Privacy Policy

Privacy Policy of Creance

The protection of your data is very important to us. In the following, we would like to explain to you in a transparent and understandable way which, whether and how we process your data.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Aleph Alpha GmbH
Grenzhöfer Weg 36
69123 Heidelberg
Germany

E-mail: privacy@aleph-alpha.com

II. Contact details of the data protection officer

Data Protection Officer (“Datenschutzbeauftragter”)

Fresh Compliance GmbH
Frank Trautwein
Fürbringerstr. 15
10961 Berlin Germany

E-mail: dsb@freshcompliance.de

III. General provisions on data processing

1. Scope of the processing of personal data

As a matter of principle, we only collect and use your personal data insofar as this is necessary for the provision of a functional website as well as our contents and services or to initiate and discuss a business relationship, a business contact or to establish, implement and terminate our cooperation and the processing is legally permissible, i.e. purpose-bound and based on a legal basis.

2. Deletion of data and storage periods

Your data will be deleted or anonymized as soon as the purpose of processing, in particular storage, ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws (e.g. GDPR, tax, accounting retention obligations) or other provisions to which the controller is subject.

Data will also be disabled or erased if a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data, e.g. for the execution or performance of a contract.

IV. Provision of the website and setting of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

  • IP address
  • Approximate location based on IP range
  • Browser type
  • The creance.ai pages visited by the users on an anonymized basis
  • Date and duration of the visit on an anonymized basis
  • Operating system


In the case of a registered user, this data is also stored in the log files of our system. Your IP addresses or other data that enable the data to be assigned to you as a user are not permanently stored in the log files, unless their processing is temporarily necessary, e.g. for the delivery and presentation of our website.

2. Legal basis for the data processing

Insofar as your visit to our website serves the purpose of initiating a business contact, establishing, implementing or terminating our cooperation, the legal basis for the temporary processing is Article 6 para. 1 lit. b) GDPR. In other cases, the legal basis is Article 6 para. 1 lit. f GDPR, insofar as our interest in the processing outweighs the interest of the data subject.

V. Contact sheet and e-mail correspondence

1. Description and scope of data processing

A contact form is available on our website, which can be used for electronic communications. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. The Data is:

  • First and last name
  • E-mail
  • Company
  • Job title
  • Number of employees
  • Address
  • City
  • Country
  • ZIP/Postal Code
  • Organization type
  • The following data is also stored at the time the message is sent:
    • Your IP address
    • Date and time of registration

It is possible to contact us via the e-mail address on info@aleph-alpha.com or, in the case of enquiries about data protection, via privacy@aleph-alpha.com aIn this case, the personal data transmitted with the e-mail (surname, first name, e-mail address, message content) will be processed.

In this context, the data will not be transferred to third parties. The data is primarily used for processing the conversation or for initiating, implementing or terminating the business relationship.

2. Legal basis for the data processing

The legal basis for the processing of data transmitted is the so-called legitimate interest, which exists in the course of sending an e-mail is Article 6 para. 1 lit. f) GDPR.
If the e-mail contact aims at the initiation, implementation and termination of the business relationship, the additional legal basis for the processing is Article 6 para. lit. b) GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves mainly to process the contact and communication. When contact is made by e-mail, the necessary legitimate interest in processing the data lies in the processing of the contact.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Insofar as you contact us for the purpose of initiating, implementing or terminating the business relationship, these are also the purposes of the processing.

VI. Newsletter

1. Description and scope of data processing

You can subscribe to our newsletter, with which we inform you about our current interesting offers, by granting your consent. The advertised goods and services are named in the declaration of consent.

We use the so-called double-opt-in procedure for the register for our newsletter. This means that after you have registered, we will send you an email to the email address you have provided in which we ask you to confirm that you are the owner of the email address provided and that you wish to receive the notifications. If you do not confirm your registration within [24 hours], your information will be disabled and automatically erased after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. [The provision of further, separately marked data is voluntary and will be used to address you personally.] After your confirmation, we store your e-mail address for the purpose of sending you the newsletter.

2. Legal basis for the data processing

The legal basis is Article 6 parag. 1, sentence 1 lit. a) GDPR.

3. Purpose of the data processing

The purpose of the data requested is to send the newsletter to your personal e-mail address in order to fulfill your request for updates about our company or our offers. It may be sent at regular or irregular intervals.

4. Revocation of consent and objection

Revocation: You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to support@aleph-alpha.com, by contact form or by sending a message to the contact details given in the imprint.

Objection: You can also object to the processing for direct marketing purposes at any time. Your personal data collected and processed within the scope of the newsletter will then no longer be processed for these purposes. You can declare your objection to advertising by clicking on the link provided in every newsletter e-mail, by e-mail to support@aleph-alpha.com, by using the contact form or by sending a message to the contact details given in the imprint.

