Last updated 29th of May 2019
- Information about the collection of personal data
- Your Rights
- Collection of personal data when visiting our website
- Other features and offers of the website, purposes of data use
- Objection or revocation of consent to the processing of your data
- Analytics Tools
- Customer Management Tools
- Internal and External Communication Tools, Support
- Duration for which the personal data is stored
- Legal or contractual regulations for the provision of personal data
- Existence of automated decision-making
- Legal basis for data processing
- Legal basis Art. 6 I lit. f DSGVO, our legitimate interests in processing
- Further informations
- Contact Data Protection Officer
1. Information about the collection of personal data
- (1) In the following paragraphs, we will inform you about the collection, storage and use of personal data. Personal data is defined as any information which refers to you personally (regardless of whether you are identified or only identifiable from it) such as your name, postal address, e-mail address, user behaviour.
(2) elastic.io, Rabinstraße 4, 53111 Bonn Germany, email@example.com, Tel.: +49 228 53 444 222, is the legal entity that according to the Article 4, Paragraph 7 GDPR determines the purposes and means of processing personal data on this website (“Data Controller”). You can reach our Data Protection Officer under firstname.lastname@example.org or or our postal address with the reference „Data Protection Officer“ or using the contact details in the § 17.
(3) When you contact us via e-mail or via one of the contact forms on our website, we store the data that you share with us (your email address and, when applicable, your name and phone number) in order to answer your questions and to inform you about the product news via our newsletter. The latter takes place, however, only in the event of your explicit consent via the so-called Double-Opt-In procedure. When you sign up for a trial of our product, we collect and store your data (email address, first and last names and the pricing plan you opted for) to create an account for you on our platform. We delete the data entrusted to us when it is no longer necessary for fulfilling the purpose for which it was stored, or we restrict the processing if there are statutory retention obligations.
(4) In cases where elastic.io relies on commissioned subcontractors to provide individual services or wishes to use your data for advertising purposes, below you will find detailed information about the respective processes. The criteria for the storage period is equally stated below.
2. Your Rights
- (1) According to the applicable personal data protection law, you have the following rights with regards to your personal data:
- to access your personal data and to receive information about how we use it
- to have your personal data corrected and/or completed
- to have your personal data deleted
- to restrict the use of your personal data
- to object to the use of your personal data
- to withdraw your consent to the use of your personal data
- (2) In addition, you have the right to complain to a supervisory authority. The competent authority is:
North Rhine-Westphalia (NRW) State Commissioner for the Protection of Data and Freedom of Information
Phone number: +49 211 38424-0
Fax: +49 211 38424-10
3. Collection of personal data when visiting our website
- (1) In the case of a purely informative use of the website, in other words if you do not submit your data via one of our contact forms or otherwise provide us with your personal data, we will only collect the personal data transmitted by your browser in order to allow you to visit the website and to ensure the stability and security (legal basis is Article 6 Paragraph 1 Sentence 1 (f) GDPR). These data are:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Result of the request (content of a concrete page)
- Access status / HTTP status code
- Volume of data transmitted
- URL of the website from which the request came
- Browser, as well as its version and language
- Operating system and its interface
- (2) In addition to the aforementioned data, your computer stores cookies when you visit our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive. They are widely used in order to make websites work more efficiently and be more user-friendly, as well as to provide certain information. Cookies can not run programs or transmit viruses to your computer.
- (a) This website uses the following two types of cookies, the scope and functioning of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c)
(b) Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These cookies store a so-called session ID, through which different requests by your browser may be allocated to a single session. This allows your computer to be recognised when you visit our website again. Session cookies are deleted when you log out or close the browser.
(c) Persistent cookies are deleted automatically after a specified period, which may differ depending on the type of cookie. You can delete them in your browser’s security settings at any time.
(d) You may configure your browser settings according to your preferences and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out, however, that this lead to you not being able to use all functions of this website.
(f) The Flash cookies that are used will not be captured by your browser but instead by your Flash plugin. Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not wish for Flash cookies to be processed, you have to install a specific add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually.
- Cookie Notice:
- The website visitors can disable storage of cookies by deselecting “Preferences” and “Statistics” checkboxes presented in the Cookie Notice message shown upon the first visit of any webpage on www.elastic.io website.
By deselecting these checkboxes only CookieConsent = 0 cookie will be set to expire in one calendar year. This means no cookies will be set during any of the subsequent visits until the expiry date or until the visitor deletes this cookie from the local storage of the used browser.
