Stackable

Data Protection

illustration shape

Data Protection​

1. Subject of this data privacy statement

Protection of your personal data (henceforth: “data” in short) is a major concern for us. Provided next is information on which data are collected during your visit to our website, and how they are processed by us. Furthermore, we inform you about your rights, as well technical and organizational protective measures taken by us with regard to the processing of your data.

2. Name and address of the data controller and service provider

The data controller within the meaning of the general data protection regulations (GDPR) and, at the same time, the service provider within the meaning of the Digital Services Act (DSA) is Stackable GmbH, Thomas-Mann-Straße 8, 22880 Wedel (henceforth termed “Stackable” or “we” in short).

Any questions or comments about this data privacy policy or generally regarding data protection should be submitted to the above-mentioned address or via e-mail to: info@stackable.tech

3. Collection and utilization of your data

Your data’s scope, type of collection and utilization vary according to whether you visit our website only to fetch information, or whether you make use of our website’s offers which require further data about you, e.g. when arranging an appointment:

3.1 Use for informative purposes

During use of our website purely for informative purposes, you never need to specify any personal data.

In this case, we just collect and utilize those data of yours which are sent automatically to us by your Internet browser, such as:

  • Date and time of invoking our web pages
  • Your browser type
  • Your browser settings
  • Your operating system
  • The page last visited by you
  • The transferred amount of data and access status (file transferred, file not found etc.)
  • Your IP address

During visits for informative purposes, these data are processed by us exclusively in a non-personal form. This is done to actually allow the use of web pages accessed by you, and to monitor whether our web pages are displayed to you optimally. Processing takes place on the legal basis of Article 6 Paragraph 1 f) GDPR and in our interest to display the website to you reliably and with as little disruption as possible.

We store the IP address as well as the remaining data accumulated during use for informative purposes for a period of 4 weeks; no personal evaluation is performed, only statistical analysis of website usage as described further below in this data privacy policy.

3.2 Arrangement of an appointment

If you would like to contact us via our appointment form or register for a Stackable webinar, we will collect the following data from you:

  • Speech (Mr/Mrs)
  • First name and surname
  • First name and surname
  • E-mail address
  • Position (optional for appointments)
  • Phone (optional)
  • Preferred contact (e-mail/telephone) when making an appointment
  • Your message when making an appointment

We use this information to respond to your inquiry by e-mail, telephone or to register you for the webinar. We may also use your information to personalize our response to you and to provide you with information specific to your business and position.

If your inquiry relates to an existing contractual relationship between us or you are interested in concluding a contract, data processing is carried out on the legal basis of Article 6 Paragraph 1 b) GDPR (contract management).

Otherwise, data processing is performed on the legal basis of Article 6 Paragraph 1 f) GDPR (balancing of interests) and in our interest in being able to answer your request with the information relevant to you.

We store the data collected via the contact form and the communication to answer your enquiry for the duration of the communication and processing of your request. Your contact data will then be deleted unless storage is required for legal reasons (e.g. legal retention periods for business letters, currently 6-10 years) or permitted by your consent.

3.3 Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current offers. The advertised goods and services are named in the declaration of consent and generally include all content relating to Stackable’s portfolio of services and products.

We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be automatically deleted. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to be able to clarify a possible misuse of your personal data.

Your e-mail address as well as your first name, surname, title and company are required for sending the newsletter. (This information is used to address you personally.) After your confirmation, we store your information for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO.

Consent to this processing can be revoked via e-mail or by sending a message to the contact details given in the imprint.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails sent contain so-called tracking pixels, which are single-pixel image files that are stored on our website. For the analyses, we link the data mentioned in paragraph 3 and the tracking pixels with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them, and infer your personal interests from this. We link this data to actions you have taken on our website.

You can prevent this tracking at any time by deactivating the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

If you have any concerns about your personal data, please contact us using the details provided in the imprint.

3.4 Our career portal

On our website, you can apply for open positions at stackable in our career portal. For this purpose, we use a service of softgarden e-recruiting GmbH (Tauentzienstraße 14, 10789 Berlin; “softgarden”).

