This page was translated from German. Only the German version is legally binding.
Company: Userlutions GmbH
Street number: Boxhagener Str. 71 E
Postcode, City: 10245 Berlin
Reg. No.: HRB 137205 B, Amtsgericht Berlin-Charlottenburg
Managing Director: Benjamin Uebel
Telephone: +49 30 544 870 24
1. General information on data processing and legal principles
1.2. For the terms used, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the Datenschutzgrundverordnung (DSGVO).
1.3. The personal data of users processed within the scope of this online service includes inventory data (e.g., names and addresses of customers and testers), contract data (e.g., services used, payment information), usage data (e.g., the web pages of our online service visited, interest in our products) and content data (e.g., entries in forms).
1.4. The term ‘users’ covers all categories of persons affected by data processing. They include our business partners, customers, interested parties, testers, applicants, and other visitors to our website. The terms used, e.g. “user”, should be understood to be gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if a legal authorization is available. This means, especially if the data processing is necessary for the fulfillment of our contractual services (e.g. processing of orders) as well as online services, or is legally required, the consent of the users is given, and because of our legitimate interests (i.e. interest in the analysis, optimization and economic operation, and security of our online services within the meaning of Art. 6 para. 1 lit. f. DSGVO, in particular in the measurement of reach, the creation of profiles for advertising and marketing purposes, the collection of user access data and the use of third-party services.
1.6. We hereby declare that the legal basis for the agreements is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for processing to fulfill our services and perform contractual measures is Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f. DSGVO.
2. Security Measures
2.1. We take organizational, contractual and technical security measures per the latest technological standards to ensure that the requirements of the data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
2.2. Security measures include the encrypted transfer of data between your browser and our server, regular security backups, encrypted storage of sensitive client and tester data, high-security servers in Germany, firewalls, intrusion detection systems, access control, training and commitment of our employees to data protection & confidentiality, pseudonymization and anonymization of testers, as well as the selection of contractors with due diligence.
3. Transfer of data to third-parties and third-party providers
3.1. Data will only be passed on to third-parties within the framework of the legal requirements. We will only share users’ data with third-parties if this is necessary for contractual purposes, e.g. based on Art. 6 Para. 1 lit. b) DSGVO or based on justified interests per Art. 6 Para. 1 lit. f. DSGVO in the economic and effective operation of our business.
3.2. Should we use third-parties to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data per the relevant legal regulations.
4. Performance of Contractual Services
4.1. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and services per Art. 6 Para. 1 lit b. DSGVO.
4.2. Users can optionally create a user account where they can view their tests. During the registration process, the required mandatory information is provided to the users. The user accounts are not publicly accessible and cannot be indexed by search engines. If users have terminated their user account, their data relating to the user account will be deleted, except where storage is essential for reasons of commercial or tax law per Art. 6 Para. 1 lit. c DSGVO. It is the responsibility of the users to back up their data before the end of the contract if they have terminated it. We are entitled to irretrievably delete all user data stored during the term of the contract.
4.3. In principle, data will not be passed on to third-parties unless it is necessary to pursue our claims or there is a legal obligation to do so per Art. 6 Para. 1 lit. c DSGVO.
4.4. Should the user contact us (via contact form or email), the user’s data will be used to process the contact request and its handling per Art. 6 Para. 1 lit. b) DSGVO.
4.5. User information may be stored in our Customer Relationship Management System (“CRM System”) or a similar inquiry management system.
4.6. We use the CRM system “Pipedrive”, from the provider Pipedrive Inc. based on our legitimate interests (efficient and fast processing of user requests). For this purpose, we have established a contract with Pipedrive with so-called standard contractual clauses, in which Pipedrive commits itself to process the user data only according to our instructions and to comply with the EU data protection standards. All data is stored on servers in Germany.
5. Comments and Articles
5.1. If users submit comments or other contributions on our blog, their IP addresses will be registered according to our legitimate interests as defined in Art. 6 para. 1 lit. 1 lit. f. DSGVO for 7 days.
