Skip to content

Privacy Notice according to Art. 13, 14 GDPR

As of 08.11.2024

With the following privacy notes, we would like to inform you about how we handle your personal data in detail.

A description of how we process personal data when using our website is available in our privacy policy.

Who we are

All references to ‘we’, ‘us’ or ‘the company’ in this Privacy Notice refer to the following organisation:

Virtual Identity AG
Grünwälder Straße 10-14
79098 Freiburg
Deutschland
+49 761 20758-400


https://www.virtual-identity.com

Austria

Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien

How to contact our data protection officer

The contact details of our designated data protection officer are as follows:

DataCo GmbH
Nymphenburger Str. 86
80636 München
Germany
+49 89 452459-900


https://www.dataguard.de 

Your rights

You have the following rights under the GDPR:

  • right to be informed about how your data is used;
  • right of access to your personal data;
  • right to correction or rectification of your data;
  • right to request deletion of your data;
  • the right to object to the processing of your data;
  • the right to data portability.

Should you wish to exercise the above rights, please send an email to the following email address:

In most cases, we will respond to any requests to exercise your rights free of charge and within one month, if not before.

Further information on your right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out in the public interest or based on our legitimate interests.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

The objection can be made without any formalities.

Further information on your right to withdraw consent
In addition, if you have consented to the processing of your personal data, you may revoke your consent at any time. Please note, however, that the lawfulness of the data processing that took place until the revocation is not affected in this case.

Information on publication on the Internet

If personal data has been made publicly accessible and you revoke your consent, we as the responsible body are only obliged to inform other recipients. This does not affect the obligation of these recipients to delete personal data. You can take direct action against other controllers who process your personal data and request deletion. Information posted on the Internet may never be completely deleted, even if it has been deleted from the original page. In any case, the providers of the main search engines are informed of the request for deletion, so that the personal data can at least no longer appear in search queries without further ado. We would like to point out that photos and/or videos on the Internet can be accessed by anyone. Despite all technical precautions, it cannot be ruled out that such persons may continue to use the photos and/or videos or pass them on to other persons. We are not liable for third parties using the photos for other purposes, including in particular by downloading and/or copying photos.

Your right to complain
If you are unhappy with any aspect of this privacy notice, or how your personal data is being processed, please contact our data protection officer.

You also have the right of appeal to a supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg. You can reach this authority at:

Address:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart

Postal address:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart

Phone: +49 711/615541-0
Fax: +49 711/615541-15
E-mail address:

For Clients and interested parties

This Privacy Notice sets out how we use personal data for the following individuals:

  • Our clients who are individuals, as well as representatives or contact persons of our clients who are legal entities
  • Interested parties who are individuals, as well as representatives or contact persons of interested parties who are legal entities
Our role in the processing of your personal data

Where we choose, or assess whether to choose, to enter a business relationship with a client or other interested party, we are the controller of any personal data that you give to us for the purpose of enabling that business relationship. This means that we are responsible for deciding how we collect, use and store information about you regarding our relationship.

Your personal data that we process

Within the scope of the business relationship, we may collect the following personal data about our clients or interested parties:

  • Personal Identification Information: First name, last name, title
  • Contact Information: Email address (business), telephone number (business), Company postal address (business)
  • Payment Information:Bank account number, Credit/debit card details, billing address, tax identification numbers and business registration details, purpose and other information relating to financial transactions, maturity of receivables, amount of receivables
  • Professional Information: Company name, department, industry, job title
  • Photo and Video: photos (optionally, if you provide it), screenshots, video recordings of online meetings, photos or video recordings of meetings or workshops.
  • Unincorporated Business Status: For sole traders or partnerships, including details of the business and its operations.
  • Contracts and Agreement Details: Documentation of the terms of our financial arrangements with you.
  • Legal Claims or Proceedings: Information related to any legal actions involving you that might affect our relationship.
  • Compliance Documentation: Data necessary for anti-money laundering (AML) checks, know your customer (KYC) processes, and other regulatory requirements.
  • Credit Scores and History: Obtained from credit reference agencies to assess your creditworthiness.
  • Account Transactions: Detailed records of transactions including dates, amounts, and descriptions.
  • Invoices and Statements: Copies of billing documents sent to or received from you.
  • Correspondence: Copies of communications between you and us, including emails, letters, and notes from phone calls.
  • Customer Service Records: Details of interactions with our customer service teams, including inquiries, complaints, and feedback.
  • All other personal data: provided to us during communication.
Purposes and legal bases of the data processing

