Privacy Policy

We take your privacy seriously and process personal data collected on our website according to applicable laws. This Privacy Policy outlines how we handle data, fulfilling our obligation under the GDPR, & more. 

The protection of your privacy and your personal data is an important concern to which we pay special attention. Personal data collected during visits to our website is processed according to the legal provisions valid for the countries in which the website is maintained. In the following paragraphs we provide you with information on how we are following these rules, which data we collect, and how we use it. Thereby, we fulfil our obligation of information under Art. 13 GDPR (General Data Protection Regulation).

The provider (and data controller within the meaning of GDPR) of this website is indicated in the imprint of our website. If you have any questions, do not hesitate to contact us via the e-mail address you will find at the end of this Privacy Policy. 

1) DEFINITIONS

Our privacy policy should be understandable for everyone. Generally, the official terms of the GDPR are used. The official definitions are explained in Art. 4 GDPR.

2) DATA PROTECTION RIGHTS

In accordance with Art. 15 ff. GDPR, VMRay guarantees you the following data protection rights:

Right to Information (Art. 15 GDPR): You have the right to request information on your personal data processed by VMRay. This Privacy Policy shall serve this purpose. In case you have any remaining questions, you may send an e-mail to the contact indicated at the end of this Policy. 

Right to Access: You may demand access to the personal data processed by VMRAy. We will provide the required data to you via e-mail. 

Right to Rectification (Art. 16 GDPR): You may demand from VMRay the rectification of inaccurate personal data concerning you.

Right to Erasure (Art. 17 GDPR): You may demand from VMRay erasure of your personal data. VMRay is going to comply with your request unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims. In that case, we will contact you and provide alternative solutions to your request (e.g. blockage of your data).

Right to Data Portability (Art. 20 GDPR): At your request, VMRay will provide you with your data in a suitable format and (if technically possible) we will transmit your data to another responsible controller upon your request.

Right to Restrict Processing (Art. 18 GDPR): You may demand the restriction of the processing of your personal data if (a) the accuracy of the data is disputed by you, (b) the processing is unlawful but you refuse to have it deleted, (3) we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or (4) you have lodged an objection to the processing in accordance with Art. 21 GDPR.

Right to be Informed (Art. 19 GDPR): In case you have asserted the right to rectification, erasure or restriction of the processing vis-à-vis the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.

Right to revoke consents granted (Art. 7 Para. 3 GDPR): You have the right to revoke at any time, with effect for the future, any consent to the processing of data that you have once granted. In the event of revocation, we will delete the data concerned immediately, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right to Complain to responsible supervisory authority (Art. 77 GDPR): In case of a complaint you may contact the competent data protection supervisory authority. 

Right to object in case of processing on the basis of Art. 6 para. 1 sentence 1 lid. f) GDPR (Art 21 GDPR): If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right of objection without the need to specify a special situation. In order to exercise your rights, you may send an e-mail to the address indicated at the end of this policy.

3) DATA RETENTION

We store your personal data for as long as it is necessary to perform a service that you have requested or for which you have granted your permission, providing that no legal requirements exist to the contrary such as in case of retention periods required by trade or tax regulations.

4) DATA PROCESSING WHEN VISITING OUR WEBSITE

When you visit our web pages, it is technically necessary that data is transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

• Data and time of your visit

• Your operation system and browser used

• Webpage from which you came to visit our website

• Pages you visit on our website

• The IP address assigned to you by your Internet service provider (ISP)

• Transferred data volume

We collect the listed data to ensure a smooth connection of the website and to enable a comfortable use of our website by the users. Legal basis for this type of processing is Art. 6 para. 1 sentence 1 lid. f) GDPR. 

With the exception of your IP address, personal data is only stored if you choose to submit it to us, e.g. when contacting us via our contact form, during registration, in a survey, in a competition or in order to enable performance of an agreement.

Your personal data remains only with our company, our affiliates, and our provider and will generally not be made available to third parties. For third party services we use at our website please see information below. 

