Privacy Policy

 

This is the privacy policy of CloudRail GmbH (hereinafter referred to as “CloudRail” or “we”), Julius-Hatry-Straße 1, 68163 Mannheim, e-mail: info@cloudrail.com, who is the controller for the data processing pursuant to Art. 4 (7) GDPR. This privacy policy shall apply to the website of CloudRail and the services offered therein (hereinafter referred to as “Services”).

For a better comprehension of this privacy policy, the most important terms are explained in brief as follows:

 

Glossary

What are personal data?

Personal data are data relating to an identified or identifiable natural person, e.g. relating to you. This includes, for example, your name, e-mail address, telephone number, postal address, credit card data and the IP address of your device.

What are IP addresses?

IP addresses are combinations of numbers used to identify devices that are connected to the internet. Each computer or other device connected to the internet is associated with a specific IP address.

What is a cookie?

Cookies are small text files which are set by many websites in your browser on your device. A cookie generally includes, inter alia, the name of the domain from where the cookie has been set, the “lifetime” of the cookie and a unique number assigned to the cookie. Cookies may, depending on the function of the individual cookie, also store device-related information on the terminal device, so that the websites recognise the user on its next visit, or store statistical data on the use of the respective websites and services.

 

Sec. 1 Collecting and processing of personal data when accessing the Services and the use of cookies

  1. a) When you access our Services, data on this access are collected in so-called “server log files”. The data collected include: name of the website or file accessed, date and time of the retrieval, data volume transmitted, browser and operating system you use, the website visited before (so-called “referrer URL”), your IP address, your Internet provider and a confirmation on the successful retrieval of the respective website accessed.

The legal basis for data processing enabling the use of the website is Art. 6 (1) (f) of the General Data Protection Regulation (“GDPR”) or, if you are already registered for the Services, the legal basis is Art. 6 (1) (b) GDPR.

CloudRail will also make use of the data collected via the server log files for ensuring security and preventing misuse of the Services. CloudRail reserves the right to subsequently verify these data if, due to precise indications, there are reasonable grounds for suspecting an unlawful use of websites and services. The legal basis of this processing is Art. 6 (1) (f) GDPR, whereby our legitimate interest is providing the security of our Services.

In addition, CloudRail processes statistical data on the use of the Services to improve the Services and to detect and fix any occurring malfunctions, pursuant to Art. 6 (1) (f) GDPR. CloudRail’s legitimate interest is to provide user-friendly, fully functioning Services in line with the user’s preferences and interests.

  1. b) The websites of CloudRail use cookies. Cookies enable CloudRail to recognize your device and, if possible, to make your default settings available immediately, in order to provide user-friendly functions which are not possible without the use of cookies.

The use of cookies is necessary in order to make certain functions of the website (like storing purchase items in your shopping cart) available and also to optimise the website and services of CloudRail continuously. The data processing in this context is therefore based on Art. 6 (1) (f) GDPR. CloudRail’s legitimate interest is to provide visitors of its website with a functioning Internet service and to make their visit and use of the website as pleasant and efficient as possible.

You can generally set your browser in such a way that you are informed when cookies are set, that the setting of cookies is excluded for certain cases or generally or that the setting of cookies is only permitted in individual cases. You can also delete stored cookies in the settings of your browser. However, if you deactivate cookies, the functionality of CloudRail’s websites may be restricted.

 

Sec. 2 Use of personal data of registered users

  1. a) In order to use some of our Services, including parts of our websites, you must first register and create an account. Within the registration process we collect your contact information (such as name, email address) and the IP address of your device. The collection of these data is necessary for the provision of the Services and thus for the fulfilment of the contract with you regarding the use of our Services.

Within the use of parts of the Services you may be required to provide additional data.

The data entered for the registration as well as any additional data provided as part of the use of the Services will be used by CloudRail to provide the Services based on the user contract with you, pursuant to Art. 6 (1) (b) GDPR. This may also include informing you per e-mail on, e.g., changes in the scope of the Services and changes of technical circumstances. This processing may also include transferring the data to cloud services providers, insofar you set up such a transfer as part of your use of the Services, thereby instructing us to transfer the data accordingly.

