Privacy Policy
1.1 Privacy Statement
We appreciate your visit to our website and your interest in our company, products, and services. The protection of your personal data is very important to us. Riverbird GmbH (hereinafter referred to as “Riverbird,” “we,” or “us”) attaches great importance to the security of user data and compliance with data protection regulations.
Riverbird websites may contain links to websites of other providers to which this privacy policy does not extend. We have no knowledge of or influence over what data the operators of these sites may collect. Information can be found in the privacy policy of the respective site.
Below, we provide detailed information about how we handle your data.
1.2 Definitions
The privacy policy is based on the terminology of the General Data Protection Regulation (GDPR).
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”) (Art. 4 No. 1 GDPR). Your personal data includes information such as your master data (first and last name, address, and date of birth), your contact details (telephone number, email address), your billing information (bank details), and much more.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or other forms of provision, comparison or linking, restriction, erasure or destruction.
“Data subject” is any identified or identifiable natural person whose personal data is processed by the controller.
1.3 Collection and processing of personal data
In principle, it is possible to use our website without providing any personal data. However, if you wish to use special services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
2 Collection and processing of personal data
2.1 Anonymous data collection
You can visit our site without actively providing any personal information. However, we automatically store access data without personal reference (server log files), such as the name of your Internet service provider, the operating system used, the website from which you visit us, the date and duration of the visit, or the name of the requested file, as well as the IP address of the computer used for security reasons, e.g., to detect attacks on our websites. This data is evaluated exclusively for the purpose of improving our offering and does not allow any conclusions to be drawn about your person. This data is not merged with other data sources. The legal basis for the processing of the data is Art. 6 (1) GDPR. We process and use the data for the following purposes: 1. Provision of the Riverbird websites, 2. Improvement of our websites, and 3. Prevention and detection of errors/malfunctions and misuse of the websites. Data processing of this kind is carried out either to fulfill the contract for the use of the Riverbird websites or because we have a legitimate interest in ensuring the functionality and error-free operation of the Riverbird websites and in adapting these websites to the requirements of users.
2.2 Use of cookie tracking
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on our websites. This is a standard Internet technology for storing and retrieving login and other usage information for all users of Riverbird websites. Cookies are small text files that are stored on your device. They enable us, among other things, to store user settings so that our websites can be displayed in a format tailored to your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser the next time you visit (so-called persistent cookies).
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Cookies can also be deleted retrospectively to remove data that websites have stored on your computer. Instructions for doing this can be found quickly on the Internet. Deactivating cookies may lead to some restrictions in the functionality of the Riverbird websites.
2.3 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
If you do not want Google to receive data from your browser when you visit the pages, you can find the link to the opt-out solution for Google Analytics here: http://tools.google.com/dlpage/gaoptout?hl=de. This plug-in prevents the browser from requesting the Analytics code, so that Google does not receive any data when you visit the site. The plug-in is only available for Internet Explorer 7 and 8, Firefox 3.x, and Chrome. According to Google, the browser blocks the Google Analytics script after installation. For more information on terms of use and data protection, please visit http://www.google.com/analytics/terms/de.htmlbzw. at http://www.google.com/intl/de/analytics/privacyoverview.html.
This website uses the “demographic characteristics” feature of Google Analytics. This allows reports to be generated that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be attributed to any specific person. You can deactivate this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection.”
2.4 Google Remarketing
This website uses Google Remarketing technology from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This is a retargeting technology that enables us to target visitors to our website with targeted advertising on the websites of the Google advertising network. The advertising is displayed through the use of cookies.
For this purpose, cookies are placed on your computer, which third-party providers, including Google, use to track which of our websites you have visited with your browser. With the help of this information, our ads can then be presented to you at a later time on other websites, e.g., in the context of Google searches or on websites in the Google network. For more information about Google’s privacy policy and how remarketing works, please visit: https://www.google.de/intl/de/policies/privacy/. You can also disable the storage of cookies by adjusting your browser settings and/or opt out of Google Remarketing at https://www.google.com/policies/technologies/ads/widersprechen.