We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. We may process your personal data for the following purposes and under the following legal bases:

PurposeLegal basis
Process requests from interested partiesLegitimate interests – Art. 6 (1) (f) GDPR

Performance of contract – Art. 6 (1) (b) GDPR

Prepare and carry out pre-contractual measures – incl. e.g. preparing and sending offers, agreements or contractual conditions aiming to conclude the contractPerformance of contract – Art. 6 (1) (b) GDPR
Establishment, execution and termination of the contractual relationshipPerformance of contract – Art. 6 (1) (b) GDPR
Invoicing and B2B financial accounting, i.e. all activities related to recording, summarising and reporting various B2B transactions resulting from business operations Performance of contract – Art. 6 (1) (b) GDPR

Compliance with legal obligations – Article 6(1)(c) GDPR

Include contact details in our customer relationship management systemLegitimate interests – Art. 6 (1) (f) GDPR
Customer management and service – e.g. customer inquiries and communication via email or phoneLegitimate interests – Art. 6 (1) (f) GDPR

Performance of contract – Art. 6 (1) (b) GDPR

Carry out marketing initiatives like newsletters, whitepaper downloads or invitations to events or webinarsLegitimate interests – Art. 6 (1) (f) GDPR

Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR

Inform about our products and services. Incl. sending (direct) advertising by email or telephoneLegitimate interests – Art. 6 (1) (f) GDPR
Assigning receivablesPerformance of contract – Art. 6 (1) (b) GDPR
Securing debts via guaranteesPerformance of contract – Art. 6 (1) (b) GDPR
Implementing and managing the debt assignment processLegitimate interests – Art. 6 (1) (f) GDPR

Compliance with legal obligations – Article 6(1)(c) GDPR, where necessary to comply with legal and regulatory obligations

Consultation and data exchange with credit agencies to determine credit and default risksLegitimate interests – Art. 6 (1) (f) GDPR
Detecting and preventing fraudLegitimate interests – Art. 6 (1) (f) GDPR
Comply with legal and regulatory obligations. Incl. the transmission of personal data to tax consultant office Compliance with legal obligations – Article 6(1)(c) GDPR
Fulfil post-contractual measuresPerformance of contract – Art. 6 (1) (b) GDPR
Assert, exercise or defend legal claimsLegitimate interests – Art. 6 (1) (f) GDPR
Sources of your personal data

Most of the personal data that we process is sourced directly from our clients or interested parties in the course of communication and contractual relationships.

We collect data from clients or interested parties in the following manners:

  • Requests and data sent via the contact form on our website
  • Requests and data sent via messages to our employees, e.g. via email, LinkedIn messages and other communication channels
  • Requests at trade fairs or other events where data is passed on to our employees with the aim of establishing contact
  • Individual registration for events on our website
  • Individual research about potential interested parties in business directories, contact information on websites, and professional networks
  • Querying of the personal data after concluding a contract with us from the persons themselves, or receipt of personal data via an employee of the client company. This could also concern employees of service providers used by a client’s company.
  • Entry of employees’ personal data by an administrative assistant of the client in project management, collaboration and communication platforms.

In addition, in some circumstances we will collect personal data from third-party agencies or publicly available sources like business directories or websites to fulfil the purposes for processing your personal data outlined in this Chapter of this Privacy Notice.

Who we share your personal data with

We only transfer your personal data to external recipients if you have consented or if this is permitted by law.

Service providers

As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.

