Privacy Policy

This is the privacy statement of ID37 Company GmbH, represented by its managing directors Cornelia Kirschke and Thomas Staller, (hereinafter referred to as "us") (for contact details see point 1) for our website www.id37.io (hereinafter referred to jointly as "our website"). This declaration is intended to inform "you" as a visitor or"user" of our website about the type, scope and purpose of the collection, storage and use (hereinafter jointly referred to as"processing") of personal data when using our website.

"Personal data" means all data that can be related to you personally, e.g. name, address, telephone number, email address, gender, online user behavior, etc. (hereinafter jointly referred to as"Data"). The protection of your privacy is very important to us. All your data will be collected, stored and used by us in accordance with the statutory provisions and will not be passed on to third parties without your consent.”Personal data” shall not include data which are anonymized, pseudonymized or aggregated and can no longer be used to identify a specific natural person, whether in combination with other data or otherwise.

1. Who is responsible for data processing and who can I contact?

"Responsible" according to Art. 4 para. 7 EU Data Protection Basic Regulation ("GDPR"):

Mrs Cornelia Kirschke
Mr Thomas Staller
each c/o ID37 Company GmbH
Kollwitzstrasse 40,  D-10405 Berlin
Germany

Phone: +49 30 61743020

Email: hello@id37.io

2. Which data is processed?

When you contact us by email or telephone, the information you provide (if by email, then your email address and name; if by telephone, then your telephone number and name or email address) will be stored by us to answer your questions. The data arising in this context will be deleted after storage is no longer necessary, we no longer have a legitimate interest in storage or we restrict processing if there are legal storage obligations.

2.1 Collection and storage of data communicated by us:

We collect and store the following data when you provide it to us:

  • your contact details (name, address, telephone number, email address),
  • your gender (male/female/diverse),
  • your date of birth, your nationality, the country you live in,
  • your date of birth, your nationality, the country you live in ,
  • your graduation, your profession,
  • as well as company and industry etc., if applicable. (especially for commercial users),
  • and of course the results of your test (see our general terms and conditions for the use of the online services of ID37).

Your information on school qualification, occupation, company, industry, telephone number are voluntary, all other data are required for the execution of the contract. Your name will always be stored separately on another database and can only be associated with your test results via your user account.

2.2 Collection and storage of data when you visit our website:

When you access our website, the browser used on your terminal device (hereinafter"computer") automatically sends information to the server of our website. The following information is automatically recorded and stored until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Internet page from which access is made (referrer URL),
  • the browser used and the operating system of your computer as well as the name of your access provider.

2.3 Cookies

When you visit our website, we also receive some data about your use of our website vias o-called "cookies". "Cookies" are text files which are stored on your computer and which enable an analysis of the use of our website, as our website can recognize your computer via cookies. The information collected through these automatic means enables us to optimize our website for all visitors and to make continuous improvements so that the information on our website is updated and is always relevant and useful to you. 

Our website uses so-called "session cookies". Session cookies store the images, scripts, etc. of the website in the cache of your computer, which would have to reload everything permanently without these cookies.

Our website also uses so-called "tracking cookies". Tracking cookies give us information about the way you use our website and help us to evaluate this data.

Cookies remain stored on your computer until you delete them. These cookies enable us to recognize your browser the next time you visit. You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate their automatic deletion when closing the browser. If cookies are deactivated, the functionality of our website may be restricted.

Further information about cookies in general and their administration can be found e.g. at www.aboutcookies.org.

3. For what purpose will the data be processed?

The aforementioned data will be processed by us for the following purposes:

  • to contact you,
  • to transmit information that you request from us,
  • to guarantee a smooth connection setup of our website,
  • to ensure a comfortable use of our website,
  • to evaluate system safety and stability,
  • to evaluate your way of using our website via Google Analytics (see point 7).

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f) GDPR. Our justified interest follows from the purposes listed above for the collection of data. In addition, we use analysis services when you visit our website. You will find more information on this in section 7 (Google Analytics).

4. How secure is your data? How is your data stored?

4.1 Data security:

When visiting our website, we use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the bowl or lock symbol in the lower status bar of your browser.

We also make use of suitable technical and organizational security measures, see Section 4.2, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

4.2 Data storage:

Your data is stored and secured electronically and double encrypted using a combined encryption process based on asymmetric RSA and symmetric AES-256 encryption.

Access to our computer system only takes place after personal authentication of authorized persons. Our rooms are secured by an appropriate locking system within the usual limits. Our employees and such service providers, who have access to your data, are bound to secrecy in writing as required by the GDPR.

We operate a double encrypted data backup on several data carriers, one of which is not kept near the computer system. This also ensures data recovery after fire or water damage.

