The protection of your privacy and your personal data is an important concern to which we pay special attention. Personal data collected during visits to our website is processed according to the legal provisions valid for the countries in which the website is maintained. In the following paragraphs we provide you with information on how we are following these rules, which data we collect, and how we use it. Thereby, we fulfill our obligation of information under Art. 13 GDPR (General Data Protection Regulation).

The provider (and data controller within the meaning of GDPR) of this website is indicated in the imprint of our website. If you have any questions, do not hesitate to contact us via the e-mail address you will find at the end of this Privacy Policy. 

1) DEFINITIONS

Our privacy policy should be understandable for everyone. Generally, the official terms of the GDPR are used. The official definitions are explained in Art. 4 GDPR.

2) DATA PROTECTION RIGHTS

Depending on where you live, you may have certain state- or country-specific rights with respect to your personal information. Please see the region and state-specific terms below.

a) European Economic Area – General Data Protection Regulation

If you are a resident of the United Kingdom (and Gibraltar) (EU), European Economic Area (EEA), and Switzerland, you may have the following rights:

• Right to Information (Art. 15 GDPR): You have the right to request information on your personal data processed by VMRay.
• Right to Access (Art. 15 GDPR): You may demand access to the personal data processed by VMRay. We will provide the required data to you via e-mail. 
• Right to Rectification (Art. 16 GDPR): You may demand from VMRay the rectification of inaccurate personal data concerning you.
• Right to Erasure (Art. 17 GDPR): You may demand from VMRay erasure of your personal data. VMRay is going to comply with your request unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims. In that case, we will contact you and provide alternative solutions to your request (e.g. blockage of your data).
• Right to Data Portability (Art. 20 GDPR): At your request, VMRay will provide you with your data in a suitable format and (if technically possible) we will transmit your data to another responsible controller upon your request. However, you are entitled to this right only if the data processing is based on your consent or is necessary to execute a contract.
• Right to Restrict Processing (Art. 18 GDPR): You may demand the restriction of the processing of your personal data if (a) the accuracy of the data is disputed by you, (b) the processing is unlawful but you refuse to have it deleted, (c) we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or (d) you have lodged an objection to the processing in accordance with Art. 21 GDPR.
• Right to be Informed (Art. 19 GDPR): In case you have asserted the right to rectification, erasure or restriction of the processing vis-à-vis the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
• Right to Revoke Consent (Art. 7(3) GDPR): You have the right to revoke at any time, with effect for the future, any consent to the processing of data that you have once granted. In the event of revocation, we will delete the concerned data promptly, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
• Right to Complain (Art. 77 GDPR): In the case of a complaint, you may contact the competent data protection supervisory authority. 
• Right to Object (Art. 21 GDPR): If the basis of processing is Article 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data, provided that this is done for reasons arising from your particular situation. If you object to processing, your data will no longer be processed thereafter, unless there are compelling legitimate grounds for the processing which override the interests of the data subject in the objection. In order to exercise your rights, you may send an e-mail to the address indicated at the end of this policy.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail us at the below address. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the data controller is domiciled has jurisdiction.

b) United States – California Consumer Privacy Act and Other State Laws

If you are a resident of California, you have certain rights under the California Consumer Privacy Act (CCPA) listed below. However, these rights are not absolute and in certain cases we may decline your request as permitted by law.

• Right to Know (CCPA, Cal. Civ. Code § 1798.100): You have the right to request information about the categories and specific pieces of personal data we have collected about you.
• Right to Deletion (CCPA, Cal. Civ. Code § 1798.105): You have the right to request the deletion of your personal data that we have collected, subject to certain exceptions.
• Right to Opt-Out of Sale (CCPA, Cal. Civ. Code § 1798.120): You can opt out of the sale of your personal data to third parties. We do not sell your personal data to third parties.
• Right to Non-Discrimination (CCPA, Cal. Civ. Code § 17698.125): You have the right to be free from discrimination or retaliation related to your exercise of rights under the CCPA.

 

c) United States – Other State Laws

Depending on the state in which you reside, you may have the following privacy rights, subject to statutory limitations. However, these rights are not absolute and in certain cases we may decline your request as permitted by law.

• Right to Access: You may have the right to request information about the categories and specific pieces of personal data we have collected about you. Residents of Delaware and Oregon also have the right to request a list of specific third parties to whom we disclose personal information.
• Right to Correction: You may have the right to request the correction of inaccurate personal data.
• Right to Deletion: You may have the right to request that we delete the personal information you have provided to us, though we may be permitted to retain personal information for certain purposes.
• Right to Opt-Out of Sales and Sharing or Using for Targeted Advertising: You may have the right to submit requests to opt-out of tracking for targeted advertising purposes.
• Right to Limit the Use of Sensitive Information: Some of the personal information that we may collect may be considered sensitive personal information under certain state privacy laws. We will not process your sensitive personal data without your consent.
• Right to Non-Discrimination: You have the right to be free from discrimination or retaliation related to your exercise of privacy rights.

