Home

Data Privacy

Privacy policy of Hej Software GmbH Hej Software GmbH offers comprehensive information to partners, customers and interested parties via the website gethej.com. The subject of the information is in particular the software “Hej CTI”, with which telephony and CRM systems can be connected. We attach particular importance to the confidential and secure handling of your personal data and the data of your company. The following data protection declaration is the basis of our actions and an integral part of our business relationship with interested customers and third parties. Due to legal and technical changes, we will adapt the data protection declaration if necessary. The most recent version of the data protection declaration published on the website is always valid. The privacy policy includes the following points: 1. Name and address of the responsible party for data processing 2. Name and address of the data protection officer 3. Use of cookies 4. Log file creation 5. Analytic tools

5.1 Google Analytics

5.2 Google Tag Manager

6. Links and contents on pages of third parties 7. SSL encryption 8. Establishment and execution of contractual relationships 9. Contact establishment and Processing of Inquiries

9.1 Contact forms on the website

9.2 Use of chatbots

9.3 Making an appointment via “Youcanbook.me”

9.4 Internal Messaging/Chat Ops with Slack

9.5 Zendesk Ticket System

9.6 Collaboration system G Suite from Google

10. Use of website plugins

10.1 Google Web Fonts

10.2 Google Maps

10.3 YouTube

11. Registration/Sign-up for Hej CTI 12. Measures for new customer acquisition and customer care 13. Rights of the data subject

13.1 Data subject rights according to Art. 15 et seq. GDPR

13.2 Revocation of consents granted to us

13.3 Right to object

13.4 Right to appeal the supervisory authority

14. Transfer of data to third parties 15. Questions and suggestions

1. Name and address of the responsible party for data processing

The person responsible within the meaning of the GDPR, other data protection laws applicable in the member states of the European Union and other regulations with a data protection nature is: Hej Software GmbH Hirschlandstraße 150 73730 Esslingen Germany Phone: +49 711 21950540 E-Mail: info[at]hej.sx Website: gethej.com

2. Name and address of the data protection officer

The data protection officer of the data processor is: Markus Achatz Qualitätsmanagementakademie Raiffeisenstr. 14 86447 Aindling Telefon: +49 8237 6277 E-Mail: markusachatz(at)qma-akademie.de

3. Use of cookies

The internet pages of Hej Software GmbH use cookies. Cookies are data which are stored by the internet browser on the website user’s computer system. Cookies can be transmitted to a website when it is visited and allow assignment of an website user. Cookies help to simplify the use of Internet pages for the user. Cookies can also be used to evaluate user behaviour on a website (tracking) or to display certain advertisements on other websites based on user behaviour (retargeting). Similar purposes are served by comparable technologies, by means of which small data packages are stored in the local memory of the browser used by the user (local storage). When we talk about cookies in the following, we also mean these and all other comparable technologies (e.g. pixels, web beacons or similar). The Hej Software GmbH uses on its internet pages both its own cookies and applications of third parties that work with cookies (so-called third party cookies). The own cookies of Hej Software GmbH are used to provide you with certain functions which are explained separately in this data protection declaration. The legal basis for the use of these cookies is our legitimate interest in enabling users to visit our Internet pages conveniently (Art. 6 para. 1 lit. f DS-GVO). We only use third-party cookies for tracking and retargeting purposes with the prior consent of our users (Art. 6 para. 1 lit. a GDPR). Detailed information on the applications used and the use of cookies is provided in the following sections. It is possible to reject to the setting of cookies at any time by changing the settings in the Internet browser accordingly. Cookies that have been set can be deleted.

