For Customers, Other Contractual Partners, and Interested Parties
Dear customers, suppliers, and potential partners
In order to deal with your enquiry, it is necessary for us to process some personal data about you. We have compiled the following information for you in order to ensure maximum transparency regarding our processing operations in connection with your personal data and to fulfill our information obligations under Article 12 et seq. GDPR:
1. Responsible party as per data protection regulations
The responsible party (hereafter referred to as “Wikando” or “we”) within the scope of the General Data Protection Regulation and other national data protection laws of the EU member states, as well as sundry data protection regulations concerning an application, is:
Wikando GmbH
represented by Peter Kral
Schießgrabenstraße 32
86150 Augsburg
Germany
Phone: +49 (0)821 66609000
Email: info@fundraisingbox.com
You can find more information about our company, our authorized representatives, and further contact details in the legal notice on our website at https://fundraisingbox.com/en/legal-notice/.
2. Contact details of our data protection officer
Our company has appointed a data protection officer.
Andreas Mundanjohl
Zeller Straße 30
73101 Aichelberg
Germany
Phone: +49 (0)821 90782120
Email: datenschutz@wikando.de
3. Purposes and legal bases of processing
We process your personal data under the provisions of the General Data Protection Regulation (GDPR) of the European Union and the German Federal Data Protection Act (BDSG) to the extent necessary to establish, execute, and fulfill a contract and to take necessary steps before entering into a contract. As far as personal data is required to initiate or perform a contractual relationship or to take steps before entering into a contract, processing is lawful under Article 6(1)(b) GDPR.
Upon your consent to the processing of personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes, or advertising by email), this processing is lawful under Article 6(1)(a) GDPR based on that consent. You can revoke your consent at any time with prospective effect (see section 10 of this data protection information).
Where necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations under Article 6(1)(c) GDPR. In addition, processing may be carried out to protect our legitimate interests or those of third parties and to defend and assert legal claims in line with Article 6(1)(f) GDPR. Where applicable, we will inform you about the legitimate interest separately if required by law.
We process your personal data to fulfill the following purposes related to initiating and performing a contractual relationship or other activities in the interests of the company:
- contract processing
- communication with business partners about products, services, and projects, as well as answering inquiries, customer service
- advertising to existing customers as a selection criterion for direct marketing to tailor our service to your needs
- the management of our customer relations
- improving and developing intelligent and innovative services
- Customer analysis for market research and opinion polling
- compliance with legal or contractual requirements
- information on updates to our platform
- for the settlement of legal disputes, enforcement of contracts and assertion, defense, and exercise of legal claims, detection and prosecution of fraudulent and other unlawful acts
4. Categories of personal data
We only process data related to the establishment of the contract or pre-contractual measures, such as general personal data about you or individuals in your company, as well as any other data you provide us as part of the contracting process.
Contact details: Name, address, telephone number, IP address
Identification/payment data: Account number, VAT ID no.
Order data: Revenue
Other data: other required information relating to the business relationship, voluntarily provided information, and information from publicly available sources.
5. Data sources
We process personal data received from you or that you have provided us when contacting us, establishing a contractual relationship, or taking steps before entering into a contract.
6. Data recipients
Your personal data will only be passed on within our company to those departments and individuals who need it to fulfill contractual and legal obligations or to pursue our legitimate interests.