A so-called plug-in from softgarden is used on our career pages to make the application process easier for you. By integrating the plug-in, softgarden receives the information that you are viewing the corresponding website when you call up a page with a job posting, and also the data according to section 3 a of this declaration.

For more information on data processing in the context of the application process and the integration of softgarden, please refer to our separate privacy policy for the application process.

We work together with the shared services of b.telligent Group Holding GmbH during the application process. The data collected is passed on to these shared services for processing.

We use the data collected as part of the application process to carry out the application process and to analyze and evaluate our recruiting procedures. In case of employment, the applicant data will be stored in softgarden for the duration of the employment.

4. Use of cookies

4.1 Which cookies do we use?

We use the technology of cookies for our website. Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored on your computer, tablet computer or smartphone for later retrieval.

We use the following cookies on our websites:

[fe_typo_user]: This cookie is used only on the page which has our contact form, and is set as a temporary cookie to allow use of the contact form. It contains an alphanumeric sequence as an identifier. The cookie is stored only until the end of the session, and is a first-party cookie, i.e. one controlled from our website.

[cookienotification_hidden]: This cookie is used to store cookie settings, and contains the option you selected. It contains the entry “yes”, and is stored until the end of the session. This cookie is a first-party cookie controlled from our website.

Use of cookies for HubSpot (details are provided below):

[__hstc]: This cookie is part of the HubSpot service and serves as the main cookie for visitor registration. It contains: Domain, user token, first time stamp (of first visit), last time stamp (of last visit), current time stamp (of current visit) and session number (incremented on each subsequent session); it is stored for two years. This cookie is a first-party cookie controlled from our website.

[__hssrc]: This cookie is part of the HubSpot service. It is set every time HubSpot changes the session cookie. It contains a value of “1” and is used to determine whether the user has restarted their browser. If this cookie is absent at the time of cookie management, HubSpot assumes that the session is a new one. The cookie is stored until the end of the session. This cookie is a first-party cookie controlled from our website.

[__hssc]: This cookie is part of the HubSpot service and is used to record sessions. The cookie makes it possible to determine whether the session number and time stamp in the __hstc cookie need to be increased. It contains: Domain, number of page views (the view count is incremented each time a page is viewed in a session) and the time stamp for session start. The cookie is saved for 30 minutes. This cookie is a first-party cookie controlled from our website.

[cfduid]: This cookie is used by the Cloudflare content delivery network employed by HubSpot to place its service. By means of this cookie, Cloudflare identifies individual users who use a shared IP address in order to set and apply individual security restrictions for such users. It contains an individual ID number and is stored for 1 year. This cookie is a third-party cookie controlled from the service provider Hubspot.

[hubspotutk]: This cookie stores the visitor’s browser ID. It is passed to HubSpot during form submission, and used in the de-duplication of contacts. It contains an opaque GUID to represent the current visitor. The cookie expires after 13 months.

[__hs_do_not_track]: This cookie is stored to prevent the HubSpot tracking code from sending information to HubSpot if there is no opt-in from the user.

Cookies usage for Matomo Cloud (see in detail below):

[_pk_id]: 13 months to store some details about the user, such as the unique Visitor ID.

[_pk_ref]: 6 months to store attribution information, i.e. the referrer, originally used to visit the website.

[_pk_ses], [_pk_cvar], [_pk_hsr]: 30 minute short-lived cookies used for the temporary storage of data about the visit.

[_pk_testcookie]: is created and then should be deleted directly. It is used to check if the visitor’s browser supports cookies.

[mtm_consent] (or [mtm_consent_removed]): are anonymized with an expiration date of 30 years to remember that the user has given consent (or removed).

[mtm_cookie_consent]: are anonymized with an expiration date of 30 years, to remember that the user has given consent to the storage and use of cookies. 

[matomo_ignore]: 30 years if you exclude yourself from tracking (opt-out). This cookie does not contain any personal information or an ID and the cookie value is the same for all visitors.

