Privacy Policy, effective as of December 26th, 2024
Responsible Party:
SOPAGO GmbH
Mönkeburgstr. 14
31303 Burgdorf, Germany
Tel: +49 174 6956391
[email protected]
SOPAGO GmbH (“SOPAGO” or “we”, “us”, or “our”) is committed to protecting the privacy of individuals who visit our websites (“Visitors”) and individuals acting on behalf of a business entity who register to use SOPAGO’s services (“Customers”).
This Privacy Policy outlines SOPAGO’s privacy practices regarding the use of our websites and related applications and services (collectively, the “Services”). The terms “You” or “Your” in this Privacy Policy refer to either a “Visitor” or a “Customer” depending on the context.
Collection of Personal Information
When expressing an interest in obtaining additional information about SOPAGO’s Services or registering to use the Services, SOPAGO requires you to provide personal contact information, such as your name, company name, phone number, email address, and your company’s local address (“Required Contact Information”).
When purchasing the Services, SOPAGO also requires billing information, including billing name and address, and credit card number (“Billing Information”). Additionally, SOPAGO may ask you to provide optional financial information, such as company annual revenues, number of employees, or industry (“Optional Information”).
As you navigate SOPAGO’s websites, SOPAGO may collect data using commonly used tools like cookies and web beacons (“Website Navigational Tools”). The information collected includes standard details from your web browser (such as browser language and type), your Internet Protocol (“IP”) address, and the actions you take on SOPAGO’s websites (such as web pages viewed and links clicked).
Use of Customer Data
SOPAGO uses Customer Data to respond to your requests and perform the Services you request. For example:
SOPAGO may also use Customer Data for marketing purposes. For example:
For contracts involving payment details (such as direct debit accounts), SOPAGO requires this information to process payments. Payment transactions made through common methods (Visa/MasterCard, direct debit) are processed using encrypted SSL or TLS connections. You can recognize an encrypted connection when the browser’s address line changes from “http://” to “https://” and a lock icon appears in the browser.
When communication is encrypted, any payment information you provide cannot be accessed by third parties.
Business Partners
SOPAGO may occasionally partner with other companies to jointly offer products or services. If you purchase or express interest in a jointly-offered product or service, SOPAGO may share Customer Data with its promotion partner(s). However, SOPAGO does not control how these partners use the data, and their use will be governed by their own privacy policies. If you do not wish to share your information in this way, you can opt not to purchase or express interest in these joint offerings.
Third Parties
SOPAGO does not sell, rent, or lease personal information to third parties. The exception is trusted third parties who assist with site or service operations, business functions, or providing services to you, provided they agree to maintain confidentiality. SOPAGO may also share your information if necessary to comply with the law, enforce site policies, or protect the rights, property, or safety of SOPAGO or others.
Website Navigational Tools
This section outlines the Website Navigational Tools used on SOPAGO’s websites and how the data collected through them is used:
Cookies: SOPAGO uses cookies to enhance interactions with its websites. When you visit a SOPAGO site, a cookie is sent to your device. There are two types of cookies:
Web Beacons: SOPAGO uses Web beacons in conjunction with cookies to gather data on how Customers and Visitors use SOPAGO’s websites and interact with marketing emails. For example, Web beacons in emails notify SOPAGO when you click a link that directs you to their website.
IP Addresses: SOPAGO collects your IP address when you visit their websites, to monitor the regions from which traffic is coming. SOPAGO also gathers IP addresses during Customer logins to the Services, using it for security measures like “Identity Confirmation” and “IP Range Restrictions.”
Links to Non-SOPAGO Sites
SOPAGO’s website may contain links to other websites. SOPAGO is not responsible for the content, privacy policies, or services provided by those third-party sites. It is recommended to review the privacy policies of any websites you visit after leaving SOPAGO’s site.
SOPAGO is dedicated to facilitating the exercise of your rights under the General Data Protection Regulation (GDPR) and any relevant laws of your jurisdiction. These rights may include:
SOPAGO will make every effort to honor your requests, considering any legal or contractual obligations.
