General information

Information on data protection regarding the processing of personal data on our website in accordance with Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR).

Introduction

Welcome to our website! The protection of your personal data is very important to us. In accordance with Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about how we process your personal data and what rights you have in this regard. The scope of data processing depends on the services you use or request. Please read the following information carefully to be fully informed about the use of your data in the context of contractual or pre-contractual measures.

Responsible

314 OS GmbH
Rudi-Dutschke-Straße 26
10969 Berlin, Deutschland

Handelsregister Berlin: HRB 227286 B

Managing Directors
Rawn, Benjamin David 
Druschel, Sebastian

Phone: +49 30 41738461
Mail: hello@314os.com

Data protection officer

PROLIANCE GmbH
Leopoldstr. 21
80802 München
E-Mail: datenschutzbeauftragter@datenschutzexperte.de
Website: www.datenschutzexperte.de

Principles of data processing

We process your personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG).

• Contract processing (Art. 6(1)(b) GDPR): Necessary for the performance of contracts or for the implementation of pre-contractual measures.
• Consent (Art. 6(1)(a) GDPR): For specific purposes such as marketing or data transfer to third parties, with the option of revocation.
• Legal obligation (Art. 6 (1) (c) GDPR): Processing to fulfill legal obligations.
• Legitimate interests (Art. 6 (1) (f) GDPR): Protection of our legitimate interests or those of third parties, in particular in the defense of legal claims.

Your rights at a glance

You have the following rights in relation to your personal data:

• Information (Art. 15 GDPR): Information about processed data, purposes of use, and recipients.
• Rectification (Art. 16 GDPR): Correction of inaccurate or incomplete data.
• Erasure (Art. 17 GDPR): Removal of your data, provided that there are no legal retention obligations.
• Restriction (Art. 18 GDPR): Restriction of processing under certain conditions.
• Data portability (Art. 20 GDPR): Provision of data in a commonly used, machine-readable format.
• Objection (Art. 21 GDPR): Objection to data processing for specific personal reasons.
• Right to lodge a complaint (Art. 77 GDPR): Right to lodge a complaint with a supervisory authority.

Automated decisions and profiling

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. Exceptions only exist if this is permitted by law or if you have expressly consented to it.

Provision of data

The provision of personal data is voluntary. However, it is not possible to execute a contract without certain data.

Updates to this privacy policy

We reserve the right to amend this privacy policy if necessary due to legal changes or adjustments to our services. The latest version applies in each case.

Registration & User Account

Purposes of processing

On our website, you have the option of registering for the OS/ service by providing personal data. The data you enter is transferred to an input mask, sent to us, and stored in a user account.

The creation of a user account is necessary to fulfill the contract with the user or to carry out pre-contractual measures. The service can only be used with such an account, and the booking process must be carried out within the software.

The data collected is used for the one-time creation of the account, the personalization of the service, and the sending of contract-related emails.

Categories of personal data

The following personal data is collected during registration:

• Name
• E-Mail-Adresse
• IP-Adresse
• Zeitstempel
• Freiwillige zusätzliche Angaben zum User und zum Unternehmen (Branche, Einsatzzweck des Dienstes)

Legal basis for processing

This data is processed in accordance with Art. 6 para. 1 lit. b GDPR, as it is necessary for the performance of the contract.

Recipients of the data

The account data is processed by our qualified infrastructure service providers, who ensure the operation of OS/.

We use Amazon Web Services (AWS) for hosting infrastructure components and storing data. AWS is ISO 27001 certified and guarantees server locations in the EU.

‍Amazon Web Services EMEA SARL
One Burlington Plaza, Burlington Road
Dublin 4, D04 RH96, Irland

AWS guarantees an adequate level of protection. A contract with standard contractual clauses ensures that AWS processes user data exclusively in accordance with our instructions and in compliance with EU data protection standards.

Duration of data storage

The data is stored for the purpose of contract execution. The deletion of the account is initiated by the user.

Login with Google or Microsoft

An existing Google or Microsoft account can be used for login and registration.

There are buttons for this on the registration or login page. After clicking on them, a new window opens in which the user authenticates themselves with the login details of the respective provider. The user then selects which data is to be transmitted for registration. The following are required:

• Name
• E-Mail-Adresse
• Profilbild

The data will only be stored and used after the user has given their express consent. There is no further connection between the OS/user account and the external account (Google, Microsoft) beyond the authentication process.