[matomo_sessid]: 14 days. It is important to note that it does not contain any data identifying visitors and is considered an “essential” cookie.

4.2 Disabling cookies

By way of your browser settings, you can yourself decide whether cookies can be set and called up. For example, you can completely disable storage of cookies by your browser, or limit storage to certain websites, or you can configure your browser so that it automatically notifies you and requests your confirmation when a cookie needs to be set. You can block or delete individual cookies. For technical reasons, however, this might impair the functionality of some of our website’s features.

5. Use of the HubSpot marketing service

Our website makes use of the marketing service of HubSpot Inc. (25 First Street, 2nd Floor Cambridge, MA 02141, USA; “HubSpot”).

We employ Hubspot to manage our business contacts and optimize our services and offers for our customers and interested parties.

HubSpot also uses cookies, i.e. text files which are stored on your terminal device. The information generated by the cookies is transferred to a Hubspot server in the United States, and stored there. HubSpot uses this information on our behalf to evaluate your use of the website and to optimize our services and offers for you.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

HubSpot’s data privacy policy can be found here

HubSpot possesses EU-U.S. privacy shield certification. The EU-US privacy shield agreement is intended to ensure an adequate level of data protection for data transfers to certified U.S. companies. In a resolution dated 12.07.2016 (file reference C(2016) 4176), the EU commission has established the adequacy of the data protection level guaranteed according to the EU-U.S. privacy shield agreement.

The EU commission’s resolution can be viewed here

HubSpot’s current status of certification in accordance with the EU-U.S. privacy shield agreement can be viewed here

Your data are processed on the legal basis of Article 6 Paragraph 1 S.1 f) GDPR (balancing of interests) and in our joint interest in optimizing our services and offers for you.

6. Use of Matomo Cloud

We use the Matomo Cloud service (InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand, website: https://matomo.org/matomo-cloud/) on our website. Matomo Cloud is a service used for web analytics and reach measurement purposes.

As part of the use of Matomo, cookies are generated and stored on the user’s terminal device. The user data collected as part of the use of Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/ 
Legal basis: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO); deletion of data: Cookies have a maximum storage period of 13 months.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The privacy policy of Matomo Cloud can be found here.

Legal basis of Art. 6 para. 1 p. 1 f) DSGVO (balance of interests) and order processing agreement see here: https://matomo.org/matomo-cloud-dpa/ and in your and our interest to optimize our services and offers for you.

7. Integration of YouTube videos

Our website uses videos and plug-ins from YouTube. YouTube is a service provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”). YouTube LLC is a subsidiary of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

We use the so-called “extended data protection mode” of YouTube. This means that when our website is accessed, only an image (so-called “thumbnail”) of the embedded video is retrieved from YouTube or Google and only the data specified in section 3.1 of this declaration is transmitted to YouTube or Google.

Only when you click on the video will further data be transmitted to YouTube or Google and cookies set by these third-party providers. If you are logged into a YouTube or Google account, depending on your account settings, additional data about the video view can be assigned directly to your account. If you do not want this allocation to your profile, you must first log out of your YouTube or Google account.

Google possesses EU-U.S. privacy shield certification which also applies to wholly-owned subsidiaries of Google LLC in the United States and thus also includes YouTube. The EU-US privacy shield agreement is intended to ensure an adequate level of data protection for data transfers to certified U.S. companies. In a resolution dated 12.07.2016 (file reference C(2016) 4176), the EU commission has established the adequacy of the data protection level guaranteed according to the EU-U.S. privacy shield agreement.

The EU commission’s resolution can be viewed here

Google’s current status of certification in accordance with the EU-U.S. privacy shield agreement can be viewed here

More information about the purpose and scope of data collection and processing by YouTube and Google is provided in Google’s data privacy policy. Also provided here is further information about your related rights as well as your options for protecting your privacy.

Your data are processed on the legal basis of Article 6 Paragraph 1 f) GDPR (balancing of interests) and in our interest in providing you with videos on our website while simultaneously relieving our servers.