  1. b) For processing any of your purchase orders, the above mentioned data as well as the payment information and any additional required information (e.g. delivery address) provided by you has to be processed.

For payment processing we use the services of Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (“Stripe”). For this purpose the aforementioned data is transmitted to servers of Stripe in the United States.

We also use the services of Chargebee Inc., 340 S. Lemon Avenue, Suite #1537, Walnut, California 91789, USA (“Chargebee”) for billing and processing payments. The aforementioned data is transmitted to servers of Chargebee in the United States for this purpose.

The EU Commission has issued an adequacy decision (No. 2016/1250) for data transmissions to the United States, according to which companies that meet certain criteria guarantee an adequate level of protection, also known as “EU-US Privacy Shield”. These companies are included in the so-called Privacy Shield List. Stripe is one of the companies listed there. The data transmission to Stripe in connection with handling payments is based on Art. 45 and 28 GDPR. Chargebee is also one of the companies listed in the Privacy Shield List. Hence, the transmission of data to Chargebee in connection with processing payments and billing is based on Art. 45 and 28 GDPR.

The legal basis for the processing of payment data is Art. 6 (1) (b) GDPR, because this is necessary for carrying out the contract concluded with you.

 

Sec. 3 Newsletter

We would, of course, like to provide you with our informative newsletter if you are interested in CloudRail and the services we offer.

If you wish to receive the newsletter, CloudRail needs a valid e-mail address. In addition, CloudRail needs to verify that you are the holder of the e-mail address indicated and indeed agree to receive the newsletter. Hence, upon registration of the newsletter subscription your IP address and the date of registration will be stored. Once you have registered, you will receive an e-mail containing a link to activate the newsletter service. Only after you have activated the newsletter service by clicking the link will your registration be effective and the selected newsletter will be sent to you. This serves, in particular, evidential purposes in case a third party misuses an e-mail address to register for the newsletter without the authorised person’s knowledge. Further data are not collected. Such data are only used for dispatch of the newsletter.

Of course, should you no longer wish to receive the newsletter, you can unsubscribe from it any time and revoke your consent. For this, you can click at the link for unsubscribing at the end of each newsletter. Please click here if you wish to unsubscribe. Apart from that, you can also revoke your consent any time in writing (for example by e-mail to support@cloudrail.com).

To dispatch the newsletter we use the “MailChimp” service, a newsletter mailing platform offered by the provider The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce De Leon Ave NE Suite 5000, Atlanta, GA 30308, USA (hereinafter: “MailChimp”). For this purpose, your email address and the fact that you have subscribed to our newsletter as well as any other personal data required for the respective newsletter dispatch will be transmitted to MailChimp and stored on the servers of MailChimp in the United States. MailChimp only uses this information to send and evaluate the newsletter on our behalf.

We strictly adhere to the GDPR including the requirements for IT and data security. MailChimp also strictly observes these requirements. MailChimp is certified under the EU-US Privacy Shield, which is based on an adequacy decision of the EU Commission, and thus committed to comply with EU data protection regulations. The transfer of data to MailChimp is based on Art. 28 and 45 GDPR.

The legal basis for data processing in connection with the newsletter is your consent pursuant to Art. 6 (1) (a) GDPR.

 

Sec. 4 Contacting us

If you contact CloudRail for example by means of a contact form or via e-mail, your details shall be stored for the purpose of processing your request. The same applies in case you have further questions.

The legal basis for this processing of your personal data is Art. 6 (1) (b) GDPR, in case you enter your personal data for the purpose of initiating a contract. Otherwise, the legal basis of this processing is Art. 6 (1) (f) GDPR. Our legitimate interest is the processing of and responding to your request.