4. Log file creation

With each visit of the web page Hej Software GmbH collects data and information through an automated system. These are stored in the log files of the server. The following data can be collected: (1) Information about the browser type and version used (2) The user’s operating system (3) The user’s Internet service provider (4) The IP address of the user (5) Date and time of access (6) websites from which the user’s system accesses our website (referrer) (7) websites that are called up by the user’s system via our website The processing of the data serves to deliver the contents of our website, to guarantee the functionality of our information technology systems, to clear up possible abusive page accesses (DoS/DDoS attacks or similar) and to optimise our website. The data of the log files are always stored separately from other personal data of the users. The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection. As a rule, we do not use the collected data for the purpose of drawing conclusions about your person. We reserve the right to do so, if necessary, in order to clarify abusive page accesses. As a rule, log files are deleted after one week, unless longer storage is or becomes necessary in individual cases for the purpose of clarifying and prosecuting abusive page accesses.

5. Analytic tools

5.1 Google Analytics

For the purpose of designing this website to meet your needs and for the continuous optimisation of this website, Hej Software GmbH uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). Users can voluntarily give their consent when accessing the site by clicking the corresponding button in the “cookie banner”. Data is also regularly transferred to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as “Google”. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures that the level of data protection is adequate even if data is processed in the USA. Google Analytics creates pseudonymised user profiles. Google uses so-called “cookies”, small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when users visit this website. Information is stored in the cookie that is related to the specific device used. This does not mean, however, that Hej Software GmbH thereby obtains direct knowledge of the identity of the visitors of this website. These cookies are deleted after 14 months. The Google Analytics cookie is used to collect and process information about the use of this website, such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server inquiry. This data is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the design of this website in line with requirements. This information may also be transferred to third parties where required by law or where third parties process this data on our behalf. Under no circumstances will the IP address of the user be merged with other data from Google. The IP addresses are regularly anonymised within the European Union or the EEA and only then transferred to the USA, so that an allocation is not possible (IP masking). Users can prevent the collection of data generated by the cookie and related to their use of the website (including the IP address) and the processing of this data by Google – even after consent has already been given – by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially in the case of browsers on mobile devices, users can also prevent Google Analytics from recording data by clicking on this [google_analytics_optout]link[/google_analytics_optout]. An opt-out cookie is set to prevent the future collection of data when visiting this website. The opt-out cookie is unique to that browser and to our site and is stored on your device. If users delete the cookies in this browser, they will need to set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).

5.2 Google Tag Manager

For the administration of the Google services used from here Hej Software GmbH uses the Google Tag Manager. The Google Tag Manager itself does not process any personal data; in this respect, the processing of personal data is carried out exclusively by means of the analysis tools described above.

6. Links and contents on pages of third parties

On the website you will find links to offers of third parties. Hej Software GmbH cannot assume any liability for these pages and the respective handling of personal data. Please note the data protection information available on these pages regarding data processing.

7. SSL-Verschlüsselung

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you send to us cannot be read by third parties.

8. Establishment and execution of contractual relationships

If you establish a contract us or act on behalf of a company or other organization that establish a contract with us, or if we contact you as a result of a contractual relationship, we may collect the following information: ● Title, first name, last name; ● a valid e-mail address; ● office address; ● telephone number (fixed and/or mobile); ● if applicable, position in the company / organization, signing authority, mandates; ● any other contractually relevant information. The collection of this data is carried out: ● in order to identify you as our customer or natural person acting on behalf of our customer or as our contact person(s); ● in order to be able to advise you as a customer appropriately; ● to correspond with you; ● for billing purposes. Pursuant to Art. 6 Paragraph 1 Letter b of the GDPR, data processing is necessary for the above-mentioned purposes in order to provide appropriate support for the customer contract and for the mutual fulfilment of obligations arising from the contract. Further processing within the framework of the execution of contracts can be found in the following sections of this data protection notice. Hej Software GmbH will also process your data if and to the extent that this is necessary to fulfil its legal obligations (Art. 6 Para. 1 lit. c GDPR). The personal data collected for the execution of the contractual relationship will therefore be stored for a period of up to ten years until the expiration of the storage and documentation obligations under German tax and German commercial law (from HGB, UStG or AO). If, in the course of the contractual relationship, it should become necessary for us to defend ourselves against liability claims, or if we should have to take action against one of our customers because of outstanding invoices, the processing of personal data necessary for this purpose is carried out on the basis of our legitimate interest in being able to defend our legal position appropriately, Art. 6 Para. 1 letter f GDPR.

