Data Protection Information

Effective Date 01/06/2022
Download icon

Playbook GmbH
Data protection information

Your privacy and the protection of your personal data is important to us. With this Data Protection Information, we inform you about the processing of personal data in connection with the use of the Playbook website as well as about your existing data protection rights.

1. Who we are and how you can contact us
We as Playbook GmbH are responsible for handling your personal data when you visit the Playbook website and interact with us over the website:

Address
Playbook GmbH
Urbanstraße 71
10967 Berlin

Email
hello@playbk.io

Represented by its Managing Director Louis Buys, business address ibid.

Commercial Register: AG Charlottenburg (Berlin) HRB 226474 B

hereinafter: “Playbook”, “we”, “us”, “our”.

Should you have any questions regarding the processing of your personal data by us and the associated rights as well as other data protection notices and suggestions, you can contact our data protection officer at any time in confidence by e-mail to dpo@playbk.io or by mail to the above postal address, using the reference "Data Protection Officer".

2. Personal data – information that relates to you
While visiting the Playbook website, we rely on the handling of personal data to make our site available and be able to interact with you. Personal data can be information that directly identifies you, such as your name. In addition, information, which only makes you identifiable together with further details, is also personal data (e.g. your IP address). We classify the personal data that we process from you in the following categories:

Category of personal data

Details

Access Data

Access data is information that is necessary to enable the use of our webpages and online services. This includes in particular:Browser type and browser version, used operating system, Internet Service Provider, IP address of the requesting device, Date and time of the server request, website from which our website is accessed (referrer URL), websites that are accessed by your system through our website.

Master Data

Master data is information about you that is required to identify you and, if necessary, to contact you.This includes the following information:Name and surname, address, e-mail address, phone number.

Log Data

Log data is information that is used to record certain actions on our websites. Log data is collected to ensure the security and integrity of the website and to document and assign certain actions for reasons of legal security.This includes the following information:Date and time of an operation, IP address of the device used to perform a specific action.

2. What we use your personal data for

2. 1 When you visit our website
When you access the website, Access Data is sent automatically from your browser to the server of our website. This is necessary to ensure a smooth connection of the website and a comfortable use of the website and to ensure and optimize the security and stability of the system. The legal basis for data processing is Art. 6 (1) lit. f GDPR, whereby our legitimate interest results from the need to present our website to you in a functional manner in accordance with your expectations.

2.2 When you contact us over the website 
Insofar as we offer you the possibility to contact us via a form provided on the website or book a demo, it is necessary for you to provide your name and email address (Master Data) in order to respond to your contact inquiry. You may provide further information (optional), such as company details and phone number. Any communication content will only be processed for the purpose of handling your request.The legal basis for data processing when contacting us is a legitimate interest according to Art. 6 (1) lit. f GDPR; our legitimate interest lies in answering and processing your request, for which the temporary storage of data is also necessary. If you contact us for the purpose of initiating a contract (e.g. product inquiry), the legal basis is the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR.We regularly delete personal data that we collect from you in connection with a contact request as soon as your request has been processed. For more information on the storage period, please refer to section 5 of this data protection information.

2.3 Commercial communication via emailRegistration
We offer you the possibility to enter your contact data (Master Data) on the website so that we can contact you in the future with information about current products, services and promotions of Playbook (e.g. product updates, events etc.). Signing up to receive advertising and information by email is in principle done using what is known as a double opt-in process. This means that after subscription you will receive an email in which you are asked to confirm your subscription. This is necessary so that no one can register with other people's email addresses.If you are contacted by email or telephone, the legal basis for the data processing is your consent in accordance with Art. 6 Para. 1 lit. a, 7 GDPR, which we obtain separately from you. If the commercial communication is made by mail, the legal basis is our legitimate interest according to Art. 6 (1) lit. f GDPR, whereby our legitimate interest results from the recognized goal of promoting the sale of products and services through advertising by mail.

Right to withdraw consent and right to object
You have the right to withdraw any consent given at any time with effect for the future (e.g. via an unsubscribe link provided in every advertising email). If data processing is made for direct marketing purposes, you may object to the processing at any time with effect for the future. If you object, your data will no longer be processed for these advertising purposes.

Logging
Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address (Log Data). Likewise, changes to your data stored with the dispatch service provider are logged.The legal basis for the processing of access data for logging purposes is a legitimate interest pursuant to Art. 6 (1) f GDPR, which arises from the need to properly document and, if necessary, prove the declarations made and actions taken.

