In the following, we, Oviavo GmbH Wattstraße 11, 13355 Berlin (hereinafter „Oviavo“ or „we“) inform visitors to our website https://oviavo.com/ (hereinafter “Website”) and persons (hereinafter “Aspiring Members” or “Eligible Members”) who are enabled by their employer to make use of our benefits within the scope of their employment relationship in accordance with our General Terms and Conditions for Members at https://oviavo.com/terms-members (hereinafter “Oviavo Benefits”) and their partners (hereinafter collectively “Users”) about the processing of their personal data by us and by third parties commissioned by us or other third parties, as well as about the claims and rights to which data subjects are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR).
 

Personal data in the sense of the GDPR are all data relating to a specific or identifiable person, e.g. name, address, e-mail addresses, user behavior.
We provide separate information about recipients of data, including service providers commissioned by us, under section 6.


In the event that links to third-party providers are clicked on within the framework of the Website, the data protection provisions of these third parties will apply exclusively. Oviavo does not check the data protection provisions of third parties and is not responsible for further data processing.


1. Controller

The controller responsible for processing of personal data is:

Oviavo GmbH
Wattstraße 11
13355 Berlin


+49 178 3375743
privacy@oviavo.com


Data processing within the scope of Oviavo Benefits is carried out as joint controller with the respective employer (see section 6.1) and in part by the respective service providers as independent controller (see section 6.2).


We have also appointed an external data protection officer for our company. PROLIANCE GmbH, www.datenschutzexperte.de, Leopoldstr. 21, 80802, München, E-Mail: datenschutzbeauftragter@datenschutzexperte.de. If you wish to contact our external data protection officer, please mention that your request relates to Oviavo GmbH and refrain if possible from enclosing sensitive information such as a copy of an ID card with your request.


2. Data processing when visiting the Website (Logfiles), Cookies

2.1. Logfiles

Each time the Website is visited, we collect personal data that the browser used to access the Website transmits to our server. In doing so, we collect the following access data, which is technically necessary for us to display our Website and to be able to offer the content offered through it, including the Oviavo Benefits, as well as to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.


We process the aforementioned data in accordance with Art. 6 para. 1 s. 1 lit. f GDPR to protect the legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests:
● Ensuring IT security, in particular the security of the Website,
● Assertion of legal claims and defense in legal disputes.

In addition, we statistically evaluate the use of the Website by its visitors using the services of
Heap Analytics (see section 7.3 (2)) and Google Analytics (see section 7.3 (3)).


2.2. Cookies, consent management tool

Within the framework of our Website and the Oviavo Benefits we are using cookies to analyze how the Website is being used so we can improve our services and give Website visitors a more personalized experience and for statistical purposes. A cookie is a small data file that is sent to the respective device when a website is visited. When that website is visited again, the cookie allows it to recognize your browser. We also allow some of our services providers touse cookies on our Website.


We use the following types of cookies:


Technically necessary cookies. These cookies are necessary to make the Website easier for the visitors to navigate and provide access to its features. They also help us to make sure that the Website is working properly and fix any errors, and to personalize it to the visitors by remembering their preferences. Some functions of our Website cannot be offered without the use of cookies. These functions require the browser to be recognized again after switching pages. The legal basis for the collection and processing of data collected and processed by means of cookies is Art. 6 para. 1 s. 1 lit. f GDPR.


Analytics cookies. We use analytics cookies to help us understand things like how long visitors stay on our website, what pages they find most useful, and how they arrived at our Website. To do so we use the services of Heap Analytics (see section 7.3 (2)) and Google Analytics (see section 7.3 (3)).

 

We have integrated a consent management tool (hereinafter “CMT”) on our Website. The CMT provides visitors of our Website with information on the cookies used and allows them to adjust the use of these in relation to certain service providers. Visitor can also use the CMT to grant and withdraw their consent to the setting of cookies. When they enter our Website and make settings via the CMT, a necessary cookie is placed on their device in which the settings they have made are stored. The CMT is used in accordance with Art. 6 para. 1 s. 1 lit. c GDPR to obtain and document given consent to certain data processing procedures and in accordance with Art. 6 para. 1 S. 1 lit. f GDPR, due to our legitimate interest in being able to offer a convenient way to control the processing of personal data.


