Privacy Policy

We appreciate your interest in our company. Data protection is of particular importance to VIVALU GmbH. In principle, the use of VIVALU GmbH’s websites is possible without providing any personal data. However, if a data subject wishes to use specific services offered by our company via our website, the processing of personal data may become necessary. Where the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the data subject’s consent.

The processing of personal data—such as a data subject’s name, address, email address, or telephone number—shall always be carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to VIVALU GmbH. By means of this Privacy Policy, our company would like to inform the public about the nature, scope, and purpose of the personal data collected, used, and processed by us. In addition, this Privacy Policy informs data subjects of their rights.

VIVALU GmbH, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions may in principle have security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, any data subject is free to transmit personal data to us via alternative means, for example by telephone.

This is the Privacy Policy for the corporate website of VIVALU GmbH. The Privacy Policy relating to VIVALU’s online marketing activities can be found here: vivalu.com/privacy-policy-for-online-advertising

1. Definitions
VIVALU GmbH’s Privacy Policy is based on the terminology used by the European legislator when adopting the GDPR. Our Privacy Policy is intended to be easy to read and understand for the public, as well as for our customers and business partners. With regard to the terms used—such as “personal data” and “processing”—we refer to the definitions set out in Article 4 GDPR.

2. Name and Address of the Controller
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

VIVALU GmbH
Zollhof 6
40221 Düsseldorf
Germany
Tel.: +49 211 7817520
Email: contact@vivalu.com
Website: www.vivalu.com

3. Name and Address of the Data Protection Officer
The Data Protection Officer of the controller is:

Kia Zolfaghari
VIVALU GmbH
Zollhof 6
40221 Düsseldorf
Tel.: +49 211 78175212
Email: kzo@vivalu.com
Website: www.vivalu.com

Any data subject may contact our Data Protection Officer at any time with questions, suggestions, or concerns relating to data protection.

4. Collection of General Data and Information
Each time a data subject or an automated system accesses the VIVALU GmbH website, a series of general data and information is collected. This general data and information is stored in the server log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subpages accessed on our website via an accessing system, (5) the date and time of access, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using such general data and information, VIVALU GmbH does not draw any conclusions about the data subject. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and any advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the necessary information in the event of a cyberattack. Therefore, these anonymously collected data and information are evaluated by VIVALU GmbH both statistically and with the aim of increasing data protection and data security within our company in order to ensure an optimal level of protection for the personal data we process. The anonymous server log file data is stored separately from any personal data provided by a data subject.

5. Cookies
VIVALU GmbH’s websites use cookies. Cookies are text files that are stored on a computer system via an internet browser.

By using cookies, VIVALU GmbH can provide users of this website with more user-friendly services that would not be possible without the setting of cookies. The purpose of this recognition is to facilitate the use of our website.

The data subject may, at any time, prevent the setting of cookies by our website by means of a corresponding setting of the internet browser used, and may thereby permanently object to the setting of cookies. Furthermore, cookies that have already been set may be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the browser used, not all functions of our website may be fully available.

6. Subscription to Our Newsletter
The VIVALU GmbH website offers users the opportunity to subscribe to our company newsletter. Which personal data is transmitted to the controller when subscribing to the newsletter results from the input form used for this purpose.

VIVALU GmbH informs its customers and business partners at regular intervals by means of a newsletter about company offers. In principle, a data subject may only receive our newsletter if (1) the data subject has a valid email address and (2) the data subject registers for newsletter distribution. For legal reasons, a confirmation email is sent to the email address initially provided by the data subject for newsletter distribution using the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address has authorized receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace the (possible) misuse of a data subject’s email address at a later date and therefore serves the legal protection of the controller.

The personal data collected as part of newsletter registration is used exclusively for sending our newsletter. In addition, newsletter subscribers may be informed by email if this is necessary for operation of the newsletter service or registration thereto, such as in the event of changes to the newsletter offering or changes in technical circumstances. No personal data collected as part of the newsletter service will be disclosed to third parties. The data subject may cancel the newsletter subscription at any time. Consent to the storage of personal data given by the data subject for newsletter distribution may be revoked at any time. For the purpose of revoking consent, each newsletter contains a corresponding link. It is also possible to unsubscribe from newsletter distribution directly on the website of the controller at any time, or to inform the controller of this in another way.

7. Newsletter Tracking
VIVALU GmbH newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in HTML-format emails to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, VIVALU GmbH can determine whether and when an email was opened by a data subject and which links contained in the email were accessed by the data subject.