VII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller, which you can assert – preferably by e-mail to privacy@aleph-alpha.com.

1. Right to access your data pursuant to Article 15 GDPR

You can contact us if you would like to know what data we have stored about you. In the event of doubts about your identity, we are entitled to check your identity in accordance with Article 12 para. 6 GDPR.

2. Right to correct your data pursuant to Article 16 GDPR

You are entitled to a right of rectification and/or completion vis-à-vis us if the personal data processed are inaccurate or incomplete. The data controller has to implement the correction without delay.

3. Right to have your data deleted pursuant to Article 17 GDPR

You have the right to obtain the erasure of your personal data from us without undue delay and the controller has the obligation to erase personal data without undue delay. For example you can contact us if you want us to delete certain data that we have stored about you.

The right to erasure does not apply to the extent that processing is necessary

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing according to Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the field of public health pursuant to Article 9 para. 2 lit. h and i as well as Article 9 para. 3 GDPR;
  • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article Article 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the establishment, exercise or defence of legal claims.

4. Right to limit data collection pursuant to Article 18 GDPR

You may request the restriction of the processing of personal data. For example you can contact us if you do not want us to delete your e-mail address, but only to send absolutely necessary e-mails.

Where the processing of personal data has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

5. Right to data portability pursuant to Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6 para.1 lit. a GDPR or Article 9 para. 2 lit. a GDPR or a contract pursuant to Article 6 para. 1 lit. b GDPR and para. 2 the processing is carried out by automated means.
In exercising this right you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

6. Right to object how your data is handled pursuant to Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 lit. e or f GDPR, preferably by email to privacy@aleph-alpha.com.

The controller will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

7. Right to withdraw your consent pursuant to Article 7 para. 3 GDPR

In accordance with Article 7 para. 3 GDPR you have the option to revoke your consent to data processing at any time, preferably by e-mail to privacy@aleph-alpha.com. The revocation of consent does not affect the lawfulness of processing based on consent before its revocation.

8. Right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the you consider that the processing of personal data relating to you violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The supervisory authority in Baden-Württemberg, Germany, is the State Commissioner for Data Protection and Freedom of Information. It is possible to lodge a complaint from there online.

VIII. Job applications

1. Description and scope of data processing

Insofar as you apply to us online or otherwise respond to one of our job ads, we collect and process the personal applicant data for the purpose of handling the application process. The processing is primarily carried out electronically. This is particularly the case if corresponding application documents are submitted electronically to us, for example by e-mail or via a web form located on the website. If we conclude an employment contract, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract, the application documents will be deleted six months after notification of the rejection decision – this retention period is justified by a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). If consent was given, applications may also be retained for longer than six months.

2. Legal basis for the data processing

The legal basis is the establishment and performance of the employment relationship on the basis of an employment contract in accordance with Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR with § 26 BDSG (Federal Data Protection Act of Germany, where applicable).

3. Purpose of the data processing

As part of the job application process we also use a recruiting and applicant management software, which is provided by the service provider Personio. This software helps us to place job advertisements and manage applications centrally. For this purpose, we have concluded a data processing agreement to ensure that the personal data of our applicants is only processed in accordance with our instructions. Further information can be found in the service provider’s privacy policy: https://www.personio.de/datenschutzerklaerung/

IX. Other tools contributing to the website’s performance and security

1. We use a content management tool offered by Sanity AS, Norway to deliver content and enhance the performance of our website. The legal basis for the use of this tool is Article 6 para. 1 lit. f) GDPR. Please find more information on Sanity’s privacy page available at https://www.sanity.io/legal/privacy.

2. We use the GDPR compliant analytics tool called Fathom Analytics, offered by Conva Ventures Inc., Canada. We use Fathom Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. Fathom Analytics does not collect any personal data, but only provides summarized reports about the website target group and ad performance. The legal basis for the processing of personal data using Fathom Analytics is Art. 6 para. 1 lit f) GDPR. Please find more information about the tool and the privacy approach on https://usefathom.com/privacy.

3. We also use a website improvement tool called Sentry on some subpages of our website, that is offered by Functional Software, Inc., USA. Sentry offers an application monitoring solution designed to identify, monitor, and alert developers to errors, bugs, and other performance issues that are occurring in their applications. The legal basis for the processing of personal data using Sentry is Art. 6 para. 1 lit f) GDPR. Please find more information about the tool on https://sentry.io/privacy/.

You have any questions or suggestions?

Please contact us on privacy@aleph-alpha.com.

Thanks!

Date of the privacy policy: 12 July 2023