Oviavo informs that most web browsers allow to adjust cookie preferences in their settings. Some browsers also offer a “Do Not Track” (“DNT”) signal where preferences can be set regarding tracking and cross-site tracking. However, if the ability of websites to set cookies is limited, it may impair the overall user experience, as it will no longer be personalized.


3. Data processing when contacting us; newsletter

3.1. Contact

When contacting us (e.g. via e-mail), we process the information provided to us (e-mail address, name, telephone number, if applicable, and the content of the inquiry) in order torespond to the inquiry. The legal basis of the processing is Art. 6 para. 1 s. 1 lit. b GDPR if the subject of the inquiry is (pre-)contractual information, in accordance with Art. 6 para. 1 s. 1 lit.f GDPR if there is a legitimate interest on the part of Oviavo or in accordance with Art. 6 para.1 p. 1 lit. a or Art. 9 para. 2 lit. a GDPR if we have been provided with information that servesneither (pre-)contractual purposes nor our legitimate interests and/or contains special
categories of personal data (see section 4).


3.2. Newsletter

We will inform people who register for the Oviavo newsletter with their e-mail address about us and our services. Only a valid e-mail address is required to register for the newsletter. We use the so-called double-opt-in procedure to register for our newsletter. This means that after registration we send an e-mail to the specified e-mail address in which we ask the recipient to confirm that he or she wishes to receive the newsletter. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to document the respective consent and, if necessary, to be able to clarify a possible misuse of personal data.


After confirmation, we process the respective e-mail address for the purpose of sending the newsletter. The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file via which technical information on the browser and operating system used by the recipient, as well as the respective IP address and the time of the respective retrieval of the newsletter, are processed. We also use this information to better understand the interests of newsletter recipients and to improve our newsletters and their content.


At the end of each newsletter there is a link that can be used to unsubscribe from the newsletter at any time. The newsletter can also be unsubscribed at any time by sending a message to datenschutz@oviavo.com. Upon unsubscribing from the newsletter, the personal data stored for the purpose of providing the newsletter will be deleted, unless there is a legal obligation to retain such data.


The legal basis for sending and evaluating the usage behavior of newsletter recipients is the respective consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. This consent can only be withdrawn together for the receipt of the newsletter and the evaluation of the usage behavior.


To send our newsletter, we use the Mailchimp service of the company The Rocket Science Group, LLC (see section 7.3 (6)), to which the above data is also transmitted.


4. Data processing „Oviavo Benefits“

In the following, we provide information on the type, scope and purpose of the processing of personal data in connection with the use of Oviavo Benefits, including the Members Portal in accordance with our General T&Cs for Members at https://Oviavo.com/terms-members/ (hereinafter “User Agreement”). The use of the Oviavo Benefits is voluntary. Oviavo points out that for effective use, it is necessary for us to process personal data of Users that is as specific as possible and in some cases also very intimate. So-called “special categories of personal data” (Art. 9 GDPR) therefore also become relevant, in particular health data, data on sexual life or sexual orientation, which we may only process on the basis of the express consent of the Users concerned.


4.1. Cooperation between Oviavo and the Employer

Oviavo provides its services to Aspiring Members and Eligible Members, i.e. those employees whose eligibility has been previously determined by Oviavo’s cooperation partner (hereinafter referred to as the “Employer”).


For this purpose, the Employer provides us with the following personal data of Aspiring Members and Eligible Members in the course of the cooperation:


– Quantity of Aspiring Members and Eligible Members,
– first names and surnames,
– business e-mail addresses,
– staff numbers,
– amount of the respective Budget,
– the information that each Aspiring Member and Eligible Member is at least 18 years old;
– the information that each Aspiring Member and Eligible Member work a certain minimum number of hours per week for the Employer;
– employment start date for each Aspiring Member and Eligible Member,
– as soon as known: employment end date of the respective Aspiring Member or Eligible Member.

