Privacy policy

Última actualización: 23 de septiembre de 2024
Please read these Privacy policy carefully before using Our Service.

Privacy Overview

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website or use our services. Personal data refers to data that can be used to personally identify you. For detailed information on privacy, please refer to our privacy policy listed below.

Data Collection on This Website and Through Our Services

Who is responsible for data collection on this website?

The data processing on this website and in the provided services is carried out by the website operator. The contact details for the website operator can be found in the "Note on the responsible party" section of this privacy policy.

How do we collect your data?

Your data is collected in various ways, including information you provide to us. This may be data that you enter into a contact form or send to us via email.

Other data is collected automatically or with your consent by our IT systems when you visit the website. These are mainly technical data (e.g., internet browser, operating system, or time of page access). This data is automatically collected as soon as you enter this website. Other data is automatically collected when you register for our services through your Microsoft account.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website and our services. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to request information at any time, free of charge, about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have consented to data processing, you can revoke this consent at any time for the future. Additionally, you have the right to request restrictions on the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority.

You can contact us at any time with questions about data protection.

Additionally, you have the following rights under the GDPR:

  • Right to be Informed:You have the right to be informed about the collection and use of your personal data. This privacy policy provides detailed information on how we handle
  • Right of Access:You have the right to access the personal data we hold about you and understand how it is being processed
  • Right to Erasure:You can request the deletion of your personal data, also known as the "right to be forgotten."
  • Right to Restriction of Processing:You can request that the processing of your personal data be restricted under certain conditions.
  • Right to Data Portability:You have the right to receive your personal data in a structured, commonly used format and transfer it to another controller.
  • Right to Object: You can object to the processing of your data in certain circumstances
  • Rights in Relation to Automated Decision-Making and Profiling:You are informed about your rights concerning automated decision-making processes, including profiling. We do not engage in any automated decision-making, including profiling, that produces legal effects concerning you.

Third-Party Analysis Tools

When you visit this website, your surfing behavior may be statistically analyzed. This is mainly done using so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

Hosting

We host the content of our website and our services with the following provider:

Microsoft Azure

The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (hereafter "Microsoft Azure").

Your personal data is processed on Microsoft Azure's servers when you use our website and services. This may also involve transferring personal data to Microsoft Azure's parent company in the USA. The data transfer mechanism is based on EU standard contractual clauses.

For more information, please read Microsoft Azure's privacy policy: Microsoft Privacy Policy.

The use of Microsoft Azure is based on Art. 6 para. 1(f) of the GDPR. We have a legitimate interest in the reliable presentation of our website and services. If you use our services as a customer, Art. 6 para. 1(b) of the GDPR is also relevant.

Data Processing Agreement

We have entered into a data processing agreement with the above-mentioned provider. This is a contractual document that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

General Information and Mandatory Disclosures

Data Protection

The operators of these pages and the services offered take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data refers to data that can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and why this occurs.

Please note that data transmission on the internet (e.g., when communicating via email) can have security gaps. It is impossible to completely protect data from third-party access.

Note on the Responsible Party

The responsible party for this website is:


BrainCore Solutions GmbH

Panoramaweg 1, 8274 Tägerwilen, Switzerland

Phone: +49251 9811573777

Email: support@absentify.com

The responsible party is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a specific retention period is mentioned in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer exists. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted. Please note that our backups may retain data for up to 14 days, after which they are permanently deleted, in compliance with the GDPR.

If you have given your consent to data processing, we process your personal data based on Art. 6 para. 1(a) of the GDPR or Art. 9 para. 2(a) of the GDPR, if special categories of data are processed according to Art. 9 para. 1 of the GDPR. In cases of explicit consent to the transfer of personal data to third countries, data processing also relies on Art. 49 para. 1(a) of the GDPR. If you have consented to the storage of cookies or the access to information on your end device (e.g., device fingerprinting), data processing is also based on Art. 6 para. 1(a) of the GDPR. Consent can be revoked at any time.

