Last updated: 03 December, 2024
We, GAIA Technologies GmbH, Kurfürstendamm 195, 10707 Berlin (hereinafter “we”, “GAIA”) are a company based in Germany which offers a web-based and app-based legal management solution (hereinafter “Service”).
This Service is provided to your employer in the context of a data processing agreement with GAIA.
GAIA is merely the operator of the Service and, in that context, a processor pursuant to Art. 28 GDPR. The basis for the processing by GAIA is a data processing agreement between your employer as the controller and GAIA as the processor. This may also require GAIA to use other subcontractors to provide the Service (e.g. hosting of the software or similar). If you have any questions about this data processing for employment purposes, please contact your employer.
In addition, GAIA processes personal data for its own purposes when you use the Service and which is necessary for the provision and the continuous development of the Service, in particular for the operation of the software. This is discussed in more detail below. For the processing discussed below we are the controller within the meaning of Art. 4 (7) GDPR for the processing of your personal data in the context of the use of our Services. In addition to the possibility of contacting us by mail, you can also contact us at any time via [email protected].
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing the data protection strategy and ensuring compliance with data protection laws and regulations.
The DPO's contact information is as follows:
Name: Kertos GmbH
Email: [email protected]
We may transfer your personal data to third parties where necessary to provide our Service. If we use external service providers, these have been carefully selected by us and commissioned in writing and only process your personal data on our behalf. If necessary, we have concluded a processing agreement pursuant to Art. 28 GDPR with them. The categories of recipient we transfer your data to are cloud service providers, management tool providers, marketing tool providers and technical service providers.
We may transfer your personal data to non-EU/EEA countries. Insofar as there is no adequacy decision for these countries according to Art. 45 GDPR, we transfer your personal data subject to appropriate safeguards according to Art. 46 GDPR.
Your personal data will be deleted or blocked as soon as the purpose for processing no longer applies. We will further retain your data if we are legally obliged to do so, especially for tax and accounting purposes. Blocking or deletion of your personal data will also take place if a retention period prescribed by the standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
In the following we would like to provide an overview of the personal data we process, the purposes we process them for as well as the legal basis for such processing activity.
Each time the Service is accessed, or significant actions are performed within it, server logs are automatically generated. This data is typically pseudonymized, which means it doesn't allow for identifying individual users.
This collection is essential for displaying and operating the Service. It's also critical for ensuring security, including monitoring access, input, transfers, and storage. Any anonymous data can be used for statistical analysis and improving both the Service. Should there be any suspicion of unauthorized use of the Service, these logs can be retrospectively reviewed and analyzed. The legal basis for the data processing is our legitimate interest (Art. 6 (1) (f) GDPR).
The collected data includes details like the website's domain name, the browser type and version, operating system, IP address, and the timestamp of access. The extent of this data collection is consistent with standard internet practices.
Server logs are retained for a maximum period of 90 days.
Error logs are generated to identify and resolve issues, which is vital for promptly addressing problems in displaying and functioning of the Service. Like server logs, this data is typically pseudonymized, preventing individual identification. The legal basis for the data processing is our legitimate interest (Art. 6 (1) (f) GDPR).
In the event of errors, data such as the website's domain name, browser type and version, operating system, IP address, and the timestamp of the error occurrence are collected.
Error logs are also stored for up to 90 days.
For the purpose of monitoring our Service and crash reports we the service “New Relic” provided by New Relic Inc., 188 Spear Street, Suite 1000, San Francisco, California 94105 (“New Relic”). Your personal data may be sent to New Relic for this purpose. For more information on how New Relic stores and processes your personal data please visit:
https://newrelic.com/termsandconditions/services-notices
Cookies are small text files that store information on the user behavior when using our Service and that are placed on the user’s computer and held available for further visits to the Service. These cookies do not cause any damage to your computer and do not contain any viruses.
Necessary cookies allow core functionalities of the Service such as user login and account management. The Service cannot be used properly without necessary cookies. The legal basis for the data processing is our legitimate interest (Art. 6 (1) (f) GDPR). We weighed our interest in providing this Service against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, it is not technically possible to provide the Service in a safe and compliant manner.
