2020-02-01v1

Privacy policy

The protection of your personal data is very important to us. We treat this topic with a great deal of care and therefore inform you in the following about the handling of your personal data when visiting our website. If you need a Data Processing Agreement with us, please see below the "Data Processing Agreement" section.

Any collection, processing and use (hereinafter "processing" or “use”) of data is solely for the purpose of providing our services. The services of DashDash GmbH have been designed to use as little personal information as possible. For that matter, "personal data" is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called "affected person" or “data subject”). The following statements on data protection describe what types of data are collected when accessing our website, what happens with these data and how you may object to data usage.

1 General information on data processing

1.1 Person Responsible (Controller)

Responsible within the meaning of the EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is:

DashDash GmbH (Rows)
Am Märchenbrunnen 5
10407 Berlin
Email: legal@rows.com

1.2 Name and address of the Data Privacy Officer

The data privacy officer is: Kemal Webersohn of WS Datenschutz GmbH If you have questions about data protection you can contact WS Datenschutz GmbH via the following email address: dashdash@ws-datenschutz.de

Or by mail:
WS Datenschutz GmbH
Meinekestraße 13
D-10719 Berlin
www.ws-datenschutz.de

1.3 Protection of your data

We have taken technical and organizational measures to ensure that we and our external service providers meet the requirements of the EU General Data Protection Regulation (GDPR). If we work with other companies to provide our services, such as email and hosting providers, this will only be done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. This selection procedure will be documented in writing and an agreement on the order processing of data (order processing contract) will only be concluded if the third party complies with the requirements of Art. 28 GDPR. Your information will be stored on protected servers. Only the minimal number of authorized Rows employees have access to your information. Our website is SSL/TLS encrypted, as can be seen by the https:// at the start of our URL.

1.4 Erasure of personal data

Rows processes personal data only if necessary. As soon as the purpose of the data processing is fulfilled, we erase the data according to the standards of our deletion concept, unless legal or contractual regulations oppose this.

2 Our website

2.1 Description and scope of data processing

When visiting our website, our web servers temporarily store every access in a log file. The following data is collected and stored until automated deletion:

  • IP address of requesting server
  • Date and time of access
  • Name and URL of the retrieved file
  • Message if the retrieval was successful
  • Other data may be retrieved by our partners. See further information below.

2.2 Legal basis for processing personal data

The legal basis for the temporary storage of log files is art. 6 para. 1 s.1 lit. f) GDPR. Our legitimate interests are to make our website accessible for you.

2.3 Purpose of data processing

The processing of this data serves: the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure, as well as to optimize the website. The IP address is evaluated only in case of attacks on our network infrastructure or the network infrastructure of our internet provider.

2.4 Duration of storage

As soon as the purpose of the data processing is fulfilled, we delete the data. This happens as soon as you close your browser. Our hosting service might use your personal data for statistical purposes. For this your personal data will by anonymized. A final deletion of this data is carried out after a period of 6 weeks.

2.5 Right to objection and deletion

The collection of data is necessary in order to display and operate this website. Therefore, objecting to processing your personal data is impossible.

3 Use of cookies

3.1 Description and scope of data processing

We store cookies on your computer and process the stored information when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you use. The stored information can be processed by Rows or the party that sets the cookie. Cookies cannot run programs or transmit computer viruses. Cookies are used to analyze the use of www.rows.com in anonymized or pseudonymized form and to enable personalized advertisements on this website.
Cookies process the following personal data:

  • Which functions of the website are used
  • Used search terms
    The following cookies are used:
  • GCLB: This is a cookie, we use to manage load balancing.
  • ga/gat/gid: These cookies are necessary for google analytics.
  • Dd-cross-session: This is a session cookie.

3.2 Legal basis for data processing

This processing is legally based on art. 6 para. 1 s. 1 lit. f) GDPR.

3.3 Purpose of data processing

Our legitimate interests are to provide a working connection with our website and to ensure a comfortable use of this website. Also, we need to process your personal data to solve occurring safety and security issues, as well as to ensure system stability. Our tracking service also provides us with statistics about the use of our website.