9. Contact establishment and Processing of Inquiries

9.1 Contact forms on the website

On the website of Hej Software GmbH there are contact forms which can be used for reaching us electronically. Alternatively, contact can be established via the provided e-mail address. If the person concerned contacts the data controller via one of these channels, the personal data transmitted by the person concerned will be stored automatically. The storage is solely for the purpose of processing the inquiry or contacting the data subject. The data will not be passed on to third parties outside of contract processing relationships. This is the voluntary provision of personal data. Hej Software GmbH has basically taken all technical and organisational measures to ensure that this data is also secure. Nevertheless, please be very careful with the data and do not transmit sensitive data, such as your bank details, via the contact form. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 letter a GDPR on the basis of your voluntarily given consent or in accordance with Art. 6 Para. 1 letter b GDPR, insofar as the subject of your contact is a (pre-)contractual enquiry addressed to us. The personal data collected by us in the course of your contact request will be automatically deleted after completion of the request you have made, unless – in the case of (pre-)contractual requests – there is a legal obligation to retain such data or such an obligation arises from the processing of your request

9.2 Use of chatbots

Hej Software GmbH has integrated a chatbot on its website. This chatbot helps you to orientate yourself on the internet pages and to find the appropriate information about our products and services. For the use of the chatbot, functionally necessary cookies are used (see section 3 of this privacy policy). These cookies are necessary so that a chat that has been started can be continued when you reload the website or so that chats that have already been closed are no longer displayed. Also technically necessary for the use of the chatbot are the processing of your IP address or other device address or ID, the web browser and/or device type, and the date and time of use of the chat bot. Within the framework of communication with the chatbot, you have the possibility to (also) voluntarily provide personal data. In particular, you can provide your contact details if you have gained interest in our products or services. You also have the possibility to make an appointment directly with one of our employees. In this case, your data will be stored by us and processed according to the instructions in section 12 of this privacy policy. The chatbot is an application provided by Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia. Data is also regularly transferred to Pipedrive Inc, 460 Park Avenue South, 5th Floor, New York, New York 10016, USA, or Pipedrive UK, LABS House, 15-19 Bloomsbury Way, London WC1A 2TH, United Kingdom, as part of the processing described above. The companies of the Pipedrive Group are hereinafter jointly referred to as “Pipedrive”. Pipedrive has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures the adequacy of the level of data protection, even when processing data in the USA. We have entered a so-called data processing agreement (DPA), so that Pipedrive may only process your data in accordance with our instructions and not for its own business purposes (Art. 28 GDPR). The legal basis for the data processing is Art. 6 para. 1 lit f GDPR. Our legitimate interest is to offer you the most convenient use of our website and to be able to contact you directly if you are interested in our products or services. If you do not provide contact data when using the chat offer, your dialogues with the chat offer will be deleted as soon as you end your browser session. Otherwise, the storage periods are based on the information in section 12 of this privacy policy.

9.3 Making an appointment via “Youcanbook.me”

Hej Software GmbH uses the online service YouCanBook.me (YouCanBook.me Ltd., 38 Mill Street, Bedford, MK40 3HD, United Kingdom) for a simplified appointment arrangement. By using this service, data is transferred to youcanbook.me. YouCanBook.me processes the following data on behalf of Hej Software GmbH):
  • Personal data: First and last name, complete address
  • Communication data: Phone numbers, e-mail addresses
  • additional information required for the appointment
Please note that you are not obliged to use this service to make an appointment. If you do not wish to do so, please use another of the contact options offered by us to arrange an appointment. For more information, please refer to the Youcanbook.me privacy policy at https://youcanbook.me/terms. The processing of the data entered via Youcanbook.me is thus exclusively based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing procedures carried out until the revocation remains unaffected by the revocation. The data entered by you via Youcanbook.me will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after completion of the request). Mandatory legal provisions – in particular retention periods – remain unaffected. We have entered a so-called data processing agreement (DPA) with Youcanbook.me, in which Youcanbook.me commits itself to protect the data of our customers and not to pass them on to third parties.