5.2. This is done for our protection in case someone leaves illicit content in comments and contributions (insults, prohibited political propaganda, etc.). In such cases, we can be prosecuted for the comment or contribution and are thus interested in the identity of the author.
6. Collection of Access Data and Log Files
6.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and the requesting provider.
6.2. 6.2. For security reasons (e.g. for the investigation of abuse or fraud), the log file information is stored for a maximum of seven days and then deleted. Any data requiring further storage for evidential purposes is excluded from deletion until the respective incident has been definitively resolved.
7. Cookies & Audience Measurement
7.1. Cookies are information that is transferred from our web server or web servers of third-parties to the web browsers of the users and stored there for later retrieval. Cookies can be small files or other types of information storage.
7.2. We use “session cookies”, which are only stored for the duration of the user’s active visit to our website (e.g. to save the status of your login or your current test booking and thus enable the use of our online services). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and, for example, log out or close the browser.
7.4. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The deletion of cookies can lead to functional limitations of this online service.
8. Processing of usability test data
8.1. For participation in online usability tests, the testers record test videos using a screen recorder as well as written test data.
8.2. The screen recorder for recording the usability tests, which starts automatically by participating as a tester in a usability test, transmits data in the form of videos to our web server. This data includes mouse movements, screenshots, and microphone input. To ensure the technical stability and performance of the screen recorder on all possible computers of the testers, the operating system, browser version, RAM, CPU, hard disk space, anonymized IP address and the number of monitors are also automatically processed. The finished video is first stored on the tester’s computer. After the test is completed, this file is accessed to upload it to an FTP server.
8.3. Demographic data and personal characteristics of testers are processed to assign them to the most suitable tests demographically.
8.4. The data of the tester will be made available to the client solely in a pseudonymized form. The testers are responsible for not disclosing any personal data within the test videos that could endanger their anonymity towards the client.
9. Google Analytics
9.2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this online service and Internet use. In doing so, pseudonymous user profiles of the users can be created from the processed data.
9.4. 9.4. We use Google Analytics to display advertisements, which are placed within the advertising services of Google and its partners, only to those users who have also shown an interest in our online services or who exhibit certain characteristics (e.g. interests in certain topics or products, based on the websites visited), which we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interest of users and do not cause annoyance.
9.5. We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are members of the European Economic Area Agreement. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
9.6. The IP address transmitted by the user’s browser is not combined with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online service to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.7. Further information on the use of data by Google, as well as options for settings and objections, can be found on the Google websites: https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to serve ads to you”).
10. Google-Re/Marketing Services
10.1. Based on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f. DSGVO) the marketing and remarketing services (in short “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
10.2. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. Google Marketing Services allow us to display ads for and on our website in a more targeted manner to show users only those ads that potentially reflect their interests. For example, if a user is shown ads for products that they have been interested in on other websites, this is called “remarketing”. For these purposes, when you access our website and other websites on which Google Marketing Services are active, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies may also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservice.com. This file records which websites the user has visited, what content the user is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information concerning the use of the online service. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the European Economic Area Agreement and is only in exceptional cases transferred in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google services. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, the ads tailored to his or her interests may be displayed.
10.4. User data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process e.g. the name or email address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
10.5. The Google Marketing Services we use include the online advertising program “Google AdWords.” In the case of Google AdWords, each AdWords customer receives a different “conversion cookie.” Thus, cookies cannot be tracked through the websites of AdWords customers. The information collected through the cookie is used to compile conversion statistics for AdWords customers who chose to opt into conversion tracking. AdWords customers learn the total number of users who clicked on their ads and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
10.6. We may also use the “Google Tag Manager” to integrate and manage Google’s analytics and marketing services on our website.