External recipients of your personal data may be in particular:

  • Freelancers
  • Data processors
  • Data destruction providers
  • Potential business partners in the context of a (future) due diligence review
  • Regulatory Authorities e.g. courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control) and law enforcement
  • Settlement partners
  • Banks, payment providers and other financial or credit institutions
  • Credit reference agencies
  • Debt Collection agencies
  • Legal, professional and tax consultants
  • Accounting Offices
  • Insolvency practitioners
  • Parcel and postal service providers
  • Logistics and warehouse providers
  • Auditors
  • Other creditors

Additionally, we use the following service providers:

ServiceProviderReason why your data is sharedLocation of data processing
Adobe Photoshop, Premiere, Illustrator and Creative Cloud File Storage

Privacy Policy

Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland

Adobe Inc., 345 Park Avenue, San Jose, CA 95110

We use Adobe apps and cloud services for image and video processing. Depending on the contract and project, personal image data could be shared with Adobe. Also giving you access to such assets, personal data might be shared with Adobe.Ireland, USA

Third-country transfer under EU-U.S. DPF, EU SCCS

Docusign Electronic Signature Platform

Privacy Policy

Docusign International (EMEA) Limited,
5 Hanover Quay
Ground Floor
Dublin 2
Ireland

Docusign Inc., 221 Main Street, Suite 800, San Francisco, CA 94105

Docusign Germany GmbH,
Mies-van-der-Rohe-Straße 6,
80807 München,
Germany

We use Docusign services to manage contractual documents and qualified electronic signatures. Personal data, required to sign a contract, is shared with DocuSign. Ireland, USA, Germany

Third-country transfer under EU SCCs

Figma, collaborative UI design platform
Privacy Policy

DPA

Figma, Inc.
760 Market St FL 10
San Francisco, CA 94102
We use Figma to collaboratively develop UI/UX designs, concepts and prototypes. Giving you access to such artifacts on Figma.com, personal data might be shared with Figma.USA,
Third-country transfer under EU-U.S. DPF,
EU SCCs
LinkedIn Professional Network

Privacy Policy

LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
We use LinkedIn to present our company, post content and give you the opportunity get in contact with us or to download whitepapers. Ireland, USA

Third country transfer under EU-U.S. DPF,
EU SCCs

Project Management Software ClickUp
Privacy Policy

DPA

Mango Technologies, Inc. dba ClickUp,
350 Tenth Ave Suite 500, San Diego, CA 92101
Project Management and all project related processesUSA,
Third country transfer under EU SCCs
Microsoft Teams, Microsoft 365
Privacy Statement
Microsoft Ireland Operations, Ltd.
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland.
We use Microsoft Teams and other Microsoft 365 services and applications for email communication, online meetings, cloud storage and other business processes Ireland, USA, Germany
Third country transfer under EU-U.S. DPF,
EU SCCs
Miro Collaboration Board
Privacy Policy

DPA

RealtimeBoard, Inc. dba Miro
201 Spear Street Suite 1100
San Francisco, CA 94105
We use Miro boards to work collaboratively on projects, concepts and sharing ideas in online meetings.USA, The Netherlands,
Third country transfer under EU-U.S. DPF, EU SCCs
Zoho CRM

Privacy Policy

Zoho Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, The NetherlandsWe use Zoho CRM to manage our clients’ contact data and relationship information.The Netherlands
Third country transfer under EU SCCs

We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.

Affiliated Group Entities

In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.

For organizational purposes we may share data with our subsidiaries:

Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien

Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto

International Data Transfers

If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.

How long we keep your personal data for

We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:

  • If there are outstanding obligations from the contractual relationship
  • If a deletion conflicts with contractual, legal or statutory retention periods
  • For the assertion, exercise or defence of legal claims
  • If this is required for the fulfilment of a legal obligation to which we are subject.
Obligation to provide data

For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. This obligation also arises from the law, e.g. § 14 UstG or other regulatory and legal obligations. Without this data, we will generally not be able to conclude and execute the contract with you.

For Event participants

This Privacy Notice sets out how we use personal data for the following individuals:

  • All individuals who register for and/or attend in-person events
  • All individuals who register for and/or attend online events and webinars
Our role in the processing of your personal data

When we process your personal data for purposes related to our events, we are the controller of any personal data that you give to us. This means that we are responsible for deciding how we collect, use and store information about you.