3.4 Duration of storage

This website uses the following types of cookies. The extent and function of each are explained below:

  • Transient cookies (see a)
  • Persistent cookies (see b)
    a) Transient cookies are automatically deleted when you close the browser. These include session cookies. Transient cookies store your session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or closes the browser. b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

3.5 Right to objection and deletion

You can delete the cookies in the security settings of your browser at any time. Please be aware that you may not be able to use all features of this site when deleting the cookies from your browser history. The use of cookies can be prevented by appropriate browser settings at any time. Therefore, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies at any time. If you object to the use of cookies, we will still save one cookie with your objection, so we will not set cookies in the future.

4 Waitlist, onboarding, product news

4.1 Description and scope of data processing

On our website www.rows.com visitors can subscribe to our waitlist. When signing-up to our waitlist, the following information is mandatory:

  • First name,
  • Last name,
  • Email address,
  • Function.
    We contact you via email only after you completed the sign-up process. Therefore, the email address is necessary to send the newsletter to its recipients. If you sign up for our waitlist, we will send a confirmation email to the address you provided us with. Following this procedure, the IP address, date and time of login are stored for documentation purposes. We won’t transfer the data to third parties. We may send you emails to onboard you, i.e. how to use the product effectively, and about major changes to our product and the waitlist to keep you informed. While onboarding emails are a limited number of emails in the first month after you created an account, critical product news will occur at most quarterly.

4.2 Legal basis for data processing

This processing is legally based on your consent, art. 6 para. 1 1 s.1 lit. a) GDPR. Existing customers may also receive our newsletter without having given their explicit consent. This is carried out only within the strict boundaries of § 7 para 3 UWG (German Act against unfair Competition) and in accordance with art. 95 GDPR. This equals the legal basis of art. 6 para. 1 s.1 lit. f) GDPR. Our legitimate interests are to provide information about our product through promotional emails to our existing customers and thereby keep in contact with these customers.

4.3 Purpose of data processing

The waitlist informs our customers about major product news from Rows on a regular basis. We also send our customers their account credentials to enable them to access our software.

4.4 Duration of storage

We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, deletion of the data is carried out according to the standards of the deletion concept, unless legal or contractual regulations oppose this.

4.5 Right to objection and deletion

You can withdraw your consent to this data processing at any time. If you want to unsubscribe from the waitlist you can do so by clicking the integrated link on the bottom of each email. This will enable you to send us an email to stop the processing by unsubscribing your email address from our mailing list. It is also possible to inform Rows about the revocation of the consent in any other way, e.g. via post or email.

4.6 Mailchimp

4.6.1 Description and scope of data processing

The emails to our waitlist are sent by “Mailchimp“, an online marketing platform. The processor is:
Rocket Science Group, LLC, 675 Ponce De Leon Ave NE#5000, Atlanta, GA 30308, USA. The email addresses of our waitlist subscribers, as well as any other data described in the section “4. Waitlist”, are stored in our backend and then sent to servers of Mailchimp in the USA. Mailchimp uses this information on our behalf for our newsletter management (e.g. sending, reporting). Mailchimp processes this data in order to provide, support and improve its services. Mailchimp does not use this information to contact our waitlist subscribers or other third parties. Our waitlist emails may contain a “web-beacon”, which is a pixel-sized file or cookie. When opening our waitlist emails this file is downloaded from Mailchimp’s servers and thus information such as whether the email was delivered and opened and whether links within the email were clicked are collected. Mailchimp can collect information such as IP address, browser, email client type and other similar details. Technically this information can be matched to each waitlist subscriber, but it is not in our nor Mailchimp’s interest to monitor our users on a personal basis. We trust in the reliability and the IT and data security of Mailchimp. Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and commits itself to comply with the regulations of the GDPR. We further have signed a data processing agreement with Mailchimp. In this agreement Mailchimp commits to protect the data of our users, to process this data according to its regulations and to not share with unauthorized third parties. You can view the privacy policy of Mailchimp here: https://mailchimp.com/legal/privacy/

4.6.2 Legal basis for data processing

This data processing is legally based on our legitimate interests in efficiently and safely sending our newsletter, Art 6 Abs. 1 S.1 lit. F) GDPR.

4.6.3 Purpose of data processing

We use Mailchimp as our subprocessor to ensure an efficient management of our mailing list and to send newsletters to stay in touch with you.

4.6.4 Duration of storage

Mailchimp claims to keep your personal data only if we use it for sending newsletters. When we delete you from our mailing list, Mailchimp will delete this data as well.