9.4 Internal Messaging/Chat Ops with Slack

For the processing of customer inquiries Hej Software GmbH uses a service of SLACK Technologies Inc. (155 5th Street, 6th Floor, San Francisco, CA 94103 USA). If a customer contacts Hej Software GmbH by email, his email address, his customer number and possibly further information sent by Slack will be stored. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f DSGVO. If the email contact aims at the conclusion or fulfillment of the contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. We have entered a so-called data processing agreement (DPA) with SLACK, in which SLACK commits itself to protect the data of our customers and to pass them on to third parties only to a very limited extent and only with our knowledge. SLACK also processes data in the USA; SLACK has subjected itself to the EU-US Privacy Shield and thus ensures the adequacy of the level of data protection even when processing personal data in the USA (https://www.privacyshield.gov/EU-US-Framework). The processing of personal data in the context of the recording or processing of a customer inquiry serves solely to provide a targeted solution to that inquiry. For this purpose it is absolutely necessary that Hej Software GmbH can contact the respective customer.

9.5 Zendesk Ticket System

Hej Software GmbH uses Zendesk, a service provided by Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA, to record and process customer inquiries. If a customer contacts Hej Software by email with a customer inquiry, Hej Software can process this inquiry using the ticket system of Zendesk and for this purpose send the email address, customer number and any other information sent to Zendesk. The legal basis for the processing of the data, which are transmitted in the course of sending an email, is Art. 6 para. 1 lit. f DSGVO. If the email contact is aimed at the conclusion or fulfilment of the contract, the legal basis for the processing is Art. 6 para. 1 letter b DSGVO. We have entered a so-called data processing agreement (DPA) with Zendesk, in which Zendesk undertakes to protect our clients’ data and to only pass them on to third parties to a very limited extent and only with our knowledge. Zendesk also processes data in the USA; Zendesk has submitted to the EU-US Privacy Shield, thus ensuring that the level of data protection is adequate even if personal data is processed in the USA (https://www.privacyshield.gov/EU-US-Framework). The processing of personal data in the course of receiving or processing a customer inquiry is solely for the purpose of providing a solution targeted to that inquiry. For this purpose it is absolutely necessary that sipgate is able to contact the respective customer. Zendesk processes personal data in order to provide you as a user of the Hej Software with the Zendesk services, i.e. the ticket system for recording, processing and following up customer inquiries, especially support cases. The use of this data by Zendesk is limited to the purpose of providing the ticket system. The transfer of service data to third parties is limited to subprocessors. The data will be stored via the ticket system until the completion of the customer request and beyond that for the duration of the contract between the customer and Hej Software UG (limited liability) including subsequent warranty and liability periods. Mandatory legal regulations – especially retention periods – remain unaffected.

9.6 Collaboration system G Suite from Google

For our work and our internal and external communication we use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or other companies of the Google Group within the scope of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as “Google”. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures the adequacy of the level of data protection even if data is processed in the USA. We have entered a so-called data processing agreement (DPA) with Google. In the course of our work, various personal data (such as the IP address of the requesting computer, your name, your email address and other data processed by us in the course of concluding the contract or its implementation) may be stored on Google’s servers to the extent necessary for the implementation of the contract or for customer communication (e.g. e-mail, conclusion of contracts via Google Drive). The legal basis for the processing is Art. 6 para. 1 lit. b and f DSGVO. Customer contact and other various processes required in the context of implementing and fulfilling the contract. The data will be deleted insofar as they are no longer required and we are not obliged to store them due to legal obligations.