5. Who gets your data?

5.1 A transfer of your personal data to third parties for purposes other than those listed below does not take place in principle, i.e. we only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
  • there is a legal obligation to pass on data pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, or
  • this is legally permissible and necessary for the execution of contractual relationships with you pursuant to Art. 6 Para. 1 S. 1 lit. b) GDPR.

5.2 If you have registered with us via a Master, e.g. if a Master has entered you in our system and invited you to register with us, this Master will have access to your data, including your test results, so that the Master can evaluate your test results together with you. After you have taken your test, we will inform the Master by email that your test results are now available.

5.3 The same applies if you have registered with us on your own, but then wish to evaluate your test results together with a Master and activate the relevant Master in your user account for this purpose.

5.4 Nevertheless, the data sovereignty remains with you, i.e. you can revoke the access of a Master to your data at any time via your user account. In this case, we will never send your data and test results by email, not even to a Master, and they will only be available via our website and your user account, even for a Master.

6. Transfer of data to a third country

We will not transfer your data abroad without your further consent.

7. Use of Google Analytics

7.1 We use Google Analytics, a web analytics service for the purpose of tailoring our website to your needs and continually optimising it (the legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f) GDPR), provided by Google LLC,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,
https://www.google.de/contact/impressum.html (hereinafter referred to as "Google"). In this context, pseudonymized user profiles are created and tracking cookies are used (see Section 2.3). The information generated by a tracking cookie about your use of our website such as

  • browser type/version,
  • operating system used,
  • referrer URL (the previously visited website),
  • host name of the accessing computer (IP address),
  • time of the server request,

are shortened by Google within member states of the EU or in other signatory states to the Agreement on the European Economic Area and generally transmitted to and stored on a Google server that may not necessarily be located in the EU but also in the USA.

7.2 The information is used to evaluate the use of our website, to compile reports on our website activities and to provide further services related to our website use and internet use for purposes of market research and needs -based design of our website. The IP address transmitted by your browser as part of GoogleAnalytics is not merged with other data from Google. Google will use this information on our behalf in order to evaluate the use of our online offer, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and Internet use. Pseudonymous user profiles of the users can be created from the processed data. We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

7.3 You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. You can also prevent the collection of data generated by the cookie and related to your use of our website (including yourIP address) and the processing of this data by Google by downloading and installing a browser add-on:
https://tools.google.com/dlpage/gaoptout.

7.4 Google has adopted the EU-US Privacy Shield for the exceptional cases in which personal data is transferred to the USA, https://www.privacyshield.gov/EU-US-Framework.

7.5 More information about Google:
Terms of use: https://www.google.com/analytics/terms/gb.html, https://www.google.com/analytics/terms/us.html

Privacy policy overview: https://policies.google.com/?hl=en&gl=de,
Privacy policy: https://policies.google.com/privacy?hl=en&gl=de
Cookies: https://policies.google.com/technologies/ads
as well as in the settings for the display of advertisements by Google
https://adssettings.google.com/authenticated.

8. How long will your data be stored?

8.1 We only store your data for as long as required by legal obligations or our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR exists.

8.2 As already mentioned in Section 5.4, you retain data sovereignty, i.e. you can delete not only your user account but also your data at any time via your user account. In such a case, and also if you request us to delete your data in any other form, we will delete all your personal data and continue to store only parts of it as so-called "aggregated data" - i.e. data that is anonymised, pseudonymized or summarised - for statistical reasons, i.e. in order to be able to create anonymous profiles, and to continuously develop our test.

8.3 In addition to the test results, we only store the information on year of birth, sex, nationality, country of residence and, if available, education in anonymised or pseudonymized form, and in such a way that they can no longer be used to identify a specific natural person, whether in combination with other data or in any other way.

9. What data protection and revocation rights do you have?

9.1 You as the “person concerned” have the following data protection rights:

  • to request information about your data processed by us in accordance with Art. 15 GDPR (in particular, you may request information about the processing purposes, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details);
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of data stored by us;
  • to demand the deletion of your data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims
  • to demand the restriction of the processing of your data in accordance with Art.18 GDPR if the correctness of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person;
  • in accordance with Art. 7 Para. 3 GDPR, to revoke your consent once given to us at any time (this means that we may no longer continue the data processing based on this consent in the future), and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR (as a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office mentioned in Sec. 1).

9.2 You as the "person concerned" have the following rights of objection and revocation:

If your data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if your objection is directed against direct advertising. In the latter case you have a general right of objection, which is implemented by us without you having to state a particular situation.

If you wish to exercise your right to data protection, revocation or objection, i.e. your rights as the “person concerned”, simply send an email to hello@id37.io.