- Cookies on the elastic.io platform:
- Our integration platform app.elastic.io has a cookie which expires in 7 days. The cookies are
5. Other features and offers of the website, purposes of data use
- (1) In addition to the purely informational use of our website, we offer various services that you can potentially use. For this purpose, you will generally be asked to provide other personal data that we will use in order to provide the services and for which the aforementioned data processing principles apply.
- (2) In addition to the above-mentioned data, elastic.io GmbH collects and stores all information that customers enter on the website or transmit to elastic.io GmbH in other ways. These data may include:
- Company name
- Your first and last names
- Job title
- Postal address
- Email address
- Phone number
- Fax number
- VAT identification number
- The pricing plan you opted for
- (3) elastic.io also uses this data for communication purposes, e.g. to share with its customers the news and updates about our products, services and customers’ orders. Additionally, elastic.io updates its records and customer accounts and uses data to recommend to customers products or services that can be of particular interest to them. This information is also used by elastic.io in order to improve the website, to prevent or detect misuse and fraud, or to enable third parties to carry out technical, logistical or other services for elastic.io.
- (4) Only in cases where you have given us your prior consent or, as far as this is legally permissible, you have not raised any objections, elastic.io uses these data for product-related surveys and other marketing purposes.
- (5) In some cases, we use services of external service providers in order to process your data. These providers have been carefully selected and commissioned by us, are bound by our instructions and are routinely monitored.
- (6) Furthermore, we may disclose your personal data to third parties in cases where we offer contracts, raffles, or similar services together with our partners. In such a case, you will receive more information when you submit your personal data or in the description of the offer.
- (7) In cases where our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences in the description of the offer.
6. Objection or revocation of consent to the processing of your data
- (1) If you have given us your consent to the processing of your data, you can revoke it at any time. Such revocation will affect the admissibility of the processing of your personal data once you have declared it to elastic.io.
- (2) You may object to the processing of your personal data if we base it on a balance of interests. In particular, this is the case if the processing is not required for the contract fulfilment with you, which is explained by elastic.io in each case in the following description of functions. If you decide to declare such an objection, we request that you stipulate the reasons why we should not process your data. In the event of a justified objection, we will examine the facts and will either cease or adjust data processing, or notify you of our compelling legitimate grounds on which the processing needs to be continued.
- (3) You may, of course, at any time object to the processing of your personal data for the purposes of advertising and data analysis. Please, you the following contact details to inform us of your objection to such cases: email@example.com, firstname.lastname@example.org.
- 7.1 Google Analytics
- Our website (www.elastic.io) uses the Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called cookies, which are text files that are stored on your computer and enable the use of the website to be analysed.
The information created by the Google Analytics cookie on your use of this website is transferred to and stored on a Google server in the USA. Google will evaluate the information provided to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
In addition, IP address anonymisation has been activated on this website so that the IP address of the users of Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened prior to its transmission. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
You can prevent the storage of cookies by deselecting the “Statistics” part of the Cookie Notice message on your first visit to our website. This will prevent Google Analytic from storing a cookie on your computer and disable the statistics collection by Google Analytics.
You can also use the corresponding setting of your browser software. However, in this case, some functionality of our website can be affected. In addition, using a browser plug-in, you can prevent that the data generated by the cookie and related to your use of the website (such as your IP address) is collected and processed by Google. This plugin can be downloaded under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
- 7.2 Google Tag Manager
- We also use the Google Tag Manager, which enables analysis and tracking tags to be managed via one interface. This works as far as the Tag Manager receives the consent from the Cookie Notice widget on our website. This consent is only given when the “Statistics” part remains checked on a Cookie Notice message on your first visit.
According to the configuration, this will trigger the Google Analytics, Freshmarketer and Heap Analytics tags to be set. The data of these tags are sent back to each corresponding analytics tool. Google Tag Manager itself does not set cookies or collects personally identifiable information. For more information, see the Google terms of service and Google privacy notices.
- 7.3 Freshworks
- We use features of the web analytics service Freshmarketer, provided by Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, United States.
The main purpose of this service is to capture the so-called heatmaps on each page of the elastic.io website and the success rate of contact forms in order to monitor, adapt and improve the performance of these website elements. In addition, Freshmarketer is occasionally used to conduct surveys on the website. In the case of the latter, only geolocation data is collected. Freshmarketer records no e-mails, names or first names. In addition, the IP anonymization was activated for Freshmarketer. We have signed a DPA with Freshmarketer by Freshworks.
