This data protection guideline clarifies for users the nature, scope and purposes of the collection and use of personal data by the person responsible from a data protection perspective, Sweap Development GmbH, Rankestraße 9, 10789 Berlin, registered with the Charlottenburg Local Court under HRB 174234 B, represented by the managing directors Florian Kühne, Matthias Heicke and Sven Frauen ("Sweap" or "we/us/our") as the operator of a website and associated sub-domains at sweap.io ("Sweap website") and the associated mobile application 'Sweap Guest List' ("APP"). We offer SaaS software via the Sweap website or APP in accordance with separate terms and conditions and associated services (collectively the "Offer").
The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("Basic Data Protection Regulation", DSGVO) as well as in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
1 What are personal data? How does Sweap use the data of website visitors or users of the Sweap website or APP offer? What are the legal bases for processing the data?
Personal data and consent Personal data is any information relating to an identified or identifiable natural person (i.e. "data subject"); a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data includes, for example, name, e-mail address or telephone number. But also data about hobbies, memberships or which websites have been viewed by someone are considered personal data.
Personal data is only collected, used and passed on by us if this is permitted by law or if the users agree to the collection of data.
Consent is any voluntary, informed and unequivocal expression of will in the specific case, in the form of a statement or other unambiguous affirmative act by which the data subject indicates his or her consent to the processing of personal data relating to him or her.
Visit the Sweap website We (or the web space provider) collect data about every visit to the Sweap website (so-called server log files) ("access data"). These access data include:
Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider and additionally when using a mobile device:
Country code, language, device name, name of operating system and version.
We only use this access data for statistical evaluations for the purpose of operating, security and optimising our services on the Sweap website. However, we reserve the right to check this access data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. The storage of this data is then carried out against the background that only in this way can the misuse of our offer be prevented and, if necessary, this data can be used to clarify crimes committed. To this extent, the storage of this data is necessary to protect the person responsible for us as the data controller. As a matter of principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.
Data when registering and using our services on the Sweap website or APP If the user registers on the Sweap website and creates a customer account, the following personal data is collected and stored by the user ("registration data")
First name and surname, e-mail address, telephone number, mobile number if applicable.
The user can manage this data at any time under 'Settings' in the menu.
The registration data entered as part of the registration process and any further profile data provided will be used via the Sweap website and with our support only to the extent that this processing is necessary for the fulfilment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Sweap website, and for the execution and processing of the user's enquiries.
Creation of individual user accounts on the Sweap website or APP
If a user has successfully purchased a software package from us as a "Customer", the Customer can "activate" individual persons as users when using the Sweap website or APP associated services. This means that the Customer wishes to grant access authorisations to individual persons, which the activated user can then carry out online or by using the APP ("activation").
In order to activate persons, the Customer shall provide the data (such as the e-mail address) of the individual persons, whereby the Customer assures us that the respective express consent of the person concerned has been obtained with regard to the transmission of the data to us for the purpose of activation.
The data collected in the course of activation will be used via the Sweap website or APP and with our support for the purposes of using the service.
When contacting us (for example by email), the user's details are stored for the purpose of processing the enquiry and in the event that follow-up questions arise.
Newsletter With the newsletter we inform the user about us and our offers.
For the registration to the newsletter only the email address is needed. If the user registers for the newsletter, his email address is transferred to us or to the mail provider we have to name and stored there. After registration, the user will receive an email to confirm the registration ("double optin").
When registering for the newsletter, the IP address, the device name, the mail provider and the date of registration with us or with our mail provider Mailjet SAS, up to rue de l'Aubrac, 75012 Paris, France, is also stored. This storage serves only as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the entitled person.
The user can revoke his consent to the storage of data, the email address and its use for sending the newsletter at any time. The revocation can be made free of charge (except for the transmission costs) via a link in the newsletter itself or by informing us or, if applicable, the mail provider directly via the above contact options.
Legal bases of the processing of data The processing of data when using our offer is generally based on the legal basis of Art. 6 (1) b. DSGVO, i.e. the data are processed because they are necessary for the fulfilment of the contract between you and us or for the implementation of pre-contractual measures which are carried out at your request.
Furthermore, data processing by us, for example in the case of newsletters, can be based on Art. 6 (1) a. DSGVO if you have given your consent to the processing of personal data relating to you for specific purposes.
