The controller is TypeFox GmbH, Am Germaniahafen 1, 24143 Kiel/Germany, registered with the commercial register of the local court (Amtsgericht) Kiel under HRB 17385, represented by the managing directors Sven Efftinge, Moritz Eysholdt, Dr. Jan Köhnlein ("we/us/our" or "Gitpod"). We offer services to our users and visitors (the "User/you/your") on our website https://www.gitpod.io ("Website") as well as related services including the use of our service according to our terms of service (jointly the "Service").
For any questions about data protection you may contact us via email@example.com.
|Purpose and Legal Basis of Processing Data; Provision and Recipients of Data||
Your data will be used for the following purposes:
Furthermore, your data will be processed by us with your explicit consent.
Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG) .
We as well as our external service partners receive your data for processing those for the purpose of providing our Service. You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Service.
|Transfer of Data outside of the EU||
In course of data processing by us data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data on our behalf.
You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based in your consent.
You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.
You have the right to object to the processing of your personal data, for example if your personal data are processed for direct marketing purposes.
You are entitled to request the erasure of your data.
You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.
You have also the right to lodge a complaint with a supervisory authority at your choice. An overview of the European
National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
|Period for Storing Data; Deletion||
The data are deleted if such data are no longer necessary for the purpose of processing.
We have implemented measures to ensure data and IT security. The Website is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.
More Detailed Information
- I. What are Personal Data?
- II. How are my Data processed when visiting the Website and contacting us?
- III. What Third Party Services, Cookies, Analytics and Social Plugins does the Website use?
- IV: How are my data processed when using the Gitpod Service (with User Account)?
- V. Are my Data transferred to Third Parties? Does automated decision making including profiling take place?
- VI. Are my Data transferred outside the EU?
- VII. Your Rights
I. What are Personal Data?
Personal data are any information relating to an identified or identifiable natural person. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed. We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.
II. How are my Data processed when visiting the Website and contacting us?
Visiting the Website
If you browse our Website the provider of the website collects and stores information automatically in so-called "server-log-files" that your browser transfers to us. These are: type/version of the browser, system software used, referrer URL, hostname of the device, time of the server request, IP-address or other unique device identifier.
If you are using a mobile device the following data may also be processed additionally through the Website: country code, language, hostname of the device, name and version of the operational system.
We use these data only for statistical analysis for the purpose of operation, security and optimization of our Website. This data processing is based on Art. 6 (1) c. for providing a secure and stable Website and Service. The data processing may also be based on Art. 6 (1) f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.
When contacting us via email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.
Emails and Newsletters
With the newsletter we inform the user about the Website, our Service and us.
When registering for the newsletter via the Website, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below). After registration, you will receive an email to confirm the registration ("double opt-in"). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter and analyzing such newsletters according to Art. 6 (1) a. GDPR and we may process such data accordingly. In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration.
We may also send you newsletters referring to similar services and products if you have an existing contractual relationship with us and you did not object receiving such emails. The legal basis for such processing of data for sending and analyzing such newsletters is your consent (Art. 6 (1) a. GDPR) or an existing contractual relationship (Art. 6 (1) b. GDPR).
The data are stored for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Mailchimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email address for the use of our Service) remain unaffected.
You can withdraw your consent or object to the processing of data (email address) and their respective use for sending the newsletter and analyzing your data at any time. This can be done free of charge (except for the transmission costs) and via a link in the newsletter itself or notification to us or, if applicable, to Mailchimp.
III. What Third Party Services, Cookies, Analytics and Social Plugins does the Website use?
In order to offer you a convenient online service featuring numerous functions, our Website uses text files ("Cookies") containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.
The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
We use Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA ("Google"). This analysis service uses so-called "cookies". For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.
When the IP address is processed this is based on our legitimate interests of a statistical analysis of the relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
We point out that an automated decision making or profiling can take place when integrating Google or an existing Google account.
Our Website uses the "Google Fonts" service of Google LLC, Mountain View, CA, USA to integrate and display text on the website. For this purpose Google may process your data (including the IP address) on servers in the USA.
When the IP address is processed this is based on our legitimate interests of technical functionality of the Website based on Art. 6 (1) f. GDPR or TMG.
We use the services by Mailchimp for sending newsletters and emails. For details on Mailchimp please refer to the respective section above.
