Updated: 14th September 2022
Perdoo GmbH (“Perdoo”) attaches great importance to the protection of personal data and respects your wish for privacy. In the following, we inform you about the collection of personal data when using our website (perdoo.com), our application (web.perdoo.com), and the applications, services, or corporate events offered by or related to Perdoo’s services. If you still have questions about the handling of your personal data, please contact our data protection officer.
Responsible and data protection officer
The responsible person within the meaning of the General Data Protection Regulation (GDPR) is:
Str. der Pariser Kommune 8
Data Protection Officer
Str. of the Paris Commune 8
Types of data collected
Perdoo may collect the following data from you:
- Contact Data: Personal information such as name, address, telephone number, email address, birth date, company information and employment status.
- Contract Data: Information relating to any contract between you and Perdoo such as customer numbers, contract numbers and contractual dates.
- Transaction Data: Details about transactions made between you and Perdoo.
- Payment Data: Information such as bank account data and credit card data.
- Preferences: Information regarding how you wish to interact with Perdoo such as information regarding how you wish to be contacted by Perdoo and how you wish to use and/or receive the Perdoo Services.
- Input Data: Information you provide when you contact Perdoo or information you disclose or submit within channels operated by Perdoo (including the Perdoo Sites, the Perdoo Services, blogs and community forums) or when you register for or log-in to such channels operated by Perdoo.
- Usage Data: Information about how you use and interact on the Perdoo Sites and in relation to the Perdoo Services such as type, IP address, IP location and unique device identifiers of your internet access device, information on browser type and version, information on browser plug-in types and versions, log-in data, mobile network information, time zone settings, operating system and platform, URL clickstream to, through and from the Perdoo Sites and Perdoo Services, length and time of visit to the Perdoo Sites and use of Perdoo Services, information on what features of the Perdoo Sites and Perdoo Services are being used, interactions with user interfaces, page interactions including scrolling and mouseovers.
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name, and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR. Insofar as we request information via our contact form that is not necessary for contacting you, we have always marked this as optional. We use this information to specify your request and to improve the processing of your request. Communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 p. 1 lit. a GDPR. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. You can, of course, withdraw this consent at any time in the future.
As the data controller, our company has implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions can always have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We, therefore, ask you not to send sensitive data by unencrypted e-mail, but to use our encrypted communication channels (e.g. our contact form or our support chat).
Legal basis of our data processing
The processing of personal data can be based on various legal grounds. If we need your data to fulfill a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR. If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1. p. 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interests, whereby a balancing of your interests worthy of protection and our legitimate interests is always carried out. The legal basis for this is Art. 6 para. p. 1 lit. f GDPR. Insofar as the processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 p. 1 lit. c GDPR.
The following table describes, for what purposes and on what specific legal basis Perdoo processes your personal data and – where the processing is based on Art. 6 (1) f) of the EU General Data Protection Regulation (GDPR) – gives details about Perdoo’s legitimate interests for such processing:
|Purpose of Processing||Legal Basis||Legitimate Interests|
|Specific purposes chosen by you||Art. 6 (1) a) GDPR||n/a|
|Providing marketing information and communication regarding services of Perdoo, including newsletters||Art. 6 (1) a) GDPR||To communicate timely and relevant information and updates|
|Conducting market research||Art. 6 (1) a) GDPR||To ensure the continuous improvement of our product and services|
|Preparing, organizing and holding corporate events and follow-up communication||Art. 6 (1) a) GDPR||To plan, communicate, and host relevant events|
|Fulfilling Perdoo’s obligations under contracts entered between you and Perdoo (including any contract regarding the Perdoo Services), performing such contracts and taking necessary steps requested by you before entering into such contract||Art. 6 (1) b) GDPR||For contractual completion and accuracy|
|Complying with a statutory duty or an order of a competent court or public authority||Art. 6 (1) c) GDPR||n/a|
|Providing the possibility to be contacted for any reason and to be able to respond to enquiries and feedback||Art. 6 (1) a) GDPR Art. 6 (1) b) GDPR Art. 6 (1) f) GDPR||To ensure Perdoo’s availability for any requests|
