1. General Information
Thank you for visiting our website bpanda.com. Security and protection of our customers’ and users’ data is our highest priority. We have set out our website and business processes in such a way that the least possible personal data is collected or processed. The following data protection declaration explains which information we collect during your visit to our website and which parts of this information are used and how. You can read how your personal data is handled below.
This website uses an SSL or TLS encryption for security reasons and to protect your personal data and other confidential content (e.g. requests to the controller). The “https://” string and the lock icon in your browser indicate that the connection is encrypted.
2. Log Files
We process access data (your IP address in particular) on our website for statistical evaluation for company use, security and improving our website. This enables us more effective presentation of our website and to identify errors. We record access data when our site is accessed and save it in a log file:
- Name of the web page accessed
- Date and time access
- Data recorded / message about successful access
- Browser type and version
- Operating system
- Referrer URL
- Requesting provider / your IP address
We cannot identify you using this data. Log data is regularly deleted, no later than 7 days after it was recorded. Legal grounds for processing the data is in our legitimate interest for the purpose of Art. 6 Par. 1 (f) of the GDPR.
3. Cookies
Our site uses so-called “cookies”. These are text files which are used by our website to make your visit quicker and easier; they enable access to secure areas of our website.
Depending on where a cookie originated from, you can differentiate between a first-party and third-party cookie:
First Party Cookies | Cookies created and locally stored by website operators for processing controllers or a processor commissioned by the controller. Only the operator can access these cookies. |
---|---|
Third Party Cookies | Cookies created, set and accessed by third-party suppliers; these are not used as processors for website users. |
Depending on the validty period of the cookies, a distinction can be made between transient and persistent cookies:
Transient Cookies | Cookies which are automatically deleted when you close the browser. These refer to session cookies in particular. |
---|---|
Persistent Cookies | Cookies that remain stored on your end device for a specified period of time upon closing the browser. |
Depending on their property and purpose of use, user permission may be required for use of certain cookies. You can also differentiate between cookies which require obligatory user permission:
Cookies (Consent Not Required) | Cookies that are essential for the website operator to provide the service required (“essential cookies”). |
---|---|
Cookies (Consent Required) | Cookies that are used for all other purposes than those mentioned above („non-essential cookies“). |
If user permission is required, then we only use precisely these cookies if you previously granted permission to do so. A “cookie banner” appears when you access our website, where you can click a button to grant permission for using cookies.
Necessary cookies cannot be deactivated via this website's cookie banner. However, you can manage and deactivate these cookies in your general browser at any time.
4. Third Party
We use various third party services to provide our services and continuously improve; personal data must be processed for this purpose.
For example, our website uses tracking technology so that we can measure, assess and continuously improve. We can also identify and avert fraud and security risks to protect our users and partners.
4.1. Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4. Ireland (“Google”). Google Analytics uses cookies for analyzing how you use the website. Google uses this information on our behalf to evaluate how the user uses our online offer, to compile reports about activities carried out within this online offer and to deliver information about the use of this online offer and internet use of linked services. Pseudonym user profiles may be created from the processed data.
Your data protection is our top priority, this is why we have employed a configuration parameter “anonymizeIP” alongside Google Analytics. The code records your IP address as truncated. Your personal usage data is kept anonymous in Google Analytics. Google will truncate the user’s IP address within European Union member states or in other contracting states in the European Economic Area. The user’s IP address communicated via the browser will not be associated with other data held by Google.
Information about how you use our websites created by the cookie is normally transferred to a Google server in the USA.
Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR, if you’ve given your consent for our banner to be used. You can retract your consent at any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.
You can find more information about Google’s data use, setting options and appeal options under Google’s privacy policy, as well as settings for Google advertisements. You can find more information about terms of use of Google Analytics and data protection law here.
4.2. HubSpot
We use services provided by the software HubSpot. HubSpot is an American software company with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).
HubSpot is a service platform. The service used is an integrated software solution for managing customer data and various aspects of our online marketing. This includes analysis of the landing pages and reporting. “Web beacons” are used for this and cookies are stored on your device used.