Insofar as links are provided to other websites, we have neither influence nor control over the linked contents and the data protection regulations there. When calling up linked websites, we recommend that you check the data protection declarations of these websites to determine whether and to what extent personal data is collected, processed, used or made available to third parties.

5) JOB APPLICANTS

When applying for a job posting you will be required to provide us with information on your personal, professional and academic background. This includes in particular your contact data (such as first name, last name, private address, telephone number, e-mail address) as well as other data provided by you about your background (e.g. curriculum vitae, qualifications and degrees, professional experience) and your person (e.g. cover letter, personal interests). This may include special categories of personal data (e.g. information on a severe disability) within the meaning of Art. 9 GDPR. Your data is encrypted during electronic transmission. 

The data processing serves to initiate an employment relationship. The primary legal basis for this is Art. 6 para. 1 sentence 1 lid. b GDPR in conjunction with § 26 para. 1 BDSG (German Federal Data Protection Act). In addition, consent pursuant to Art. 6 para. 1 sentence 1 lit. a)  GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission requirement. If the processing of your data is based on your consent, you have the right to revoke the consent at any time with effect for the future.

Internally, your application data will only be processed by the relevant contact persons of the Human Resources Department and the department to which your application is directed. In case you are applying for a position at VMRay Inc., your application will be forwarded to the responsible US-employee only. All our employees are contractually obliged to treat personal data strictly confidential.

In case your application has been successful, your data may be used for administrative purposes within the framework of your future employment and the applicable legal requirements. In that case, your data will be stored in accordance with the retentions periods applicable by law.

In case your application has not been successful, we will keep your application for 6 months to answer any questions you may have in connection with your application. For longer periods of time, your data will only be stored in case of a legal requirement to do so or for the purpose of providing legal evidence. In that case, your data will be deleted after the ground for storage ceases to exist.  The legal basis for storage is our legitimate interest to provide evidence in case of legal claims by the applicant within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR and § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in legal defense and enforcement. At any time you may exercise your data protection rights as described in this policy (see below).

6) CONTACT FORM

We provide a general contact form on our website.  Before contacting us, the user has to consent to this Privacy Policy. If a user contacts us, the data entered will be transmitted to us and stored. This data includes your first name (second name optional), e-mail address, company name, country as well as date and time of your message. The transmission of data via the web form is encrypted. We will use this data only to process your request. The legal basis for this type of processing is our legitimate interest in answering your request in accordance with Art. 6 para. 1 sentence 1 lid. f) GDPR. If your request serves the conclusion of a contract with us, further legal basis for the processing is Art. 6 para. 1 sentence 1 lid. b) GDPR. The data will be deleted after your request has been processed. If we are legally obliged to store data for a longer period of time, the data will be deleted after expiry of the corresponding period. In the case of Art. 6 para. 1 sentence 1 lit. f) GDPR, you can object to the processing of your personal data at any time.

7) REQUEST A TRIAL

We provide a contact form to request a 30-day trial period for our product. If a user contacts us, the data entered will be transmitted to us and stored. This data includes your first name (second name optional), e-mail address, job title, company name, country, IP-address as well as date and time of your message.

We will use this data only to process your request. Legal basis for this type of processing is the execution of pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR or your consent granted to us in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Your personal data will be deleted as soon as they are no longer required for the purpose of their collection. 

8) COOKIES

Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our website more user-friendly, effective and safer. Most of the cookies we use are session cookies, which are automatically deleted when you close your browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser the next time you visit us.

In some cases, the cookies serve to simplify website processes by saving settings selected by the visitor before. Insofar as personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 sentence lit. b) GDPR either for the execution of a contract or in accordance with Art. 6 Para. 1 sentence 1 lit. f) GDPR to safeguard our legitimate interests in the best possible functionality of our website and a customer-friendly and effective design.

You can set your browser so that you are informed about the use of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed for the respective browser under the following links.

  • Google Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
  • Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
  • Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
  • Oper: https://help.opera.com/en/latest/

Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites and applications that you do not want to be tracked for behavioral advertising and similar. For information and instructions on how to use this feature, please refer to the links below, depending on your browser’s vendor:

  • Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
  • Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/
  • Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
  • Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
  • Opera: https://help.opera.com/de/latest/

Additionally, you can prevent the loading of so-called scripts by default. NoScript allows the execution of JavaScript, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of this website may be limited.

