Privacy Policy / Terms of Use
Information about data protection and data security at SysEleven
1. Preparatory remarks
This Privacy Policy applies for the website of SysEleven GmbH (hereinafter referred to as “SysEleven”). Different privacy policies may apply on other servers and websites of third-party providers.
SysEleven takes the protection of personal data very seriously. For this reason, we would like to provide users of our website with information about which data are stored and how these data are used. Data protection regulations oblige us to handle user data properly and only in accordance with the intended purpose. We do not use user data for any purposes other than those indicated.
SysEleven is subject to the provisions of the European General Data Protection Regulation (GDPR), the “Bundesdatenschutzgesetz” (German Federal Data Protection Act, BDSG) and the “Telemediengesetz” (German Telemedia Act, TMG). SysEleven has adopted suitable technical and organisational measures to ensure that the data protection regulations are observed.
2. Controller
SysEleven GmbH
Boxhagener Straße 80
10245 Berlin, Germany
Phone: +49 (0)30 233 2012 0
Fax: +49 (0)30 616 755 50
Email: info@syseleven.de
More detailed information can be found in the Imprint section.
3. Data protection officer
For questions regarding data protection and this Privacy Policy, you can also contact the SysEleven data protection officer:
SysEleven GmbH
Boxhagener Straße 80
10245 Berlin, Germany
Email: datenschutz@syseleven.de
4. Handling of personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more particular characteristics.
5. Collected data, purpose of data processing and legal basis
Every time a user accesses a page on the SysEleven website and every time a file is called up, data about this process are saved in a log file. Depending on the access log used, the log data set includes information with the following content:
- IP address of the requesting computer
- Name of the requested file
- Date and time of request
- Access methods/functions preferred by the requesting computer
- Access status of the web server
- The URL from which the file was requested
- Operating system and browser type as well as browser settings.
No usage profiles are generated in which IP addresses are linked with personal data. Exceptions only apply insofar as these are regulated separately in this Privacy Policy.
The saved data are exclusively used for the purposes of identification and tracing of inadmissible access attempts/accesses to the web server, as well as for statistical analysis such as visitor numbers and website popularity. The analysis is only carried out by authorised employees of SysEleven.
The legal basis for the processing of your personal data is the fulfilment of legal obligations pursuant to Article 6 (1) Sentence 1 (c), Article 32 (1) GDPR and furthermore our legitimate interest in improving our service pursuant to Article 6 (1) Sentence 1 (f) GDPR.
6. Use of cookies
We use cookies during your visit to our website. These are small text files that our web application saves on your computer and that enable us to recognise your Internet browser. Common Internet browsers are configured to automatically accept cookies. However, you can deactivate this or configure your Internet browser to inform you about the use of cookies.
The cookie data are not used to identify you personally.
Permanent cookies are saved for one month on your computer and are intended to make the use of our website as convenient as possible for you even after your current visit. We use them for the purpose of showing you personalised content.
If you do not wish to allow any permanent cookies, you can achieve this by deactivating them in your browser. For details on how to proceed, please consult the Help function in your browser’s menu bar. Deactivation of cookies has no influence on the usability of our website.
Session cookies are only saved on your system until your current browser session is closed. Their purpose is to allow you unrestricted use of our services during your current visit to our website. These data are anonymised, which means that you cannot be personally identified. If you do not wish to allow any session cookies, you can achieve this by deactivating session cookies in your browser. For details on how to proceed, please consult the Help function in your browser’s menu bar. If session cookies are deactivated, we cannot guarantee that you will be able to use all of our services without restriction.
7. Free text fields contact / comment function
Personal data submitted through forms on the website will be transmitted to SysEleven. By using the comment function, the submitted information is displayed on the website along with the name provided.
Personal data that you provide to us are transferred to us in encrypted form using a secure connection. The security procedure used corresponds to the current technological standard. TLS encryption (identifiable from the characters https:// in the address bar of the browser as well as a lock symbol in the status bar at the bottom in the browser) is a protocol for the encryption of data during transmission from the web server to the browser. During transmission, the personal data are encrypted between the user’s computer and our TLS server using the TLS protocol.