Such personal data collected via tracking pixels contained in newsletters is stored and evaluated by us in order to optimize newsletter distribution and to better tailor the content of future newsletters to the interests of the data subject. This personal data is not disclosed to third parties. Data subjects are entitled at any time to revoke their separate declaration of consent provided via the double opt-in procedure. Following revocation, this personal data will be deleted by the controller. Unsubscribing from receiving the newsletter is automatically interpreted by VIVALU GmbH as a revocation.

8. Contact Options via the Website
Due to legal requirements, the VIVALU GmbH website contains information enabling quick electronic contact and direct communication with us, including a general email address. If a person contacts us by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject is stored for the purpose of processing the inquiry or contacting the data subject. This personal data is not disclosed to third parties.

The personal data we collect for use of the contact form is automatically deleted once your inquiry has been processed.

9. Rights of the Data Subject
Any person affected by the processing of personal data has the rights granted by the European legislator as set out below.

If a data subject wishes to exercise any of the rights listed below, they may contact our Data Protection Officer at any time.

a) Right to confirmation
The data subject has the right to request confirmation as to whether personal data concerning them is being processed.

b) Right of access
The data subject has the right to obtain, free of charge, information about the personal data stored about them and a copy of such information. Furthermore, the data subject has the right to obtain information about:

• the purposes of processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data has been or will be disclosed;
• the envisaged period for which the personal data will be stored;
• the existence of the right to rectification, erasure, restriction of processing, or to object;
• the existence of the right to lodge a complaint;
• the source of the data, where the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling.

c) Right to rectification
The data subject has the right to request the immediate rectification of inaccurate personal data concerning them. They also have the right, taking into account the purposes of processing, to request completion of incomplete personal data, including by means of a supplementary statement.

d) Right to erasure (“right to be forgotten”)
The data subject has the right to request the immediate erasure of personal data concerning them where one of the following grounds applies and insofar as processing is not necessary:

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• the data subject withdraws consent on which the processing was based under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR and there is no other legal basis;
• the data subject objects to the processing under Art. 21(1) GDPR and there are no overriding legitimate grounds, or objects under Art. 21(2) GDPR;
• the personal data has been unlawfully processed;
• erasure is necessary for compliance with a legal obligation under Union or Member State law;
• the personal data was collected in relation to the offer of information society services under Art. 8(1) GDPR.

If VIVALU GmbH has made the personal data public and is obliged under Art. 17(1) GDPR to erase the personal data, VIVALU GmbH shall take reasonable measures, including technical measures, taking account of available technology and implementation costs, to inform other controllers processing the published personal data that the data subject has requested the erasure of any links to, or copies or replications of, such personal data, insofar as processing is not required.

e) Right to restriction of processing
The data subject has the right to request restriction of processing where one of the following applies:

• the accuracy of the personal data is contested, for a period enabling verification;
• processing is unlawful and the data subject opposes erasure and requests restriction instead;
• the controller no longer needs the data for processing purposes, but the data subject needs it for legal claims;
• the data subject has objected under Art. 21(1) GDPR and it is not yet determined whether the controller’s legitimate grounds override those of the data subject.

f) Right to data portability
The data subject has the right to receive the personal data concerning them which they have provided to a controller in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance, where processing is based on consent under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract under Art. 6(1)(b) GDPR and processing is carried out by automated means, provided the processing is not necessary for a task carried out in the public interest or in the exercise of official authority.

Furthermore, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

g) Right to object
The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

VIVALU GmbH shall no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds overriding the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

Where VIVALU GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects, VIVALU GmbH will no longer process the personal data for these purposes.

The data subject also has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them for scientific or historical research purposes or statistical purposes under Art. 89(1) GDPR, unless the processing is necessary for a task carried out in the public interest.

To exercise the right to object, the data subject may contact any employee of VIVALU GmbH. The data subject is also free to exercise the right to object in connection with the use of information society services by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

h) Automated individual decision-making, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision:

1. is necessary for entering into, or performance of, a contract between the data subject and the controller; or
2. is authorized by Union or Member State law and such law provides suitable safeguards; or
3. is based on the data subject’s explicit consent.

Where the decision is necessary for a contract or based on explicit consent, VIVALU GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention, to express their point of view, and to contest the decision.

i) Right to withdraw data protection consent
The data subject has the right to withdraw consent to the processing of personal data at any time.

