Privacy Policy

Applause provides the English-language website of Applause at www.applause.com/ Personal data is processed in connection with the website and the content and services offered on the website.

In the following document, you will receive information about the processing of your personal data in connection with the website and the content and services offered on the website and the data controller’s data protection officer (Section A) and about your rights with respect to the processing of your personal data (Section B).

You also receive information in the following about the processing of your personal data (Section C) in connection with the website and the content and services offered on the website.

TABLE OF CONTENTS
A. Information about the data controller
I. Name and contact details of the data controller
II. Contact details of the data controller’s Data Protection Officer
B. Information about the rights of data subjects
I. Right to access
II. Right to rectification
III. Right to erasure (“right to be forgotten”)
IV. Right to the restriction of processing
V. Right to data portability
VI. Right to object
VII. Right to withdraw consent
VIII. Right to lodge a complaint with the supervisory authority
C. Information about the processing of personal data
I. Informational use of the website
II. Use of the online contact form
III. Use of online application forms
IV. Use of web analysis technologies
V. Use of web tracking technologies
D. Effective date and amendment of this Privacy Policy

A. Information about the data controller

I. Name and contact details of the data controller
Applause GmbH
Obentrautstr. 72, 10963 Berlin, Germany
Telephone: +49 (0)30 57700400
Fax: +49 (0)30 568373246
E-mail: PrivacyDPO@applause.com



II. Contact details of the data controller’s Data Protection Officer
Heather Levy Sigel
Applause GmbH
Obentrautstr. 72, 10963 Berlin, Germany
Telephone: +49 (0)30 57700400
Fax: +49 (0)30 568373246
E-mail: PrivacyDPO@applause.com


B. Information about the rights of data subjects
As a data subject you have the following rights with respect to the processing of your personal data:
- Right of access (Article 15 of the General Data Protection Regulation) - Right to rectification (Article 16 of the General Data Protection Regulation) - Right to erasure (“right to be forgotten”) (Article 17 of the General Data Protection Regulation) - Right to restriction of processing (Article 18 of the General Data Protection Regulation) - Right to data portability (Article 20 of the General Data Protection Regulation) - Right to object (Article 21 of the General Data Protection Regulation) - Right to withdraw consent (Article 7 paragraph 3 of the General Data Protection Regulation) - Right to lodge a complaint with the supervisory authority (point (f) of Article 57 paragraph 1 of the General Data Protection Regulation)



You may contact our Data Protection Officer (Section A.II.) for the purpose of exercising your rights.

Information about any special arrangements or mechanisms that make it easier for you to exercise your rights, in particular exercising your rights to data portability and to object, can if applicable be found in the information on the processing of personal data in Section C of this Privacy Policy.

Below you will find detailed information about rights relating to the processing of your personal data: [For usability purposes, the following information may be hidden at first and only appear at the user’s request as a multi-layer presentation (“layered information”)]

I. Right to access
As a data subject you have a right to obtain access and information under the conditions in accordance with Article 15 of the General Data Protection Regulation.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the General Data Protection Regulation. This includes information regarding the purposes of processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data has been or will be disclosed (points (a), (b) and (c) of Article 15 paragraph 1 of the General Data Protection Regulation).

You can find the full extent of your right to access and information in Article 15 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification
As a data subject, you have the right to rectification under the conditions provided in Article 16 of the General Data Protection Regulation.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data. You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (“right to be forgotten”)
As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the General Data Protection Regulation.

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that you have requested the erasure by such data controllers of any links to, or copy or replication of that personal data (Article 17 paragraph 2 of the General Data Protection Regulation).

The right to erasure (“right to be forgotten”) does not apply if processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the General Data Protection Regulation. This can be the case, for example, if processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims (points (a) and (e) of Article 17 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

IV. Right to the restriction of processing
As a data subject, you have the right to restrict processing under the conditions provided in Article 18 of the General Data Protection Regulation.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (point (a) of Article 18 paragraph 1 of the General Data Protection Regulation). Restriction means that stored personal data is marked with the goal of restricting their future processing (Article 4 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability
As a data subject, you have a right to data portability under the conditions provided in Article 20 of the General Data Protection Regulation.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit that data to another data controller without hindrance from us if processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation and processing is carried out by automated means (Article 20 paragraph 1 of the General Data Protection Regulation).

