1.  Privacy policy

This website is provided by the emteria GmbH, a German company headquartered in Aachen (see https://emteria.com/legal-notice/ for more details). We provide you with this data privacy policy to inform you of how we handle your personal data collected on this website, our application, and our services.

2.  Data controller

The data controller of this website according to Art. 4 (7) of the GDPR is emteria GmbH, represented by its Managing Directors.

emteria GmbH
Oppenhoffallee 9-15
52066 Aachen

Phone: +49 241 47597530
Email: info@emteria.com

Managing Directors (Geschäftsführer):
Dr. Igor Kalkov-Streitz

3.  General information

We will process your personal data (e.g. name, address, Email address, phone number) solely by the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please familiarize yourself with the respective use of your data there.

To ensure the operability of our services, we may transfer your data to subcontracting companies and engage them to obtain aid and support. Please refer to the overview of subprocessors in the respective data processing category to get more information about involved third parties.

According to GDPR Articles 12 and 13 processing of personal data must be fair and transparent. Transparency means that any information and purpose of such processing should be easily accessible and understandable by the data subject. Please find all data processing categories and explanations for how we store and process your data below.

4.  Hosting

We host the content of our website with Hetzner and HubSpot.

  • Hetzner provides hosting platform for our website. Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. Privacy policy: https://www.hetzner.com/legal/privacy-policy/
  • HubSpot provides a content management platform for our Blog, Learning Center, landing pages and customer services. HubSpot Inc., Am Postbahnhof 17, 10243 Berlin, Germany. Data will be stored in the European Union. Privacy policy: https://legal.hubspot.com/privacy-policy

According to GDPR Article 28 (4), we have concluded a Data Processing Agreement with Hetzner and HubSpot based on the so-called EU standard contractual clauses.

4.1.  Purpose of data processing

Our servers collect and store information, which your browser automatically transmits when you visit the website, in so-called server log files. Typically recorded are the domain name of the website or page, the web browser type and version, the operating system, the IP address and the timestamp of access to the website. The data is stored in the log files of our system. When you visit our main website, visitor information data is not connected with your other personal data.

Visiting pages hosted by HubSpot automatically link visitor information data with other personal data provided by users through other channels (see Section 8). The data is necessary to enable the provision of content on the websites and feedback processing. Furthermore, it is mandatory for security aspects, in particular for access, input, transfer and storage control, as well as security incident detection and prevention.

4.2.  Legal basis

The use of Hetzner and Hubspot is based on Article (6) (1) (f) GDPR. Furthermore, Article (6) (1) (a) of the GDPR is relevant for linking automatically collected data with personal data provided by users. We have a legitimate interest in our website's technically error-free presentation, security monitoring and delivery of relevant content. The linking of automatically collected data with the personal data provided by the users takes place only with their consent.

4.3.  Duration of storage

The storage period of these access and error logs is up to 90 days.

4.4.  Right of revocation

There is no right of objection, as this data is technically necessary.

5.  Cookies 

Our website uses cookies. These are small text files that are stored in or by your Internet browser on your computer system. We use cookies by HubSpot, Google Ads and LinkedIn.  To manage these cookies and provide you with the necessary explanations we use a cookie banner and consent management service provided by Cookiebot (Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Privacy policy: https://www.cookiebot.com/en/privacy-policy/). For more information, see Section 12.1.

5.1.  Purpose of data processing

We distinguish different categories of cookies: necessary, preferences, statistics and marketing cookies. Technically necessary cookies serve the core functionality of the website like login, user preference storage and secure payments. Preference cookies are used to enable a website to remember information that changes the way the website behaves or looks, like your preferred language. Preference, statistic and marketing cookies used by HubSpot, Google Ads and LinkedIn require your explicit consent:

  • Statistic cookies are used to record user behavior on our website so that the content and functionality of the website can be improved for a better user experience.
  • Marketing cookies are used to serve interest-based advertising.

We collect and analyze your data to improve the quality of your website experience by learning how our website is used and what content is required. This involves analysis of user interaction with our blog, landing pages, learning center and customer service (see https://emteria.com/legal/cookie-declaration for the list of used cookies).

