Privacy Policy

Privacy Policy

Us,

VERSO GmbH

represented by Florian Holl und Andreas Maslo
Agnes-Pockels-Bogen 1
80992 München

are operators (hereinafter referred to as “we” or “operator”) of the website “www.verso.de” (hereinafter referred to as “website”) as well as the web shop (www.verso.de/en/shop) (hereinafter referred to as “web shop”), through which products (hereinafter also the “platform”) and services (hereinafter also “services”) are offered. We are therefore responsible for the collection, processing and use of personal data within the meaning of the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the EU General Data Protection Regulation (GDPR).

We attach great importance to the principle of data economy already when collecting data. We only collect and process personal data if you have given us your consent or if the law permits or requires us to do so. In the following, we will explain what information we collect, how we use it, and what rights you have over us in relation to the use of your information:

1. Personal data

The term personal data is defined in BDSG and GDPR. It is all information relating to an identified or identifiable natural person (data subject); a natural person is considered as being identifiable if he or she can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this person. This includes, for example, your real name, address, telephone number, e-mail address or date of birth. This also includes company-related data.

2. Collecting of data when using our products

Unless otherwise stated in the following paragraphs, no personal data is collected, processed or used when using our products.

We collect the following data:

a)     When visiting our website

What personal data do we collect?

When visiting our website, our servers temporarily store every access in a log file. The following data will be collected without your intervention and will be stored on a server in a member state of the European Union by a data centre, commissioned by us, until the date of the automated deletion after a maximum of 31 days:

  • the IP address assigned to your computer,
  • Online identifiers (e.g. session ID, device ID),
  • the name and URL of the requested file,
  • Referrer URL (the previously visited page),
  • the operating system of your device,
  • Date and time of the request,
  • the browser version you use

Why do we collect this data?

This data is collected solely for statistical purposes and to allow us to trace any case of abusive behaviour. If you contact us by e-mail or contact form, we will store your e-mail address and the other information, provided by you. This is done solely for the purpose of answering you or contacting you again, if necessary, at a later date on the subject of the request.

What is the legal basis for processing this data?

According to Article 6 paragraph 1 letter b of the GDPR, the collection of personal data necessary for the performance (or facilitation) of a contract is permitted. We require the aforementioned data in order to prepare the conclusion of the contract with you and to offer you solutions that are tailored to your individual requirements and general conditions.

b)     When using our contact form

If you have any questions of any kind, we offer you the opportunity to contact us via a form provided on our website (“book demo now”). This requires you to provide your name and a valid e-mail address so that we know who the inquiry comes from and can answer it. Further information can be provided voluntarily. It is your free decision whether you want to enter these data in the contact form.

Why do we collect this data?

Your data is collected solely for the purpose of answering you or, if necessary, to contact you again at a later date regarding the subject of your inquiry.

What is the legal basis for processing this data?

The data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 Letter b) GDPR on the basis of your voluntarily given consent. We use your contact information to prepare a possible contract conclusion with you. The personal data collected by us for the use of the contact form will be automatically deleted after the completion of your request, unless they are still needed to exercise legal or (pre-)contractual rights and obligations.

c)      When ordering a newsletter

What personal data do we collect?

You have the possibility to subscribe to our newsletter. It contains information about CSR, CSR best practices, news about VERSO GmbH and CSR relevant events. For this purpose, we require a valid e-mail address from you. We also store your IP address and the date of registration.

Why do we collect this data?

Your e-mail address is only required for sending the newsletter and will only be used for this purpose. The storage of the IP address and the date of your registration is only used to prove a possible misuse of your e-mail address for the registration to our newsletter.

With whom do we share this information?

We work together with the list provider MailChimp, a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318 (“Rocket”) to send our newsletter. We have concluded a contract with Rocket for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using it. (see https://mailchimp.com/legal/data-processing-addendum/#6._International_Transfers).

The data stored during registration is transmitted to Rocket and stored by Rocket. The data entered during registration is not transmitted to other third parties. Through the processor contract with Rocket, data is sent to a so-called third country (USA), that is, a country outside the European Union. We have explained the data protection aspects of the transfer of data to third countries in a separate section at the end of this Privacy Policy (see section 9 “Data transfer to third countries”)

After registration MailChimp will send you an e-mail to confirm your registration. This is the double opt-in procedure. You will not receive the newsletter until you sign up (step 1) and click the confirmation link sent to you by MailChimp (step 2). Furthermore MailChimp offers different analysis possibilities about how the sent newsletters are opened and used, e.g. to how many users an e-mail was sent, whether e-mails were rejected and whether users have unsubscribed from the list after receiving an e-mail. However, these analyses are only carried out for statistical purposes (such as measuring the number of users to maintain the functionality of the newsletter dispatch) and are not used by us for individual evaluation.