You can find information as to whether an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section C of this Data Privacy Policy.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another data controller if technically feasible (Article 20 paragraph 2 of the General Data Protection Regulation). You can find the full extent of your right data portability in Article 20 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object
As a data subject, you have a right to object under the conditions provided in Article 21 of the General Data Protection Regulation.

At the latest, in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

1. Right to object on grounds relating to the particular situation of the data subject
As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions.

You can find information as to whether an instance of processing is based on point (e) or (f) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section C of this Data Privacy Policy.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which overrides your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data is processed for direct marketing purposes in the information regarding the legal basis of processing in Section C of this Data Privacy Policy.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VII. Right to withdraw consent
Where an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section C of this Data Privacy Policy. VIII. Right to lodge a complaint with the supervisory authority As a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in point (f) of Article 57 paragraph 1 of the General Data Protection Regulation.

The competent supervisory authority for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, Germany
Telephone: +49 (0)30 13889-0
Fax:+49 [0]30 2155050
E-mail: mailbox@datenschutz-berlin.de

C. Information about the processing of personal data
In connection with the website and the content and services offered on the website, different personal data is processed for different purposes.

Insofar as we, as controllers, alone or jointly with others, determine the purposes and means of processing personal data, you will find information below in particular on

  • the personal data or categories of personal data that are processed,
  • the purposes of the processing for which the personal data is intended,
  • the legal basis for the processing and, where the processing is based on point (f) of Article 6 paragraph 1 of the General Data Protection Regulation, the legitimate interests pursued by us or by a third party,
  • the recipients or categories of recipients of the personal data, if any,
  • where applicable, the fact that we intend to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the EU Commission, or in the case of transfers referred to in the second subparagraph of Article 49 paragraph 1 of the General Data Protection Regulation, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available,
  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period,
  • the existence of any automated decision-making including profiling in accordance with Article 22 paragraphs 1 and 4 of the General Data Protection Regulation and – at least in these cases – meaningful information on the logic involved and the significance of the envisaged consequences of such processing on your behalf.

Where we obtain your personal data from you as the data subject, you may find below information on whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data. Where we do not obtain personal data from you as the data subject, you will find below information below on where source of the personal data originated, and if applicable, whether it came from publicly accessible sources.

I. Informational use of the website
When the use of the website is purely informational, certain information, for example your IP address, is for technical reasons sent to our server by the browser used on your end device. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a “web server log file”.

You may find more detailed information on this below: [For usability purposes, the following information may be hidden at first and only appear at the user’s request as a multi-layer presentation (“layered information”)]

1. Details on the personal data that are processed

Categories of personal data that are processed Personal data included in the categories Data source(s) Obligation to provide the data Storage duration

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S) (“HTTP Data”) for technical reasons when the website is visited.

IP address, type and version of your Internet browser, operating system used, the page accessed, the site accessed before visiting the site (referrer URL), date and time of the visit. Website users.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

Not providing this data means that we cannot provide the requested website content.

Data is stored in server log files in a form allowing the identification of data subject for a maximum period of 7 days, unless any security related event occurs (e.g. a DDoS attack).  

If there is a security related event, server log files are stored until the security relevant event has been eliminated and resolved in full. 


2. Details on the processing of personal data

Purpose of processing the personal data Categories of personal data that are processed Automated decision-making Legal basis, and, if applicable, legitimate interests Recipient

HTTP Data is temporarily processed on our server to provide the website content requested by the user.

HTTP Data. No automated decision-making.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is providing the website content requested by the user.

Hosting provider.

HTTP data is processed temporarily in web server log files to ensure the security of the IT infrastructure used to provide the website, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).

HTTP Data. No automated decision-making.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is ensuring the security of the IT infrastructure used to provide the website, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).

Hosting provider.


3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Hosting provider:
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle WA 98109
United States

Processor United States

Amazon Web Services is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250

Hosting Provider:
Applause App Quality, Inc.
100 Pennsylvania Ave., Framingham, MA 01701, United States

(“Applause Inc.”)

Processor United States

Applause Inc. is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TP2RAAW&status=Active

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250


II. Use of the online contact form
We offer you the possibility on the website to contact us using contact forms. We process the information provided by you in the contact forms to process your request. Where applicable, we also store the information for evidence purposes for any establishment, exercise or defense of legal claims or in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations.