The legal basis for processing of your personal data when using the comment function is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for processing of your personal data when using the comment function is the performance of a contract or taking steps prior to entering into a contract pursuant to Article 6 (1) Sentence 1 (b) GDPR.
8. Automatic decision-making/profiling
Automatic decision/making/profiling is not carried out.
9. Microsoft Advertising
On our website, we use conversion tracking provided by Microsoft Advertising. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
In this process, Microsoft Advertising saves a cookie on your computer if you accessed our website via a Microsoft Advertising ad. In this way, Microsoft Advertising is able to identify that someone clicked on an ad, was forwarded to our website and accessed a previously defined target page. No personal information is communicated regarding the user’s identity.
At the user’s request, Microsoft Advertising will deactivate personalised tracking: https://account.microsoft.com/privacy/ad-settings/
You can find more detailed information about the terms of use and data protection at: https://privacy.microsoft.com/en-gb/privacystatement
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for transfer of your personal data to a third country is your consent pursuant to Article 49 (1) Sentence 1 (a) GDPR.
10. Google Ads with conversion tracking
On our website, we use the advertising element Google AdWords, and within this the feature known as conversion tracking. This is a service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google.” We use conversion tracking to engage in targeted advertising of our service.
If you click on an ad displayed by Google, the conversion tracking feature we utilise saves a cookie on your end device. These conversion cookies lose their validity after a period of 30 days and, furthermore, are not used to personally identify you. Insofar as the cookie is still valid and you visit a particular page on our website, we and Google are able to identify that you clicked on one of our adverts displayed by Google and that you were subsequently forwarded to our website. Using the information collected in this manner, Google generates statistics for us concerning the visit to our website. In addition, we receive information in this way about the number of users who have clicked on our ad(s) as well as the pages on our website that were subsequently called up. However, neither we nor third parties that also use Google AdWords are able to identify you in this way through these statistics.
By changing the settings of your Internet browser accordingly, you can also prevent or restrict the installation of cookies. You can also erase previously stored cookies at any time. However, the steps and actions required to do so depend on the specific internet browser you use. In case of questions, please use the help function or documentation for your internet browser or contact the browser’s provider or support service.
You can find more detailed information about the terms of use and data protection at: https://services.google.com/sitestats/de.html and https://policies.google.com/technologies/ads?hl=en-GB and https://policies.google.com/privacy?gl=de&hl=en-GB
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for transfer of your personal data to a third country is your consent pursuant to Article 49 (1) Sentence 1 (a) GDPR0
11. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The information generated by the cookie about your visit to this website is generally transferred to a Google server in the USA and saved there. If IP anonymisation is activated on this website, however, your IP address will be truncated beforehand within the Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports about website activity and perform other services connected with the website use and Internet use for the website operator. The IP address transmitted by your browser when using Google Analytics is not linked with other Google data. You can prevent the storage of cookies by changing the settings of your browser software accordingly. In addition, you can prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google as well as the processing of these data by Google, by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=en-GB).
You can find more detailed information about the terms of use and data protection at: https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/privacy?gl=de
We hereby inform you that this website uses Google Analytics with the extension code “anonymizeIp” to guarantee anonymised recording of IP addresses (known as IP masking).
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for transfer of your personal data to a third country is your consent pursuant to Article 49 (1) Sentence 1 (a) GDPR.
12. Google Tag Manager
On this website, we use the Google Tag Manager. Using this service, website tags can be managed via an interface. The Google Tag Manager itself does not store cookies, but instead only generates tags and does not collect any personal data in the process. The service is used to trigger other tags described in this Privacy Policy which may in turn collect data, depending on the circumstances. Google Tag Manager itself, in contrast, does not access these data. If deactivation is configured at the domain or cookie level, this remains in place for all tracking tags that are implemented using Google Tag Manager.
13. Hotjar
On this website, we use the analysis functions of Hotjar. Hotjar is a user analysis function provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta. We use Hotjar in order to better understand the needs of our users and to optimise the service and user experience on this website. Using Hotjar technology, we obtain a better understanding of our users’ experiences, which helps us to base our service on feedback from our users.
