SOPAGO PRIVACY POLICY
Version: 1.1
Effective date: March 15, 2023
​
This “Privacy Policy” describes the way SOPAGO GmbH, having its corporate seat in Burgdorf, registered with the German Trade Register under number HRB208027 collect, process and protect your personal data. SOPAGO is committed to protecting your personal data in accordance with applicable privacy laws and regulations such as the GDPR and the CCPA.
​
This SOPAGO Privacy Policy applies to data processing within any services, systems, platforms, and applications operated by SOPAGO where personal data is processed and which incorporate this policy or contain reference hereto. This Privacy Policy applies also to the processing of personal data of visitors of the SOPAGO website, representatives of our business partners, individuals who contact us via our website and applicants that apply for any job positions at SOPAGO.
​
In the event of any discrepancies between this Privacy Policy and any specific Privacy Policy that applies to any SOPAGO product or services, the specific Privacy Policy prevails.
​
SOPAGO AS DATA PROCESSOR
SOPAGO operates SOPAGO Platform, a software for the management of enterprise administration and operations, including reservation, order and customer management (“SOPAGO Platform”). SOPAGO Platform is used by various service providers based on their contract with SOPAGO (the “Enterprises”). In these situations, personal data is collected by the Enterprises and SOPAGO as a data processor processes it under the instructions of an Enterprise that acts as a data controller. Processing of this personal data is governed by the Privacy Policy of the respective Enterprise.
​
Definitions:
​
SOPAGO Platform
refers to the set of applications and systems provided by SOPAGO to Users and Enterprises
User
A person that signs up for the SOPAGO Platform
User Account
The user account of the User
Enterprise
A customer of SOPAGO that is entitled to use the SOPAGO Platform based on a separate contract with SOPAGO
SOPAGO Personal Area
A part of the SOPAGO Platform that serves Users to manage their User Accounts and data manage their reservations, orders and other services provided by Enterprises, communicate with Enterprises, and use other services as provided by Enterprises
SOPAGO Business Area
A part of SOPAGO Platform that serves Users to act on behalf of Enterprises or SOPAGO
Enterprise Scope
A part of SOPAGO Business Area controlled by a single Enterprise where Users can manage data, settings, reservations, orders, applications, and customers and use other functionalities as available in SOPAGO Platform for and on behalf of that Enterprise. For a person to be able to access Enterprise Scope the person has to be a User and has to have an Enterprise Profile
​
​
​
I. WHAT DATA DO WE PROCESS?
​
SOPAGO Services
When you create a User Account and use SOPAGO Platform we may collect and process the following categories of personal data:
​
-
Identification details (name, surname)
-
Contact details, such as an address, phone number, e-mail address
-
Information about your reservations/orders (including past reservations/orders)
-
Payment information (including credit/debit card information)
-
ID/passport (if you’ve reserved/ordered accommodation services)
-
Enterprise Scopes you have been granted access rights to
​
SOPAGO Website
When you visit SOPAGO website, sign up for our events/webinars or for a newsletter, book a demo with SOPAGO or contact SOPAGO via our website we may collect and process the following categories of personal data:
​
-
Identification details (name, surname)
-
Contact details, such as an address, phone number, e-mail address
-
Events/webinars you signed up for
-
Newsletters you signed up for
-
Information about the company you work for and your work position
-
Any further information you share with us
​
SOPAGO Customer Verification
In order to verify the identity of our customers who enter into contractual relationships with us for the provision of SOPAGO services we collect and process the following categories of personal data of company representatives and ultimate beneficial owners:
​
-
Identification data (name, surname, date of birth) and contact data, such as a personal address, phone number, e-mail address, job title/position, citizenship
-
Identification documents such as passports, ID cards, driver’s licenses, proof of address documents
-
Ownership information, whether the person is a politically exposed person
​
SOPAGO Customer Services
When you attend a presentation call on SOPAGO Platform or you contact SOPAGO via our customer service centre, we may collect and process the following categories of personal data:
​
-
Identification details (name, surname)
-
Contact details, such as an address, phone number, e-mail address
-
Information about the company you work for and your work position
-
Video/voice recordings of you
-
Any further information you share with us
​
SOPAGO Careers
When you apply for a job at SOPAGO we may collect and process the following categories of personal data:
​
-
Identification details (name, surname)
-
Contact details, such as an address, phone number, e-mail address
-
Information from your CV, Cover Letter about your past positions, qualifications, etc.
