Privacy Policy

1. Name and contact details of the controller as well as operational data protection officer

This data privacy policy shall apply to data processing activities by the following controller:

Ververica GmbH (hereinafter referred to as “Ververica”), Chausseestrasse 20, 10115 Berlin.

For any data protection-related inquiries, please contact us under dataprotection@ververica.com.

2. Collection and storage of personal data as well as the nature and purpose of their processing

a. When visiting Ververica’s websites

This data privacy policy applies for Ververica’s following websites:

www.ververica.com; www.ververica.academy; www.ververica.cloud; www.docs.ververica.com; www.training-slides.ververica.com (each a “Website”)

When calling our Website, the browser used on your end device will automatically send information to the server of our Website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your end and stored until automated erasure after 6 months:

• internet protocol address of the requesting computer
• date and time of the access
• name and URL of the file retrieved
• website from which the access takes place (referrer URL)
• browser used and, if applicable, the operating system of your computer and the name of your access provider

The data mentioned are processed by us for the following purposes:

• ensuring smooth establishment of the Website’s connection
• ensuring comfortable use of our Website
• evaluation of system safety and stability, as well as
• other administrative purposes

The legal basis for these data processing activities is Article 6(1)(1)(f) of the General Data Protection Regulation (“GDPR”). Our legitimate interests follow from the purposes listed above for data collection. Furthermore, we use cookies and analysis services when you visit our Website. More detailed explanations on this can be found in sections 4 and 5 of this data privacy policy.

b. Subscribing to our Newsletter

If you have explicitly consented pursuant to Article 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter at regular intervals.

If you acquire any goods or services from us and provide your email address for this, such address may be used by us for sending out a newsletter subsequently. In this case, the newsletter is only used to send out direct marketing for own similar goods or services. The legal basis for sending out the newsletter due to sale of goods or services shall be § 7 para. 3 of the Gesetz gegen den unlauteren Wettbewerb (the Act Against Unfair Competition) in conjunction with Article 6(1)(1)(f) GDPR in such a case. Our legitimate interests follow from the interest in direct marketing vis-à-vis our existing customers.

Unsubscription is possible at any time, independently of whether the newsletter was sent based on consent or based on our legitimate interest in direct marketing, e.g. by using a link at the end of each newsletter. As an alternative, you may also send your unsubscription request to us at any time by email to: info@ververica.com. The only costs resulting from this are the transfer costs according to the basic rates.

The personal data required for sending out the newsletter shall be erased as soon as they are no longer required for achieving the purpose of their collection and as far as no other legal authorisation basis applies for further processing, such as for customer management purposes. Your email address for sending out the newsletter will be stored until you revoke your consent or until you object to submission of the newsletter.

c. When using our contact form and email contact

If there are any questions, we offer the option of contacting us using a form provided on the Website. A valid email address must be indicated there, so that we will know where the query comes from and to answer such. Further information can be provided freely.

Alternatively, contact via the provided email address is possible. In such a case, your personal data transmitted in the email will be stored.

Data processing activities for the purpose of contacting is carried out according to Article 6(1)(1)(f) GDPR. Our legitimate interests follow from our interest in responding to inquiries. If the contact is targeted at the conclusion of a contract, Article 6(1)(1)(b) GDPR shall be the legal basis for processing.

As far as no other legal basis is applicable in regard to any further processing of your personal data, the personal data collected by us for the above purposes shall be erased after completion of the request submitted by you.

d. Downloading of free material

We provide free download files on our Website, such as whitepapers, software trial versions and other marketing material. As part of the download, we ask for personal data such as name, first name, organization and email address. The legal basis for data processing is Article 6(1)(1)(b) GDPR. Your data will be automatically deleted upon termination of the customer relationship, unless another legal basis for any further processing of such data is applicable.