Hotjar operates using cookies and other technologies to collect data about the behaviour of our users and about their end devices, in particular the device IP address, screen size, device type, information about the browser used, location and as well as the preferred language for displaying our website. Hotjar saves this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
You can find more detailed information about the terms of use and data protection at: https://www.hotjar.com/legal/policies/privacy/
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR.
14. HubSpot
On this website, we use the marketing functions of HubSpot. HubSpot is an internet service provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. In the EU, this service is operated in turn by HubSpot Ireland Limited, 30 North Wall Quay, 2nd Floor, Dublin 1, Ireland, both hereinafter referred to only as “HubSpot.” We use HubSpot for targeted advertising of our service, for the provision of newsletters, contact management, landing pages, social media publishing and reporting.
Our registration service allows visitors to our website to learn more about our company and provide their contact information as well as other demographic information. This information and the contents of our website are saved on the servers of our software partner HubSpot. We can use this information to contact visitors to our website and to determine which of our company’s services are of interest to them. All information that we collect is subject to this Privacy Policy.
In addition, to improve the user experience on our website for sending and receiving messages, we use the live chat services “Messages” from HubSpot on some subpages (round chat icon in the lower right corner of the screen). If the user consents and makes use of this function, the following data are transmitted to the HubSpot servers:
- Content of all sent and received chat messages
- Context information (e.g. page on which the chat was used)
- Optional: Email address of the user (if provided by the user via chat function)
You can find more detailed information about the terms of use and data protection at: https://legal.hubspot.com/privacy-policy
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for transfer of your personal data to a third country is your consent pursuant to Article 49 (1) Sentence 1 (a) GDPR.
15. LinkedIn Plugin
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time a user accesses one of our pages that contains functions of LinkedIn, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button while logged in to your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We hereby inform you that as we as website provider have no knowledge regarding the content of the data transferred nor its use by LinkedIn.
We use the “conversion pixel” and the user action pixel of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When this pixel is called up from your browser, LinkedIn is able to subsequently identify whether a LinkedIn advert was successful, for example whether it led to a completed online purchase. In this regard, we only obtain statistical data from LinkedIn without reference to specific individuals. This allows us to determine the effectiveness of LinkedIn adverts for statistical purposes and for market research.
You can find more detailed information about the terms of use and data protection at: https://www.linkedin.com/legal/privacy-policy
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for transfer of your personal data to a third country is your consent pursuant to Article 49 (1) Sentence 1 (a) GDPR.
16. Reddit Ads Targeting, Advertisement Measurement and Reddit Pixel
In order to market and optimise our services, we use the advertising services provided by the US-based social news aggregator Reddit (Reddit Inc., 548 Market St. #16093, San Francisco, California 94104, USA; hereinafter referred to as “Reddit”).
As part of our online marketing campaigns, our adverts are displayed on the Reddit platform (www.reddit.com) and are directed at specific target groups in the relevant subject area. Targeted communication is carried out using the targeting capabilities of Reddit based on criteria we have selected. We do not forward any customer data to Reddit for this purpose, such as usernames in particular, and no customer lists (custom audiences) are used to generate the target groups.
To measure the success of our adverts (“Conversion”) we use the Reddit tracking pixel on our website. If you are forwarded to our website via an advert, the Reddit tracking pixel stores a cookie on your computer that interacts with a JavaScript code of Reddit. The cookie enables us to record and trace specific user actions that we have previously defined, such as visits to our website or filling in lead forms (Conversion Events). Such user actions (including the type of action, time, browser type of the end device) are recorded automatically and transferred to Reddit. As a result, we obtain insight into aggregated statistics regarding the success rate of the adverts displayed on the Reddit platform.
The cookie stored by the Reddit pixel loses its validity after 30 days and is not used for personal identification.
In addition, we use the remarketing functionality, which means that we specifically address Reddit users on the Reddit platform who fit specific criteria regarding their previous interactions with our website (e.g. visits to the website or specific subpages). For this purpose, a cookie is stored in your browser using the Reddit pixel, which identifies you to Reddit as a member of the target group when you visit the Reddit portal and causes our adverts to be displayed.