To carry out the authentication process, the IP address is transmitted to the respective provider. We have no influence on the scope of data collection and further processing by the respective provider. Further information can be found in the providers' privacy policies:

Google Inc.1600 Amphitheater Parkway,Mountain View, Kalifornien 94043, USA Datenschutzerklärung

Microsoft CorporationOne Microsoft Way,Redmond, WA 98052-6399, USA Datenschutzerklärung

‍

Subscription & Billing

Purposes of processing

As part of the subscription and billing process, we process inventory and contract data to fulfill our contractual obligations and to self-administer the booked subscription.

We use the payment provider Stripe for this purpose.

Categories of personal data

The inventory data includes names and contact details of contact persons as well as contract data, e.g., for services used, payment transaction data, and data for sending invoices.

Legal basis for processing

The legal basis for the processing of the data is the necessity for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Recipients of the data

We use Stripe for payment processing via SEPA direct debit and credit card payments.

Stripe Inc.
510 Townsend Street
San Francisco, CA 94103, USA
Privacy Policy: https://stripe.com/de/privacy

Stripe ensures an adequate level of protection, and we have entered into a contract with Stripe containing standard contractual clauses. This obliges Stripe to process user data exclusively in accordance with our instructions and to comply with EU data protection standards.

Duration of data storage

The termination and deletion of the account is initiated by the user, unless legal requirements stipulate a longer storage period.

Marketing performance measurement

Purposes of processing

We use marketing services to efficiently manage our marketing activities for our online offering. These enable us to display advertisements based on actual interest and to measure the success of our marketing measures.

Processing within the service only takes place during a free trial or test period.

Categories of personal data

The following personal data is automatically transmitted by your browser:

• IP address
• Timestamp
• Content of the request (page accessed)
• Access status
• Transferred data volumes
• Origin page of the request
• Cookies with tags for clicked advertising campaigns
• Browser type and version
• Operating system
• Language settings

Legal basis for processing

The processing of this personal data is based on consent pursuant to Art. 6 (1) (a) GDPR, which is obtained when the user is asked about the use of cookies for marketing and retargeting purposes.

Recipients of the data

Google-Re/Marketing-Services

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy

Google Marketing Services enable us to display advertisements specifically to users who are potentially interested in our offers. This includes, in particular, so-called "remarketing." When you visit our website or other websites on which Google Marketing Services are active, a code from Google is executed and a cookie is set. This allows information about visited websites, interests, clicked offers, and technical details such as browser and operating system to be collected.

Data processing by Google is pseudonymized, i.e., no directly identifiable information is stored. For more information on Google's use of data for marketing purposes, please visit: https://policies.google.com/technologies/ads. You can disable interest-based advertising by Google at: https://adssettings.google.com/authenticated.

Facebook Custom Audiences and Facebook Marketing Services

Facebook Inc.
1 Hacker Way
Menlo Park, CA 94025, USA
Privacy Policy: https://www.facebook.com/policy.php

We use Facebook Custom Audiences to show visitors to our website relevant advertisements (Facebook Ads) on Facebook and other websites. This automatically connects your web browser to Facebook's servers. If you are registered with Facebook, Facebook can assign the visit to your user account. Processing is pseudonymized so that no direct conclusions can be drawn about you as a person.

For more information, visit: https://www.facebook.com/about/privacy. You can disable Facebook Custom Audiences at: https://www.facebook.com/settings/?tab=ads#_.

LinkedIn Insight Tag

LinkedIn Corporation
2029 Stierlin Court
Mountain View, CA 94043, USA
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy

The "LinkedIn Insight Tag" enables us to analyze campaign success on LinkedIn and define target groups for advertisements. If you are logged in to LinkedIn, LinkedIn can assign your interaction with our online offering to your user account.

You can object to the use at:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Bing Ads

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399, USA
Datenschutzerklärung: https://privacy.microsoft.com/de-de/privacystatement

We use Bing Ads to analyze advertising measures. Microsoft stores pseudonymized usage profiles. If you want to prevent Microsoft from using your data, you can do so at: https://choice.microsoft.com/de-DE/opt-out.

Support & Help

Purposes of processing

As part of our service, we offer users various forms of assistance to help them use the software efficiently and resolve problems quickly. In doing so, we collect personal data, which is used exclusively for processing the request and for statistical evaluations of support usage.

Intercom – Support Chat

Users have the option to chat with our support team within the service to quickly resolve questions and concerns. We use Intercom's chat service for this purpose. When the service is loaded, a script application from Intercom is automatically loaded, which transmits the IP address and other browser information to Intercom.

When a chat is started, account information such as name, email address, language, associated customer, and the content transmitted as part of the request is automatically processed.

