Information on the processing of personal data pursuant to Art. 13 GDPR
1. Name and Contact Details of the Controller
space one GmbH (in the following: „we“)
T: +49 (0) 711 400 543 – 43
2. Name and Contact Details of the Data Protection Officer
Mr. Helmut Glaser
c/o space one GmbH
3. General Information on the Processing of your Personal Data
We collect and process personal data if you provide it to us during registration or via an input form on our website or in our app or when contacting us. We also collect and process usage data that is collected when you use our website. Your data is processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz) and other applicable laws. Personal data is any information relating to an identified or identifiable natural person. In the following, we explain in detail how we collect which data and on what legal basis. In addition, we explain what rights you have and how long your data will be stored.
4. Processing of your data when registering and purchasing a subscription plan and for follow-ups mails; data processing for analysis purposes
4.1 In order to use VISPA, you must register. For this purpose, we request your email address, your full name and a password of your choice. This data is processed on the basis of Art. 6 para. 1 sent. 1 lit. b GDPR because the processing is necessary for the performance of the contract to which you are a party or on the basis of Art. 6 para. 1 sent. 1 lit f GDPR if you act for a company. In the latter case we have a legitimate interest in having a natural person as contact person of a company. In order for you or your company to be able to access your dashboard and the services offered in VISPA, registration and login are necessary.
4.2 We perform analyses of logged-in users in order to be able to monitor the functioning and general use of our services. These analyses are completely anonymous, i.e. the da-ta cannot be traced back to individual users. The information is as follows: Number of Unique Users overall; average time spend per user in average in VISPA in minutes; average number of spaces in average per user in VISPA (all spaces of all users); the amount of referral invites to non-existing users from existing users total; the number of downloads of app; the number of new user logins (first time login). The legal basis is Art. 6 para. 1 sent 1 lit f GDPR because we have a legitimate interest in understanding how our services are used so that we can use this information to improve or change them.
4.3 If you give us your consent to do this when you register by ticking the relevant check-box, we will process the following information with your consent (which is also the legal basis) with reference to your User ID and person:
• Number of returning Unique Users
• Average time spent per user in VISPA in minutes
• Average number of spaces per user in VISPA (all spaces of all users)
• Amount of referral invites to non-existing users from existing users total and per us-er in average
• Number of downloads of app
• Number of new user logins (first time login)
• Number of daily active users (DAU=View AnalyticsReportDAU), weekly active users (WAU=View AnalyticsReportWAU) or monthly active users (MAU=View AnalyticsRe-portMAU)
• Timestamp when a user logged in the last time
• Number of logins of the user e.g. per month (Total Logins / Total active users)
• Amount of spaces per user (Total number of spaces/ Total users)
• Amount of referral invites per user
You can withdraw this consent at any time with future effect. For more information on your rights please read section 11.
4.4 When accepting our marketing cookies (see section 8) we store the information on your browsing behaviour on our website to your data set in your customer relationship management tool. The legal basis is your consent. You can withdraw this consent at any time with future effect. For more information on your rights please read section 11.
5. Visibility of your personal data to others
Vispa is a collaboration platform. Therefore, users can see personal data of other users if this is necessary for the use of the platform. This includes, for example, the full name or the first or last name depending on what is entered in the settings in the app. By default, the name entered when registering for our platform is stored in the settings. If a nickname has been chosen, only the nickname is visible to other users. Moreover, other users can see the chosen avatar and all content that a user posts in a shared space. All data is only visible when a space is shared.
The legal basis for this data transfer is Art. 6 para. 1 sent. 1 lit. b GDPR because the processing is necessary for the performance of the contract to which you are a party or on the basis of Art. 6 para. 1 sent. 1 lit f GDPR if a user acts as part of a company because we have legitimate interest on fulfilling our contractual obligations towards our customers. Without visibility to other users, offering a collaboration platform is not possible.
6. Data processing by means of log files
When you access our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected automatically:
a) IP address of the requesting device,
b) Date and time of access,
c) Name and URL of the requested file,
d) the website from which the access is made (Referrer URL),
e) Browser used and the operating system of your computer as well as the name of your access provider,
f) Search term with which the website was found, for example via Google.