Additionally, we use HubSpot to link user visits from contact forms, marketing mailings or other documents to our website and thus provide users with individualized information on preferred topics based on their personal data such as name or email address (see https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser for the list of used HubSpot cookies). Further information in this regard can be found in Section 8. The following personal data may be collected in the process (see https://legal.hubspot.com/privacy-policy for more details):

  • Geographical position
  • Browser type
  • Navigation information
  • Reference URL
  • Performance data
  • information about how often the application is used
  • Mobile apps data
  • HubSpot subscription service credentials
  • Files that are displayed on site
  • Domain names
  • Viewed pages
  • Aggregated use
  • Version of the operating system
  • Internet service provider
  • IP address
  • Device identification
  • Duration of the visit
  • Where the application was downloaded from
  • Operating system
  • Events that occur within the application
  • Access times
  • Clickstream data
  • Device model and version

5.2.  Legal basis 

Our legitimate interest is the functionality and usability of our website, therefore technically necessary cookies are used based on Article 6 (1) (f) of the GDPR. The legal basis for optional cookies is consent (Article 6 (1) (a) GDPR).

5.3.  Duration of storage

The technically necessary cookies are typically deleted when the browser is closed. Permanently stored cookies remain stored from a few minutes to several years depending on their type.

  • .AspNetCore.* - Purpose: Security tokens | Duration of storage: Up to 14 days
  • settings-beta - Purpose: User preference | Duration of storage: Until logout

HubSpot cookies are automatically deleted depending on their type, but at the latest after 2 years. The deletion of data whose retention period has been reached takes place automatically once a month (see https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser for more details).

5.4.  Right of revocation

If you do not wish these cookies to be stored, reject them in our cookie banner, or please deactivate the use of cookies in your Internet browser. However, this may cause a functional limitation of our website. Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings.

6.  Contact forms and direct emails

This website https://emteria.com uses contact forms hosted by Hetzner (see Section 4) to enable you to contact us. For processing your requests and sending replies your personal data will be processed by Pipedrive and Mailjet.

Pipedrive is a CRM solution. Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estland). Privacy policy: https://www.pipedrive.com/en/privacy
Mailjet provides a reliable email relay service for generating messages from submitted contact forms. Mailjet SAS, 13-13 bis, Rue de l’Aubrac, 75012 Paris, France; Offices in Frankfurt, Germany and St. Ghislain, Belgium. Privacy policy: https://www.mailjet.com/privacy-policy/

Please note, according to Article 28 (4), we have concluded a Data Processing Agreement with Pipedrive and Mailjet based on the so-called EU standard contractual clauses.

Please note that comment and contact forms in our Blog, Landing Pages, Learning Center and in Support Service pages additionally use HubSpot Forms. Please refer to Section 8 for more details.

6.1.  Purpose of data processing

Personal data you provide us by Email, contact form, etc., will be processed by Pipedrive, Mailjet and HubSpot for efficient and fast processing of user inquiries and management of customer relations. You are not obliged to provide us with your personal data, but we would not be able to answer your inquiries otherwise without processing your Email address.

6.2.  Legal basis

If your explicit consent is given for processing your data, the legal ground for this processing is set out in Art. 6 (1) (a) of the GDPR. If your personal data (e.g. name, email address, address, phone number) is processed for the purpose of contract performance, the processing takes place based on Art. 6 (1) (b) of the GDPR.

Our legitimate interest in data processing based on Art. 6 (1) (f) of the GDPR is to communicate with you in a timely manner and to answer your queries cost-efficiently. If you provide us with your email address through contact forms or direct contact, we reserve the right to use it for direct postal marketing until you request to object to this service.

6.3.  Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purposes for which it was collected. However, if a contract is concluded, the data required by commercial and tax law will be retained by us for the periods as required by law, i.e. generally for ten years (cf. § 257 HGB, § 147 AO).

6.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed according to Article 6 (1) (f) of GDPR and which does not serve direct marketing for reasons arising from your particular situation. In the case of direct marketing, however, you may object to the processing at any time without stating any reasons.

Change your cookie preferences here: https://emteria.com/p/cookie-declaration.