If you would like to:
Please contact SOPAGO at [email protected] or update any relevant user profile information directly associated with your account.
For changes in the contract, kindly reach out to [email protected].
Server Log Files
When you visit SOPAGO’s website, the provider automatically collects and stores certain information that your browser sends. This information is retained in server log files and includes:
This data is used for system administration and security, and will not be combined with data from other sources.
The processing of this data is based on Article 6 (1) (f) of the GDPR, which allows data processing for the purpose of fulfilling a contract or taking actions before entering into a contract.
If you contact us through the contact form, we collect the information you provide, including your contact details. This allows us to respond to your initial inquiry and any follow-up questions. We do not share this information without your explicit consent.
The data you submit through the contact form will be processed based on Article 6 (1)(a) of the GDPR, which requires your consent. You have the right to withdraw your consent at any time, and an informal email is enough to make this request. Any data processed before we receive your request will still be lawful.
We will retain the information you provide until you request its deletion, withdraw your consent, or when the data is no longer necessary for the purpose for which it was collected (e.g., after fulfilling your request). However, statutory data retention requirements will still apply.
Signing up on our website grants access to additional features. The details you provide will solely be used for utilizing the specific site or service you’ve registered for. Completing all mandatory information during registration is necessary; incomplete submissions will result in registration rejection.
We’ll use the email address provided during registration to notify you about significant site changes or technical updates. The processing of data during registration relies solely on your consent as per Art. 6 (1)(a) of the GDPR, which you can revoke at any time for future actions. A simple email requesting this suffices. Any data processed before we receive your revocation will still be handled legally. The information collected during registration will be stored as long as your account is active on our website. Legal retention periods will apply as required by law.
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process, and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
We only share personally identifiable information with third parties as necessary to fulfill your contract terms. For instance, this could include companies responsible for delivering goods to your specified location or banks handling your payment processing. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be shared with third parties for advertising purposes unless we have obtained your explicit consent.
The basis for data processing is Art. 6 (1) (b) DSGVO, which permits data processing to complete a contract or undertake actions preparatory to a contract.
Facebook plugins (Like & Share buttons)
Our website incorporates plugins from the social network Facebook, managed by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. These Facebook plugins can be identified by the Facebook logo or the Like button on our site. You can find an overview of Facebook plugins at https://developers.facebook.com/docs/plugins/.
When you visit our site, the plugin establishes a direct connection between your browser and the Facebook server, allowing Facebook to receive information that you’ve visited our site from your IP address. Clicking the Facebook “Like button” while logged into your Facebook account enables you to link our site’s content to your Facebook profile, associating visits to our site with your user account on Facebook.
Please note that, as the operator of this site, we have no insight into the content of data transmitted to Facebook or how Facebook utilizes this information. For more details, refer to Facebook’s privacy policy at Meta Privacy Policy. If you prefer not to link your visit to our site with your Facebook account, kindly log out of your Facebook account.
Instagram plugin
Our website includes features from the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you’re logged into your Instagram account, clicking the Instagram button enables you to link our page content with your Instagram profile. This allows Instagram to correlate visits to our pages with your user account. As the provider of this website, we want to clarify that we do not receive any details about the content of transmitted data or its usage by Instagram.
For additional insights, refer to the Instagram Privacy Policy.
LinkedIn plugin
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is notified of your visit to our web pages through your IP address. By using the LinkedIn “Recommend” button while logged into your LinkedIn account, LinkedIn can potentially link your website visit to your user account. As the provider of these pages, we have no insight into the content of the transmitted data or its utilization by LinkedIn.
You can find more details in the LinkedIn privacy policy.
Pinterest plugin
Our website features functionalities from the Pinterest social network, managed by Pinterest Inc., located at 635 High Street, Palo Alto, CA, 94301, USA. When you access a page containing the Pinterest social plugin, your browser establishes a direct connection to Pinterest servers. The plugin transmits log data to Pinterest servers situated in the United States. This log data might include your IP address, visited website addresses (which also comprise Pinterest features), browser type and settings, request date and time, your interactions with Pinterest, and cookies.