This enables e.g. the following personal data to be collected:
- IP address
- Geographical location
- Type of browser
- Duration of the visit
- Accessed pages
The recorded information and website content is stored on our software partner HubSpot’s servers in Ireland. We use HubSpot for analyzing use of our website. This enables us to continuously improve our website and make it user-friendly. We also use information to determine which services we provide are of interest to our customers and newsletter subscribers and to contact them for these advertising purposes. We also use this information to improve website use for you.
We only use your IP address in truncated form. HubSpot truncate the user’s IP address within European Union member states or in other contracting states in the European Economic Area. Full IP addresses are rarely sent to a HubSpot server in the USA and truncated there.
Cookies have a typical service life of 13 months. We delete all personal data collected via HubSpot as soon as the purpose the data was collected for has been obtained, as long as this does not infringe any legal requirements.
Information about how you use our online offer created by the cookie is normally also transferred to a Google server in the USA and stored there.
Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR, if you’ve given your consent for our banner to be used. You can retract your consent at any time. To do so, please follow this link and make the necessary changes to the settings using this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.
You can find more information about HubSpot functions in the HubSpot Inc. privacy policy.
4.3. CRM system from salesforce.com
We use the CRM system of the provider Salesforce. Salesforce.com is represented in Germany by: Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. The address of the US parent company is: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.
We use Salesforce.com as a management system for customer contact data, potential new customer contact data and for customer support. Personal data is collected, processed and stored in the process. A limited number of authorized users have access to the database as necessary to search for business information about customers and potential new customers or to process support requests.
Salesforce.com uses the personal data only for technical processing and does not share it with third parties. Your data may be stored and processed by Salesforce.com on servers in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)). Salesforce.com acts as a processor for us and acts exclusively according to our instructions. MID GmbH has entered into appropriate contractual agreements with Salesforce.com to comply with the relevant legal requirements.
Salesforce.com is a certified licensee of the TRUSTe Privacy Seal and is also certified under the EU – US Privacy Shield regulations. This provides Salesforce.com with an additional guarantee of compliance with European data protection law where data is processed in the US.
Salesforce.com’s privacy policy applies and can be found at the following URL: https://www.salesforce.com/company/privacy/.
4.4. Whatfix
Whatfix is a platform which supports us in providing interactive step-by-step instructions, tutorials and onboarding programs for our web tool, Bpanda. It allows us to create support directly on our web applications interface.
Whatfix elements, such as pop-ups, tool tips and visual instructions are integrated into our web applications to give users a clearer understanding of how to use the application.
Whatfix is a platform which supports us in providing interactive step-by-step instructions, tutorials and onboarding programs for our web tool, Bpanda. It allows us to create support directly on our web applications interface. Whatfix elements, such as pop-ups, tool tips and visual instructions are integrated into our web applications to give users a clearer understanding of how to use the application.
The following user data is stored on MID GmbH servers within the framework of use by Whatfix:
- User identifiers: A generated user ID uses identifiers per user to follow a user’s activities and provide them with personalized help. The person cannot be traced.
The following data is stored on Whatfix Private Limited servers:
- User identifiers: A generated user ID uses identifiers per user to follow a user’s activities and provide them with personalized help. The person cannot be traced.
- Interaction data: Information about user interaction with Whatfix elements, including the number of clicks, navigation steps, help pages accessed etc. The person cannot be traced.
- Metadata: Information about the platform, browser, device type and operating system used to ensure compatibility and performance of Whatfix. The person cannot be traced.
We have a legitimate interest in analyzing the fundamental behavior of users of Bpanda within the framework of the free trial account, enabling us to improve our technical and commercial offers. The legal basis for this is par. 6 sec. 1 f of the GDPR (legitimate interests). This behavior cannot be traced back to individual users.
You can find further information about Whatfix data protection online in their security framework (https://whatfix.com/security-framework-policy/).
5. Social Plug-Ins
We use social plug-ins from various providers of social networks. Social plug-ins enable website content to be distributed via social networks. You can find social plug-ins from various internet services on this website. The details page contains information about these individual plug-ins and examples of their use and integration.
5.1. Google Web Fonts
Our website uses web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) to ensure standardized font display.
