The protection of your privacy and your personal data is an important concern to which we pay special attention. Personal data collected during visits to our website is processed according to the legal provisions valid for the countries in which the website is maintained. In the following paragraphs, we provide you with information on how we are following these rules, which data we collect, and how we use it.

The provider of this website is indicated in the imprint of our website. If you have any questions, do not hesitate to contact us via the e-mail address you will find at the end of this Privacy Policy.

Collecting and Processing Personal Data

a) Website Visitors

When visiting our website, our web servers store details of your operating system and browser used, the webpage from which you came to our website, the pages that you visit on our site, the current date and time, and, for security reasons, the IP address assigned to you by your Internet service provider (ISP). With the exception of your IP address, personal data is only stored if you choose to submit it to us, e.g. when contacting us via our contact form, during registration, in a survey, in a competition or in order to enable performance of an agreement.

Your personal data remains only with our company, our affiliates, and our provider and will not be made available to third parties. The technical information collected will be used to guarantee smooth functionality of our website. To analyze user behavior, we are making us of Google Analytics. For more information about that – including how to disable data transfer – see below (section ‘Google Analytics’).

For any other purpose than the one specifically intended by you, your personal data will only be processed when you have given us specific consent. You can adjust your consent for the use of your personal data at any time with an email to the email address listed at the end of this policy to the effect that you revoke your consent in the future.

b) Job Applicants

When applying for a job posting at VMRay via our career-website you will be required to provide us with information on your personal, professional and academic background, including (but not limited to) personal details, contact information, certificates and references. The application data provided by you will only be processed and used by us in connection with your interest in a current or future employment.

Internally, your application data will only be processed by the relevant contact persons of the Human Resources Department and the department to which your application is directed. In case you are applying for a position at VMRay Inc., your application will be forwarded to the responsible US-employee only. All our employees are obliged to treat personal data strictly confidential.

In case your application has been successful, your data may be used for administrative purposes within the framework of your future employment and the applicable legal requirements.

In case your application has not been successful, we will keep your application for a maximum of 6 months to answer any questions you may have in connection with your application. For longer periods of time, your data will only be stored in case of a legal requirement to do so or for the purpose of providing legal evidence.

At any time you may exercise your data protection rights as described in this policy (see below).

Data Retention

We store your personal data for as long as it is necessary to perform a service that you have requested or for which you have granted your permission, providing that no legal requirements exist to the contrary such as in case of retention periods required by trade or tax regulations.

At any time you may exercise your right to have your personal data erased, provided that no legal requirement opposes deletion or the data is necessary for the fulfilment of a contractual obligation of VMRay, in which case we will inform you and provide alternative solutions to your request (e.g. blockage of your data).

Data Protection Rights

VMRay guarantees the following data protection rights:

Right to Information: You have the right to request information on your personal data processed by VMRay. This Privacy Policy shall serve this purpose. In case you have any remaining questions, you may send an e-mail to the contact indicated at the end of this Policy.

Right to Access: You may demand access to the personal data processed by VMRAy. We will provide the required data to you via e-mail.

Right to Rectification: You may demand from VMRay the rectification of inaccurate personal data concerning you.

Right to Erasure: You may demand from VMRay erasure of your personal data. VMRay is going to comply with your request unless legal requirements oppose deletion or we have to process the data in order to fulfill our contractual obligations. In that case, we will contact you and provide alternative solutions to your request (e.g. blockage of your data).

Right to Data Portability: At your request, VMRay will provide you with your data in a suitable format and (if technically possible) we will transmit your data to another responsible controller upon your request.

Furthermore, you may demand from us to end the processing of your personal data at any given time or to restrict your consent to the processing activities.

In case of a complaint, you may contact the competent data protection supervisory authority.

In order to exercise your rights, you may send an e-mail to the address indicated at the end of this policy.

Cookies

Cookies are small text files containing information which makes it possible to identify repeated visitors exclusively for the duration of their visit to our web pages.

Cookies are stored on the hard disk of your computer and do not cause any damage there. They can be used to determine whether there has been any contact between us and your end device in the past. Only the cookie on your end device is identified. Personal data can only be saved in cookies if you have given your consent or if it is essential for technical reasons, e.g., to enable a secure login.

On our website, we only use cookies if they are required for an application or service which we provide. If you would like to opt out of the advantages of these cookies, you can read in the Help function on your browser how to adjust your browser to prevent these cookies, accept new cookies, or delete existing cookies. You can also learn there how to block all cookies or set up notifications for new cookies. If you choose not to accept cookies it may result in a reduced availability of the services provided on our website.

The Cookies which we currently use on the website are listed in the following table:

Cookie: _ga
Type: Persistent
Description: We use Google Analytics to measure performance and improve your user experience. This cookie is used to uniquely identify you as a visitor to this site. This is achieved by generating two random 32-bit numbers and setting them in a cookie, no personal information or data is tracked.

Cookie: _cat
Type: Session
Description: We use Google Analytics to measure performance and improve your user experience. This cookie is used to throttle the request rate back to Google.

