Data Privacy Policy for our website
This data privacy policy describes how we process data from visits of our website addcraft.io and addcraft.atlassian.net.
If you are looking for our data privacy policy when using our products, see our Data Privacy Policy for our products.
addcraft GmbH (“we” or “addcraft”) values our relationships with customers and visitors of “our websites”:
addcraft.io - our “self-operated website”
addcraft.atlassian.net - our “Atlassian-hosted website”
We have implemented this Privacy Policy to inform you of the information that we collect, how we collect it and what we do with it after we collect it.
By using the websites we provide, you are consenting to the collection, use, disclosure and transfer of the information as described in this privacy statement. If you do not consent, you cannot use these websites.
Name and address of the controller
For any data you transfer to us by interacting with one of our websites, the controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is the company addcraft GmbH - see our imprint for contact and address details.
Data protection office
To review and update your personal information to ensure it is accurate, contact our data protection office.
In case you have questions about our data privacy policy, feel free to contact our data protection office via our central dispatching mail address hello@addcraft.io.
Data collected on our Atlassian-hosted website
The domain https://addcraft.atlassian.net/ is operated by Atlassian on our behalf. When you interact with pages on that domain, the following applies.
Visiting our Atlassian-hosted websites
When you visit our Atlassian-hosted websites, Atlassian Pty Ltd (“Atlassian”) collects data about you as described in their privacy policy and their cookies and tracking notice.
Whenever Atlassian acts as our data processor, the processing is governed by an Data Processing Agreement between addcraft and Atlassian.
Using our Atlassian-hosted service portal
When you use the addcraft service portal provided at https://addcraft.atlassian.net/, you may submit personal data in the request form. This data is stored and processed on our behalf by Atlassian, as described in their privacy policy.
Data collected on our self-operated website
When you visit our self-operated website, we do not collect any data (not even server log files) about your visit, with the following exceptions:
If you consent to our tracking cookies, multiple third party services are invoked and cookies are set, see below.
If you send us emails using the information provided on our website, your emails are processed as described below.
If you register for our newsletter, we process the information you provided to send you the newsletter and track your interactions with it, see below.
Our website is hosted by AWS, see below.
Cookies
Surprisingly, our self-operated website uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.
We only set cookies if you explicitly agreed to it upon entering our website. If you agreed, the following cookies are set:
gdpr-consentto remember that you consented to cookies and are not to be asked again. This cookie is saved for 365 days.Multiple cookies set by the third parties mentioned below.
You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers.
Hosting by AWS
Our website is operated by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, Washington 98109-5210, USA (“AWS”). We use the services “S3” and “CloudFront” to provide our website to you from a server in geographical proximity.
We do not create server-side log files about your visit to our website. To learn more about how AWS processes your data while delivering our website, see the AWS Data Protection Website.
Website analytics with Google Analytics
We use Google Analytics on our website. This is a service for the analysis of accesses to websites of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "Google Analytics") and allows us to improve our web offer. Using cookies, Google Analytics stores and processes the following information:
Type of Internet browser used
Internet browser version
Your operating system
Referrer (previously visited website)
Your abbreviated IP address
Time of the server request
We use the Google Analytics function to render your IP address anonymous before saving or processing. Your IP address usually is abbreviated within the European Union/EEA and only then transmitted to Google servers in the USA. Your information will be processed pseudonymously and we will not combine it with any other of your personal data.
We use the data collected in this way for statistical purposes to optimise our websites and offers. The relevant legal basis is point (f) of Article 6(1) GDPR. The reports include:
Google Display Network Impression Reporting
Google Analytics Demographics and Interest Reporting
Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
This data is only transferred to Google if you accept optional cookies when your visit to our website begins. Additionally, you have multiple options to prevent data transfer to Google:
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing such data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
You can prevent cookies from being saved either directly in your browser settings.
Retargeting advertising
We use multiple third party tools to show you advertising across the internet based on your visit to our site - but only if you agreed to cookies on your visit to our website.
Additionally, you can also manage many companies’ cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.
The legal basis for all used retargeting services is Art. 6 (1) a GDPR - your consent on the beginning of the visit of our website.
Google Ads
Our website uses 3rd party vendor re-marketing tracking cookies from Google Ads, an advertising service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "Google"). This means we will continue to show ads to you across the internet, specifically on the Google Content Network (GCN). We are not collecting any identifiable information through the use of Google’s or any other 3rd party remarketing system.