We require this information in order to identify the respective Aspiring Members and Eligible Members upon registration (section 2.2) and to be able to create an account for the use of the Members Portal (hereinafter “Member Account”). The above purposes also give rise to our legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f GDPR.

The cooperation between Oviavo and the Employer for the purpose of the Oviavo Benefits takes place by way of a joint controller agreement in accordance with Art. 26 GDPR (for the main contents of this agreement, see section 7.1).


4.2. Informational e-mails by Oviavo before registration

Before eligible employees register for the Oviavo Benefits (see section 4.3) we might send them information about us and/or the Oviavo Benefits to their business e-mail address. We have a legitimate interest to do so according to Art. 6 para 1 s. 1 lit. f GDPR. Recipients can stop receiving such e-mails at any time by sending an e-mail to privacy@oviavo.com or via the link at the end of each e-mail.


4.3. Registration in the Members Portal

When using the Members Portal for the first time, Aspiring Members and Eligible Members have to register with their respective business e-mail address and by choosing a password. In addition, the private address must be provided. We process this information in accordance with Art. 6 para 1 s. 1 lit. b GDPR in order to be able to offer the respective Aspiring Members and Eligible Members a secure and personal Member Account as well as individual consulting services with consideration for the local accessibility of service providers.


In addition, Aspiring Members and Eligible Members can voluntarily decide whether they would prefer to be contacted via their private e-mail address instead of the business e-mail address in the future. If a private e-mail address is stored, this is done on the basis of the express consent of the respective Aspiring Members and/or Eligible Members pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. Here we use the so-called double opt-in procedure. This means that after registration, we send the respective Member an e-mail to the private e-mail address provided, in which we ask for confirmation that the e-mail address is actually to be used. If the registration is not confirmed within 24 hours, the respective e-mail address is blocked and automatically deleted after one month. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of the procedure is to be able to prove the respective registration and, if necessary, to clarify a possible misuse of personal data.


4.4. Using the Oviavo Benefits

(1) Specification of personal information
After registration (section 4.3) and after the user agreement has been concluded (see
https://oviavo.com/terms-members, hereinafter “User Agreement”), the following additional information of the Aspiring Members and Eligible Members will be requested, which can also be given at a later time if the option “I just want to browse” is selected:


– Date of birth,
– physical sex,
– information about the desire to have children,
– information about partner situation,
– optional: Gender identity.


We process the above information pursuant to Art. 9 para. 2 lit. a GDPR on the basis of the express consent of the respective Aspiring Members and Eligible Members, which can be withdrawn at any time with effect for the future. However, we would like to point out that we can provide the Oviavo Benefits most efficiently if we are able to process as much of this information as possible.


(2) Consultations and further communication with Oviavo
Aspiring Members and Eligible Members can use the Members Portal to make an appointment for a telephone consultation with a competent Oviavo employee. For this purpose, we use a service of the service provider Calendly LLC. In this process, the name of the respective Aspiring Member or Eligible Member as well as the date and time of the booked consultation are transmitted to Calendly LLC (for more information on Calendly, see section 7.3 (4)).


All information that Aspiring Members and/or Eligible Members provide to an Oviavo employee in the context of a consultation, as well as the phone number used in each case, will be processed by Oviavo in accordance with Art. 6 para. 1 s. 1 lit. b GDPR, insofar as this is necessary for the provision of Oviavo’s services in accordance with the User Agreement and/or in accordance with Art. 6 para. 1 s. 1 lit. a or Art. 9 Para. 2 lit. a GDPR (insofar as it concerns special categories of personal data) based on the express consent of the Aspiring Members and Eligible Members.


Such information may include, in particular (as applicable):


– Type and name of health insurance,
– partner status (single, registered partnership, married, etc.),
– cycle dates,
– contraceptive methods,
– desire to have children,
– pre-existing medical conditions.


In addition, the e-mail addresses of the Aspiring Members and Eligible Members (if specified, private, otherwise business e-mail) can also be used by Oviavo to provide Members with information on the specific contractual relationship between Oviavo and the respective Aspiring Member or Eligible Member in accordance with Art. 6 para. 1 s. 1 lit. b GDPR, as well as for advertising purposes (see section 4.7).

