Privacy Policy

We, Applause Inc., provide the English Applause-website under the web address www.applause.com.

In context with the website and the services provided on the website we process personal data.

The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR).

In Section A of this Data Protection Information you find information on the controller of your personal data, their representative and the data protection officer of the controller.

In Section B you find information about the processing of your personal data.

In Section C you find more detailed information on the use of cookies or similar technologies.

In Section D you further find information on your rights regarding the processing of your personal data.

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation. You find more detailed information about this in Section E.

TABLE OF CONTENTS

A. Information on the controller
I. Identity and contact details of the controller

II. Identity and contact details of the controller’s representative.

III. Contact details of the controller’s data protection officer.

B. Information on the processing of personal data.

I. Informational use of the website.

II. Use of online contact forms.

III. Use of online job application forms.

IV. Use of web analysis technologies.

V. Use of web tracking technologies.

C. Information on the use of cookies.

D. Information on the rights of data subjects.

I. Right of access.

II. Right to rectification.

III. Right to erasure (“right to be forgotten”).

IV. Right to restriction of processing.

V. Right to data portability.

VI. Right to object.

VII. Right to withdraw consent.

VIII. Right to lodge a complaint with a supervisory authority.

E. Information about the General Data Protection Regulation terminology used in this information.

F. Effective date of and changes to this Data Protection Information.

A. Information about the data controller

I. Name and contact details of the data controller
Applause App Quality, Inc

100 Pennsylvania Ave., Framingham, MA 01701, United States
PrivacyDPO@applause.com
+1-844-300-2777

II. Identity and contact details of the controller’s representative
Applause GmbH
Obentrautstr. 72, 10963 Berlin, Germany

+49 (0)30 57700400
PrivacyDPO@applause.com

III. Contact details of the controller’s data protection officer

Applause Data Protection Officer
c/o Applause App Quality, Inc., 100 Pennsylvania Ave., Framingham, MA 01701, United States
PrivacyDPO@applause.com +1-844-300-2777

B. Information on the processing of personal data

I. Informational use of the website

When the use of the website is purely informational, certain information, for example your IP address, is sent to our server by the browser used on your device for technical reasons. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a so-called “web server log file”.

You receive more detailed information on this below:

1. Details on the personal data that are processed

Categories of personal data that are processed Personal data included in the categories Data source(s) Obligation to provide the data Storage duration
HTTP Data. Protocol data which accrue when visiting the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons.

These include IP address, type and version of your internet browser, operating system used, last site accessed before visiting the site (referrer URL), date and time of visit.
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot provide the requested website content.
Data are stored in server log files in a form allowing the identification of data subject for a maximum period of 7 days, unless any security related event occurs (e.g. a DDoS attack).

If there is a security related event, server log files are stored until the security relevant event has been eliminated and resolved in full.

2. Details on the processing of personal data

Purpose of processing the personal data Categories of personal data that are processed Automated decision-making Legal basis, and, if applicable, legitimate interests Recipient
Provision of the website content requested by the user:

For this purpose, data are temporarily processed on our web server.
HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation (balancing of interests).

Our legitimate interest is the provision of the website content requested by the user.
Hosting provider.
Ensuring the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and conclusive documentation of faults (e.g. DDoS attacks):

For this purpose, Data are temporarily stored and evaluated in log files on our web server.
HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation (balancing of interests).

Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and conclusive documentation of faults (e.g. DDoS attacks).
Hosting provider.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations
Hosting provider:Amazon Web Services, Inc.410 Terry Avenue NorthSeattle WA 98109United States Processor United States Amazon Web Services is certified under the EU-US Privacy Shield.

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield.

II. Use of online contact forms
We offer you the possibility on the website to contact us using contact forms. We process the information provided by you in the contact forms to process your request. Where applicable, we also store the information for evidence purposes for any assertion, exercise or defence of legal claims or in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations.

When the contact forms on our website are used certain information, for example your IP address, is for technical reasons sent to our server by the browser used on your device. We process this information in order to provide the contact forms on our website and to ensure the security of the IT infrastructure used to provide the contact form.

You receive more detailed information on this below:

1. Details on the personal data that is processed

Categories of personal data that are processed Personal data included in the categories Data source(s) Obligation to provide the data Storage duration
Contact Form HTTP Data. Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the contact forms on our website are accessed.

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

Not providing this data means that we cannot provide the requested Website content.
Data are stored in server log files in a form allowing the identification of data subject for a maximum period of 7 days, unless any security related event occurs (e.g. a DDoS attack).

If there is a security related event, server log files are stored until the security relevant event has been eliminated and resolved in full.
Contact Form Data. Data you provide us with in website contact forms.

