Brainloop

Brainloop Privacy Notice

24 April 2020

 

Brainloop AG and its subsidiaries take the security and protection of your personal data very seriously. The below Brainloop privacy notice (“Privacy Notice“) informs you about the processing of your personal data by Brainloop AG, Brainloop Austria GmbH and Brainloop Switzerland AG (each individually and separately “Brainloop” or “we“) as well as your related rights.

The Privacy Notice applies to:

– users of the website www.brainloop.com;

– individuals interested in our products and services;

– customers, suppliers and other business partners; and

– applicants for employment.

The below Privacy Notice does not apply to the processing of personal data from our customers in connection with the use of our Brainloop Secure Dataroom Services (“Services“). Any personal data relating to users of our Services and any data submitted or transferred to our Services by our customers are subject to separate privacy notices which we will make available to you in the context of your use of our Services.

We reserve the right to change the content of this Privacy Notice from time to time; we therefore recommend that you review this Privacy Notice at regular intervals. You can access the current version of this Privacy Policy at any time under https://www.brainloop.com/en-gb/privacy-notice.

 

1. Who is responsible for the processing of my data?

If you visit the website www.brainloop.com as a user (see section 4.1), Brainloop AG is responsible for the processing of your personal data as controller within the meaning of the General Data Protection Regulation (“GDPR“).

For the processing of personal data of prospects and other individuals interested in our products and services (see section 4.2) as well as customers, suppliers and other business partners (see section 4.3), the respective Brainloop group company with which you enter into contact, establish or maintain a business relationship or with which you otherwise interact is responsible as controller.

For the processing of personal data of applicants (see section 4.4), the respective Brainloop group company to which you send your application is responsible as controller.

You can find the contact details of the respective controller in the following section 2.

 

2. How can I contact Brainloop and its Data Protection Officer?

You can reach the respective Brainloop group company responsible for the processing of your personal data at any time under the following contact details:

Brainloop AG, Franziskanerstr. 14, 81669 Munich, Germany
Tel.: +49 89 444 699 0
Email: legal(at)brainloop.com
Website: www.brainloop.com

Brainloop Austria GmbH, Gonzagagasse 19/3, 1010 Vienna, Austria
Tel.: +43 (1) 361 99 79 0
Email: legal(at)brainloop.com
Website: www.brainloop.com

Brainloop Switzerland AG, Baarerstr. 125, 6300 Zug, Switzerland
Tel.: +41 44 720 37 37
Email: legal(at)brainloop.com
Website: www.brainloop.com

You can reach the data protection officer of Brainloop AG at any time under the following contact details:

Dr. Sebastian Kraska, IITR Datenschutz GmbH, Marienplatz 2, 80331 Munich, Germany
Tel.: 089 18917360
Email: email@iitr.de
Website: www.iitr.de

 

3. What are “Personal Data” and what does “Processing” mean?

3.1 Personal Data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2 Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

4. What data will be collected about me? For which purposes and on which legal basis will my data be used?

Depending on the type of business relationship or interaction with you we collect and process different categories of personal data.

In most cases there will not be an obligation that you disclose certain information about yourself to us. We may be required to collect certain personal data about you either by law or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.

The categories of information we collect include:

– Personal details (e.g., name, title, employer or organization, or similar professional or employment related information);

– Contact details (e.g., phone number, email address, postal address, or similar identifiers);

– Commercial information about your organization (e.g., annual operating budget, number of board members, number of committee members);

– Payment information, such as information required for payment processing or fraud prevention, including credit card information and card verification numbers;

– Demographic information (e.g., age, sex, etc., including protected classifications);

– Education or employment information (e.g., education status, degree information, previous employers, or similar information);

– Information we collect automatically from you or your device, including internet or other electronic network activity data collected using cookies and other device identifying technologies. Additional information about our use of cookies and tracking technologies is available in the Brainloop Cookie Policy;

–  Account information (such as user ID, contact details, answers to security questions, or similar identifiers);

– Commercial information about your usage of our services or the websites (such as support requests, recordings of or information from phone calls with our sales or support teams, or information provided to us to resolve such support requests); and

– Inferences drawn from any of the above information;

We collect information about you either directly from you, from your employer or organization and/or from our business partners, from other Brainloop group companies or other companies of the Diligent group affiliated with Brainloop, or from publicly available sources, information databases or credit agencies.