If your data is needed to fulfill a contract or for pre-contractual measures, we process your data based on Art. 6 para. 1(b) of the GDPR. If your data is required to fulfill a legal obligation, we process it based on Art. 6 para. 1(c) of the GDPR. Data processing can also rely on our legitimate interest according to Art. 6 para. 1(f) of the GDPR.

Information on the respective legal basis can be found in the following sections of this privacy policy.

EU Representative in Accordance with Art. 27 of the GDPR

We have appointed an EU representative:

MPH-GL GmbH
Reichenaustrasse 11a, 78467 Konstanz, Germany
Phone: +49251 9811573777
Email: support@absentify.com

Appointment of a Data Protection Officer

We have appointed a Data Protection Officer:

BrainCore Solutions GmbH
Data Protection Officer
Panoramaweg 1, 8274 Tägerwilen, Switzerland
Email: privacy@absentify.com

Note on Data Transfer to the USA and Other Third Countries

Among other things, we use tools from companies based in the USA or other third countries that are not considered data protection-safe. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that there is no privacy level comparable to the EU in these countries. For example, US companies are required to provide personal data to security authorities without allowing the data subject to legally challenge it. Thus, it is possible that US authorities (e.g., intelligence services) may process, analyze, and permanently store your data stored on US servers for surveillance purposes. We have no control over these processing activities.

Many data processing operations are only possible with your explicit consent. You can revoke consent at any time. The legality of data processing carried out before revocation remains unaffected.

Right to Object to Data Collection in Certain Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1(E) OR (F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR THE PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING, OR DEFENDING LEGAL CLAIMS (OBJECTION IN ACCORDANCE WITH ART.


21 PARA. 1 OF THE GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH DIRECT MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION IN ACCORDANCE WITH ART. 21 PARA. 2 OF THE GDPR).

Right to File a Complaint with the Competent Supervisory Authority

If there are violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, particularly in the member state where they usually reside, where they work, or where the alleged violation occurred. The right to file a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or to fulfill a contract in a commonly used, machine-readable format, either to yourself or to a third party. If you request the direct transfer of the data to another responsible party, this will only occur if technically feasible.

Information, Deletion, and Correction

Under applicable legal provisions, you have the right to request free information about your stored personal data, its origin, recipient, and the purpose of data processing, and possibly the right to correct or delete this data at any time. You can contact us at any time for this purpose and for other questions regarding personal data.

Right to Restrict Processing

You have the right to request restrictions on the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing applies in the following cases:

- If you dispute the accuracy of your stored personal data, we usually need time to verify this. During the verification process, you have the right to request restrictions on the processing of your personal data.
- If the processing of your personal data is unlawful, you can request restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to assert, exercise, or defend legal claims, you have the right to request restrictions on the processing of your personal data instead of deletion.
- If you have objected to the processing in accordance with Art. 21 para. 1 of the GDPR, an evaluation must be conducted to determine whose interests prevail. During this evaluation, you have the right to request restrictions on the processing of your personal data.

If you have requested restrictions on the processing of your personal data, these data may only be processed—with the exception of storage—either with your consent or for asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of public interest in the European Union or a member state.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the address bar of your browser from "http://" to "https://" and by a lock icon in the browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions

If you are required to provide your payment data (e.g., bank account number for direct debit authorization) after concluding a paid contract, this data is required for payment processing.

Payment transactions through standard payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. An encrypted connection is recognizable by the change in the address bar of your browser from "http://" to "https://" and by the lock symbol in the browser bar.

In encrypted communication, the payment data you transmit to us cannot be read by third parties.