|Providing the Perdoo Website and the Perdoo Services for the public and for registered users||Art. 6 (1) b) GDPR Art. 6 (1) f) GDPR||To inform about and carry out the business activities of Perdoo|
|Enabling and maintaining the functionality of the Perdoo Sites and the Perdoo Services||Art. 6 (1) b) GDPR Art. 6 (1) f) GDPR||To inform about and carry out the business activities of Perdoo|
|Ensuring the usability of the Perdoo Sites and the Perdoo Services||Art. 6 (1) b) GDPR Art. 6 (1) f) GDPR||To ensure, that the Perdoo Sites and the Perdoo Services can be used in a suitable manner|
|Continuous optimization of the Perdoo Sites and the Perdoo Services||Art. 6 (1) b) GDPR Art. 6 (1) f) GDPR||To ensure, that the Perdoo Sites and the Perdoo Services remain innovative, up to date and can be used in a suitable manner|
|Analyzing and monitoring the use of the Perdoo Sites and the Perdoo Services||Art. 6 (1) b) GDPR Art. 6 (1) f) GDPR||To understand and meter how the Perdoo Sites and the Perdoo Services are used in order to recognize any faults and disruptions, to enhance their functionality and to improve user experience|
|Ensuring the overall system security, health and stability of the Perdoo Sites and the Perdoo Services||Art. 6 (1) b) GDPR Art. 6 (1) c) GDPR Art. 6 (1) f) GDPR||To provide the Perdoo Sites and the Perdoo Services free from errors and defects and to ensure their security|
|Preventing unauthorized or unlawful use of and access to the Perdoo Sites and the Perdoo Services||Art. 6 (1) c) GDPR Art. 6 (1) f) GDPR||To protect your data and your interests, to ensure the security of the Perdoo Sites and Perdoo Services and to protect Perdoo’s business activities, business interests, intellectual property and other rights of Perdoo|
|Safeguarding and defending Perdoo’s vital interests and exercising any rights and asserting any claims Perdoo may have||Art. 6 (1) f) GDPR||To protect Perdoo’s business activities, business interests, intellectual property and other rights of Perdoo and to safeguard any legal options available to Perdoo|
The respective legal basis mentioned in the above table is further described as follows:
- 6 (1) a) GDPR: You have given your consent to the processing of your personal data by Perdoo.
- 6 (1) b) GDPR: The processing by Perdoo is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such contract.
- 6 (1) c) GDPR: The processing is necessary for Perdoo to comply with its legal obligations.
- 6 (1) f) GDPR: The processing is necessary to pursue Perdoo’s legitimate interests, except where your interests or fundamental rights and freedoms override such legitimate interests of Perdoo.
Data processing during website access
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.
As a matter of principle, your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relationship, or you have previously given your express consent to the transfer of your data.
External service providers and partner companies only receive your data insofar as this is necessary for the processing of your subscription and/or order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure within the scope of order processing pursuant to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the data protection information of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We make a point of processing your data within the EU / EEA. However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contracts, Binding Corporate Rules, or special agreements to whose regulations the company can submit.
Google Sheets Add-ons
All our Google Sheets Add-ons‘ (including the Head Start Add-on) use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Cookies are data that are stored on your computer by a website you visit and enable your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website, or the entries you have made there. This prevents you, for example, from having to re-enter required form data each time you use the site. The information stored in cookies can also be used to recognize preferences and tailor content according to areas of interest.
There are different types of cookies:
- Session cookies are sets of data that are only temporarily held in the working memory and are deleted when you close your browser.
- Permanent or persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are set by organizations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is Art. 6 (1) sentence 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art.6 para.1 p.1 lit.f GDPR. The stated purpose then corresponds to our legitimate interest.
For the purpose of analyzing and optimizing our websites, we use various services which are described below. We use these services to analyze how many users visit our site, which information is most in demand, or how users find the offer. We also collect data on which website a user came to our website from (so-called referrer), which sub-pages of the website were accessed, or how often and for how long a sub-page was viewed. This helps us to design our offers in a user-friendly way, to find errors, and to improve our offers, and this is also our legitimate interest in using these tools. The data collected in this way is not used to identify individual users personally. We use data sparingly: Anonymous or at most pseudonymous data is collected. The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 lit. a, 7 GDPR.