When a site is accessed, your browser loads the necessary web fonts into your browser cache so that text and fonts can be correctly displayed. Your browser must connect to the Google servers for this purpose; personal data may need to be sent to the Google LLC servers in USA for this.
It is not possible to ensure an adequate level of data protection in view of Google LLC and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or you being able to appeal this. We cannot influence to what extent Google will process your data for their own purposes or link it with your other user profiles.
This is why we have integrated Google fonts locally on our web server and not on the Google servers. There is no connection to the Google servers and therefore no data communication and no data is stored. Legal grounds for processing the data is in our legitimate interest for the purpose of Art. 6 Par. 1 (f) of the GDPR.
You can revoke processing of this data at any time using the settings in your browser or certain browser extensions. Please note that this may produce some functional limitations to the website.
You can find further information about Google Web Fonts here and in Google’s privacy policy.
5.2. Google Tag Manager
We use Google Tag Manager, an online advertising program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
This service manages website tags via an interface. Google Tag Manager only implements tags. That means: No cookies are used and no personal data is collected. Google Tag Manager triggers other tags which, in turn, collect data.
Tag Manager is run in your browser, i.e. at the very least, stored as information in your device’s storage.
Data processing is therefore carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR, if you’ve given your consent for our banner to be used. You can retract your consent at any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.
You can find additional information about handling of user data in the Google Tag Manager Use Policy.
5.3. LinkedIn Insights
Our website uses LinkedIn Pixel provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Code implemented on this page can evaluate user behavior of user’s who have accessed this website via a LinkedIn advert. This can be used for improving LinkedIn advert content. This data is collected and stored by LinkedIn. We may view the data collected; the data may only be used within advertisement operation. Cookies are also used by LinkedIn pixel code.
Durch die Nutzung des LinkedIn-Pixels wird der Besuch dieser Webseite LinkedIn mitgeteilt, damit Besucher auf LinkedIn passende Anzeigen zu sehen bekommen. If you have a LinkedIn account and are logged-in, then your visit to this website will be assigned to your LinkedIn user account.
Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR, if you’ve given your consent for our banner to be used. You can retract your consent at any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.
You can find more information about LinkedIn’s data policy here.
6. Social Media
We maintain an online presence on social networks to communicate with active social network users and provide information about us. No direct link between your browser and the respective social network’s server is established when you visit our site. Data is only redirected once you have agreed to data transfer by clicking under private settings. This tool does not automatically transfer user data to these platform operators.
Please refer to the privacy policy and information provided by the operator of the respective network for more detailed information about how your data is handled and options to appeal.
6.1. LinkedIn
Our website uses the LinkedIn network’s “Share Function”. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Clicking on the LinkedIn button takes you to your user account in a separate browser window, as long as you are logged-in to your LinkedIn user account. The plug-in directly connects your browser and the LinkedIn server. LinkedIn receives information that you have visited our website using your IP address. LinkedIn can then assign your visit to our website to you and your user account. We do not have access to the content of the (personal) data sent and have no knowledge as to what LinkedIn does with this information. You can find further information in LinkedIn privacy policy.
6.2. Xing
Our website uses the Xing network’s “Share Function”. The provider is Xing AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Clicking on the Xing button takes you to your user account in a separate browser window, as long as you are logged-in to your Xing user account. The plug-in directly connects your browser and the Xing server. Xing receives information that you have visited our website using your IP address. We do not have access to the content of the (personal) data sent and have no knowledge as to what Xing does with this information. You can find further information in Xing privacy policy.
6.3. Facebook (Fanpage)
We have a fan page on Facebook to share information about MID GmbH activity. We want to provide those interested in our company, customers and applicants with an insight into our corporate culture and activities we are undertaking.
This is an offer provided by Facebook Ireland Ltd (hereinafter referred to as “Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Both we and Facebook are responsible for operation of our Facebook fan page in accordance with Art. 26 of the GDPR. We have an agreement with Facebook as to who is responsible for which obligations regarding data protection. You can view this agreement here (https://www.facebook.com/legal/terms/page_controller_addendum). Facebook is then primarily responsible for providing information about common processing to enable those concerned to exercise their data privacy rights. Irrespective of this, we will inform you of your visit to our fan page.