-
Any further information you share with us during the recruitment process
-
Criminal record
​
​
II. HOW DO WE PROCESS DATA?
​
SOPAGO Services
When you create a User Account with SOPAGO Platform, we process your log-in data (your email address) and data relating to the services you reserve or order, including past services and orders.
If your reservation or order is with an accommodation provider, we also process the information required for the accommodation registration card.
​
If you are invited to an Enterprise Scope, we process what Enterprise Scopes within the SOPAGO Platform have access rights to. We process the data for the purpose and on the legal basis of delivering the functionalities of SOPAGO Personal Area to you.
SOPAGO Website
SOPAGO may use your data for marketing purposes, i.e., if you sign up for our newsletter or other marketing communication or which may, according to your past preferences, be of interest to you. These communications shall strictly adhere to applicable legal regulations. Advertising and marketing materials of other parties shall be sent to you only if you opted in to receive these communications, via our website e-mail or otherwise. The legal ground for the processing of your data for marketing purposes is consent or our legitimate interests.
​
Your decision about receiving marketing communication may be withheld in accordance with the opt-out rules described in each marketing email or other form of communication via the unsubscribe option in the footer of every email. Opting out can be done also by changing the settings of your User Account or by directly contacting SOPAGO. If you opt-out, SOPAGO shall retain only such data that is necessary for the provision of services to you in accordance with the rules set out in this policy.
SOPAGO Customer Verification
SOPAGO collects all the information and data needed for customer verification and submits this data to the payment processing providers to facilitate the KYC (know your customer) process mandated by anti-terrorism, anti-money laundering, anti-terrorist financing, financial services and other applicable laws and regulations.
As a part of this process, SOPAGO as well carries out verification of the identity and status of company representatives and ultimate beneficial owners (such as whether the persons are politically exposed persons) via a third-party provider. SOPAGO processes this data on the legal basis of the performance of the contract and the legitimate interest of SOPAGO for the purpose of verifying customer identity.
​
SOPAGO Customer Services
SOPAGO records call with its clients and processes associated personal data based on legitimate interest for the purposes of evidence of the proper provision of services and defence against any client claims.
We notify our clients about the recording at the beginning of every call. By continuing the phone call, you agree with the recording taking place and capturing expressions of a personal nature. If you wish to get in touch with us in a different way, please contact us at support@sopago.app.
​
We record calls (audio and video) with our clients and potential clients for the purposes of internal training, business intelligence and note-taking. This recording is always based on your consent with the recording taking place before the recording starts. By consenting to the call recording, you agree with the recording taking place and capturing expressions of personal nature. You can withdraw your consent at any time by sending a message to privacy@sopago.app, in which case we will delete the recording.
​
SOPAGO Careers
If you apply for any open job positions at SOPAGO through SOPAGO website or other means, we will process the personal data you provide us with for the purposes of evaluating your application and information contained therein to assess whether you are a suitable candidate for any of our positions. We may also conduct pre-employment screening of job applicants to verify inter alia the truthfulness of the information contained in your CV and other documents you provide us with. For particular positions, you may be asked to provide us with your criminal record as well.
The pre-employment screening is always done in such a way that its proportionality, adequacy and compliance with applicable law are assured. The legal ground for processing this data is the performance of the contract or pre-contractual relations or your consent (where applicable). The respective SOPAGO affiliate to which you applied for a job position shall be considered as a data controller.
​
We may keep your CV in our internal database in order to consider you for future positions at SOPAGO , subject to your consent. You can withdraw your consent at any time in your User account or by sending a message to privacy@sopago.app.
Legal obligations
In some instances, legal regulations impose obligations on us under which we are obliged to process personal data. Such cases are for instance tax and accounting laws and the provision of some data to public authorities based on law.
Thus, we can process your data for the purpose of fulfilling our legal obligations and archiving our internal records. The legal ground for the processing of such data is in compliance with legal obligations.
​
​
III. COOKIES & OTHER TECHNOLOGIES ON OUR WEBSITES
​
Our websites use cookies to collect information about individuals who visit our website. Cookies are small, encrypted text files that are stored on your computer or other devices. Cookies help us to operate our website, and provide important features and functionality on our website. They help us to understand how our website is being used. At the same time, we use cookies for statistical and analytical purposes, for example, to track and monitor what country, what pages and what method was used to visit our website as well as to enable personalization.