You will find more detailed information on this below: [For usability purposes, the following information may be hidden at first and only appear at the user’s request as a multi-layer presentation (“layered information”)]

1. Details on the personal data that is processed

Categories of personal data that are processed Personal data included in the categories Data source(s) Obligation to provide the data Storage duration

Protocol data that accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons  (“HTTP Data”).

IP address, type and version of your Internet browser, operating system used, the page accessed, the site accessed before visiting the site (referrer URL), data and time of the visit. Website users.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

Not providing this data means that we cannot provide the requested Website content.

Data is stored in server log files in a form allowing the identification of data subject for a maximum period of 7 days, unless any security related event occurs (e.g. a DDoS attack).  

If there is a security related event, server log files are stored until the security relevant event has been eliminated and resolved in full.

Data that you provide us with in the contact forms on the website (“Contact Form Data”).

Title, first name, last name, street, house number, postal code, city, country, e-mail address, your request, your message (mandatory), title, telephone number, order number (voluntary). Website users.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

Not providing the data means that we cannot process your request.

Data is stored until your request has been handled.
We store these data for evidence purposes for the establishment, exercise or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you deregister and in the event of any legal disputes until such have been concluded.

We also store this data longer if we are legally required to do so, especially pursuant to commercial and tax law. Depending on the type of documentation, document retention requirements can be six or ten years pursuant to commercial or tax law  (section 147 German Tax Code Abgabenordnung (AO), section 257 German Commercial Code Handelsgesetzbuch (HGB).


2. Details on the processing of the personal data

Purpose of processing the personal data Categories of personal data that are processed Automated decision-making Legal basis, and, if applicable, legitimate interests Recipient

HTTP Data is processed temporarily on our web server to provide the contact forms on the website.

HTTP Data. No automated decision-making.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is providing the website content requested by the user.

Hosting provider.

Processing your request.

Contact Form Data. No automated decision-making.

If your request relates to a contract to which you are a party or the implementation of pre-contractual measures: point (f) of Article 6 paragraph 1 of the General Data Protection Regulation.

Otherwise: balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). In this case, our legitimate interest is processing your request.

-

Storage and processing for evidence purposes for the establishment, exercise or defense of any legal claims.

Contact Form Data. No automated decision-making.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the establishment, exercise or defense of any legal claims.

-

Storage of data in order to meet statutory document retention requirements, in particular commercial and tax law document retention requirements.

Depending on the document type, commercial and tax law document retention requirements of six or ten years can exist (Sec. 147 German Fiscal Code (Abgabenordnung – AO), Sec. 257 German Commercial Code – Handelsgesetzbuch – HGB)).
Contact Form Data. No automated decision-making.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

-


3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Hosting provider:
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle WA 98109
United States

Processor United States

Amazon Web Services is certified under the EU-US Privacy Shield:           https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:                 

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250

Hosting Provider:
Applause App Quality, Inc.
100 Pennsylvania Ave., Framingham, MA 01701, United States

(“Applause Inc.”)

Processor United States

Applause Inc. is certified under the EU-US Privacy Shield:           https://www.privacyshield.gov/participant?id=a2zt0000000TP2RAAW&status=Active

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250


III. Use of online application forms
We offer you the possibility on the website to contact us using online job application forms. We process the information provided by you in the job application forms to process your request. Where applicable, we also store the information for evidence purposes for any establishment, exercise or defense of legal claims or in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations.

You will find more detailed information on this below: [For usability purposes, the following information may be hidden at first and only appear at the user’s request as a multi-layer presentation (“layered information”)]

1. Details on the personal data that is processed

Categories of personal data that are processed Personal data included in the categories Data source(s) Obligation to provide the data Storage duration

Protocol data that accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when online application forms are used on the website via the recruitment tool Hirebrige used for this (“Hirebridge HTTP Data”).

IP address, type and version of your Internet browser, operating system used, the page accessed, the site accessed before visiting the site (referrer URL), data and time of the visit. Website users.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

Not providing this data means that we cannot provide the online application forms.

24 months.

Data that you provide us with in the contact forms on the website (“Application Form Data”).

These include the information you provide in the relevant application on the website. This can above all include the following data: first and last name, e-mail address, telephone number, covering letter, additional information, links to your profiles in social networks (e.g. LinkedIn, Facebook). Website users.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

Not providing the data means that we cannot process your application.