Cookies which we currently use on our website are listed in the following:

First Party Cookie:

  • VMRay lead_session – Technically necessary
  • wp_lead_uid – Technically necessary
  • Inbound_referral_site – Technically necessary
  • YouTube _embedded video (“Advanced Privacy Mode”: According to Youtube, in privacy mode no personal data is stored in the cookies for playbacks of embedded videos) – Technically necessary

The Cookie does not hold any personal information, but only related information for the server and request in question. 


Third Party Cookie: 

  • Google _gid – 24 hours – Used to distinguish users – Optional
  • _ga – 2 years – Used to distinguish users – Optional
  • _gat – Session – Used to throttle the request rate back to Google – Optional
  • test_cookie – 1 day – Used to check if the user’s browser supports cookies – Optional
  • IDE – 1 year – Used to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user (set by DoubleClick, which is owned by Google) – Optional
  • Hubspot – 13 months – This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts – Optional
  • _hssc 30 – min – This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp – Optional
  • _hssrc – Session, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session – Optional
  • _hstc – 13 months – Used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). – Optional
  • LinkedIn lang – Session – Sets default locale/language – Optional
  • lissc – 1 year – Optional
  • bcookie – 2 years – Browser ID cookie – Optional
  • lidc – 24 hours – Used for routing – Optional
  • UserMatchHistory – 30 days – LinkedIn Ads ID syncing – Optional
  • bscookie =- 2 years – Secure Browser Cookie – Optional
  • Twitter personalization_id – 2 years – This cookie is set due to Twitter integration and sharing capabilities for the social media – Optional

For further information on cookie use of third parties, see information below. 

9) SERVICES USED

a) Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (“Google”).  Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there.  Since a transfer of personal data to the USA takes place, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be guaranteed even by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA. 

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities on our website and to provide us with further services associated with the use of our website. From the processed data, pseudonymous user profiles can be created.

We use Google Analytics only with IP anonymization enabled (‘anonymize_IP’). This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. You must perform this opt out on all systems that you use, for example in another browser or on your mobile device.

The data collected in your Google Account is collected solely on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 sentence 1 lit. a GDPR). In case of data collection processes that are not consolidated in your Google Account (e.g. because you do not have a Google Account or have objected to the consolidation), the data collection is based on our legitimate interests within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. 

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. Deletion of user and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will occur no later than 14 months after collection.

For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.

b) Google Analytics Remarketing

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited (see above).

This feature allows you to link the advertising target groups created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you on one device (e.g. mobile phone) based on your previous usage and surfing behavior can also be displayed on another of your devices (e.g. tablet or PC).

If you have given permission, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be delivered on any device you sign in to with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.

Since a transfer of personal data to the USA takes place, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

You can opt-out of cross-device remarketing/targeting permanently by deactivating personalized advertising in your Google Account (https://adssettings.google.com/anonymous).

The summary of the data collected in your Google Account is based solely on your consent, which you can give or withdraw to Google in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. For data collection operations that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the collection of data is based on Article 6, paragraph 1 sentence 1 lid. f) GDPR. The legitimate interest arises from our legitimate interest in the anonymized analysis of website visitors for advertising purposes. Further information via: https://www.google.com/policies/technologies/ads/

c) Google Maps

We use the component “Google Maps” from Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland). The legal basis for this type of processing is our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lid. f GDPR. 

Each time you access the Google Maps component, Google will set a cookie to process user preferences and data when you view the page that includes the Google Maps component. As a rule, this cookie is not deleted by closing the browser, but expires after a certain period of time, unless you delete it manually beforehand. If you do not agree with this processing of your data, it is possible to deactivate the “Google Maps” service and in this way prevent the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you cannot use “Google Maps” or only to a limited extent.

The use of “Google Maps” and the information obtained via “Google Maps” is subject to the Google Terms of Use (see above).

d) Facebook

Plugins of the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA) are integrated on our page. The legal basis for this type of processing is our legitimate interest withing the meaning of Art. 6 para. 1 sentence 1 lid. f) GDPR. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.

