Privacy Policy

Privacy policy


1. General information and principles of data processing

Dear customer, we are pleased that you are visiting our website. The protection of your privacy and your personal data (so-called personal data) is an important concern for us.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. However, data that does not relate to you personally is not included. The processing of your personal data always requires a legal basis or your consent in accordance with Art. 4 No. 2 GDPR. Processed personal data must be deleted immediately after the purpose of the processing has been achieved, provided that no legally prescribed retention obligations are to be observed. In order to provide the functions and services of our website and our calendar management application, it is necessary for us to collect personal data about you. We also explain the type, scope, purpose, legal basis and storage period of the respective data processing. This privacy policy applies exclusively to our website and to the use of our calendar management application. It does not apply to websites referred to via hyperlinks. For information on the handling of your personal data by third-party websites, please refer to the respective websites.


2. Responsible for data processing

The data controller responsible for the processing of personal data on our website and through our application is

            Zelvor Technologies GmbH

            Noah Bani-Harouni

            Am Waldpark 11, 22589 Hamburg

            E-mail address: info@zelvor.com


3. What data is processed for what purpose when you visit the website?

a. Provision and use of the website/server log files

When you visit our website, we collect technically necessary data via so-called server log files. Technically necessary data are your IP address, date and time of the request, name and URL of the file accessed, the website from which the access was made (referrer URL), access status/http status code, browser type, language and version of the browser software and your operating system.

The data processing is technically necessary in order to display the website to you. Your data is used to ensure the security and stability of the website.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the provision, functionality and security of the website and thus serves to safeguard a legitimate interest of our company.

b. Use of the contact form or e-mail enquiries

If you use the contact form available on our website or send us an enquiry via the email address provided, we will collect the data you provide in order to process and respond to your enquiry. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

c. Social media

We also maintain social media presences on our website. If you visit our presence in a social medium, personal data may be transmitted to the provider of the social medium. In addition to the data you enter, this may also include other data (e.g. on your user behaviour, browser and IP data). If you are connected to your private account with this provider while visiting the social medium, the provider may assign the data to your private account. If you do not want such an assignment, you must ensure that you are not connected to your private account before accessing our presence.

The scope and purpose of the data collection of the respective social media as well as the respective processing and use of your personal data and your rights as a data subject in this regard can be found in the respective statements of the individual social media:

LinkedIn (https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)

d. Use of web analysis or tracking tools

As the operator of the website, we use cookies. Cookies are small pieces of data that are sent to the browser of your end device and stored there when you visit our website.

Without the use of essential cookies, some functions of our website cannot be accessed. In addition, the use of other cookies enables us to carry out various analyses. For example, some cookies can recognise your browser when you visit our website again and transmit a variety of information to us. The use of cookies also serves to facilitate and improve the use of our website. The use of cookies enables us to make our website more user-friendly and effective for you.  If third parties process information via cookies, they collect the information directly via your browser. The use of cookies does not cause any damage to your end device. Cookies cannot execute programmes or contain viruses. Below we explain the type and function of the cookies we use.

  • Permanent cookies: We also use so-called permanent cookies. Permanent cookies are stored in your browser for a longer period of time and are used to transmit information. In doing so, we store your information on your language preference as well as your information regarding your cookie preferences. The storage period generally depends on the type of cookie used and is currently one year. You can delete permanent cookies yourself via your browser settings.
  • Third-party cookies: We use analytical cookies to monitor anonymised user behaviour on our website. We use the functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This web analysis service shows us how visitors use our website and the origin of the user. Your surfing behaviour can be tracked by this third-party provider across various services. Analytical cookies are used exclusively with your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Further information on data protection at Google Analytics can be found here: https://policies.google.com/privacy?hl=en#infosharing
  • Configuration of the browser settings: As a rule, web browsers are set to accept cookies automatically. However, you are free to configure your browser so that it only accepts selected cookies or even no cookies at all. You can also delete cookies that are already in your browser yourself. You can also set your browser to notify you before cookies are stored. We recommend that you use the help menu of the browser you are using for the configuration options. It may be necessary to save a permanent cookie on your end device to deactivate the use of cookies. If you delete it, you will have to deactivate it again.

The required legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice (“cookie settings”) provided by us on the website, the legal basis is additionally Art. 6 lit. a) GDPR.