 

d) Canada – Personal Information Protection and Electronic Documents Act

If you are located in Canada, your personal data is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the following rights:

• Right to Access (PIPEDA, Section 8): You have the right to access your personal data that we hold.
• Right to Correct Data (PIPEDA, Section 8): You have the right to request corrections to your personal data if it is inaccurate.
• Right to Withdraw Consent (PIPEDA, Section 9): You can withdraw your consent to the processing of your personal data at any time, subject to certain legal limitations.

 

e) Australia – Privacy Act 1988

If you are located in Australia, your personal data is protected by the Privacy Act 1988. Under the Privacy Act, you have the following rights:

• Right to Access (Section 12 Privacy Act): You have the right to access your personal data we hold.
• Right to Correct Data (Section 13C Privacy Act): You have the right to request the correction of any personal data that is inaccurate, out-of-date, incomplete, or misleading.
• Right to Object (Section 16 Privacy Act): You can object to the processing of your personal data under certain circumstances, such as direct marketing.

 

f) Other Jurisdictions

If you are located in a jurisdiction not mentioned above, please note that we will comply with any applicable local data protection laws and regulations and will take all necessary steps to ensure your privacy rights are respected.

For certain requests, we require that you provide the following information:

• State of residence
• First and last name
• E-mail address and confirmation that the request is submitted by a natural person (for requests submitted online)
• Phone number (for requests submitted by phone)
• Postal address

The information that you provide will be analyzed to determine whether we can reasonably verify your identity. We may need to obtain additional information from you to process your request. For example, if we determine that the information provided is not sufficient for verification, you may be prompted to answer a few questions.

There may be circumstances where we may not completely fulfill your request, as permitted under applicable law. For example, if you submit a request to delete your personal information, we may need to retain certain personal information to complete a transaction, detect fraud, or comply with our legal obligations.

If you are an authorized agent acting on behalf of a California resident, or acting on behalf of resident of a state with a similar legal requirement, please send your request to our Data Protection Officer and include the following information about you and the person on whose behalf you are submitting the request: full name, mailing address, e-mail address, and phone number. You should also provide proof of your authorization to act on the other person’s behalf. We will contact you for additional information once your request has been received. Note that we may require the consumer to verify their identity and confirm your authority as the agent.

3) DATA RETENTION

We store your personal data for as long as it is necessary to perform a service that you have requested or for which you have granted your permission, providing that no legal requirements exist to the contrary such as in case of retention periods required by trade or tax regulations.

4) DATA PROCESSING WHEN VISITING OUR WEBSITE

When you visit our web pages, the following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

• Data and time of your visit
• Your operation system and Internet browser used
• Webpage from which you came to visit our website
• Pages you visit on our website
• The IP address assigned to you by your Internet service provider (ISP)
• Transferred data volume

We collect the listed data to ensure a smooth connection of the website and to enable a comfortable use of our website by the users. Legal basis for this type of processing is our legitimate interests pursuant Art. 6(1)(f) GDPR. 

With the exception of your IP address, personal data is only stored if you choose to submit it to us, (e.g., when contacting us via our contact form, during registration, in a survey, in a competition or in order to enable performance of an agreement).

Your personal data remains only with our company, our affiliates, and our providers and may be made available to third parties. For third party services we use at our website please see information below. 

Our website may contain links to third-party websites. If you click on one of those links, you will be taken to websites we do not control. This Privacy Policy does not apply to the information practices of those websites. You should read the privacy policies of other websites carefully. We are not responsible for third-party websites.

5) JOB APPLICANTS

When applying for a job posting you will be required to provide us with information on your personal, professional, and academic background, including:

• Identification Data: Name, date of birth, and nationality.
• Contact Data: Address, telephone number, and e-mail address.
• Background Data: Curriculum vitae, qualifications and degrees, professional experience, notes from interviews, and other evaluations.
• Personal Data: Cover letter and personal interests.
• Special Categories of Data: Disability status within the meaning of Art. 9 GDPR.

Your data is encrypted during electronic transmission. 