When you visit our page, the plugin establishes a direct connection between your browser and the server of  Facebook. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like button” while logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit of our page with your user account. We would like to point out that we, as the provider of these pages, do not receive any knowledge of the content of the transmitted data and their use by Facebook. For more information, please have a  look at the privacy statement of Facebook at http://de-de.facebook.com/policy.php. If you do not want Facebook to associate visiting our pages with your Facebook account, please log out of your Facebook account.

e) LinkedIn

Our website includes functions of the services of LinkedIn. The provider is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA). On our site we provide information and offer LinkedIn users the possibility of communication. The company presence is used for applications, information/PR and active sourcing. The legal basis for this type of processing is Art. 6 para. 1 f) GDPR.

If you click the LinkedIn “Share-Button” (Plug-In), you will be redirected to your user account in a separate browser window – provided you are logged into your user account at LinkedIn – and can share the electronic publication stored on our website by adding a comment. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our website with your IP address. LinkedIn will also be able to associate your visit to our website with you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and their use by LinkedIn. For more information, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

f) Twitter

Our pages include functions of the services of Twitter. These functions are provided by Twitter Inc. (1355 Market St, Suite 900, San Francisco, CA 94103, USA). The legal basis for this type of processing is Art. 6 para. 1 f) GDPR.

If the plug-in is stored on one of the pages you visit on our website, your Internet browser will download a representation of the plug-in from the Twitter servers in the USA. For technical reasons it is necessary for Twitter to process your IP address. In addition, the date and time of your visit to our website are also recorded.

If you are logged in to Twitter while visiting our website, the information collected by the plug-in from your specific visit will be recognized by Twitter. Twitter may assign the information collected in this way to your personal user account there. If you use the “Share” button of Twitter, for example, this information will be stored in your Twitter account and published on the Twitter platform if necessary. If you wish to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter user account.

We would like to point out that we are not aware of the content of the data transmitted or how it is used by Twitter. For more information, please see Twitter’s privacy policy at http://twitter.com/privacy. You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settings.

g) Youtube

We have included YouTube videos in our website. YouTube is an offer of YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA). YouTube is a subsidiary of Google LLC. The legal basis for this type of processing is Art. 6 para. 1 f) GDPR.

YouTube videos are embedded in our portal exclusively on the basis of YouTube’s “Extended Data Protection Mode”. According to YouTube, the “Extended Data Protection Mode” function means that the data specified below will only be transmitted to the YouTube server if you actually start a video.

Without this “Extended Data Protection Mode”, a connection to the YouTube server in the USA will be established as soon as you access one of our Internet pages on which a YouTube video is embedded. This connection is required in order to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time as well as the website you visited. In addition, a connection to the Google advertising network “DoubleClick” is established.

If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies via your Internet browser on your terminal. If you do not agree to this processing, you have the option of preventing the storage of cookies by setting it in your Internet browser. 

For more information, please visit https://support.google.com/youtube/answer/171780?hl=en in the “Turn on privacy-enhanced mode ” section.

h) Hubspot

On our website, we use HubSpot for marketing activities. HubSpot is a software company from the USA with the subsidiary HubSpot Ireland Limited (located at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). We use this integrated software solution for our own marketing and customer service purposes. This includes e-mail marketing, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. 

HubSpot uses cookies. The information collected (e.g. IP address, geographic location, browser type, length of visit and pages viewed) are analyzed by HubSpot on our behalf so that we can generate reports about the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on servers of HubSpot’s service providers. If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, the processing on this website is for the purpose of website analysis.

Since a transfer of personal data to the USA takes place, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings accordingly.

i) Salesfoce

We use the customer management system of the provider salesforce to process user requests faster and more efficiently. Information on data protection can be obtained from salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany, at https://www.salesforce.com/.

j) Nextcloud

VMRay uses Nextcloud on a local VMRay server as way to confidentially share with specific individual persons (senders or recipients) certain information relating to the use of VMRay software and/or the provision of VMRay cloud service. For users with a temporary account the retention period for the data is 3 days, for users with a regular account 30 days.