2.5 Google AdWords
Riverbird also uses Google Conversion Tracking, an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google AdWords places a cookie on your computer (“conversion cookie”) if you have reached our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that someone has clicked on the ad and been redirected to our site. Each AdWords customer receives a different cookie. Cookies cannot therefore be tracked across the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies through an appropriate setting in your browser software (deactivation option). You will then not be included in the conversion tracking statistics. For more information on terms of use and data protection, please visit: http://www.google.de/policies/privacy/.
2.6 Google Ajax search API
The JavaScript code of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google) is reloaded on our site. If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to Google. We do not know what data Google links to the data it receives and for what purposes Google uses this data. To prevent the execution of JavaScript code from Google altogether, you can install a JavaScript blocker for your browser.
For more information on terms of use and data protection, please visit: http://www.google.de/policies/privacy/.
2.7 Google Maps
We use Google Maps to display maps and create route plans. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using this website, you consent to the collection, processing, and use of automatically collected data and data entered by you by Google, one of its representatives, or third-party providers.
The terms of use for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html.
For detailed information, please visit the Google Privacy Center: Transparency and choice, as well as privacy policy at https://policies.google.com/privacy?hl=de&gl=de.
2.8 Google Tag Manager
This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tool Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags, provided they are implemented with Google Tag Manager.
Detailed information can be found in the Google Privacy Center: Transparency and choice, as well as privacy policy at https://policies.google.com/privacy?hl=de&gl=de.
2.9 Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called “cookies.” These are text files that are stored on your computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookie about your use of this website is stored on our server. The IP address is anonymized before storage.
The information generated by the cookie about your use of this website will not be disclosed to third parties. You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
If you do not agree to the storage and use of your data, you must deactivate the storage and use. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will also delete the Matomo opt-out cookie. The opt-out must be reactivated when you visit our site again. For more information, please refer to Matomo’s privacy policy at https://matomo.org/docs/privacy/.
2.10 Bing Ads
We use Universal Event Tracking (UET) from Microsoft Bing Ads. This service is provided by Microsoft Corporation (“Microsoft”), One Microsoft Way, Redmond, WA 98052-6399, USA. This enables us to track the activities of our users when they access our website via a Microsoft Bing ad. When users access our website via such an ad, a cookie is placed on their computer. A Bing UET tag is integrated into our website. This is a code that, in conjunction with the cookie, stores some non-personal data about the use of the website. This includes, among other things, the length of time spent on the website, which areas of the website were accessed, and which ad brought users to the website. Information about your identity is not collected. The information collected is transferred to Microsoft servers in the US and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data, by deactivating the setting of cookies. This may limit the functionality of the website. Further information about Bing’s analytics services can be found on the Bing Ads website at: https://help.bingads.microsoft.com/#apex/3/de/53056/2.
Further information about data protection at Microsoft and Bing can be found in Microsoft’s privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
2.11 Social media
Social media features can be used on our website. When you access one of these pages, a connection to the respective social media servers may be established. This informs them that you have visited our website with your IP address. If you comment, like, share, or tweet, etc., and you are logged into your respective account, the social media platform may be able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use.
These services are provided by the following companies:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Google+ Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Linkedin Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA
Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Vimeo LCC, White Plains, New York, USA
WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
For information on the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights in this regard and settings options for protecting your personal data, please refer to the privacy policies of the respective providers:
Facebook https://de-de.facebook.com/privacy/explanation
Google https://www.google.de/intl/de/policies/privacy/
LinkedIn https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Twitter https://twitter.com/privacy?lang=de
Xing https://www.xing.com/privacy
YouTube https://www.google.de/intl/de/policies/privacy/
Vimeo https://vimeo.com/privacy
WhatsApp https://www.whatsapp.com/legal/#privacy-policy
If you do not want the respective social media platform to be able to assign your visit to our site to your respective account, you must log out of the respective service before visiting our website.