Pipedrive is a CRM solution. Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estland. Privacy policy: https://www.pipedrive.com/en/privacy
Mailjet provides a reliable email relay service for generating email messages. Mailjet SAS, Alt-Moabit 2, 10557 Berlin, Germany. Privacy policy: https://www.mailjet.com/privacy-policy/

Please note, according to Article 28 (4), we have concluded a Data Processing Agreement with Mailjet based on the so-called EU standard contractual clauses.

7.  Newsletter 

This website uses Mailjet to send newsletters to all signed-up users by relying on data processing by Pipedrive and Mailjet. 

7.1.  Purpose of data processing

When registering for the newsletter, your contact information like your Email address will be stored and used for advertising purposes, i.e., the newsletter will inform you about product updates. For statistical purposes, we may evaluate which links are viewed in the newsletter. However, this information is anonymized and it is not recognizable for us, which concrete person has opened the links. For receiving newsletter, you must have expressly given your consent through our newsletter registration form or in the course of the registration or purchasing process.

7.2.  Legal basis

The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR. This data processing is based on your consent and is necessary to store your registration and preferences to provide you with the requested newsletter.

7.3.  Duration of storage 

Your Email address will only be stored for the respective duration of your registration.

7.4.  Right of revocation 

You may revoke your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you may unsubscribe either by a link in the newsletter or by clearing the respective checkbox in your profile settings.

8.  Online marketing

We use HubSpot as an integrated marketing software solution. The provider of this service is HubSpot Inc., Am Postbahnhof 17, 10243 Berlin, Germany. Privacy policy: https://legal.hubspot.com/privacy-policy

Please note, according to Article 28 (4), we have concluded a Data Processing Agreement with Hubspot based on the so-called EU standard contractual clauses (see https://legal.hubspot.com/dpa for more information).

All data process by HubSpot is hosted in the European Union (see https://legal.hubspot.com/hubspot-regional-data-hosting-policy for more information).

8.1.  Purpose of data processing

As part of our online marketing activities, we make new content available on our website and provide user the opportunity to read and download it. In the course of these marketing activities, users have the opportunity to fill out polls or contact forms, for example, to contact us or to download materials about our products. If you have opted in to receive marketing information from us, we collect and process personal data, such as your contact information and other demographic information (email address, last name, first name, phone number, company, job title), to send you customized content and respond to your inquiries. This information is stored in HubSpot to support our online marketing activities, to manage customer data and inquiries via forms and emails. These may include:

  • Email marketing (marketing mailings, automated mailings, e.g. to provide downloads)
  • Reporting (e.g. traffic sources, website visits)
  • Contact management (e.g. user segmentation & CRM)
  • Content management (e.g. CMS, blog, landing pages)
  • Contact forms (e.g. replying to requests or comments)

We also use HubSpot to analyze user behavior on our website (see Section 8).

For statistical purposes, we analyze our mailing and marketing campaigns. Therefore, we may evaluate whether an email has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective email recipient. It is used for the statistical analysis of marketing campaigns. The results of these analyses can be used to better adapt future content to the interests of our recipients.

8.2.  Legal basis

The legal basis for such processing is your given consent set out in Article 6 (1) (a) of the GDPR.

8.3.  Duration of storage

The data you have provided us with to receive marketing services will be stored by us for as long as it is needed or until you unsubscribe.

8.4.  Right of revocation

You may revoke your consent to receive marketing services at any time with effect for the future. If you no longer wish to receive marketing materials, you may unsubscribe either by a link in our marketing emails or by clearing the respective checkbox in your profile settings.

9.  User account

Hetzner provides hosting platform for our website. Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. Privacy policy: https://www.hetzner.com/legal/privacy-policy/
Pipedrive is a CRM solution. Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estland. Privacy policy: https://www.pipedrive.com/en/privacy
Mailjet provides a reliable email relay service for generating email messages. Mailjet SAS, 13-13 bis, Rue de l’Aubrac, 75012 Paris, France; Offices in Frankfurt, Germany and St. Ghislain, Belgium. Privacy policy: https://www.mailjet.com/privacy-policy/

9.1.  Purpose of data processing

We store your profile in order to identify you as a user and for optional billing purposes (see Section 10). We store the following data:

  • Name
  • Address
  • Billing data
  • Email address
  • Forum nickname
  • IP address
  • Event audit (to detect the misuse of our services)

9.2.  Legal basis

Since your personal data is stored for the purpose of contract performance and to provide you access to the requested products and services, the legal ground for this processing is legitimate interest set out in Art. 6 (1) (b) of the GDPR.