Below we set out additional information about which data we collect from you, and for which business or commercial purposes and on which legal basis we use such data.

4.1 Processing of personal data in connection with the use of the Website www.brainloop.com

The website www.brainloop.com (“Website“) is provided to you by Brainloop AG. Below we inform you which data Brainloop AG collects and processes when you use the Website, for which business or commercial purposes such data is used and on which legal ground the processing of your data is based. Please also note the additional information relating to the processing of your data in sections 5 to 9 of this Privacy Notice.

(a) Data about Website access (log files)

You can generally visit the Website without providing any personal data about yourself. In this case Brainloop AG only collects and stores data about your Website access which will automatically be transmitted from your browser to Brainloop AG when you access the Website.

This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

Please see the Brainloop Cookie Policy for further information on how Brainloop AG uses such data.

Brainloop AG processes your personal data on the basis of its legitimate interests in ensuring the security of the Website and optimizing the Website and services Brainloop AG offers to you, and in improving marketing, analytics, or site functionality (Art. 6(1) lit. f) GDPR).

In addition, Brainloop AG uses cookies on the Website that store information about your settings or usage behaviour on the Website (see section 4.1(c) and the Brainloop Cookie Policy).

(b) Contact information, communications, downloads, free trial access

The Website offers you the possibility to contact us through different ways, such as to submit enquiries in relation to our products and services, to request our whitepapers or other information, or to register for a free trial access.

If you use the web forms on the Website for this purpose, you have to provide information marked with an asterisk as mandatory (e.g. details about your person or your email address). We need the mandatory information to be able to efficiently process your request. In addition, you can optionally disclose further information (such as title, branch or your message). This optional information helps us to better attributing your request and to process it more efficiently.

If you contact us via the contact details provided on the Website (e.g., by telephone or email), we will process the personal data that you disclose to us and/or that you submit due to the type of your request.

If necessary to process your request, Brainloop AG may share your personal data with other Brainloop group companies, in particular if requests are made with respect to Brainloop products and services from other countries.

We process the personal data that we receive through the different communication channels for the processing of your request. In this respect, the processing is based on the necessity of the processing for purposes of our legitimate interests in ensuring efficient and user-friendly communication and processing of your request, in analysing and optimizing our processes and in enabling a reliable documentation for evidentiary purposes (to the extent necessary for the establishment, exercise or defense of legal claims) (Art. 6(1) lit. f) GDPR). The processing of your personal data in the context of the establishment of a contract is further based on the necessity of the processing in order to take steps at your request prior to entering into a contract in order to make a decision about establishing the contract with you (Art. 6(1) lit. b) GDPR).

In addition, we may process your data to the extent we are under a legal obligation (Art. 6(1) lit. c) GDPR) or the processing is necessary for the establishment, exercise or defense of legal claims (Art. 6(1) lit. f) GDPR). Furthermore, we may use the data we receive from you on the basis of our legitimate interests (Art. 6(1) lit. f) GDPR) for marketing purposes (see section 4.2 below).

(c) Cookies, Social Plug-Ins, Analysis-, Tracking- and Retargeting-Technologies

Brainloop AG uses “cookies” in order to make your visit to the Website as pleasant as possible and to enable you to utilize all of its functions. A cookie is a text file that is temporarily saved on your computer when you visit the Website. Brainloop primarily uses “session cookies” on the Website which will be deleted when you end your session and close your browser. In addition for certain functionalities, Brainloop AG also uses “permanent cookies” which will be stored beyond your session until the storage period expires or the cookies are deleted from your device. For the storage period of the cookies used by us, please see the Brainloop Cookie Policy.

Most of the cookies used on the Website are technically necessary to operate the Website and/or provide the functionalities offered on the Website (so-called “essential website cookies”). To the extent that these cookies can be attributed to your person, the processing of your data will be based on the necessity to process the data for purposes of Brainloop AG’s legitimate interests (effective and secure provision of the functionalities and services on the Website) (Art. 6(1) lit. f) GDPR).

