Privacy Policy

Privacy Policy for

www.safeREACH.com

as of September 2022

Table Of Contents

Body responsible

safeREACH GmbH
Getreidemarkt 11/10
1060 Vienna, Austria
Tel: +43 1 375 75 75 70
E-mail: info@safereach.com

App

Automatically collected, non-personal data

When you use our app, our web server automatically stores the name of your internet service provider and the date and duration of your use.

In addition, the service provider uses Google Mobile Analytics and Fabric to collect further non-personal data, such as for click-flow analyses. This does not store any cookies on your end device or create a personal reference.

The service provider uses this information to improve the performance and functions of the app. No personal data is collected by safeREACH as a result.

Collection, processing, use and forwarding of personal data

Personal data is only collected by the service provider if you or your organisation actively provide it to us, e.g. to create your customer account. We collect the following data for this purpose: Your full name, your email address, your telephone number and your function within the organisation.

In addition, our app can determine the location of users, if they activate such a function, in order to be able to show the organisation to which the user belongs as its member exactly where the emergency services or the persons ready for deployment are located.

The personal data collected from you will only be processed for the purpose of contract fulfilment (provision of a communication tool for the purpose of transmitting/sending messages/information). Any further use or disclosure of your data will only take place with your consent. Once the contractual relationship has been fully processed, the user data will only be stored for as long as is necessary due to retention periods under tax and company law. After these periods have expired, the data will be deleted or anonymised unless you have expressly consented to its further or other use.

Insofar as you as an organisation transmit data of your members to us, we would like to point out that it is your responsibility to obtain their consent to forward the data to us. By transferring the data, you also ensure that you have obtained the consent of the person concerned.

Personal data will only be collected and transferred to state institutions and authorities within the framework of mandatory national legislation.

Furthermore, your data will be forwarded to these categories of companies in order to process the contractual relationship:

  • Accounting and invoicing
  • Transport service providers

Your personal data will not be forwarded to a country outside the EU or the EEA (so-called third countries).

Direct communication between the user’s end device and the service provider’s servers takes place via the app. This communication is https-encrypted.

The decision as to whether we conclude a contract with you is based on a manual review of your documents; there is no automated decision-making (profiling).

The employees and subcontractors of the service provider have been contractually obliged to maintain confidentiality and to observe data secrecy.

Sending SMS

The service provider also provides an SMS service via which the organisation can send messages to its members and vice versa. The organisation is informed by SMS if a member cannot be reached (offline) at the time of a notification attempt via the app or SMS.

When the SMS service is used, the telephone number of the sender and the recipient as well as the time of sending and receiving are recorded. This data is not stored by the service provider for longer than is requested by the user, is necessary for the processing of the selected service or the service provider is legally obliged to do so.

Data security

The service provider has implemented extensive technical and organisational security measures to protect customer data from unauthorised access and misuse.

The service provider continuously checks all existing systems (hardware and software) for potential threats in order to be able to react quickly to acute security or integrity breaches at any time.

Changes to the data protection provisions

Since technology and procedures on the Internet are developing very rapidly, these provisions and our terms of use are also subject to change. We therefore reserve the right to send you notifications about the applicable provisions at certain intervals. Nevertheless, you should visit our website regularly and take note of any changes. Unless otherwise stated, the use of any information we hold about you and your user accounts is subject to these terms (as updated from time to time). We assure you that any significant changes to this provision that lead to a weaker protection of user data already obtained will only be made with your consent.

Website

Cookies

We use functional cookies to make our website easier to use and to determine its reach.

Cookies are small text files that are stored on your hard drive and, depending on your settings, are automatically deleted after a certain period of time. Cookies are used to make the website and the offer more user-friendly and effective.

This constitutes a legitimate interest. The legal basis is Art. 6, para. 1 lit. f GDPR.

If cookies are not required, your consent will be requested. The legal basis is Art. 6 para. 1 lit. a GDPR.

Enquiry by email or telephone

If you contact us digitally or by telephone, personal data such as name, use case, telephone number, e-mail address and company will be stored for the purpose of processing your enquiry.

The processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR or on your consent Art. 6 para. 1 lit. a GDPR.

Google reCAPTCHA

We use Google reCAPTCHA from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland on our website.

reCAPTCHA is a service that can distinguish between a human visitor and a robot/spam visitor. This makes it possible to tick either no box or just a box to submit a form – without having to solve a puzzle or similar.

The legal basis is Article 6(1)(f) GDPR. There is a legitimate interest in protecting the website from bot and spam requests.

Google may also process data in the USA. For more information, please refer to “General information: Data transmission”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://business.safety.google/intl/de/adsprocessorterms/

Leadfeeder

We use Leadfeeder on our website. Leadfeeder is a company headquartered in Finland, Keskuskatu 6 E, 00100 Helsinki.

