Privacy policy

5.3 Use of cookies

‍

Cookie banner 

When you visit our website or a sub-website for the first time and it contains cookies, you will be shown a “cookie banner”. There you will be informed about the individual cookies that we use. You can find out about each individual cookie with regard to the name, the provider, the purpose of the processing and the storage period.

With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of cookies that are not necessary. Processed are:

Usage data (e.g., web pages visited, time of access)

Meta and communication data (e.g., IP address)

The legal basis for the use of the cookie banner is Art. 6(1) f GDPR. We have an overriding legitimate interest in using the cookie banner, which allows us to obtain the legally required consent for the use of cookies that are not necessary and to comply with our duty to provide information regarding cookies.

The cookie banner stores the preferences until you reset or customize them.

The cookie banner is provided via the provider Cookiebot by Usercentrics (hereinafter: Usercentrics). Provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 München. Further information on data processing by Usercentrics can be found here: https://usercentrics.com/de/datenschutzerklaerung/

‍

‍

Use of cookies

We use cookies on our website. These are text files that are automatically created by your browser and stored on your IT system when you visit our site. Through cookies, certain information flows to the location setting the cookie. Through the use of cookies, it is not possible to execute programs or transfer viruses to your terminal device.

If you do not wish to use cookies, you can disable them under the settings.

In legal terms, a distinction must be made between necessary and non-necessary cookies.

‍

• Necessary cookies

We use necessary cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is our legitimate interest within the meaning of Art. 6(1) f GDPR. We have an overriding legitimate interest in being able to offer our service in a technically flawless manner.

• Non-essential cookies

We also use non-essential cookies (e.g., analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behavior on our website and to improve our offer. The legal basis for the data processing is your consent according to Art. 6(1) a GDPR. The cookies are only set after you have given your consent via our “cookie banner”.

Storage period

With regard to the storage period, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g., browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

For more information, please refer to the information we provide in the Cookie Banner.

5.4 Contact options

Through our website you have the possibility to contact us via email or by submitting a contact form. In the course of contacting, you and responding to your inquiry, we process the following personal data from you:

• First and last name
• E-mail address
• Company name
• Your consent for receiving marketing newsletter
• Date and time of the request
• IP address
• Communication content

If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed based on our legitimate interest to respond to customer/contact inquiries pursuant to Art. 6(1) f GDPR.

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.

Your data will be forwarded to regional partners of ours who will contact you directly as part of the quotation preparation and installation process. In addition, your data will be passed on to a service provider for customer contact management as part of order processing to the extent necessary.

The contact form is connected to Pipedrive. Pipedrive OÜ may transfer personal data to the US based on an adequacy decision adopted by the European Commission pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Pipedrive certified under the EU-U.S. Data Privacy Framework. For more information please see their Privacy Notice https://www.pipedrive.com/en/privacy.

5.5 Marketing newsletter

When contacting us, you may consent to receiving our marketing newsletter. If you consent to receiving marketing newsletter, the personal data you provide will be processed for the purpose of sending you our marketing newsletter based on your consent in accordance with Art. 6(1) a GDPR. You may revoke your consent by contacting us or by using the unsubscribe button in the newsletter.

For provision of the marketing newsletter, we use services of The Rocket Science Group LLC d/b/a Mailchimp (“Mailchimp”). Mailchimp and its sub-processors transfer personal data outside EEA the EU-U.S. Data Privacy Framework and European Commission’s Standard Contractual Clauses. For more information, please see their Data Processing Addendum: https://mailchimp.com/legal/data-processing-addendum/.

5.6 Resonance

To get further information about our cloud service IQM Resonance you have the possibility to book a demo via our website.

When booking a demo, the following data is being processed (mandatory)

• Name
• Email address and phone number
• Company name
• Area of conversation

After having booked a demo, the onboarding process will start. We therefore process the above-mentioned data and ask for further data (mandatory):

• Preference for device

And optional information and questions:

• Position of the interested party
• Level of expertise
• How many users does your organization have?
• What project are you working on?

