Privacy Policy

The protection of the confidentiality, integrity and availability of the data that we collect, process or store on our website and in connection with the use of the Langdock Platform is very important to Langdock. Security procedures are in place to protect the confidentiality of your data. This Privacy Policy informs you about the type, scope and purposes of the processing of personal data in the context of the use of our website https://www.langdock.com/de/, our social media accounts and in connection with the use of the Langdock Platform, to the extent we are responsible for the data processing, and about the rights to which you are entitled as a data subject. Personal data is data that (directly or indirectly) relates to you as an individual and allows for conclusions as to your identity, such as your name, gender, address or user behavior on a website.

If you have any further questions regarding data protection or data processing, please do not hesitate to contact us at any time using the contact details provided below.

Controller, Contact and Data Protection Officer

The controller within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) for the data processing described in this Privacy Policy is

Langdock GmbH ("Langdock", "we" or "us")
Greifswalder Straße 212, 10405 Berlin
E-Mail: support@langdock.com

For further information about our company, please refer to the legal notice on our website.

Our Data Protection Officer is

heyData GmbH, Schützenstraße 5, 10117 Berlin, which can be contacted under datenschutz@heydata.eu if you have any questions or concerns about data protection.

1. Data processing when visiting our website

In order to ensure a trouble-free connection and convenient use of our website and to increase the attractiveness of our services, certain personal data is automatically processed when you access our website, such as information about the browser and operating system you are using. This log data is collected automatically and stored as a log data record ("Server Log Files"). This data includes:

• IP address of the end device from which our website is accessed;
• The URL of the website from which our website was accessed (origin or referer URL);
• The date and time of access;
• Content of the request (specific page);
• The information whether the call was successful (access status/HTTP status code);
• The amount of data transferred in each case;
• The device (PC, mobile phone), the operating system and details of the Internet browser used;
• Language and version of the browser software.

These data are stored in an encrypted format and are deleted at regular intervals upon our request.

The legal basis for this processing is our legitimate interest in the error-free provision of our website pursuant to Art. 6 (1) lit. f) GDPR.

When using our platform, additional personal data may be processed in addition to the technical data mentioned above, in particular if error messages occur. In these cases, logged information (e.g. technical details about the session, user ID, IP and MAC address, or session-specific information) is collected in order to analyze and correct errors and to continuously improve the stability and reliability of our platform.

The data is processed exclusively to ensure the stable and secure operation of our platform. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR; it will not be used for any other purpose.

2. Requests by email or via our chatbot, customer service

If you contact us by email or send us a message via the chatbot provided on our website, the personal data transmitted with the email or entered in the message field of the chatbot (in particular contact and communication data) will be stored by us together with your request. In the context of support communication, personal data such as email addresses, names, and the content of support messages may be processed. Langdock uses this data exclusively to process your request. Our employees have been sensitized to handle customer data confidentially and securely and are contractually obliged to maintain confidentiality.

Furthermore, personal data such as names, email addresses, telephone numbers, and the content of the respective communication are processed for the structured management of customer relationships and for the internal presentation and processing of customer data in the context of support requests.

The legal basis for this processing is Art. 6 (1) lit. f.) GDPR or Art. 6 (1) lit. b) GDPR if the request is aimed at concluding a contract. The data will be deleted if the purpose of the processing no longer applies, e.g. the request has been finally answered. We may be required to store this data for a longer period of time due to statutory retention obligations, for example because your contact request is related to a contract or a warranty claim. In this case, we will delete your data at the latest upon expiry of the statutory retention period (Section 147 (3) AO), i.e. after 10 years, starting from the conclusion of the contract, without you having to request us to delete this data.

3. Direct advertising

If you conclude a fee-based contract for the use of our services and provide your email address, Langdock may use this email address for direct advertising for similar goods or services. You have the right to object to the use of the e-mail address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. For this purpose, each email contains an unsubscribe link. Alternatively, you can object at any time by sending an email to support@langdock.com.

The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. You can object to data processing for the purpose of direct advertising at any time without giving reasons.

To verify email addresses, email addresses and, if applicable, associated names are processed in order to ensure the validity of the addresses provided and to maintain the quality of our communication.

