Data protection

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information can be found in the following sections of this privacy policy.

Data collection on this website

Who is responsible?
The data processing on this website is carried out by the website operator (see Responsible body).

How do we collect your data?
Your data is collected when you provide it to us (e.g., by entering it in a contact form). Other data is collected automatically or with your consent when you visit the website (e.g., technical data/cookies).

What do we use your data for?
Some of the data is collected to ensure that the website is error-free. Other data may be used—with your consent—to analyze your user behavior or for marketing purposes.

What are your rights?
You have the right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time, as well as the right to correct, delete, or restrict the processing of this data. For further details, please refer to Your rights.

Analysis and third-party tools

When you visit this website, your surfing behavior may be statistically evaluated. This is done primarily with analysis cookies and analysis programs (Google Analytics 4). The analysis is only carried out if you have given your consent via our consent banner (Usercentrics).

2. General information and mandatory information

Data protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations – in particular the GDPR, TTDSG – and this privacy policy.

Responsible body

Vispato GmbH
Hansaallee 299
40549 Düsseldorf
Germany
Email: mail@vispato.com

Data protection officer

Reinhold Goetz, Dipl.-Ing.
Engineering Office for Data Protection and Information Management
Kampstr. 6, 50374 Erftstadt

Revocation of your consent

You can revoke your consent at any time with future effect. The legality of the processing carried out until the revocation remains unaffected.

Right to object pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR. If personal data is processed for direct marketing purposes, you have the right to object to this at any time.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content (e.g. enquiries via the contact form). You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol. Right to lodge a complaint with the supervisory authority

In the event of violations of data protection laws, you have the right to lodge a complaint with a supervisory authority. A list of supervisory authorities can be found at bfdi.bund.de.

Your rights

In accordance with Art. 15 ff. GDPR, you have the right to information, correction, deletion, restriction of processing, data portability, and objection. The right to restriction of processing pursuant to Art. 18 GDPR applies in particular (1) for the duration of our review if you dispute the accuracy of your data, (2) in the event of unlawful processing, (3) if we no longer need the data but you need it for legal claims, or (4) if you have lodged an objection pursuant to Art.  21 para. 1 of the GDPR and it is not yet clear whose interests prevail.

3. Hosting

External hosting (Netlify)

This website is hosted by Netlify Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA Netlify stores access logs (IP address, user agent, URL, timestamp) for a maximum of 30 days for error analysis and system security. Legal basis: Art. 6 (1) (f) GDPR.

Netlify is certified under the EU-US Data Privacy Framework; EU standard contractual clauses also apply. A data processing agreement in accordance with Art. 28 GDPR is in place.

4. Data collection on this website

Cookies

We use essential cookies on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TTDSG. Statistics and marketing cookies are only activated after you have given your consent (Art. 6 (1) lit. a GDPR / § 25 (1) TTDSG). Change settings: Cookie settings

Contact form & support requests

We process data from inquiries for processing purposes (Art. 6 para. 1 lit. b or f GDPR) and delete it as soon as the purpose no longer applies (regularly after 1 year at the latest), unless there are legal obligations to retain it.

Pipedrive CRM

We use Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia to manage contact and enquiry data. Hosting in AWS data centers within the EU; Pipedrive is certified under the EU-US DPF and uses sub-processors in the US based on the EU standard contractual clauses. Storage period: max. 1 year.

5. Analysis tools and advertising

Google Tag Manager

Manages website tags; does not set any cookies itself. Legal basis: Art. 6 (1) (f) GDPR.

Google Analytics 4

With consent, analysis of user behavior; IP anonymization active, storage period for events 14 months; data transfer to Google LLC (USA) based on EU-US DPF.

Opt-out add-on: https://tools.google.com/dlpage/gaoptout

Google Ads & Conversion Tracking

Measurement of advertising conversions and remarketing; cookie duration 30 days; legal basis: consent (Art. 6 para. 1 lit. a GDPR). Personalized advertising can be disabled in your Google account.

6. Video conferences & remote demos (Demodesk)

Demodesk

For online meetings and product demos, we use Demodesk GmbH, Isartorplatz 8, 80331 Munich (demodesk.com). The processing serves the purpose of efficient communication with customers, interested parties, and partners.

Processed data: Name, email address, meeting metadata (subject, date, time, duration), technical information (IP address, device/browser) and, optionally, audio/video/screen content and chat messages.

Legal basis: Art. 6 (1) (b) GDPR (contract initiation/fulfillment) or Art. 6 (1) (f) GDPR (legitimate interest in effective communication). Recordings are only made with the express consent of all parties involved (Art. 6 (1) (a) GDPR) and are disabled by default.

Storage period: Recordings are stored in ISO 27001 data centers within the EU for a maximum of 30 days and then automatically deleted; meeting metadata is deleted as soon as the purpose no longer applies.

Data transfer to third countries: Access by Demodesk Inc. (USA) cannot be ruled out. The transfer is based on the EU standard contractual clauses (Art. 46 GDPR). A data processing agreement in accordance with Art. 28 GDPR has been concluded.

7. Processors

We have concluded order processing agreements in accordance with Art. 28 GDPR with all service providers mentioned here (Netlify, Google Ireland Limited, Pipedrive OÜ, Demodesk GmbH).

8. Storage periods

Unless a more specific period is specified in this statement, we store personal data until the purpose of processing ceases to apply, you revoke your consent, or you object. Statutory retention obligations remain unaffected.

9. Status of this declaration

Status: April 29, 2024