10. Data Protection in Applications and the Application Process
The controller collects and processes applicants’ personal data for the purpose of handling the application process. Processing may also be carried out electronically, in particular where an applicant submits application documents electronically, for example by email or via a web form on the website.

If VIVALU GmbH concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship in compliance with legal requirements. If VIVALU GmbH does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless other legitimate interests of VIVALU GmbH prevent deletion. Such a legitimate interest may include, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

11. Data Protection Provisions Regarding the Use of Social Media Plug-ins
Our website uses plug-ins from the social networks Facebook, Instagram, Xing, and LinkedIn. They serve the purpose of increasing awareness of our company. The underlying promotional purpose constitutes a legitimate interest within the meaning of the GDPR. The respective provider is responsible for ensuring compliance with data protection requirements. We integrate these plug-ins using the so-called two-click solution in order to protect visitors to our website as effectively as possible.

Facebook

Facebook plug-ins are used on our website. These redirect to the VIVALU GmbH Facebook page. When clicking the respective plug-in, Facebook receives information that the data subject has accessed the page, even if the data subject does not have a Facebook account or is not logged in.

The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For the processing of personal data, where a data subject lives outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the data subject is logged into Facebook at the same time, Facebook recognizes, with each access to our website and for the entire duration of the stay on our website, which specific subpage the data subject visits. This information is collected by the Facebook component and assigned to the data subject’s Facebook account. If the data subject clicks a Facebook button integrated on our website (e.g., the “Like” button) or leaves a comment, Facebook assigns this information to the data subject’s personal Facebook user account and stores the personal data.

Facebook receives information about visits to our website whenever the data subject is logged into Facebook at the time of accessing our website—regardless of whether the data subject clicks the Facebook component. If the data subject does not want such transmission to Facebook, they may prevent it by logging out of their Facebook account before visiting our website.

Facebook’s data policy, available at facebook.com/privacy provides information on the collection, processing, and use of personal data by Facebook, as well as privacy settings. In addition, various applications exist that enable suppression of data transmission to Facebook.

Instagram

Instagram plug-ins are used on our website and redirect to the VIVALU GmbH Instagram page. When clicking the respective plug-in, Instagram receives information that the data subject has accessed the page, even if the data subject does not have an Instagram account or is not logged in. The operator is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

If the data subject is logged into Instagram at the same time, Instagram recognizes which specific subpage is visited during the stay on our website. This information is collected and assigned to the data subject’s Instagram account. If the data subject activates an Instagram button integrated on our website, the transmitted data and information are assigned to the data subject’s Instagram account and stored and processed by Instagram.

Instagram receives information about the visit whenever the data subject is logged into Instagram at the time of accessing our website—regardless of whether the Instagram component is clicked. If the data subject does not want such transmission, they may prevent it by logging out of their Instagram account before visiting our website.

Further information and Instagram’s applicable data protection provisions are available at instagram.com/privacy.

XING

XING plug-ins are used on our website and redirect to the VIVALU GmbH XING page. When clicking the respective plug-in, XING receives information that the data subject has accessed the page, even if the data subject does not have a XING account or is not logged in.

The operator is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

If the data subject is logged into XING at the same time, XING recognizes which subpage is visited during the stay on our website. This information is collected and assigned to the data subject’s XING account. If the data subject clicks a XING button integrated on our website (e.g., “Share”), XING assigns this information to the data subject’s XING user account and stores the personal data.

XING receives information about visits whenever the data subject is logged into XING at the time of accessing our website—regardless of whether the XING component is clicked. If the data subject does not want such transmission, they may prevent it by logging out before visiting our website.

XING’s privacy policy is available at xing.com/privacy. XING has also published data protection information for the XING Share button at xing.com/share/data_protection.

LinkedIn

LinkedIn plug-ins are used on our website and redirect to the VIVALU GmbH LinkedIn page. When clicking the respective plug-in, LinkedIn receives information that the data subject has accessed the page, even if the data subject does not have a LinkedIn account or is not logged in.

The operator is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For privacy matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible.

If the data subject is logged into LinkedIn at the same time, LinkedIn recognizes which subpage is visited during the stay on our website. This information is collected and assigned to the data subject’s LinkedIn account. If the data subject clicks a LinkedIn button integrated on our website, LinkedIn assigns this information to the data subject’s LinkedIn user account and stores the personal data.