These include title, first name, last name, street, house number, postal code, city, country, e-mail address, your request, your message (mandatory), telephone number, order number (voluntary).
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the mandatory data is not provided, we cannot process your request.
Data are stored until your request has been dealt with.

We store these data for evidence purposes for the assertion, exercise or defence of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until such have been concluded.

We also store this data to the extent that statutory obligations require us to do so, in particular commercial and tax law document retention obligations.

2. Details on the processing of the personal data

Purpose of processing the personal data Categories of personal data that are processed Automated decision-making Legal basis, and, if applicable, legitimate interests Recipient
Provision of the contact forms on the website.

For this purpose data are processed temporarily on our web server.
Contact Form HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation) (balancing of interests).

Our legitimate interest is the provision of the website content requested by the user.
Hosting Provider.
Ensuring the security of the IT infrastructure used for the provision of the form, in particular for the detection, elimination and conclusive documentation of disruptions (e.g. DDoS attacks):

For this purpose, data are temporarily stored and evaluated in log files on our web server.
Contact Form HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation) (balancing of interests).

Our legitimate interest is ensuring the security of the IT infrastructure used to provide the website, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).
Hosting Provider.
Processing of your request.

If your request concerns other companies of the Applause group, this may include forwarding your request to the relevant Applause entity.
Contact Form Data. No automated decision-making takes place. If your request concerns a contract to which you are party or the performance of pre-contractual measures: Article 6 paragraph 1 point (b) of the General Data Protection Regulation (performance of a contract to which the data subject is party or steps at the request of the data subject prior to entering into a contract).

Otherwise: Article 6 paragraph 1 point (f) of the General Data Protection Regulation. (balancing of interests).

In this case, our legitimate interest is the processing of your request.
Customer database provider,Applause companies.
Storage and processing for evidence purposes for any assertion, exercise or defence of legal claims. Contact Form Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation. (balancing of interests). Our legitimate interest is assertion, exercise or defence of legal claims. Customer database provider.
Storage of data in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations. Contact Form Data. No automated decision-making takes place. If storage is required to comply with EU law or EU Member State law, the legal basis is point (c) of Article 6 paragraph 1 of the General Data Protection Regulation (compliance with a legal obligation)

If storage is required to comply with other laws and/or regulations, the legal basis is point (f) of Article 6 paragraph 1 of the General Data Protection Regulation (balancing of interests). Our legitimate interest is the compliance with the relevant laws and/or regulations.
Customer database provider.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations
Hosting provider:

Amazon Web Services, Inc.410 Terry Avenue NorthSeattle WA 98109United States
Processor United States Amazon Web Services is certified under the EU-US Privacy Shield.

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield.
Customer database provider:

Salesforce.com, Inc.The Landmark @ One Market. Suite 300, San Francisco, CA 94105, United States

Marketo, Inc.901 Mariners Island Boulevard, Suite #500 (Reception), San Mateo, CA 94404United States
Processor United States Salesforce is certified under the EU-US Privacy Shield.

Marketo is certified under the EU-US Privacy Shield.

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield.
Applause companies:

Applause GmbHObentrautstr. 7210963 Berlin Germany

Applause App Quality UK Ltd.3rd Floor 12 Gough Square, London, England, EC4A 3DWUnited Kingdom
Controller EU -

III. Use of online application forms
We offer you the possibility on the website to contact us using online job application forms. We process the information provided by you in the job application forms to process your application. Where applicable, we also store the information for evidence purposes for any establishment, exercise or defense of legal claims or in order to meet statutory document retention obligations.

When the application forms on our website are used certain information, for example your IP address, is for technical reasons sent to our server by the browser used on your device. We process this information in order to provide the application forms on our website and to ensure the security of the IT infrastructure used to provide the application form.

You receive more detailed information on this below:

1. Details on the personal data that is processed

Categories of personal data that are processed Personal data included in the categories Data source(s) Obligation to provide the data Storage duration
Application Form HTTP Data. Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the application forms on our website are accessed.

These include IP address, type and version of your internet browser, operating system used, last site accessed before visiting the site (referrer URL), date and time of visit.
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot provide the requested website content.
24 months.
Application Form Data. Data that you provide us with in the job application forms on the website.

These include the information you provide in the relevant application on the website. This can above all include the following data: first and last name, e-mail address, telephone number, covering letter, additional information, links to your profiles in social networks (e.g. LinkedIn, Facebook).
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we may not be able to process your application.
At least for the duration of the application process. After completion of the application process for a maximum of 3 months, unless the applicant has consented to longer storage in order to be informed about future potential vacancies.