The primary legal basis for this is:

• For the initiation of an employment relationship pursuant to Art. 6(1)(b) GDPR in conjunction with § 26(1) BDSG (German Federal Data Protection Act).
• Your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 26(2) BDSG. If the processing of your data is based on your consent, you have the right to revoke the consent at any time with effect for the future.
• Our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Internally, your application data will only be processed by the relevant contact persons of the Human Resources Department and the department to which your application is directed. In case you are applying for a position at VMRay Inc., your application will be forwarded to the responsible USA-employee only. All our employees are contractually obliged to treat personal data strictly confidential.

In case your application has been successful, your data may be used for administrative purposes within the framework of your future employment and the applicable legal requirements. In that case, your data will be stored in accordance with the retentions periods applicable by law.

In case your application has not been successful, we will keep your application for 6 months to answer any questions you may have in connection with your application. For longer periods of time, your data will only be stored in case of a legal requirement to do so or for the purpose of providing legal evidence. In that case, your data will be deleted after the ground for storage ceases to exist.  The legal basis for storage is our legitimate interest to provide evidence in case of legal claims by the applicant within the meaning of Art. 6(1)(f) GDPR and § 24(1) no. 2 BDSG. Our legitimate interest lies in legal defense and enforcement. At any time, you may exercise your data protection rights as described in this policy (see below).

6) CONTACT FORM

We offer multiple general contact forms on our site.  Before contacting us, the user has to consent to this Privacy Policy. If a user contacts us, the data entered will be transmitted to us and stored. This data includes your first name (second name optional), e-mail address, company name, country as well as date and time of your message. The transmission of data via the web form is encrypted. We will use this data only to process your request. The legal basis for this type of processing is our legitimate interest in answering your request in accordance with Art. 6(1)(f) GDPR. If your request serves the conclusion of a contract with us, further legal basis for the processing is Art. 6(1)(b) GDPR. The data will be deleted after your request has been processed. If we are legally obliged to store data for a longer period of time, the data will be deleted after expiry of the corresponding period. In the case of Art. 6(1)(f) GDPR, you can object to the processing of your personal data at any time.

7) REQUEST A TRIAL

We provide a contact form to request a 30-day trial period for our product. If a user contacts us, the data entered will be transmitted to us and stored. This data includes your first name (second name optional), e-mail address, job title, company name, country, IP-address as well as date and time of your message.

We will use this data only to process your request. Legal basis for this type of processing is the execution of pre-contractual measures in accordance with Art. 6(1)(b) GDPR or your consent granted to us in accordance with Art. 6(1)(a) GDPR.

Your personal data will be deleted as soon as they are no longer required for the purpose of their collection. 

8) COOKIES

a) In General

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your Internet browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

How do we use cookies? Our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

b) Types of Cookies Used

• Necessary Cookies: These cookies ensure basic functionalities and security features of the website, anonymously. (16 Cookies)
• Functional Cookies: These cookies help to perform certain functionalities such as sharing the content of our website on social media platforms, collecting feedback, and other third-party features. (4 Cookies)
• Analytics Cookies: These cookies are used to understand how visitors interact with our website. These cookies help provide information on metrics regarding the number of visitors, bounce rate, traffic source, and other data related to visitors’ interactions with our website. (8 Cookies)
• Performance Cookies: These cookies are used to understand and analyze the key performance indexes of our website which helps in delivering a better user experience for the visitors. (2 Cookies)
• Advertisement Cookies: These cookies are used to provide visitors with relevant advertisements and marketing campaigns. These cookies track visitors across websites and collect information to provide customized advertisements. (10 Cookies)
• Uncategorized Cookies: These are cookies that are being analyzed and have not been classified into a category as of yet. (7 Cookies)

c) Managing Cookie Preferences

You can review all the Cookies we use and change your cookie preferences by clicking “Customize” at the bottom of our GDPR compliant Cookie bar on our website. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.

If you are using any other Internet browser, please visit your Internet browser’s official support documents.

9) SERVICES USED

We use various third-party services to enhance our website functionality, improve user experience, and support our business operations. Below, we provide details on the third-party services we use, their purposes, and how they process your personal data.

Some of these services involve the transfer of personal data to the USA. In such cases, we implement additional protective measures to ensure compliance with the Art. 46(2)(c) GDPR and to maintain an adequate level of data protection.

a) Google Services

We use several services provided by Google LLC and its European subsidiary, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (Google). These services may process your personal data, include IP addresses and online identifiers.