 

(3) Partnership Declaration
Within the scope of the User Agreement, services can also be reimbursed by the Employer which – if the relevant requirements are met, in particular the submission of the Oviavo Life Partner Agreement – are provided to or together with a partner of an Aspiring Member or Eligible Member. Within the scope of the Life Partner Agreement, the contact data of the respective partner (first name/last name, private address, telephone number) as well as the respective signature of the Aspiring Member or Eligible Member and their partner will be processed by Oviavo in accordance with Art. 6 para. 1 s. 1 lit. b GDPR for the purpose of implementing the User Agreement.


In the event of a consultation with the partner, the personal data mentioned above under section 4.4 (1) and (2) will be processed by Oviavo – if applicable. The processing is carried out in accordance with Art. 6 para. 1 s. 1 lit. b GDPR, insofar as this is necessary for the provision of services by Oviavo in accordance with the User Agreement with the respective Member, and/or in accordance with Art. 6 para. 1 s. 1 lit. a or Art. 9 para. 2 lit. a GDPR (insofar as it concerns special personal data) based on the express consent of the partner to this.


(4) Contacting Service Providers through Oviavo
Insofar as this is expressly requested by an Aspiring Member or Eligible Member and/or their partner, Oviavo will contact the service provider selected in each case and transmit the necessary personal data of the Aspiring Member or Eligible Member and/or their partner to it in accordance with Art. 6 para. 1 s. 1 lit. b GDPR, insofar as this is necessary for the provision of services by Oviavo in accordance with the User Agreement and/or in accordance with Art. 6 para. 1 s. 1 lit. a or Art. 9 para. 2 lit. a GDPR (insofar as special categories of personal data are involved) on the basis of the express consent of the data subject in each case.


The transmitted information includes in particular the following:


– First name and surname,
– physical sex,
– date of birth,
– home address,
– phone number
– statutory or private health insurance
– e-mail address (business e-mail or, if voluntarily provided, private), and
– relevant additional information such as pre-existing medical conditions.


The consulting Oviavo employee will always inform the Aspiring Member or Eligible Member and/or their partner in advance about the content of the personal data to be transmitted in each case.


4.5. Reimbursement of Eligible Members’ costs by the Employer

In order for an Eligible Member to be able to claim their budget within the framework of the Oviavo Benefits, Oviavo determines the respective amount on the basis of the invoices submitted by the Eligible Member and/or other documents from which the eligible services clearly result, as well as from declarations of the competent health insurance company, if applicable. This processing is carried out in accordance with Art. 6 para. 1 s. 1 lit. b GDPR, insofar as this is necessary for the provision of services by Oviavo in accordance with the User Agreement and/or in accordance with Art. 6 para. 1 s. 1 lit. a or Art. 9 para. 2 lit. a GDPR (insofar as special categories of personal data are involved) on the basis of the express consent of the data subject in each case.

Subsequently, Oviavo informs the Employer in accordance with Art. 6 para. 1 s. 1 lit. b GDPR to what extent the Eligible Member has used their budget. However, the Employer does not receive any further information (see also section 7.1).


4.6. Analysis of the Use of the Members Portal

Oviavo will continue to collect statistical data on the use of the Members Portal by Aspiring Members and Eligible Members (and their partners, if applicable), which will be reported to the Employer in aggregated form and no conclusions can be drawn about the individual Aspiring Member or Eligible Member and their partner. This includes, for example, the following information:


– Number of registered Aspiring Members and/or Eligible Member,
– number of active Aspiring Members and/or Eligible Members (log-ins),
– number of booked phone consultation,
– amount of budget used by all Eligible Members of the respective Employer.


For the evaluation, we use the analytics processor Heap Analytics in accordance with Art. 6 para. 1 s. 1 lit. a GDPR (see section 7.3 (2)).