​
Additionally, cookies help us deliver online advertising that we believe is most relevant to you. Cookies are also used for profiling. Cookies can help us to understand how our website is being used, for example, by telling us if you get an error message as you browse. For more information about cookies please visit https://www.allaboutcookies.org.
We use the following types of cookies:
​
-
essential (necessary) cookies, which are essential for the provision of access to our websites and for the provision of services explicitly requested by you. They enable core functionalities of the website such as marking your data inputs, network management and accessibility; (if these cookies are disabled, our website may not work properly);
-
analytical (performance) cookies help us to analyze how you navigate our websites and what content is relevant to our users. They are used for performance measurement and improvement;
-
functional cookies allow us to remember choices you have made in the past, like what language and currency you prefer, to remember your name and email and automatically fill in forms and allow for personalization, such as live chats, videos and the use of social media;
-
advertising cookies, which help deliver tailored and customized advertising.
​
We may collect the following data via cookies:
IP address, gender, time zone, browser settings, operating system, information about website visits including the URL, search terms, information about what you viewed or searched on our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs).
​
When you visit our websites, you shall be informed through a cookie banner placed at the bottom of the website that we collect cookies. The banner allows you to manage what kind of cookies can be collected by SOPAGO. You can change the settings and withdraw your consent at any time through the Privacy settings provided at the bottom of our websites.
When we collect essential cookies the legal ground for the processing of this data is a legitimate interest.
It is not possible to disable these cookies through the Privacy settings as our websites might not function properly when you disable this type of cookies. However, if you still wish to do so, you may follow the instructions below in the section Disabling cookies.
​
When we store data or gain access to data already stored in your terminal equipment such as your PC or mobile device for analytical, functional, or advertising purposes we only do so once you have given us your consent.
​
SOPAGO emails and/or websites and the communications generated from using and/or registering for SOPAGO services and/or platforms, such as promotional emails, may contain electronic images known as “web beacons”. Web beacons generally work in conjunction with cookies, and we may use them in the same way we use cookies (see above).
​
Disabling cookies
If you do not wish cookies to be collected, you may restrict, block or delete the cookies at any time by modifying your browser configuration. Although each browser is parameterized differently, cookie configuration is normally located on the “Preferences” or “Tools” menu. If you turn off cookies, the functionality of our website may be limited (in the case of essential cookies you may not be able to access our website).
​
If you wish to prevent new cookies from being installed or if you wish to delete existing cookies you can find the instructions on the links below. The exact procedure depends on which browser you are using:
​
-
Internet Explorer
Delete and manage cookies - Microsoft Support -
Firefox
Enhanced Tracking Protection in Firefox for desktop | Firefox Help
Clear cookies and site data in Firefox | Firefox Help -
Google Chrome
Clear, allow, & manage cookies in Chrome - Computer - Google Chrome Help
​
For mobile devices you can limit tracking via the privacy setting on your device (disabling the advertising identifier), for instructions please see Mobile Opt Out - NAI: Network Advertising Initiative. Furthermore, you can use a third-party tool to opt out of targeted advertising. Available third-party opt-out tools include the Digital Advertising Alliance, the Network Advertising Initiative, and the European Interactive Digital Advertising Alliance (Europe only).
​
To opt-out from receiving cross-device site advertising (i.e., tracking a user across devices) you can access your device settings or visit and employ the controls described on the NAI’s Mobile Choices page.
​
We also use so-called social plugins from the following social networks on our websites: (i) Facebook - log in or sign up, (ii) twitter.com, (iii) LinkedIn: Log In or Sign Up (“plugins”), which are indicated by their logos on our websites. When you visit our websites, your browser establishes a direct connection with the servers on which these plugins run. The content of the plugins is transferred directly by Facebook/Twitter/LinkedIn to your browser, which then integrates it into our website. Integration of the plugins causes Facebook/Twitter/LinkedIn to receive the information that you have accessed on the corresponding page of our website. If you are logged in with Facebook/Twitter/LinkedIn it will be able to assign your visit to your account on these social networks.