We process your personal data for the following purposes:

• Your contact information to be able to contact you.
• Information on the preferred device in order to book a trial slot.
• Login Data to provide access to the Resonance environment.
• Further questions to get to know our customers.

If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of our legitimate interests pursuant to Art. 6(1) f GDPR to respond to customer/contact inquiries. If you provide us with further information by answering optional questions, the legal basis is Art. 6 (1) a GDPR your given consent. You can revoke your consent at any time with effect for the future.

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected.

In the context of contact inquiries, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.

The provision of our contact form is connected to Pipedrive. Pipedrive OÜ may transfer personal data to the US based on an adequacy decision adopted by the European Commission pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Pipedrive certified under the EU-U.S. Data Privacy Framework.

5.7 Customer

We process information of our customer organization’s representatives and potential customer organization’s representatives, when your organization purchases or is interested in purchasing products and/or services from us. In particularly the following data will be collected:

• Name (first as well as last name)
• Organization and title
• Contact information such as email address and phone number
• Information relating to the contract such as invoicing details
• Other information provided by you such as relating to your interest in our products

We process this information based on IQM’s legitimate interest Art. 6(1) f for the purpose of entering into agreement with customer organization and managing customer relationship and ensuring IQM’s contractual rights and obligations such as for invoicing. Where you have entered into agreement with IQM directly relating to the services offered by IQM, the processing of information processed based on Art 6(1) d when necessary for the performance of a contract to which the data subject is party.

Customer information is processed in Pipedrive. Pipedrive OÜ may transfer personal data to the US based on an adequacy decision adopted by the European Commission pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Pipedrive certified under the EU-U.S. Data Privacy Framework. More information can be found here: https://www.pipedrive.com/en/privacy/dpa

5.8 Application

On the website

If you apply to our company via our website, we process your application data exclusively for purposes related to the processing of your application. By submitting an application, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data will be collected:

• Name (first as well as last name)
• Email address
• Location
• Phone number
• CV

You also have the option of uploading documents such as a cover letter, your resume and references. These may contain further personal data such as date of birth, address, etc.

In addition, we offer you the opportunity to be included in our “applicant pool”. You must give your prior consent to this inclusion. With your consent, we will store your data in our applicant pool for [six months] after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for an apprenticeship or internship.

Your application will only be processed and noted by the relevant contacts at our company. The legal basis for processing of your data is the initiation of a contract pursuant to Art. 6(1) b GDPR, which is based on your request. If we obtain your consent (e.g., for inclusion in our applicant pool), this constitutes the legal basis for this storage pursuant to Art. 6(1) a GDPR.

If you receive an offer of employment with us as part of the application process and accept it, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.

If we are unable to offer you employment, we will retain the data you have provided for up to six months after any rejection for the purpose of answering any questions you may have in connection with your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.

Your data will be passed on to the service provider Teamtailor AB for the provision of our application page. Provider is Teamtailor AB, Östgötagatan 16, 116 21 Stockholm, Sweden. Further information on data processing by Teanmtailor can be found here: https://www.teamtailor.com/en/security/

‍

5.9 Events

On our website, we provide further information on our events and registration forms, which can be used for registration for one of our events. The data entered by the user in the event form will be transmitted to us and saved and the user will receive an email from us.

When the message is sent, the following data is saved:

• First and Last Name
• E-mail address
• Other personal data that are voluntarily provided in the comment field.
• IP address of the calling computer

We process your personal data for the following purposes to enable the registration and provide information to the respective events and to invite prospects and subscribers to relevant events and webinars.

The legal basis for processing your data to inform you about our events is according to Art. 6 (1) (a) GDPR your given consent. You can revoke your consent at any time with effect for the future.

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of the registration to events, this is generally the case if you object to the processing.

For further information, please refer to the privacy policy dedicated to the relevant event.