At least for the duration of the application process. After completion of the application process for a maximum of 3 months, unless the applicant has consented to longer storage in order to be informed about future potential vacancies.


2. Details on the processing of the personal data

Purpose of processing the personal data Categories of personal data that are processed Automated decision-making Legal basis, and, if applicable, legitimate interests Recipient

To provide our application forms on the website.

For this we use the recruiting took Hirebridge offered by Hirebridge.

 

Hirebridge HTTP Data. No automated decision-making.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is providing the website content requested by the user.

Hosting provider: Hirebridge.

Processing your application.

Application Form Data. No automated decision-making.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the establishment, exercise or defense of any legal claims.

-

Storage of data in order to meet statutory document retention requirements, in particular commercial and tax law document retention requirements.

Depending on the document type, commercial and tax law document retention requirements of six or ten years can exist (Sec. 147 German Fiscal Code (Abgabenordnung – AO), Sec. 257 German Commercial Code – Handelsgesetzbuch – HGB)).
Application Form Data. No automated decision-making.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

-


3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Hirebridge, LLC
3200 N University Dr #214 Coral Springs, FL 33065
USA (“Hirebridge”)

Processor for the recruiting tool Hirebridge United States

Hirebridge is certified under the EU-US Privacy Shield:                
https://www.privacyshield.gov/participant?id=a2zt000000000vqAAA&status=Active
An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250

Hosting Provider:
Applause App Quality, Inc.
100 Pennsylvania Ave., Framingham, MA 01701, United States

(“Applause Inc.”)

Processor United States

Applause Inc. is certified under the EU-US Privacy Shield:           https://www.privacyshield.gov/participant?id=a2zt0000000TP2RAAW&status=Active

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:                 

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250


IV. Use of web analysis technologies
If you have given your consent to this, we use web analysis technologies on the website in order to record and analyze the usage behavior on our website to improve the website and better achieve the objectives of the website (e.g. frequency of visits, increase in number of page visits). You will find more detailed information on this below: [For usability purposes, the following information may be hidden at first and only appear at the user’s request as a multi-layer presentation (“layered information”)]

1. Details on the personal data that is processed

Categories of personal data processed Personal data included in the categories Sources of data Obligation to provide the data Storage duration
Google Analytics

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool Google Analytics is used on the (“Google Analytics HTTP Data”).

IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit. User of the website.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out any web analysis using Google Analytics.

IP anonymization is used on this website for the use of the web analysis tool Google Analytics. This means that the IP address transmitted via the browser for technical reasons is anonymized before being stored by shortening the IP address (by deleting the last octet of the IP address).

26 months

Data which are stored in cookies on the user’s end device for the web analysis tool Google Analytics (“Google Analytics Cookie Data”).

Unique visitor ID for recognizing returning visitors, number of visitor’s visits, time of first visit, earlier visits and the current visit, begin and expected end of the current visit, visitor category to which a user belongs, source or campaign which explains how a user arrived at the website.

User of the website.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out any web analysis using Google Analytics.

26 months

Data collected by the web analysis tool Google Analytics and stored in pseudonym usage profiles (“Google Analytics Profile Data”).

Data about the use of the website, in particular page visits, visit frequency and time spent on the pages visited. Generated autonomously.

-

26 months


2. Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient

To improve the website and better achieve the objectives of the website (e.g. frequency of visits, increase in number of page visits), the behavior of users on our website is recorded and analyzed in pseudonymized form. Users of the website are marked in pseudonymized form so that they can be recognized again on the website. Pseudonymized usage profiles are created from this information. The pseudonymized usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to examine where users come from, which areas of the website they visit and how often and how long which subpages and categories are looked at.
For these purposes we use the web analysis tool Google Analytics provided by Google.

For these purposes cookies of the web analysis tool Google Analytics are used
Google Analytics HTTP Data, Google Analytics Cookie Data, Google Analytics Profile Data. No automated decision-making takes place.

Consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation)

Hosting provider: Google


3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA („Google“)

Processor for the web analysis tool Google Analytics. USA

Google is certified under the EU-U.S. Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250.

Hosting Provider:
Applause App Quality, Inc.
100 Pennsylvania Ave., Framingham, MA 01701, United States

(“Applause Inc.”)