Furthermore, in special cases we may process your data on the basis of Art. 6 (1) c. DSGVO if processing is necessary to fulfil a legal obligation to which we or other responsible parties are subject or on the basis of Art. 6 (1) e. DSGVO if processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to us or the responsible party.
In addition, the legal basis from Art. 6 (1) f. DSGVO - for example in the case of the collection of data when you visit the Sweap website or the transmission of data to our shareholders and service providers - is relevant if the processing is necessary to protect our legitimate interests or those of a third party and your interests or fundamental rights and freedoms that require the protection of personal data do not outweigh the processing. A legitimate interest exists, for example, if there is a relevant and appropriate relationship between you (or the data subject) and us (or the person responsible), for example if the data subject is our customer or user of a service or is in his services.
We further refer to the respective explanations in the description of the processing operations in this data protection policy.
No profiling and automated decision making
When using our offer, no "profiling" or automated decision making by us takes place; however, in individual cases such profiling may be carried out by third party providers used by us, whereby we refer to this in this data protection guideline as far as possible.
2. Will data be passed on to third parties?
Data will only be transferred if we are legally authorised or obliged to do so, the person concerned has effectively given his or her consent and has not revoked it, or if this is necessary to enforce our rights.
3. Which third party services and offers and cookies are used?
Integration of third-party services and content
It is possible that third-party content, such as videos from YouTube and Vimeo, map material from Google Maps, RSS feeds or graphics from other websites may be integrated within the offer. This always presupposes that the providers of these contents (hereinafter referred to as "third-party providers") are aware of the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore necessary for the display of these contents. As far as possible, we will only use such content whose respective third-party providers use the IP address only to deliver the content and point this out accordingly. However, we have no influence on whether the third-party providers store the IP address for statistical purposes, for example. As far as we are aware of this, the users will be informed about it.
When the user visits the Sweap website, so-called session cookies are used, which are automatically deleted from the user's hard drive as soon as the user closes the browser window. The session cookies are required to assign successive page impressions to the respective users who access the platform at the same time.
We use Google Analytics, a web analytics service provided by Google Inc, Mountain View, CA, USA ("Google"). Google Analytics uses so-called "cookies", text files which are stored on the user's end device and which enable an analysis of their use of the offer. The information generated by the cookie about the use of the website by the user, such as browser type/version; operating system used; referrer URL (the previously visited page); host name of the accessing computer (IP address); time of the server enquiry when using the website is generally transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on the Sweap website or APP, the IP address of Google users within member states of the European Union or in other states which are party to the Agreement on the European Economic Area is shortened beforehand. The full IP address is therefore not transmitted to a Google server in the USA and is shortened there. IP anonymisation is active on the Sweap website or APP. On our behalf, Google will use this information to evaluate the use of the Sweap website or APP by users, to compile reports on website activities and to provide us with further services associated with the use of the offer and the Internet. The IP address transmitted by the user's browser within the framework of Google Analytics is not combined with other Google data. Users can prevent the storage of cookies by adjusting the settings of their browser software accordingly; however, users are advised that in this case they may not be able to use all the functions of the Sweap website or APP to their full extent. Users can also prevent the collection of data generated by the cookie and relating to their use of our website (including the IP address) from being sent to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout?hl=de. Nähere Informationen finden sich außerdem in den Bestimmungen zum Datenschutz von Google: http://www.google.de/policies/privacy
This website uses the web analytics service Fathom. Fathom does not use "cookies" and does not store any personal information about you.
Social Plugins We are connected via "social plugins" to various social networks, namely Facebook, Twitter and Instagram.
These social plugins are deactivated without user intervention and therefore no data is transmitted. For example, if a user wishes to share content, he or she must first click on the relevant button on the Sweap website or APP. If the user is logged into the relevant social network in his user profile, once the button has been activated the user will not be able to link the visit to the Sweap website or APP until he clicks on the button again, e.g. using the 'Share' function. The user can of course deactivate this function at any time and manage it within the Sweap website or APP under 'Settings'.
If the user does not wish the social networks to collect data about the Sweap website or APP, he should log out of the Sweap website or APP before visiting it. However, if the relevant button is activated by clicking it, cookies with an identifier will still be set each time the Sweap website or APP is accessed. This function may therefore be used to collect data and to create a profile that may be attributable to a single person (in the sense of "profiling"). If the user does not wish to do this, he can deactivate the corresponding link on the Sweap website or APP by clicking on it. The user can also set his or her browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the Sweap website or APP may be restricted.