‍

5.10 Academy

On our website, we offer the possibility to learn about quantum computing and how to work with a quantum computer via our IQM academy (https://academy.meetiqm.com/)

When clicking through the academy, following data is being processed:

• IP Address (technical reasons)
• Name and email address if the participant decides to log in (voluntarily)
• Metadata (Time you spend on the website, Information about which IQM Academy pages you open

If you are logged in, we also process:

• Code and results that you run on IQM Academy
• Information about questions you answered, and modules you completed, and certificates you achieved

We process your personal data for the following purposes:

• IP address is solely processed for technical reasons to provide you with access to the academy.
• Login Data to provide the participant with a certificate after completing a course. Login is not mandatory to complete a course.
• Data on completed modules, answered question, code, etc. is used to improve the experience of the learning platform and certify learning progress; this data is only being processed if you are being logged in.

If your employer/university encourages you to participate in the academy and you log in with your company email address, IQM can organise your account under group management based on the e-mail domain. Your employer/university however only receives aggregated data from us (total number of participants).

The legal basis for the log in is according to Art. 6 (1) a GDPR your given consent. You can revoke your consent at any time with effect for the future.

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected or as soon as you revoke your consent.

‍

5.11 Video conferencing, online meetings, webinars and screen sharing

We organize online webinars for our customers and interested parties. For registration, the processing of personal data name, email address as well as employer, if applicable, is required. When conducting the webinar, your image, video, sound, input in chat or whiteboard, metadata (IP address, end device type, time, device and location data, connection data), as well as recordings of metadata in the form of logged communication data or entire conferences in video, audio or transcription form, i.e., the record of who participated in the webinar, when and how are processed.

The processing of the data provided is for the purpose of providing the service and is based on the legal basis of Art. 6(1) f GDPR. Before recording the webinar, we obtain your consent, which forms the legal basis for this in accordance with Art. 6(1) a GDPR.

For the broadcast of our online webinars, we use the provider Zoom Video Communications, Inc. The personal data is thereby transferred to the US. There is no adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for [the EU-U.S. Data Privacy Framework]. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Zoom Video Communications Inc is not certified under the EU-U.S. Data Privacy Framework. To ensure an adequate level of data protection at the recipient of your personal data, we have entered into standard contractual clauses (SCCs) by the European Commission for the protection of personal data pursuant to Art. 46(1), (2) c GDPR. For more information and a copy of the SCCs please the contact address provided.

‍

5.12 Social media presences

We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing activities. In the following, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles.

When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data and about the type, scope and purpose of their use by the operator of the respective social network, please refer to the following statements.

‍

Instagram

When you visit our Instagram profile, certain information about you is processed. We can only view the information stored in your public Instagram profile (such as your profile picture or information you share on a Facebook profile or on a public Instagram profile), and only if you have such a profile and are logged into it while visiting our Instagram page.

In addition, the operator of the platform, Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland (Meta), provides us with anonymized statistics and insights for our Facebook/Instagram page, which help us gain insights into the types of actions people take on our page (Page Insights). These Page Insights are created based on certain information about people who have visited our page.

The processing of your personal data in connection with the operation of our Instagram profile is carried out on the basis of a balance of interests pursuant to Art. 6(1) f GDPR in order to offer you a timely and supportive information and interaction option with and about us. Furthermore, the processing serves our legitimate interest to evaluate the types of actions taken on our Instagram profile and to improve our profile based on these findings. The legal basis for this processing is therefore Art. 6(1) f GDPR.

Processing of Page Insights is carried out by Meta and us as joint controllers. We cannot attribute the information obtained via Page Insights to individual Instagram profiles that interact with our Instagram profile. We have entered into a joint controller agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details about the processing of personal data to create Page Insights and the agreement entered into between us and Meta are available here. In relation to this data processing, you have the option of asserting your data subject rights (see “Your rights as a data subject”) against Meta as well. Further information on this can be found in Meta’s Privacy Policy. Meta offers the possibility to object to data processing; you can find information on this and opt-out options here in your account.