Processor United States

Applause Inc. is certified under the EU-US Privacy Shield:           https://www.privacyshield.gov/participant?id=a2zt0000000TP2RAAW&status=Active

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:                 

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250


V. Use of web tracking technologies
If you have granted your consent to this, we use web tracking technologies on the website in order to record and analyze usage behavior on our website by means of cookies for the purposes of (conversion) tracking and (re-)targeting.
You will find more detailed information on this below: [For usability purposes, the following information may be hidden at first and only appear at the user’s request as a multi-layer presentation (“layered information”)]

1. Details on the personal data that is processed

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web tracking tool Google AdWords used on the website is used (“Google AdWords HTTP Data”).

IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit. User of the website.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out any web tracking using Google AdWords.

30 days.

Data which are stored in cookies on the user’s end device for the web tracking tool Google AdWords (“Google AdWords Cookie Data”).

Unique visitor ID for recognizing returning visitors.

User of the website.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out any web tracking using Google AdWords.

30 days.

Data collected by the web tracking tool Google AdWords and stored in pseudonymized usage profiles (“Google AdWords Profile Data”).

Data about the use of the website, in particular page visits, visit frequency and time spent on the pages visited. User of the website.

-

30 days.


2. Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient

For conversion tracking, the behavior of users on our website is recorded and analyzed in pseudonymized form. Users of the website are marked in pseudonymized form so that they can be recognized again on the website. Pseudonymized usage profiles are created from this information. The pseudonymized usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to measure the effectiveness with which an addressed target group is prompted to carry out the desired actions.
For these purposes we use the web tracking tool Google AdWords provided by Google.

For these purposes cookies  of the web tracking tool Google AdWords are used.
Google AdWords HTTP Data, Google AdWords Cookie Data, Google AdWords Profile Data. No automated decision-making takes place.

Consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation)

Hosting provider: Google.

For (re-)targeting users of the website, the behavior of users on our website is recorded and analyzed in pseudonymized form. Users of the website are marked in pseudonymized form so that they can be recognized again on the website. Pseudonymised usage profiles are created from this information. The pseudonymized usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to draw the attention of a user who has already shown interest in a website or a product to this website or product again to increase the advertising relevance and therefore the click and conversion rate (e.g. order rate).
For these purposes we use the web tracking tool Google AdWords provided by Google.

For these purposes of the web tracking tool Google AdWords are used.

Google AdWords HTTP Data, Google AdWords Cookie Data, Google AdWords Profile Data. No automated decision-making takes place.

Consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation)

Google.


3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA („Google“)

Processor for the web analysis tool Google Analytics. USA

Google is certified under the EU-U.S. Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250.

 

Hosting Provider:
Applause App Quality, Inc.
100 Pennsylvania Ave., Framingham, MA 01701, United States

(“Applause Inc.”)

Processor United States

Applause Inc. is certified under the EU-US Privacy Shield:           https://www.privacyshield.gov/participant?id=a2zt0000000TP2RAAW&status=Active

An adequacy decision of the EU Commission exists for the EU-US Privacy Shield:                 

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250


D. Effective date and amendment of this Privacy Policy
The effective date of this Privacy Policy is May 23, 2018.
It may be necessary to amend this Privacy Policy due to technical developments and/or changes to statutory or regulatory requirements, The currently valid version of this Privacy Policy can be accessed at any time at https://www.applause.com/privacy-policy/

Security Policy

Effective as of May 23, 2018

Applause’s Security Philosophy: Our Commitment to You

As a provider of software and services for many users on the Internet, Applause recognizes the importance of effectively and continuously protecting user security. We understand that secure products are instrumental in sustaining the trust that you place in our products and services, and we strive to create innovative products serve your needs and operate in your best interests. The security of your personal information is important to us; please be assured that we have adequate security measures in place to protect and secure end user information.

For additional information relative to Applause’s Information Security Program and its underlying policies & procedures, please email your request to support@applause.com or testers@utest.com.

A Shared Security Responsibility Environment

We have designed our products to be flexible, scalable, and robustly configurable to our users and the needs of our user organizations. This means that, at the application level, access restrictions, account delegation, user rights and the implementation of additional security controls are often left to the discretion of our end users. While we commit to securing the underlying system architecture, code, and the information we collect, we trust our users to share the responsibility of securing access to data that is ultimately placed in their respective product instances. This includes all data entered through the Platform interface into the instance, the user accounts you provision to access your instance(s), and the associated user roles and groups that enable various access-levels of those users. For this reason, we recommends that users of the Platform maintain sufficient controls to provide reasonable assurance of the following standards:

  • Protect access to your account: Access to the Applause Platform should be restricted to authorized users, and user names and passwords should be kept confidential.
  • Protect the integrity of your data: Users are responsible for the accuracy, quality, integrity and legality of information entered into accounts and for the quality and performance of the Platform with respect to user-configurations of accounts.
  • Report security vulnerabilities: Users are responsible for reporting issues and incidents related to information security, and following up on the status of those issues to ensure they are resolved, in accordance with the process outlined below.