9.3.  Duration of storage

Your personal data will only be stored for the respective duration of your registration.

9.4.  Right of revocation

You have the right to remove your account at any time by using the corresponding button in your user profile.

10. Purchasing process

We offer the option to perform online purchases through our website by relying on external payment service providers PayPal, Stripe, Quaderno and ChartMogul.

  • PayPal manages payment processing. Your payment details are managed by PayPal and not released to emteria except the date and amount of each payment. PayPal S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
  • Stripe manages payment processing. Your credit card payment details are managed by Stripe and not released to emteria except the date and amount of each payment, the last four digits of your credit card, expiration date, and zip code. Stripe Payments Europe Limited 1, Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland; Office USA, 510,Townsend St., San Francisco, CA 94103. Privacy Policy: https://stripe.com/privacy
  • Quaderno manages legal taxation requirements for payment invoicing when purchasing through emteria website. Quaderno - Recrea Systems, Fernando Guanarteme 111, 35010 Las Palmas, Spain. Privacy Policy: https://www.quaderno.io/policies/privacy/
  • ChartMogul provides payment flow analysis for existing subscriptions. ChartMogul CMTDE GmbH & Co. KG c/o WeWork Kemperplatz 1 10785 Berlin Germany. Privacy Policy: https://chartmogul.com/privacy.

PayPal and Stripe participate in and comply with the EU-US Privacy Shield Agreement to protect your personal data. See https://www.privacyshield.gov/ for more information.

10.1.  Purpose of data processing

We store your profile in order to identify you as a user and for optional billing purposes (see Section 9). We store the following data:

  • Name
  • Email address
  • Phone number
  • Address
  • Company
  • Field of application
  • Billing and taxation data
  • IP address (to detect the misuse of our services)
  • Please note that we do not collect any financial information, such as credit card numbers or billing information as all such data is processed by our payment service providers.

10.2.  Legal basis

Since your personal data is stored for the purpose of contract performance, the legal ground for this processing is set out in Art. 6 (1) (b) of the GDPR.

10.3.  Legitimate interest

Our legitimate interest in data processing is providing you access to the products and services.

10.4.  Duration of storage

The data required by commercial and tax law will be retained by us for the periods as required by law, i.g. generally for ten years (cf. § 257 HGB, § 147 AO).

10.5.  Right of revocation

You have the right to remove your account at any time by using the corresponding button in your user profile. However, the stored information about purchased products and services will be preserved in our system for accounting and legal purposes as described in Section 9. 

11. Application process

For the recruitment process, we use the HR system personio. The provider of this service is Personio GmbH, Rundfunkplatz 4, 80335 München, Germany. Privacy Policy: https://www.personio.com/privacy-policy/.

Applicants can also send us their applications by Email: careers@emteria.com. However, please note that Emails are generally not encrypted, and applicants must ensure encryption themselves. Instead of applying via the online form and Email, applicants still have the option of sending us the application by post.

11.1.  Purpose of data processing

If you apply to emteria, we need your personal data to process your application. Your applicant data will only be used for this purpose and within the framework of the legal provisions. Your data will be treated confidentially. We only collect personal data from you that is required for the application process. Your data will be made available to the manager of the relevant department/team.

We collect the following data when you apply:

  • Email address
  • Phone number
  • Name
  • Browser and system data
  • IP address
  • Language and time zone
  • other data entered by you and uploaded documents (e.g. CV, certificates)

11.2.  Legal basis

Our legitimate interest in data processing based on Art. 6 (1) (f) of the GDPR is to handle the application process with you in a timely manner and to answer your queries cost-efficiently.

11.3.  Duration of storage

Your data will be deleted no later than three months after completion of the application process or immediately if your application is withdrawn. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

11.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed with effect for the future.

12. Additional third-party services 

In order to provide and continuously improve our services, we rely on the services of third-party providers, through which personal data may also be processed. According to article 13 (1) (e) of GDPR, all recipients or categories of recipients of personal data shall be disclosed. Please find a complete list of the third-party providers with purpose and additional information in the following sections. We have selected these third-party providers carefully and in accordance with the provisions of the GDPR. According to Article 28 (4), we sign a data protection agreement with our third-party providers to comply with GDPR requirements, where applicable.