10. Use of website plugins

10.1 Google Web Fonts

On these internet web pages Hej Software GmbH uses Google Web Fonts. This enables the display of fonts. Google Web Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or other companies of the Google Group within the scope of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as “Google”. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures the adequacy of the level of data protection even if data is processed in the USA. The integration of these web fonts is done by a server call, usually via a Google server in the USA. As a result, the following may be transmitted to the server and stored by Google: ● Name of the browser used ● Browser version ● Website from which the request was initiated ● Operating system of the user ● Screen resolution of the user ● IP address of the user ● Language settings of the browser or operating system that the user uses Google assures that the collection and storage of personal data in connection with the use of Google Fonts is reduced to a minimum. In particular, no cookies are used when using Google Fonts. A combination of your data collected in the context of the use of Google Fonts will not be combined with other data stocks of Google (for example from the use of Gmail). The font files themselves are stored temporarily by Google for one year: Because millions of websites link to the same fonts, they are cached after the first website is visited and appear immediately on all other websites visited later. According to Google, this ensures that website visitors only send very few queries to Google. Google states that it sees only one CSS request per font family, per day, per browser. Google uses the font usage data in anonymized form to create statistical evaluations of the popularity of certain fonts on the Internet. You can find more information in the FAQ and in Google’s privacy policy, which can be accessed here: www.google.com/fonts#AboutPlace:about, https://developers.google.com/fonts/faq, www.google.com/policies/privacy/. The use of Google fonts is intended to make it easier for you to read our website and to make it graphically more pleasant, and is thus based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR.

10.2 Google Maps

Hej Software GmbH uses the service Google Maps on these internet pages, also an offer of Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) within the scope of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as “Google”. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures that the level of data protection is adequate even if data is processed in the USA. Google Maps provides an interactive map that allows you to easily view our locations and plan routes. By integrating this service, your data can be transmitted to Google. However, this will only happen if you have given us your prior consent to do so and have thus activated the map (Art. 6 para. 1 lit. a GDPR). If you have given us your consent and the map is displayed, Google receives the information that you have called up the corresponding subpage. In addition, further information on the use of our website (including your IP address) is transmitted to a Google server and stored there. This is done regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, the data collected when you visit our website will be directly assigned to your account. Google stores the data as user profiles and uses them for the purposes of advertising, market research and/or the design of its own offers to meet the needs of its customers. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other Google users about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right. If you do not wish to be assigned to your profile on Google, you must log out of your Google user account before giving your consent. Further information on the purpose and scope of data collection and processing by Google is contained in Google’s privacy policy, as well as further information on the relevant rights and privacy settings: http://www.google.de/intl/de/policies/privacy.

10.3 YouTube

Hej Software GmbH has integrated components of YouTube on these Internet pages and has integrated YouTube videos into the online offer. These videos are stored on http://www.YouTube.com and can be played directly from these internet pages. YouTube videos are all integrated in the “extended data protection mode”, which means that no data about the users is transferred to YouTube if they do not play the videos. Only when a user plays the videos will the following data be transmitted. In the course of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the person concerned. YouTube is another service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data are also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or other companies of the Google Group within the scope of the processing described below. Google Ireland Limited and Google LLC are jointly referred to herein as “Google”. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures that the level of data protection is adequate even if data is processed in the USA. When YouTube videos are accessed, additional information about the use of our website (including your IP address) is also transmitted to a Google server and stored there. This is done regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, the data collected when you visit our website will be directly assigned to your account. Google stores the data as user profiles and uses them for the purposes of advertising, market research and/or the design of its own offers to meet the needs of its customers. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other Google users about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right. If you do not wish to be assigned to your profile on Google, you must log out of your Google user account before giving your consent. Further information on the purpose and scope of data collection and processing by Google is contained in Google’s privacy policy, as well as further information on the relevant rights and privacy settings: http://www.google.de/intl/de/policies/privacy.