• Google Analytics:
  • We use this tool to analyze website traffic. We use Google Analytics only with IP anonymization enabled to reduce the IP address of users within the EU or EEA and only in exceptional circumstances are the full IP addresses transmitted to a Google server in the USA and shortened there. Google will not associate your IP address with any other data held by Google.
  • The data will be deleted as soon as they are no longer necessary for the purpose of their collection. Deletion of user and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will occur no later than 14 months after collection.
• Google Analytics Remarketing:
  • We use this tool to deliver personalized advertisements. If you have given permission, Google will link your web and application browsing history to your Google Account for this purpose.
  • You can opt-out of cross-device remarketing/targeting permanently by deactivating personalized advertising in your Google Account.
• Google Maps:
  • We use this tool to provide interactive maps.
  • Each time you access the Google Maps component, Google will set a cookie to process user preferences and data when you view the page that includes the Google Maps component. As a rule, this cookie is not deleted by closing the Internet browser, but expires after a certain period of time, unless you delete it manually beforehand.

The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). In case of data collection processes that are not consolidated in your Google Account (e.g., because you do not have a Google Account or have objected to the consolidation), the data collection is based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR. The legitimate interest arises from our legitimate interest in the anonymized analysis of website visitors for advertising purposes.

For more information on Google’s use of personal data, please visit https://policies.google.com/privacy.

b) Social Media Platforms

We integrate and interact with the following social media platforms:

• Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA): We use Facebook plugins for marketing and analytics.
• LinkedIn (2029 Stierlin Court, Mountain View, CA 94043, USA): We use LinkedIn plugins for communication, public relations, and business engagement.
• Twitter (1355 Market St, Suite 900, San Francisco, CA 94103, USA): We use Twitter plugins for content and sharing types.
• YouTube (901 Cherry Ave., San Bruno, CA 94066, USA): We embed YouTube videos exclusively on the basis of YouTube’s “Extended Data Protection Mode.” For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies via your Internet browser on your terminal. If you do not agree to this processing, you have the option of preventing the storage of cookies by setting it in your Internet browser.

The above social media platforms are able to establish a direct connection between your Internet browser and the applicable social media platform’s server with your IP address and/or your social media account. Such social media platform may also record and process the data and time of your visit to our website.

The legal basis for these types of processing is our legitimate business interest (Art. 6(1)(f) GDPR).

See individual privacy policies for further details:

• Facebook: https://www.facebook.com/privacy/policy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Twitter: https://www.twitter.com/privacy
• YouTube: https://www.policies.google.com/privacy

 

c) CRM and Marketing

To manage customer relationships and marketing activities, we use:

• HubSpot (2nd Floor 30 North Wall Quay, Dublin 1, Ireland): We use this tool for marketing and customer service purposes. The information collected (e.g., IP address, geographic location, Internet browser type, length of visit, and pages viewed) are analyzed by HubSpot on our behalf so that we can generate reports about the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on servers of HubSpot’s service providers. The data will be deleted as soon as they are no longer necessary for the purpose of their collection. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your Internet browser settings accordingly. The legal basis is your consent (Art. 6(1)(a) GDPR) and/or legitimate interest (Art. 6(1)(f) GDPR).
• Salesforce (Erika-Mann-Str. 31, 80636 Munich, Germany): We use this tool for customer management. The legal basis is contract performance (Art. 6(1)(b) GDPR).

See individual privacy policies for further details:

• HubSpot: https://legal.hubspot.com/privacy-policy
• Salesforce: https://www.salesforcde.com/company/privacy/

 

d) Cloud Storage and Collaboration

We use Nextcloud (Albrechtstraße 14b, 10117 Berlin, Germany) for secure cloud storage and collaboration. For users with a temporary account, the retention period for the data is 3 days. For users with a regular account, the retention period for the data is 30 days.

Please be aware that Nextcloud is not an archive for the submitted information. As soon as we decide that any information is no longer needed for the aforementioned purpose, we have the right to delete such information.

For more information, please visit https://nextcloud.com/privacy/.

e) Managing Your Preferences

You can control and restrict data collection by adjusting cookie settings on your Internet browser and by managing consent settings within each platform’s privacy controls.

10) NEWSLETTER

We send our newsletter for the purpose of advertising our product and informing about our company. For the registration to our newsletter, we use the double opt-in procedure. You may subscribe and consent to the receipt of our newsletter by providing us with your e-mail address via our contact form, explicitly ticking the opt-in box underneath and by clicking the link in the confirmation e-mail. By clicking on the corresponding link, we process the public IP address of the computer from which the link is accessed, together with the date and time of the click. We process this data to be able to provide proof that you have confirmed receipt of our e-mail newsletter. You may cancel the subscription by using the unsubscribe option provided in the newsletter. The data which we require as proof that you have agreed to receive the newsletter will be deleted after expiration of any legal obligation to provide this evidence. The legal basis for this type of processing is your consent according to Art. 6(1)(a) GDPR.

