Privacy Policy

Thank you for visiting our website https://www.digitalpurchaseorder.com/ and for your interest in our services. When you use our website and our services, your personal data may be processed. The protection of personal data is very important to us. This privacy policy explains how we process personal data and what rights you have. This privacy policy can be accessed and printed out at any time on our website.

General Information
This privacy policy informs you about the handling of your personal data when using our website and our services. In particular, it explains which data we collect and what we use it for. It also informs you about how and for what purpose this is done.

Personal data ("data") is any information relating to an identified or identifiable person. “Processing" of data means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) as well as in the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG).

Controller
The controller is any natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

The Controller responsible for processing your data is

LeBog Software GmbH
Straßburger Str. 18
10405 Berlin
Germany
Email: info@digitalpurchaseorder.com

Scope of Data Processing
We treat your personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. We process your data only as necessary for the purpose of providing a functional and user-friendly internet presence or website and for the provision of our content and services. Failure to provide the data may have legal disadvantages, such as the impossibility of performing a contract. As part of our data processing, we use various third-party providers in the areas of hosting, online marketing, mailing services and customer relationship management (CRM), each of which processes data on our behalf (see section ‘Third-Party Tools’). We have concluded corresponding data processing agreements with these third-party providers, insofar as the third parties are processors, which ensure that an adequate level of data protection is guaranteed (Art. 28 GDPR).

Our parent company, Sargent-Disc Limited, 5-7 Baring Rd, Beaconsfield HP9 2NB, United Kingdom, is handling our customer and user data and thus has necessary access to personal data we control. Our grandparent company, Cast & Crew LLC, 2300 Empire Avenue, 5th Floor, Burbank, CA 91504, is responsible for our US customers and additional support services for all users, as well as providing different software solutions (Office365, Okta) to us. Further information on the third-party service providers we use can be found in this privacy policy. You may also contact us at any time (e.g. by email to info@digitalpurchaseorder.com).

As a matter of principle, we will only transfer or disclose your data to third parties if we have obtained your consent or if there is another legal basis for doing so. We generally process personal data within the EU/EEA. In case your data is processed outside the EU/EEA, e.g. by our (sub-)processors, compliance with European data protection standards is ensured in each case. This is done either through the recognition of the respective countries as safe by the European Commission (adequacy decision), through the conclusion of specific contracts approved by the European Commission (Standard Contractual Clauses, SCCs), or, if necessary, by obtaining your explicit consent. For further information, you can also contact us by email at info@digitalpurchaseorder.com.

Data Security

We have taken technical and organisational measures to ensure that the data protection regulations are complied with both by us and by external service providers. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption.

Processing of Personal Data
The following overview lists all types of data processed by us, the purposes of their processing, as well as the legal basis for their processing.

Visiting the Website
If you use our website without otherwise transmitting data to us (e.g. by using the contact form), we collect the following data on our web server temporarily and anonymously via server log files:

website from which our website was requested (so-called referrer URL)
name and URL of the requested website
date and time of access to the website
description of the type, language and version of the web browser used
IP address of the requesting computer, which is shortened in such a way that it is no longer possible to establish a personal reference.
message whether access was successful (access status/ HTTP status code)
internet service provider of the accessing system
amount of data transferred in each case
operating system used and its interface
the GMT time zone difference
when using a mobile device, if applicable, additionally: country code, language, device name, name of the operating system and version.

This processing is technically necessary in order to be able to display our website to you. We also use the data for statistical evaluations to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. The processing of the aforementioned data is necessary for the provision of the website and to ensure the stability and operational security of the website and thus serves to protect a legitimate interest of our company. We also use the data to fulfil our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. c GDPR.

Registration

You can register on our website. Your email address is required for signing up. After registration, you will receive an email to confirm the registration ("double opt-in"). As part of the registration process, you will be provided with the required mandatory data. The processed data includes in particular the login information (email address, password).

Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so.

We process the following data

inventory data (e.g. name, address)
contact data (e.g. email address, telephone number if applicable)
content data (e.g. entries in the online form)
device data (device name, country code if applicable, language, name of operating system and version)
connection data (IP address, mail provider)
date and time of registration and confirmation.

