Data Privacy

At Heyflow, we consider the protection of personal data (yours and your customers') as a crucial feature of our service. We treat your personal data confidentially and in accordance with the legal data protection regulations as outlined in this privacy policy.

We maintain up-to-date technical and organizational measures to ensure data protection and data security. The security technologies used by Heyflow and our security concept are up-to-date and are constantly adapted to new findings.

The use of Heyflow requires the processing and storage of personal data, such as the email address with which you create your account at Heyflow or the billing address for the conclusion of a user contract. In the following, we explain which data we collect and what the data is used for.

Last edit: 28-07-2021

1. Information about the collection of personal data and provider identification

1.1 In this document we inform about the collection and processing of personal data when using this website. Personal data is defined as data that can be related to a natural person, e.g. name, address, email address and user behavior (see also § 3.1). In addition, this document explains how you can object to certain collection, processing or use of your personal data.

1.2 The platform accessible via the domain names heyflow.com, heyflow.id and niroflow.com (including any subdomains) are provided by Heyflow GmbH, hereinafter "Heyflow", or also "we" and "us". Heyflow GmbH is registered as a German company under the registration number HRB 161040 and address Jungfernstieg 49, 20354 Hamburg. Heyflow GmbH is a service provider according to § 13 of the German Telemedia Act (TMG) and a responsible party according to § 3 para. 7 of the German Federal Data Protection Act (BDSG). You can contact us at [email protected]

We would like to point out that data transmission on the Internet can have security gaps. A complete protection of data against access by third parties is not possible.

2. Rights to information and revocation

2.1 You have the right to request information from Heyflow at any time about the data stored about you at Heyflow, including its origin, purpose of storage and recipient (or category of recipients) to whom your data is disclosed.

2.2 You can revoke your consent to the use and storage of personal data at any time.

2.3 Please send any requests for information or objections to data processing by post to the above company address.

3. Definitions

3.1 Personal data

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2 Processing

According to Art. 4 No. 2 GDPR, processing includes the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

4. Collection and storage of personal data as well as type and purpose of their use

When you call up our website, information is automatically sent to our servers by the browser you use on your end device. This information is temporarily stored in a so-called server logfile. The following information is collected and stored until automated deletion:

IP address of the requesting computer,
date and time of access,
name and URL of the file accessed,
website from which the access is made,
browser used and, if applicable, the operating system of your computer and the name of your access provider.

This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. According to Art. 6 para. 1 p. 1 lit. f GDPR, this serves to protect our legitimate interests in a correct presentation of our offer, which outweigh our interests.

In addition, cookies are set when you visit our website. You can find further explanations in the "Cookies" section of this privacy policy.

5. Hosting services through a third party provider

As part of a processing operation on our behalf, a third-party provider provides us with the services for hosting and displaying the website. All data collected in the course of using this website or in forms provided for this purpose as described below are processed on servers of the third-party provider. Processing on other servers only takes place within the framework explained here.

This service provider is located within a country of the European Union or the European Economic Area.

6. Data collection and use for contract processing, contacting and opening a customer account

We collect personal data if you voluntarily provide it to us during your registration or when contacting us (e.g. via contact form or email). Mandatory fields are marked as such, because in these cases we need the data to process the contract or to process your contact and you can not send the order or contact without their information. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 para. 1 p. 1 lit. b GDPR for contract processing and processing your requests.

Insofar as you have given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account.

After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax law and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

7. Payment service provider

Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

If you choose credit card as a payment method, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on your data provided during the payment process (name, address, credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b GDPR. The transfer of this data takes place exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation.

8. Email newsletter

If you register for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described above or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

The newsletter is sent as part of a processing on our behalf by a service provider to whom we pass your email address for this purpose. This service provider is located within a country of the European Union or the European Economic Area.

9. Cookies and web analysis

In order to make the visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in an optimized presentation of our offer, which outweigh our interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the browser's help menu, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

If cookies are not accepted, the functionality of our website may be limited.

As part of the application of Google Analytics (see below), this website also uses the so-called DoubleClick cookie, which enables recognition of your browser when visiting other websites. The information automatically generated by the cookie about your visit to this website will be transmitted to and stored by Google on servers in the United States. The IP address is shortened by activating the IP anonymization on this website before transmission within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Google will use this information to compile reports on website activity and to provide other services related to website use. This serves to protect our legitimate interests in the optimal marketing of our website, which outweigh our interests in accordance with Art. 6 (1) p. 1 lit. f GDPR. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. After the end of the purpose and the end of the use of Google DoubleClick by us, the data collected in this context will be deleted.