 

Sec. 5 Disclosure of data and technical third party service providers

Your personal data will only be passed on to third parties with your express consent. The only exceptions to this are transmissions to our service providers listed in this privacy policy, which we require for the provision of our Services and have commissioned accordingly (e.g. technical service providers). Personal data will only be passed on to those service providers with whom we have previously concluded a contract for order processing pursuant to Art. 28 GDPR. This does not apply to transmissions of data to service providers which are expressly based on a different legal basis in this privacy policy.

If we pass on data to service providers within the scope of our processing, we strictly comply with the requirements of the GDPR, as do our service providers. Of course, before disclosing your personal data, we ensure that our service providers have taken the necessary technical and organisational measures to ensure an appropriate level of protection. The scope of the data disclosure is limited to the minimum required for the processing purpose.

The disclosure of data to governmental institutions and authorities entitled to receive information only takes place within the scope of the statutory duties to provide information or if we are obliged to provide information by a judicial or official decision. In this case, the disclosure of your data is necessary to fulfil a legal obligation to which we are subject, pursuant to Art. 6 (1) (c) GDPR.

Further, CloudRail may disclose data relating to you as user of its Services to third parties, to whom have been assigned CloudRail claims against you, insofar as this is necessary for the assertion of such claims. Upon request, CloudRail shall provide you with the name of the third party. Should CloudRail cooperate with third parties for the provision of services, CloudRail will insist on these third parties complying with valid data protection laws and ensuring sufficient data protection. The legal basis of this processing is Art. 6 (1) (f) GDPR, whereby the legitimate interests are the assertion of the claims against you.

 

Sec. 6 Google Analytics

In its Services CloudRail uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).

Google Analytics sets a cookie on your devices to collect data on your use of the Services and helps us analyse how you use the Services. The cookie is used to store personal information, such as the access time, the location from which an access originated and the frequency of visits to our website by you.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

We use the extension “anonymizeIP()”. By activating this extension for our website, your IP address will be shortened within the Member States of the European Union or other states agreeing to the Agreement on the European Economic Area, before being sent to a Google server in the United States.

Google will use this information on our behalf for the purpose of evaluating your use of the Services, compiling reports on activity on our website and providing other services relating to the website activity and usage to us. Google will not link your IP address to any other data stored by Google.

You may refuse the setting of cookies by selecting the appropriate settings on your browser as explained in the sections before. Such settings would also affect the cookies set by Google Analytics.

Furthermore, you can object to the processing of your data in Google Analytics and prevent future processing of your data by Google Analytics by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Google considers the installation of the browser add-on as objection to the data processing related to Google Analytics. Please note that you will need to reinstall the browser add-on to disable Google Analytics again if your browser or your device is later deleted, formatted, or reinstalled.

You can also prevent the future use of Google Analytics, in particular when accessing our website from browsers on mobile devices, by clicking on the following link: a href=”javascript:gaOptout();” onclick=”alert(‘Google Analytics wurde deaktiviert’);”>Opt-Out Link. By clicking on the link, a so-called opt-out cookie is stored on your device. Please do not delete this cookie as long as you wish to maintain your objection. If you delete this cookie on your device, you must set such a cookie again by clicking on the link if you wish to continue to object to the collection of your data by Google.

Further information and Google’s applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html Google Analytics is explained in more detail under this link https://www.google.com/intl/de_en/analytics/.

The EU Commission has issued an adequacy decision (No. 2016/1250) for data transmissions to the United States, according to which companies that meet certain criteria guarantee an adequate level of protection, also known as “EU-US Privacy Shield”. These companies are included in the so-called Privacy Shield List. Google is one of the companies listed there. The data transmission to Google in connection with Google Analytics is based on Art. 45 and 28 GDPR.

We use Google Analytics to analyse the use of our website and services and to continuously develop our website and services in terms of user-friendliness. The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. Our legitimate interest is the continuing adaptation of our Services along with the user changing interests, in order to continuously improve and evolve the user experience of our customers and other users of our Services.

Sec. 7 Third party implementations

Third party content, including YouTube videos, graphics or RSS feeds, can be integrated within our services from other websites.