Your personal data that we process

If you sign up to participate in an event or webinar organised by us, we ask you to provide certain information so that we can process your interest in the event, provide you with relevant updates, and facilitate and confirm your attendance.

Specifically, we may collect the following information:

  • Personal Identification Information: First name, last name, title
  • Contact information: Email address, phone number, postal address
  • Professional Information: Job title, affiliated organisation, industry
  • Accessibility requirements: Information on disabilities or any special assistance needed
  • Interest in our products and services: Information regarding your interests in relation to the products, services, or topics related to the event.

During events and webinars, we may collect the following information:

  • Photographs and recordings: Photos, video, screenshots or livestream recordings captured during the event

Following events and webinars, we offer the opportunity to provide feedback:

  • Opinions and feedback: Responses to post-event surveys or feedback forms, including satisfaction ratings, suggestions for improvement, and descriptions of personal experiences.
  • Interest in related products and services: A record of whether you would like to receive communications regarding future events and products or services related to the event topic.
Purposes and legal bases of the data processing

We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. In particular, we process your personal data for the following purposes and under the following legal bases:

PurposeCategories of dataLegal basis
Registering your interest and facilitating your participation in our events
  • Personal identification information
  • Contact details
  • Professional Information
Legitimate interests – Art. 6 (1) (f) GDPR
  • Accessibility requirements
Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR
Marketing our related products and services to you
  • Personal identification information
  • Contact details
  • Professional Information
Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR
Sharing event content on password-protected websites with all registered participants of the event and/or posting on online channels for marketing purposes
  • Photographs and recordings
Legitimate interests – Art. 6 (1) (f) GDPR
Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR
Collecting feedback to enhance the quality of future events
  • Opinions and feedback
Legitimate interests – Art. 6 (1) (f) GDPR
Sharing your information with partners providing services required to organize and hold the event.
  • Personal identification information
  • Contact details
Legitimate interests – Art. 6 (1) (f) GDPR
Who we share your personal data with

We only transfer your personal data to external parties if you have consented or if this is permitted by law.

Service providers

As with most organisations, we use service providers to support the delivery of our events. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.

We use the following service providers:

ServiceProviderReason why your data is sharedLocation of data processing
Amazon Web Services

Privacy Policy

Amazon Web Services EMEA SARL
38 avenue John F. Kennedy,
L-1855, Luxemburg
We use Amazon Web Services to host our website which is based on WordPress. All data submitted in the event registration process will be processed by servers and cloud services hosted via AWS.Ireland, USA,

Third country transfer under EU-U.S. DPF,
EU SCCs

Instagram Social Network

Privacy Policy

Meta Platforms Ireland Limited
ATTN: Privacy Operations
Merrion Road
Dublin 4
D04 X2K5, Ireland
We use Instagram to present our company and give you the opportunity get in contact with us. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consentIreland, USA,

Third country transfer under EU-U.S. DPF,
EU SCCs

LinkedIn Professional Network

Privacy Policy

LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
We use LinkedIn to present our company and give you the opportunity get in contact with us or to download whitepapers. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consentIreland, USA

Third country transfer under EU-U.S. DPF,
EU SCCs

Microsoft Teams, Microsoft 365

Privacy Policy

Microsoft Ireland Operations, Ltd.
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
We use Microsoft Teams and related Microsoft 365 services to host our online events.Ireland, USA, Germany
Third country transfer under EU-U.S. DPF,
EU SCCs
QFlow for events, check-in
Privacy Policy

GDPR privacy statement

Wiretouch Ltd.
71a Church Road
Hove, East Sussex BN3 2BB, England
We use Qflow from Wiretouch Ltd. for event check-inUnited Kingdom,

Third country transfer under EU SCCs

Zoho CRM

Privacy Policy

Zoho Corporation GmbH
Trinkausstr. 7
40213 Düsseldorf, Germany

Zoho Corporation B. V. Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands

We use Zoho CRM to manage our clients’ contact data and relationship information. This applies to clients and interested parties only. The Netherlands
Third country transfer under EU SCCs
Xing Professional Network

Privacy Policy

New Work SE
Am Strandkai 1
20457 Hamburg
We use Xing to present our company and give you the opportunity get in contact with us. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent Germany

We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.