The legal basis for processing is the fulfillment of a contract pursuant to Art. 6 (1) (b) GDPR, as support is an essential part of our software service.

Intercom Inc.
55 2nd Street, 4th Floor,
San Francisco, CA 94105, USA
Privacy Policy: https://www.intercom.com/legal/terms-and-policies#privacy

Intercom ensures an adequate level of data protection, and we have entered into a contract with standard contractual clauses to ensure that user data is processed in accordance with our instructions and in compliance with EU data protection standards.

Requests will be deleted once the matter has been clarified. User profiles remain stored until the account is terminated and deleted.

Intercom – Helpcenter

We use Intercom to provide our help page. Since the service is hosted by Intercom, personal data is automatically transmitted when the page is accessed.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO.

Intercom – Onboarding messages

Intercom is used to send emails and guides to help new users get started with the software. Movement profiles are created to provide targeted messages to relevant users.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO.

Intercom – Update news & training materials

Intercom is used to provide information about updates and training materials. Users can opt out of receiving such messages at any time by clicking the unsubscribe link in the email.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO.

Intercom – Support Request Management

Support requests are processed as tickets in Intercom. If necessary, a separate account can be created for managing support requests.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO.

Atlassian – Status-Page

We use Atlassian's service to provide information about the system status. When the status page is accessed, the IP address and browser data are transmitted. Users can register for status notifications by email.

Atlassian Inc.
350 Bush Street, Floor 13
San Francisco, CA 94104, USA
Datenschutzerklärung: https://www.atlassian.com/de/legal/privacy-policy

Atlassian ensures an adequate level of data protection and stores the email address for status notifications until consent is revoked.

Further information on data processing can be found in the privacy policies of the respective providers.

Analytics for product improvement

Purposes of processing

When you use our service, we collect user movement data in order to make continuous improvements. This data helps us to better understand user behavior and analyze the functions used.

Categories of personal data

Event data on the use of certain functions and the associated page views are recorded. These include:

• Pseudonymized account information
• Event type
• Timestamp
• IP-Adresse
• Browser-specific information

Legal basis for processing

The data is processed on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR in order to continuously improve our service.

Recipients of the data

The collected data is processed by Google Analytics, a platform for product analytics. Processing is pseudonymized on Google's servers and is used for statistical evaluation.

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA

Google guarantees an adequate level of data protection, and we have entered into a contract with Mixpanel containing standard contractual clauses, whereby Mixpanel undertakes to process user data exclusively in accordance with our instructions and in compliance with EU data protection standards.

Duration of data storage

The collected data will be automatically deleted after 12 months.

Contacting customers and sales activities

Purposes of processing

During registration, we collect account data as well as information on the qualification of companies as part of our sales activities. This data is processed using HubSpot, a customer relationship management (CRM) software for contact and deal management.

Categories of personal data

The following data is collected and processed:

• Contact information (name, email address)
• Company-related data (industry, company size, intended use)
• Notes from conversations
• Email correspondence

This data is stored on HubSpot's servers.

Legal basis for processing

Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in order to efficiently handle user inquiries, manage existing customers, and establish new customer relationships.

Recipients of the data

HubSpot, Inc.
25 First Street
Cambridge, MA 02141, USA
Datenschutzerklärung: https://legal.hubspot.com/de/privacy-policy

Duration of data storage

The data will only be stored for as long as there is an active contract initiation process.

You can object to the processing of your data at any time by sending an email to hello@goos.cloud.

Performance measurement

Purposes of processing

To ensure system operation, we record the performance of the individual infrastructure components of the service. In order to identify possible causes, such as increased user request loads, personal data is processed in the form of server requests.

Pseudonymized processing is carried out via the Amazon Web Services (AWS) service.

Categories of personal data

The processed data includes:

• Address and type of the respective server request
• Timestamp
• Transferred data
• Status messages about successful retrievals
• Browser version
• IP address

Legal basis for processing

The legal basis for processing is the necessity to fulfill a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Recipients of the data

Amazon Web Services EMEA SARL
One Burlington Plaza, Burlington Road
Dublin 4, D04 RH96, Irland

AWS guarantees an adequate level of data protection. We have concluded a contract with AWS containing standard contractual clauses, whereby AWS undertakes to process user data exclusively in accordance with our instructions and in compliance with EU data protection standards.

Duration of data storage

The data is stored for the purpose of contract execution. The account is deleted at the user's request.

Error-Tracking

Purposes of processing

We record errors that occur during system operation for early detection of malfunctions and efficient troubleshooting in the application.

The pseudonymized processing of the data is carried out by Amazon Web Services (AWS).