Cookie: Youtube
Type: Persistent
Description: We embed Youtube-videos via the so-called “Advanced Privacy Mode”, where cookies are only stored on your computer when playing the video. According to Youtube, in privacy mode no personal data is stored in the cookies for playbacks of embedded videos. For more information please visit this page.

Google Analytics

Based on our legitimate interests (within the meaning of Art. 6 para. 1 lit. f. DSGVO) we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there.

Google is certified under the EU-US Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities on our website and to provide us with further services associated with the use of our website. From the processed data, pseudonymous user profiles can be created.

We use Google Analytics only with IP anonymization enabled (‘anonymize_IP’). This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will not associate your IP address with any other data held by Google.

We use the remarketing function of Google Analytics. The function enables us to present advertisements to users based on their interests even after visiting our website on other pages. To do this, Google stores a cookie in the browsers of users who visit certain Google services or websites on the Google Display Network. For more information about Google Remarketing, please visit: http://www.google.com/privacy/ads/.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. You must perform this opt out on all systems that you use, for example in another browser or on your mobile device.

For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.

Universal Analytics
This website uses Universal Analytics. Universal Analytics enables us to receive information about the use of our website on different devices (“Cross Device”). As described above, we use a pseudonymized user ID that does not contain any personal data and does not transmit such data to Google.

The data collection and storage can be contradicted at any time with effect for the future by a browser plug-in from Google (https://tools.google.com/dlpage/gaoptout?hl=en). You must perform this opt out on all systems that you use, for example in another browser or on your mobile device. Further information on Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376.

Facebook

Plugins of the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA) are integrated on our page. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.

When you visit our page, the plugin establishes a direct connection between your browser and the server of Facebook. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like button” while logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit of our page with your user account. We would like to point out that we, as the provider of these pages, do not receive any knowledge of the content of the transmitted data and their use by Facebook. For more information, please have a look at the privacy statement of Facebook at http://de-de.facebook.com/policy.php. If you do not want Facebook to associate visiting our pages with your Facebook account, please log out of your Facebook account.

LinkedIn

Our website includes functions of the services of LinkedIn. The provider is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)

If you click the LinkedIn “Share-Button” (Plug-In), you will be redirected to your user account in a separate browser window – provided you are logged into your user account at LinkedIn – and can share the electronic publication stored on our website by adding a comment. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our website with your IP address. LinkedIn will also be able to associate your visit to our website with you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and their use by LinkedIn. For more information, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

Twitter

Our pages include functions of the services of Twitter. These functions are provided by Twitter Inc. (1355 Market St, Suite 900, San Francisco, CA 94103, USA). By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter.
We would like to point out that we are not aware of the content of the data transmitted or how it is used by Twitter. For more information, please see Twitter’s privacy policy at http://twitter.com/privacy. You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settings.

Newsletters

VMRay sends it newsletter for the purpose of advertising its product and informing about our company only with consent of the recipient. You may subscribe and consent to the receipt of our newsletter by providing us with your email address via our contact form and explicitly ticking the opt-in box underneath.

MailChimp
To send our newsletter we are making use of the newsletter distribution platform “MailChimp”, a service of the Rocket Science Group, LLC (1526 DeKalb Ave NE, Atlanta, GA 30307, USA).

The e-mail addresses of our newsletter recipients, as well as the data described below are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp uses this data according to its own information to optimize its own services.
However, MailChimp does not pass the data of our newsletter recipients on to third parties.

MailChimp is certified under the US-EU Privacy Shield and thus commits itself to comply with EU data protection principles. Furthermore, VMRay has concluded a Data Processing Agreement with Mailchimp in which MailChimp undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and in particular not to pass them on to third parties. The Privacy Policy of Mailchimp can be assessed via https://mailchimp.com/legal/privacy/.

Statistical Evaluations
The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data, the individual reading behavior, the retrieval locations (determined by using the IP address) or access times.

The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. The evaluations serve to recognize the reading habits of our users and to adapt our contents individually according to the interests of our users.

Online Access and Data Management
Ocassionally, we direct the newsletter recipients to the web pages of MailChimp (e.g. in case of display problems, our newsletters contains a link through which recipients can assess the newsletter online). Furthermore, newsletter recipients can subsequently correct their data, e.g. their e-mail address via Mailchimp.

In this context we would like to point out that cookies are used on the websites of MailChimp and thus personal data are processed by MailChimp, its partners and service providers (e.g. Google Analytics). We have no influence on this data collection. Further information can be found in the privacy policy of MailChimp.

Our website can be used to subscribe to newsletters. The data provided during the newsletter registration will be used only for the purposes of sending out the newsletter, provided you have not consented to other use. You can cancel the subscription at any time by using the unsubscribe option provided in the newsletter.

Unsubscribe
You may cancel the receipt of our newsletter at any time. By doing that you also revoke your consent to the statistical analyses (as described above). You may cancel the subscription by using the unsubscribe option provided in the newsletter.

Security

We use technical and organizational security measures to protect the data supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technology developments.

Contact

The continuous development of the Internet makes it necessary for us to adjust our data protection rules from time to time. We reserve the right to implement appropriate changes at any time.

If you wish to exercise your data protection rights or if you have any comments, suggestions, questions or complaints, please do not hesitate to send an e-mail to dataprotection@vmray.com.