To the extent that you have provided your consent via the cookie banner (or at a later point in time via our cookie tool on our Website), Brainloop AG will further place cookies for performance and functionality purposes (“performance and functionality cookies”), for purposes of analyzing usage behavior (“analytics cookies”), and for displaying personalized marketing content, including for retargeting and remarketing purposes (“advertising cookies”). In addition, Brainloop AG places cookies for purposes of enabling interaction with social networks (“social networking cookies”; see also section 4.1(e) below). These different types of cookies are not strictly necessary to provide the functionalities and services offered on the Website but help Brainloop AG to provide you with a more comfortable and attractive user experience and to display targeted content which is of interest to you. Please see the Brainloop Cookie Policy for more information on the different types of cookies used by Brainloop AG, for which purposes such cookies are used, and on the options available to you with respect to the use of cookies. To the extent Brainloop AG processes your personal data in connection with the use of the above cookies, it relies on your consent (Art. 6(1) lit. a) GDPR). You can withdraw your consent in full or in part, or change your cookie settings, at any time via the cookie settings in the cookie tool on the Website or the opt-out links in the Brainloop Cookie Policy. The withdrawal of your consent does not affect the lawfulness of the processing of your personal data until withdrawal.

Most of the cookies used on the Website will be placed by Brainloop AG itself (so-called “first-party cookies”). However, Brainloop AG works together with third party service providers (e.g. for analysis and marketing purposes or to integrate social-plugins) which also place cookies on the Website (so-called “third-party cookies”). Please see the Brainloop Cookie Policy to learn more about the service providers and partner companies Brainloop AG works with and for information on whether third parties have access to the cookie information.

(d) Links to Other Sites

The Website includes links to other websites whose privacy practices may differ from the practices of Brainloop AG. If you submit personal data to any of those sites, your information is governed by their privacy policies. We are not responsible for the privacy practices or the content of any sites to which our Website provides links. We encourage you to carefully read the privacy policy of any site you visit.

(e) Social Media Features

The Website includes social media features, such as the Facebook Like button, and widgets, such as the Share button, or interactive mini-programs that run on the Website (the “Features”). To protect your privacy, Brainloop AG has implemented technical solutions for these features that prevent that any data (e.g., your IP-address) will be transferred to the respective providers of the Features upon mere opening of the Website. Please note, however, that these Features may collect your Internet protocol address, which page you are visiting on the Website, and other information, in case you interact with the corresponding Features. In addition, the respective providers may set cookies to enable the Features to function properly or to collect further information about your use of the respective Features (see also section 4.1(c) above). Please also see the Brainloop Cookie Policy to learn more about those cookies. The Features are either hosted by a third party or hosted directly on the Website. Your interactions with these Features are governed by the privacy notice of the provider providing these Features. Brainloop does not exercise influence over the data collected by such providers and their respective use, and does not have access to the corresponding data.

You can access further information about the Features and the corresponding providers, and exercise your rights, under the following links:

– Facebook (facebook.com): The Facebook Features are provided to you by Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA). You can find the Facebook’s privacy policy under: https://www.facebook.com/about/privacy. Facebook is certified under the Privacy Shield (see www.privacyshield.gov/list).

– LinkedIn (linkedin.com): The LinkedIn Features are provided to you by LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; parent company: LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085). You can find the LinkedIn’s privacy policy under: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield (see www.privacyshield.gov/list).

– YouTube (youtube.com): The YouTube Features are provided to you by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). You can find Google’s privacy policy under: https://policies.google.com/privacy. Google is certified under the Privacy Shield (see https://www.privacyshield.gov/list).

– XING (xing.com): The XING Features are provided to you by XING (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany). You can find XING’s privacy policy under: https://privacy.xing.com/de/datenschutzerklaerung.

4.2 Processing of personal data relating to prospects and other individuals interested in our products and services for marketing purposes

Below we inform you about the data we process for marketing purposes about you as prospect or other individual interested in our products and services, how we process your data and on which legal ground the processing of your data is based. Please also note the additional information relating to the processing of your data in sections 5 to 9 of this Privacy Notice.

You may sign-up for our email newsletter service on the Website to receive information about technology-supported governance solutions and current trends and developments with respect to the products and services offered by Brainloop group companies and Diligent group companies affiliated with Brainloop (listed here). The newsletters will be sent by the Brainloop group companies (Brainloop AG, Brainloop Austria GmbH, Brainloop Switzerland GmbH) and by Diligent Corporation.