The above data will be processed by us for the following purposes:
a) Ensuring a smooth connection of the website,
b) Ensuring a comfortable use of our website,
c) Evaluation of system security and stability and
d) Clarification of any abusive page accesses (DoS/DDoS attacks or similar).
The log files are routinely overwritten after 7 days, which means that all the data they contain is irretrievably deleted. The legal basis for data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. As a rule, we do not use the collected data for the purpose of drawing conclusions about your person. We reserve the right to do so in the event that this becomes necessary in order to clarify abusive page accesses.
7. Data processing through cookies
The purpose and storage period of the cookies can be found in our cookie overview. If the storage of these cookies is technically necessary, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, because we have a legitimate interest in making your visit to our website as comfortable as possible. Technically necessary cookies are referred to as "essential" in the cookie overview.
These cookies are essential to enable us to provide you with basic and secure features of our website. Without these cookies, certain services you have requested cannot be provided, such as the use of areas of our website restricted to registered users (a cookie that identifies registered users to recognise them during their visit and on return, for example in the login area of our management console) and web shop related services. They are generally only set in response to actions you take that amount to a request for services, such as setting your privacy preferences, logging in or filling out forms. These cookies are not used to collect information about you for other purposes such as marketing or analytics.
In addition, we store cookies for further purposes based on your consent. Please read section 7 of this data protection information.
You can also prevent cookies from being stored on your computer by deactivating the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of our online offer.
8. Your consent to data processing via marketing cookies; Third country transfer
We have integrated a number of third-party marketing tools on our website. Through this, we and the third-party providers process information about user behaviour on our website and can also track users across websites and devices. This enables us to improve our own website and adapt it to user behaviour, but also to target and optimize advertisements on other platforms.
The respective third party provider is indicated in the column "placed by" in the cookie overview. Please find more information here:
Please note that data may also be transferred via third-party providers to the USA, which does not have a level of data protection that complies with the GDPR.
You can withdraw your consent at any time by accessing the cookie settings again here. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Security during Data Transmission
If you are able to enter personal data on our websites or in the VISPA app, this will be transmitted via the internet using SSL encryption. However, we would like to point out that the use of electronic or other communication channels involves risks for the confidentiality of the communication between you and us; this applies in particular to the use of e-mails. E-mails are transmitted in encrypted form on the basis of cryptographic industry standards such as TLS/SSL. If you contact us electronically by e-mail or in any other way, we may assume that you consent to our further use of these communication channels.
We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
10. Categories of recipients of personal data; Data Transfer to Third Countries
11. Your Rights
You have the right:
a) if we process personal data on the basis of your consent, to withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR. This means that we may no longer process the data based on this consent in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
b) to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, insofar as this was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
c) in accordance with Art. 16 GDPR, obtain from us without undue delay the rectification of inaccurate personal data stored by us and – taking into account the purposes of the processing – to have incomplete personal data completed, including by means of providing a supplementary statement;
d) to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
e) to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you require it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
f) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
g) if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR, to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation;
h) if your personal data is processed for direct marketing purposes, to object at any time to the processing of your data for such marketing, including profiling, insofar as it is related to such direct marketing, in accordance with Art. 21 para. 2 GDPR; and
i) to complain to a supervisory authority in accordance with Art. 77 GDPR. You can usually contact the supervisory authority of your usual place of residence or workplace or our company’s registered seat for this purpose.
If you wish to exercise your aforementioned rights (with the exception of your right to complain as mentioned in lit. i), please contact us using the contact details at the beginning of this data protection information.
12. Duration of storage and routine deletion
Unless otherwise stated in this data protection declaration for the specific data processing, we process and store personal data only for the period of time required to achieve the processing purpose or if this has been provided for in laws or regulations to which we are subject.
If the purpose of storage no longer applies or if a legally prescribed storage period expires, the personal data will be routinely deleted or its processing restricted in accordance with the statutory provisions.