3. Cookies
We do not use cookies for the use of our website. 

4. With whom we share your personal data

External service providers
In some cases, we rely on external service providers to provide our website for use. Below are the service providers that we have engaged and with whom we have a non-temporary business relationship:

Recipient

Address

Service

Matomo Analytics

ePrivacy Holding GmbH
Große Bleichen
2120354
Hamburg
Germany

Supply of an online-based software solution for cookieless and anonymous analytics of website information

The Delta Europe GmbH

Bächaustrasse 32
8806 Bäch, Schwyz
Switzerland

Maintenance and technical Support for the Website

Webflow, Inc.

398 11th St
San Francisco
USA

Website hosting

Sendinblue GmbH

Köpenicker Str. 126
10179 Berlin
Germany

Email and digital marketing campaign management

Other Recipients

Your personal data may be transferred to other recipients, such as public authorities in order to comply with statutory notification obligations (e.g. social security institutions, tax authorities or law enforcement agencies) or to other companies in connection with company transactions or restructuring (e.g. for due diligence, transfer of business).

Conditions under which data is transferred outside the European Union, Switzerland and the European Economic Area

To the extent necessary to pursue the processing purposes described above, we may transfer your personal data to service providers as data processors according to Art. 28 GDPR in the United States of America ("US”) and South Africa (SA). Regarding the transfer to the US and SA, there is no adequacy decision by the European Commission within the meaning of Art. 45 (1) GDPR. Therefore, we together with the service providers have concluded EU standard data protection clauses in accordance with Art. 46 (2)(c) GDPR. You may request a copy of these agreements from our data protection officer (for contact details, refer to section 1 of this data protection information).

5. How we determine for how long we store your personal data
Insofar as no explicit storage period is specified in this data protection information, personal data will be stored for as long as is necessary for the specified purposes or the fulfillment of our legal obligations.In all other respects, the storage period shall be governed by the legal retention periods, for example according to commercial and tax law. At the latest, after expiry of these periods, the data stored and retained by us will be deleted, unless further storage is necessary in exceptional cases.

6. TLS encryption
For security reasons and to protect the transmission of confidential content, such as data within contact requests, our websites use TLS encryption. The establishment of transport encryption is a recognized standard in the network, above all to prevent unauthorized persons from accessing personal data.You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If TLS encryption is activated, third parties cannot read the data that you transmit to us.

7. Cases in which you have the right to object to the use of your personal data
You may object to the processing of your data on grounds relating to your particular situation, insofar as we process them for our legitimate interest according to Art. 6 (1)(f) GDPR. In the event of objection, we shall refrain from any further processing of your data unless it is necessary for overriding, compelling or legitimate reasons or for the assertion, exercise, or defense of legal claims. Insofar as we process your data on the basis of Art. 6 (1) (f) GDPR for direct marketing purposes, you may object to this processing at any time without stating reasons; this also applies to profiling, insofar as it is associated with direct marketing. If you object to processing for direct marketing purposes, we will no longer use your personal data for these purposes. If you wish to exercise your right of objection, please contact our Data Protection officer or us. The contact details can be found under section 1 of this data protection information.

8. Further rights you have
In addition, you have the right to obtain information about your personal data processed by us at any time under the conditions of Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right of rectification, deletion, limitation of the processing or opposition to the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details.Within the scope of your right to information, you may request a copy of your personal data. Data copies are generally made available in electronic form unless you have indicated otherwise. The first copy is free of charge for you, for further copies a reasonable fee may be charged. The provision shall be subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy.Under the conditions of Art. 16 GDPR, you may immediately request the correction of incorrect or incomplete personal data stored by us.In addition, under the conditions of Art. 17 GDPR, you may, in principle, request the deletion of your personal data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.Pursuant to Art. 18 GDPR, you may also demand that the processing of your personal data be restricted if you dispute the accuracy of the personal data stored by us or if you have objected to the processing pursuant to Art. 21 GDPR. In this case, we have to limit processing of your data for the duration of the examination of your request. You can also demand the restriction if the processing is unlawful, but you refuse to have your data deleted or you need your data stored with us to assert, exercise or defend legal claims.Under the conditions of Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or, as far as technically feasible, to request the transfer directly to another responsible person. This right to data transfer exists only if the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and is carried out by automated means. The restrictions of Art. 20 (3) and (4) GDPR must be considered.If we process data based on a consent given by you, you are also entitled to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This also applies to declarations of consent issued to us before the GDPR came into force, i.e. before 25 May 2018.Your withdrawal means that we will not continue the data processing, which until then was based on this consent, for the future.Please contact our Data Protection Officer regarding your data protection rights. The contact details can be found under section 1 of this data protection information.

9. Your right to lodge a complaint with a supervisory authority
If you are of the opinion that the processing of your personal data by us violates the provisions of data protection law, you also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, workplace or place of presumed infringement, pursuant to Art. 77 GDPR. The competent supervisory authority for Playbook in Berlin, Germany is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany
Phone: +49 (0) 30 13889-0
Email: mailbox@datenschutz-berlin.de
Status: June 2022