ISO 27001 Certification and Information Security


We place great importance on the protection of your personal data and have implemented extensive measures to ensure the security of your data. Our information security management system is certified according to ISO 27001, an international standard that defines best practices and requirements for information security management.
The ISO 27001 certification confirms that we have established stringent security protocols to protect your data from unauthorized access, loss, or misuse. These measures include, but are not limited to:

- Regular risk assessments and management
- Implementation of security controls to prevent security incidents
- Training and awareness programs for our employees on information security
- Regular review and improvement of our security measures

This certification demonstrates our commitment to safeguarding your personal data and complying with the highest security standards. If you have any questions about our security measures or the ISO 27001 certification, you can contact our Data Protection Officer.

Data Collection on This Website and Our Services

Cookies


Our websites and services use "cookies." Cookies are small data units that do no harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on your device until you delete them or they are automatically deleted by your web browser.

In some cases, third-party cookies are also stored on your device when you enter our website. These allow the use of certain third-party services (e.g., cookies for payment processing services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions wouldn't work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or display advertisements.

Cookies required for electronic communication, the provision of certain functions you have requested (e.g., for the shopping cart function), or website optimization (e.g., cookies for measuring web traffic) are stored based on Art. 6 para. 1(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of services. If consent is required for storing cookies and similar identification technologies, the processing is solely based on this consent (Art. 6 para. 1(a) of the GDPR); consent can be revoked at any time.

You can set your browser to inform you about cookie placement, allowing only specific cookies, excluding all others, or enabling automatic cookie deletion upon browser closure. If cookies are disabled, some website functionalities may be restricted.

If cookies from third parties or for analysis purposes are used, we will inform you separately within this privacy policy and, if needed, request your consent.

Our website uses a consent technology from Cookiebot to obtain your consent for storing certain cookies on your device or using specific technologies and to document this compliance with data protection laws. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereafter "Cookiebot").

When you enter our website, a connection is established with Cookiebot's servers to obtain your consent and provide further explanations on cookie use. Cookiebot then stores a cookie in your browser to identify the consent given or its revocation. The data collected in this manner is stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Legal retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for cookie use. The legal basis is Art. 6 para. 1(c) of the GDPR.

Data Processing

We have entered into a data processing agreement (DPA) for using the above-mentioned service. This is a contract required by data protection laws, ensuring that Cookiebot processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server Log Files


The site provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address

This data is not combined with other data sources.

The collection of this data is based on Art. 6 para. 1(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website; for this, server log files must be collected.

Registration on This Website


You can register on this website or through our services, or be registered by your organization, to access additional features. We use the data provided solely for the purpose of using the respective service or feature you registered for. The mandatory fields during registration must be fully completed. Otherwise, registration will be rejected.

In case of significant changes, such as those affecting the service or technical changes, we will use the email address provided during registration to inform you.

The data collected during registration is processed to carry out the user relationship established through registration and potentially to initiate further contracts (Art. 6 para. 1(b) of the GDPR).

The data collected during registration will be stored as long as you remain registered on this website, then deleted. If you delete your account, all your personal data will be immediately deleted. However, please note that our backups may retain data for up to 14 days before permanent deletion, in compliance with the GDPR. Legal retention periods remain unaffected.

Registration with Microsoft


To register on this website and through our services, you must register with Microsoft. The provider of this service is Microsoft Corporation, One Microsoft Way, WA 98052-6399, Redmond, USA.

For registration with Microsoft, you only need to enter your Microsoft name (email address) and password. Microsoft identifies you and confirms your identity to our website. We receive access to your name, profile picture, and email address through the Microsoft API. If your organization registered you, we also receive this information. Additionally, your organization may

decide to provide your birthdate and hire date.

Google Analytics


This website uses functions from the web analytics service Google Analytics. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze website visitor behavior. To this end, the website operator receives various user data, such as visited pages, time spent on the site, the operating system used, and the user's origin. These data are combined into a user ID and associated with the respective end device of the website visitor.

Furthermore, Google Analytics allows recording your mouse and scroll movements and clicks. Google Analytics uses various modeling approaches to supplement the collected data sets and employs machine learning in data analysis.