If you are a Facebook user, then Facebook will collect the data mentioned in the Facebook data protection policy. This is:
- Registration information, such as user name, password, e-mail address
- Profile information, such as first name, last name, telephone number, image
- Log file information, such as web query, IP address, browser type, landing pages,
pages accessed. - Device ID
- Meta data, such as hashtags, geotags, comments
Even if you are not a Facebook user, cookies or small text files may be stored in your browser as identifiers to enable tracking of your user behavior. Facebook user data is normally also processed for market research and advertising purposes. Complex user profiles are created using user behavior (when visiting social media sites); Facebook can use these to show users personalized advertisements both in and out of Facebook. You can find more information about this in the respective data protection policy.
We can analyze use of our Facebook fan page using statistics provided by Facebook. This enables us to continuously improve what is shown on Facebook. Facebook sets our fan page cookies on your device and collects so-called “insight data” about how our fan page is used:
- Information about your visit to our Facebook fan page (your IP address, internet page visited last, file name, URL)
- Information about your Facebook interaction with regard to content (“likes”)
- Your comments, along with the time and date, may be stored
We do not, however, use this information.
You cannot be identified from this insights function and the statistics it provides at any time during your visit to our fan page. As operator, we have no influence over how your data is processed or any other information from Art. 13 of the GDPR, e.g. how long cookies are stored on the user’s device. Primary responsibility for data processing lies with Facebook.
Your data may be passed onto Facebook Inc. (USA) as part of Facebook. This may mean that data is processed outside of the EU or EEA. It is not possible to ensure an adequate level of data protection in view of Facebook Inc. and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or you being able to appeal this. We cannot influence to what extent and whether Facebook will process your data for their own purposes or link it with your other user profiles.
This fan page is run based on our rightful interest in accordance with Art. 6 Par. 1 (f) of the GDPR to provide up-to-date information and interaction for our users and visitors. We recommend that you do not use our fan page in future if you wish to revoke use of embedding. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.
You can find Facebook contact information, settings options for advertisements and data use policy here. You can find further information about our common responsibility with Facebook here.
6.4. YouTube
We use YouTube on our internet pages. This is a video portal provided by YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.
A connection is made to the server in the USA by YouTube as soon as you access one of our internet pages which has a YouTube video embedded in it. This connection is necessary so that the respective video can be played on our internet page via your internet browser. YouTube requires the minimum information of your IP address, the date and time and the internet page you visited. YouTube stores cookies via your internet browser on your device for functionality and behavior analysis purposes.
Your Youtube data is sent to Google Ireland Limited and Google LLC (USA). This may mean that data is processed outside of the EU or EEA. It is not possible to ensure an adequate level of data protection in view of Google LLC and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or you being able to appeal this. We cannot influence to what extent Google will process this data for their own purposes or link it with your other user profiles.
Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR. By clicking on the video you hereby provide your consent to load Google data. Transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR. You can retract your consent at any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner.
You can find more information about this under Cookies. Google provides more information about collection and use of data, as well as your rights and protection options with regard to this in their data protection information.
7. Newsletter
You can register for our newsletter on our website to receive more information. We will only use the information provided by you to send you the newsletter. Our legal grounds for this processing of information is your content in accordance with Art. 6 Par. 1 (a) of the GDPR. You can unsubscribe from our newsletter at any time. We will then delete your consent for the newsletter to be sent and your data will be removed from statistical analysis.
It is not possible to separately delete either just your consent for receiving the newsletter or statistical analysis. You can find a link to unsubscribe at the bottom of each newsletter.
7.1. Transfer of Data to Third Parties – Hubspot
We send our newsletter using a newsletter distribution platform, “Hubspot”, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States.
Your personal data is stored on the HubSpot servers. HotSpot uses this information for sending and analyzing the newsletter in our contract. HotSpot may use some of this data for optimizing or improving their own services, e.g. technical optimization of distribution and visualization of the newsletter or for commercial goals to determine which countries recipients are from. HubSpot does not use our newsletter recipients’ data to write to them or pass on their information to third parties.