Processing during registration is carried out on the basis of our legitimate interests for the performance and/or initiation of a user contract, for the provision of customer service, for the administration and/or answering of enquiries, and as a security measure (legal basis: Art. 6 para. 1 p. 1 lit. b GDPR contract performance and pre-contractual enquiries; Art. 6 para. 1 p. 1 lit. f GDPR legitimate interests).

If you have terminated your user account, your data relating to the user account will be deleted, subject to any legal permission, obligation or consent on your part. It is your responsibility to back up your data if you have terminated your account before the end of the contract. Subject to any legal permission, obligation or consent on your part, we are entitled to irretrievably delete all data stored during the term of the contract.

Contact and Emails

If you write to us, e.g. by sending us an email or contact us via the contact form, we store the contact data provided by you, such as name, address, mobile phone number, email and the information provided in your enquiry. Insofar as you contact us in the context of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of dealing with and answering your contact enquiry on the legal basis of Art. 6 para 1 p. 1 lit. b GDPR. Insofar as you have consented to the processing for the purpose of answering your enquiry, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. Otherwise, we process your data to protect our legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR for the purpose of responding appropriately to customer/contact enquiries.

Newsletter

You have the possibility to subscribe to our newsletter. With our newsletter we inform you about us and our offers. Only your email address is required to register for the newsletter. If you register for the newsletter, your email address will be transmitted to us (or our mail provider) and stored there. After registering, you will receive an email to confirm your registration ("double opt-in"). In this context, we (or our mail provider) process the following data:

inventory data (e.g. name, address)
contact data (e.g. email address, telephone number if applicable)
content data (e.g. entries in the online form)
device data (device name, country code if applicable, language, name of operating system and version)
connection data (IP address, mail provider)
date and time of registration and confirmation.

We use the provider Mailchimp, Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to send the newsletter. Mailchimp is a service with which the sending of newsletters can be organized and analyzed. For this purpose, we forward your email address and the information whether you have signed up for the newsletter and/or for further product information to Mailchimp.

With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (known as a web beacon) connects to the Mailchimp servers in the USA. This allows us to determine whether a newsletter message was opened and which links were clicked. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information is used for the statistical evaluation of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. Our newsletter is sent on the basis of your prior express consent, Art. 6 para. 1 p. 1 lit. a GDPR. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in efficient and secure delivery. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR.

The following applies to the processing of data by Mailchimp in the USA: We have concluded a contract with Mailchimp containing Standard Contractual Clauses (SCCs) within the meaning of Art. 46(2)(c) GDPR, in which Mailchimp undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. Further information on data protection at Mailchimp can be found at https://www.intuit.com/privacy/statement/.

You can revoke your consent to the processing of data for the purpose of sending the newsletter or the evaluation of the associated data at any time. The revocation can be made via a link contained in each newsletter or by sending a separate message to us.

Processing of Payments

We offer the option to complete the payment process via the payment service provider PayPal (privacy policy: https://www.paypal.com/myaccount/privacy/privacyhub; website: https://www.paypal.com/de/home). When you use PayPal to pay for our services, the following data is processed and passed on to PayPal to the extent necessary for the performance of the contract:

Name of the cardholder
Email address
Customer number
Order number
Bank details
Credit card details
Period of validity of the credit card
Credit card verification number (CVC)
Date and time of transaction
Transaction amount
Name of the provider
Place.

This corresponds to our legitimate interest in offering an efficient and secure payment method (legal basis: Art. 6 para. 1 p. 1 lit. f GDPR). In this context, we pass on the following data to PayPal insofar as it is necessary for the performance of the contract (legal basis: Art. 6 para. 1 p. 1 lit b GDPR).

Data Processing of Applicants
When you apply for a job with us, we process the information and personal data you provide for the purpose of managing the application process. This data includes your name, email address, address and telephone number, age, work history, qualifications, country of residence, language skills and any other personal information you provide as part of your interaction with us. We may also ask you for additional information required during the hiring process and for the job offer, such as your date of birth and your employment documents. Processing may also take place electronically. This is particularly the case when an applicant submits relevant application documents to us electronically, for example by email. We process your personal data for the establishment and performance of the employment relationship with you (Art. 6 para 1 p. 1 lit. b GDPR in conjunction with Section 26(1) BDSG). If you have consented to the processing for the purpose of handling your application, the legal basis is Art. 6 para 1 p. 1 lit. a GDPR in conjunction with Section 26(2) BDSG. Insofar as special categories of personal data (e.g., health data) are processed, this is done on the basis of your consent pursuant to Art. 9 para 2 lit. a GDPR in conjunction with Section 26(3) BDSG.