11. Registrierung/Anmeldung für Hej CTI

Hej Software GmbH will make the software Hej CTI available in such a way that data processed by means of the software can be processed within the system environment, in particular via the interfaces (APIs) to the CRM and telephony systems used by the customer according to the order and can be further processed in these systems. Due to this architecture Hej CTI also does not require the customer to register directly in the software. Rather, the software Hej CTI also accesses the CRM and telephony systems connected to the order by means of the API for the data required for registration. The data processed for this purpose is required for the proof of the right of use and thus for the processing of existing user contracts (Art. 6 Para. 1 lit. b GDPR). For technical reasons, the type and scope of the data processed via the APIs of the various systems differ in detail: Access data
  • For Salesforce, SugarCRM, Pipedrive, Hubspot, Zendesk: Access + refresh token
  • For SuiteCRM: User + password
  • For Sipgate Team: SIP access data only (if the user uses the browser phone)
This data is stored on the Hej CTI server: Data that is transferred from CRM:
  • SugarCRM + SuiteCRM: Instance URL
  • Hubspot: Account ID + company name
  • Zendesk: Account subdomain
  • Salesforce: Company ID + company name
Data about the user that is transferred from Sipgate:
  • ID, first + last name
  • E-mail addresses
  • Phone numbers 
They are used for the following purposes:
  • In user management of the portal to map the user mapping between Sipgate and CRM on the users page and in the account area
  • In the browser extension: To display names of the logged-in user and to search for other users (for calling or forwarding)
On our server and in the extension storage only the ID of the user is stored permanently, all other data is retrieved by Sipgate if needed.

12. Measures for new customer acquisition and customer care

We process the information mentioned in sections 8 and 9.2 of this privacy policy beyond the purposes mentioned there, if necessary also for the purposes of new customer acquisition or customer care. These data processing activities serve our legitimate interests in (1) contacting you with information about our products and services that you either request or that we believe may be of interest to you, and (2) in general, to maintain an existing customer relationship with you, to offer you additional products and services that may be suitable for you, and to further develop our business (Art. 6 para. 1 lit. f. GDPR). For the above purposes we use an application provided by Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia. Data is also regularly transferred to Pipedrive Inc, 460 Park Avenue South, 5th Floor, New York, New York 10016, USA, or Pipedrive UK, LABS House, 15-19 Bloomsbury Way, London WC1A 2TH, United Kingdom, as part of the processing described above. The companies of the Pipedrive Group are hereinafter jointly referred to as “Pipedrive”. Pipedrive has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, and in this way ensures the adequacy of the level of data protection, even when processing data in the USA. We have concluded an data processing agreement (DPA) with Pipedrive, so that Pipedrive may only process your data in accordance with our instructions and not for its own business purposes (Art. 28 GDPR). You have the right of objection against us addressing you in advertising and processing your data for this purpose. We will delete your data if you object to the processing for advertising purposes. Please note that we may continue to store your data after your objection has been lodged, insofar as this is necessary for our legitimate interest within the meaning of Art. 6 Para. 1 letter f GDPR in ensuring that your objection is complied with (e.g. by creating and maintaining a blacklist). More detailed information on your right of objection can be found in Section 13.3 of this Privacy Policy. Notwithstanding the above, your data will be deleted at the end of the year if a contractual relationship between you and us does not (no longer) exist and two years have passed since the last time you contacted us or had personal contact with us, unless at that time a continuing interest in a future contractual relationship is specifically foreseeable.

13. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible: You can assert all rights against the company in accordance with the contact details in point 1 or against our data protection officer in accordance with the contact details in point 2.

13.1 Data subject rights according to Art. 15 et seq. GDPR

You have the right at any time
  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision making including profiling and, where applicable, meaningful information on the details of such data;
  • in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party.

13.2 Revocation of consents granted to us

If we process personal data on the basis of your consent, you can revoke the consent you have given us at any time in accordance with Art. 7 Para. 3 GDPR. As a result, we may no longer continue to process the data which was based on this consent in the future.

13.3 Right to object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) of the GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 of the GDPR if there are reasons for doing so arising from your particular situation or if the legitimate interest is to carry out direct marketing.

13.4 Right to appeal the supervisory authority

Furthermore, you have a right of appeal to the competent supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters for this purpose.

14. Transfer of data to third parties

Principally your data will not be passed on, possible exceptions are regulated in the above points.

15. Questions and suggestions

For questions and suggestions please send us an e-mail to info[at]hej.sx