Google Analytics uses technologies that enable user recognition for behavioral analysis (e.g., cookies or device fingerprinting). The collected information is usually transmitted to a Google server in the USA and stored there.

The use of these services is based on your consent according to Art. 6 para. 1(a) of the GDPR and § 25 para. 1 TTDSG. You can revoke your consent at any time.

The data transfer

to the USA is based on the European Commission's Standard Contractual Clauses. More information can be found here: Google Controller Terms.

Browser Plugin


You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: Google Analytics Opt-Out.

More information about how Google Analytics handles user data can be found in Google's privacy policy: Google Privacy.

Google Signals

We use Google Signals. When you visit our website, Google Analytics records your location, search activities, YouTube usage, and demographic data, among other things. This data can be used for personalized advertising with Google Signals. If you have a Google account, Google Signals associates your data with your account and may use it to send you personalized advertising. This data is also used to create anonymized statistics on our users' online behavior.

Data Processing Agreement

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Newsletter

Newsletter Data

If you wish to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and that you wish to receive the newsletter. No additional data or only voluntary data is collected. We use a newsletter service provider, described below, to manage the newsletter.

Brevo (formerly Sendinblue)

This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that organizes and analyzes newsletter and transactional email sending. The data you provide for newsletter reception is stored on Brevo's servers in Germany.

Data Analysis by Brevo

Brevo allows us to analyze our newsletter campaigns. For instance, we can see if a newsletter message was opened and which links were clicked. This helps us identify which links were clicked most frequently.

Additionally, we can see if certain predefined actions were taken after opening or clicking (conversion rate). For example, we can determine if a purchase was made after clicking on the newsletter.

Brevo also allows us to divide newsletter recipients into various categories ("clustering"). This helps tailor newsletters to specific target groups.

If you don't want Brevo to analyze your data, you need to unsubscribe from the newsletter. A corresponding link is provided in each newsletter message for this purpose.

For detailed information about Brevo's functions, see the following link: Brevo Newsletter Software.

Data processing is based on your consent (Art. 6 para. 1(a) of the GDPR). You can revoke this consent at any time. The legality of data processing conducted before the revocation remains unaffected.

Retention Period

The data you provide to receive the newsletter will be stored until you unsubscribe and deleted from the newsletter distribution list after unsubscribing. Data stored for other purposes is not affected.

After unsubscribing from the newsletter distribution list, your email address may be added to a block list to prevent future newsletter deliveries. The block list data is used solely for this purpose and is not combined with other data. This serves your interest and ours in complying with legal requirements for newsletter sending (legitimate interest according to Art. 6 para. 1(f) of the GDPR). The block list storage is not time-limited, and you can object to the storage if your interests outweigh our legitimate interest.

More details can be found in Brevo's privacy policy: Brevo Privacy.

Data Processing Agreement

We have entered into a data processing agreement with the above-mentioned provider. This is a contract required by data protection laws, ensuring that the provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Plugins and Tools

Crisp

We use Crisp (hereafter "Crisp") to handle user inquiries through our support channels. The provider is Crisp IM S.A.S., 2 Boulevard de Launay, 44100 Nantes, France. Messages you send to us may be stored in the Crisp ticket system. If you communicate with us through Crisp, all data entered before starting the chat (e.g., name or chat ID, address, and phone number) and your IP address, country of origin, browser used, and the device used, along with the exchanged messages, are combined into a profile and stored on Crisp's servers.

The messages you send us remain with us until you request deletion, or the purpose for data storage no longer applies (e.g., after resolving your request). Legal obligations, particularly retention periods, remain unaffected.

The use of Crisp is based on Art. 6 para. 1(f) of the GDPR. We have a legitimate interest in processing your inquiries as quickly, reliably, and efficiently as possible. If the corresponding consent has been obtained, the processing is solely based on Art. 6 para. 1(a) of the GDPR. Consent can be revoked at any time.