In the event that we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests prevent deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG).

Cookies are small text files that are stored on the end device used and saved by the browser. Cookies serve to make our offer more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our offers function properly or that you are recognised on your end device after successful registration ("necessary cookies”). By placing these necessary cookies, we make it easier for you to visit our offers and use the services available there. We place other cookies to analyse user preferences and thus improve our offers ("advanced cookies”).

We only place advanced cookies with your consent. When you visit our services for the first time, you will see a pop-up explaining cookies. Once you click on the relevant consent button, you agree to our use of the particular cookies selected, each of which is described in the pop-up as well as in this Privacy Policy. If you want to manage your consent or receive further information on the cookies used on our website, please click on the button "Cookie settings" on the bottom left side.

When cookies are used, the following data is processed depending on the browser setting:

usage data (e.g. websites visited, interest in content, access times),
meta/communication data (e.g. device information, IP addresses)
location data (data indicating the location of an end user's terminal device).

If personal data is processed when necessary cookies are used, this is based on Art. 6 para. 1 p. 1 lit. f GDPR in conjunction with Sec. 25 para. 2 TDDDG due to legitimate interests of quality assurance and a technically flawless presentation of the website. The processing of personal data when using advanced, non-essential cookies is based on your consent (Art. 6 para. 1 p. 1 lit. a GDPR in conjunction with Sec. 25 para. 1 TDDDG).

Third-Party Tools

We use, in particular, the following third-party providers:

Pendo
We use Pendo (“Pendo”, Pendo.io, Inc., located at: 150 Fayetteville St Raleigh, NC, 27601-1395 United States) for analysis of the usage of our service. If you provide the corresponding consent, Pendo enables us to track your usage of the service, e.g. which features you use or from where you access the service. Pendo also uses cookies. The usage is transmitted to our and Pendo’s server and stored there for further analysis. The usage information will not be passed on to third parties. Pendo is a so-called processor within the meaning of Art. 28 GDPR and may process such data only as instructed by us.

The processing of your data is based on consent pursuant to Art. 6 para. 1 p.1 lit. a GDPR in conjunction with Sec. 25 para. 1 TDDDG. When using the service, your data is transferred to the USA. We have therefore concluded a contract with Pendo with standard contractual clauses (SCCs) within the meaning of Art. 46 para. 2 lit. c GDPR, in which Pendo undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. Further information on data protection at Pendo can be found at https://www.pendo.io/legal/privacy-policy/.

Plausible Analytics

We use the service Plausible Analytics to analyze the use of our website. The service is provided by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.

Plausible Analytics is a privacy-friendly web analytics platform that operates without cookies and without collecting or storing personal data. The service is used to generate usage statistics for our website, such as page views, visit duration, referral sources, and other aggregated metrics. No personal data of website visitors is collected, no IP addresses are stored, and no persistent identifiers are used. The processing is carried out exclusively in aggregated form and does not allow the identification of individual persons.

The use of Plausible Analytics serves the purpose of analyzing, optimizing, and improving our online offering, as well as collecting structural usage data, without creating individual user profiles.

The legal basis for the processing is Article 6(1), first sentence, lit. f GDPR (legitimate interest in the privacy-friendly analysis of website usage). As no personal data is collected, consent from the data subjects is generally not required and no cookies are used.

Further information on data processing by Plausible Analytics can be found in Plausible’s privacy policy: https://plausible.io/privacy.

Okta
We use Okta (“Okta”, Inc., 101 1st Street, San Francisco, CA 94105, USA), a cloud-based identity management service. Okta provides a secure single sign-on service. We use Okta for the purpose of registering for our services and products. Okta is a so-called processor within the meaning of Art. 28 GDPR and may process such data only as instructed by us.