​
Please note that an exchange of this information already takes place when you visit our website regardless of whether you interact with the plugin or not. If you do not want Facebook/Twitter/LinkedIn to gather data about you via our website, you must log out of them before visiting our website. For more information regarding how these social networks process your data in their privacy policies:
​
Facebook Meta Privacy Policy - How Meta collects and uses user data
Twitter Twitter Privacy Policy
LinkedIn https://www.linkedin.com/legal/privacy-policy
​
​
​
IV. DATA RETENTION
​
Generally, personal data shall be kept for as long as necessary for the purpose for which it was processed. The length of time that SOPAGO will hold your personal data will also depend on the legal basis on which your data is processed. Shall the processing be based on legitimate interest, your data will be processed for as long as the given legitimate interest of SOPAGO is in place.
For data kept based on legal obligations, the data-retention period is prescribed by applicable legal regulations. For data processed based on the performance of a contract, the data is processed for the duration of the contractual relationship and for an applicable limitation period. Shall the processing be based on your consent, your personal data shall be erased after you withdraw your consent. Please bear in mind that the same data may as well be processed based on another legal basis in which case your withdrawal of consent might not mean a full erasure of your data. SOPAGO shall neither collect an excessive amount of personal data nor other information which is not relevant to the purposes for which the personal data is collected.
​
If you create a User Account, we will process your data for the period of your registration with SOPAGO. You can delete your User Account at any time. You can as well manage what data is processed about you via your User Account.
​
Personal data that SOPAGO collects as part of the customer verification process is processed for the duration of the contractual relationship between SOPAGO and its customers and 5 years after the termination of the contractual relationship.
SOPAGO shall not store data provided by you or collected automatically during the phone calls for a longer period than what is necessary, given the purposes for which they were provided or collected. Moreover, you can withdraw your consent to process your data at any time by sending a message to privacy@sopago.app, in which case we will remove your data from our system.
The personal data of successful applicants is processed and retained in line with our employee Privacy Policy.
The personal data of unsuccessful applicants that provided us with their consent for considering them for future positions at SOPAGO is processed for the period for which the consent was given, whereas you may withdraw your consent at any time. The personal data of unsuccessful applicants that have not provided us with their consent for retaining their personal data are retained for as long as the given legitimate interest of SOPAGO to protect itself from legal claims and effectuate the hiring process.
​
​
V. DATA SHARING, PROCESSING AND TRANSFERS TO THIRD COUNTRIES
​
Your personal data shall not be shared with any third party except for the following situations:
​
-
data is necessary for the provision of SOPAGO Services,
-
based on your consent,
-
entrusting personal data to processors who process personal data on behalf of SOPAGO,
-
SOPAGO is obliged to provide the personal data on the basis of law or upon order by a public authority, or
-
SOPAGO is obliged to provide personal data to payment processing providers in order to facilitate the customer verification process.
​
In order to allow you to manage various reservations/orders made with Enterprises, SOPAGO may share your personal data with Enterprises for the sole purpose of making and managing your reservation/order as well as other services as offered by Enterprises.
​
Categories of Processors
SOPAGO uses trusted third-party providers that in some instances process personal data on behalf of SOPAGO and based on instructions provided by SOPAGO. SOPAGO may use the following categories of providers (processors under GDPR):
​
-
data centre, hosting
-
marketing providers
-
analytics and recording providers
-
providers of polls or surveys
-
business management providers
-
task management and communication providers
-
legal services, tax, accounting, and audit services
-
recruitment and applicant verification providers
-
information security providers
​
Transfers to Third Countries
SOPAGO will transfer your data to countries outside the EU/European Economic Area only if such a transfer is compliant with applicable legal regulations. That means, for instance, that our provider is seated in a country for which the European Commission issued a decision that it provides an adequate level of personal data protection, standard contractual clauses and/or other transfer mechanisms are in place that ensure adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals and, if necessary, additional measures are applied to ensure that the data subject is granted a level of protection essentially equivalent to that guaranteed by the GDPR.
​
​
VI. DATA SECURITY
​
SOPAGO shall ensure that your personal data is stored securely. Therefore, SOPAGO has introduced adequate physical, technical, and organizational measures and plans to protect and secure all information collected via SOPAGO Services.
The aim is to eliminate the unauthorized or unlawful processing of your personal data, or accidental, unauthorized, or unlawful access, use, transferring, processing, copying, transmitting, alteration, loss or damage of your personal data.
Despite all efforts and meeting all rules set out by applicable legal regulations, it is not possible to guarantee the security of your data if it is transferred or transmitted in an unsecured way.
