar and all content that a user posts in a shared space. All data is only visible when a space is shared.
The legal basis for this data transfer is Art. 6 para. 1 sent. 1 lit. b GDPR because the processing is necessary for the performance of the contract to which you are a party or on the basis of Art. 6 para. 1 sent. 1 lit f GDPR if a user acts as part of a company because we have legitimate interest on fulfilling our contractual obligations towards our customers. Without visibility to other users, offering a collaboration platform is not possible.

6. Data processing by means of log files

When you access our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected automatically:
a) IP address of the requesting device,
b) Date and time of access,
c) Name and URL of the requested file,
d) the website from which the access is made (Referrer URL),
e) Browser used and the operating system of your computer as well as the name of your access provider,
f) Search term with which the website was found, for example via Google.
The above data will be processed by us for the following purposes:
a) Ensuring a smooth connection of the website,
b) Ensuring a comfortable use of our website,
c) Evaluation of system security and stability and
d) Clarification of any abusive page accesses (DoS/DDoS attacks or similar).
The log files are routinely overwritten after 7 days, which means that all the data they contain is irretrievably deleted. The legal basis for data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. As a rule, we do not use the collected data for the purpose of drawing conclusions about your person. We reserve the right to do so in the event that this becomes necessary in order to clarify abusive page accesses.

7. Data processing through cookies

The website uses cookies and similar technologies such as HTML5 storage (hereinafter collectively referred to as "cookies") in order to be able to optimally design the website. Among other things, this enables easier navigation and a high level of user-friendliness. Cookies are small identifiers that our web server sends to your browser and that your terminal device stores. We use both socalled session cookies, i.e. cookies that expire at the end of your visit, and socalled persistent cookies, which are stored on your terminal device until they expire or you delete them.
The purpose and storage period of the cookies can be found in our cookie overview. If the storage of these cookies is technically necessary, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, because we have a legitimate interest in making your visit to our website as comfortable as possible. Technically necessary cookies are referred to as "essential" in the cookie overview.

These cookies are essential to enable us to provide you with basic and secure features of our website. Without these cookies, certain services you have requested cannot be provided, such as the use of areas of our website restricted to registered users (a cookie that identifies registered users to recognise them during their visit and on return, for example in the login area of our management console) and web shop related services. They are generally only set in response to actions you take that amount to a request for services, such as setting your privacy preferences, logging in or filling out forms. These cookies are not used to collect information about you for other purposes such as marketing or analytics.
In addition, we store cookies for further purposes based on your consent. Please read section 7 of this data protection information.

You can also prevent cookies from being stored on your computer by deactivating the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of our online offer.

8. Your consent to data processing via marketing cookies; Third country transfer

We have integrated a number of third-party marketing tools on our website. Through this, we and the third-party providers process information about user behaviour on our website and can also track users across websites and devices. This enables us to improve our own website and adapt it to user behaviour, but also to target and optimize advertisements on other platforms.
These cookies are used to collect information about the performance of our website, your visit as well as your use of our website, e.g. the number of visitors who have used our website and the pages that are popular with our visitors or to deliver ads on other websites that are tailored to you and your interests. They are also used to limit the number of times an advertisement is displayed and to measure the effectiveness of our advertising campaigns. These cookies collect several pieces of information about your browsing behaviour. They are usually placed on advertising networks with our consent. They store the information that you have visited a website and share it with other companies, such as media publishers. These organisations do this to provide you with targeted ads that are more relevant to you and your interests. In addition, these cookies allow us to analyse your browsing behaviour on our website to tailor our product marketing approach. If you are registered with us, we may add this information to your person, e.g. to decide whether, when and how we can inform you or contact you based on your interests. The data may also be used by the providers of the cookies. There is also the possibility that your data may be transferred to the USA. You can find more information on this and also on the providers in our privacy policy.


The respective third party provider is indicated in the column "placed by" in the cookie overview. Please find more information here:

Facebook
https://www.facebook.com/help/2230503797265156/?helpref=uf_share
https://www.facebook.com/help/2207256696182627?helpref=faq_content

Google
https://myaccount.google.com/intro/data-and-personalization
https://policies.google.com/technologies/partner-sites?hl=de

Hubspot
https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

LinkedIn
https://www.linkedin.com/legal/l/cookie-table#thirdparty

Please note that data may also be transferred via third-party providers to the USA, which does not have a level of data protection that complies with the GDPR.
In these cases, we ensure compliance with the appropriate and adequate safeguards pursuant to Art. 44 et seq. GDPR. You can make an enquiry with us about these service providers at any time using the contact details in section 1 of this Privacy Policy and you will also receive copies of these guarantees.
You can withdraw your consent at any time by accessing the cookie settings again here. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Security during Data Transmission

If you are able to enter personal data on our websites or in the VISPA app, this will be transmitted via the internet using SSL encryption. However, we would like to point out that the use of electronic or other communication channels involves risks for the confidentiality of the communication between you and us; this applies in particular to the use of e-mails. E-mails are transmitted in encrypted form on the basis of cryptographic industry standards such as TLS/SSL. If you contact us electronically by e-mail or in any other way, we may assume that you consent to our further use of these communication channels.
We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.

10. Categories of recipients of personal data; Data Transfer to Third Countries

Service providers and auxiliary agents used by us in connection with the website, e.g. host providers, database providers and other IT service providers, may have access to your personal data. If these service providers and auxiliary agents process data on our behalf, they act in accordance with instructions and are contractually bound by us accordingly. This also applies to the transfer of data to a third country. Data transfer to a third country (e.g. USA) takes place through the use of certain service providers. In these cases, we ensure compliance with the appropriate and adequate safeguards pursuant to Art. 44 et seq. GDPR. You can make an enquiry with us about these service providers at any time using the contact details in section 1 of this Privacy Policy and you will also receive copies of these guarantees. For data transfer to the USA please read also section 7 of this Privacy Policy.

11. Your Rights

You have the right:
a) if we process personal data on the basis of your consent, to withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR. This means that we may no longer process the data based on this consent in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
b) to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, insofar as this was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
c) in accordance with Art. 16 GDPR, obtain from us without undue delay the rectification of inaccurate personal data stored by us and – taking into account the purposes of the processing – to have incomplete personal data completed, including by means of providing a supplementary statement;
d) to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
e) to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you require it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
f) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
g) if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR, to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation;
h) if your personal data is processed for direct marketing purposes, to object at any time to the processing of your data for such marketing, including profiling, insofar as it is related to such direct marketing, in accordance with Art. 21 para. 2 GDPR; and
i) to complain to a supervisory authority in accordance with Art. 77 GDPR. You can usually contact the supervisory authority of your usual place of residence or workplace or our company’s registered seat for this purpose.

If you wish to exercise your aforementioned rights (with the exception of your right to complain as mentioned in lit. i), please contact us using the contact details at the beginning of this data protection information.

12. Duration of storage and routine deletion

Unless otherwise stated in this data protection declaration for the specific data processing, we process and store personal data only for the period of time required to achieve the processing purpose or if this has been provided for in laws or regulations to which we are subject.
If the purpose of storage no longer applies or if a legally prescribed storage period expires, the personal data will be routinely deleted or its processing restricted in accordance with the statutory provisions.