More information can be found in Crisp's privacy policy: Crisp Privacy.

Data Processing Agreement

We have entered into a data processing agreement with the above-mentioned provider. This is a contract required by data protection laws, ensuring that the provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Sentry

We use the error management tool Sentry to troubleshoot and monitor the system. Sentry is hosted internally, so no data processing agreement is required. All data collected through Sentry remains in our infrastructure.

More information can be found in Sentry's privacy policy: Sentry Privacy.

E-Commerce and Payment Service Providers

Processing Customer and Contract Data

We collect, process, and use personal customer and contract data for the purpose of establishing, designing, and modifying our contractual relationships. We collect, process, and use personal data about using this website and services (usage data) only to the extent necessary to allow the user to use the service or billing. The legal basis is Art. 6 para. 1(b) of the GDPR.

The collected customer data is deleted after the completion of the order or termination of the business relationship and after any statutory retention periods. Legal retention periods remain unaffected.

Data Transfer Upon Contract Conclusion for Services and Digital Content

We transfer personal data to third parties only if necessary for contract processing, such as the financial institution handling payment or the subcontracting company (e.g., for IT services).

Other data is transferred only if you explicitly consented to the transfer. Your data will not be shared with third parties without your explicit consent, such as for advertising purposes.

The basis for data processing is Art. 6 para. 1(b) of the GDPR, which allows processing data to fulfill a contract or pre-contractual measures.

Payment Services

We integrate third-party payment services into our website and services. If you make a purchase, your payment data (e.g., name, payment amount, bank details, credit card number) is processed by the payment service provider for payment processing. The respective contractual and data protection provisions of the providers apply to these transactions. The payment service providers are used based on Art. 6 para. 1(b) of the GDPR (contract processing) and for smooth, comfortable, and secure payment processes (Art. 6 para. 1(f) of the GDPR). If your consent is required for certain actions, Art. 6 para. 1(a) of the GDPR is the legal basis for data processing; consent can be revoked at any time for future actions.

Paddle

Some of our services are provided by Paddle.com Market Limited as a reseller. The provider and contractual partner is Market Limited, 18-29 Mora Street, Judd House, London EC1V 8BT, United Kingdom (hereafter "Paddle"). As the responsible party, Paddle outlines in its privacy policy which data Paddle stores and processes when you visit this website. We do not have access to this payment information. More information can be found in Paddle's privacy policy: Paddle Privacy.

The data transfer to the UK is based on the EU Commission's adequacy decision:
dom_-_general_data_protection_regulation_en.pdf" target="_blank" rel="noopener noreferrer" role="link" class="csh-markdown csh-markdown-link csh-markdown-link-text">Adequacy Decision.

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg (hereafter "PayPal").

The data transfer to the USA is based on the European Commission's Standard Contractual Clauses. More information can be found here: PayPal EU Contractual Clauses.

Further details can be found in PayPal's privacy policy: PayPal Privacy.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereafter "American Express").

American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the binding corporate rules of American Express. More information can be found here:
.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/" target="_blank" rel="noopener noreferrer" role="link" class="csh-markdown csh-markdown-link csh-markdown-link-text">American Express Privacy.

Further details can be found in American Express's privacy policy: American Express Privacy.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereafter "Mastercard").

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on the binding corporate rules of Mastercard. More information can be found here: Mastercard Privacy.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, UK (hereafter "VISA").

The UK is considered a safe third country in terms of data protection, indicating a data protection level comparable to the EU.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the European Commission's Standard Contractual Clauses. More information can be found here: VISA SCC.

Further information can be found in VISA's privacy policy: VISA Privacy.

Audio and Video Conferences

Data Processing

One of the tools we use to communicate with our customers is online conferencing. The individual tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the respective conference tool provider.