Your personal data will be processed on our behalf based on data processing agreements under Article 28 GDPR. In such cases, we ensure that the processing of personal data will be carried out in compliance with the provisions of the General Data Protection Regulation. Here, those recipients are internet service providers as well as providers of customer management systems and software.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to process and thus fulfill the contract, or, at your request, to carry out pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be:
- Public bodies and institutions (e.g., public prosecutor’s office, police, supervisory authorities, tax office) in the event of a legal or official obligation
- Recipients to whom the disclosure is directly necessary for the establishment or fulfillment of the contract
- Other data recipients for whom you have given us your consent to transfer data:
- Freshworks: Ticket system, help widget, contact form requests, customer data, softphone; Service provider: Freshworks, Neue Grünstraße 17, 10179 Berlin, Germany Website: https://www.freshworks.com/de/; Privacy policy: https://www.freshworks.com/privacy/
- Caya: Digital mail processing of addressed letter mail; Service provider: Caya GmbH Ritterstraße 24-27, 10969 Berlin; Website: https://www.caya.com/; Privacy policy: https://www.caya.com/legals/datenschutzerklarung
- Calendly: Online appointment scheduling; Service provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Website: https://calendly.com/de; Privacy policy: https://calendly.com/pages/privacy
- Google Workspace: Document filing system, e-mail backup, holding and planning meetings; Service provider: Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, D02 R296, Dublin 2, Ireland; Website: https://google.de; Privacy policy: https://policies.google.com/privacy?hl=de&gl=de; data protection and security: https://cloud.google.com/security/privacy/
- Asana: Project management, organisation and admistration of teams, groups, work procedures, projects and processes; Service provider: Asana, Inc, 1550 Bryant Street, Suite 200, San Francisco, CA 94103, USA; Website: https://asana.com; Privacy policy: https://asana.com/de/terms#privacy-policy
- easybill: Drafting and finalizing offers and invoicing; Service provider: easybill GmbH, Düsselstr. 21, 41564 Kaarst; Website: https://www.easybill.de. Privacy policy: https://www.easybill.de/datenschutz
- Elastic.co: Storage and processing of log data, automated detection of errors and anomalies. Service provider: elasticsearch B.V., Keizersgracht 281, 1016 ED Amsterdam, Niederlande; Website: https://www.elastic.co/de/. Privacy policy: https://www.elastic.co/de/legal/privacy-statement
- MaxMind: Attributing additional information such as continent, country, or provider to IP addresses. Service provider: MaxMind, Inc. Legal Department, 51 Pleasant Street # 1020 Malden, MA 02148, USA; Website: https://www.maxmind.com/en/home; Privacy policy: https://www.maxmind.com/en/privacy-policy
- Beamer: Customer information about updates in our platform. Service provider: Joincube, Inc., 3800 South Dupont, Dover, DE 19901, USA; Website: https://www.getbeamer.com/; Privacy policy: https://www.getbeamer.com/privacy-policy/
- Snowflake: Store data in a performant, secure, and scalable way with the goal of processing it for better analysis and evaluation.
Service provider: Snowflake Computing Netherlands BV, FOZ Building, Gustav Mahlerlaan 300-314, 1082 ME Amsterdam, Netherlands
Website: https://www.snowflake.com/
Privacy Policy: https://www.snowflake.com/privacy-policy/Fivetran: Transfer data from a variety of sources into our data platform.
Service provider: Fivetran Inc., 1221 Broadway Street, Suite 2400 Oakland, CA 94612, USA
Website: https://www.fivetran.com/
Privacy Policy: https://www.fivetran.com/de/legal#privacy-policy - Google OAuth:
We offer the use of the Google OAuth service within the Fundraisingbox as an option to integrate the user’s organization’s GMail accounts for sending emails from the Fundraisingbox. Below, we want to explain how we collect, process, and possibly share personal data in the context of integrating the Google OAuth service. If you declare your consent to the integration of your GMail account via the OAuth consent page provided by Google, you give your consent to data processing as described below:Data we process:
When you use the OAuth service, we process the following types of personal data:- Personal information, specifically your name and email address.
OAuth permissions:
We store the permissions you grant to the Fundraisingbox during the consent process. The following specific permissions are requested from you:- “Send emails on your behalf.” This allows the FundraisingBox to send emails from the FundraisingBox through your GMail account and use the relevant email as the sender address.
- “Retrieve primary email addresses from the Gmail account.” To enable the use of a unique Gmail account for multiple FundraisingBox accounts, it is technically necessary to retrieve the primary email address.
Type of processing:
We store the personal data and granted permissions you provide in the Fundraisingbox. There is no storage in other systems.Purpose of processing:
The above-mentioned data processing is carried out for the following purposes:- Authentication and service provision: We use your Gmail email address and the associated permissions to authenticate your identity and enable you to send emails from the FundraisingBox.
Legal basis:
The legal basis for processing in the case of Google OAuth is your consent in accordance with Article 6(1)(a) of the GDPR.Sharing of personal data:
We do not share your data with third parties.