In the context of your newsletter sign-up, any mandatory information to be provided is indicated with an asterisk. You can optionally provide further data. Such data is not necessary to sign-up for the newsletter but helps us to set up the newsletter service more efficiently and in a more targeted manner. You can also sign-up for the newsletter in other ways, such as by requesting our e-mail newsletter via telephone or in the context of another interaction with us.

The Brainloop group companies and Diligent Corporation use a technical service provider for sending the newsletter. For measuring effectiveness, this service provider will collect information about your usage of the marketing emails sent to you via so-called tracking pixels or similar technologies (e.g., whether you have received or opened the emails, and whether you have clicked on links or content in the emails). The Brainloop group companies and Diligent Corporation will analyze the information to better understand our users’ interests and preferences, to optimize our newsletter service and to tailor the content of our marketing emails in accordance with our users’ interests. To the extent  that the analysis is carried out for statistical and aggregated capturing and analysis of the reading and usage behavior as well as interests of the users, without any personalization of the emails on the basis of your individual data, the processing of personal data will be based on our legitimate interests in analyzing the interactions of our email recipients for the above purposes (Art. 6(1) lit. f) GDPR).

By signing-up for our newsletter, you consent that the Brainloop group companies (Brainloop AG, Brainloop Austria GmbH, Brainloop Switzerland GmbH) and Diligent Corporation may process the data you provided in the context of your sign-up (e.g. name, surname, email address) for marketing purposes in order to regularly inform you via email about technology-supported governance solutions and current trends and developments with respect to the products and services offered by the Brainloop group companies and its affiliated Diligent group companies (listed here). The content of our newsletter may be tailored to your interests based on the analysis of your newsletter usage and the newsletter service may be optimized accordingly as set out above. By signing-up for our newsletter you consent to the related processing of your personal data (including the capturing and analysis of usage behavior).

Providing you with the newsletter may require that your personal data will be stored and processed by Diligent Corporation in the USA. The USA may not provide for the same level of data protection as considered adequate in Europe. However, we have taken appropriate measures to ensure that your personal data will at all times be adequately protected in accordance with legal requirements (see section 5 and 6).

A confirmation email is sent to the email address first entered for information mailing in a double opt-in process for legal reasons. We also send a confirmation email to prospects who contact us via a web form. This confirmation email serves to check whether the owner of the email address has authorized receipt of the information email.

Your sign-up for our newsletter or receipt of other marketing information will be recorded to prevent misuse and to document and provide proof of our sign-up process according to legal requirements. The recording takes place on the basis of our need to process the data for purposes of our legitimate interests in complying with legal requirements and ensuring a legally compliant and user friendly sending of our email communications (Art. 6(1) lit. f) GDPR). Any processing of personal data in connection with the personalization and sending of the newsletter (including any analysis of your usage behavior in connection with the usage of the marketing emails sent to you) will be based on your consent (Art. 6(1) lit. a) GDPR). You are free to provide your consent. You can withdraw your consent at any time with effect for the future by clicking on the “unsubscribe”-link at the end of each of our newsletter emails or by sending an email to marketing@brainloop.com.

Without your consent, a Brainloop group company will only contact you for marketing purposes via email if the respective group company has received your email address from you in connection with the sale of a product or services, the marketing content in the email relates to similar products or services (including customer satisfaction surveys) and you have not objected to the use of your email address. You can object to the use of your email address at any time, without costs to you other than for the transmission of your objection on the basis of the standard rates of your telecommunication service provider. The related processing of your personal data will be based on our legitimate interests in marketing our products and services (Art. 6(1) lit. f) GDPR).

If you otherwise communicate with Brainloop for purposes of receiving information about our products and services (e.g., if you contact us by email or telephone, or interact with one of our employees in the context of an event or exhibition), we collect the data that we receive from you in connection with this interaction. If you have provided your consent we will process such data to send you marketing information about the products and services offered by Brainloop and its affiliated Diligent group companies (see here) via your preferred channel (via email, fax and/or telephone). You can withdraw the consent provided to us at any time with effect for the future by contacting us via the contact details set out in section 2.