12.1.  Cookiebot

Our website uses cookies (see https://emteria.com/p/cookie-declaration for the list of used cookies). To manage your cookie preferences and provide you with the necessary explanations we use a cookie banner and consent management service provided by Cookiebot (Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Privacy policy: https://www.cookiebot.com/en/privacy-policy/).

12.1.1.  Purpose of data processing

When you enter our website, a Cookiebot cookie "CookieConsent" is stored in your browser to be able to document your preferences regarding the storage of cookies in accordance with data protection law. The "CookieConsent" cookie contains a key and the consent status and is stored in the browser so that the emteria website can automatically read and follow the consent in all subsequent page requests. Based on your preference additional cookies will be stored or the use of cookies will be prevented, see Section 5.

When you give your consent on our website, the following anonymized data is automatically logged with Cookiebot (see https://www.cookiebot.com/en/privacy-policy/ for more details):

  • IP address in anonymized form (the last three digits are set to '0')
  • Date and time of consent
  • User agent of the browser
  • URL from which the consent was sent
  • Anonymous, random and encrypted key
  • Consent status, which serves as proof of consent

12.1.2.  Legal basis

The legal basis for the data processing is Article 6 (1) (c) of GDPR. The legitimate interest consists in obtaining the legally required consents for the use of cookies.

12.1.3.  Duration of storage

The collected data is stored until you request us to delete it, the purpose for storing the data no longer applies, or it is deleted by Cookiebot after up to 12 months (see https://www.cookiebot.com/en/privacy-policy/ for more details).

12.1.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed according to Article 6 (1) (c) of GDPR.

Change your cookie preferences here: https://emteria.com/p/cookie-declaration.

12.2.  Google Ads (formerly Google Adworks)

We use Google Ads in order to draw attention to our products and services with the help of advertising. The provider of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy policy: https://business.safety.google/intl/de/adsservices/  

Please note, according to Article 28 (4), we have concluded a Data Processing Agreement with Google based on the so-called EU standard contractual clauses (see https://business.safety.google/adsprocessorterms/ for more information).

12.2.1.  Purpose of data processing

We collect and analyze your data to improve the quality of our advertisement and your website experience. For this purpose, we use ad server cookies, which can be used to measure certain performance metrics such as ads or user clicks. These cookies enable Google to recognize your internet browser.

Google Ads collects and processes the following data:

  • Cookie ID
  • Visited pages
  • IP address
  • Duration of the website visit
  • Usage data of the website
  • Content the user is interested in
  • Clicked advertising
  • Web requests
  • Cookie information
  • Referrer URL
  • Browser language
  • Browser type

12.2.2.  Legal basis

The legal basis for the data processing is your consent based on Article 6 (1) (a) of GDPR.

12.2.3.  Duration of storage

The collected data is stored until the purpose for storing no longer applies which is usually after a session ends or up to 3 months, or it is deleted by Google after a maximum of 12 months (see https://policies.google.com/privacy for more details).

12.2.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed according to Article 6 (1) (a) of GDPR.

Change your cookie preferences here: https://emteria.com/p/cookie-declaration.

12.3.  LinkedIn

We use LinkedIn Advertisement in order to draw attention to our products and services with the help of advertising. The provider of this service is LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Privacy policy: https://www.linkedin.com/legal/privacy-policy

Please note, according to Article 28 (4), we have concluded a Data Processing Agreement with LinkedIn based on the so-called EU standard contractual clauses (see https://www.linkedin.com/legal/l/dpa for more information).

12.3.1.  Purpose of data processing

We use the retargeting tool as well as the conversion tracking of LinkedIn.  For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, the service is used to be able to show you relevant offers based on your user behavior on our website. To realize this, a cookie is stored in your browser.

As a rule, the following data is collected and processed:

  • IP address
  • Device information
  • Browser information
  • Referrer URL
  • Timestamp

12.3.2.  Legal basis

The legal basis for the data processing is your consent based on Article 6 (1) (a) of GDPR.

12.3.3.  Duration of storage

The collected data is stored until the purpose for storing no longer applies which is usually after a session ends or up to 1 month, or it is deleted by LinkedIn after a maximum of 24 months (see https://www.linkedin.com/legal/privacy-policy for more details).

