This page contains GraphCMS privacy policies.
We, GraphCMS GmbH, Am Urnenfeld 35, 35396 Gießen, Germany (hereinafter "we/our"), take the protection of your personal data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the German Data Protection Act (Bundesdatenschutzgesetz - BDSG) and the German Telemedia Act (Telemediengesetz - TMG). The following explanations will give you an overview of how we ensure this protection and which data we process for which purpose.
The Controller within the meaning of Art. 4 No. 7 of the GDPR is:
GraphCMS GmbH Am Urnenfeld 35 35396 Gießen Germany
Phone: +49 641 580 988 14 Email: firstname.lastname@example.org
The data protection officer of the person responsible is: Michael Lukaszczyk
You have the following rights towards us regarding your personal data:
Please send an email to email@example.com in order to exercise one or more of the aforementioned rights. If you believe that the processing of personal data concerning you violates the GDPR, you have the right of appeal to a supervisory authority, without prejudice to any other remedies.
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to provide stability and security (legal basis is Art. 6 para. 1 s. 1 lit. f GDPR):
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use. Through these cookies we receive certain information from you. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.
We process and store your personal data only for the period necessary to achieve the storage purpose or insofar as required pursuant to applicable laws. If the storage purposes ceases to apply or if a storage period stipulated by applicable laws expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
The criterion for the duration of the storage of your personal data is the respective legal retention period. After expiry of this period, the corresponding data will be routinely deleted, provided that they are no longer required for contract fulfilment or contract initiation or other legitimate interests.
a. This website uses the following types of cookies, the scope and functioning of which are explained below:
b. Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. Please note that you may not be able to use all functions of this website.
The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that an identification can be ruled out. As a result, insofar as the data collected about you enable an identification, such possibility will be excluded immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit. f GDPR.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
We offer a chat for our users as an additional option for our users to communicate with us via our website. The information set forth in section 4 is processed in connection with your use of the chat function. Legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
We use the external service provider Intercom, Inc. for the provision of the chat function. The processing of your personal data by Intercom, Inc. is based on an agreement on data protection and data security that complies with legal requirements. Intercom, Inc. has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
If you want to use our service “GraphCMS”, you have to sign up with your email-address, a password and your name. We use the so-called double opt-in procedure for sign up, i.e. your registration is not complete until you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received, your registration will be automatically deleted from our database.
We process the personal data only for and in connection with the provision of GraphCMS.
We use your email address to provide you with information about updates of GraphCMS via our regular newsletter. You can revoke your consent to receive our newsletter at any time by using the respective link in the newsletter or sending an email to firstname.lastname@example.org.
The legal basis for the processing of mandatory personal data in relation to the use of GraphCMS is Art. 6 para. 1 s. 1 lit. b GDPR; the legal basis for voluntary personal data is Art. 6 para. 1 s. 1 lit. a GDPR.
We use services and storage systems of external service providers for the provision of GraphCMS. These service providers have access to the personal data you upload to GraphCMS. The processing of your personal data by the respective service provider is based on an agreement on data protection and data security that complies with legal requirements.
These service providers are categorized as follows:
Some of the external service providers are located in the USA so that your personal data is transferred to the USA. In order to secure an appropriate data protection level, the service level providers have either submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework or we have concluded data protection agreements with these service providers based on the EU standard clauses, https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN.
Last updated: 23.05.2018