In addition, we may use your data to the extent permitted by law for the postal sending of marketing information on the products and services offered by Brainloop or its affiliated companies of the Diligent group (see here). You can object to this use of your data for marketing purposes at any time with effect for the future. Further information on the right of objection can be found in section 9.

4.3 Processing of personal data relating to customers, suppliers and other business partners

If you or the company you work for or you represent are a customer, supplier, distributor or other business partner of Brainloop or an affiliated company of the Diligent group, we may collect the following data about you:

– contact information, such as first and last name, title, job description, department, company/organization, business address, business phone number, business mobile phone number, business fax number and business email address;

– order, service and contract data, including revenue information and payment terms;

– payment and billing information, such as information required for payment processing or fraud prevention, including credit card information and card verification numbers, as well as bank and account data, tax numbers, and billing addresses;

– history of orders, transaction and business interactions as well as commercial information about the use of products and services;

– other information the processing of which is necessary for a project or the handling of a contractual relationship with Brainloop or which is voluntarily provided by you or your company, e.g., in connection with orders, inquiries or project details;

– personal data that we collect from publicly available sources, information databases or from credit agencies;

– where legally required as part of compliance screenings: date of birth, ID card and ID card numbers, information on criminal convictions, relevant court proceedings and other legal disputes in which you or your company is involved.

There is no legal or contractual obligation for you to provide us with your data. However, if you do not provide your data it may be that the business relationship between Brainloop and you or your company cannot be established or performed.

We process your data for the following business and commercial purposes and according to the following legal bases:

– Planning, execution and administration of the (contractual) business relationship between Brainloop and you or your company, e.g., to process orders for products and services, for accounting, billing and auditing purposes, including the collection of debts and enforcement of claims, as well as to perform deliveries, services, customer service and maintenance activities. As far as the business relationship exists between Brainloop and you personally, we rely on the necessity of the processing for the performance of the contract with you or in order to take steps at your request prior to entering into a contract with you (Art. 6(1) lit. b) GDPR). As far as the business relationship exists between Brainloop and your company, we rely on our legitimate interests in the establishment, performance and handling of the business relationship with your company (Art. 6(1) lit. f) GDPR);

– Safeguarding our legitimate interest in an effective and service oriented care of our business contacts, including on the basis of historical commercial information (customer relationship management) (Art. 6(1) lit. f) GDPR);

– Safeguarding our legitimate interests in communication with you in connection with the business relationship between Brainloop and you or your company, e.g., when we inform you about changes to our terms and conditions or when you contact us with questions (Art. 6(1) lit. f) GDPR); for advertising communication with you, see section 2;

– Safeguarding our legitimate interests in market analysis, quality assurance and product and service improvement (Art. 6(1) lit. f) GDPR);

– Ensuring compliance with our statutory retention obligations under commercial and tax law (Sec. 257 HGB, Sec. 147 AO) as well as other legal obligations of Brainloop (Art. 6(1) lit. c) GDPR);

– Safeguarding our legitimate interests in ensuring and documenting compliance with legal requirements and establishing, exercising and/or defending of legal claims (Art. 6(1) lit. f) GDPR);

– Safeguarding our legitimate interests in the marketing of our products and services, in particular, in order to build a profile of you and place you or your company in particular marketing segments in order understand your preferences better and to appropriately personalise the marketing messages we send you (Art. 6(1) lit. f) GDPR). It is in our legitimate interests to provide more relevant and interesting advertising messages. Where necessary, we will obtain your consent before we create profiles and send marketing messages (Art. 6(1) lit. a) GDPR) (see also section 2).

If you or your company are a customer of Brainloop, we also process your data for the following purposes:

– Posting of customer testimonials on our websites, which might contain personal data about you. Before posting the testimonial, we will obtain your consent via email that we may post your name, title and name of your company along with the testimonial (Art. 6(1) lit. a) GDPR). If you wish to update or delete the testimonial containing your data, you can contact us at marketing@brainloop.com.

Insofar as we base the processing for the aforementioned purposes on your consent, you can withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

Please also note the additional information relating to the processing of your data in sections 5 to 9 of this Privacy Notice.