4. What data is collected when using our cloud-based calendar management application?

a. Data collection for the implementation of pre-contractual measures and for the conclusion of a contract

It is necessary for us to collect your personal data in order to carry out pre-contractual measures and to conclude a contract. These are:

  • first name and surname
  • telephone number
  • e-mail address
  • bank account details

If necessary, we will also use your personal data from the conclusion of the contract for the necessary processing of warranty cases or other complaints. Your personal data will be processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for the purpose of executing the order and processing complaints and/or warranty claims. In order to fulfil the statutory retention periods, your personal data is processed on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR.

b. Data collection for contract fulfilment when using the cloud-based calendar management application

We collect and process different categories of personal data about you for the fulfilment of the contract. We process the following data exclusively for the purpose of contract fulfilment in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR: Company name and address, user’s first and last name, user’s email address, user’s telephone number, user’s calendar preferences (e.g. working hours, breaks, etc.) User’s username for external services (e.g. Google, Microsoft, etc.). 

We also process the following information, insofar as it contains personal data, exclusively for the purpose of executing the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR and delete it immediately after the appointment planned using this data has been carried out: time slot for scheduling the appointment, date and time of the appointment, title of the appointment, details of the participants of the appointment as well as their acceptances and cancellations and location of the appointment.

In addition, there is personal data that you voluntarily provide to us when using our cloud-based calendar management application. The processing takes place here exclusively on the basis of your consent, which you give us by passing on the personal data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. These are, for example, details of the agenda, the user’s profile picture or the content of the appointment.


5. Information on data security

In accordance with legal requirements, we use appropriate technical and organisational measures to protect your personal data stored by us from unlawful access by third parties, loss or misuse and to enable secure data transfer. In particular, the use of the application requires the creation of a suitable password. Your data is stored by us exclusively on servers of ISO 27001-certified server providers. The data you enter is transmitted using SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. All our employees are contractually obliged to handle personal data confidentially and in compliance with data protection regulations.

Nevertheless, we must point out that unwanted access to data by third parties cannot be excluded due to the nature of the Internet. It is therefore also your responsibility to protect your personal data against misuse through encryption or in some other way. Without appropriate protective measures, unencrypted data in particular can be read by third parties, regardless of the type of transmission and even if it is sent by e-mail.


6. To which recipients will your data be passed on?

We work together with various external organisations to fulfil our contractual obligations and as part of our business activities. In some cases, it is also necessary to transfer personal data to these external organisations. We only pass on personal data to external parties if this is necessary for the fulfilment of a contract or if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in passing on the data in accordance with Art. 6 para. 1 lit. f GDPR or if another legal basis allows the data to be passed on. Where necessary, we pass on the data from the contractual relationship to external (tax) consultants for their advice and auditing purposes. When using processors, we only pass on our customers’ personal data on the basis of a valid contract for data processing. In the case of joint processing, a joint processing agreement is concluded.

We have concluded an data processing contract with the following service providers and use them to process your personal data.

When visiting our website:

  • SiteGround Spain S.L. (hosting website), Calle de Prim 19, 28004 Madrid, Spain, https://de.siteground.com/privacy.htm. The cooperation takes place in the context of hosting our website. The processing is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the provision of the website and is also carried out for the purpose of secure, fast and efficient provision of our offer in accordance with Art. 6 para. 1 lit. f GDPR.
  • CookieYes Limited (website cookie manager), 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, https://www.cookieyes.com/privacy-policy/. The cooperation takes place for the purpose of processing the cookie preferences you have selected. The processing is therefore necessary in accordance with Art. 6 para. 1 lit. c GDPR for the provision of a legally compliant website and is also carried out for the purpose of secure, fast and efficient provision of our offer in accordance with Art. 6 para. 1 lit. f GDPR.
  • Kovai Limited, LEFA Business Park, Planwell House 35 Edgington Way, Sidcup DA14 5BH, UK, https://www.kovai.co/privacy-policy. The cooperation takes place for the provision of our wiki with how-tos for users (user manual) and therefore serves to fulfil our contractual obligations for application and support questions in accordance with Art. 6 Para. 1 lit. b GDPR.
  • Google Ireland Limited (“Google”) (website traffic analysis), Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy?hl=en#infosharing. The cooperation with the web analysis service shows us how visitors use our website and the origin the respective user is from. The data is used exclusively with your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
  • HELLO UMI, S.L. (Landbot, website chatbot), Av. Josep Tarradellas, 20, Floor 6, CP 08029, Barcelona, https://landbot.io/privacy-policy. The cooperation takes place in order to enable you to contact us securely and easily and is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time in the future.