Analytics tools used by Perdoo:
- Google Analytics
If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behavior is recorded in the form of “events”. Events can be:
- Page impressions
- First visit to the website
- Start of the session
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- internal queries
- Interaction with videos
- Ads seen/clicked
It also records:
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your internet provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/could be
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The data sent by us and linked to cookies are automatically deleted between 1 minute and 24 months.
The legal basis for this data processing is your consent pursuant to Art.6 Para.1 S.1 lit.a GDPR.
You can withdraw your consent at any time with effect for the future by accessing the Cookie settings and changing your selection there. The lawfulness of the processing is carried out on the basis of the consent until the revocation remains unaffected.
Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by selecting the appropriate settings on your browser.
- Do not give your consent to the setting of the cookie or
- download and install the browser add-on to disable Google Analytics HERE.
Perdoo uses Segment for event tracking. Segment is a Customer Data Platform (CDP) that helps you collect, clean, and activate your customer data. This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before and to help track visitor usage, events, target marketing, and also measure application performance and stability.
Segment offers a Data Processing Agreement (DPA) and Standard Contractual (SCCs) as a means of meeting contractual requirements of applicable data privacy laws and regulations, such as GDPR, and to address international data transfers. Segment’s online Data Protection Addendum (DPA) is already part of and incorporated into the Terms of Service.
Twitter Advertising (Retargeting or Conversion Tracking)
We use services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA on our website. Within the EU/EEA, the responsible body for dealing with data subjects’ rights is the
Twitter International Company
Attn: Data Protection Officer
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND.
Twitter Ads allows advertisers to collect data from users who visit their website. Cookies and code are used that connect the website to another third-party platform such as Twitter. In the process, a non-reversible and non-personal checksum (hash value) is generated from your usage data and transmitted to Twitter for analysis and marketing purposes. In addition, a so-called “Twitter pixel” may be used, with the help of which the actions of users can be tracked after they have seen or clicked on a Twitter advertisement.
User behavior is recorded, such as websites visited, content accessed, time of visit, etc., but also device-related data such as applications and operating systems used. Your IP address is stored and used for the geographical targeting of advertising. With “cross-device personalization”, Twitter also tries to identify and link all of a user’s devices. Since the data is stored and processed by Twitter, a connection to the respective user profile on twitter.com is also possible.
The collection and storage of data only take place after explicit consent in accordance with Art. 6 Para. 1 S. lit. a) GDPR. This consent can be withdrawn at any time with effect in the future.
In the course of processing, the data may be transmitted to a server of Twitter Inc. in the USA. Insofar as data is processed outside the EEA, we have concluded EU standard contractual clauses with the service provider in order to establish a secure level of data protection.
Anonymized data is deleted within 6 months. Data that makes it possible to identify a specific user on Twitter is deleted within 90 days. For more information on the duration of storage, please contact the provider or visit this link.
Perdoo uses Google AdWords Conversion, a service of Google, LLC., to draw attention to Perdoo’s activities via advertising on external websites. Perdoo can measure the success of individual advertising measures to make the Perdoo Sites and Perdoo Services more interesting.
If you access the Perdoo Sites via clicking on an advertisement placed by Google, Google AdWords stores a cookie with a unique identifier in your internet access device, which contains information about the frequency of views of Perdoo’s advertisings, their last view, and any opt-out information. This cookie does not allow your tracking through sites that are not operated by Perdoo.
Perdoo does not receive any further data and cannot identify you on the basis of the cookie’s information. Perdoo has no influence on the extent and use of the data collected by Google via Google AdWords. According to Google, Google also receives the information that you have clicked on a Perdoo advertising and about which part of the Perdoo Sites you have accessed therefrom. If you are logged in to a Google service with a user profile, Google may also assign the visit to the Perdoo Sites to your user profile. Even if you are not logged in to Google, Google may still store your IP address.
DoubleClick by Google
When you access a page that uses DoubleClick and for which the DoubleClick script is permitted, your browser automatically establishes a direct connection with the Google server. As the website operator, we have no influence on the scope and further use of the data collected by Google through the use of this tool. We inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
Where data is processed outside the EEA, where there is no level of data protection equivalent to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.