4.7. Feedback, user surveys, updates and notifications

Oviavo also uses the e-mail addresses of Aspiring Members and Eligible Members (where specified, private, otherwise business) to ask for feedback on the Oviavo Benefits, to participate in user surveys, as well as to send updates and notifications about the Oviavo Benefits (hereinafter “Automated E-Mails”). This is intended to improve the Oviavo Benefits and will be done only if we have received prior consent in accordance with Art. 6 para. s. 1 lit. a GDPR. The recipients of such Automated E-Mails can withdraw their consent at any time by clicking on the link at the end of an e-mail or by contacting Oviavo, e.g. via privacy@oviavo.com.


Automated E-Mails contain a so-called “web beacon”, i.e. a pixel-sized file via which technical information on the browser and operating system used by the recipient, as well as the respective IP address and the time of the respective retrieval of the Automated E-Mail, are processed. We also use this information to better understand the interests of recipients and to improve our services.


At the end of each Automated E-Mail there is a link that can be used to unsubscribe from receiving such e-mails at any time. The receipt of Automated E-Mails can also be unsubscribed at any time by sending a message to privacy@oviavo.com. Upon unsubscribing, the personal data stored for the purpose of providing those e-mails will be deleted, unless there is a legal obligation to retain such data.


The legal basis for sending and evaluating the usage behavior of e-mail recipients is the respective consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. This consent can only be withdrawn together for the receipt of Automated E-Mails and the evaluation of the usage behavior.


For sending Automated E-Mails Oviavo uses the Mailchimp service of the company The Rocket Science Group, LLC (see section 7.3 (6)), to which the above data is also transmitted.


5. Internal processing

We process the personal data mentioned above under sections 2 to 4 within the scope of administrative tasks as well as for the organization of our operations, and to comply with legal obligations, such as archiving. The legal bases for this are Art. 6 para. 1 s. 1 lit. b, c or f GDPR. Accordingly, the purpose and our interest in processing lie in the maintenance of our business activities, the performance of our legal duties and the provision of our contractual services. All data is also stored in our HubSpot customer relationship management tool (see section 7.3 (5)).


6. Storage duration

We delete the data mentioned in the above sections 2 to 4 after the storage is no longer required or restrict the processing if there are statutory retention obligations. In particular, the storage duration is determined by the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to 30 years. In particular, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO), and the German Money Laundering Act (GwG).
The retention and documentation periods specified there are 2 to 10 years.


7. Transmission of personal data to third parties

7.1. Employer as joint controller within the framework of Oviavo Benefits

The data processing operations described in section 4 above are carried out on the basis of and within the framework of a cooperation agreement between Oviavo and the respective Employer, as well as by way of joint controller within the meaning of Art. 26 GDPR and corresponding data protection legal agreement.


Oviavo points out that the Employer only receives knowledge of personal data to the extent described in this data protection declaration (see sections 4.1., 4.4.). In particular, the Employer will not receive any information about services utilized, special categories of personal data (see section 4) and/or about any existing partnerships.


The contact point for questions regarding data processing within the scope of Oviavo Benefits and for the purpose of asserting data subject rights (see section 8) is Oviavo. However, data subjects are free to also contact the respective Employer for this purpose.


7.2. Service Provider

Insofar as Oviavo transmits (special) personal data to Service Providers as described in section 4.4 (4), the subsequent processing by the service providers shall be carried out under their own and separate responsibility under data protection law.


7.3. Others/processors

Within the Oviavo company, those departments receive access to personal data that need it to fulfill our contractual and legal obligations. Processors used by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, logistics, telecommunications, debt collection, advice and consulting, and sales and marketing. Data is only passed on to third parties within the framework of legal requirements. We only transmit personal data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 s. 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR in the economic and effective operation of our business operations, or if the data subject has consented to the transmission of data pursuant to Art. 6
para. 1 s. 1 lit. a or Art. 9 para. 2 lit. a GDPR (insofar as special categories of personal data is concerned).