Please note that according to the meta data protection regulations, user data is also processed in the U.S. or other third countries. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework.

‍

LinkedIn

When you visit our LinkedIn company profile, certain information about you is processed. In the case of direct messages to us or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your username.

In addition, the operator of the platform, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn), processes personal data when you visit our LinkedIn company profile, follow this page or engage with the page, to provide us with statistics and insights in anonymized form. This provides us with insights into the types of actions that people take on our site (Page Insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, such as whether you are a follower of our LinkedIn company profile. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights.

The processing of your personal data in connection with the operation of our LinkedIn company profile is carried out on the basis of a balancing of interests pursuant to Art. 6(1) f GDPR in order to offer you an up-to-date and supportive information and interaction option with and about us. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company profile and to improve our company profile based on these findings.

This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have reached an agreement with LinkedIn on processing as joint controllers, which specifies the distribution of data protection obligations between us and LinkedIn. The agreement is available here. Accordingly, the following applies:

• LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/…) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn via the following link: https://www.linkedin.com/help/…. You may also contact us at our provided contact details to exercise your rights in connection with the processing of personal data in the context of the Page Insights. In such a case, we will forward your request to LinkedIn.
• LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.

In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research as well as for purposes of advertising, customer support, analysis and security. LinkedIn is the sole controller for the processing of personal data when visiting our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are described in LinkedIn’s data policy. Further information about the processing of personal data by LinkedIn can be found here .

Please note that in accordance with the LinkedIn Privacy Policy, personal data may also be processed by LinkedIn in the U.S. or other third countries.

‍

X

When you visit our X profile or profiles on the X platform of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX 07 Ireland (X), personal data from your X profile is processed. If you contact us via the X profile, for example by commenting on a tweet or writing us a message via X direct messages, we will process your data (e.g., your name and the communication content) to address your request. To the extent necessary, we also process your data to assert legal claims and defend ourselves in legal disputes and to prevent and investigate criminal offences. The processing is carried out on the basis of a balancing of interests in accordance with Art. 6(1). f GDPR in order to offer you a timely and supportive information and interaction option with and about us. If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6(1) b GDPR.

In addition, X collects so-called usage data when you visit our X profile. This is, among other things, your IP address, the application used, information about your end device (including device ID and application ID), information of accessed websites, your location and your mobile provider. This data is assigned to your X profile.

X also uses certain data that they have collected from users of the X-Platform (e.g., “re-tweets”) to create aggregated usage statistics and make them available to the respective operators of the X-Profile (X-Analytics). We also receive aggregated usage statistics. The information we receive through X-Analytics does not allow any conclusions to be drawn about individual users. We ourselves do not have access to personal data that X processes for X-Analytics. X determines which data is processed for X-Analytics and how. We can neither legally nor actually influence the processing by X. X provides information on this in its privacy policy (X Privacy Policy) and on the possibility of viewing one’s own data at X (X Help Center).

This processing serves our legitimate interest to evaluate the types of actions taken on our X company profile and to improve our company profile based on these findings. The legal basis for this processing is therefore Art. 6(1) f GDPR.

Please note that under the X Privacy Policy, personal data may also be processed by X in the U.S. or other third countries.

5.13 Plugins and embedded functions and content

We use social plugins from various social media platform providers (providers) on our website. When you call up one of our websites that contains such a plugin, your browser establishes a direct connection with the servers of the provider in question. The content of the plugin is transmitted by the provider directly to your browser and integrated by it into the website.