2. Details on the processing of the personal data

Purpose of processing the personal data Categories of personal data that are processed Automated decision-making Legal basis, and, if applicable, legitimate interests Recipient
Provision of the job application forms on the website.

For this we use the recruiting tool Hirebridge offered by Hirebridge.
Application Form HTTP Data. No automated decision-making takes place. Point (f) of Article 6 paragraph 1 of the General Data Protection Regulation (balancing of interests). Our legitimate interest is providing the website content requested by the user. Application management provider.
Ensuring the security of the IT infrastructure used for the provision of the form, in particular for the detection, elimination and conclusive documentation of disruptions (e.g. DDoS attacks):

For this purpose, data are temporarily stored and evaluated in log files on our web server.
Application Form HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation) (balancing of interests).

Our legitimate interest is ensuring the security of the IT infrastructure used to provide the website, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).
Application management provider.
Processing your application.

If your application concerns other companies of the Applause group, this may include forwarding your application to the relevant Applause entity.
Application Form Data. No automated decision-making takes place. Article 6 paragraph 1 point (b) of the General Data Protection Regulation (steps at the request of the data subject prior to entering into a contract). Application management provider, Applause companies.
Storage and processing for evidence purposes for any assertion, exercise or defence of legal claims Application Form Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation. (balancing of interests). Our legitimate interest is assertion, exercise or defence of legal claims. Application management provider.
Storage of data in order to meet statutory document retention requirements. Application Form Data. Application Form Data. No automated decision-making. If storage is required to comply with EU law or EU Member State law, the legal basis is point (c) of Article 6 paragraph 1 of the General Data Protection Regulation (compliance with a legal obligation).

If storage is required to comply with other laws and/or regulations, the legal basis is point (f) of Article 6 paragraph 1 of the General Data Protection Regulation (balancing of interests). Our legitimate interest is the compliance with the relevant laws and/or regulations.
Application management provider.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations
Application management provider:

Hirebridge, LLC3200 N University Dr #214 Coral Springs, FL 33065United States
Processor United States Hirebridge is certified under the EU-US Privacy Shield.

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield.
Applause companies:

Applause GmbHObentrautstr. 7210963 Berlin Germany

Applause App Quality UK Ltd.3rd Floor 12 Gough Square, London, England, EC4A 3DWUnited Kingdom
Controller EU -

IV. Use of web analysis technologies

If you have given your consent to this, we use web analysis technologies on the website in order to record and analyze the usage behavior on our website to improve the website and better achieve the objectives of the website (e.g. frequency of visits, increase in number of page visits).

You will find more detailed information on this in the following:

1. Details on the personal data that is processed

Categories of personal data processed Personal data included in the categories Sources of data Obligation to provide the data Storage duration
Google Analytics HTTP Data. Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool Google Analytics is used.

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out a web analysis by means of Google Analytics.
IP anonymisation is used on this website for the use of the web analysis tool Google Analytics. This means that the IP address transmitted via the browser for technical reasons is anonymised before being stored by shortening the IP address (by deleting the last octet of the IP address).

Other HTTP Data are stored for 26 months.
Google Analytics Profile Data. Data generated by the web analysis tool Google Analytics and stored in pseudonym usage profiles.These include a unique visitor ID for recognising returning visitors, data about the use of the website, in particular page visits, frequency of visits and time spent on the pages visited. Generated autonomously. - 26 months

2. Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient
Improvement of the website and further achievement of the objectives of the website (e.g. increase in number of page visits).

For this purpose, the behaviour of users on our website is recorded and analysed in pseudonymised form. Users of the website are marked in pseudonymised form so that they can be recognised again on the website. Pseudonymised usage profiles are created from this information. The pseudonymised usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to examine where users come from, which areas of the website they visit and how often and how long which subpages and categories are looked at.

For these purposes we use the web analysis tool Google Analytics provided by Google.
Google Analytics HTTP Data, Google Analytics Profile Data. No automated decision-making takes place. Article 6 paragraph 1 point (a) of the General Data Protection Regulation (Consent). Web analysis provider.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations
Web analysis provider:

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Processor. USA Google is certified under the EU-U.S. Privacy Shield.

An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield.

V. Use of web tracking technologies

If you have granted your consent to this, we use web tracking technologies on the website in order to record and analyze usage behavior on our website for the purposes of (conversion) tracking and (re-)targeting.

You will find more detailed information on this in the following:

1. Details on the personal data that is processed

Categories of personal data processed Personal data included in the categories Sources of data Obligation to provide the data Storage duration
Google AdWords HTTP Data. Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web tracking tool Google AdWords is used.

