Information about Privacy and Data Security at SysEleven
SysEleven takes protecting the privacy of personal data very seriously. As a result, we would like to provide the users of our website information about what data we collect and how this data is used. Applicable privacy law obligates us to process user data in a lawful manner and only for the intended purpose. We will not use this data for anything other than the stated purposes.
SysEleven is subject to the provisions of the European Union’s General Data Protection Regulation (GDPR), Germany’s Federal Data Protection Act (abbreviated BDSG in German), and Germany’s Telemedia Act (abbreviated TMG in German), and has implemented appropriate technical and organizational measures to ensure that the provisions of applicable data protection laws are observed.
3. Data Protection Officer
Boxhagener Straße 80
4. Processing Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”); an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific factors.
5. Date Collected, Purpose of Data Processing, and Legal Basis
Each time a user visits a page on the SysEleven website and each time a file is accessed, data about this event is stored in a log file. Depending on the type of access log used, the log file may contain the following information:
- The IP address of the device that requested the information
- The name of the requested file
- The date and time of the request
- The requesting device’s desired method of access/functions
- The web server’s access status
- The URL from which the file was requested
- The device’s operating system and browser type or browser settings
The data stored in these log files is used exclusively for the purposes of identifying and tracking unauthorized access attempts/accesses to the web server and for statistical analyses, such as the number of visitors and the popularity of a page. Such analyses are only carried out by authorized employees of SysEleven.
The data stored in cookies is not used to identify you personally.
Persistent cookies are stored on your device for one month and ensure that you can use our website as smoothly as possible, even after your current visit. We use them for the purpose of displaying personalized content to you.
If you do not wish to allow persistent cookies to be saved on your device, you can deactivate them in your browser. Please refer to your browser’s help section to learn how to deactivate these cookies. Deactivating these cookies has no impact on your ability to use our site.
Session cookies are only stored on your system until you end your current browser session. They are used to ensure that you can use the features of our website without limitation during your current visit to our site. This data is anonymized so that you are not personally identifiable.
If you do not wish to allow session cookies to be saved on your device, you can deactivate them in your browser. Please refer to your browser’s help section to learn how to deactivate these cookies.
If you deactivate session cookies, we cannot guarantee that you will be able to use all of our website’s features without limitation.
7. Google Analytics
We use Google Analytics, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on our website. The information generated by the cookie pertaining to your use of this website is usually transmitted to and stored on a server operated by Google located within the United States. If IP anonymization is enabled on this website, Google will, however, shorten your IP address within member states of the European Union or other states party to the Agreement on the European Economic Area before transferring it to the United States. Your complete IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. Google then uses this data on behalf of this website’s owner to analyze your use of the website, create reports that show and explain user activity on this website, and to provide additional services associated with the use of the website and internet use to the website owner. The IP address transmitted from your browser to Google Analytics is not combined with any other data from Google. You can prevent these cookies from being stored on your device by adjusting your browser’s settings. You can also prevent Google from collecting and processing the data generated by the cookie related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
The Google Analytics terms of service can be found here: http://www.google.com/analytics/terms/us.html. Further information about privacy at Google and additional terms can be found here: https://policies.google.com/
We would like to point out that we have added the “anonymizeIp” code to Google Analytics on this website in order to ensure that IP addresses are collected anonymously (known as IP masking).
8. Google Ads with Conversion Tracking
We use the advertising platform Google Ads and have implemented Google Ads conversion tracking on our website. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Google is certified under the EU-US Privacy Shield:
This certification means that Google guarantees that it also observes the EU’s data protection requirements when data is processed in the United States.
We use conversion tracking to help us understand how effective our digital advertising campaigns are. The legal basis is Art. 6(1)(f) of the GDPR. Our legitimate interest lies in the analysis, optimization, and cost-effective operation of our website.
If you click on an advertisement hosted on the Google Ads platform, the conversion tracking method we use saves a cookie on your device. These conversion cookies expire after 30 days and do not serve to identify you personally.
If the cookie is still valid and you visit a certain page on our website, both we and Google can determine whether you clicked on one of our ads displayed by Google and were subsequently redirected to our website.