We use FreshChat by Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA ("Freshworks"), to enable interaction with you on our Website and/or our Service. As a data processor acting on our behalf, Freshworks used and usage pattern through cookies and browser settings. Freshworks performs analytics on such data on our behalf which helps us improve our service.
The legal basis for such data processing is your explicit consent (Art. 6 (1) a. GDPR) and carrying out your request (Art. 6 (1) b. GDPR). When such data are analyzed as described above this processing is based on our legitimate interests of a statistical analysis of the relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
More information on FreshChat and Freshworks and their Cookies used may be found here: https://www.freshworks.com/privacy/ and https://www.freshworks.com/list-of-cookies/
IV. How are my Data processed when using the Gitpod Service (with User Account)?
Registration and Access to Existing Account
In order to fully use our full online Service, you will need to register. You may only register if you have an existing user account at the third party services set forth on the Website, for example the service offered on the website https://github.com operated by GitHub Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA, ("Existing Account").
When you sign up for using the Gitpod Service via your Existing Account, data at such Existing Account with be accessible by us with your explicit consent only. Such data include: user profile data (name, username and email address), list of repositories you have access to.
You can manage these data at any time via using your Existing Account linked to the Gitpod Service.
The data entered or transferred via the Existing Account as part of the registration process and any further data entered, will only be used via the Website and with our support to the extent that this processing is necessary for the fulfillment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Gitpod Service, as well as for the execution and processing of inquiries by you.
The processing of data when using our Service is generally based on your explicit consent when signing up (based on Art. 6 (1) a. GDPR) as well as the legal basis of Art. 6 (1) b. GDPR or TMG, i.e. the data will be processed, when this is necessary for the fulfillment of the contract between you and us or for executing any measures that take place on your request prior to the contract.
Use of the Gitpod Service
For the further use of the Gitpod Service on the Website you submit more data depending on the way of use of our services according to our terms of service.
In the event we process personal data controlled by the customer as data processor we will offer and enter into a respective separate data processing agreement with such customer whereas such data processing agreement may be requested via email to firstname.lastname@example.org.
We do not store or receive any kind of payment or credit card data but use an external payment provider as set forth on the Website.
We may also analyze your personal data when using the Gitpod Service for the purpose of improving our Service. The legal basis for analyzing such data is Art. 6 (1) f. GDPR with our legitimate interest of marketing and quality assurance.
Integration of Third Party Services
V. Are my Data transferred to Third Parties? Does Profiling or automated decision making take place?
Transfer of Data to Third Parties
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.
For more information please refer to email@example.com.
Automated Decision Making including Profiling
In general we do not process any personal data via automated decision making including profiling via the Website or Service. However, such profiling or automated decision making may happen by third party providers through the Website or Service. We will inform you about such fact if possible.
Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner.
VI. Are my Data transferred outside the EU?
When using our Service your data may also be processed by our cloud service provider (namely: Google Cloud) on servers outside the EU.
The US companies providing the services of Google, Mailchimp and Freshworks are each certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. For more information on EU-US-Privacy-Shield and details about the certificates for Google, Mailchimp and Freshworks please refer to: https://www.privacyshield.gov
VII. Your Rights
As a data subject you have the right:
- to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future;
- to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation;
- to obtain from us access to your personal data;
- to obtain from us without undue delay the rectification of inaccurate personal data concerning you;
- to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and
- to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.
If you wish to make use of your rights mentioned above please send an email to firstname.lastname@example.org.
If you obtain access to your personal data you may, in particular, request access to the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed. We also will, if possible, give information about the envisaged period of time for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority and where the personal data are not collected from the data subject, any available information as to their source and the existence of automated decision-making, including profiling and meaningful information about this event.
You have the right to lodge a complaint vis-à-vis a supervisory authority of your choice. For example for Berlin/Germany: https://www.datenschutz-berlin.de/kontakt.html. An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Duration of Storing your Data
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. Your IP-address and server-log-files (as set forth above) are stored for seven (7) days for security and technical reasons.
In the case of long-term contractual relationships, such as the use of our Service, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods, e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO).
Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.
We have installed technical and organizational measures in order to safeguard our Website and/or Service against loss, destruction, access, changes or the distribution of your data by unauthorized persons.
The Website and Service is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.