This processing is based on our legitimate interest in ensuring proper and secure communication with valid email addresses (Art. 6 (1) lit. f GDPR).

4. Processing of personal data when registering a customer account

It is possible to create a customer account on our website. A customer account is required to activate a free trial period for our Platform or to subscribe to fee-based services. If you would like to register a customer account, we will send a confirmation link to the e-mail address you have provided, which can be used to access the registration screen and enter the required information. The data processed by us as part of the registration process includes in particular

• IP address of the end device from which the registration is made;
• The date and time of registration;
• Your contact details, e.g. your name, email address, phone number;
• The name of the company you work for;
• Address data.

The legal basis for the processing of data in connection with registration is Art. 6 (1) lit. b) GDPR.

The data will be deleted if the purpose of the processing no longer applies, e.g. when you delete your customer account. In some cases, we may be required to store this data for a longer period of time due to statutory retention obligations.

5. Processing of personal data for paid subscriptions

In addition to the free trial period, you also have the option of subscribing to paid services on the website via your customer account. If you purchase a subscription via our website, we process the following data:

• IP address of the end device from which the order is placed;
• The date and time of the order;
• Contact details such as your email address;
• Payment data;
• The subscription you have chosen;
• Any other additional data provided by you during the registration process (e.g. an added "promo code").

In order to process payments, we transfer the necessary payment data to the payment service provider we have commissioned.

We only process the Stripe Subscription ID for payment processing. The processing is necessary for the conclusion and fulfillment of the contract. The legal basis for this data processing is Art. 6 (1) lit. b) GDPR.

The data will be deleted when the purpose of processing no longer applies, e.g. when you terminate your subscription. In some cases, we may be required to store this data for a longer period of time due to statutory retention obligations. In this case, we will delete your data at the latest upon expiry of the statutory retention period (Section 147 (3) AO), i.e. after 10 years, starting from the conclusion of the contract, without you having to request us to delete the data.

6. Processing of personal data when participating in the partnership program

If you participate in our partnership or affiliate program, we process certain personal data for the purpose of processing and managing your partnership. The data processed includes, in particular:

• Your name, email address, and postal address;
• Bank details or payment details of partners for the settlement of commissions
• and other information necessary for the verification or processing of the cooperation.

This data is processed on the basis of Art. 6 (1) lit. b GDPR (performance of a contract) and on the basis of our legitimate interest in the efficient administration of our affiliate program in accordance with Art. 6 (1) lit. f GDPR.

7. Use of processors

To provide the services listed above, we use carefully selected external service providers who process personal data on our behalf. This particularly applies to activities such as hosting and provision of technical infrastructure, customer service and support, communication (e.g. by email or chat), payment processing, analysis and validation of data, as well as our partner program and internal administrative processes.

Data Processing is carried out exclusively on the basis of data processing agreements in accordance with Art. 28 (3) GDPR. Our service providers are contractually obliged to process personal data only in accordance with our instructions and in compliance with high data protection standards. Where possible, data processing takes place within the European Union or the European Economic Area.

8. Data transfer to third countries

As a matter of principle, we process personal data on servers located within the European Union in compliance with the highest security standards.
However, in the course of providing our services, certain data may be transferred to service providers in so-called "third countries," i.e., countries outside the EU or the European Economic Area (EEA) where the GDPR does not apply directly. Such data transfers only take place under the conditions of Art. 44 ff. GDPR.

In particular, this means:

• A transfer is permissible if the European Commission has determined that an adequate level of data protection exists in the respective third country ("adequacy decision"). A current list of these countries can be found here:
  https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
• If no such adequacy decision has been made, personal data will only be transferred if appropriate safeguards are in place, such as the conclusion of EU standard contractual clauses or if the receiving company is certified under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/). Alternatively, a transfer may also take place if a legally provided exception pursuant to Art. 49 GDPR applies.

If you have any questions about specific data transfers to third countries or would like to receive a copy of the applicable safeguards (e.g., standard contractual clauses), you can contact support@langdock.com at any time.