Google uses the information collected in this way to compile statistics on visits to our website. In addition, we also receive information about the number of users who clicked on our ad(s) and about the pages of our website that were subsequently visited. Neither we nor third parties who also use Google Ads are able to personally identify you through this information.
You can also prevent or restrict these cookies from being stored on your device by changing the settings in your browser. Furthermore, you can delete cookies that have already been saved at any time. The necessary steps required to do so depend on the type of browser you are using, however. If you have any questions, please refer to your browser’s help section or documentation or contact the browser’s manufacturer or support.
In addition, the following Google websites:
provide additional information on this topic and, in particular, information about how to prevent your data from being collected and processed.
We use the plug-in from the social network Facebook on our website. Facebook is an online service provided by facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Both companies are hereinafter referred to as “Facebook”.
Facebook is certified under the EU-US Privacy Shield:
This certification means Facebook guarantees that it also observes the EU’s data protection requirements when data is processed in the United States.
The legal basis is Art. 6(1)(f) of the GDPR. Our legitimate interest lies in improving the quality of our website.
Further information about the available plug-ins and their respective features can be found on Facebook at
If the plug-in is installed on one of the pages of our website that you visit, your browser will download a version of the plug-in from Facebook’s servers in the United States. For technical reasons, Facebook needs to process your IP address for this purpose. In addition, the date and time of your visit to our website are also recorded.
If you are logged in to Facebook while visiting one of our pages with the plug-in installed, the information collected by the plug-in about your specific visit will be recognized by Facebook. Facebook may associate the information it collects with your personal Facebook account. If, for example, you use the “Like” button on Facebook, this information is stored in your Facebook account and may be posted on the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or prevent the Facebook plug-in from loading by using an add-on for your browser that blocks it.
Please visit www.facebook.com/settings?tab=ads if you would like to revoke your consent to the use of the Facebook Pixel.
10. LinkedIn Plug-In
Our website uses features provided by the LinkedIn network. This service is provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or its use by LinkedIn.
We use the “LinkedIn Insight Tag” from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, to track conversions and user actions on our website. By accessing this tag from your browser, LinkedIn can recognize whether a LinkedIn ad was successful, e.g. whether it led to an online purchase. In this context, LinkedIn only provides us with statistical data without making reference to any specific individual. This allows us to measure the effectiveness of LinkedIn advertisements for statistical and market research purposes.
This website uses the marketing functions provided by HubSpot, a service of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Within the European Union, this service is operated by HubSpot Ireland Limited, 30 North Wall Quay, 2nd Floor, Dublin 1, Ireland, hereafter called “Hubspot”.
Through the certification under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active), Facebook warrants that EU data protection law is implemented for any data stored in the United States.
We use HubSpot for customized advertisement of our services, for providing newsletters, contact and registration forms, document downloads, contact management, landing pages, social media publishing, and reports. The legal basis is GDPR Article 6 (1) f. Our legitimate interest is based upon quality improvement for our Internet presence. In cases where the user agrees to further processing of form data, the legal basis is GDPR Article 6 (1) a.
Our registration service enables site visitors to learn more about our company, to download content, to provide personal contact information and other demographic information. This information as well as the content of our website is stored on servers of our partner HubSpot. We can use this to contact our visitors and to find out which of our services are of interest to them. All information collected through this channel is subject to this data protection statement.
In addition, in order to improve the user experience on our website, we use HubSpot’s live chat service “Messages” on some pages for sending and receiving messages (the round chat icon at the right bottom of the screen). If you agree and use this function, the following data is transmitted to HubSpot’s servers:
– the content of all sent and received chat messages;
– contextual information (such as the page on which the chat function was used);
– optionally the user’s e-mail address (if provided by the user in the chat window).
Further information about the related collection and use of data as well as your rights and protections is available on HotSpot’s data protection statement at https://legal.hubspot.com/de/privacy-policy.
12. Contact Forms/User Comments
Personal data entered into forms on our website will be transmitted to SysEleven. If a comment is posted on our website, the comment will be displayed on the site with the name that was entered.
