Privacy policy

EMDESK is committed and obligated by the European and German law to protect the privacy of its users and their data. The EU’s General Data Protection Regulation (GDPR) and the German federal data protection act (BDSG) force organizations based in the EU and Germany, but also those outside of the EU processing the personal data of people residing in the EU, to comply with these regulations. These legislations give users greater security, transparency, and control of their personal data online – a principle we couldn’t agree more with.

The following Privacy Policy is intended to give you a overview of what happens to your personal information when you visit our website and use our services.

1. An overview of data protection

General

This Privacy Policy is applicable to Emdesk GmbH’s (“Emdesk” or “we”) database of customers and users of its services and websites (“Services”) as well as Emdesk’s marketing database.

This Privacy Policy describes how we process personal data concerning the users of Emdesk’s Services as well as the representatives of our customers and potential customers (all the aforementioned hereinafter “Customers” or “you”).

Some of our services might be subject to a separate privacy policy. If a separate privacy policy applies to a particular service, we will post it in connection with the service in question.

This Privacy Policy may be updated if required in order to reflect the changes in data processing practices or otherwise. The current version can be found on our website.

Please note that this Privacy Policy applies to processing of personal data carried out by Emdesk as a data controller. As regards the data Emdesk processes on behalf of its customer organizations, Emdesk processes this personal data as a data processor and the relevant customer shall be considered to be the data controller with regard to this personal data.

Data collection on our website

Who is responsible for the data collection on this website?

Emdesk GmbH is the controller of the data processing described in this privacy policy.

How do we collect your data?

Some data is collected when you provide it to us. Most of the data is received directly from Customers at the point of registration or automatically in connection with the Customer’s use of the Services.

Other data is collected automatically by our IT systems when you visit the Services. These data is primarily technical data such as the browser and operating system you are using or when you accessed the page. These data is collected automatically as soon as you use our Services.

Legal grounds for processing

We process your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain, and develop our business and to create and maintain customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

In some parts of the Services, you may be requested to grant your consent for the processing of personal data. In this event, you may withdraw your consent at any time.

What do we use your data for?

Personal data is processed by Emdesk for the following purposes:

To provide our Services and carry out our contractual obligations

We process personal data in the first place to be able to offer the Services to our Customers and to run, maintain, and develop our business. Personal data may be processed in order to carry out our contractual obligations towards the Customer. We may use the data, for example, to offer essential functionalities of the Services and to provide access to the Services.

For customer communication and marketing

We may process personal data for the purpose of contacting Customers regarding our Services and to inform Customers of changes in our Services as well as to market our Services.

If a Customer contacts our customer service, we will use the provided information for answering questions and solving possible issues.

For quality improvement and trend analysis

We may process information regarding the use of the Services to improve the quality of our Services, e.g. by analysing any trends in the use of our Services. When possible, we will do this using only aggregated, non-personally identifiable data.

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will generally not be able to identify you from this data.

2. General information

Data protection

Emdesk takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

Emdesk does not store personal data longer than is legally permitted and necessary for the purposes of this privacy policy. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.

Most personal data relating to a user account with the Services will be deleted after a reasonable time has lapsed after the termination of the business relationship between your organization and Emdesk. Thereafter, a part of the personal data may be stored only as long as such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests, such as claims handling, legal proceedings, bookkeeping, and internal reporting.

International Transfers

We store your personal data primarily within the European Economic Area. However, we have service providers and operations in several geographical locations. As such, we and our service providers may transfer your personal data to, or access it in, jurisdictions outside the European Economic Area.

We will take steps to ensure that the Customers’ personal data receives an adequate level of protection in the jurisdictions in which they are processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.

Notice concerning the controller

The controller’s contact details:

EMDESK GmbH
Peterstraße 5
D-99084 Erfurt
Germany

Telephone: +493616603612
Email: contact@emdesk.com

3. Your rights

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient.

Withdrawing a consent may lead to fewer possibilities to use our Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. In case Customer considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found here.

Right to data portability

Customers have the right to receive their personal data that they have provided to us in a structured and commonly used format and to independently transmit those data to a third party. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

Rights to access, recification, erasure, and restriction of processing

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient, and the purpose for which it has been processed. You can contact us at any time using the address given herein if you have further questions on the topic of personal data.

Customers have the right to have incorrect or incomplete personal data we have stored about the Customer corrected or completed. You can correct or update some of your personal data through your user account in the Services.

Customers may also ask us to erase the Customer’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

Customers may request us to restrict processing of personal data, for example, when your data erasure, rectification, or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our Services.

Right to object and direct marketing

Customers may object to the processing of personal data if such data is processed for other purposes than purposes necessary for the performance of our Services to the Customer or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.

Customer has the right to prohibit us from using Customer’s personal data for direct marketing purposes and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the functionalities of the Services or the unsubscribe possibility offered in connection with any direct marketing messages.