Please note, the Freshmarketer is only enabled and used when the visitor gives an explicit consent by leaving the “Statistics” part checked on a Cookie Notice message during the first visit.
- 7.4 Heap Analytics
Please note, the Heap Analytics is only enabled and used when the visitor gives an explicit consent by leaving the “Statistics” part checked on a Cookie Notice message during the first visit.
- 7.5 Hotjar
- Furthermore, we use features of the web analytics provided by Hotjar, Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. This service is used mainly to capture the so-called heatmaps and scroll maps in the same way and for the same purpose how Freshworks does this (see above).
The user activity on the website is anonymized by product design, Hotjar doesn’t ever record any e-mails, last or first names, or any other information that can lead to the identification of a particular user. It collects only information on the operating system, browser, geographical origin, resolution and type of device used (laptop vs tablet vs mobile phone). The information generated by the tracking code and cookie about the user’s visit of the elastic.io website is transmitted to and stored on the Hotjar servers in Ireland. This data is not assigned to an individual and Hotjar does not share it with third parties. We have signed a DPA with Hotjar Ltd.
Please note, Hotjar is only enabled and used when the visitor gives an explicit consent by leaving the “Statistics” part checked on a Cookie Notice message during the first visit.
8. Customer Management Tools
- For customer relationship management and order management, elastic.io uses the following tools.
- 8.1 Pipedrive CRM
- To store and manage data of our clients, potential clients and any other interested parties, we use Pipedrive CRM provided by Pipedrive, Paldiski mnt 80, Tallinn 10617, Estland. The data stored on and handled with Pipedrive CRM includes email addresses and names, and may include, if provided, phone numbers, physical addresses, and other personal data (please refer to Article 3 Paragraph (1) to see what personal data is potentially stored in Pipedrive). This data is stored and processed on their secure platform, hosted either in the USA or Germany, whereas EU customers’ databases are hosted in the EU datacenter located in Frankfurt. Pipedrive may, however, transfer personal data to the USA for storage and processing by their service providers listed in the Pipedrive’s Terms of Service.
Pipedrive does not own, control or direct the use of any of the personal data stored or processed by elastic.io. Only the elastic.io employees with specific access rights are entitled to access, retrieve and direct the use of such personal data. We have signed a DPA with Pipedrive.
- 8.2 PandaDoc
- Creation and managing of proposals, offers and contract documents is handled with PandaDoc Software provided by PandaDoc, 153 Kearny St 94108, San Francisco, USA. PandaDoc collects signatures of legal documents and contracts alongside your email and the personal information that you provide for signing the documents (e.g. your full name and your position). We have signed a DPA with PandaDoc.
- 8.3 Zoho
- To manage our customer subscription information, we use ZOHO CRM provided by ZOHO CORPORATION, 4141 Hacienda Drive, Pleasanton, California 94588, USA. This includes details related to the use of the elastic.io platform that supports our billing and usage controls. The data that Zoho CRM stores at the moment is: first name, last name, email address, company name, phone number, and the pricing plan you opted for. The place of processing data is US, which makes Zoho CRM EU-U.S Privacy Shield compliant. As stated by ZOHO’s legal terms and conditions, data that is stored and processed by ZOHO CORPORATION, may be accessed by ZOHO CORPORATION PVT. LTD., Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India, on a need basis for support functions. We have signed a DPA with ZOHO CORPORATION and ZOHO CORPORATION PVT. LTD.
9. Internal and External Communication Tools, Support
- For the purpose of both internal and external communication, elastic.io uses the following tools.
- 9.1 Gmail
- E-mail communication is carried out via Gmail provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Some of Gmail’s additional extensions include: LinkedIn Sales Navigator, HubSpot Sales, ContextSmith. These are Google-approved extensions that allow us to keep track of whether emails have been opened and to display a public profile, such as a LinkedIn profile, in the Gmail program. We have completed a DPA for Gmail by Google.
- 9.2 Newsletter – MailChimp
- If customers wish to receive the newsletter from elastic.io, elastic.io will require an e-mail address and information that allows verification that the owner of the e-mail address agrees to the receipt of the newsletter (the double opt-in procedure).
Together with the subscription to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, and the date and time of registration, as assigned by the Internet Service Provider (ISP). The storage of this data is necessary to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves as legal safeguards for the Data Controller.
The personal data collected during the newsletter registration will be used only for the send-out of our newsletter. In the event of changes to the newsletter service, registration, operation or the offered content, the newsletter subscribers will be notified by e-mail.