We also may share event content like photographs, audio and video recordings on a password-protected website with all registered participants of the particular event.

Affiliated Group entities

In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.

For organizational purposes we may share data with our subsidiaries:

Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien

Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto

International Data Transfers

If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.

How long we keep your personal data for

We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:

  • if there are outstanding obligations from the contractual relationship
  • if a deletion conflicts with contractual, legal or statutory retention periods.
  • for the assertion, exercise or defence of legal claims
  • if this is required under European or national law for the fulfilment of a legal obligation to which we are subject.

For Service Providers and Suppliers

This Privacy Notice sets out how we use personal data for the following individuals:

  • Our suppliers, vendors and service providers who are individuals
  • Representatives or contact persons of our suppliers, vendors and service providers who are legal entities

For ease of reference, all the above categories of individuals are collectively referred to as ‘suppliers’ throughout this Chapter of this Privacy Notice.

Our role in the processing of your personal data

Where we choose, or assess whether to choose, to enter a business relationship with a supplier, we are the controller of any personal data that you give to us for the purpose of enabling that business relationship. This means that we are responsible for deciding how we collect, use and store information about you regarding our relationship.

Your personal data that we process

We process personal data from suppliers and service providers. This is necessary for business operations. The following data is processed in this context:

  • Personal Identification Information: First name, last name, title
  • Contact Information: Email address (business), telephone number (business), Company postal address (business)
  • Professional Information: Company name, department, industry, job title
  • Photo and Video: portrait photo (optionally, if you provide it yourself), video recordings of online meetings, photos and video recordings of meetings or workshops.
  • Payment Information: Bank account number and/or Credit/debit card details, billing address, tax identification numbers and other business registration details, purpose and other information relating to financial transactions, maturity of receivables, amount of receivables
  • Service Delivery Information: Service descriptions, contractual agreements, delivery schedules, service preferences
  • Quality Assurance and Feedback: Opinions, feedback on services provided, complaints, suggestions for improvement
  • Compliance and Due Diligence Information: Information related to compliance with laws and regulations
  • All other personal data: provided to us during communication
Purposes and legal bases of the data processing

We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. We may process your personal data for the following purposes and under the following legal bases:

PurposeLegal basis
Due diligence & supplier selectionLegitimate interests – Art. 6 (1) (f) GDPR
Establishment, execution and termination of a contractual relationshipPerformance of contract – Art. 6 (1) (b) GDPR
Supplier onboardingPerformance of contract – Art. 6 (1) (b) GDPR/td>
Performance of ordersPerformance of contract – Art. 6 (1) (b) GDPR
Effecting and managing payments Performance of contract – Art. 6 (1) (b) GDPR
Evaluating supplier performance Legitimate interests – Art. 6 (1) (f) GDPR
Audits & Record-keepingLegitimate interests – Art. 6 (1) (f) GDPR

Compliance with legal obligations – Article 6(1)(c) GDPR, where necessary to comply with legal and regulatory obligations

Consultation and data exchange with credit agencies to determine credit and default risks Legitimate interests – Art. 6 (1) (f) GDPR
Market and opinion research, provided that you have not objected to the use of data for this purpose Legitimate interests – Art. 6 (1) (f) GDPR

Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR

Comply with legal and regulatory obligations. Incl. the transmission of personal data to tax consultant officeCompliance with legal obligations – Article 6(1)(c) GDPR
Claim and manage post-contractual measuresPerformance of contract – Art. 6 (1) (b) GDPR
Assert, exercise or defend legal claimsLegitimate interests – Art. 6 (1) (f) GDPR
Sources of your personal data

Most of the supplier personal data that we process is sourced directly from our suppliers.
We collect data from suppliers or service providers in the following manners:

  • Receipt of personal data directly from the data subject via establishment of contact by suppliers or service provider
  • Receipt of personal data directly from the data subject via establishment of contact by Virtual Identity

In addition, in some circumstances we will collect supplier personal data from third-party agencies or publicly available sources like business directories or websites for the purpose of supplier due diligence and evaluation.