2.12 Use of Shariff
We have integrated the Shariff component into our website. The component was developed by GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA. The Shariff component provides social media buttons that comply with data protection regulations. Shariff was developed for the German computer magazine c’t and is published by GitHub, Inc.
Usually, the button solutions provided by social networks already transfer personal data to the respective social network when a user visits a website in which a social media button has been integrated. By using the Shariff component, personal data is only transferred to social networks when the visitor to a website actively clicks on one of the social media buttons. Further information on the Shariff component is provided by the computer magazine c’t at http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.htmlbereitgehalten. The purpose of using the Shariff component is to protect the personal data of visitors to our website and at the same time enable us to integrate a button solution for social networks on this website.
Further information and the applicable data protection regulations of GitHub can be found athttps://help.github.com/articles/github-privacy-policy/abgerufen.
2.13 Contact form/inquiries
If you send us inquiries via the contact form, your details from the contact form (content of your inquiry, subject of your inquiry, and date), including the contact details you provided there (first name, last name, and email address), will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent. The legal basis for the collection and processing of data is Art. 6 (1) GDPR.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies. Mandatory legal provisions—in particular retention periods—remain unaffected.
Email contact
If you send us inquiries or information by email, your details (email address, content of your email, subject of your email, and date) including the contact details you provide there (first name, last name, telephone number, address, if applicable) will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent. The legal basis for the collection and processing of data is Art. 6 (1) GDPR.
Users are advised that emails may be read or altered without authorization and without notice during transmission. Riverbird uses software to filter unwanted emails (spam filter). The spam filter can reject emails if they are identified as spam based on certain characteristics.
The data you enter will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.
Competitions/special promotions
You have the opportunity to participate in competitions and/or special promotions on our website. You participate voluntarily and independently of the other offers on our website. When registering for the competition, you provide us with your email address (and, if applicable, company name, first and last name, telephone number, date of birth, address). The purpose of the collection is to conduct the competition, determine the winner, and send the prize. The legal basis is Art. 6 (1) GDPR. Further data is not collected or is only collected on a voluntary basis.
However, participants agree to provide their first names (last names only with initial letters) and photos for editorial texts in the event of a win.
We only store the data you provide until the competition has been completed. Mandatory legal provisions – in particular retention periods – remain unaffected.
Newsletter
If you would like to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected or is collected only on a voluntary basis. For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. We use this data exclusively for sending the newsletter and do not pass it on to third parties. The legal basis for the collection and processing of the data is Art. 6 para. 1 GDPR.
You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in each newsletter. Alternatively, you can also send your unsubscribe request to vertrieb@riverbird.deper at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe.
Unless there are business relationships that require continued storage.
Career section/online application
On our website, you have the option of using the career section and submitting applications online. Applicants’ personal data (master data, contact details, attachments such as cover letters, resumes, references, etc.) is collected and processed for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case when an applicant submits the relevant application documents, e.g. by email using a web form on the website, to the controller. If the controller concludes an employment contract with an applicant, the data submitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests in this sense include, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). The legal basis for the collection and processing of data is Art. 6 (1) GDPR.
3 Transfer of data
3.1 Internal transfer within Riverbird
We transfer your data internally to the human resources, support, development, organization, marketing, and sales departments in order to fulfill our contractual or legal obligations. Your data will only be transferred or disclosed to the extent necessary for this purpose, in compliance with the relevant data protection regulations.
3.2 Transfer within the group
Riverbird is a company based in Germany and operating in Europe. The data you provide to us is stored in our centralized customer database in Germany and shared within the group for administrative purposes. If data is exchanged within the group, this is done to fulfill a contract or as a condition of use for the websites. In addition, there may be an interest in passing on this data for internal administrative purposes. If your data is processed outside Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore, or the USA, this transfer will take place in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR.