For additional insights on the purpose, extent, further processing, and use of data by Pinterest, along with your rights and privacy protection options, refer to Pinterest’s privacy notices.
Google Analytics 4
This site utilizes Google Analytics, a web analysis service operated by Google Inc., situated at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics employs “cookies,” text files stored on your computer that enable the analysis of your website usage. Typically, the information generated by these cookies regarding your use of this website is transmitted to and stored on a Google server in the USA.
The use of Google Analytics cookies is grounded on Art. 6 (1) (f) of the GDPR. The website owner holds a legitimate interest in analyzing user behavior to enhance both the site and its advertising.
IP anonymization:
We’ve activated IP anonymization on this website. Your IP address is abbreviated by Google within the European Union or in other countries adhering to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the complete IP address be transferred to a Google server in the US and truncated there. Google uses this information on behalf of the website operator to assess website usage, compile activity reports, and offer other services related to website activity and internet usage. Your browser’s transmitted IP address for Google Analytics won’t be combined with other Google-held data.
Browser plugin
You can prevent cookie storage by adjusting your browser settings. However, this might limit some functionalities of the website. Additionally, you can prevent data (including your IP address) generated by cookies related to your website usage from being transmitted to Google and Google’s processing of such data by downloading and installing the browser plugin available at the following link Google Analytics Opt-Out.
Opting out of data collection:
You can opt out of Google Analytics data collection by clicking on the following link. An opt-out cookie will be set to prevent future data collection on your visits to this site: Disable Google Analytics.
For further insights into Google Analytics’ handling of user data, refer to Google’s privacy policy.
Outsourced data processing:
We’ve contracted Google for data processing and comply fully with stringent German data protection authority requirements when using Google Analytics.
Google Analytics’ demographic data collection:
This website utilizes Google Analytics’ demographic features, enabling reports on visitors’ age, gender, and interests. This data originates from Google’s interest-based advertising and third-party visitor information, unattributable to any specific individual. You can disable this feature by adjusting your ads settings in your Google account or by refusing data collection by Google Analytics, as described in the “Refusal of data collection” section.
etracker
Our website employs the etracker analytics service, provided by etracker GmbH, located at Erste Brunnenstraße 1, 20459 Hamburg, Germany. The data collected through this service may be used to create pseudonymous usage profiles, potentially utilizing cookies for this purpose. Cookies, small text files stored in your browser cache, facilitate browser recognition. Information gathered by etracker technologies doesn’t ascertain the personal identity of website visitors and isn’t combined with personal data unless explicitly consented to by the concerned individual.
etracker cookies persist on your device until manually deleted. The storage of etracker cookies is grounded in Art. 6 (1) (f) of the GDPR. The website operator holds a legitimate interest in analyzing user behavior to enhance both the website and its advertising.
You retain the right to object to the collection and storage of your data, effective immediately and for the future. To decline future data collection and storage of your visitor data, you can utilize the etracker opt-out cookie available at this link: Etracker Opt-Out. This will set an opt-out cookie named “cntcookie” from etracker. Please refrain from deleting this cookie if you wish to uphold your refusal to consent.
For more insights, refer to the etracker privacy policy.
Outsourced data processing agreement completion:
We’ve engaged in a contract with etracker for outsourcing our data processing and adhere fully to the stringent requirements stipulated by German data protection authorities while utilizing etracker.