The processing of your data is based on consent pursuant to Art. 6 para. 1 p.1 lit. a GDPR. Okta may transfer your personal data to the USA and Okta’s affiliates, service providers and third parties located in other countries, where a comparable level of protection of data to the EU may not exist. We have therefore concluded a contract with Okta with standard contractual clauses (SCCs) within the meaning of Art. 46 para. 2 lit. c GDPR, in which Okta undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. Further information on data protection at Okta can be found at https://www.okta.com/privacy-policy/.

hCaptcha

We use hCaptcha (hereinafter "hCaptcha") on our website. The provider is Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA (hereinafter "IMI").

hCaptcha is used to check whether data entered on this website (e.g., in a contact form) has been entered by a human or by an automated program. To achieve this, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor accesses a page on our website with hCaptcha enabled. hCaptcha evaluates different types of information (e.g., the IP address, time spent on the website, or mouse movements made by the user). The data collected through this analysis is transmitted to IMI. When hCaptcha is used in "invisible mode," the analysis runs entirely in the background, and visitors to the website are not informed that an analysis is taking place.

The storage and analysis of data is based on Art. 6 para. 1 p. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its online offerings against abusive automated scanning and spam. If consent is requested, data processing will be based exclusively on Art. 6 para. 1 p. 1 lit. a GDPR and Sec. 25 para. 1 TDDDG, insofar as the consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Your data may be transmitted to countries outside the EU, particularly the USA. IMI is certified under the EU-US Data Privacy Framework (DPF) and is committed to complying with European data protection principles.

For more information on hCaptcha, please refer to the Privacy Policy and Terms of Service at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

Amazon Textract
We use Amazon Textract, a cloud service provided as part of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (“AWS”) (privacy policy: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2023-09-22.pdf ; website: https://aws.amazon.com/de/textract/ ), to extract printed or handwritten text from documents, images or PDF files scanned by the Customer. Amazon Textract uses AI and ML methods to extract texts and recognise structures or relationships in the documents. The concerned data may vary depending on the extracted text and can especially involve names, address and bank details. The processing of this data is necessary to fulfil our contract with you, if you have opted to use that service, the legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

Microsoft 365
We use Microsoft 365 (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). Microsoft 365 is a productivity, collaboration and exchange platform for individual users, teams, communities and networks that can be used across organisational units. When Microsoft 365 applications are used, personal data about you can be processed. Microsoft is a so-called processor within the meaning of Art. 28 GDPR. We have carefully selected our external service providers who act as processors, concluded contracts with them on data processing and regularly review them. Please note that this privacy policy only informs you about the processing of your personal data by us in the context of using Microsoft 365. Microsoft reserves the right to process data for its own legitimate business purposes. We cannot influence these data processing operations by Microsoft. If you require information about processing by Microsoft, please refer to their privacy policy or contact them directly: https://privacy.microsoft.com/en-us/data-privacy-notice. The processing of your personal data in connection with the use of Microsoft 365 is carried out on the basis of Art. 6 para. 1 p. 1 lit. b GDPR insofar as the processing is necessary for the performance of a contract, and on the basis of Art. 6 para. 1 p. 1 lit. f GDPR insofar as our legitimate interests in a secure and efficient communication and collaboration environment prevail. Our legitimate interests particularly lie in the execution of our business processes, internal and external communication, and the secure management of workflows.

Calendly

We use the scheduling tool Calendly on our website to arrange consultation appointments with you. Calendly, provided by Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA, offers an integrated online calendar through which you can conveniently request and select an appointment. Your contact details (name and email address) as well as meta/communication data (e.g., IP address) will be transmitted to Calendly and processed there.

The legal basis for data processing is Art. 6 para. 1 p.1 lit. f GDPR, as we have a legitimate interest in making the appointment scheduling process as simple as possible. If consent is requested, Art. 6 para. 1 p. 1 lit. a GDPR serves as the legal basis for data processing. You may withdraw your consent to the processing of your personal data at any time.

Your data may be transferred to countries outside the EU, particularly the USA. Calendly is certified under the EU-US Data Privacy Framework (DPF) and is committed to complying with European data protection principles.

For more information on data processing by Calendly, please refer to their Privacy Policy at https://calendly.com/legal/privacy-notice.