3.3 Transfer to third parties
We transfer your data to certain third parties in order to provide appropriate applications and services (so-called “processors”) who provide external services for us. For example, newsletter services, IT providers, manufacturers, distributors, and tax offices, etc., as well as to Riverbird GmbH. Transfers to other third parties may take place in order to fulfill our obligations (authorities, banks, social security institutions, etc.). Third parties only process the data in accordance with our instructions and are prohibited from using this data for their own commercial purposes that do not correspond to the agreed purposes.
We must disclose personal data if we are obliged to do so in the context of ongoing legal proceedings, due to an order, by law, or due to applicable law (Art. 6 (1) (f) GDPR).
We only pass on your personal data to third parties if:
you have given your express consent to this in accordance with Art. 6 (1) (a) GDPR,
the disclosure is necessary in accordance with Art. 6 (1) (f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation to disclose the data in accordance with Art. 6 (1) (c) GDPR, and
this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR.
If your data is processed outside Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore, or the USA, this transfer will take place in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR.
3.4 Transfer to a third country or international organization
We transfer your data to countries outside the EU or the EEA (so-called third countries) for the purposes mentioned above (transfer within the group (No. 3.2) and transfer to third parties (No. 3.3)). The transfer only takes place for the purpose of fulfilling our contractual and legal obligations or on the basis of your consent. This transfer takes place in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR. In particular, either on the basis of adequacy decisions issued by the European Commission or on the basis of certain guarantees (e.g. standard data protection clauses, etc.).
4 Further disclosure obligations
4.1 Existence of automated decision-making, including profiling
We process your data in a partially automated manner with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases, for example:
We are obliged to combat money laundering and fraud due to legal requirements. This also involves data analysis (including in payment transactions). These measures also serve to protect you.
We use analysis tools to provide you with targeted information and advice on products. These enable needs-based communication and advertising, including market and opinion research.
We use scoring to assess your creditworthiness. This calculates the probability that a customer will meet their payment obligations in accordance with the contract. The calculation may include, for example, income, expenses, existing liabilities, occupation, length of employment, experience from previous business relationships, contractual repayment of previous loans, and information from credit agencies. The scoring is based on a mathematically and statistically recognized and proven method. The calculated scores support us in our decision-making and are incorporated into our ongoing risk management.
4.2 Duty to notify if processing is based on a “legitimate interest” pursuant to Art. 6 (1) (f) GDPR, e.g. in the case of anonymous data collection:
Data processing of this kind is carried out either to fulfill the contract for the use of the Riverbird websites or because we have a legitimate interest in ensuring the functionality and error-free operation of the Riverbird websites and in adapting these websites to the requirements of users.
4.3 Duration of storage
We store your data for as long as is necessary to provide our online offering and the associated services. In all other cases, we delete your personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to comply with legal obligations (e.g., we are obliged to retain documents such as contracts and invoices for a certain period of time due to tax and commercial law retention periods).
4.4 Technical security
Riverbird uses technical and organizational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
For security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator, this site uses SSL (Secure Socket Layer) encryption in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. It is not possible to completely protect data from access by third parties.
4.5 Legal basis
We use your personal data either on the basis of your express consent or to fulfill a contract or to carry out pre-contractual measures (in accordance with Art. 6 (1) GDPR). It may be necessary to process your data in order to fulfill legal obligations. The legal basis for processing your data is Art. 6 (1) of the General Data Protection Regulation and national legal provisions.
4.6 Notice regarding minors
This online offering is not intended for children under the age of 16. Persons who have not yet reached the age of 16 may not transmit any personal data to Riverbird without the consent of their legal guardians.
4.7 Rights of data subjects
You have the right:
pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details;
to request the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR;
to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims;
to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, unless the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller (data portability);
if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation;
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace for this purpose.
4.8 Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. You have the option of revoking your consent at any time. To do so, simply send an informal message to vertrieb@riverbird.deper. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
4.9 The company’s data protection officer
Responsible body: Riverbird GmbH
Liststraße 1
89079 Ulm
Tel.: 0731 140399444
Email: datenschutz@riverbird.de