MailChimp also uses the analysis tool Google Analytics from Google, Inc. and may include it in the newsletter. Further details about Google Analytics can be found in this privacy policy under point 5 “Cookies and web analytics services”.

For more information about MailChimp’s privacy policy, please visit: http://mailchimp.com/legal/privacy/.

We will use the personal data collected from you in the context of the e-mail newsletter exclusively internally for the optimization and delivery of the newsletter you have expressly requested. Your personal data will not be sold or passed on to third parties for advertising, market or opinion research purposes.

How can I unsubscribe from the newsletter?

If you no longer want to receive newsletters from us, you can object at any time without incurring any costs other than the transmission costs according to the basic rates. A text message to our contacts found at the end of this Privacy Policy (by, e.g. e-mail, fax, letter) is sufficient. Of course, you will also find a link to unsubscribe in every newsletter. When you unsubscribe from the newsletter, we also delete the personal data collected from you for sending out the newsletter.

What is the legal basis for processing this data?

According to article 6 paragraph 1 letter a) GDPR, the processing of your data is based on your consent. You can revoke this consent at any time and unsubscribe from the newsletter as described above.

d)     When ordering in our web shop

You can place orders via our web shop. To do so, you must register as a customer for future orders. As part of the ordering process, you will be asked for your consent to process this data.

Your personal data will be entered into an input mask, transmitted to us and stored. If you place an order via our website, we collect the following data:

  • First name
  • Last name,
  • e-mail address,
  • Address,
  • Telephone number (fixed and/or mobile)
  • Payment details

Why do we collect this data?

The collection of this data is done,

  • to be able to identify you as our customer;
  • to be able to process, fulfill and handle your order;
  • to correspond with you regarding your order;
  • for direct advertising of our own similar goods or services;
  • for billing purposes;
  • to process any warranty claims that may be made, as well as to assert any claims against you;
  • to ensure the technical administration of our website;
  • to manage our customer data.

With whom do we share this information?

If you choose to pay by “credit card”, payment will be processed by the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).

The data stored during the ordering process (name, address, credit card number, invoice amount, currency and transaction number) will be transmitted to Stripe and stored by Stripe. The data entered during the ordering process will not be transmitted to other third parties. Your data will only be passed on for the purpose of payment processing with Stripe and only to the extent that it is necessary for this purpose. Your personal data will not be sold or passed on to third parties for purposes of advertising, market or opinion research.

You will find more information about the data protection of Stripe under https://stripe.com/de/privacy#translation.

We work with “Intercom” (Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA and 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2, hereinafter “Intercom”) for the purpose of managing customer data. If data is transferred to a third country (especially the USA), we refer to section 9 of this privacy policy (data transfer to third countries).

If you order one of our products and thus have access to the VERSO platform, your e-mail address and name will be transmitted to Intercom and stored by Intercom. The above-mentioned data, which you provided when ordering, will not be transmitted to other third parties.

You can find detailed information about data protection at “Intercom” on https://www.intercom.com/de/terms-and-policies.

In addition, Intercom uses the following subcontractors to manage customer data:

Amazon Web Services, Inc. for hosting and storage purposes

Message Systems, Inc. (dba SparkPost) for the purpose of message deliverability.

If this involves data transfer to third countries, we refer to Section 9 of this Privacy Policy (Data Transfer to Third Countries).

Further details on these subcontractors can be found at https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2020-08-15.pdf and https://www.sparkpost.com/policies/privacy/.

What is the legal basis for processing this data?

The data processing is carried out upon your order and/or registration and, in accordance with Art. 6 paragraph 1 p. 1 letter b of the GDPR, is necessary for the purposes mentioned for the appropriate processing of your order and for the mutual fulfilment of obligations arising from the purchase contract.

3. Storage of your data

We store and process your personal data on rented servers in a Member State of the European Union. We, as well as our commissioned data centres, protect your information through technical and organisational security measures to minimise risks associated with loss, misuse, unauthorised access, and unauthorised disclosure and alteration of such data. For example, firewalls and data encryption are used, as well as physical access restrictions and authentication controls for data access.

We store your personal data, which is collected during a visit to our homepage (see above point 2.a) or which is entered by you when filling out the contact form (see above point 2.b), for a maximum of 31 days. We will store the data required to receive the newsletter until you have unsubscribed from the newsletter. The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention period.

4. Disclosure of data

Your personal data will only be disclosed or otherwise transmitted to third parties if this is necessary for the purpose of performance under our contractual relationship with you or if you have previously consented, except for the other cases mentioned in this privacy policy. This does not apply if there is a legal obligation to disclose or transmit data to third parties (e.g. information to certain authorities in the context of their statutory duties) or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship with you.

