The engine that powers sustainable organisations
1. Controller and data protection officer for data processing
Controller for data processing within the meaning of the data protection legislation is:
Daato Technologies GmbH
10785 Berlin, Germany
Please do not hesitate to contact us if you have questions or ideas relating to data protection.
You can contact our data protection officers at the following address:
Daato Technologies GmbH
10785 Berlin, Germany
2. Subject matter of data protection
The subject matter of data protection is personal data. This is all the information that relates to an identified or identifiable natural person (known in the legislation as the data subject). This covers, for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates from the use of our website, such as details about the start, end, and scope of use, and the communication of your IP address.
3. Type, scope, purposes of, and legal basis for automated data processing
An overview of the type, scope, purposes of, and legal bases for automated data processing via our website is provided below.
3.1 Provision of our website
When you access our website using your device, we process the following data:
- date and time of access
- duration of your visit
- type of device
- operating system used
- functions that you use
- quantity of data sent
- type of event
- referrer URL
- IP address
- domain name
- screen and viewport resolution
- pixel ratio
We process this data on the basis of Article 6 (1) (f) GDPR to provide the website, to ensure the technical operation, and to identify and rectify faults. In this way, we pursue the interest of facilitating and ensuring the long-term use of our website and its technical functional capability. When our website is selected, this data is automatically processed. You cannot use our website unless this data is provided. We do not use this data for the purpose of drawing conclusions about you or your identity.
4. Individual services and offers
You can voluntarily enter personal data on our website, e.g. when you send us requests for information voluntarily. We will process your request according to Article 6 (1) b) or f) GDPR and we will possibly disclose your information to third parties (e.g. Webflow, Hubspot, Weglot, freshworks, hotjar etc.,) within this context, if required.
5. Safeguarding of legitimate interests
We will process your personal data for the purpose of safeguarding our legitimate interests. In addition to the interests specified in the description of individual services and offers in Section 4, data processing procedures are performed on our website in particular against the background of the following interests:
- Guaranteeing the availability, operation and safety of technical systems as well as technical data management;
- Further development of products and services.
The relevant data is processed on the basis of Article 6 (1) (f) GDPR.
If you have given consent to perform certain data processing procedures, this consent always relates to a specific purpose included in the content of the actual declaration of consent. In this case, data is processed on the basis of Article 6 (1) (a) GDPR. We cannot accommodate the request covered by the consent until you give your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on the consent given before its withdrawal.
7. Recipients of personal data
Internal recipients: Within Daato, the only people who have access are those who need it for the purposes named. The same data can be used for conducting background verifications, credit checks, financial checks etc., as necessary by the organization.
External recipients: We only forward your personal data to external recipients outside Daato if this is necessary for the administering or processing of your issue, if another legal authorization exists, or if we have your consent to forward the data. External recipients can be:
Group companies in Daato or external service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance for the Daato offerings or the provision of content. We carefully select and regularly inspect these processors to make sure that your privacy is protected. The service providers may use the data only for the purposes we have specified and in accordance with our instructions.
b. Public bodies
Authorities and public institutions, such as public prosecutors, courts, or financial authorities to which we must transfer personal data for legal reasons. The data is transferred on the basis of Article 6 (1) (c) GDPR.
c. Private bodies
Cooperation partners, service providers or persons to whom the data is transferred on the basis of consent, to execute a contract with you or to safeguard legitimate interests. The data is transferred on the basis of Article 6 (1) (a), (b) and/or (f) GDPR.
8. Data processing in third countries
If data is transferred to bodies whose headquarters or whose place of data processing is not located in a member state of the European Union or in another country outside of the European Union who is a signatory to the treaty, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between the European Union and the recipient) or you give sufficient consent for the transfer of the data. We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact the address specified in Section 1.
9. Duration of storage and deletion
If the description of the individual services and offers do not contain any specific information about the storage duration or deletion of data, the following applies:
We store your personal data only for the length of time necessary to fulfill the intended purposes, or – in the case of consent – until you withdraw your consent. If you withdraw your consent to process your personal data, we will delete it unless relevant legal provisions stipulate that it can be processed further. We will also delete your personal data if we are obliged to do so for other legal reasons. In line with these general principles, we will usually delete your personal data immediately
- after the legal grounds cease to apply and provided that no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
- if we no longer need the data for the purposes of preparing and executing a contract or legitimate interests and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
- if the purpose of collecting the data no longer applies and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
10. Rights of data subjects
As the data subject affected by the data processing, you have several rights. Specifically,
Right of access: You have the right to obtain information from us about the data that we have stored about you.
Right of rectification and erasure: You have the right to demand that we rectify incorrect data and – provided the legal requirements are met – that we delete your data.
Restriction of processing: You have the right – provided the legal requirements are met – to demand that we restrict the processing of your data.
Data portability: If you have provided us with data on the basis of a contract or consent, you have the right, in accordance with the legal requirements, to obtain the data you have provided in a structured, standard, and machine-readable format or you can demand that we transfer this data to another controller.
Objection to the processing of data on the legal grounds of "legitimate interest": You have the right to object at any time, on grounds relating to your particular situation, to our processing of your data, provided this objection is based on the legal grounds of "legitimate interest". If you exercise your right to object, we will cease the processing of your data unless we can – pursuant to the legal requirements – prove compelling legitimate reasons for the further processing, which override your rights.
Withdrawal of consent: If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data remains unaffected up until the time of the withdrawal of consent.
Right to lodge a complaint with a supervisory authority: You can also submit a complaint to the competent supervisory authority if you believe that the processing of your data is in breach of the legislation. To do so, you can apply to the supervisory authority that is responsible for your town/city or country or the data protection authority that is responsible for us.
Contacting us: Please do not hesitate to contact us if you have any questions regarding the processing of your personal data, your rights as a data subject, and any consent that you may have given. To exercise all of these previously mentioned rights, contact firstname.lastname@example.org or the postal address specified above in Section 1. In doing so, please ensure that it is possible for us to identify you.
11. Integration of third-party offerings
Date: January 7, 2023