4.6.5 Right to objection and deletion

You can object to the processing of your data by Mailchimp. Your objection will be considered, and we will notify you if and why we continue the processing. You are also free to use the "opt out“ link in the footer of each email. If you do so, we will delete your email address from our mailing list which in turn will prompt Mailchimp to stop processing your personal data. This will not have any effect on other mailing lists (e.g. by other companies) managed through Mailchimp.

5 Forum

5.1 Description and scope of data processing

Rows runs a user forum in which our users can post comments and questions. Other users can reply to these posts, and the forum and each post are publicly visible on the internet. If the user publishes a comment in the forum, in addition to the comment content, time of publication and the username (or account) are stored and published. The IP address of the user is also saved. This happens for security and quality assurance reasons in order to protect the blog posts against abuse. A transfer of the data to third parties does not take place, unless the affected person has given his/her consent. Our blog is hosted by a subprocessor. The processor is Civilized Discourse Construction Kit, Inc., 410 Clayton Avenue, El Cerrito, California 94530, USA. The processor has signed a data processing agreement with Rows and is a member of the EU-US-Privacy shield framework. You can read the subprocessors privacy policy here: https://www.discourse.org/privacy.
The following data is mandatory:

  • Username
  • Email address
    The following data is optional:
  • First name
  • Last name
  • Comment’s content
  • Time of comment
  • Avatar (image)

5.2 Legal basis of data processing

The processing is based on our legitimate interests, art. 6 para. 1 s. 1 lit. f) GDPR. All data that you disclose in the context of the commenting function are given voluntarily. Therefore, the legal basis is your consent., art. 6 para. 1 s. 1 lit. a) GDPR.

5.3 Purpose of data processing

We collect this data to ensure the stability and usability of our forum and app and to prevent misuse of the comment function. This is also our legitimate interest. The commenting function shall encourage a mutual exchange of our users’ opinions.

5.4 Duration of storage

The deletion of your data takes place in accordance with the deletion concept.

5.5 Right to objection and deletion

You have the right to object to the data processing, art. 21 GDPR. When doing so we will carefully examine your reasons of objection and will either stop or adjust the processing or will inform you why our legitimate interests outweigh your reasons for objection. Furthermore, you can delete your posts yourself when logged in to your account.

6 Tracking and analytics – Google Analytics

For the continuous improvement of our website we use the following tracking and analysis tools and give you details about our service provider and about how we process your data.

6.1 Description and scope of data processing

The website www.rows.com uses Google Analytics. This is a service for analyzing access to websites of Google LLC. ("Google") and allows us to improve our website. The processor is: Google LLC., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. Cookies enable us to analyze your use of our website. The information collected by a cookie are:

  • IP address
  • access time
  • access duration
    The information is transmitted to a Google server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Google may pass on the collected information to third parties, if required by law or if third parties process this data on behalf of Google. The Google tracking codes of on our website use the function "anonymizeIp ()", thus IP addresses are processed only shortened, in order to exclude a possible direct personal link to you. On https://www.google.de/intl/de/policies/ as well as on http://www.google.com/analytics/terms/de.html, you can find out more about the terms of use and privacy policies of Google.

6.2 Legal basis of data processing

Legal basis is the art. 6 para 1 s. 1 lit. f) GDPR. Our interest is to provide a website which is tailored to its audience and to optimize our online services accordingly.

6.3 Purpose of data processing

By processing the data, we can analyze how our website is used, so we can improve it for our users. We protect your data by using only anonymized IP addresses.

6.4 Duration of storage

The data will be deleted after a set period of time, which varies from 14 to 50 months.