New Relic
For the purpose of monitoring our Service and crash reports we use third party cookies of the service New Relic. Your personal data may be sent to New Relic for this purpose. For more information on how New Relic stores and processes your personal data please visit:
https://newrelic.com/termsandconditions/services-notices
Firebase
For the purpose of authentication, we use the third-party service “Firebase” provided by Google Ireland Limited, Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Your personal data may be sent to Google for this purpose. For more information on how Google stores and processes your personal data please visit: https://policies.google.com/privacy?hl=en-US
We use functional cookies to ensure functionality of our Service. The information obtained using functional cookies will not be linked to your IP address. No other personal data is collected. We use the information contained in these cookies to enable, analyze, and prove the operation and use of our service and in order to ensure our IT security.
The legal basis for the data processing is your legitimate interest (Art. 6 (1) (f) GDPR). We weighed our interest in providing the cookie-dependent functions of this Service against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, it is not technically possible to provide the functions. At the same time, the option outlined above is open to you to prevent the processing of your personal data in connection with cookies.
Google Maps
In our Service, we integrate the map service Google Maps, provided by Google. We use Google Maps for the autocomplete addresses function of our Service. You have the option to unselect the autocomplete function.
The legal basis for the processing of your personal data is your consent (Art. 6 (1) (a) GDPR) and our legitimate interest Art. 6 (1) (f) GDPR. You may revoke your consent at any time with future effect. For more information on the purpose and scope of data collection and processing by Google, please refer to Google's privacy policy, where you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/privacy?hl=en-US
Mixpanel
Our Service uses features provided by Mixpanel S.L., Avenida Diagonal, 442 – P. 3 PTA. 1 08037, Barcelona, Spain ("Mixpanel"). Mixpanel is an analytics platform that helps us understand how our visitors interact with the Service by tracking users’ actions and events on our website.
Mixpanel uses tracking technologies to collect information about your use of our Service and to profile your browsing behavior. The information collected by Mixpanel may include the type of device, the operating system, the browser used, and your interactions with our website.
We process your data with Mixpanel based on your consent in accordance with Art. 6 (1) (a) GDPR, which you may withdraw at any time for future use by changing the cookie settings.
Mixpanel may process personal data in the United States. We ensure that appropriate safeguards are in place to secure the data and maintain an adequate level of data protection, including adherence to the Data Privacy Framework between the EU and the U.S.
Please refer to Mixpanel’s Privacy Policy for more details on data processing and on how to opt-out of Mixpanel’s data collection: https://mixpanel.com/legal/privacy-policy
Hotjar
We utilize the data analytics service Hotjar Ltd., Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (”Hotjar”)
We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. With the help of Hotjar's technology, we gain a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and what they don't, etc.) and this helps us align our offering with user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices, in particular the IP address of the device (which is only collected and stored in anonymized form during your website usage), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
We process your data with Hotjar based on your consent in accordance with Art. 6 (1) (a) GDPR, which you may withdraw at any time for future use by changing the cookie settings.
For more information, please refer to the 'about Hotjar' section on Hotjar's help page.
We may use anonymized data derived from the databases created during your use of the Service to perform analyses or improve our Services. Anonymized data is data that has been processed to remove all identifying elements, ensuring that it can no longer be associated with any individual.
Examples of how anonymized data is used include:
The processing of anonymized data is based on our legitimate interest (Art. 6 (1) (f) GDPR) in improving and developing our Services, optimizing Service performance, and contributing to technological advancements such as artificial intelligence. We have carefully weighed this interest against your rights and freedoms, and as anonymized data no longer identifies individuals, we ensure no undue impact on your data protection rights.
Anonymized data is solely used internally and is not shared with third parties unless explicitly mentioned.
Obligation to provide data:
Providing certain personal data is necessary for us to deliver our Services. Without this data, the use of our Services may not be possible or may be limited. For example, providing your username and login credentials is essential to create an account and access the Services.Providing other data, such as cookies or data for analytical purposes, is voluntary. You can refuse or withdraw your consent at any time without affecting the core functionality of our Services.
**Automated Decision-Making and Profiling:**We do not engage in automated decision-making, including profiling, as defined in Article 22 GDPR. If this changes in the future, we will update this privacy policy accordingly and inform you as required by applicable data protection laws.
In accordance with the GDPR, you have the following rights regarding your personal data:
If we process your personal data based on our legitimate interests (Art. 6 (1) (f) GDPR), you can object to the processing by contacting us (see “Controller” for contact details). The same applies if we process your data based on your consent, you have the right to revoke your consent at any time with effect for the future.
Furthermore, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your personal data.