For more information on DoubleClick by Google, please visit this link and Google privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website.
The collection and storage of data only take place after explicit consent according to Art. 6 para. 1 p. 1 lit. a) GDPR. This consent can be withdrawn at any time with effect in the future.
Facebook Conversion Tracking Pixel
We use the Custom Audiences service of Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”) as part of our usage-based online advertising. For this purpose, we define target groups of users in the Facebook ad manager on the basis of certain characteristics, who are subsequently shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated into our website.
Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behavior, sub-pages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.
Facebook Custom Audiences via the customer list is not used by us, nor is the “advanced matching” function.
You can also prevent the storage of cookies altogether by making the appropriate settings in your browser software. However, we would like to point out that in this case, you may not be able to use all the functions of our website to their full extent. Further options for deactivating cookies by third-party providers can be found here or on the Digital Advertising Alliance Opt-Out Platform.
LinkedIn Ads / Conversion Tracking (Pixel)
We use the LinkedIn Conversion Tracking service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland to evaluate our online advertising.
For this purpose, we define target groups of users in the LinkedIn Campaign Manager on the basis of certain characteristics, who are subsequently shown advertisements within the LinkedIn network. Users are selected by LinkedIn based on the profile information they provide, as well as other data provided when using LinkedIn. If a user clicks on an advertisement and then visits our website, LinkedIn receives the information that the user has clicked on the advertising banner via the conversion tag embedded on our website.
The LinkedIn tag enables the collection of visited web pages, including the URL, referrer ID, IP address, device and browser properties, and timestamp.
IP addresses are shortened or hashed (for cross-device use) by LinkedIn. Members’ direct identifiers are removed within 7 days to pseudonymize the data. The remaining pseudonymous data is then deleted within 180 days.
Using the LinkedIn pixel, we can show personalized ads outside our website without identifying individual members. Data that does not identify individuals is also used to improve ad relevance and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
LinkedIn refers to the following link to customize advertising preferences.
We process this data to evaluate our advertising campaigns. The legal basis for the processing is your consent within the meaning of Art. 6 (1) a) GDPR. Without your consent via our Consent Tool, no data will be processed for LinkedIn Conversion Tracking. Once you have given your consent, you can withdraw it at any time with future effect by changing your selection in the Cookie settings.
Further information on LinkedIn Conversion Tracking can be found here. Further information on data processing and storage duration can be found here.
This website uses LinkedIn Services to improve the user experience on our website, to enable you to apply for jobs on LinkedIn, to facilitate the use of the LinkedIn social network, and to contact other LinkedIn users. The provider is LinkedIn Corporation, 599 N Mathilda Ave, Sunnyvale, CA 94085, USA.
If you are a member of the provider’s social network and are logged into the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile in the social network. We have no influence on the exact scope of the data collected about you by the provider. For more information on the scope, type, purpose of data processing, retention periods, and your rights and data protection settings, please refer to the LinkedIn data protection information.
In cases where you expressly consent to the processing of your data, e.g. if you as a LinkedIn member agree to our request to access your resources on LinkedIn, your consent is the legal basis for the data processing (Art. 7 para.1 GDPR) In other cases, e.g. if you apply to us via LinkedIn, the processing of your personal data is necessary for the establishment of the employment relationship (Art.6 para.1 lit.b GDPR and § 26 BDSG). Furthermore, our legitimate interest in processing your data is justified by the above-mentioned purposes (Art. 6 para. 1 lit. f GDPR).
To prevent LinkedIn from collecting data for advertising purposes, you can set a cookie via this link.
In addition, you can make further data protection adjustments via this link.
We will be happy to provide you with information on whether personal data relating to you is being processed; if this is the case, you have a right to information on this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal conditions.
You have the right to object to the processing under legal conditions (Art. 21 GDPR).
To exercise your above rights, please contact us by e-mail at firstname.lastname@example.org or by post at Perdoo GmbH, Str. der Pariser Kommune 8, 10243 Berlin-Germany. The exercise of your above rights is free of charge for you.
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection rules (Article 77 of the GDPR).