The conference tools collect all data you provide/input to use the tools (e.g., email address and/or phone number). Additionally, the conference tools collect the duration of the conference, the start and end (timing) of participation, the number of participants, and other "context-related information" concerning the communication process (metadata).

The tool provider processes all technical data required for conducting online communication. This includes, but is not limited to, IP addresses, MAC addresses, device IDs, device types, operating system types and versions, client versions, camera types, microphones, or speakers, as well as the type of connection.

If content is shared, uploaded, or otherwise made available within the tool, it is also stored on the tool provider's servers. This content includes, among other things, cloud recordings, chat/instant messages, voice messages, uploaded photos and videos, files, whiteboards, and other information shared during service use.

Please note that we do not have full control over the data processing operations of the used tools. Our possibilities are largely determined by the policies of the respective provider. For more information on data processing by the conference tools, we refer to the privacy policies of the respective tools used.

The conference tools are used to communicate with potential or existing contractual partners or to provide specific services for our customers (Art. 6 para. 1(b) of the GDPR). Additionally, using the tools serves the general facilitation and acceleration of communication with us or our company (legitimate interest according to Art. 6 para. 1(f) of the GDPR). If corresponding consent has been requested, the processing is solely based on this consent; the consent can be revoked at any time with effect for the future.

Retention Period

The data we collect directly through the video and conference tools is deleted from our systems once you request its deletion, revoke your consent to data storage, or when the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Legal retention periods remain unaffected.

We do not control the retention period for your data stored by the operators of the conference tools for their own purposes. For details, contact the respective conference tool operators.

Conference Tools Used

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, see Microsoft Teams' privacy policy: Microsoft Teams Privacy.

CCPA Privacy

This section on data protection for California residents supplements the information in our privacy policy and applies exclusively to all visitors, users, and other persons who are California residents.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, can be associated with, or could reasonably be linked directly or indirectly with a specific consumer or device. The following categories of personal information are examples of data we have collected from California residents or collected in the past twelve (12) months.

Please note that the categories and examples in the following list are based on definitions from the California Consumer Privacy Act (CCPA). This does not mean we collected all examples in this category, but it reflects our sincere belief that some of this data may have been collected or disclosed.

- Category A: Identifiers
Examples: a real name, pseudonym, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers.
Collected: Yes.

- Category B: Categories of Personal Data Defined in the California Customer Data Act (Cal. Civ. Code § 1798.80(e))
Examples: name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state ID number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, medical information, or health insurance information. Some personal information in this category may overlap with other categories.
Collected: Yes.

- Category C: Protected Classifications under California or Federal Law
Examples: age (40 years or older), race, skin color, ancestry, national origin, citizenship, religion or belief, marital status, health status, physical or mental disability, gender (including gender, gender identity, gender expression, pregnancy, or birth and related health conditions), sexual orientation, veteran or military status, genetic information (including family genetic information).
Collected: No.

- Category D: Commercial Information
Examples: records and history of products or services purchased or considered.
Collected: Yes.

- Category E: Biometric Information
Examples: genetic, physiological, behavioral, biological characteristics, or activity patterns used to create a template or other identifiers or identification information, such as fingerprints, facial and voiceprints, iris or retina scans, keystroke patterns, gait, or other physical patterns, as well as sleep, health, or exercise data.
Collected: No.

- Category F: Internet or Other Similar Network Activity
Examples: interaction with our service or advertising.
Collected: Yes.

- Category G: Geolocation Data
Examples: approximate physical location.
Collected: No.

- Category H: Sensory Data
Examples: audio, electronic, visual, thermal, olfactory, or similar information.
Collected: No.

- Category I: Professional or Employment-Related Information
Examples: current or past employment history or performance evaluations.
Collected: No.

- Category J: Non-public Education Information (as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Examples: education records directly related to a student and maintained by an educational institution or a party acting on its behalf, such as grades, transcripts, class lists, schedules, student identification codes, student financial information, or student disciplinary records.
Collected: No.