5. Cookies and web analytics services; right to objection
a)     Cookies

Interactions with our website are tracked using cookies and the technologies listed below to customize our website for you. Cookies are small files that are stored on your hard drive. This makes navigation easier and makes our website more user-friendly. When you use our website or our web store for the first time, we will immediately inform you of all cookies used by us and their purpose. Only if you agree to the use of cookies will cookies be stored on your hard drive. Of course you can also view our website without cookies, but a limitation of their functionality cannot be excluded. Most browsers are set up to accept the use of cookies, but this function can be deactivated for the current session or permanently by setting your Internet browser.

Cookie settings.

b)     Web analytics services

For the purpose of statistical evaluation, we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses its own cookies. In this context, text files are stored on your computer which enable an analysis of your use of the website. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. In order to prevent the personalization of this data, your IP address is made anonymous by a shortening. We are therefore unable to determine to which user an IP address can be assigned. Only in exceptional cases is the full IP address transferred to a Google server in the USA and only there is it anonymized. Google will use the information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with further services related to website and Internet use.

Google is obliged not to combine the IP address transmitted by your browser within the scope of Google Analytics with other data. You can also prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by revoking your consent and generally by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

You can also prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent future collection of your information when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de?

Insofar as data is transferred to third countries during data processing by Google Analytics and this data has not previously been anonymized, please refer to section 9 of this privacy policy (data transfer to third countries).

You can find more information about Google Analytics at

http://www.google.com/analytics/terms/de.html or

http://www.google.com/intl/de/analytics/privacyoverview.html or

https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=2790009

Please note that Google is required by law to perform these actions. We cannot accept any responsibility for Google’s compliance with these obligations.

6. Our Facebook-Fanpage

You can also contact us through our fan page at Facebook Ireleand Ltd, 4 Grand Canal Swuare, Dublin 2, Ireland, within their social network Facebook. There we also present news regarding our products and provide further product related information. In this context, Facebook may collect statistical data for us, for example by sending us statistical data on likes, comments, etc. At the same time, Facebook may also collect your personal data on its own responsibility and for its own purposes. If the data collection by Facebook is carried out for us, the basic principles listed in this privacy statement apply in particular to your rights as described in this statement. The legal basis for the processing of your personal data by us is article 6 paragraph 1 letter b) GDPR and article 6 paragraph 1 letter f) GDPR. In accordance with Article 6 Paragraph 1 Letter f) GDPR, we may process personal data if this is in our legitimate interest and does not cause you any excessive disadvantages. Our interest in the presentation of our product range and communication with you can be classified as a legitimate, predominant interest.

The collection of data by Facebook for its own purposes is carried out according to the principles established by Facebook. However, if you wish to contact Facebook in this respect, you can also contact us and we will forward your request to Facebook.

7. Rights of data subjets
  • You have the right:
  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected from me, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the same;
  • in accordance with Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
  • pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent, once granted, at any time. As a result, we may no longer continue data processing based on this consent for the future and
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6, paragraph 1, sentence 1, letter f) GDPR, you have the right to object, pursuant to Art. 21 GDPR, to the processing of your personal data if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a special situation.

In any of the above-mentioned cases as well as for further questions about the use of your personal data, please contact us:

In addition, you always have the right to lodge a complaint with the relevant data protection authority.

8. Mobile Geräte

The terms of this Privacy Policy also apply to mobile access and use of mobile devices.

9. Data Transmission to third countries

If the data processing described in this data protection declaration involves the transfer of data to third countries outside the European Union, your data will only be transferred if a so-called adequacy decision by the European Commission (Article 46 GDPR) exists. In this case, the EU Commission confirms that a level of data protection comparable to that of the EU exists in the third country. We also use so-called standard contractual clauses of the EU Commission and internal data protection agreements to protect your data when it is transferred to third countries.

If these options are not sufficient to protect your data when it is transferred to a third country, we will only transfer your data to a third country if you have given your consent in accordance with Article 49 of the GDPR and have informed us of the risks involved. In the case of data transfers to the USA, we therefore draw your attention in particular to the existing risk that a level of data protection comparable to that in the EU may be made more difficult, in particular because authorities in the USA (above all secret services and security agencies) may access your data. You may not be able to assert your data subject rights with the same efficiency as within the EU.

Article 49 of the GDPR also allows data to be transferred to a third country if this transfer is necessary to fulfill the contract. Should we resort to a transfer to a third country for this reason, we would like to point out that the risks mentioned above (e.g. in the USA) also exist in this case.