The cookie stored by the Reddit pixel loses its validity after 30 days and is not used for personal identification.
The legal basis for processing of your personal data via this website is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR. The legal basis for storage of information on your end device, including the placement of cookies, is your consent pursuant to Section 25 (1) of the “Telekommunikation-Telemedien-Datenschutz-Gesetz” (German Telecommunications and Telemedia Data Protection Act, TTDSG).
You can withdraw your consent at any time with future effect by deactivating the relevant cookie in the cookie settings or under user settings in your Internet browser.
We have no influence over the processing of your personal data by Reddit. You can find more information about the processing of data by Reddit at: https://www.redditinc.com/policies/privacy-policy
You can manage your advertising preferences in the ad settings of your Reddit app or at https://www.reddit.com/personalization if you access Reddit in a web browser. You can also use settings at the device level to manage personalised advertising on Android (“Reset advertising ID” and “Deactivate ad personalisation”) or iOS devices (“Limit ad tracking”).
As a provider based in the USA, Reddit may be subject to legal requirements that differ from the GDPR and potentially do not guarantee an equivalent level of protection for your personal data and your privacy. If you are not willing to accept this risk, you can reject the use of Reddit cookies. To maintain a suitable level of protection for your data, we have established standard contracting clauses approved by the European Commission for the transfer of personal data to controllers in third countries and we have adopted suitable technical and organisational measures.
17. SalesViewer
On this website, we use the analysis functions of SalesViewer. The provider is SalesViewer® GmbH, Bongardstraße 29, 44787 Bochum, Germany. We use SalesViewer in order to better understand the needs of our users and to optimise the service and user experience on this website. Using SalesViewer technology, we obtain a better understanding of our users’ experiences, which helps us to base our service on feedback from our users.
For this purpose, a JavaScript-based code is used for the collection of company-related data and the associated use. The data collected with this technology are encrypted using an un-invertible one-way function. The data are immediately pseudonymised and not used to personally identify the visitors to this website.
At the user’s request, SalesViewer will deactivate personalised tracking: https://www.salesviewer.com/en/opt-out/
You can find more detailed information about the terms of use and data protection at: https://www.salesviewer.com/en/privacy-policy/
The legal basis for processing of your personal data is your consent pursuant to Article 6 (1) Sentence 1 (a) GDPR.
18. code.syseleven.de
SysEleven operates a GitLab instance based on a platform provided by GitLab Inc. The GitLab instance acts as a repository for our customers to save and store their source code securely over the course of contract performance. The instance is hosted on a SysEleven subdomain on SysEleven servers within the European Union and is available to users of the customer who are authorised and registered by SysEleven. As the controller within the meaning of Article 4 (7) GDPR, our customer determines the purposes and methods, and on this basis according to the individual case also the legal basis for the processing of its users’ personal data that are collected when using of our GitLab instance. We exclusively process these data as part of contract processing pursuant to Article 28 of the General Data Protection Regulation (GDPR) to provide services for the customer. The following information concerning the legal basis for processing relates to the customer’s legal basis as controller insofar as the data of the customer’s users are concerned. The customer’s information that it provides to its users takes priority over the present policy. For own users of SysEleven, the Privacy Policy for employees and applicants also applies in its current valid version. To set up a user account, the following data are required:
- Email address
- Username
- Full name
- Company name of employer
These required data are processed for the purpose of proper provision of services to customers as well as for compliance with standard security requirements in the industry. Insofar as you use our GitLab instance as part of your activity as an employee of our customer, the legal basis for data processing is generally Article 6 (1)(b) GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG). Please note that GitLab is a collaborative platform with the fundamental operating principle of sharing information among users. SysEleven uses a community edition of GitLab and, where permitted by the internal system configuration options, restricts the visibility of user data to a minimum. The users of our instance can view the usernames and user-defined full names of other users, independently of their association with the same or different customers. Currently, when creating a account, the email address is automatically established as the full name; however, the user can modify this in the account settings.