The YouTube platform and its content areoperated by the YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), a subsidiary of Google.

If you visit parts of our website which include YouTube videos and play one of the videos, the information that you accessed the specific video is sent directly to YouTube. If you are logged in to your YouTube account, this information can also be attributed directly to your personal profile. You can prevent this by logging out of your YouTube account before accessing these parts of our website.

Our data processing in connection with the use of YouTube videos is based on Art. 6 (1) (f) GDPR. The implementation of YouTube content is in the interest of an appealing and informative presentation of our website. This constitutes our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

The transmission to Google in connection with YouTube videos is based on Art. 45 and 6 (1) (f) GDPR. As mentioned before, Google is listed in the EU-US Privacy Shield List so that the data transmission to Google and its subsidiaries is within the scope of an adequacy decision of the EU commission (No. 2016/1250).

For more information about privacy at Google, in particular, the nature, scope and purpose of the data processing, see the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

 

Sec. 8 Deletion of personal data

CloudRail processes your personal data only for as long as is necessary to provide our Services or to achieve the processing purposes or is justified by legitimate interests, including any statutory obligation to store the data.

The personal data concerning you will be deleted as soon as the purpose of the data processing no longer applies. If there are reasons within the meaning of Art. 17 (3) GDPR opposing the deletion, such as statutory storage or storage obligations, the processing of this data will be restricted. In such case, the data will be deleted when the reason for further storage no longer applies, e.g. the legally prescribed storage period expires.

 

Sec. 9 Your right to object

Insofar the basis for data processing is Art. 6 (1) (f) GDPR (legitimate interests), you have the right to object to the processing of your personal data at any time in accordance with Art. 21 GDPR if there are reasons for doing so which arise from your particular situation or if the objection is directed against data processing for purposes of direct marketing. In the latter case, you have a general right of objection, with which we will comply accordingly without you needing to state any reasons which arise from your particular situation (Art. 21 (2) GDPR).

If you object for reasons arising from your particular situation, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (Art. 21 (1) GDPR).

 

Sec. 10 Your further rights

  1. a) Right of access

You also have the right to access from CloudRail, in writing and free of charge, the personal data concerning you which is processed by CloudRail, the purposes of the processing, the information on the source of the data, the recipients or categories of recipients to whom the data has been disclosed, the envisaged storage period and your relevant rights at your disposal.

  1. b) Right to rectification, erasure and/or restriction of data processing

You have the right to request at any time the rectification of incorrect data, the erasure and/or restriction of the processing of personal data stored about you unless CloudRail is legally obligated to retain such data or there is another, opposing legitimate reason as defined in Art. 17 (3) GDPR. Insofar as this includes personal data required for the provision of services to you, the deletion or restriction of the processing of such data can only take place when you no longer use CloudRail’s services.

  1. c) Right to data portability

If you provided data concerning you and CloudRail processes such data based on your consent or in order to fulfil a contract, you may request to receive such data in a structured, commonly used and machine-readable format from CloudRail or that CloudRail transmits such data to another controller to the extent technically possible.

  1. d) Right to withdraw consent

You can freely withdraw any consent you give regarding the use of personal data at any time with effect for the future.

  1. e) Right to lodge a complaint to a supervisory authority

You may also lodge a complaint with a supervisory authority against a data processing which, in your opinion, violates the statutory provisions.

 

Sec. 11 Third party websites / Links

In the event that you are redirected through a link included in one of the CloudRail websites to another website which is not operated by CloudRail, CloudRail expressly points out that the present privacy policy does not apply to such website operated by a third party. CloudRail therefore recommends to always carefully read the privacy statements of any linked websites.

 

Sec. 12 Amendment of the privacy policy

CloudRail reserves the right to regularly review and modify this privacy policy at any time within the framework of statutory provisions, for example to take into account changes in jurisdiction or our business operations as well as technical developments. In any way, CloudRail undertakes to always observe the applicable data protection and privacy regulations. CloudRail recommends its users to review the latest version of the privacy policy each time you visit the websites.