(1) Amazon Web Services Inc (web hoster)
Oviavo works with the external web hoster Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA (hereinafter “Amazon Web Services”), through which we are able to offer our Website and the Members Portal online and to process the data described in sections 1 to 4 securely and efficiently. In the process, all information that is generated in the course of using the Website, including the Members Portal, is transmitted to Amazon Web Services and stored there until we delete it. Amazon Web Services is certified according to the ISO 27001, ISO 27017 and ISO 27018 standards, which includes aspects such as data
security, data protection and fail-safe operation. The data centers used by Amazon Web Services are located within Germany in the Amazon Web Services Frankfurt region. Any transfer to a country outside the EU or the EEA that may be necessary in individual cases is carried out on the basis of data protection guarantees pursuant to Art. 45 et seq. GDPR, in particular in the form of a data transfer agreement containing the standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR. The use of Amazon Web Services is based on our legitimate interest pursuant to Art. 6 para 1 s. 1 lit. f GDPR in using the services of a web hoster for the provision of our services. More information on data privacy at Amazon Web Services: https://aws.amazon.com/de/privacy/.


(2) Heap Inc (web analytics)
We use Heap Analytics, a web analytics service provided by Heap Inc, 116 Natoma St, San Francisco, CA 94105, USA (hereinafter “Heap Analytics”, see also sections 2 and 4.4 (2)).


Heap Analytics uses cookies to enable an analysis of the user behavior of Website visitors (of the “Login” and “Registration” web pages) and of Members when logging in to and within the Members Portal. Cookies are small text files that are stored on the terminal device used when calling up the Website. The information generated about the use of the Members Portal includes user behavior, browser type and version, operating system used, referrer URL (the previously visited website), host name of the accessing computer (IP address) and time of server request. The information generated by the cookies about user behavior is transferred to a server of Heap Analytics in the USA within the framework of a data protection agreement
that contains the standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR and stored there until we request Heap Analytics to delete it.


The use of Heap Analytics is based on the express consent of the respective Website visitor/Member pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO.
More information on data privacy with Heap Analytics: https://heap.io/privacy.


(3) Google Analytics
Oviavo uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter collectively “Google”). Google Analytics uses “cookies”, which are text files placed on the User’s computer, to enable an analysis of the use behavior with regards to the Website and/or Members Portal. In particular, the following information is processed: Browser type/version, operating system used, referrer URL (the previously visited page), IP address, time of server request. The information generated by the cookie about the use of the website and the Members Portal will be transmitted to and stored by Google on servers in the United States. We use IP anonymization so that the respective IP address is shortened by Google within member states of the European Union or in other contracting states of the agreement on the European Economic Area (EEA) before it is transferred to a third country such as the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Any transfer to a country outside the EU or the EEA that may be necessary in individual cases takes place on the basis of data protection guarantees pursuant to Art. 45 et seq. GDPR, in particular in the form of a data transfer agreement that contains the standard data protection clauses approved by the EU Commission. On behalf of Oviavo, Google will use this information to evaluate the use of the Website and the Members Portal and to provide further services to Oviavo related to this and the use of the Internet. The (shortened) IP address transmitted by a browser as part of Google Analytics will not be merged with other Google data. The storage of cookies can be prevented by a corresponding setting of the browser software and/or our cookie banner; however, it is possible that in this case not all functions of the Website and/or the Members portal can be used to their full extent.
The use of Google Analytics is based on the express consent of the respective website visitors in accordance with Art. 6 para. 1 s. 1 lit. a GDPR.
More information on terms of use and data privacy:
http://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=en&gl=de.


(4) Calendly LLC (booking of consultations)
For simple, fast and uncomplicated booking of consultations, we use the tool Calendly by the Calendly LLC based in the USA (hereinafter “Calendly”, see also Section 4.4 (2)). When using Calendly, personal data such as name, e-mail address and phone number as well as a request for a consultation are requested. In addition, further voluntary information is possible. The information provided in the request form will be transmitted to Calendly and stored under a data protection agreement until we request deletion. The transfer of data to the USA takes place within the framework of an agreement under data protection law, which contains the standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR.


The use of Calendly is based on our legitimate interest pursuant to Art. 6 para s. 1 lit. f GDPR in using the services of a third party to simplify technical operating procedures when scheduling consultations.


More information on data privacy at Calendy: https://calendly.com/pages/privacy;
https://help.calendly.com/hc/de/articles/360007032633-DSGVO-FAQs#1.