Facebook Pixel We use "Facebook Pixel" on our website, a service of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: "Facebook").
Provided you have given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting advertisements on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements.
As a transfer of personal data to the USA takes place, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.
In order to be informed immediately if there are problems or crashes with one of our services or offers, we use the tool Crashlytics as an offer from Google Inc, Mountain View, CA, USA ("Crashlytics"). No personal data is transmitted. Only real-time crash reports with exact details of code locations and device information are sent. You can find more information on data protection at Crashlytics here: https://try.crashlytics.com/terms/privacy-policy.pdf
Cookie Consent with Usercentrics This website uses Usercentrics' cookie-content technology to obtain your consent to the storage of certain cookies on your terminal device and to document this in a manner consistent with data protection. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, Website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transferred to Usercentrics:
Your consent(s) or the revocation of your consent(s)
Your IP address
Information about your browser
Information about your end device
Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie itself or the purpose for which the data is stored no longer applies. Mandatory statutory storage obligations shall remain unaffected.
YouTube with enhanced data protection
This website incorporates videos from YouTube. The operator of the site is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the enhanced privacy mode does not necessarily exclude the sharing of information with YouTube partners. For example, YouTube connects to the Google DoubleClick network whether or not you are watching a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your surfing habits directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your terminal device until you delete them.
Once a YouTube video has started, it may trigger further data processing operations over which we have no control.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Typeform This is a service for online form creation and online surveys.
1. Participation in surveys We conduct online surveys on viral events and other relevant topics from the event industry to collect data for e.g. reports. If you participate in one of our online surveys, we process personal data of the participants and their answers. The legal basis for the processing of your personal data within the scope of the survey is your given consent according to Art. 6 para. 1 sentence 1 DSGVO. You can revoke your given consent at any time with effect for the future by e-mail to email@example.com.
2. Sending the results of our survey and newsletter After completing the survey, you will have the opportunity to enter an e-mail address to be informed about the results of the survey and to receive further information about our offers and products. We use the so-called double opt-in procedure to send the results of the survey and our newsletter. This means that we will only send you the results of the survey and our newsletter by e-mail if you have expressly confirmed to us that you agree to the dispatch. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive the results of the survey and future newsletters. With the confirmation, you give us your consent in accordance with Art. 6 Par. 1 S. 1 lit. a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch. You can revoke any such consent granted at any time with effect for the future by sending an e-mail to firstname.lastname@example.org.
4. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of complaint
Right of access to information
Every user has the right to receive information about the personal data stored about him/her at any time and free of charge. For this information the user can contact email@example.com.
This right of access includes confirmation of whether personal data relating to the data subject is being processed and, if so, the following information:
The purposes of the processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations; if possible, the envisaged duration for which the personal data will be kept or, if that is not possible, the criteria for determining that duration DSGVO) and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
In particular, the right to information does not exist if the data is stored only because it may not be deleted due to legal or statutory storage regulations, or if it is used exclusively for the purposes of data security or data protection control and the provision of information would require a disproportionate effort, and if processing for other purposes by appropriate technical and organisational measures is excluded.
Every user has the right to revoke his or her consent to the use, processing or transmission of his or her data to us at any time in writing or by email. For this purpose the user can contact firstname.lastname@example.org.
In the event of revocation, we will no longer process the user's stored data and will delete it immediately. This does not apply if compelling reasons for processing worthy of protection can be proven, if the interests, rights and freedoms of the users outweigh the data or if the processing serves to assert, exercise or defend legal claims.
We will therefore continue to use this data, for example, if it is still necessary for the processing of the contractual relationship.
Correction and completion of data
The user or person concerned has the right to ask us to rectify any incorrect personal data relating to him/her without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact email@example.com.
Deletion ("right to be forgotten")
The user has the right to have personal data stored by us deleted immediately. For this purpose the user can contact firstname.lastname@example.org.
Immediate deletion takes place in the following cases:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing;
The data subject objects to the processing and there are no overriding legitimate reasons for processing; the personal data have been processed unlawfully
The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject;
The personal data were collected directly from a child under the age of 16 or without parental responsibility consent in relation to Information Society services provided.
Upon termination of the user relationship, the user's data in the internal database is regularly deleted. Data is excluded from deletion if, for example, processing of the data is necessary for the assertion, exercise or defence of legal claims; for example, the processing of the contract with Sweap (see also point V. below) or if deletion is prevented by legal retention periods.