Users can save optional additional data in their user profiles, in particular:
- Profile picture
- Status text
- Skype account name
- LinkedIn account name
- Website URL
- Twitter account name
- Location
- Job title
- Name of organisation
- Free text biography
These optional data are processed on the basis of Article 6 (1)(a) GDPR in the context of the user’s consent. The optional data are not required by SysEleven. All optional data that you voluntarily save in your profile can be viewed by other instance users. Consent to processing occurs by entering the data. Users can correct or delete these data on their own and withdraw their consent to processing in this way.
Each time a user accesses the GitLab instance, data can be collected about this process. Depending on the browser used, the log data set includes the following data in particular:
- Browser type
- Language setting
- Date and time of each visitor request
- IP address
These operation data are processed for the fulfilment of legal obligations pursuant to Article 6 (1) Sentence 1 (c), Article 32 (1) GDPR and furthermore our legitimate interest in improving our service pursuant to Article 6 (1) Sentence 1 (f) GDPR. The legitimate interest lies in proper provision of the GitLab instance, elimination of faults and defence against inadmissible access.
Our GitLab instance only uses cookies to the extent required for its use, particularly in order to identify the users who are logged in. The legal basis is Article 6 (1)(f) GDPR. The legitimate interest lies in provision of the GitLab instance, as well as for the customer’s users to carry out order-related tasks. By checking the “Remember me” box, a cookie is placed that enables automatic login according to the user’s choice. These cookies are automatically erased from your end device after their period of validity has expired. By selecting the “Remember me” function, you consent to the placement of a cookie. The legal basis is Article 6 (1)(a) GDPR. You can prevent the placement of cookies in your browser settings and delete previously placed cookies. The deactivation of cookies can lead to certain functions of the instance not working properly, and in particular automatic login is not possible for further access to the instance.
The data processed by the GitLab instance are erased as soon as the purpose for processing ceases to apply, in particular the provision of services within the framework of the respective contractual relationship, provided that the applicable retention and limitation periods do not justify extended storage.
SysEleven does not disclose to third parties any personal data that are processed in our GitLab instance, except for the profile data listed above that are visible to all users of the GitLab instance.
19. nextcloud.syseleven.de
SysEleven operates a Nextcloud instance based on a platform provided by Nextcloud GmbH. The Nextcloud instance serves as a channel for direct communication with our customers in the context of contract performance. The instance is hosted on a SysEleven subdomain on SysEleven servers within the European Union and is available to users of the customer who are authorised and registered by SysEleven. As the controller within the meaning of Article 4 (7) GDPR, our customer determines the purposes and methods, and on this basis according to the individual case also the legal basis for the processing of its users’ personal data that are collected when using of our Nextcloud instance. We exclusively process these data as part of contract processing pursuant to Article 28 of the General Data Protection Regulation (GDPR) to provide services for the customer. The following information concerning the legal basis for processing relates to the customer’s legal basis as controller insofar as the data of the customer’s users are concerned. The customer’s information that it provides to its users takes priority over the present policy. For own users of SysEleven, the Privacy Policy for employees and applicants also applies in its current valid version. To set up a user account, the following data are required:
- Email address
- Username
- Full name
- Company name of employer
These required data are processed for the purpose of proper provision of services to customers as well as for compliance with standard security requirements in the industry. Insofar as you use our Nextcloud instance as part of your activity as an employee of our customer, the legal basis for data processing is generally Article 6 (1)(b) GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG). Please note that Nextcloud is a collaborative platform with the fundamental operating principle of sharing information among users. SysEleven uses a community edition of Nextcloud and, where permitted by the internal system configuration options, restricts the visibility of user data to a minimum. The users of our instance can view the usernames and user-defined full names of other users, independently of their association with the same or different customers.
Each time a user accesses the Nextcloud instance, data can be collected about this process. Depending on the browser used, the log data set includes the following data in particular:
- Browser type
- Language setting
- Date and time of each visitor request
- IP address
These operation data are processed for the fulfilment of legal obligations pursuant to Article 6 (1) Sentence 1 (c), Article 32 (1) GDPR and furthermore our legitimate interest in improving our service pursuant to Article 6 (1) Sentence 1 (f) GDPR. The legitimate interest lies in proper provision of the Nextcloud instance, elimination of faults and defence against inadmissible access.