Categories of personal data

The data collected includes:

• Address and type of the respective server request
• Timestamp
• Transmitted data
• Status messages about successful retrievals
• Error message and stack trace
• Browser version
• IP-Adresse

Legal basis for processing

Processing is carried out on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR to ensure error-free system operation.

Recipients of the data

Amazon Web Services EMEA SARL
One Burlington Plaza, Burlington Road
Dublin 4, D04 RH96, Irland

AWS guarantees an adequate level of data protection. We have concluded a contract with AWS containing standard contractual clauses to ensure data protection-compliant processing.

Duration of data storage

The data will be deleted as soon as it is no longer needed for error analysis or statistical evaluation.

Log-Files

Purposes of processing

We collect server log files for security purposes, to track data changes, and to identify problems during operation and product development.

Pseudonymized processing is carried out by Amazon Web Services (AWS).

Categories of personal data

The data collected includes:

• Address and type of the respective server request
• Timestamp
• Transferred data
• Status messages about successful retrievals
• Browser version
• IP-Adresse

Legal basis for processing

Processing is carried out on the basis of the necessity to fulfill a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Recipients of the data

Amazon Web Services EMEA SARL
One Burlington Plaza, Burlington Road
Dublin 4, D04 RH96, Irland

AWS guarantees an adequate level of data protection. We have concluded a contract with AWS containing standard contractual clauses to ensure data protection-compliant processing.

Duration of data storage

Log files are stored for a maximum of three months and then deleted. Data that must be retained for evidentiary purposes is excluded from automatic deletion.

Google Sheets Export (Add-on)

Purposes of processing

OS/ offers a Google Sheets add-on that allows users to export data from OS/ to a Google spreadsheet. The add-on enables export to a spreadsheet selected by the user or newly created.

No data from Google Sheets is imported or stored in OS/ – data flows exclusively from OS/ → Google Sheets.

Authentication

The connection between OS/ and Google Sheets is established via OAuth 2.0. When installing the add-on, the user grants authorization for the requested access via the Google login dialog. OS/ receives an access token from Google, but no Google login details (password). The user can revoke the permissions granted at any time at https://myaccount.google.com/permissions.

Data security

Data transfer between OS/ and Google Sheets takes place exclusively via encrypted HTTPS connections. Access tokens are stored securely and are not passed on to third parties.

Categories of personal data

The add-on accesses the following data:

• Contents of the spreadsheet selected by the user (write access only)
• Add-on-specific configuration data (e.g., connection settings)

Legal basis for processing

Processing is based on the consent given by the user when installing the add-on in accordance with Art. 6 (1) (a) GDPR.

Recipients of the data

Data is transferred directly between OS/ and the Google Sheets API. It is not passed on to any other third parties.

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
Datenschutzerklärung: https://policies.google.com/privacy

Sharing of Google user data

Google user data will not be disclosed, shared, transferred, or disclosed to third parties unless this is necessary for the provision of the service or required by law.

Duration of data storage

OS/ does not store any data from Google Sheets. The data exported to the spreadsheet is subject to Google's storage and deletion policies.

Additional services

Google Drive & OneDrive storage

OS/ offers the option of linking files from Google Drive. OS/ does not store any data in cloud storage and, conversely, does not receive any personal data from these services.

Authentication takes place directly with the provider. OS/ does not process any access data. Google Drive only provides file information such as link, type, size, and name for the link.

Legal basis: Art. 6(1)(b) GDPR

For more information, please refer to Google's privacy policy.

OpenAI

OpenAI does not process any personal data unless this is necessary to perform the respective service. Authentication and any access data are not stored or processed by OpenAI.

OpenAI only receives and processes the information necessary for the respective application and does not store any additional data. Personal data is only processed in accordance with legal requirements.

Legal basis: Art. 6(1)(b) GDPR

Further information can be found in the Datenschutzerklärung von OpenAI.

DocuSign – Contract signings

OS/ uses HubSpot for digital signatures when concluding contracts. HubSpot enables electronic signing and traceability of contracts.

Legal basis:

• Art. 6 Abs. 1 lit. b DSGVO (Conclusion of contract)
• Art. 6 Abs. 1 lit. f DSGVO (Documentation and verification purposes)

For more information, please refer to HubSpot's privacy policy.

HubSpot, Inc.
25 First Street
Cambridge, MA 02141, USA
Privacy Policy: https://legal.hubspot.com/de/privacy-policy

Duration of data storage

The data will be stored for as long as it is necessary for the fulfillment of the contract, provided that there are no longer statutory retention obligations.