10.8. If you wish to opt-out of receiving interest-based advertising through Google Marketing Services, you may do so by using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
11.1. For needs-based design and continuous optimization of our websites, we use the analysis service Fullstory based on Art. 6 para. 1 lit. f) DSGVO, a service of Fullstory Inc. (hereinafter referred to as “Fullstory”), 120 Ottley Dr. NE, Atlanta, GA 30324, USA. Fullstory stores and collects data in anonymized form using cookies. The information generated by the cookie about your use of our websites, such as
- your user behavior and input on our websites,
- browser type/version,
- the operating system used,
- referrer URL (the previously visited page),
- the hostname of the accessing computer (IP address) and
- time of the server request
11.2. Fullstory is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNHwAAO&status=Active).
12. Facebook Social Plugins
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) we use Social Plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The Plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on blue tile, the word “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
12.2. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12.3. If a user accesses a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer by it. User profiles can be created from the processed data. Thus, we have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform the users according to our state of knowledge.
12.4. By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to the user’s Facebook account. If users interact with the plugins, for example by pressing the Like button or making a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his or her IP address and store it. In Germany, only an anonymized IP address is stored according to Facebook.
12.6. If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, which means that they are adopted for all devices, such as desktop computers or mobile devices.
13.1. With the following information, we explain the contents of our newsletter as well as the registration, mailing and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
13.2. Content of the newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipients or legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are authoritative for the consent of the users. Furthermore, our newsletters contain information about our products, offers, promotions, and our company.
13.3. Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that nobody can register with foreign email addresses. The newsletter registrations are logged to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
13.4. Email service provider: Newsletters are sent via “MailChimp”, a newsletter mailing platform of the US-based provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the email service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
13.5. Furthermore, the email service provider may, according to its own information, use this data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. to technically optimize the sending and presentation of newsletters or for statistical purposes to determine which countries the recipients come from. However, the email service provider does not use the data of our newsletter recipients to contact them itself or pass them on to third-parties.
13.6. Registration data: To subscribe to the newsletter, providing your email address is sufficient. Optionally, we ask you to enter a name to address you personally in the newsletter.
13.7. Statistical surveys and analyses – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from the server of the email service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and time of retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor the email service provider’s intention to observe individual users. The evaluations rather serve us to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to our users’ interests.
13.8. The use of the email service provider, the performance of statistical surveys and analyses and the logging of the registration procedure are based on our legitimate interests per Art. 6 para. 1 lit. f DSGVO. Our interest is aimed at the deployment of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
13.9. Cancellation/revocation – You can cancel the subscription to our newsletter at any time, i.e. revoke your consent. Your consent to the mailing of the newsletter by the mailing service provider and the statistical analyses will then expire. A separate cancellation of the mailing by the mailing service provider or the statistical analysis is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only registered for the newsletter and canceled their registration, their personal data will be deleted.
14. Integration of Third-Party Services and Contents
14.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third-parties to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of such content are aware of the IP address of the users, as without the IP address, they would not be able to send the content to their browsers. The IP address is therefore, necessary for the display of these contents. We make every effort to use only content whose respective providers use the IP address only to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, as well as being able to be linked to such information from other sources.
14.2. The following presentation offers an overview of third-party providers and their contents, including links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, the possibility to object (so-called opt-out):
15. User’s rights
15.1. Users have the right to request information free of charge about the personal data we have stored about them.
15.2. Users also have the right to correct inaccurate data, restrict the processing and delete their personal data, if applicable, to exercise their rights to data portability and, in case of suspected unlawful data processing, to lodge a complaint with the competent supervisory authority.
15.3. Users may also withdraw their consent, in principle with consequences for the future.
16. Deletion of Data
16.1. The data stored with us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the users’ data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
16.2. Per legal requirements, data is stored for 6 years per § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years per § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
17. Right of Objection
Users can object to the future processing of their personal data at any time per the legal requirements. The objection may in particular be made against processing for the purposes of direct advertising.