For communication and provision of services:

  • STRATO AG (server hosting for the application), Otto-Ostrowski-Straße 7, 10249 Berlin, https://www.strato.de/datenschutz/. The cooperation takes place for the provision of our cloud-based application. The processing is therefore necessary for the fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR.
  • IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, https://www.ionos.de/terms-gtc/datenschutzerklaerung/?linkId=ft.nav.privacypolicy. The cooperation takes place to provide our accessibility via e-mail. The processing is therefore based on our legitimate interest in a secure, fast and efficient e-mail address in accordance with Art. 6 para. 1 lit. f GDPR.
  • Microsoft Ireland Operations Limited (Microsoft 360), One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://privacy.microsoft.com/de-de/privacystatement. The cooperation takes place in the context of our administration, the administration of our customers and in exchange with our customers (e.g. via teams) and is therefore based on our legitimate interest in secure and efficient customer contact in accordance with Art. 6 Para. 1 lit. f GDPR and on the respective consent in accordance with Art. 6 Para. 1 lit. a GDPR when consenting to the holding of a video conference.
  • Elastic Email Inc. (SMTP Service), Unit 107, 1208 Wharf Street Victoria, BC V8W 3B9, Canada, https://elasticemail.com/resources/usage-policies/privacy-policy. The cooperation takes place in order to inform you in accordance with our contractual obligations by means of service notifications, e.g. about agreed appointments. As this is in our legitimate interest, the processing is permitted under Art. 6 para. 1 lit. f GDPR.
  • Elastic Inc. (CRM), PO Box 1145, Jackson, WY 83001, USA, https://www.close.com/privacy. The cooperation takes place in the context of our administration and the administration of our customers and is therefore based on our legitimate interest in secure and efficient management in accordance with Art. 6 Para. 1 lit. f GDPR.
  • We also work with freelancers in Germany and worldwide as part of the development of our offering. The cooperation is for the purpose of maintenance and technical development of our offer and is therefore necessary for the provision of a secure and functional application to fulfil our contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR and in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
 

7. Data processing outside the European Union

As far as possible, we do not process your personal data outside the European Union (EU), as we have limited our primary storage location to data centres in the European Union. However, it is beyond our control if the routing of data from some applications takes place via internet servers located outside the EU. This may be the case in particular if, for example, participants in “online meetings” are located in a third country or when accessing our website from a device that is located outside the EU.

In addition, some of our service providers process your data outside the European Union:

Elastic E-Mail: Personal data is processed on the basis of the European Commission’s adequacy decision regarding the appropriate level of protection of personal data in Canada in accordance with Art. 45 para. 3 GDPR.

CookieYes: Personal data is processed on the basis of the adequacy decision of the European Commission with regard to the adequate level of protection of personal data in the United Kingdom in accordance with Art. 45 para. 3 GDPR.

Kovai Limited: Personal data is processed on the basis of the adequacy decision of the European Commission with regard to the adequate level of protection of personal data in the United Kingdom in accordance with Art. 45 para. 3 GDPR.

Freelancer in Qatar: Personal data is processed on the basis of the standard data protection clauses concluded with our freelancer in accordance with Art. 46 para. 2 lit. c GDPR.


8. How long will your data be stored?

We delete your personal data as soon as the purpose for the data processing no longer applies and in compliance with legal requirements. The data from the conclusion and fulfilment of the contract will, if required by law, be stored in accordance with the statutory retention obligations pursuant to Sections 146 et seq. German Fiscal Code and Section 257 of the German Commercial Code and deleted after expiry of the statutory retention obligations (6 or 10 years).

In the case of the storage of calendar preferences of users of the application, the storage period corresponds to the duration of the use of the application and ends at the latest with the termination of the contract. If data is processed for the specific planning of an appointment via the application, this data will only be stored until the planned appointment has been completed. As soon as you send us a justified request for deletion or revoke your consent to data processing, we will delete your data unless there is another legally permissible reason for storing your personal data (e.g. retention periods under tax or commercial law). If there are other legally permissible reasons, your data will be deleted once these reasons no longer apply.


9. Rights of data subjects

You have the right to revoke your consent at any time in accordance with Art. 7 para. 3 GDPR. The consequence is that we may no longer continue the data processing that was based on this consent in the future.

You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to demand the immediate rectification of incorrect or incomplete personal data stored by us.

In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, provided that there are no other reasons, such as fulfilment of a legal obligation or defence of legal claims, to the contrary.

You have the right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR. If your personal data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on reasons relating to your particular situation.

The data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 19 GDPR to each recipient to whom the personal data have been disclosed.

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another data controller.

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

The competent supervisory authority is:

                   Hamburg Supervisory Authority

                   Ludwig-Erhard-Str. 22, 7. OG

                   20459 Hamburg

                   Telephone:+49 40/428 54-40 40

                   E-Mail: mailbox@datenschutz.hamburg.de

                   Internet: datenschutz-hamburg.de

                   Supervisory Authorities of all Federal States:

                   https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html


10. Does automated decision-making takes place?

Automated decision-making within the meaning of Art. 22 (1) and (4) GDPR – including profiling – does not take place.


Status: 31. Januar 2024