Our websites utilize Google Analytics Remarketing functionalities coupled with Google AdWords and DoubleClick’s cross-device capabilities, provided by Google Inc., situated at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This feature links target audiences established through Google Analytics Remarketing with Google AdWords and Google DoubleClick’s ability to span multiple devices. Consequently, advertising aligned with your personal interests, inferred from your past usage and browsing activities on one device (e.g., mobile phone), can be displayed on other devices like tablets or computers. Upon granting consent, Google associates your web and app browsing history with your Google Account. This allows any device logged into your Google Account to access the same personalized promotional content. To support this feature, Google Analytics collects Google-authenticated user IDs temporarily merged with our Google Analytics data to shape and generate audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by disabling personalized advertising in your Google Account settings through this link: https://www.google.com/settings/ads/onweb/. The amalgamation of data within your Google Account relies solely on your consent under Art. 6 (1) (a) of the GDPR, which you can grant or revoke from Google. For data collection operations not merged into your Google Account (e.g., if you lack a Google Account or have objected to merging), data collection is based on Art. 6 (1) (f) of the GDPR. The website operator holds a legitimate interest in analyzing anonymous user behavior for promotional purposes. For comprehensive details and the Google Privacy Policy, visit: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion Tracking
This website employs Google AdWords, an online advertising program provided by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). Within Google AdWords, we utilize conversion tracking. Clicking on a Google-served ad triggers the setting of a conversion tracking cookie. These cookies, small text files stored in your internet browser, expire after 30 days and are not utilized for user identification purposes. If a user visits specific website pages before the cookie expiration, Google and the website can ascertain that the user clicked on the ad and navigated to that page. Each Google AdWords advertiser has a distinct cookie, ensuring tracking isn’t cross-referenced among different advertisers’ websites. Data derived from the conversion cookie assists in creating conversion statistics for AdWords advertisers utilizing conversion tracking. Advertisers receive information on the total number of users redirected to a conversion tracking tag page by clicking their ad. However, this data does not allow for the personal identification of users. Opting out of tracking is feasible by simply disabling the Google Conversion Tracking cookie through your browser settings. This action exempts you from inclusion in conversion tracking statistics. Storage of conversion cookies is grounded in Art. 6 (1) (f) of the GDPR. The website operator holds a legitimate interest in analyzing user behavior to optimize both its website and advertising strategies.
Facebook Pixel
Our website tracks conversions using visitor action pixels from Facebook, operated by Facebook Inc., located at 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). These pixels enable the tracking of site visitor actions post-clicking on a Facebook ad, leading them to the provider’s website. This analysis helps evaluate the efficacy of Facebook ads for statistical and market research purposes, aiming to enhance future ad performance. The data collected remains anonymous to us as website operators, preventing us from drawing conclusions about user identities. However, Facebook stores and processes this data, potentially linking it to your Facebook profile for its advertising purposes, in line with the Facebook privacy policy. Consequently, Facebook can display ads on its platform and third-party sites. We lack control over how Facebook employs this data. For detailed insights on safeguarding your privacy, refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/. To disable the custom audiences remarketing feature, visit the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen after logging into Facebook. For those without a Facebook account, opting out of Facebook’s usage-based advertising can be done via the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement.
PipeDrive API
We use PipeDrive, Inc. PipeDrive API, New York, US, to access additional services and data from PipeDrive, Inc. Your IP address will be transmitted to PipeDrive, Inc. The use of PipeDrive API is based on our legitimate interests, i.e., in optimizing our online offer per Art. 6 sec. 1 lit. f. GDPR. We do not influence the actual storage duration of processed data; this is determined by PipeDrive, Inc. For more information, see the privacy policy for HubSpot API: https://www.pipedrive.com/en/privacy.
Newsletter data
If you wish to receive our newsletter, we’ll need a valid email address and information confirming ownership and your agreement to receive it. Additional data isn’t mandatory, and if collected, it’s purely voluntary. The data provided is solely utilized to send the requested information and isn’t shared with third parties. Your provided data through the contact form is processed solely upon your consent as per Art. 6 (1) (a) DSGVO. You have the right to revoke this consent for storing your data and email address, and their use for newsletter distribution, anytime, typically via the “unsubscribe” link in the newsletter. Data processed before your revocation request may still be legally processed. Information submitted for newsletter registration is utilized until you opt-out, after which it’s deleted. Other data stored for separate purposes (e.g., email addresses for the members area) remains unaffected. For newsletter distribution, we utilize a service provided by MessageBird B.V., Amsterdam, NL, which manages your personal data in compliance with Art. 28 GDPR on our behalf. Consequently, your data isn’t shared with third parties.