4.4 Processing of personal data relating to applicants

We process your personal data for the purposes of your application for employment, in so far as it is required for the decision on employment. The legal basis is § 26(1) and (8) of the German Federal Data Protection Act (FDPA). This applies to data in connection with your application, such as data on your identity (first and last name, address, contact information), information on your professional qualifications and education, information on professional training, or other information that you provide to us in connection with your application. In addition, we may process professional information that you have made publicly available, such as on profiles in social media networks.

Further, we may process your personal data to the extent necessary to defend against legal claims arising from the application process. The legal basis is Art. 6(1) lit. f) GDPR.

Should an employment relationship be established between us, we may process your personal data already received for the purposes of the employment relationship as well, if required for carrying out or terminating the employment relationship (legal basis: § 26(1) FDPA).

Please also note the additional information relating to the processing of your data in sections 5 to 9 of this Privacy Notice.

 

5. Who will my data be disclosed to?

Brainloop ensures a high level of security when disclosing your data. We have disclosed the following categories of personal data for a business purpose in the past 12 months:

– Personal details;

– Contact details;

– Commercial information about your organization;

– Payment information;

– Demographic information;

– Education or employment information;

– Information we collect automatically from you, including internet or other electronic network activity data collected using cookies and other device identifying technologies;

– Account information;

– Commercial information about your usage of our products and services or the websites; and

– Inferences drawn from any of the above information.

We disclose your personal data in the below scenarios to the following categories of third parties and other recipients:

5.1 Service providers, business partners and affiliates (as processors):

We transmit your data to partner companies and other service providers, including Brainloop’s affiliates of the Diligent group (in particular, Diligent Corporation, USA), which have been carefully selected beforehand and which are contractually obliged as data processors in accordance with the relevant data protection regulations. For instance, we may share your personal data with our service providers and affiliated companies that perform marketing services and other business operations for us. These companies may only use your personal data to the extent necessary to provide the services requested by us. Your data will neither be sold to third parties nor marketed in any other way. An up-to-date list of all partner companies and service providers is available upon request from Brainloop under the contact details listed in section 2.

5.2 Brainloop group companies and other affiliates of the Diligent group (as controllers):

Brainloop further uses – as described in sections 2(b) and (c) below – global systems provided by affiliates of the Diligent group as well as group-wide integrated business services and functions provided by employees in various companies of the Diligent group affiliated with Brainloop (including Brainloop AG, which performs centralized tasks for the markets in Germany, Austria and Switzerland). For this purpose, Brainloop will share your data with the other Brainloop group companies and further companies of the Diligent group affiliated with Brainloop, in particular Diligent Corporation, USA (1385 Broadway, 19th Floor, New York, NY 10018). Diligent Corporation and affiliated companies of the Diligent group (including the Brainloop group companies) will process the personal data as controllers within the meaning of the GDPR. You can find the contact details of the Brainloop group companies in section 2. A list of other companies within the Diligent group with which – to the extent necessary for the purposes described in Section 5.2(b) and (c) – your personal data may be shared can be found here.

(a) The disclosure of your data as described above includes, in particular, contact information (such as name, title, job description, department, e-mail address, company name, address, telephone number), data necessary for accounting and billing purposes, data collected and processed as part of Customer Relationship Management, including historical commercial information, (see section 3 above), information about the use of our products and services as well as use of the website, including cookie information and tracking and web-analysis data (see section 4.1 above), or data collected and processed by or for marketing purposes (see section 4.2 above).

(b)The data transfer takes place for purposes of the legitimate interests of Brainloop and of its affiliates of the Diligent group, including the other Brainloop group companies, in ensuring an efficient and cost-effective provision of group wide uniform business services and functions in an integrated, worldwide organizational structure, including the provision of global systems and functions for central storage and processing of personal data. This includes, in particular, the disclosure and processing for the following purposes:

– to process your requests and provide the services offered on the website. This is especially necessary when Brainloop products and services are requested from other countries;

– to prepare and handle the contractual relationship with customers, suppliers and business partners;

– to purchase centrally supplier and business partner services and to manage and maintain the related business relationships;

– to handle customer support via centralized processes and ticketing-systems;

– to store your data for accounting and billing purposes in a central customer database;

– for Customer Relationship Management purposes;

– for statistical evaluations to ensure and continuously optimize the smooth operation of the offering;

– internal reporting, customer and market insights, quality assurance and service optimization;

– to support, prepare, optimize and carry out marketing measures.