Crisp

We use the live chat service ‘Crisp’, a service provided by Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France, to enable visitors and users of our website to contact us quickly and easily via a chat window and to support our customer support. When you use the chat function, Crisp processes personal data on our behalf that you provide when using the chat or that is generated in the course of the technical provision of the service. This includes, in particular, inventory and contact data provided by you, such as your name and email address, the chat content you transmit, including any attachments, as well as usage, device and connection data, such as the date and time of communication, pages accessed, browser type and version, operating system, referrer URL, language settings, a shortened IP address and a session ID.

Crisp uses cookies and similar technologies in the context of providing the chat service, which are technically necessary to provide the chat function, maintain an ongoing conversation and recognise you during a session. The processing of your personal data in connection with the use of Crisp is based on our legitimate interests in providing an efficient, user-friendly communication and support channel in accordance with Art. 6 para. 1 p. 1 lit. f GDPR and, insofar as the communication serves to initiate or execute a contractual relationship with you, on the basis of Art. 6 para. 1 p. 1 lit. b GDPR. The use of the technically necessary cookies required for this purpose is based on Section 25 para. 2 TDDDG.

Crisp acts as a processor within the meaning of Art. 28 GDPR and processes personal data exclusively in accordance with our instructions and under our control. We have concluded a data processing agreement with Crisp, which ensures an adequate level of data protection. According to Crisp, the data is processed exclusively on servers within the European Union; no personal data is transferred to third countries in this context. Further information on data processing by Crisp can be found in Crisp's privacy policy at https://crisp.chat/de/privacy/.

Sipgate

We use the service Sipgate GmbH, Gladbacher Straße 74, 40219 Düsseldorf, Germany, to handle our business telephone communications.

Sipgate is a provider of Voice-over-IP (VoIP) telephony services and provides us with telephone numbers as well as functions for making and managing phone calls. In the course of using Sipgate, the following personal data may in particular be processed: incoming and outgoing telephone numbers, date and time of calls, call duration, where applicable IP addresses, and where applicable voice data (e.g. when using voicemail functions). The processing of this data is carried out for the purpose of conducting and handling telephone communications and ensuring the technical functionality of the service.

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest in efficient and secure communication) and, insofar as contractual relationships are concerned, Art. 6 para. 1 p. 1 lit. b GDPR.

Further information on data processing by Sipgate can be found in Sipgate’s privacy policy at: https://www.sipgate.de/datenschutz

Answer4u

We use the service Answer4u, provided by Integrated Communication Services (ICS) Limited, Pinfold House, Talbot Street, Nottingham, NG1 5GL, United Kingdom, to support our telephone availability and the professional handling of incoming calls. Answer4u offers call handling services, virtual receptionist services, message forwarding, and similar services, which manage communication with callers on our behalf.

In the course of using this service, the following personal data may be processed: telephone number and, where applicable, the caller’s name; date, time, and duration of the call; content of the communication (e.g. messages conveyed, inquiries, call notes); messages forwarded via email, SMS, or a customer portal; and, where applicable, technical connection data required to provide the telephone service.

The processing of this data is carried out for the purpose of receiving, pre-qualifying, forwarding, and handling calls, as well as ensuring professional communication within the scope of our business relationships.

The legal bases for the processing are in particular Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the processing is necessary for the performance of pre-contractual or contractual obligations towards the callers, and Art. 6 para. 1 p. 1 lit. f GDPR, insofar as the processing serves our legitimate interests in functional and efficient customer communication.

Further information on data processing by Answer4u can be found in Answer4u’s privacy policy at: https://www.answer-4u.com/privacy-cookie-policy?utm_source=chatgpt.com

Freshdesk

We use the service Freshdesk, a software solution provided by Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA, to process inquiries and to organize and document communications.

Freshdesk is a cloud-based ticketing and support system that allows incoming inquiries (e.g. via email or contact forms) to be recorded, managed, and responded to. In the course of using Freshdesk, the following personal data may in particular be processed: name and contact details (e.g. email address, telephone number), content data of the inquiry (e.g. messages, attachments), communication and history data (e.g. timestamps of inquiries, status, processing history), and, where applicable, technical metadata (e.g. IP address).

The processing of personal data is carried out for the purpose of handling, responding to, and documenting inquiries, as well as improving our internal workflows and service quality.