Leadfeeder makes it possible to analyse visitor data and identify the visitor’s company based on this.

With Leadfeeder it is also possible to import other data, e.g. into a CRM. This data is used in the CRM to contact companies if necessary.

The legal basis is consent in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse consent or revoke it at any time.

Leadfeeder’s privacy policy is available here: https://www.leadfeeder.com/privacy/

LinkedIn

This website uses the LinkedIn retargeting and conversion tracking tool. LinkedIn is a company from the USA with a location in Ireland, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn enables us to collect data about the use of and visits to our website and to compile statistics. It also enables us to display adverts based on interests.

The legal basis is consent pursuant to Art. 6 para. 1 lit. a GDPR. You can refuse your consent or withdraw it at any time.

Google may also process data in the USA. For more information, please refer to “General information: Data transfer”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

LinkedIn’s privacy policy is available here: https://de.linkedin.com/legal/privacy-policy

Cookiebot by Usercentrics

This website uses the Cookiebot by Usercentrics service. This is a service provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Cookiebot enables us to display a cookie notice on our website. This enables you to accept or reject certain cookies or to give your consent in accordance with the GDPR. Cookiebot also automatically blocks scripts so that no script is preloaded before you give your consent.

The service is used on the legal basis of Art. 6, para. 1 lit. f GDPR. There is a legitimate interest in obtaining your consent, loading or blocking scripts and documenting consent.

Privacy policy: https://www.cookiebot.com/de/privacy-policy/

Vimeo

Vimeo is used on our website. This is a service provided by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

Vimeo is used to embed videos on our website and present them to you, as well as to present complex issues simply and to supplement written explanations.

The legal basis is the legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse consent or withdraw it at any time.

Vimeo may also process data in the USA. For more information, please see “General information: Data transfer”. Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. This means that the company undertakes to comply with European protection levels. Details can be found here: https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.

YouTube

The “YouTube” service is used on this website. This is a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

YouTube is used to embed videos. You can watch this video directly on our website after embedding it.

The integration is carried out by us in order to present complex processes simply and to supplement explanations. The legal basis is the legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse consent or withdraw it at any time.

Google may also process data in the USA. For more information, please refer to “General information: Data transfer”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://business.safety.google/intl/de/adsprocessorterms/

GoTo Webinar

We use the “GoToWebinar” tool from LogMeIn Inc. based in the USA.

The tool is used to offer and conduct training courses, workshops, webinars or information events in online form. If necessary, video recordings are made to provide a recording. Only the presenters can be seen in the video recordings. GoToWebinar offers the function of exchanging data with other systems, e.g. the CRM. To transfer registrations to our CRM, GoToWebinar is connected to it.

GoToWebinar is also used to send reminder emails to inform interested parties about the upcoming event so that they do not miss it.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. f GDPR. You can refuse or withdraw your consent at any time.

The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://www.goto.com/-/media/pdfs/trust-resource-center/goto-customer-dpa-de.pdf

Google Analytics

The “Google Analytics” tool is used on this website. This is a tool provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics sets cookies and makes it possible to obtain information about user behaviour. The use is anonymised. This means that your IP is shortened and anonymised. In addition, demographic characteristics are processed in order to display suitable adverts. This allows reports to be created.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse consent or withdraw it at any time.

Google may also process data in the USA. For more information, please see “General information: Data transfer”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://business.safety.google/intl/de/adsprocessorterms/

Google Audiences/Remarketing

The “Google Audiences/Remarketing” tool is used on this website. This is a tool provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Purpose: The tool makes it possible to display adverts to users based on their interests. A cookie is set for this purpose. This stores anonymised or pseudonymised data based on the use of the website. Websites that you visit and also use this service can display adverts that match your interests.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse consent or withdraw it at any time.

Google may also process data in the USA. For more information, please see “General information: Data transfer”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://business.safety.google/intl/de/adsprocessorterms/

Google Ads

We use the “Adwords” advertising tool on our website. As a result, we use conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The information is used to compile visit statistics, identify the number of users who clicked on our advert and which website was accessed.

You can prevent the installation of a conversion cookie. To do this, deactivate tracking in your browser, which deactivates the automatic setting of cookies.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse consent or withdraw it at any time.

Google may also process data in the USA. For more information, please see “General information: Data transfer”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://business.safety.google/intl/de/adsprocessorterms/

Google Optimise

Google Optimize from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is used on the website.

Optimize analyses the use of the website when different variants of elements or pages are displayed. This enables us to increase user-friendliness and adapt our website to user behaviour.

We use Google Optimize with IP anonymisation (“anonymize IP”). This truncates the IP within the EU and in contracting states. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The legal basis is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in being able to offer you an improved use of our website.

Google may also process data in the USA. For more information, please see “General information: Data transfer”. The data transfer is based on the EU’s standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://business.safety.google/intl/de/adsprocessorterms/

Web hosting

The hosting service is provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.