8. Involvement of service providers and data relay to third parties

For the purpose of making this website available and for the purposes mentioned previously, your data are relayed under certain circumstances to technical services providers who support us (e.g. website hosting and support, content delivery networks), and who, needless to say, we have carefully selected and appointed in writing.

These service providers are bound by our instructions and regularly monitored by us.

Relay of your data to other third parties otherwise takes place only insofar as expressly noted in this data protection statement, or insofar as we are required to do so by law.

9. Download of white papers or case studies (PDF documents)

We provide you with free white papers, case studies, checklists etc. on the website, which are associated with a high economic effort for us. These whitepapers can therefore only be downloaded in return by providing the following data in conjunction with advertising consent:

  • First name and surname
  • Company
  • Department

We also use the data to track the popularity of the white papers and to contact you regarding the content of the white papers, their technical functionality and for updates.

Admissibility of processing is governed by Article 6 Paragraph 1 b) GDPR, which states that processing is lawful if necessary to fulfil a contract whose parties include the data subject, or to implement pre-contractual measures requested by the data subject.

White papers/checklists are provided to you on request in the context of a contractual relationship. Data collected by Stackable are also required for implementing these contractual measures because it would not be possible to respond to such requests without them.

Stackable also uses the data for advertising purposes. Admissibility of processing here is governed by Article 6 Paragraph 1 a) GDPR, which states that processing is lawful if the data subject has provided their consent to processing of their personal data for one or more specified purposes.

Your data are deleted after your consent has been revoked, provided that Stackable has no legitimate interest in further retention. This can be the case if Stackable needs to continue storing your data because of a contract with you. Stored in any case are only those data actually and absolutely necessary for achieving the related purpose. Provision of these data is neither legally nor contractually stipulated. If the data are not provided, you will not receive access to white papers.

You can revoke your consent to this processing by e-mail: info@stackable.tech

10. Your rights

You have the right to require us to confirm whether personal data of relevance to you have been processed; if so, then you have a right to receive information about this personal data, as well as the individual details mentioned in Article 15 GDPR.

You have the right to require us to immediately rectify any incorrect data regarding your person and, if necessary, complete personal data which is incomplete (Article 16 GDPR).

You have the right to require us to immediately delete your personal data, insofar as one of the reasons detailed in Article 17 GDPR applies, for example, if data are no longer needed for the intended purposes (right to deletion).

You have the right to require us to restrict processing if one of the prerequisites mentioned in Article 18 GDPR is given, for example, if you have raised an objection against processing, for the duration of examination by us.

You have the right, for reasons arising from your specific situation, to object at any time to the processing of data concerning you on the basis of Article 6 Paragraph 1 S.1 e) or f) GDPR, or for purposes of direct marketing (Article 21 GDPR); details are provided below.

You have the right to revoke consent granted by you to us at any time with effect for the future (right of revocation).

You have the right to obtain, in a structured, conventional and machine-readable format, the data which concern your person and which you provided to is. You can also transmit these data to other recipients or have the data communicated by us (right to data portability).

To exercise your rights, please send an e-mail to info@stackable.tech

Irrespective of other administrative or judicial remedies, you have the right to appeal to a supervisory authority if you believe that the processing of data concerning your person is contrary to the GDPR (Article 77 GDPR).

11. Data security

We furthermore employ technical and organizational security measures to protect accumulated or collected personal data, especially against accidental or intentional manipulation, loss, destruction or attack by unauthorized persons. Our security measures are improved continuously in accordance with technological developments.

During use of our website, your personal data are encrypted using SSL/TLS technology to prevent access by unauthorized third parties.

12. Notice on the right to objection

You have the right, for reasons arising from your specific situation, to object at any time to the processing of data concerning you on the basis of Article 6 Paragraph 1 S.1 e) or f) GDPR, or for purposes of direct marketing (Article 21 GDPR).

We will then cease processing the data concerning your person, unless we can demonstrate compelling, defensible reasons for processing which outweigh your interests, rights and freedoms, or unless processing serves to assert, exercise or defend legal claims.

July 2022

Stackable GmbH