Our Nextcloud instance only uses cookies to the extent required for its use, particularly in order to identify the users who are logged in. The legal basis is Article 6 (1)(f) GDPR. The legitimate interest lies in provision of the Nextcloud instance, as well as for the customer’s users to carry out order-related tasks. You can prevent the placement of cookies in your browser settings and delete previously placed cookies. The deactivation of cookies can lead to certain functions of the instance not working properly, and in particular automatic login is not possible for further access to the instance.
The data processed by the Nextcloud instance are erased as soon as the purpose for processing ceases to apply, in particular the provision of services within the framework of the respective contractual relationship, provided that the applicable retention and limitation periods do not justify extended storage.
SysEleven does not disclose to third parties any personal data that are processed in our Nextcloud instance, except for the profile data listed above that are visible to all users of the Nextcloud instance.
20. syseleven.chat
SysEleven operates a Rocketchat instance based on a platform provided by Rocket.Chat Technologies Corp. The Rocketchat instance serves as a channel for direct communication with our customers in the context of contract performance. The instance is hosted on a SysEleven subdomain on SysEleven servers within the European Union and is available to users of the customer who are authorised and registered by SysEleven. As the controller within the meaning of Article 4 (7) GDPR, our customer determines the purposes and methods, and on this basis according to the individual case also the legal basis for the processing of its users’ personal data that are collected when using of our Rocketchat instance. We exclusively process these data as part of contract processing pursuant to Article 28 of the General Data Protection Regulation (GDPR) to provide services for the customer.
The following information concerning the legal basis for processing relates to the customer’s legal basis as controller insofar as the data of the customer’s users are concerned. The customer’s information that it provides to its users takes priority over the present policy. For own users of SysEleven, the Privacy Policy for employees and applicants also applies in its current valid version. To set up a user account, the following data are required:
- Email address
- Username
- Full name
- Company name of employer
These required data are processed for the purpose of proper provision of services to customers as well as for compliance with standard security requirements in the industry. Insofar as you use our Rocketchat instance as part of your activity as an employee of our customer, the legal basis for data processing is generally Article 6 (1)(b) GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG). Please note that Rocketchat is a collaborative platform with the fundamental operating principle of sharing information among users. SysEleven uses a community edition of Rocketchat and, where permitted by the internal system configuration options, restricts the visibility of user data to a minimum. The users of our instance can view the usernames and user-defined full names of other users, independently of their association with the same or different customers.
Users can save optional additional data in their user profiles, in particular:
- Profile picture
- Status text
- Free text biography
These optional data are processed on the basis of Article 6 (1)(a) GDPR in the context of the user’s consent. The optional data are not required by SysEleven. All optional data that you voluntarily save in your profile can be viewed by other instance users. Consent to processing occurs by entering the data. Users can correct or delete these data on their own and withdraw their consent to processing in this way.
Each time a user accesses the Rocketchat instance, data can be collected about this process. Depending on the browser used, the log data set includes the following data in particular:
- Browser type
- Language setting
- Date and time of each visitor request
- IP address
These operation data are processed for the fulfilment of legal obligations pursuant to Article 6 (1) Sentence 1 (c), Article 32 (1) GDPR and furthermore our legitimate interest in improving our service pursuant to Article 6 (1) Sentence 1 (f) GDPR. The legitimate interest lies in proper provision of the Rocketchat instance, elimination of faults and defence against inadmissible access.
Our Rocketchat instance only uses cookies to the extent required for its use, particularly in order to identify the users who are logged in. The legal basis is Article 6 (1)(f) GDPR. The legitimate interest lies in provision of the Rocketchat instance, as well as for the customer’s users to carry out order-related tasks. You can prevent the placement of cookies in your browser settings and delete previously placed cookies. The deactivation of cookies can lead to certain functions of the instance not working properly, and in particular automatic login is not possible for further access to the instance.