12.3.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed according to Article 6 (1)(a) of GDPR.

Change your cookie preferences here: https://emteria.com/p/cookie-declaration.

12.4.  Microsoft

We use Microsoft 365 to facilitate online communication. The provider of this service is https://privacy.microsoft.com/en-us/privacystatement

The services used by us include:

  • Microsoft Outlook
  • Microsoft Teams

12.4.1.  Purpose of data processing

Microsoft 365 allows us to use services for internal and external communication with customers, partners and suppliers. Any data relevant to communication via email will be processed via Microsoft Outlook whereas Microsoft Teams is used for audio and/or video conferencing.

If you participate in communication via services provided by Microsoft 365, the following data will be processed:

  • Email address
  • Browser and system data
  • IP address
  • Language and time zone
  • Basic personal data entered by you (e.g. name, phone number)
  • Uploaded and send documents and files
  • Communication data
  • Authentication data
  • Contact information
  • Tasks and solutions
  • Profiling
  • Log file with accesses
  • System generated log data

12.4.2.  Legal basis

Our legitimate interest in data processing based on Art. 6 (1) (f) of the GDPR is to handle the application process with you in a timely manner and to answer your queries cost-efficiently.

12.4.3.  Duration of storage

The collected data is stored until the purpose for storing no longer applies. For further guidance, please see Microsoft’s Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.  

12.4.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed with effect for the future.

12.5.  GitLab

We use GitLab to maintain our products and keep track of features, bug reports and incidents. The provider of this service is GitLab GmbH, Elsenheimerstrasse 7, Munich, Germany. Privacy policy: https://about.gitlab.com/privacy/.

12.5.1.  Purpose of data processing

Any technical data relevant to bug reports, feature requests or error traces will be processed via GitLab to facilitate the product development. Such technical data may also require linking to your personal to understand the cause of the incident and to be able to improve our services.

If you participate in services provided by GitLab, the following data will be processed:

  • Email address
  • IP address
  • User ID
  • Entries
  • Device information
  • System-logs
  • Order details (Title, subject and description of projects)

12.5.2.  Legal basis

Our legitimate interest in data processing is based on Art. 6 (1) (b) of the GDPR to ensure the technical functionality of our services, fulfillment of contractual or pre-contractual obligations.

12.5.3.  Duration of storage

The collected data is stored until the purpose for storing no longer applies or the legitimate interest in storage has expired. In the event of the existence of legal retention periods, the data concerned will be archived for the duration of these periods.

12.5.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed with effect for the future.

12.6.  YouTube

We use YouTube to embed videos on our website and deliver relevant content. The provider of this service is Google Service, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy:

12.6.1.  Purpose of data processing

To ensure the protection of your data, you must explicitly consent to the load YouTube videos in the embedded content. If you agree, a connection to Google's servers will be established and cookies will be set.

As a rule, the following data is collected and processed:

  • IP address
  • Referrer URL
  • Device information
  • Watched videos

If you are logged in at the time, this information is also linked to your account (log out to prevent). Furthermore, you can object to the storage and evaluation of cookies by Google at any time: https://tools.google.com/dlpage/gaoptout

12.6.2.  Legal basis

The legal basis for the data processing is your consent based on Article 6 (1)(a) of GDPR.

12.6.3.  Duration of storage

The collected data is stored until the purpose for storing no longer applies which is usually after a session ends or up to 3 months, or it is deleted by Google after a maximum of 12 months (see https://policies.google.com/privacy for more details).

12.6.4.  Right of revocation

You have the right to object at any time to the processing of data that was performed according to Article 6 (1)(a) of GDPR.

Change your cookie preferences here: https://emteria.com/p/cookie-declaration.

12.7.  Livestorm

We offer webinars on our website with Livestorm. The provider of this service is Livestorm SAS, 06 Boulevard Saint-Denis, 75010, Paris, France. Privacy policy: https://livestorm.co/privacy-policy.

12.7.1.  Purpose of data processing

When you register for one of our webinars, Livestorm receives your personal information and uses it to offer the online webinar. Livestorm shares your information with us. By registering through the Service, you allow us to send you all the information you need via email to participate in the webinar.