(5) HubSpot (Customer Relationship Management)
Oviavo uses the Customer Relationship Management Tool of the processor HubSpot
(hubspot.com), 25 First Street, Cambridge, MA 02141 USA (hereinafter “Hubspot”), in order to be able to provide the services in connection with the Oviavo Benefit to the Members more quickly and efficiently. This results in a legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f. GDPR. For this purpose, the data mentioned under sections 3 and 4 are transmitted to Hubspot and stored within the scope of our instructions until we request deletion. In this context, it is possible that data will also be transferred to servers of companies affiliated with Hubspot thatare located outside the EU and the EEA (“third countries”). The transfer to such third countries
takes place within the framework of an agreement under data protection law, which contains the standard data protection clauses pursuant to Art. 46 para. it. c GDPR.
More information on data privacy at Hubspot:
https://legal.hubspot.com/de/privacy-policy
https://www.hubspot.de/data-privacy/gdpr


(6) Mailchimp (Newsletter and Automated E-Mails)

We use the Mailchimp service of the company The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA (hereinafter “Mailchimp”) to send our newsletter (see also section 3.2) and Automated E-Mails (see section 4.7). When registering for our newsletter and/or giving your consent in receiving Automated E-Mails, the e-mail address used in each case is transferred to a Mailchimp server in the USA and stored there in accordance with our instructions until the newsletter and/or the receipt of Automated E-Mails is cancelled as described in section 3.2 and 4.6. The transfer of data to the USA takes place within the framework of an agreement under data protection law, which contains the standard data
protection clauses in accordance with Art. 46 Para. 2 lit. c DSGVO.


The newsletters and Automated E-Mails contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the Mailchimp server when the respective e-mail is opened. As part of this retrieval, technical information (such as browser type and operating system, IP address and time of retrieval of our sent e-mail) is collected and also transferred to the servers of Mailchimp.


Mailchimp is used on the basis of the express consent of the respective e-mail recipients pursuant to Art. 6 para. 1 s. 1 lit. a GDPR and pursuant to Art. 6 para. 1 s. 1 lit. f GDPR due to our legitimate interest in using the services of a third party to simplify the technical operations of sending newsletter and Automated E-Mails.


Insofar as Mailchimp processes the above information for its own purposes, this is done under independent, separate responsibility under data protection law.


Further information on data privacy at Mailchimp:

https://mailchimp.com/de/gdpr/; https://mailchimp.com/help/mailchimp-european-data-transfers/.

8. Data Protection Rights

Every data subject has:


● The right to information according to Art. 15 GDPR,
● the right to rectification according to Art. 16 GDPR,
● the right to erasure according to Art. 17 GDPR,
● the right to restriction of processing according to Art. 18 GDPR, as well as
● the right to data portability under Art. 20 GDPR.


Furthermore, consent can be withdrawn at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. However, Oviavo points out that in this case, the services of Oviavo, in particular the Oviavo Benefits, can no longer be fully utilized.


The aforementioned rights can be asserted against Oviavo by sending a message to the contact details listed in section 1, in particular by e-mail to privacy@oviavo.com.


In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR) in conjunction with § 19 German Federal Data Protection Act (BDSG).


Information about the right of objection according to Art. 21 GDPR


Data subjects also have the right, pursuant to Art. 21 para. 1 GDPR, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6 para. 1 s. 1 lit. e GDPR (data processing in the public interest) and Article 6 para. 1 s. 1 lit. f GDPR (data processing on the basis of a balance of interests). Recipients may object to direct advertising by Oviavo at any time without stating reasons (Article 21 para. 2 GDPR).


After the objection has been received and the relevant conditions have been met, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject in question, or the processing serves to assert, exercise or defend legal claims.


The objection can be made form-free and no transmission costs other than those according to the prime rates are incurred. The objection is to be addressed to:


postal: Oviavo GmbH, Wattstraße 11, 13355 Berlin,
by phone: +49 15129609116,
via e-mail: privacy@oviavo.com.


Version: July 2021