(c) The applicant data collected by Brainloop (see section 4 above) will be shared, for example, for handling of the application procedure, the centralized management of applicant data, and the implementation of personnel planning and development measures concerning several companies of the Diligent group, including the other Brainloop group companies.

(d) This Privacy Notice applies mutatis mutandis to the processing of your personal data by the other Brainloop group companies that receive your personal data from Brainloop within the context of providing the above-mentioned services and functions.

(e) To the extent that Diligent Corporation or other companies of the Diligent group affiliated with Brainloop (see here) receive your data within the context of providing the above-mentioned services and functions, the Diligent Privacy Policy of Diligent Corporation and its group companies shall apply (which can be found here). The Diligent Privacy Policy describes how Diligent group companies (with the exception of the Brainloop group companies) collect, process, share and secure your personal data, and your related rights. It also describes your choices regarding use, access and correction of your personal data.

5.3 Law enforcement agency, court, regulator, government authority or other third party:

We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party, for example if we are obliged to cooperate with government authorities in the context of legal investigations. Where permitted by law or regulation and reasonably practicable, we will attempt to notify you of such requirements.

5.4 Asset purchasers:

We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Notice. You will be notified via email and/or a prominent notice on the websites of any change in ownership or uses of your personal data.

 

6. Will my data be processed also in countries outside the EU/EEA?

Brainloop takes the security and protection of your personal data very seriously. To the extent Brainloop transfers your personal data to countries outside the European Union (EU), the contracting states of the European Economic Area (EEA) or Switzerland (so-called “Third Countries“), Brainloop has – to the extent required – put into place appropriate safeguards (such as contractual commitments) to ensure that your personal data will always be protected adequately and in accordance with legal requirements. For more information on the appropriate safeguards in place, please contact us at the contact details set out in section 2.

To the extent we engage service providers or business partners (including Diligent group companies affiliated with Brainloop) as processors which are located in Third Countries for which there has not yet been an adequacy decision from the European Commission, your data will only be transferred if suitable guarantees in accordance with Art. 46 GDPR have been put in place with the processor to ensure an adequate level of data protection. This is done in particular through entering into an agreement on the basis of the EU standard contractual clauses for processors approved by the EU Commission (Commission decision of 5 February 2010, C(2010)593) pursuant to Article 46(2) lit. c), (5) GDPR. A copy of the measures implemented by us is available upon request from Brainloop at the contact details set out in section 2. In addition, an up-to-date list of all partner companies and service providers, and the Third Countries in which your personal data are being processed, is available upon request from Brainloop at the contact details set out in section 2.

To the extent we disclose personal data to companies of the Diligent group affiliated with Brainloop as controllers and these companies are located in Third Countries that do not provide for a level of data protection as considered adequate by the European Commission, we will ensure by means of an intra-group agreement on the basis of the standard contractual clauses for controllers approved by the EU Commission (Commission decision of 27 December 2004, C(2004)5271) that your data will be processed and protected in accordance with legal requirements by the respective recipient of the Diligent group (Art. 46(2) lit. c), (5) GDPR). Please contact Brainloop at the contact details set out in section 2 to learn more about the recipients of your personal data and the Third Countries in which your personal data are being processed, and, as applicable, to receive a copy of the measures taken.

Diligent Corporation further participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Diligent Corporation is committed to subjecting all personal data received from European Union (EU) Member States, the United Kingdom (UK) and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework and to view Diligent Corporation’s certification, visit the US Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov/list.

 

7. How will my personal data be protected?

We implement comprehensive technical and organizational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at fully ensuring the ongoing integrity and confidentiality of personal data. We evaluate and improve these measures on a regular basis to ensure the security of the processing permanently.

 

8. How long will my personal data be stored?

Except as expressly indicated otherwise in this Privacy Notice, your personal data will be stored by us only for as long as necessary for the respective purpose for which we collect and process your personal data.

The below data categories will be stored as follows:

Data in connection with website usage:

– Data about website access (log files): The data about website access collected in the context of your use of our Website (see section 1(a) above) will be completely deleted or anonymized by shortening your IP-address at the latest after seven days, except in case a longer storage is necessary to achieve the purposes to be fulfilled with the data and the storage can be justified based on your consent or another legal basis.