6.5 Right to objection and deletion

You can prevent the installation of cookies by Google Analytics in your browser settings. However, this might cause that you cannot fully use all features of our website. Also, through browsers extensions, e.g. http://tools.google.com/dlpage/gaoptout?hl=de, Google Analytics can be disabled and controlled. You can prevent tracking by using the following link: https://tools.google.com/dlpage/gaoptout

7 Social media

We are maintaining appearances in the following social media:

7.1 Data processing in social media with regard to the operators of social media

When visiting our social media appearances, the social media operators may collect personal data, such as your IP address and further information gathered using cookies. Personal data will be used to provide us with statistical feedback about the use of our social media appearance. The collected personal data will be processed by the social media operator and may be transferred to countries outside the European Union. The information the operator of the respective social network receives and how it is used is described in the privacy statements of each social network. You can also find their contact information there. Further information can be found under the following links: https://www.linkedin.com/legal/privacy-policy https://twitter.com/de/privacy As it is not conclusively and clearly stated by the social media operators, it is unknown to us in what way the social media operators use data, gathered from visits to our social media site, for their own purposes, to what extent activities on the social media site are attributed to individual users, how long the operators store this data and whether data from the social media sites is shared with third parties. When visiting our social media appearances, the IP address of your device will be disclosed to the operator of the social network. Social media networks additionally store information on their user’s devices so that they might be able to match IP addresses to individuals. If you are currently logged in to a social network, there will be a cookie with your individual identifier for this social media network on your device. This will allow the social media operator to understand that you visited particular sites and how you used them. Based on this data content or advertising can be tailored to your past browsing history. If you want to avoid this, you should log out of the respective social network or deactivate the function "stay logged in", delete the existing cookies on your device and stop and restart your browser. In this way, login information which you can be immediately identified by, will be deleted. This allows you to use our social media appearances without revealing your identifier. When you access interactive features of our social media appearance (like, comment, share, news, etc.), a login screen will appear. After logging in, you will be again recognizable as a specific user / user for the used social network. For information on how to manage or delete existing information within the social media network, refer to the support pages listed above for each social network.

7.2 Rows’ data processing regarding the social media appearances

7.2.1 Type and scope of data processing

We may process the information you provide to us via our social media appearances, including your user name and content posted through your account, to react to your messages. In addition, your published posts, reviews and comments refer to your account in the respective social network. If you mention us via “@”, “#“ or similar, this mention may be publishes in our social media appearance under your username In this way data you published in a social media network may be included in our social media appearance in this network and thusly be accessible to other users of the respective social network. If you “like”, “follow” our social media appearance or interact with it in a similar way, we will be notified by the respective social media network with your username and link to your account. In addition, we as the provider of the information service collect and process no data from your use of our appearances in the social media.

7.2.2 Legal basis of data processing

The data processing on our part is based on art. 6 Abs. 1 lit. f) GDPR.

7.2.3 Purpose of data processing

We process personal data provided by you in this context exclusively for the purpose of customer communication and prospective customer communication. Our legitimate interest is to offer a platform where we can provide you with up-to-date information about our company and are able to quickly respond to your requests.

7.2.4 Duration of storage

Your data will be stored in accordance to the storage periods of the respective social media network and will be deleted whenever possible when cancelling a social media appearance.

8 Other tools of third-party providers

In order to be able to provide our services, we use the support of service providers from non-EU countries. In order to ensure the protection of your personal data in this case, we conclude processing contracts with each - carefully selected - service provider. All our processors provide sufficient guarantees to implement appropriate technical and organizational measures. Our third country data processors are either located in a country with an adequate level of data protection (Art. 45 GDPR) or provide appropriate safeguards (Art 46 GDPR). Below you may find our categories of processors, the country they are located at and the safeguards or guarantees they provide: We use the support of the following providers: CRM, hosting, mail services, waitlist, forum, marketing: USA, member of the EU-US Privacy Shield EU-US Privacy Shield: The Privacy Shield is an agreement between the United States of America and the European Union to ensure compliance with European privacy standards. For more information, see:

9 Your rights

You have the following rights with respect to your personal data:

9.1 Right to revoke a given consent (Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw your consent at any time. Such withdrawal will only affect future processing. You can withdraw your consent verbally or in writing by post or email.