The data processed by the GitLab instance are erased as soon as the purpose for processing ceases to apply, in particular the provision of services within the framework of the respective contractual relationship, provided that the applicable retention and limitation periods do not justify extended storage.
SysEleven does not disclose to third parties any personal data that are processed in our Rocketchat instance, except for the profile data listed above that are visible to all users of the Rocketchat instance.
21. Personio
On our website, we use the recruiting function of Personio. The provider is Personio GmbH, Rundfunkplatz 4, 80335, Munich, Germany.
The data transmitted in the course of your application are transferred using TLS encryption and saved in a database. For these data, the sole controller within the meaning of Article 24 GDPR is the company that carries out this online application process. Personio is only the operator of the software and the recruiting function, and in this context a contract processor pursuant to Article 28 GDPR. The basis for processing by Personio in this regard is a data processing agreement between the controller and Personio. In addition, Personio GmbH processes additional data, some of which could also be personal data, in order to provide its services, particularly for the operation of the recruiting function. More detail about this is provided below.
Every time the recruiting function is accessed, general log data, known as server logs, are automatically recorded. These data are generally pseudonyms and therefore do not allow any conclusions to be drawn about natural persons. Without these data, it would in some instances not be technically possible to deliver and display the software content. Furthermore, the processing of this data is necessary due to security considerations, particularly for control of access, entry, transfer and storage. Above and beyond this, the anonymous information may be used for statistical purposes as well as to optimise the service and technology. In addition, the log files can be subsequently monitored and analysed if there is suspicion of unlawful use of the software. The legal basis for this is Section 15 (1) of the German Telemedia Act (TMG) as well as Article 6 (1)(f) GDPR. General data are collected including the domain name of the website, the web browser and web browser version, the operating system, IP address and time stamp of access to the software. The scope of this logging does not exceed the typical scope of any other website on the Internet. The duration of storage for these access logs is up to 7 days. No right of objection exists in this regard.
Error logs are produced for the purpose of error identification and elimination. This is necessary in order to react as quickly as possible to potential problems in the display and implementation of content (legitimate interest). These data are generally pseudonyms and therefore do not allow any conclusions to be drawn about natural persons. The legal basis for this is Section 15 (1) TMG as well as Article 6 (1)(f) GDPR. When an error message occurs, general data are collected including the domain name of the website, the web browser and web browser version, the operating system, IP address and time stamp when the corresponding error message/specification occurred. The duration of storage for these error logs is up to 7 days. No right of objection exists in this regard.
In some instances, cookies are used for the recruiting function. These are small text files that are stored on the device with which you access the recruiting function. In general, cookies are used to ensure security during a website visit (“strictly necessary”), to implement specific functions such as standard language settings (“functional”), to improve the user experience or website performance (“performance”) or to display advertisements based on specific target groups (“marketing”). For the recruiting function, as a rule only strictly necessary, functional and performance cookies are used, particularly for the implementation of certain default settings such as the language, to identify the application channel or to analyse the performance of a job listing through which a user arrived at the recruiting function. The use of cookies is strictly necessary for the provision of our services and therefore for the performance of the contract (Article 6 [1][b] GDPR). Duration of storage: Up to 1 month or until the end of the browser session Right to object: You can determine for yourself in your browser settings whether you would like to allow cookies or object to the use of cookies. Please note that deactivating cookies can lead to restricted or completely disabled functionality of the recruiting function.
22. Sweepstakes and prize competitions
SysEleven organizes sweepstakes and contests in which interested parties can participate. In order to get to know our potential customers better, the individual promotions are sometimes combined with surveys. In order to handle/carry out these events and for direct marketing purposes, we process personal data.
Depending on the sweepstakes and information provided by the participant, this includes: name and surname, postal address, e-mail address, telephone number and answers within the survey conducted.
The legal basis for the processing is Art. 6 (1) b) GDPR (contract performance) and our legitimate interest in carrying out marketing measures pursuant to Art. 6 (1) f) GDPR.