Personal data provided to us in this manner is transmitted via a secure connection in encrypted form. The encryption method used corresponds to the current state of the art. SSL encryption (recognizable by the appearance of https:// in the browser’s address bar and a lock symbol in the status bar at the bottom of the browser) is a protocol for encrypting data transmitted from the web server to the browser. Personal data is encrypted during transfer between the user’s device and our SSL server using the SSL protocol.
SysEleven operates an instance of GitLab based on a platform from GitLab Inc. The GitLab instance serves our customers as a repository for the secure storage and retrieval of their source code as part of contract fulfillment. The instance is hosted on a subdomain of SysEleven on SysEleven’s servers within the European Union (EU) and is available to the customer’s authorized users as registered by SysEleven.
Our customer is the responsible person in the sense of Article 4 Section 7 of the German Data Protection Act (DSVGO), the German implementation of the EU’s General Data Protection Regulation (GDPR). As such, our customer determines the purposes and means and, based on this and depending on the individual case, the legal basis for the processing any of their users’ personal data which may take place while using our GitLab instance. We process this data exclusively in the course of order processing according to Article 28 DSGVO for the purpose of providing services to the customer.
The following information regarding the legal basis of the processing refers to the customer’s legal status as Controller as far as the customer’s users’ data is concerned. The information provided by the customer to their users shall take precedence over the present instructions.
For SysEleven’s own users, the data protection statement for employees and applicants in the respective valid version shall also apply. The following data is required to set up user accounts:
- E-mail address
- User name
- Full legal name
This required data shall be processed for the purpose of providing professional services to customers and for full compliance with the security requirements that are customary in the industry. If you use our GitLab instance in the context of your work as an employee of our client, the legal basis for data processing is typically Article 6 Section 1 (b) DSGVO in conjunction with §26 Federal Data Protection Act (BDSG).
Please note: GitLab is a collaborative platform whose mode of operation is essentially geared towards sharing information among users. SysEleven uses a Community Edition of GitLab and — wherever the system’s internal settings allow it — limits the visibility of user data to a minimum. The users of our instance can view the usernames as well as the user-defined full names of other users regardless of their affiliation to one or different customers. Currently, when creating an account, the e-mail address is automatically set as the full name, but the user can change this in the account settings.
Users can also optionally add further information to their user profile, in particular:
- Profile picture
- Status message
- Skype account name
- LinkedIn account name
- Website address
- Twitter handle
- Job title
- Name of organization
- Biography (freeform)
These optional data points are processed on the basis of Article 6 Section 1 (a) DSGVO upon the user’s consent. The optional data is not required by SysEleven. Any and all optional data that you voluntarily enter in your profile can be viewed by other instance users. Consent to this processing is given by entering the data. Users may correct or delete the data themselves and in so doing revoke their consent to processing.
Every time you access SysEleven’s GitLab instance, data about this process may be collected. Depending on the browser you are using, the log record may contain the following data in particular:
- Browser type
- Language settings
- Date and time of URL request(s)
- Source IP address of request(s)
This transaction data is processed based on Article 6 Section 1 (f) DSGVO in the course of legitimate interests. The legitimate interests lie in professional provision of the GitLab instance, prevention or correction of malfunctions, and defense against unauthorised attacks.
The data processed by SysEleven’s GitLab instance will be deleted as soon as the purpose of the processing — such as the provision of services within the scope of the respective contractual relationship in particular — ceases to apply, provided that the applicable retention and limitation periods do not justify longer storage. SysEleven does not share any personal data processed in our GitLab instance with third parties, except for the profile data listed above, which is visible to all users of the GitLab instance.
14. Automated Decision-Making: Profiling
We do not use automated decision making/profiling.
15. Rights of Data Subjects and Right to Lodge a Complaint with a Supervisory Authority
Every user has the right to receive information about the data stored about them by SysEleven free of charge.
In addition, every user has the following rights with regard to their personal data:
- The right to rectification
- The right to restriction of processing
- The right to erasure
- The right to object
- The right to data portability
Users also have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for SysEleven can be contacted at:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Updated: July 2020