The following data is collected and processed:

  • Email address
  • Browser and system data
  • IP address
  • Language and time zone
  • Chat data
  • other data entered by you (e.g. name, telephone number or chat messages)
  • Usage data from webinars (e.g. access figures, application histories, registration for and participation in a webinar, calling up of certain pages, etc.)

12.7.2.  Legal basis

Since your personal data is stored for the purpose of contract performance, the legal ground for this processing is set out in Art. 6 (1) (b) of the GDPR.

12.7.3.  Duration of storage

The collected data is stored until the purpose for storing no longer applies. For further guidance, please see Livestorm's Privacy Policy: https://livestorm.co/privacy-policy/.

12.7.4.  Right of revocation

To object or revoke your consent, you can use the link in your registration confirmation or email us at info@emteria.com.

13. Rights of the data subject

If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards the controller.

13.1.  Right of access by the data subject

You may ask the controller to confirm whether your personal data is processed. In the case of such processing, you may request the following information from the controller:

(1) the purposes of the processing of the personal data;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients to whom the personal data have been or will be disclosed;

(4) the estimated period of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the right to request from the controller to rectify or erase the personal data or the right to restrict the processing of personal data concerning the data subject or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) the right to all available information on the source of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information for you about the logic involved, as well as the consequences and intended effects of such processing. 

As a data subject, you have the right to be informed whether the personal data concerning you are transferred to a third country or an international organization. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer. 

13.2.  Right to rectification

You have the right to have corrected and/or completed your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the correction without undue delay.

13.3.  Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

(1) if you contest the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to erase the personal data and request the restriction of the use of the personal data instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need them to establish, exercise or defend legal claims; or

(4) if you have lodged an objection against the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your grounds.

Where the processing of personal data relating to you has been restricted, such data may, except storage, only be processed with your consent or to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the conditions mentioned above, you will be informed by the controller before the restriction of processing is lifted.

13.4.  Right to erasure

a. Obligation regarding erasure

You have the right to obtain from the controller the erasure of your personal data immediately and the controller is obliged to erase this data without delay where one of the following reasons applies:

(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(2) you withdraw your consent on which the processing is based accordance to point (a) of Article 6.1, or point (a) of Article 9 (2) GDPR and where there is no other legal ground for the processing;

(3) you submit an objection to the processing accordance to Article 21 (1) of the GDPR, and there are no legitimate reasons for the processing, or you lodge an objection against the processing accordance to Article 21 (2) of the GDPR;

(4) your personal data have been unlawfully processed;

(5) your personal data need to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6) your personal data have been collected in relation to the offer information society services referred to Article 8 (1).

b. Obligation to inform other controllers (third parties)

If the controller has made your personal data public and is obliged to erase them in accordance with Article 17 (1) of the GDPR, he has to take reasonable steps, taking into account the available technology and the cost of implementation, including technical measures, to inform the controllers who process the personal data that you, as the person concerned, have requested the erasure of any links to, or copy or replication of those personal data.

c. Exceptions
The right to erasure does not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for the fulfillment of a legal obligation which requires processing by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority transferred to the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to make it impossible or seriously impair the achievement of the objectives of such processing; or

(5) for the establishing, exercising or defending legal claims.

13.5.  Notification obligation

If you have made use of your right to correct, erase or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or erasure of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort.

13.6.  Right to data portability 

You have the right to receive the personal data relating to you which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where:

(1) the processing is based on consent in accordance with the point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract in accordance with the point (b) of Article 6 (1); and

(2) the processing is carried out using automated means.

In exercising this right, you also have the right to have your personal data are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or the exercise of official authority given to the data controller. 

13.7.  Right to withdraw the declaration of consent under the Data Protection Act

You have the right to withdraw your declaration of consent under the Data Protection Act at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the consent until the withdrawal.

13.8. Automated individual decision-making, including profiling 

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you or which significantly impairs you in a similar manner.

This does not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and a data controller;

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions may not be based on special categories of personal data in accordance with Article 9 (1), unless point (a) or (g) of Article 9 (2) applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests are in place.

Regarding the cases referred to in (1) and (3), the data controller has to take appropriate measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the data controller, to state his or her own position and to contest the decision.