​
SOPAGO protects your data in particular in the following ways:
​
-
Encrypting data
-
Using multiple levels of internal system logs
-
Enforcing the strong password policy of Hashing User passwords
-
Penetration testing
​
These measures do not deprive you of your duties to undertake proper steps in order to secure your own personal data. You should, inter alia, regularly change your passwords. On the other hand, you should not, inter alia, use predictable usernames and/or passwords, share your password with other persons, or grant access to your User Account and/or disclose your personal data to other persons. SOPAGO will never ask you for your password in any unsolicited communication. Please notify our data protection officer immediately upon any unauthorized use of your User Account or any other suspected breach of security.
​
​
​
VII. YOUR RIGHTS
​
Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data you are entitled under the GDPR to the following rights:
​
Right of access
You are entitled to be informed inter alia about what personal data SOPAGO processes about you, for what purposes, and who are the recipients of your personal data.
​
Right to rectification
You have a right for any of your incomplete, inaccurate, or out-of-date personal data to be rectified.
​
Right to erasure (‘right to be forgotten)
You are entitled to the erasure of certain personal data that we have collected and processed about you. Please be aware that SOPAGO might be allowed or even obliged to keep some of the personal data despite your deletion request.
Right to restriction of processing
In given cases such as when we process inaccurate personal data about you, or you deem the processing as no longer necessary, you may ask for a restriction of the processing.
​
Right to data portability
You have a right to receive personal data you provide us with in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
​
Right to object
You are entitled to object, on grounds relating to your particular situation, at any time to the processing of personal data that concerns you and is carried out in the public interest or for the purposes of legitimate interests pursued by SOPAGO, including profiling. The exercise of your rights may be limited shall SOPAGO be obliged to keep any of your personal data for the purpose of compliance with legal obligations, for the establishment, exercise or defence of legal claims or for any other compelling reasons as provided by the relevant data protection law.
​
Right to not be subject to automated decision making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision: (a) is necessary for entering into, or performance of, a contract between you and SOPAGO (b) is authorized by law and the law lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (c) is based on your explicit consent.
SOPAGO does not make decisions based solely on automated processing that would have significant effects on SOPAGO users. For completeness, SOPAGO uses cookies and similar technologies the use of which may amount to profiling. For information on how to withdraw your consent for the use of cookies or disable cookies, please see chapter III. Cookies of this Privacy Policy.
Should you wish to exercise any of your rights, you may contact us at privacy@sopago.app.
​
Right to file a complaint
If you wish to file a complaint in regard to the processing of your personal data by SOPAGO, you may contact our DPO at privacy@sopago.app who will undertake to resolve the issue. You also have the right to lodge a complaint with our supervisory authority seated in Germany, or with the supervisory authority of the particular affiliate (for contact details please see: Our Members | European Data Protection Board ).
VIII. CALIFORNIA CONSUMER PRIVACY ACT OF 2018 (“CCPA”) NOTICE
Consumers residing in California have some additional rights in respect to their personal information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you and supplements the above policy.
Your Californian Consumer Rights
Where the California Consumer Privacy Act of 2018 Assembly Bill No. 375 (“CCPA”) applies to the processing of your data you are entitled to the following rights:
​
Right to notice
You have the right to be informed about how your personal information will be used. We have gone into detail about how we process your personal information in chapter II. How Do We Process Data? of this Privacy Policy.
​
Right of access
You are entitled to be informed about what personal data SOPAGO processes about you, for what purposes and who are the recipients of your personal data.
​
Right to request deletion
You are entitled to the erasure of certain personal data that we have collected and processed about you. Please be aware that SOPAGO might be allowed or even obliged to keep some of this personal data despite your deletion request.
​
Right to receive equal services
You have a right to not be discriminated against even if you exercise any of your CCPA rights.
​
​
IX. CHANGES IN PRIVACY POLICY AND LANGUAGE VERSIONS
​
SOPAGO shall, from time to time, change and update the terms of this Privacy Policy. You shall be informed of any changes to this Privacy Policy by the publishing of an updated version on SOPAGO website, and you may also obtain a copy of the amended Privacy Policy either via your User Account or via the email address you have provided to SOPAGO.
​
The English-language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies with translated versions SOPAGO may provide if any.
​
​
X. CONTACT DETAILS
​
Should you wish to know more about SOPAGO, its protection of your privacy, or about this Privacy Policy, you can contact SOPAGO at privacy@sopago.app.
​
Please help SOPAGO ensure that your data is up to date. If you believe that some of the data processed by SOPAGO is incorrect, please contact SOPAGO at privacy@sopago.app.