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.
User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.If the data is not provided, we cannot carry out any web tracking by means of Google AdWords. 30 days.
Google AdWords Profile Data. Data collected by the web tracking tool AdWords and stored in pseudonymised usage profiles.

These include a unique visitor ID for recognising returning visitors, data about the use of the website, in particular page visits, frequency of visits and time spent on the pages visited.
Generated autonomously. - 30 days.

2. Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient
Conversion tracking:

For this purpose, the behaviour of users on our website is recorded and analysed in pseudonymised form. Users of the website are marked in pseudonymised form so that they can be recognised again on the website. Pseudonymised usage profiles are created from this information. The pseudonymised usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to measure the effectiveness with which an addressed target group is prompted to carry out the desired actions.

For these purposes we use the web tracking tool Google AdWords provided by Google.
Google AdWords HTTP Data, Google AdWords Profile Data. No automated decision-making takes place. Article 6 paragraph 1 point (a) of the General Data Protection Regulation (Consent). Web tracking provider.
(Re-)targeting users of the website through advertisements.

For this purpose, the behaviour of users on our website is recorded and analysed in pseudonymised form. Users of the website are marked in pseudonymised form so that they can be recognised on the website or another website. Pseudonymised usage profiles are created from this information. The pseudonymised usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to draw the attention of a user who has already shown interest in a website or a product to this website or product again to increase the advertising relevance and therefore the click rate and conversion rate (e.g. order rate).

For these purposes we use the web tracking tool Google AdWords provided by Google.
Google AdWords HTTP Data, Google AdWords Profile Data. No automated decision-making takes place. Article 6 paragraph 1 point (a) of the General Data Protection Regulation (Consent). Google.

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations
Web tracking provider:

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Processor. USA Google is certified under the EU-U.S. Privacy Shield.

An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield.

C. Information on the use of cookies

D. Information on the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:

  • Right of access (Article 15 of the General Data Protection Regulation)
  • Right to rectification (Article 16 of the General Data Protection Regulation)
  • Right to erasure (“right to be forgotten”) (Article 17 of the General Data Protection Regulation)
  • Right to restriction of processing (Article 18 of the General Data Protection Regulation)
  • Right to data portability (Article 20 of the General Data Protection Regulation)
  • Right to object (Article 21 of the General Data Protection Regulation)
  • Right to withdraw consent (Article 7 paragraph 3 of the General Data Protection Regulation)
  • Right to lodge a complaint with a supervisory authority (Article 77 of the General Data Protection Regulation)

You may contact us for the purpose of exercising your rights using the contact information in Section A

Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B of this Data Protection Information.

Below you find more detailed information on your rights with regard to the processing of your personal data:

[For a multi-layer presentation of the information (“layered information”), the following information may be hidden at the first layer]

I. Right of access

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the General Data Protection Regulation.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the General Data Protection Regulation. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the General Data Protection Regulation).

You can find the full extent of your right to access and information in Article 15 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the General Data Protection Regulation.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the General Data Protection Regulation.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the General Data Protection Regulation).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the General Data Protection Regulation) .

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the General Data Protection Regulation. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the General Data Protection Regulation).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

IV. Right to restriction of processing

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the General Data Protection Regulation.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the General Data Protection Regulation).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to restriction of processing in Article 18 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the General Data Protection Regulation.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation or on a contract pursuant to Article 6 paragraph 1 point (b) of the General Data Protection Regulation and the processing is carried out by automated means (Article 20 paragraph 1 of the General Data Protection Regulation).

You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section C of this Data Protection Information.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the General Data Protection Regulation).

You can find the full extent of your right to data portability in Article 20 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object

As a data subject, you have a right to object under the conditions provided in Article 21 of the General Data Protection Regulation.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object .

More detailed information on this is given below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions.

You can find information as to whether an instance of processing is based on point (e) or (f) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section C of this Data Protection Information.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section C of this Data Protection Information.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VII. Right to withdraw consent

Where an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section C of this Data Protection Information.

VIII. Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the General Data Protection Regulation.

E. Information about the General Data Protection Regulation terminology used in this information

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation.

The full scope of the definitions of the General Data Protection Regulation can be found in Article 4 of the General Data Protection Regulation, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this Data Protection Information below:

[For a multi-layer presentation of the information (“layered information”), the following information may be hidden at the first layer]

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Data Subject” means the respective identified or identifiable natural person, to which the personal Data refers to;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“International organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

“Third country” means a country which is not a member state of the European Union (“EU”) or the European Economic Area (“EEA”);

“Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

F. Effective date of and changes to this Data Protection Information

The effective date of this Data Protection Information is October 18. 2018.

It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements.

An up-to-date version of this Data Protection Information can be retrieved at any time at https://www.applause.com/privacy-policy/