Our e-mail newsletter is sent via the technical service provider HubSpot Ireland Limited (see above) to whom we transfer the information you provide when you register for the newsletter. This disclosure is made in accordance with Art. 6(1)(f) GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. HubSpot uses this information for the dispatch and statistical analysis of the newsletter on our behalf. 

For evaluation purposes, the e-mails sent contain web beacons or tracking pixels, which are one-pixel image files stored on our website. The use of the web beacons and tracking pixels can determine whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g., purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g., time of access, IP address, Internet browser type, and operating system). The data is collected pseudonymously and is not linked to your other personal data. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical purposes, you must cancel the newsletter subscription.

Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider in accordance with Art. 46(2)(c) GDPR. These standard data protection clauses obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

11) WEBINARS

We use the GoToWebinar software solution from LogMeIn, Inc (320 Summer Street Boston, MA 02210, USA) to conduct regular seminars via the Internet. Pursuant to our arrangement with LogMeIn, LogMeIn is required to protect our customers’ information. 

Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider in accordance with Art. 46(2)(c) GDPR. These standard data protection clauses obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

A connection will be established between you and the webinar organizer to conduct the webinar. We do not record the sound or image information transmitted during the webinar. With your participation you also confirm not to make any recordings or screen shots. You can end the session at any time by simply closing the Internet browser window or closing the program or application. 

For LogMeIn’s privacy policy please see https://www.logmeininc.com/de/legal/privacy.

12) SECURITY

We take reasonable technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 GDPR. Such measures shall include ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability, and its separation.

13) DATA PROCESSING BY THIRD PARTIES

Your personal data may be transferred to and processed by third parties on our behalf for various business purposes, such data processing by third parties occurs under the following situations:

• if we explicitly pointed this out in the description of the respective data processing;
• if you have given your express consent in accordance with Art. 6(1)(a) GDPR;
• if the disclosure pursuant to Art. 6(1)(f) GDPR is necessary for the assertion, exercise, or defence of legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data;
• in the event that there is a legal obligation for disclosure under Art. 6(1)(c) GDPR;
• insofar as is necessary for the processing of contractual relationships with you in accordance with Art. 6(1)(b) GDPR

In addition, we use external service providers for our services, which we have carefully selected and commissioned in writing. If necessary, we have concluded Data Processing Agreements in accordance with Art. 28 GDPR. 

14) TRANSFER TO THIRD COUNTRIES

Your personal information may be transferred to and processed in countries outside of your country of residence, including jurisdictions that may not have the same data protection laws as your home country. When we transfer your data to third countries, we take appropriate safeguards to ensure that your information remains protected in accordance with applicable laws.

Subject to legal or contractual permissions, we process the data in a third country only under the special requirements of Art. 44 ff. GDPR.

15) LEGAL OBLIGATIONS

The provision of personal data for the decision to conclude a contract, for the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data as are necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

16) AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

No automated decision making or profiling pursuant to Art. 22 GDPR takes place.

17) SECURITY INCIDENT RESPONSE INTEGRATION

When applicable, our Security Incident Response Integration is developed to meet high standards of data protection and transparency. This section outlines the types of data we collect, how it is used, how it is protected, and your rights as a user.

a). Data Collection

We may collect the following categories of data:

• Incident details (e.g., type, severity, timestamps)
• User information involved in incidents (e.g., names, roles)
• System logs and activity records

 

b). Data Usage

We use the collected data solely for the following purposes:

• To detect, analyze, and respond to security incidents
• To improve our incident response features and strategies
• To generate insights that help strengthen overall security posture

 

c). Data Sharing

We only share data:

• With your explicit consent
• When required by law
• With trusted partners assisting in security analysis, under strict confidentiality

 

d). Data Security

We apply strong data protection measures:

• Data is encrypted in transit
• Stored securely with access control policies
• Regular security assessments are performed

 

e). Additional Terms

If any aspect of this section is not addressed, our general Privacy Policy will apply.

18) CHANGES TO THIS PRIVACY POLICY

The continuous development of the Internet makes it necessary for us to adjust our data protection rules from time to time. We reserve the right to implement appropriate changes at any time.

19) CONTACT

If you wish to exercise your data protection rights or if you have any comments, suggestions, questions, or complaints, please do not hesitate to send an e-mail to dataprotection@vmray.com.

Our Data Protection Officer, Patrick Grihn, can be contacted via:

DSBRuhr
c/o nextindex GmbH & CO. KG
Grabenstr. 12
44787 Bochum
tel.: 0049234 810 503 00
e-mail: grihn@dsb.ruhr 

Date of Privacy Policy: April 2025