As soon as we achieve the intended purpose (in this case, completion of the competition) of the data processing, we delete your personal data. Beyond that, we only store data if legal exceptions and obligations exist, such as under Article 17 (3) GDPR. This becomes particularly important in connection with the fulfillment of legal retention obligations (Art. 17 (3) b) GDPR) and with the assertion, exercise or defense of legal claims (Art. 17 (3) e) GDPR).
We use service providers as data processors (e.g. “SurveyMonkey”) to conduct surveys and competitions. Here, an appropriate level of data protection is guaranteed in accordance with the EU standard contractual clauses for the transfer of personal data to third countries.
23. Newsletter
If you would like to register for our newsletter, you thereby give us express consent to the collection of your e-mail address, which you provide to us in the course of registration. When you register for the newsletter, the data from the input mask is transmitted to us. In addition, the following data is collected during registration: IP address of the calling computer and date and time of registration.
To verify your identity, we use the so-called “double opt-in” procedure, i.e. after receiving your e-mail address, we send an automated e-mail to the specified e-mail address containing a confirmation link. The registration process is only completed once your e-mail address has been confirmed. We do not collect any further data beyond the e-mail address and the information for confirming the registration. We would like to point out that you can revoke your consent at any time.
The purpose of the data processing is exclusively to send the newsletter you requested. The legal basis for this is Art. 6 (1) a) GDPR (consent) and Art. 6 (1) b) GDPR (performance of contract). If you unsubscribe from the newsletter, we will delete your registered data subject to any obligations and rights.
24. Rights of the data subject and right to lodge complaints with a supervisory authority
Every user has the right to obtain information free of charge about the data stored by SysEleven about them. In addition, the user has the right to
- Rectification of inaccurate data
- Restriction of processing
- Erasure
- Object to data processing, and
- Data portability
The data subject has the right to lodge a complaint with a responsible supervisory authority. The contact data of the supervisory authority for data protection in Berlin for SysEleven is:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin, Germany
Tel.: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
25. Changes
As the Internet services of SysEleven are subject to change, it may, in individual cases, become necessary to update the Privacy Policy as well as the Terms of Use. SysEleven reserves the right to change this Privacy Policy at any time. The respective current version of the Privacy Policy and data protection information can be found on the website at https://www.syseleven.de/en/privacy-policy/.
26. Google Fonts
On this website, we integrate content of Google Fonts. The provider is Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This content is integrated on the basis of our legitimate interest in a technically secure, maintenance-free and efficient use of fonts, their uniform display and in consideration of potential restrictions concerning their integration under licensing laws.
You can find more detailed information about the terms of use and data protection at: https://policies.google.com/terms?hl=en-GB and https://policies.google.com/privacy?gl=de&hl=en-GB
The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 (1) Sentence 1 (f) GDPR.
27. Google Maps
On this website, we integrate content of Google Maps. The provider is Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This content is integrated on the basis of our legitimate interest in a technically secure, maintenance-free and efficient use of map information.
You can find more detailed information about the terms of use and data protection at: https://www.google.com/intl/de_de/help/terms_maps/ and https://policies.google.com/privacy?gl=de&hl=en-GB
The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 (1) Sentence 1 (f) GDPR.
28. Gravatar
On this website, we integrate content of Gravatar. The provider is Aut O’Mattic A8C Ireland Ltd. Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland. This content is integrated on the basis of our legitimate interest in a technically secure, maintenance-free and efficient use of profile pictures.
You can find more detailed information about the terms of use and data protection at: https://automattic.com/privacy/
The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 (1) Sentence 1 (f) GDPR.
29. meet.jit.si
On this website, we integrate content of meet.jit.si. The provider is 8×8, Inc. 675 Creekside Way, Campbell, CA 95008, USA. This content is integrated on the basis of our legitimate interest in a technically secure, maintenance-free and efficient use of video conference solutions.
You can find more detailed information about the terms of use and data protection at: https://jitsi.org/meet-jit-si-terms-of-service/ and https://jitsi.org/meet-jit-si-privacy/
The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 (1) Sentence 1 (f) GDPR.
Version: April 2023