discoverIQ

Privacy Policy

Use of the “DiscoverIQ” Platform

Content

  1. Introduction
  2. Responsibility
  3. Type of Data Collected
  4. Purpose of Data Processing
  5. Legal Basis
  6. Data Transfer to Third Parties
  7. Storage Period and Deletion of Data
  8. Rights of the Data Subjects
  9. Data Security
  10. Changes to the Privacy Policy

1. Introduction

This privacy policy describes the collection, use, storage, and protection of personal data by Madge GmbH (hereinafter referred to as the “Provider”) in the context of the use of the SaaS platform “DiscoverIQ”. The Provider is committed to protecting the privacy of users and complying with applicable data protection laws, in particular the General Data Protection Regulation (GDPR). This privacy policy is aimed at all users of the platform and explains how personal data is processed and what rights data subjects are entitled to.

2. Responsibility

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Madge GmbH
Birthälmerstr. 14
81829 Munich, Germany
Email: info@madge.de
Phone: +49 (0) 89 125 03 40 40

If you have any questions about data protection or the exercise of your rights as a data subject, you can contact us at any time.

3. Type of Data Collected

As part of the use of the DiscoverIQ platform, we collect various types of personal data, which can be divided into the following categories:

  • Registration Data: Name, email address, company name, phone number, username, and password required to create a user account.
  • Payment Data: Information required to process payments, such as credit card numbers, bank details, billing addresses, and transaction information.
  • Usage Data: Information about how the platform is used, including IP addresses, login data, device information, browser type, duration of use, and navigation behavior within the platform.
  • Support and Communication Data: Data collected in the context of support requests or communication with us, e.g., email correspondence, chat transcripts, or phone inquiries.
  • Technical Data: Data collected automatically as part of the use of the platform, such as cookies, log files, and similar tracking technologies.
  • Marketing Data: In addition to the data mentioned above, we may also collect marketing information, such as user preferences, communication preferences, and interests derived from user behavior on the platform.

4. Purpose of Data Processing

The Provider processes personal data in the context of the use of the DiscoverIQ platform for the following purposes:

  1. Contract Fulfillment: To provide the contractually agreed services, including the creation and administration of user accounts, as well as the technical processing and support of the platform.
  2. Payment Processing: For the processing of payments, invoicing, and fulfillment of tax obligations.
  3. Platform Optimization and Analysis: To improve the functionality and user-friendliness of the platform, based on the analysis of user behavior and technical data.
  4. Security Measures: To ensure the security of the platform, including monitoring and preventing unauthorized access, misuse, fraudulent activity, and ensuring system stability.
  5. Support and Customer Communication: To process requests and support cases and to communicate with users regarding their use of the platform.
  6. Compliance with Legal Obligations: To fulfill legal obligations, such as requirements under commercial, tax, or data protection law.
  7. Marketing Purposes: With users' consent, we may also use personal data for marketing purposes to send personalized offers and information about new features or services.

The processing of personal data by the Provider is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) on the following legal bases:

  • Contract Fulfillment (Art. 6 para. 1 lit. b GDPR): Data processing is necessary to fulfill the contract with the user and to provide the platform.
  • Fulfillment of Legal Obligations (Art. 6 para. 1 lit. c GDPR): Data processing is necessary to comply with legal requirements (e.g., tax and commercial law).
  • Legitimate Interests (Art. 6 para. 1 lit. f GDPR): Data processing is carried out to ensure the security of the platform, to optimize its use, and to maintain business operations.
  • Consent for Marketing (Art. 6 para. 1 lit. a GDPR): If we process personal data for marketing purposes, this is done on the basis of the user's consent. This consent can be revoked at any time.

6. Data Transfer to Third Parties

Personal data will only be passed on to third parties by the Provider if this is necessary for the fulfillment of the contract, for the fulfillment of legal obligations, or due to legitimate interests. Data is passed on in the following cases in particular:

  • Payment Processing: To process payments, we transmit data to payment service providers, such as credit card institutions or payment platforms.
  • Hosting and IT Service Providers: The platform is operated on servers of external hosting providers. These service providers are granted access to personal data to the extent necessary to ensure the availability and security of the platform.
  • Legal and Tax Advisors: In individual cases, it may be necessary to pass on data to legal and tax advisors to fulfill legal or tax obligations.
  • Data Transfer to Third Countries: If personal data is transferred to countries outside the European Economic Area (EEA), this will only be done on the basis of appropriate safeguards in accordance with the GDPR (e.g., standard contractual clauses). A list of the third-party providers and service providers we use who process data outside the EEA can be provided on request.

7. Storage Period and Deletion of Data

The Provider only stores personal data for as long as is necessary to fulfill contractual and legal obligations. The storage period is based on the following principles:

  • Contract Fulfillment: Data required to fulfill a contract is stored for the duration of the contractual relationship. After termination of the contractual relationship, the data will be deleted, provided there are no statutory retention periods to the contrary.
  • Statutory Retention Periods: Data that must be retained for commercial or tax law reasons is stored for a period of 6 to 10 years in accordance with the statutory requirements.
  • Deletion: As soon as the data is no longer required for the stated purposes and there are no statutory retention obligations, it is deleted or anonymized.

8. Rights of the Data Subjects

Users of the DiscoverIQ platform have the following rights under the GDPR with regard to their personal data:

  • Right of Access: You have the right to request confirmation as to whether personal data is being processed, as well as information about the processing purposes, categories of data, and recipients.
  • Right to Rectification: You have the right to have inaccurate or incomplete personal data rectified without undue delay.
  • Right to Erasure: You can request the erasure of your personal data if the data is no longer necessary for the purposes for which it was collected or if the processing is unlawful.
  • Right to Restriction of Processing: You have the right to request the restriction of processing if the accuracy of the data is disputed or the processing is unlawful.
  • Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
  • Right to Object: You can object to the processing of your personal data, in particular if the processing is based on the legitimate interests of the Provider.

9. Data Security

The Provider uses appropriate technical and organizational measures to ensure the security of users' personal data and to protect it from unauthorized access, loss, or misuse. These measures include, among others:

  • Access Restrictions: Access to personal data is restricted to authorized employees and service providers who require this information to perform their duties.
  • Security Audits: We conduct regular reviews of our security measures to ensure that data assets are protected at all times.
  • Security Measures: We use various security measures to protect our users' data, including access restrictions and regular security audits.

Despite all security measures, complete security cannot be guaranteed for data transmission over the Internet. Users are responsible for the secure use of their access data.

10. Changes to the Privacy Policy

The Provider reserves the right to amend this privacy policy at any time to adapt it to legal or technical developments. We will inform users of significant changes that affect them in a suitable manner in good time (e.g., by email or by means of a notice on the platform). The current version of the privacy policy can be viewed at any time on our website.