There will be no transfer of personal data collected as part of the newsletter service to third parties, except for our e-mail service provider, MailChimp, provided by The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308 USA.
MailChimp collects only the following data: first name, last name, e-mail address, company name, company size, telephone, job title. Only the e-mail address is required. We have signed a DPA with MailChimp.
Subscription to our newsletter can be ended by the subscriber at any time. The consent to the storage of personal data given during the registration can be revoked at any time. To revoke the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time by informing the Data Controller in a different way.
- 9.3 Mandrill
- Communication with customers, partners, and other stakeholders through the elastic.io integration platform is carried out through Mandrill provided by The Rocket Science Group, LLC 675 Ponce de Leon Ave. NE Suite 5000, Atlanta, GA 30308 USA. This includes sending all alerts, messages, etc. from the elastic.io integration platform. In addition, Mandrill’s services are used for the elastic.io’s own integration connector “Email”. By default, Mandrill has access to such personal information as email addresses, names, first names, etc. We have signed a DPA with Mandrill.
- 9.4 Intercom
- Communication with customers, partners, and other stakeholders through the elastic.io integration platform is also carried out through the Intercom chat provided by Intercom, Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, United States. Intercom is used to provide technical support to the users of the elastic.io integration platform. Intercom collects personal data such as e-mail address, surname, first name, geolocation data, etc. These personal data improve the support from our side and the customer experience from the user side. We have signed a DPA with Intercom.
- 9.5 Freshdesk
10. Duration for which the personal data is stored
The customer subscription data that is stored in ZOHO CRM is deleted after six months since the first submission of this data on our website and in case of complete inactivity, i.e. provided that the user signed up but didn’t use or stopped using the elastic.io platform.
The customer and potential customer data that is stored in Pipedrive and has come through the sign-up form on our website is deleted after three years in case of complete inactivity, unless the user requires it otherwise.
If not otherwise specified, the respective statutory retention period is the criterion according to which we determine the duration of the storage of personal data. After the expiry of this period, all data will be routinely deleted if they are no longer required to fulfil the existing contractor to initiate a new contract.
11. Legal or contractual regulations for the provision of personal data
- The provision of personal data is partly required by law (e.g. by tax regulations) or may result from contractual arrangements (e.g. information on the contracting party). For example, for a contract to be concluded, it may be necessary for the person/contracting party to provide us with personal data so that we can subsequently process the request in the first place. Failure to provide personal data would mean that the contract with the person concerned cannot be closed.
Prior to any personal data being provided by the person concerned, the person concerned may contact one of our employees, e.g. our Data Protection Officer. Our employee will inform the person concerned on a case-by-case basis whether the provision of personal data is required by law or contract, or is necessary for the contract to be concluded, whether there is an obligation to provide personal data, and what the consequences of the non-provision of personal data are.
12. Existence of automated decision-making
- An automatic decision-making or profiling does not take place.
13. Legal basis for data processing
- Article 6 (1) (a) GDPR is our legal basis for processing operations, for which we obtain consent for a particular processing purpose, in particular, for the registration for the newsletter. If the processing of personal data is necessary to fulfill a contract to which the person concerned is a party, as is the case, for example, when processing operations are required for providing the elastic.io products or any other services or return services, then the processing of the data is based on Article 6 (1) (b) GDPR.
The same legal basis also covers such processing operations that are required for the implementation of pre-contractual measures, such as inquiries about our products and services.
If our company is subject to a legal obligation which requires the processing of personal data, such as fulfilment of tax obligations, then the processing is based on Article 6 (1) © GDPR.
14. Legal basis Art. 6 I lit. f DSGVO, our legitimate interests in processing
- Finally, processing operations can be based on Article 6 (1) (f) GDPR. The processing operations that are based on this legal basis are not covered by any of the legal bases referred to in § 11 if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail.
A legitimate interest can be assumed if the data subject is a customer of the Data Controller (recital 47 sentence 2 GDPR).
If the processing of personal data takes place on the basis of Article 6 (1) (f) GDPR, our legitimate interest is conducting our business activities.
15. Further informations
- The customer is aware of the fact that, due to the current state of technology, data protection in the case of data transmission on the Internet cannot yet be comprehensively guaranteed. The customer, therefore, themselves shall take care to ensure the security of the data transmitted by them via the Internet. For this reason, every person concerned is free to submit personal data to us in alternative ways, for example by telephone.
16. Contact Data Protection Officer
We also request that you contact the Data Protection Officer if you become aware of the infringement of the protection of personal data by our company or if you suspect such an activity.