– Contact data, communications, downloads, free trials: Your personal data disclosed to use in the context of a contact, such as an enquiry, the request for information, or the registration for a free trial (see section 1(b) above) will be stored by Brainloop only for as long as necessary for the complete processing and handling of your request. We may further store your personal data to the extent necessary for managing the customer relationship with you as customer, supplier or business partner (see section 4.3 above) or as an individual interested in our products and services (see section 4.2 above) (for the respective storage period see also below in this section 8).

– Usage data (cookies): To the extent Brainloop AG uses cookies to collect usage data that allow to attribute the information to your person, Brainloop AG will only store such data for as long as necessary to provide the relevant functionalities and services or to achieve the purposes to be fulfilled with the relevant cookies. Please see the Brainloop Cookie Policy for information on the storage period of the cookies used.

Data relating to prospects and other individuals interested in our products and services:

We will keep your personal data for the duration of our business relationship with you or your company with regard to the marketing purposes set out in section 4.2 above. Once your data is no longer required for these purposes, or you withdraw your consent to the use of your data for marketing purposes or you object to the processing of your data for marketing purposes, we will delete your data, unless your data is required also for other purposes set out in this Privacy Notice or the further storage is necessary for one or more of the following purposes:

– Comply with data retention requirements under the law;

– Establish, exercise or defend any existing or potential legal claims; and

– Deal with any complaints regarding our products and services.

We will delete your personal data entirely from our systems when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely, we will put in place appropriate measures to prevent any further processing or use of the data.

Customer, supplier and business partner data:

We will keep your personal data for as long as we have a relationship with you. Once our business relationship with you has ended, we will delete your data, unless it is required for one or more of the following purposes:

– Maintain business records for analysis and/or audit purposes;

– Comply with data retention requirements under the law;

– Establish, exercise or defend any existing or potential legal claims;

– Deal with any complaints regarding our products and services; and

– Enforce our commercial agreements.

We will delete your personal data entirely from our systems when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely, we will put in place appropriate measures to prevent any further processing or use of the data.

Applicant data:

Applicant data are stored as long as necessary for the decision regarding your application. If no employment relationship is established between us, your application data are deleted four months after the negative decision is announced, if a longer period of storage is not required to avoid litigation.

Your data will be deleted in accordance with our deletion routines once the corresponding storage periods set out above have expired, except in case we are under statutory data retention obligations (in particular according to commercial and tax law requirements) or a longer storage is necessary in the individual case for purposes of our legitimate interests (interests in ensuring compliance with legal obligations and/or in the establishment, exercise or defense of legal claims).

 

9. Which rights do I have?

To the extent you are affected by the data processing carried out by Brainloop you have the right in accordance with applicable legal provisions:

– to obtain information on the personal data processed concerning you and to obtain a copy of such data (right of access);

– to obtain the rectification of any inaccurate personal data and, having regard to the purposes of the processing, the completion of incomplete personal data (right to rectification);

– if there are legitimate reasons, to request the deletion of the personal data (right to erasure);

– to request the restriction of the processing of the personal data, if the legal requirements are met (right to restriction of processing);

– if the legal requirements are met, to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transfer this personal data to another controller or, if technically feasible, to have it transferred by Brainloop (right to data portability); and

– not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met. An automated decision making process is not carried out by Brainloop.

You also have the right to object, in accordance with the statutory provisions, to the processing of personal data, which is necessary for the purpose of Brainloops’s legitimate interests, on grounds relating to your particular situation (right to object). If your personal data is processed by Brainloop for direct marketing purposes, you have the right to object to this processing at any time, without any special reason.

If the data processing is based on consent you can withdraw the consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing of your personal data until withdrawal.

In order to exercise your rights (including the withdrawal of your consent), as well as in the event of questions regarding the processing of your personal data, please contact the respective Brainloop group company or the data protection officer of Brainloop AG (if your request is directed to this company) at any time using the contact details set out in section 2 above.

Without prejudice to any other remedies, you also have the right to lodge a complaint with a supervisory authority at any time.

Subject to applicable law, you may freely exercise your rights without fear of being denied goods or services. If you are a California resident, we may, however, provide a different level of service or charge a different rate reasonably relating to the value of your personal data.