9. Duration of storage of your personal data

Unless we have specified a shorter storage period in this Privacy Policy, we generally only store personal data (i) for as long as is necessary to provide the services to you and/or (ii) for as long as is necessary with regard to the contractual relationship with you; the data will subsequently only be stored if and to the extent that we are obliged to do so due to statutory retention obligations. If the relevant personal data is no longer required for the purposes described above, such personal data will only be stored for the duration of the respective statutory retention obligations and will not be processed for any other purposes.

10. Cookies and similar technologies

We use cookies and similar technologies (e.g. pixels) on our website or Platform. Cookies are text files that your browser automatically creates and stores on your end device. These cookies store different types of information. Some of the cookies are deleted when you end your browser session ("session cookies"). In some cases, the cookies remain stored on your end device, for example to recognize you as a returning user when you next visit our website or our Platform.

You can prevent the use of cookies by adjusting the settings of the browser you are using. You can find more information for the respective browsers under the following links:

• Internet Explorer:
  http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
• Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
• Firefox:
  https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
• Safari:
  https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
• Opera:
  https://help.opera.com/de/latest/web-preferences/#cookies

We would like to point out that deactivating cookies can significantly impair the functionality of the website or Platform or that some functions on our website or Platform can then no longer be used properly.

We use the following types of cookies:

Necessary cookies

These are cookies that are absolutely necessary for the functionality and provision of our website. The legal basis for accessing or storing information on your end device is Section 25 (2) No. 2 of the Telecommunication and Digital Services Data Protection Act (TDDDG); the legal basis for the associated data processing is our legitimate interest in the provision and convenient use of our website within the meaning of Art. 6 (1) lit. f) GDPR.

Analysis & Statistics

We also use certain cookies to statistically evaluate and improve the use of our website and Platform. The legal basis for accessing or storing information on your end device is your consent in accordance with Section 25 (1) TDDDG; the legal basis for the associated data processing is your consent in accordance with Art. 6 (1) lit. a) GDPR.

When you visit our website, you can use a cookie management tool (“cookie banner”) to manage your cookie settings and give your consent to the use of cookies or revoke your consent at any time. Further information on the use of these technologies can also be found in the cookie banner.

You can adjust your settings at any time in the footer of our website under "Cookies" by calling up the cookie banner again.

11. Our social media presence

If you use your profile on X (X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland), or LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to contact us (e.g. by sending us a private message), we will process the data provided exclusively for the purpose of contacting you. The legal basis for data processing is our legitimate interest in responding to your request within the meaning of Art. 6 (1) lit. f) or Art. 6 (1) lit. b) GDPR if the request is made in connection with the conclusion or performance of a contract. We delete this data after four weeks at the latest, as soon as storage is no longer necessary or if you request us to delete it.

12. Your rights with regard to the processing of personal data

The persons affected by the processing of personal data have the following rights:

• Right to information about the personal data processed by us, the processing purposes, categories of recipients, the duration of storage or the criteria for determining the storage period, the origin of the data, your rights as a data subject, the existence of automated decision-making including profiling and the appropriate safeguards when transferring data to a third country and the right to receive a copy of your personal data;
• Right to rectify inaccurate or incomplete personal data;
• Right to delete personal data if the purpose of the processing no longer applies, consent is withdrawn or there is no other legal basis or the data has been processed unlawfully or you have objected to the processing;
• Right to restriction of processing;
• Right to data portability if the data processing is based on consent pursuant to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) or on a contract pursuant to Art. 6 (1) lit. b) GDPR;
• Right to object to the processing if the processing is based on legitimate interests pursuant to Art. 6 (1) lit. f) GDPR.
• If you have consented to the processing of personal data, you can withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to object to direct advertising

If you object to data processing for direct marketing purposes, we will no longer process your personal data for these purposes. You can object at any time by e-mail to support@langdock.com or using the postal address given above.

You also have the right to complaint with a supervisory authority if you are of the opinion that the processing of your personal data is unlawful.

We will update our privacy policy if this is necessary due to factual or legal changes or to take account of technical or economic developments. We will inform you of such changes in advance in an appropriate manner. If you continue to use our services after receiving a corresponding notification from us, we may assume that you accept the changes to the privacy policy.