- Category K: Derived Inferences from Other Personal Data
Examples: profile reflecting a person's preferences, characteristics, psychological tendencies, dispositions, behavior, attitudes, intelligence, skills, and aptitudes.
Collected: No.

Under CCPA, the following information is not considered personal data:

- Publicly available information from government records
- Unidentified or aggregated consumer information
- Information not covered by CCPA, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), or clinical trial data.
- Personal information covered by specific sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Sources of Personal Information

We obtain the above categories of personal data from the following sources:

- Directly from you. For example, through forms you fill out in our service, through preferences you express or set in our service, or through your purchases in our service.
- Indirectly from you. For example, by observing your activities in our service.
- Automatically from you. For example, through cookies placed by us or our service providers on your device when you navigate through our service.
- From service providers. For example, from third-party providers monitoring and analyzing the use of our service, from third-party providers for payment processing, or other third-party providers we use to provide you with the service.

Use of Personal Data for Business or Commercial Purposes

We may or have used or disclosed the following categories of personal data for "business purposes" or "commercial purposes":

- Category A: Identifiers
- Category B: Categories of Personal Data Defined in the California Customer Data Act (Cal. Civ. Code § 1798.80(e))
- Category D: Commercial Information
- Category F: Internet or Other Similar Network Activity

If we disclose personal data for business or commercial purposes, we enter into a contract describing the purpose and requiring the recipient to keep the personal data confidential and not use it for any other purpose except to fulfill the contract.

Sale of Personal Data

Under CCPA's definition, "sale" and "sell" refer to selling, renting, sharing, disclosing, disseminating, providing, transferring, or otherwise communicating personal data of a consumer to a third party for consideration. This means we received some form of consideration for sharing personal data, but not necessarily a financial benefit. We do not sell personal data.

Disclosure of Personal Data

We may share your personal data in the above categories with the following categories of third parties:

- Service providers
- Payment service providers
- Our subsidiaries
- Our business partners
- Third parties you or your representatives authorize us to

disclose your personal data in connection with products or services we offer you

Sale of Personal Data of Minors Under 16 Years

We do not knowingly collect personal data from minors under 16 through our service, although certain third-party websites we link to may do so. These third-party websites have their own terms of use and privacy policies, and we recommend that parents and guardians monitor their children's internet use and instruct them never to provide information on other websites without their consent.

We do not sell personal data from consumers. If you believe a child under 13 (or 16) has provided personal data to us, please contact us with sufficient information so we can delete the data.

Your Rights Under the CCPA

CCPA grants California residents certain rights regarding their personal data. If you are a California resident, you have the following rights:

- The right to be informed. You have the right to know which categories of personal data are collected and for what purposes this personal data is used.
- The right to make a request. Under CCPA, you have the right to request information from us about collecting, using, selling, disclosing, and transferring personal data. Once we receive and confirm your request, we will inform you:
- The categories of personal data we have collected about you
- The categories of sources for the personal data we collected about you
- Our business or commercial purpose for collecting or selling this personal data
- The categories of third parties with whom we share this personal data
- The specific personal data we collected about you
- If we sold or disclosed your personal data for business purposes, we will inform you:
- The categories of sold personal data
- The categories of disclosed personal data for business purposes

- The right to opt out of the sale of personal data. You have the right to instruct us not to sell your personal data. To make an opt-out request, please contact us.
- The right to delete personal data. You have the right, subject to certain exceptions, to request the deletion of your personal data. Once we receive and confirm your request, we will delete your personal data from our records (and direct our service providers to do so), provided no exception exists. We may refuse your deletion request if data retention is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal data, provide you with a good or service you requested, take actions that are reasonably expected as part of our ongoing business relationship with you, or otherwise fulfill our agreement with you.
- Detect security incidents, protect against malicious, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Fix products to identify and correct errors that impair intended functionality.
- Exercise free speech, guarantee the free speech rights of other consumers, or exercise other legally established rights.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ff.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that complies with all other applicable ethical and data protection requirements, where deleting the data would likely make the research success impossible or significantly impair it, provided you gave prior consent.
- Only allow internal purposes reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Allow other internal and lawful uses of this information consistent with the context in which it was provided.