Please be aware that Nextcloud is not an archive for the submitted information. As soon as VMRay decides that any information is no longer needed for the aforementioned purpose, VMRay has the right to delete such information. It is therefore always the senders responsibility to ensure that he/she will also have the sent information stored elsewhere, if it is still needed in the future. VMRay will comply with all aspects of data protection and security, but does not assume any obligation whatsoever to “return” information. 

10) NEWSLETTER

VMRay sends it newsletter for the purpose of advertising its product and informing about our company. For the registration to our newsletter we use the double opt-in procedure. You may subscribe and consent to the receipt of our newsletter by providing us with your email address via our contact form, explicitly ticking the opt-in box underneath and by clicking the link in the confirmation mail. By clicking on the corresponding link, we process the public IP address of the computer from which the link is accessed, together with the date and time of the click. We process this data to be able to provide proof that you have confirmed receipt of our email newsletter. You may cancel the subscription by using the unsubscribe option provided in the newsletter. The data which we require as proof that you have agreed to receive the newsletter will be deleted after expiration of any legal obligation to provide this evidence. The legal basis for this type of processing is your consent according to Art. 6 para. 1 sentence 1 lid. a) GDPR.

Our e-mail newsletter is sent via the technical service provider HubSpot Ireland Limited (see above) to whom we pass on the information you provide when you register for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 sentence 1 lit. f) GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. HubSpot uses this information for the dispatch and statistical analysis of the newsletter on our behalf. 

For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected pseudonymously and is not linked to your other personal data. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical purposes, you must cancel the newsletter subscription.

Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

11) WEBINARS

We conduct regular seminar via the Internet (webinar). For this purpose we use the GoToWebinar software solution from LogMeIn, Inc (320 Summer Street Boston, MA 02210, USA).

We have a contract for contract processing with LogMeIn that requires them to protect our customers’ information.  Since personal data may be transferred to the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA. A connection will be established between you and the webinar organizer to conduct the webinar. We do not record the sound or image information transmitted during the webinar. With your participation you also confirm not to make any recordings or screen shots. You can end the session at any time by simply closing the browser window or closing the program or app. 

LogMeIn’s privacy policy is available via https://www.logmeininc.com/de/legal/privacy.

12) SECURITY

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 GDPR. Such measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation.

13) DATA PROCESSING BY THIRD PARTIES

Your personal data will not be transferred to third parties, except

• if we have explicitly pointed this out in the description of the respective data processing,

• if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR

• the disclosure pursuant to Art. 6 para. 1 sentence 1 lid. f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data,

• in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 lit. c) GDPR 

• insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR

In addition, we use external service providers for our services, which we have carefully selected and commissioned in writing. If necessary, we have concluded Data Processing Agreements in accordance with Art. 28 GDPR. 

14) TRANSFER TO THIRD COUNTRIES

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), this only takes place if it is necessary for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. 

Subject to legal or contractual permissions, we process the data in a third country only under the special requirements of Art. 44 ff. GDPR. This means, for example, processing is carried out on the basis of special guarantees, such as officially recognized contractual obligations (“EU Standard Contractual Clauses”).

15) LEGAL OBLIGATIONS

The provision of personal data for the decision to conclude a contract, for the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data as are necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

16) AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

No automated decision making or profiling pursuant to Art. 22 GDPR takes place.

17) CHANGES TO THIS PRIVACY POLICY

The continuous development of the Internet makes it necessary for us to adjust our data protection rules from time to time. We reserve the right to implement appropriate changes at any time.

18) CONTACT

If you wish to exercise your data protection rights or if you have any comments, suggestions, questions or complaints, please do not hesitate to send an e-mail to dataprotection@vmray.com.

Our Data Protection Officer, Patrick Grihn, can be contacted via:

DSBRuhr
c/o nextindex GmbH & CO. KG
Grabenstr. 12
44787 Bochum
tel.: 0049234 810 503 00
e-mail: grihn@dsb.ruhr 

Date of Privacy Policy: October 2020