For further information on how Google processes your data, please visit their privacy policy at https://www.google.com/intl/en/policies/privacy. To permanently deactivate re-marketing functionalities in your browser, you can install an addon under the link http://www.google.com/settings/ads/plugin.
Facebook Pixel
This website uses the so-called "Facebook Pixel" of the social network "Facebook" for the following purposes:
Facebook Custom Audiences
We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.
Facebook conversions
We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.
The processing of this data by Facebook takes place within the framework of Facebook's data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.
Data recipient and joint controller
We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) for the collection and transfer of data in this process. This applies to the following purposes:
The creation of individualized or suitable ads, as well as for their optimization
Delivery of commercial and transaction-related messages (e.g. via Messenger)
The following processes are therefore not covered by joint controllership:
The process that takes place after the collection and transmission is within the sole responsibility of Facebook
The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.
We have concluded a corresponding agreement with Facebook for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership.
The contact details of the Controller and the data protection officer of Facebook can be found here: https://www.facebook.com/about/privacy.
We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights. Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.
Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR.
Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Deactivation
The “Facebook Custom Audiences” function can also be deactivated for logged in Facebook users at https://www.facebook.com/settings/?tab=ads#.
Newsletter and online marketing with Hubspot
On our website we use the HubSpot marketing automation software of the American company Hubspot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (hereinafter referred to as “Hubspot”). Hubspot is an integrated software solution by which we cover different aspects of our digital marketing, sales and customer relation management.
Concerning our website, we use Hubspot to manage the subscription to the newsletter and sending the newsletter.
Data collected in the newsletter process
In the course of subscription and newsletter marketing we collect the following data from you.
Data gathered in the form:
Form of address
First name und last name
email address
Declaration of consent
Technical data collected during the subscription:
IP address
Time of subscription and declaration of consent
Web form used for the subscription
Information on the double opt-in workflow
Further data that might be collected in the course of the newsletter marketing:
Every newsletter contains a link to a preference page on which you can specify your interests (e.g. marketing information, events) in order that we can provide you with subject-relevant information.
The personal data which you provide, e.g. when using a hubspot-based contact form or subscribing to our newsletter, are stored on the servers of our software partner HubSpot. The data processing is governed by a DPA between addcraft and Hubspot.
In the context of the registration process we will obtain your consent to the processing of the data. If you register for our newsletter, you will receive a confirmation email with a link directly after it. The link is used to verify your email address. This process is called “double opt-in” (DOI) and protects both you and us against misuse of your email address and helps to prove that the consent actually comes from the owner of the email address used.
If you provide us with your personal data during the registration, these data are always disclosed on an explicitly voluntary basis. Art. 6 (1) lit. a GDPR serves as a legal basis for the processing.
Your personal data will exclusively be used for regular dispatch of our newsletters and will not be passed on to any unauthorized third parties. The data will be stored in our marketing automation tool Hubspot for as long as the subscription is active.
You always have the possibility to withdraw your consent to the processing of your data. Every newsletter contains an unsubscribe link. Furthermore you can always send an email to hello@addcraft.io and inform us of your withdrawal. All personal data stored in the course of the newsletter subscription will immediately be deleted in the event of withdrawal of the consent to data processing and simultaneous application for erasure of data.
More information about Hubspot
Any information gathered by us is subject to this Data Privacy Statement. HubSpot is certified under the terms of the "EU - U.S. Privacy Shield Frameworks" and is subject to the TRUSTe's Privacy Seal as well as "U.S. - Swiss Safe Harbor" framework. This means that any processing of personal data by certified companies in the non-European region conforms to European data protection standards.
More information on HubSpot’s data protection regulations can be found here.
More information by HubSpot regarding the EU data protection regulations can be found here.
More information on the cookies used by HubSpot can be found here.
Email communication
Our email infrastructure is operated by Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Industrial Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”).
If you send us emails, the information you sent is stored and processed by Microsoft on our behalf. The data is stored in accordance with german commercial law: we will not delete our electronic communication data within 10 years of receiving.
The relevant legal basis is point (b) of Article 6(1) GDPR – we need to process and store the emails you sent to be able to respond to your enquiry.
Other information
Changes to this data privacy policy
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we may notify you by showing an information on the websites (where technically feasible). We encourage you to periodically review this page for the latest information on our privacy practices.
Other changes
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We may notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.
Last revision
This document was last revised in January 2021.