The use of OAuth services in the FundraisingBox and the transfer of information we receive through the OAuth services to the FundraisingBox is done in accordance with the Google API Services User Data Policy, including the guidelines for limited use.
7. Email and Contact Form
We use the ticket system “Freshdesk” for handling customer inquiries and the Customer Relationship Management system (“CRM system”) “FreshSales” for handling general questions. The service provider of both systems is Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066 USA (hereinafter referred to as Freshworks). For the European region, the company Freshworks, Neue Grünstraße 17, 10179 Berlin, Germany, is responsible.
All support inquiries directed to us are converted into support tickets within Freshdesk, and the data you enter is transmitted to Freshdesk. The legal basis for processing the data is Article 6(1)(a) of the GDPR if user consent is given. If the registration is for the fulfillment of a contract to which the user is a party or for the implementation of pre-contractual measures, an additional legal basis for data processing is Article 6(1)(b) of the GDPR. Our legitimate economic interest lies in optimizing the management of contact inquiries and improving customer support to provide our services.
The following personal data may be transmitted to and stored in FreshSales and Freshdesk: inventory data (e.g., names, phone numbers, email addresses) and content data.
Freshdesk supports us in processing customer inquiries with the help of cookies. By integrating cookies, Freshdesk receives information about your browser, operating system, internet service provider, and IP address, which can also be transmitted to the USA. Freshdesk uses this information to offer us the services described above. The legal basis for processing personal data using cookies is Article 6(1)(f) of the GDPR.
Freshworks transmits this data to external service providers to offer their services.
Additionally, we have entered into a contract with Freshworks (Data Processing Agreement for EU Customers), in which Freshworks commits to processing user data only according to our instructions and complying with the EU data protection standards. Through this contract, Freshworks assures that they process the data in accordance with the General Data Protection Regulation and guarantee the protection of the rights of the data subject. Freshworks is also certified under the Privacy Shield agreement, providing an additional guarantee to comply with European data protection law.
We only use your data to process your request and may contact you for this purpose using the provided contact information. This data will only be used for advertising purposes or shared with third parties if you have explicitly consented to such processing; in this case, the legal basis is your consent, Article 6(1)(a) of the GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
For more information on Freshworks and data protection, please refer to Freshworks’ Privacy Policy.
8. Transfer to a Third Country
A transfer to a third country occurs in the context of the sub-processor MaxMind.
9. Duration of data storage
Where necessary, we process and store your personal data for the duration of our business relationship or contractual fulfillment, including the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The prescribed retention and documentation periods span two to ten years. The retention period is also governed by the statutory limitation periods, which, e.g., according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years but, in certain cases, up to thirty years.
10. Your rights
Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to notification under Article 19 GDPR, and the right to data portability under Article 20 GDPR.
You also have the right to complain to a data protection supervisory authority under Article 77 GDPR if you believe your personal data is being processed unlawfully. The right of complaint exists without prejudice to any other administrative or judicial remedy.
While the data processing is carried out based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time under Article 7 GDPR. Please note that your revocation will only take effect in the future; it does not affect the processing that took place before the revocation. Please also note that we may have to keep specific data for a certain period to comply with legal requirements (see section 8 of this data protection information).
11. Right to object
To the extent that your personal data is processed under Article 6(1)(f) GDPR to protect legitimate interests, you have the right under Article 21 GDPR to object to this data being processed at any time for reasons arising from your particular situation. We will no longer process this personal data unless we prove overriding legitimate grounds for such processing. Such legitimate grounds must override your interests, rights, and freedoms, or such processing must establish, exercise, or defend legal claims. In individual cases, we process your personal data for direct marketing purposes. You have the right to object to processing for such advertising at any time. This also applies to profiling insofar as it is associated with direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
For any concerns about your rights, contact us using the contact details provided in section 1.
12. Need for provision of personal data
The provision of personal data for deciding on a contract conclusion, contract fulfillment, or taking necessary steps before entering into a contract is voluntary. However, we can only decide to enter into any form of contract with you within the scope of contractual measures based on your provision of necessary personal data required for contract conclusion, contract fulfillment, or pre-contractual measures.