Google DoubleClick is an offer of Google Ireland Limited, a company registered and operated under Irish law with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US-Privacy Shield. A current certificate can be viewed here. For companies certified under the Privacy Shield, an adequate level of data protection is established on the basis of the agreements between the USA with the European Commission and Switzerland.

You can deactivate the DoubleClick cookie via this link. In addition, you can obtain information from the Digital Advertising Alliance about the setting of cookies and make settings for this. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Use of Google Analytics for web analysis

This website uses Google Analytics for website analysis. The web analytics service is offered by Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland www.google.de. This serves to protect our legitimate interests in an optimized presentation of our offer, which outweigh our interests in accordance with Art. 6 (1) p. 1 lit. f GDPR. Google Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. After the end of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US-Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from collecting data on this website in the future. This will place an Opt-Out-Cookie on your device. If you delete your cookies, you must click the link again.

In addition, this website uses Google Signals. This is an extension function of Google Analytics that enables so-called "cross-device tracking". This means that if your Internet-enabled devices are linked to your Google account, Google can generate reports on usage behavior (in particular cross-device user numbers), even if you change your terminal device. For this purpose, Google uses data if you have activated the "personalized advertising" setting in your Google account.

This serves to protect our legitimate interests in an optimized presentation of our offer, which outweigh our interests in accordance with Art. 6 (1) p. 1 lit. f GDPR.

We do not process any personal data in this respect; we only receive statistics compiled on the basis of Google Signals.

You can deactivate the "personalized advertising" setting in your Google account at any time, and thus object to collection by Google Signals.

Google Tag Manager

We use Google Tag Manager to manage website services. Google Tag Manager itself does not set any cookies and does not collect any personal data and only simplifies the management and ensures the correct triggering of other services. You can find more information about Google Tag Manager here: http://www.google.de/tagmanager/use-policy.html

Google reCAPTCHA

For the purpose of protecting against misuse of our web-forms as well as against spam, we use the Google reCAPTCHA service within the scope of some forms on this website. Google reCAPTCHA is an offer of Google Ireland Limited, a company registered and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland google.com. By checking a manual input, this service prevents automated software (so-called bots) from carrying out abusive activities on the website. In accordance with Art. 6 para. 1 p. 1 lit. f GDPR, this serves to protect our legitimate interests in the protection of our website against misuse and in a trouble-free presentation of our online presence, which outweigh our interests.

Google reCAPTCHA uses by means of a code embedded in the website, a so-called JavaScript, as part of the verification methods that allow an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored by Google services in your browser are evaluated by Google reCAPTCHA. A readout or storage of personal data from the input fields of the respective form does not take place.

You can prevent the collection of data generated by the JavaScript or cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by preventing the execution of JavaScript or the setting of cookies in your browser settings. Please note that this may restrict the functionality of our website for your use.

Further information on Google's data protection policy can be found here.

Google Fonts

The script code "Google Fonts" is integrated on this website. Google Fonts is an offer of Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). This serves to protect our legitimate interests in a uniform presentation of the content on our website, which outweigh our interests in accordance with Art. 6 (1) f) GDPR. In this context, a connection is established between the browser you are using and Google's servers. Through this, Google obtains knowledge that our website has been accessed via your IP address.

Sentry

To monitor technical stability and to identify and subsequently improve code errors, we use the service Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA. Sentry is used solely for the aforementioned purposes and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted. For more information, please see Sentry's privacy policy: https://sentry.io/privacy/.

10. Contact options and your rights

As a data subject, you have the following rights:

pursuant to Art. 15 GDPR the right to request information about your personal data processed by us to the extent specified therein;
pursuant to Art. 16 GDPR, the right to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;
pursuant to Art. 17 GDPR the right to request the erasure of your personal data stored by us, unless the further processing
- for the exercise of the right to freedom of expression and information;
- for the fulfillment of a legal obligation;
- for reasons of public interest or
- is necessary for the assertion, exercise or defense of legal claims;
in accordance with Art. 18 GDPR the right to request the restriction of the processing of your personal data, insofar as
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you object to its erasure;
- we no longer require the data, but you need them for the assertion, exercise or defense of legal claims or
- you have objected to the processing in accordance with Art. 21 GDPR;
in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
in accordance with Art. 77 GDPR the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data, as well as revocation of consent given or objection to a particular use of data, please contact us directly using the contact details in our imprint.

11. Right of objection

Insofar as we process personal data as explained above in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you will only have the right to object if there are grounds arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

Translation

This document is a convenience translation. In case of doubt, the German version shall prevail.