Furthermore, the data will not be deleted if this is necessary (i) to fulfil a legal obligation which requires processing under the applicable law or to perform a task in the public interest or in the exercise of official authority vested in the controller; (ii) to exercise the right to freedom of expression and information; (iii) for reasons of public interest in the field of public health; or (iv) for archiving, scientific or historical research or statistical purposes in the public interest where the right of deletion is likely to make the attainment of the objectives of such processing impossible or to seriously prejudice it.
Similarly, in the case of non-automated data processing, erasure need not take place if, owing to the particular nature of the storage, it would not be possible or would involve a disproportionate effort and the data subject's interest in obtaining erasure is considered to be minimal. Deletion is then replaced by the restriction of processing.
Furthermore, we restrict processing and do not delete the data for as long as we have reason to believe that deletion would adversely affect your interests or those of the data subject worthy of protection. We will inform you or the data subject about the restriction of processing unless the information proves impossible or would require a disproportionate effort.
See also the following point "Restriction of processing" and point 5. below.
Restriction of processing
You also have the right to request that the processing be restricted. For this purpose you can contact email@example.com. You can only successfully enforce the right to restrict processing if one of the following conditions is met:
the accuracy of the personal data is contested by the data subject, for a period of time which allows the controller to verify the accuracy of the personal data
the processing is unlawful and the data subject requests their erasure
who rejects personal data and instead demands the restriction of the use of personal data;
the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
the data subject has lodged an objection to the processing as long as it has not been established that the controller's legitimate reasons outweigh those of the data subject
In the event that you have obtained a restriction on processing, you will be notified by us accordingly before the restriction is lifted.
A restriction of processing can also be applied in certain cases instead of deleting the data. See in particular the above point "Deletion ("right to be forgotten")".
Right to data transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. For this purpose you can contact firstname.lastname@example.org.
You also have the right to have these data communicated to another controller without hindrance by the controller to whom the personal data have been made available, provided that the processing is based on consent or on a contract to which the data subject is a party and that the processing is carried out using automated procedures.
In exercising your right to data transfer, you have the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.
This right does not apply to the extent that the rights and freedoms of other persons are prejudiced or to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of appeal
Every user has a right of appeal to a supervisory authority of his choice. The supervisory authorities in Germany are the competent (data protection) authorities under the respective laws of the Länder.
5. Duration of storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary to implement the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.
In the case of longer-term contractual relationships, such as when using our services, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to inventory data, to the statutory storage periods (including those in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO)).
Criteria for the storage period include whether the data is still up-to-date, the contractual relationship with us still exists or whether an enquiry has already been processed or a process has been completed or not and whether legal retention periods for the personal data concerned are relevant or not.
6. Data security, scope of application
Data security For the best possible protection of the user's data, the SweapWebsite or APP is offered via a secure SSL connection between the user's server and the browser, i.e. the data is transmitted in encrypted form.
Data when using our offer is stored on servers within the European Union (EU), subject to other information being sent to the user. We use the server provider IBM Deutschland GmbH, IBM-Allee 1, 71139 Ehningen, Germany with the service IBM Cloud in the data centre in Frankfurt (Germany) and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany with data centre locations in: Nurnberg, Falkenstein (Germany) ̈ who process the data on our behalf.
We expressly draw the user's attention to the fact that data protection and data security for data transmissions in open networks such as the Internet cannot be fully guaranteed under the current state of technology. The user is aware that the provider may, from a technical point of view, view the website stored on the web server and possibly also other user data stored there at any time. The user himself is fully responsible for the security and protection of the data transmitted by him to the Internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorised access by third parties.
7. Person responsible and contact person for data protection
Controller as the natural or legal person, authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data, who is the Sweap website or APP
Sweap Development GmbH
Company headquarters: Berlin Register court: Local court Berlin - Charlottenburg Registration number: HRB 174234 B
Represented by the managing directors:
If you have any questions regarding the collection, processing or use of personal data, or if you wish to exercise your rights (e.g. information, correction, deletion of data and revocation of consents granted), please contact us using the contact details given above.
If you have any questions regarding the collection, processing or use of personal data, or if you wish to exercise your rights (e.g. information, correction, deletion of data and revocation of consents granted), please contact us using the contact details given above.