The newsletter contains “web beacons”, i.e. a pixel-sized file which is accessed by the distribution provider’s server when the newsletter is opened. This collects technical information, such as information about the browser and your system, as well as your IP address and time of opening the newsletter. This information is used for improving the technical service using technical data or target groups and your reading behavior using the access location (which can be determined using the IP address) or time of access.
Statistical analysis includes determining whether the newsletter was opened, when it was opened and which links were clicked on. This information can be associated to individual newsletter recipients due to technical reasons. However, neither we nor the distribution supplier wish to monitor our users. Analysis is carried out purely to determine the reading habits of our users so that we can better target our content to them or to send different content to our users, depending on their respective interests. Use of a distribution supplier, carrying out statistical analysis and logging registration processes are based on our rightful interest in accordance with Art. 6 Par. 1 (f) of the GDPR.
We are geared towards enabling a user-friendly and secure newsletter system which both serves our business interests and meets the expectations of our users.
You can get more information about HubSpot’s privacy policy directly from them.
8. Contact via E-Mail / Contact Form
You can write us a personal message. We require your first name, last name, company name and e-mail address for the message function. We use this data based on Art. 6 Par.1 (f) of the GDPR so that we can reply to your query. Art. 6 Par.1 (b) of the GDPR may also be considered as a legal basis if your query is based on the execution of pre-contract measures.
You can decide whether you wish to share more information with us. This information is voluntary and is not required for making contact. Data which you voluntarily provided in the form is collected based on Art. 6 Par. 1. (a) of the GDPR. Consent can be revoked at any time.
9. Creation and Use of Bpanda Trial Account
You can register for a free Bpanda trial account on our website www.bpanda.com on the https://bpanda.com/kostenlos-testen/ page.
You must provide the following information when registering and using Bpanda; this information is stored on our servers for the duration of the trial period and used for login purposes and text within the e-mails:
- Title
- First name
- Last name
- Company
If no permanent business relations with MID GmbH have arisen upon completion of the 30 day test account, then your data – including all data created by you within the framework of the trial account – will be deleted from the Bpanda database.
10. Your Rights as a Data Subject
You have various rights of the individual regarding data processing, regulated in the GDPR.
Right of Access by the Data Subject (Art. 15 GDPR):
You have the right to obtain confirmation as to whether your personal data is being processed.
Right to Rectification (Art. 16 GDPR):
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
Right to Erasure (Art. 17 GDPR):
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay.
Right to Restriction of Processing (Art. 18 GDPR):
You have the right to obtain from the controller restriction of processing where one of the prerequisites mentioned in Art. 18 GDPR is given.
Right to Data Portability (Art. 20 GDPR):
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format where one of the prerequisites mentioned in Art. 20 of the GDPR is given.
Conditions for Consent (Art. 7 GDPR):
You have the right to withdraw your consent at any time, in accordance with Art. 7 Par. 3 of the GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to Object (Art. 21 GDPR):
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning your which is based on point (e) or (f) of Article 6 (1).
Right to Lodge a Complaint (Art. 77 GDPR):
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or place of work. The address for our relevant supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany
Telephone: +49 (0) 981 180093-0
E-mail: poststelle@lda.bayern.de
11. Information about the Person Responsible / Data Protection Officer
Please contact us with any further questions you may have about personal data we have stored.
MID GmbH
Dr. Martin Müller
Kressengartenstrasse 10
90402 Nuremberg
Germany
MID GmbH is the data controller in terms of data protection rules. You can send any contact request e-mails to datenschutzbeauftragter@mid.de. Our data protection officer is Mr Ali Tschakari, LL.M. Bitkom Servicegesellschaft mbH, Albrechtstrasse 10, 10117 Berlin, Germany. You can contact him directly via the e-mail address datenschutz@bitkom-consult.de.
12. Concluding Provisions
MID GmbH reserves the right to change this privacy policy at any time so that it meets the current legal requirements or to incorporate changes to services into the Data Protection Declaration, e.g. when introducing a new service or changes to the website. The new data protection declaration applies each time you visit this website.
Last Update: August 2023