LinkedIn receives information about visits whenever the data subject is logged into LinkedIn at the time of accessing our website—regardless of whether the LinkedIn component is clicked. If the data subject does not want such transmission, they may prevent it by logging out of their LinkedIn account before visiting our website.

LinkedIn offers options to unsubscribe from email messages, SMS messages, and targeted ads, and to manage ad settings at linkedin.com/unsubscribe. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame who may set cookies. Such cookies can be rejected at linkedin.com/cookie-policy. LinkedIn’s privacy policy is available at linkedin.com/privacy-policy.

12. Data Protection Provisions Regarding the Use of Google Analytics (with IP Anonymization)
VIVALU GmbH has integrated the Google Analytics component (with IP anonymization) on this website. Google Analytics is a web analytics service. Web analytics refers to the collection, gathering, and evaluation of data about the behavior of visitors to websites by means of cookies. A web analytics service may, for example, record data about the website from which a data subject accessed a website (so-called referrer), which subpages were accessed, how long a visitor stayed on a (sub-)page, which browser type and version were used, and the time of the search query.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For web analytics via Google Analytics, VIVALU GmbH uses the add-on “_gat._anonymizeIp”. By means of this add-on, Google truncates and anonymizes the IP address of the data subject’s internet connection if access to our websites occurs from a Member State of the European Union or from another contracting state to the Agreement on the European Economic Area (EEA).

The purpose of the Google Analytics component is to analyze visitor traffic on our website and to optimize the website. Each time our website is visited, personal data—including the IP address of the internet connection used by the data subject—may be transmitted to Google in the United States of America. This personal data is stored by Google in the United States. Google may disclose the personal data collected via this technical procedure to third parties.

The data subject may object to the collection of data generated by Google Analytics relating to use of this website and to the processing of this data by Google, and may prevent such collection and processing, by downloading and installing a browser add-on available at: tools.google.com/optout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection. If the data subject’s IT system is later deleted, formatted, or newly installed, the browser add-on must be installed again to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject (or by another person within their sphere of control), it may be reinstalled or reactivated.

Further information and Google’s applicable privacy policies can be accessed at: google.de/policies/privacy and google.com/analytics/terms. Google Analytics is explained in more detail at: google.com/analytics.

13. Data Protection Provisions Regarding the Use of Google Maps
The VIVALU GmbH website uses Google Maps, a product of Google Inc. This enables interactive maps to be displayed directly on the website and allows convenient use of the map function.

By using this website, you consent to the collection, processing, and use of automatically collected data by Google Inc., its representatives, and third parties.

The terms of use for Google Maps can be found in the Google Maps Terms of Service.

14. Legal Basis for Processing
For processing operations, our company relies on Article 6 GDPR (in particular Art. 6(1)(a), (b), (c), (d) and (f)). Accordingly, at least one of the following conditions must be met for processing:

the data subject has given consent to the processing of their personal data for one or more specific purposes;

processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;

processing is necessary for compliance with a legal obligation to which the controller is subject;

processing is necessary in order to protect the vital interests of the data subject or of another natural person;

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

15. Legitimate Interests Pursued by the Controller or a Third Party
Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and our shareholders.

16. Duration for Which Personal Data Is Stored
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of that period, the corresponding data is routinely deleted, provided it is no longer necessary for the performance of a contract or for the initiation of a contract.

17. Statutory or Contractual Requirements to Provide Personal Data; Necessity for Contract Conclusion; Obligation to Provide Personal Data; Possible Consequences of Non-Disclosure
We inform you that the provision of personal data may be required in part by law (e.g., tax regulations) or may arise from contractual provisions (e.g., information about a contractual partner).

In certain cases, it may be necessary for the conclusion of a contract that a data subject provides personal data to us which must subsequently be processed by us. For example, a data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide such personal data would mean that the contract with the data subject could not be concluded.

Before providing personal data, the data subject may contact one of our employees. Our employee will inform the data subject, on a case-by-case basis, whether the provision of personal data is required by law or contract, whether it is necessary for concluding the contract, whether there is an obligation to provide the personal data, and what consequences would result from failure to provide the personal data.

18. Validity and Amendments to this Privacy Policy
This Privacy Policy is currently valid and reflects the status as of May 2018. Due to further development of our website and offerings, or due to changes in statutory or regulatory requirements, it may become necessary to amend this Privacy Policy. The current version of the Privacy Policy can be accessed and printed at any time at: vivalu.com/privacy-policy