Who we share your personal data with

We only transfer your personal data to external recipients if you have consented or if this is permitted by law.

Service providers

As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.

External recipients of your personal data may be in particular:

  • Freelancers
  • Data processors
  • Data destruction providers
  • Potential business partners in the context of a (future) due diligence review
  • Regulatory Authorities e.g. courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control) and law enforcement
  • Settlement partners
  • Banks, payment providers and other financial or credit institutions
  • Credit reference agencies
  • Debt Collection agencies
  • Legal, professional and tax consultants
  • Accounting Offices
  • Insolvency practitioners
  • Parcel and postal service providers
  • Logistics and warehouse providers
  • Auditors
  • Other creditors

Additionally, we use the following service providers:

ServiceProviderReason why your data is sharedLocation of data processing
Adobe Photoshop, Premiere, Illustrator and Creative Cloud File Storage

Privacy Policy

Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland

Adobe Inc., 345 Park Avenue, San Jose, CA 95110

We use Adobe apps and cloud services for image and video processing. Depending on the contract and project, personal image data could be shared with Adobe. Also giving you access to such assets, personal data might be shared with Adobe.Ireland, USA

Third-country transfer under EU-U.S. DPF, EU SCCS

Docusign Electronic Signature Platform

Privacy Policy

Docusign International (EMEA) Limited,
5 Hanover Quay
Ground Floor
Dublin 2
Ireland

Docusign Inc., 221 Main Street, Suite 800, San Francisco, CA 94105

Docusign Germany GmbH,
Mies-van-der-Rohe-Straße 6,
80807 München,
Germany

We use Docusign services to manage contractual documents and qualified electronic signatures.
Personal data, required to sign a contract, is shared with DocuSign.
Ireland, USA, Germany

Third-country transfer under EU SCCs

Figma, collaborative UI design platform
Privacy Policy

DPA

Figma, Inc.
760 Market St FL 10
San Francisco, CA 94102
We use Figma to collaboratively develop UI/UX designs, concepts and prototypes. Giving you access
to such artifacts on Figma.com, personal data might be shared with Figma.
USA,
Third-country transfer under EU-U.S. DPF,
EU SCCs
Project Management Software ClickUp
Privacy Policy

DPA

Mango Technologies, Inc. dba ClickUp,
350 Tenth Ave Suite 500, San Diego, CA 92101
Project Management and all project related processesUSA,
Third country transfer under EU SCCs
Microsoft Teams, Microsoft 365
Privacy
Statement
Microsoft Ireland Operations, Ltd.
One Microsoft Place,
South County Business Park,
Leopardstown,
Dublin 18, Ireland.
We use Microsoft Teams and other Microsoft 365 services and applications for email communication,
online meetings, cloud storage and other business processes
Ireland, USA, Germany
Third country transfer under EU-U.S. DPF,
EU SCCs
Miro Collaboration Board
Privacy
Policy

DPA

RealtimeBoard, Inc. dba Miro
201 Spear Street Suite 1100
San Francisco, CA 94105
We use Miro boards to work collaboratively on projects, concepts and sharing ideas in online
meetings.
USA, The Netherlands,
Third country transfer under EU-U.S. DPF, EU SCCs

Affiliated Group Entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.

For organizational purposes we may share data with our subsidiaries:

Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien

Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto

International Data Transfers

If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.

How long we keep your personal data for

We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:

  • If there are outstanding obligations from the contractual relationship
  • If a deletion conflicts with contractual, legal or statutory retention periods
  • For the assertion, exercise or defence of legal claims
  • If this is required for the fulfilment of a legal obligation to which we are subject.
Obligation to provide data

For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. This obligation also arises from the law, e.g. § 14 UstG or other regulatory and legal obligations. Without this data, we will generally not be able to conclude and execute the contract with you.

This notice was created with the support of DataGuard.