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the inquiry is related to the performance of pre-contractual or contractual measures, and Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest in efficient, structured, and traceable communication).

Your data may be transferred to countries outside the EU, in particular to the United States. Freshworks Inc. is certified under the EU–US Data Privacy Framework (DPF) and has committed to complying with European data protection principles.

Further information on data processing by Freshdesk can be found in Freshworks’ privacy policy at: https://www.freshworks.com/privacy/

monday.com

We use the service monday.com, a platform provided by monday.com Ltd., 6 Yitzhak Sadeh Street, Tel Aviv, Israel, 677750, to organize, process, and document inquiries as well as internal service and support processes.

monday.com is a cloud-based work and service management platform through which inquiries and tickets can be recorded, managed, and processed. In the course of using monday.com, the following personal data may in particular be processed: name and contact details (e.g. email address, telephone number), content of inquiries, tickets, and other communications, processing and history data (e.g. status, timestamps, internal notes), and, where applicable, technical metadata (e.g. IP address).

The processing of the data is carried out for the purpose of handling and managing inquiries, documenting communication and service processes, and improving our internal workflows.

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the processing is necessary for the performance of pre-contractual or contractual measures, and Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest in an efficient, structured, and traceable organization of service and communication processes).

Further information on data processing by monday.com can be found in monday.com’s privacy policy at: https://monday.com/l/privacy/privacy-policy/

Social Media

We are present on various social media platforms and process user data within this framework in order to communicate with users active there or to offer information about us. User data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Social Media Services used and Service Providers

X (formerly Twitter), Twitter X Corp., Inc, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, website: https://www.twitter.com; privacy policy: https://twitter.com/de/privacy
LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; website: https://de.linkedin.com/; privacy policy: https://www.linkedin.com/legal/privacy-policy
YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; website: https://www.youtube.com/; privacy policy: https://policies.google.com/privacy
Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy
Facebook, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy

Other Processing Purposes

We also process your personal data in order to fulfil other legal obligations that we may have in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process your personal data in accordance with Article 6 para. 1 p. 1 lit. c GDPR (legal basis) to fulfil a legal obligation to which we are subject.

We also process your personal data in order to be able to assert our rights and enforce our legal claims. We process your personal data in order to be able to defend ourselves against legal claims and insofar as this is necessary for the defence or prosecution of criminal offences. We process your personal data on the legal basis of Art. 6 para. 1 p. 1 lit. f GDPR to protect our legitimate interests, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences.

Storage and Deleting of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not necessary for the purpose). This means that we only store your personal data for as long as it is required for the respective processing purpose and limit the storage period to the minimum necessary. In addition, we only store your data if we are entitled or obliged to do so in accordance with statutory retention periods (for example in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). Our privacy policy may also contain further details on the retention and deletion of data, which have priority for the respective processing.

Your Rights
You have the following rights:

the right to information and access to your personal data,
the right to correction,
the right to deletion,
the right to restrict processing,
the right to data portability,
the right to revoke your consent with effect for the future,
the right to object (see under “Right to Object”).

In addition, you also have the right to lodge a complaint with a data protection supervisory authority.

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 p. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

The objection can be made via the contact options described in this privacy policy.

Disclosure of Data / Third Country Transfers
As a matter of principle, we only pass on your data to third parties if you have consented to this or if there is another legal basis. If we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are met and that your data is processed in the third country concerned in accordance with the European data protection standard. This is done either through the recognition of the respective countries as safe by the European Commission (adequacy decision), through the conclusion of specific contracts approved by the European Commission (Standard Contractual Clauses, SCCs), or, if necessary, by obtaining your explicit consent.

Linked Content
This privacy policy applies to this website only. However, the website may also contain external links or hyperlinks to Internet pages of other providers. They are to be distinguished from our own content. This third-party content does not originate from us, nor do we have any influence on the content of third-party sites. If you are forwarded to other pages via links within the website, please inform yourself there about the respective handling of your data.

Automated Decision Making / Profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

Amendment of this Privacy Policy
This privacy policy is currently valid and corresponds to the status of January 2026 . Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy.

If you have any questions with regard to the processing of your data, feel free to contact us at any time.

Privacy Policy

Over 100,000 users trust Digital Purchase Order