4. Data security

General

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include, for example, where appropriate encryption, firewalls, secure facilities, and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience, and ability restore the data. We regularly test our Services, systems, and other assets for security vulnerabilities.

Should despite of the security measures, a security breach occur that is likely to have negative effects to the privacy of Customers, we will inform the relevant Customers and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

4. Data processed

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. We have a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyse your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

We collect and store information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

We process personal data to pursue our legitimate interest to run, maintain, and develop our business pursuant to Art. 6 paragraph 1, letter f of GDPR.

Contact form

Should you send us questions via a contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions.

This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. Furthermore, we process personal data to pursue our legitimate interest to run, maintain, and develop our business and to create and maintain customer relationships pursuant to Art. 6 paragraph 1, letter f of GDPR.

Registration on the Services

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. Furthermore, we process personal data to pursue our legitimate interest to run, maintain, and develop our business and to create and maintain customer relationships pursuant to Art. 6 paragraph 1, letter f of GDPR.

Customer and contract data

We collect, process, and use personal data only insofar as it is necessary to establish or maintain legal relationships with us. This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. Furthermore, we process personal data to pursue our legitimate interest to run, maintain, and develop our business and to create and maintain customer relationships pursuant to Art. 6 paragraph 1, letter f of GDPR.

We collect, process, and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Emdesk may collect and process the following customer data: (i) name and contact details (including user names); (ii) organization and title; (iii) phone number; (iv) e-mail address; (v) correspondence; (vi) invoicing and billing information; (vii) data concerning your use of the Services or your interest in our Services; (iix) marketing opt-outs and opt-ins.

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis.

You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

5. Personal data recipients

General

In no case we sell or rent out your personal data or Customer Data to third parties, nor does it use them for any purposes other than those set forth in this policy.

We do not share personal data with third parties outside of Emdesk’s organization unless one of the following circumstances applies:

For legal reasons

We may share personal data with third parties outside Emdesk’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security, or technical issues; and/or (iii) protect the interests, properties, or safety of Emdesk, our Customers, or the public in accordance with the law. When possible, we will inform Customers about such transfer and processing.

To authorized service providers and to third parties when it is necessary for the purposes set out in this Privacy Policy

We may share personal data to authorized service providers who perform services for us. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.

To the extent that third parties need access to personal data to perform the Services, Emdesk has taken appropriate contractual and organizational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

Please bear in mind that if you provide personal data directly to a third party, such as through a link on our website, the processing is typically based on their policies and standards.

For other legitimate reasons

If EMDESK is involved in a merger, acquisition, or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all Customers concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.

With explicit consent

We may share personal data with third parties outside EMDESK’s organization for other reasons than the ones mentioned before, when we have the Customer’s explicit consent to do so. The Customer has the right to withdraw this consent at all times.

Subprocessors

We have subcontracted the hosting of our websites to the service provider Hetzner.de in Germany.

We have subcontracted the hosting of our application to the service provider KeyWeb AG and OpenTelekomCloud, both in Germany.

In addition, we use Zoho.eu to administer the subscriptions of our Customers to our Services. Zoho.eu servers are in Amsterdam, the Netherlands, and Dublin, Ireland. Here we do not share Customer Data or users’ personal data other than the personal data of the subscription owner only.

All subprocessors process personal data in encrypted form and to a limited, clearly defined extent. They are listed here.

Analytics and advertising

Google analytics

This website uses Google Analytics, a web analytics service.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available here.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Click here to opt-out of Google Analytics.

For more information about how Google Analytics handles user data, see Google Privacy Policy.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising programme from Google Inc.

As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behavior to optimize both its website and its advertising.

For more information about Google AdWords and Google Conversion Tracking, see Google Privacy Policy.

You can configure your browser to inform you about the use of cookies, so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Newsletter

Mailjet

This website uses the services of Mailjet to send newsletters.

Mailjet is a service which organizes and analyses the distribution of newsletters.

We use Mailjet and web beacons to analyse our newsletter campaigns. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

You will have to unsubscribe from the newsletter if you do not want to receive newsletters. For this purpose, we provide a link in every newsletter we send.

Plugins and tools

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

When you call up a page of our website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google Privacy Policy at https://www.google.com/policies/privacy.

Payment service providers

PayPal, Stripe, and Gocardless

Our website may accept payments via PayPal, Stripe, and Gocardless.

If you select payment via these payment service providers, the payment data you provide will be supplied to payment service providers based Art. 6 (1) (b) of the GDPR (Processing for contract purposes).

Social media

Twitter plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter Privacy Policy, please go to https://twitter.com/privacy.

LinkedIn plugin

Our site uses functions from the LinkedIn network.

Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.

More information can be found in the LinkedIn Privacy Policy at https://www.linkedin.com/legal/privacy-policy.

STAY INFORMED

Updates and expert insights straight to your mailbox