When you visit our website, personal data is processed on the servers of AWS. The location is exclusively Frankfurt. AWS ensures that no data leaves the European area.

Information on data protection:

https://aws.amazon.com/de/compliance/germany-data-protection/

Further information can be found in the AWS privacy policy:

https://aws.amazon.com/de/compliance/gdpr-center/

The use is based on Art. 6 para. 1 lit. f GDPR. safeREACH has a legitimate interest in a technically reliable presentation of the website.

Server log files

The provider Amazon Webservices (see web hosting) automatically collects and stores information in log files. These are transmitted by the browser.

The processing takes place on the legal basis of Art. 6, para. 1 lit. f GDPR. There is a legitimate interest in the technically flawless presentation of the website.

Typeform

On our website (on the “Prices” page) we use Typeform from Typeform, Bac de Roda 163, Barcelona, Spain.

When the questionnaire is used, data is transmitted to Typeform. When using Typeform, you will be asked again whether you accept the setting of cookies.

For example, information on the time and duration of use and the selected details are transmitted. Further information can be found in Typeform’s privacy policy: https://www.typeform.com/terms-service/ and https://www.typeform.com/help/a/what-happens-to-my-data-360029581691/.

Do not use the tool if you do not want your data to be processed.

Hubspot

We use Hubspot on this website. Hubspot is a company from the USA with a branch in Ireland.

Hubspot enables visitors to our website to fill out forms for downloads and contact forms. The information entered is stored on Hubspot’s servers.

If you submit one of the contact, demo or free trial forms, we will use your data to send you the requested information, set up a safeREACH account and arrange an appointment with you (more on this under “App”). The following data is processed depending on the form:

  • E-mail address
  • First name
  • Surname
  • Job title
  • Telephone number
  • Test/demo form: Use case
  • Contact form: Questions / comments

Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR, concerning contractual or pre-contractual measures. Art. 6 para. 1 lit. a GDPR if consent is requested or Art. 6 para. 1 lit. f GDPR. There is a legitimate interest in providing you with information and support.

We also use Hubspot’s newsletter service. This allows us to analyse campaigns and, for example, openings, browser type and clicks. We use the service to inform interested parties and customers. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR or a legitimate interest Art. 6 para. 1 lit. f GDPR to provide test account users and customers with information about the system.

Interested parties can subscribe to a newsletter on our website. We store the e-mail address for sending further information. The data is transferred to our CRM.

Depending on the form, the following data may be collected:

  • E-mail address
  • First name
  • Surname
  • Job title
  • Company name

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can refuse or withdraw your consent at any time.

Hubspot may also process data in the USA. For more information, please refer to “General information: Data transfer”. The data transfer is based on the EU standard contractual clauses. This means that the company undertakes to comply with European levels of protection:

https://legal.hubspot.com/de/dpa

Further information can be found in Hubspot’s privacy policy:

https://legal.hubspot.com/de/privacy-policy

General note: Data transfer

We use tools from companies headquartered in the USA for the website. If these tools are active, personal data may be transferred to the US servers. In the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer. Security is therefore ensured via standard contractual clauses. This means that the company undertakes to comply with European levels of protection. If these are not sufficient, acknowledgement of the privacy policy is deemed to be consent in accordance with Art. 49 para. 1 lit. a GDPR.

Storage period

We store your data until the purpose of the data processing no longer applies. If you make a justified request for deletion or revoke your consent, we will delete your data unless there are other reasons for not doing so. In the case of cookies, the storage period depends on the individual duration.

Your rights

To exercise the following rights, please use the contact details given above.

Access: You have the right to obtain information as to whether personal data concerning you is being processed and further information about this data.

Rectification: You have the right to request the rectification of inaccurate or outdated personal data concerning you.

Erasure: You have the right to ask us to erase your data. We will notify you if there are legal grounds for not erasing your data.

Restriction of processing: You have the right to request that we restrict the processing of your data in the following cases: if you (i) request rectification; (ii) believe that the data processing is unlawful but do not want the data to be erased; (iii) still need the data for the establishment, exercise or defence of legal claims, even if we no longer need the data for our purposes; or (iv) have objected to the processing and it is not yet clear whether our legitimate grounds override yours.

Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format and to request that the data be transferred directly from us to another controller under data protection law.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates applicable law, in particular the GDPR.

Withdrawal of consent: You have the right to withdraw your consent to the processing of data at any time with effect for the future. This does not affect the lawfulness of the data processing carried out on the basis of the consent up to the time of revocation.

Right to object: If we process data based on legitimate interests, you have the right to object to the processing at any time if there are reasons for this arising from your particular situation. This also applies to profiling based on legitimate interests. If you object to direct advertising, we will no longer process data for these purposes from that point onwards; in other cases, we will carry out a balancing of interests.