Registration of a customer account
For the use of certain areas of our website, you have the possibility to register a user account. The data collected through the mandatory fields during registration is essential to grant access to the user account. In addition, you can voluntarily provide additional information for additional (comfort) features. For registering a user account, the transfer of your personal data takes place exclusively per this data protection declaration. We process your data to provide a user account for the performance of a contract with you in accordance with Art. 6 sec. 1 lit. b GDPR. Your data is required due to a contractual obligation; this information is essential for your identification and fulfilling our contractual obligations. However, there is no legal obligation to provide the data. This information is required to register a user account and, thus, enter into a contract. In addition, the processing of additional information provided voluntarily to provide further (comfort) functions is based on your consent in accordance with Art. 6 sec. 1 lit. a GDPR. You can express your revocation under Art. 7 sec. 3 GDPR by deactivating functions or deleting voluntary information within your user account, affecting future use. As part of the user account provision, we retain your personal data for the contract’s duration. Upon contract termination or account deletion, data storage may continue if legal retention obligations (e.g., tax and commercial laws) apply. The additional information you provide based on your consent will only be stored until you revoke your consent by disabling the functions/deleting the data, but at the latest until the end of the contract on which the provision of the user account is based.
PayPal
Our website accepts payments via PayPal. The service provider for this platform is PayPal (Europe) S.à.r.l & Cie, S.C.A. located at 22-24 Boulevard Royal, L-2449 Luxembourg. If you opt for PayPal as your payment method, your payment details are forwarded to PayPal in accordance with Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You retain the right to revoke your consent at any time, affecting future transactions without impacting previously collected data.
Klarna
Our website accepts payments via Klarna. This service is provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. Klarna offers various payment options (e.g., installment payments). If you opt to pay using Klarna, Klarna will collect various pieces of personal data from you. Further information can be found in the Klarna privacy policy: Klarna Privacy Policy.
Klarna utilizes cookies to enhance the functionality of the Klarna checkout solution. Optimizing this checkout solution aligns with a legitimate interest as defined in Art. 6 (1) (f) of the DSGVO. These cookies, small text files stored on your device, do not cause any harm and persist until you manually remove them. For further information on how Klarna uses cookies, visit Klarna Cookie Policy.
Data is transmitted to Klarna based on Art. 6 (1)(a) (Consent) and Art. 6 (1)(b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Sofortüberweisung
Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
The service provider for this service is Sofort GmbH, located at Theresienhöhe 12, 80339 Munich, Germany. Sofortüberweisung enables us to promptly initiate our contractual obligations upon receiving real-time payment confirmations. If you choose Sofortüberweisung as your payment method, you’ll be required to input a PIN and a valid TAN, granting Sofort GmbH access to your online banking account.
Sofort GmbH will conduct an immediate check on your account balance and execute the transfer to our account using the provided TAN. Subsequently, an instantaneous transaction confirmation is sent. Upon login, your income, overdraft protection, other account availability, and their balances will be verified.
Apart from the PIN and TAN, Sofort GmbH will receive the payment details and personal information you provide, including your name, address, phone numbers, email address, IP address, and other necessary data for payment processing. This transfer of data is crucial to securely identify you and prevent fraudulent activities.
Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
For more details, visit the following links: Sofort Privacy Policy and Klarna Sofort.
Stripe
When using our Software as a Service, payment transactions are handled through Stripe LTD., headquartered at Grand Canal Dock, Dublin, Ireland.
Stripe operates as a payment technology company under a banking license, providing payment and financial services such as handling payments via credit card, bank transfer, and other payment methods, issuing cards, supplying (merchant) bank account services, fraud detection services, and other services to its clientele.
The concrete storage period of the processed data cannot be influenced by us but is determined by Stripe. For more information, visit the Stripe Privacy Policy: Stripe Privacy Policy.
Contact Details
Questions regarding this Privacy Policy or the information practices of SOPAGO’s websites should be directed to SOPAGO Privacy by email: [email protected] or by mailing SOPAGO GmbH, Mönkeburgstr. 14, 31303 Burgdorf.