- The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer rights, including by:
- Denying you goods or services
- Charging different prices or rates for goods or services, including granting discounts or other benefits or imposing penalties
- Providing a different level or quality of goods or services
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your CCPA Data Privacy Rights

If you are a California resident, you can contact us to exercise your rights under CCPA:
By email: support@absentify.com

Only you or a person registered with the California Secretary of State who is authorized to act on your behalf can submit a verifiable request for your personal data.

Your request must:
- Provide sufficient information to reasonably confirm you are the person whose personal data we collected or an authorized representative.
- Describe your request in sufficient detail to allow us to understand, evaluate, and respond properly.

We cannot respond to your request or provide the required information if we cannot verify your identity or authorization or cannot associate the personal data with you.

We will provide the required information for free within 45 days of receiving your verifiable request. This period can be extended by another 45 days if reasonably required and communicated in advance.

Any disclosures we make only cover the 12 months before receiving the verifiable request.

For data portability requests, we choose a format that is easy to use and allows you to transfer data from one location to another without hindrance.

Do Not Sell My Personal Information

Service providers we work with (e.g., our analysis or advertising partners) may use technologies that "sell" personal data, as defined by CCPA. If you wish to opt out of using your personal data for interest-based advertising, follow the instructions below.

Please note that each opt-out is browser-specific. You may need to opt-out in each browser you use.

Website

You can prevent the use of personalized advertising by following the instructions in our service:

- NAI Opt-Out Platform
- EDAA Opt-Out Platform
- DAA Opt-Out Platform

If you opt-out, a cookie will be placed on your computer to ensure the opt-out is valid for the browser you used. If you change browsers or delete the cookies stored by your browser, you must opt out again.

Mobile Devices

Your mobile device may offer the option to opt out of using information about apps you use to serve you tailored ads:

- "Opt-out of interest-based advertising" or "opt-out of personalized advertising" on Android devices
- "Limit Ad Tracking" on iOS devices

You can also stop the collection of location information from your mobile device by changing the device settings.

Do Not Track (DNT) Policy According to the California Online Privacy Protection Act (CalOPPA)

Our service does not respond to Do Not Track (DNT) signals.

However, some third-party websites may track your browsing behavior. If you visit such websites, you can adjust browser settings to indicate that you do not want to be tracked. You can enable or disable DNT by going to your web browser's settings or preferences.

Privacy for Children

Our service is not intended for persons under 13 years old. We do not knowingly collect personal data from persons under 13. If you are a parent or guardian and know that your child has provided personal data, please contact us. If we learn that we have collected personal data from persons under 13 without parental consent verification, we will take measures to remove this information from our servers.

If we rely on consents as the legal basis for processing your data and your country requires parental consent, we may seek parental consent before collecting and using this data.

Your California Privacy Rights ("Shine the Light" Law in California)

Under Section 1798 of the California Civil Code ("Shine the Light" Law), California residents with an existing business relationship with us may request information once a year about disclosing their personal data to third parties for their direct marketing purposes.

If you would like further information under California's "Shine the Light" law and are a California resident, please contact us using the contact information below.

California Privacy Rights for Minors (California Business and Professions Code Section 22581)

Under Section 22581 of the California Business and Professions Code, California residents under 18 years old who are registered users of online sites, services, or applications can request and obtain the removal of content or information they have publicly posted.

If you are a California resident and wish to request the removal of this information, you can contact us through the contact information provided below and include the email address associated with your account.

Please note that your request does not guarantee complete or comprehensive removal of all content or information posted online, and the law may not allow or require removal in some cases.