Last updated: 20 December, 2023
We, GAIA Technologies GmbH, Kurfürstendamm 195, 10707 Berlin (hereinafter “we”, “GAIA”) are a company based in Germany which offers a web-based and app-based legal management solution (hereinafter “Service”).
This Service is provided to your employer in the context of a data processing agreement with GAIA.
GAIA is merely the operator of the Service and, in that context, a processor pursuant to Art. 28 GDPR. The basis for the processing by GAIA is a data processing agreement between your employer as the controller and GAIA as the processor. This may also require GAIA to use other subcontractors to provide the Service (e.g. hosting of the software or similar). If you have any questions about this data processing for employment purposes, please contact your employer.
In addition, GAIA processes personal data for its own purposes when you use the Service and which is necessary for the provision and the continuous development of the Service, in particular for the operation of the software. This is discussed in more detail below. For the processing discussed below we are the controller within the meaning of Art. 4 (7) GDPR for the processing of your personal data in the context of the use of our Services. In addition to the possibility of contacting us by mail, you can also contact us at any time via [email protected].
We may transfer your personal data to third parties where necessary to provide our Service. If we use external service providers, these have been carefully selected by us and commissioned in writing and only process your personal data on our behalf. If necessary, we have concluded a processing agreement pursuant to Art. 28 GDPR with them. The categories of recipient we transfer your data to are cloud service providers, management tool providers, marketing tool providers and technical service providers.
We may transfer your personal data to non-EU/EEA countries. Insofar as there is no adequacy decision for these countries according to Art. 45 GDPR, we transfer your personal data subject to appropriate safeguards according to Art. 46 GDPR.
Your personal data will be deleted or blocked as soon as the purpose for processing no longer applies. We will further retain your data if we are legally obliged to do so, especially for tax and accounting purposes. Blocking or deletion of your personal data will also take place if a retention period prescribed by the standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
In the following we would like to provide an overview of the personal data we process, the purposes we process them for as well as the legal basis for such processing activity.
Each time the Service is accessed, or significant actions are performed within it, server logs are automatically generated. This data is typically pseudonymized, which means it doesn't allow for identifying individual users.
This collection is essential for displaying and operating the Service. It's also critical for ensuring security, including monitoring access, input, transfers, and storage. Any anonymous data can be used for statistical analysis and improving both the Service. Should there be any suspicion of unauthorized use of the Service, these logs can be retrospectively reviewed and analyzed. The legal basis for the data processing is our legitimate interest (Art. 6 (1) (f) GDPR).
The collected data includes details like the website's domain name, the browser type and version, operating system, IP address, and the timestamp of access. The extent of this data collection is consistent with standard internet practices.
Server logs are retained for a maximum period of 90 days.