By integrating the plugins, the provider receives the information that you have accessed the corresponding page of our website. In the process, various usage data (such as the URL called up and the IP number of the user) are forwarded to the third-party provider and the latter may set cookies that identify the user. If you are logged in to the respective provider, the provider has the possibility to assign this information to your account. Based on this data, content or advertising can be offered tailored to you. Information on this and on the available setting options can be found on the following websites:

• Facebook privacy policy
• Twitter Privacy Policy
• Youtube/Google Privacy Policy

The legal basis for the processing of the data is your consent pursuant to Art. 6(1) a. a GDPR . We integrate the plugin in each case via the so-called “two-click solution”. When you visit our website, no personal data is transferred to the plugin owner. Only when you give your consent via the integrated pre-switch button, a data flow from our website to the respective provider starts.

5.14 Video platforms

YouTube channel

We operate a “YouTube channel” to draw attention to our services and service offerings and to interact with our customers and visitors to the YouTube channel (users) . The operator of the video platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (Google Ireland). Google Ireland is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)).

If you contact us via our YouTube channel, e.g., by commenting on one of our videos, we process your data (e.g., your name and the communication content) in order to handle your request. To the extent necessary, we process your data in addition to assert legal claims and defense in the event of legal disputes in connection with your contributions. The legal basis for the processing of the data we collect in connection with the use of our corporate presence is our legitimate interests pursuant to Art. 6(1) f GDPR, in order to offer you a timely and supportive information and interaction opportunity with and about us, as well as to better present our services and service offerings. If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6(1) b GDPR.

When visiting our YouTube channel or other pages of the YouTube platform, Google Ireland collects so-called usage data. In doing so, Google Ireland also uses certain data that they have collected from users of the YouTube platform (e.g., which videos users watch) to create aggregated usage statistics and to make them available to the respective operators of the YouTube channel (YouTube Analytics). We also receive such aggregated usage statistics. The information we receive through YouTube Analytics does not allow any conclusions to be drawn about individual users. We ourselves do not have access to personal data that Google Ireland processes for YouTube Analytics. Google Ireland determines which data is processed for YouTube Analytics and how. Google Ireland provides information on this in its privacy policy.

The personal data will also be transferred to the U.S.. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

YouTube integration website

Our website uses plugins of the video platform YouTube to embed videos and play them directly on our website. The operator of the video platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (Google Ireland). Google Ireland is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)).

When you activate embedded videos on our website, a connection to YouTube’s servers is established and a data transmission starts. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube uses cookies to collect information about user behavior. The cookies remain on your terminal device until you delete them. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button. For more information on the handling of user data, please refer to YouTube’s privacy policy.

The legal basis for this use is, according to Art. 6(1) a GDPR, the voluntary and revocable consent given by you. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings.

The integration of YouTube videos takes place in the so-called “extended data protection mode”, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube establishes – regardless of whether you watch a video – a connection to the Google DoubleClick network.

The personal data is also transferred to the U.S. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

Google Analytics

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offering, sub-pages visited and the length of stay of visitors. Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.This information is used, among other things, to compile reports on website activity.

We process data with the help of Google Analytics for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6(1) a GDPR.

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics Google | Privacy Policy

5.15 Integration of map services

Google Maps

On our website, we use the map service Google Maps from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)). This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, is collected. When you call up a web page of our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. We have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:

• Date and time of the visit to the website in question
• Internet address or URL of the accessed web page
• IP address, (start) address entered during route planning

The data transfer takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your user account at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The legal basis for the use of the maps is Art. 6(1) a GDPR, i.e., the integration only takes place after your consent.

The personal data is also transferred to the U.S. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

5.16 Software Contributors

If you wish to submit contributions to our open-source software under Contributor License Agreement, you are asked to submit a contributor form. The personal data you provide will be processed for the purpose of performance of the Contributor License Agreement in accordance with Art. 6(1) b GDPR.

When you submit the contributor form, we process the following personal data from you:

• First and last name
• E-mail address
• Github username
• Company name (optional)
• Date and time of the form
• IP address

The contributor form is connected to Pipedrive. Pipedrive OÜ may transfer personal data to the US based on an adequacy decision adopted by the European Commission pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Pipedrive certified under the EU-U.S. Data Privacy Framework.