Need to Report a Security Vulnerability?

If you believe you have found a security vulnerability within any of Applause’s product offerings, we encourage you to let us know right away.

If you are an Applause Platform customer and have a security issue to report regarding your personal account, or have discovered a vulnerability in an Applause product, please contact your assigned Project Manager directly or report the incident via email to support@applause.com.

If you are an Applause Community member and have a security issue to report regarding your personal Applause account, or have discovered a vulnerability in an Applause product, please contact your assigned Community Manager and report the incident via email to testers@utest.com.

Applause takes security issues seriously and will respond swiftly to fix verifiable security issues. Some of the components that make up the Applause Platform are complex and take time to update. When properly notified of legitimate security issues, Applause personnel will do their best to acknowledge your emailed report, assign resources to investigate the issue and mitigate potential problems as efficiently and effectively as possible.

Overview of Platform Security Controls

We offer a variety of services and solutions through our software-as-a-service cloud offering to customers and community testers, including dashboard analytics, reporting, test services execution, test cycle management, and test cycle analytics. We have designed our Information Security (“InfoSec”) Program around supporting security of the core application, infrastructure, and data components that support our core testing service offerings (“the Platform”). The InfoSec Program and its underlying policies apply to all users of the Applause Platform, including all employees, customers, community testers and other third parties.

Applause provides a host of advanced functionality to secure the Platform including role-based access, strong connection encryption, robust password policies and more. Applause adds further layers of security, such as application-only access, to provide users complete confidence in the Platform and their data.

Applause employs stringent, 24/7 monitoring tools, controls, policies and procedures to ensure that it provides the strongest security for its users.

Key benefits and features of Applause’s commitment to security include:

  • Role-level Access & Idle Disconnect: Role-based access control ensures users can only use data and Platform functionality that is related to their specific responsibilities, as dictated by their account administrator. Additionally, Applause automatically locks the Platform when idle connections are detected to prevent unauthorized access. Finally, the Platform natively provides a complete audit trail to ensure changes within a user account or customer instance are tracked with user login details and timestamp.
  • Physical Access: Applause leverages a third party provider to provide physical access security to the Platform infrastructure. All data center access is limited to data center technicians and approved Applause staff.
  • Strong SSL Encryption: Applause provides SSL encryption for user login and all subsequent data.
  • Application-Only Access: Applause ensures that external users of the Platform can only access the application, not the underlying database.
  • Employee Access: No Applause employees, partners, or contractors ever access private customer repositories or accounts unless required through our standard service obligations or for specific support reasons. When working a support issue, we do our best to respect your privacy and the security of your data as much as possible; we only access the files and settings as required through the resolution of your issue.
  • Strong Password Policies: Applause provides various password policies to prevent unauthorized access to user accounts, including minimum password length and complexity requirements, password repetition controls, and automatic lock-out after unsuccessful login attempts.
  • Continuous Security Monitoring: Applause employs intrusion detection systems to identify malicious traffic attempting to access the Platform network. Any unauthorized connection attempts are logged and appropriately investigated. Applause also employs numerous performance and utilization monitoring solutions for the Platform infrastructure.
  • Risk Management: Enterprise-grade anti-virus software guards against Trojans, worms, viruses, and other malware from affecting the Platform and its underlying components. Encryption is required on all removable media (employee laptops, thumb-drives, etc.) that contains or has access to sensitive Platform data.
  • Separation of Duties: Job responsibilities are separated, and mandatory employee reference checks are employed at all levels of Applause operations. Applause tracks and maintains any and all exceptions to standard segregation of duties policies and associated access permission changes.
  • Communication: Applause maintains robust communication protocols and procedures to ensure that all policy and system changes that impact security are timely communicated to Platform users through the application interface. In the event emergency communication is needed, Applause also supports alternative methods of communication to users, including email notifications and alerts.