9.2 Right of access (Art. 15 GDPR)

In the case of a request for information, you must provide enough information about your identity and provide proof that it is your personal data. The information relates to:

  • data that has been stored regarding your person
  • the categories of personal data concerned
  • the right to lodge a complaint with a supervisory authority
  • the origin of the data
  • the recipient or the categories of recipients to which data has been transmitted
  • the purpose of the storage
  • the right of rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • all available information on the source of the data
  • the existence of automated decision-making, including profiling, referred to in Art 22 Abs. 1 and 4 GDPR and, in those cases, meaningful information about logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

9.3 Right to rectification and erasure (Art. 16, 17 GDPR)

You have the right to request a correction and / or completion, if your personal data is incorrect or incomplete. We will make the correction without delay. You may also request the erasure of your personal data if any of the following applies to you:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw consent on which the processing is based according to art. 6 para. 1 s.1 lit. a) or art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground of processing.
  • You object to the processing pursuant to art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to art. 21 para. 2 GDPR.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  • The personal data have been collected in relation to the offer of information society services referred to in art. 8 para. 1 GDPR.
    Where we have made the personal data public and are obliged to erase the personal data pursuant to art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. The right to object shall not apply to the extent that processing is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority;
  • for reasons of public interest in the area of public health in accordance of art. 9 para. 2 lit. h) and i) as well as art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with art. 89 para. 1 GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the establishment, exercise or defence of legal claims.

9.4 Right to restriction of processing (Art. 18 GDPR)

You shall have the right to obtain from us restriction of processing where one of the following applies:

  • While verifying the accuracy of the personal data, after you contested this accuracy;
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • You have objected to processing pursuant to art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.
    Where processing has been restricted under art. 18 para. 1 GDPR, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.

9.5 Right to information (Art. 19 GDPR)

If you have asserted us your right to rectification, deletion or restriction of data processing, we have to inform all recipients of your personal data to correct, delete or restrict the processing of data. This applies only as this notification is not impossible. You also have the right to know which recipients have received your data.

9.6 Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data, which you provided to a controller, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller, where

  • The processing is based on consent pursuant of art. 6 para. 1 s.1 lit. a) GDPR or of art. 9 para. 2 lit. a) GDPR or is based on a contract pursuant of art. 6 para. 1 s. 1 lit. b) GDPR; and
  • the processing is carried out by automated means.
    In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.

9.7 Right to object (Art. 21 GDPR)

As we based the processing of your personal data on a legitimate interest (art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing based on art. 6 para. 1 s. 1 lit. e). In this case, we ask you to explain the reasons why we should not process your personal data as we have done. We will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.

9.8 Right to lodge a complaint with supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

9.9 How you perceive these rights

To exercise these rights, please contact our data privacy officer:
Kemal Webersohn from Webersohn & Scholtz GmbH
dashdash@ws-datenschutz.com
or by mail:
WS Datenschutz GmbH
Meinekestraße 13
D-10719 Berlin

10 Subject to change

We reserve the right to change this privacy policy in compliance with legal requirements.

11 Data processing on behalf of our Users / Data Processing Agreement

When using our services, you may submit, input manually or import from other third party services (e.g. by generic web requests or through our integrations with third-party services or the user’s own applications) various kinds of data (e.g. to include in a spreadsheet etc.). You will be allowed to enter data of any nature. Such data will not be monitored by Rows and is only processed and stored on behalt of the controller to provide you with the requested service, not for any other purposes or any usage by Rows itself.  

Please note that if you use our services to process personal data of third parties, defined as any information concerning the personal or material circumstances of an identified or identifiable individual and where such processing is not related to a purely personal or household activity (thus where it is related to a professional or commercial activity), you are responsible for compliance with any applicable data protection regulations for such processing. Rows will process the data transmitted by you only in accordance with your instructions. Details of such data processing on behalf of the user are subject to a separate Data Processing Agreement to be concluded in accordance with the relevant statutory provisions between your and Rows. If you need such a Data Processing Agreement with Rows as a Processor as per Art. 28 GDPR, we will be happy to provide you with an agreement. Please send an email to DPA@rows.com.

12 Other important information

Security

Rows recognizes how important the security community is in keeping our products and our customers safe. We thank you in advance for your contributions to our vulnerability disclosure program.

Rows will aim to respond to new reports within 5 business days. Please note, report status marked as triaged is subject to change pending company's final analysis.

Customers and other entitled users of a product or solution should contact Rows Security team to report issues discovered in Rows product or website through the contact security@rows.com.

By submitting a vulnerability report to Rows, you grant to DashDash GmbH, a perpetual, irrevocable, no charge license to all intellectual property rights licensable by you in or related to the use of this material. Also, it is important that you notify us if any of this material is not your own work or is covered by the intellectual property rights of others. Not notifying us means that you've represented that no third-party intellectual property rights are involved.

December 2019