3. Passing on data

We shall only pass on your personal data to third parties (“Recipients”) if we are entitled to do so under the provisions of data protection law. Below we inform you about the circumstances in which this may be the case. We can pass on your personal data to Recipients, if:

• you have explicitly given consent to such for one or more specific purposes (Article 6(1)(1)(a) GDPR);
• processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6(1)(1)(b) GDPR); processing is necessary for compliance with a legal obligation to which the we are subject (Article 6(1)(1)(c) GDPR);
• processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Article 6(1)(1)(f) GDPR);
• we work together with a third party as data processor in accordance with Article 28 GDPR.

In particular, we pass on personal data to the following (categories) of Recipients:

• Providers of tools used on our Website (for more details see section 5 of this data privacy policy)
• Hosting providers other than providers of the tools used on our Website (e.g. Northpass)

We intend to transfer the personal data to third countries. In particular, we may transfer personal data to countries outside the EEA, in particular the USA. There is no adequacy decision by the EU-Commission with regards to most of these countries, in particular the USA. Our data transfers into such countries are covered by standard contractual clauses. You may obtain more details on the transfer of your personal data and a copy of the used standard contractual clauses from our data protection officer.

4. Cookies

We use cookies on our Website.These are small files that your browser will create automatically and that are stored on your end device (laptop, tablet, Smartphone or similar) when you visit our Website. Cookies do not cause any damage to your end device, contain no viruses, Trojans or other harmful software.

The cookie is used to store information that results from the respective context of the specifically used end device.

Use of cookies serves to make use of our offer more pleasant for you. We use session cookies in order to recognise that you have visited individual pages of our Website before. They will be deleted automatically after you leave our Website.

Furthermore, we also use temporary cookies to optimise user friendliness which are stored on your end device for a certain specified period. When you visit our Website again in order to use our services, it will be automatically recognised that you have visited us before and which input and settings you have made so that you will not have to enter them again.

We also use cookies in order to statistically record use of our Website and to evaluate it for the purpose of optimising our offer to you (see section 5). These cookies enable us to recognise that you have visited us before if you visit our Website again. These cookies are deleted automatically after two years in each case.

Where the storage or access to cookies on your end device is necessary in order for us to be able to provide our Website or the services provided thereon and expressly requested by you (strictly necessary cookies), we do not require your consent for this. Where this is not the case, we will ask for your consent.Most browsers accept cookies automatically. You may, however, configure your browser so that no cookies will be stored on your computer or that you will always be informed before a new cookie is set up. Complete deactivation of cookies may, however, render you unable to use all functions of our website.

5. Website tools

a. Cookiebot

We use the consent management service Cookiebot, provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This allows us to obtain and manage consent from Website users for data processing. The processing is necessary for the fulfillment of a legal obligation to which we are subject (Art. 6 (1)(1)(c) GDPR). For this purpose, the following data is processed with the help of cookies:

• Your IP address (the last three digits are set to '0')
• Date and time of consent
• Browser information
• URL from which the consent was sent
• An anonymous, random and encrypted key
• Your end-user consent status, as proof of consent.

The key and consent status are stored in the browser for 12 months using the "CookieConsent" cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, your consent can be proven and tracked.

If you enable the "Collective Consent" service feature to enable consent for multiple web pages through a single end-user consent, the service will also store a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in the third-party cookie "CookieConsentBulkTicket" in your browser in encrypted form:

• You enable the collective consent feature in the service configuration.
• You allow third-party cookies via browser settings
• You have disabled "Do not track" via browser settings
• You accept all or at least certain types of cookies when you give consent

Usercentrics is a recipient of your personal data and acts as a processor for us. Your personal data will be deleted on an ongoing basis after 12 months or immediately after termination of the contract between us and Usercentrics.

Please refer to to Cookiebot’s privacy policy for more details: https://www.cookiebot.com/de/privacy-policy/

b. Analytics

aa. Google Analytics

This Website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of the tool is to enable the analysis of your user interactions on the Website and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.

We collect the interactions between you as a user of the Website and our Website primarily with the help of cookies, device/browser data, IP addresses and Website activities. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as the Website provider, with information about the country, region or location from which the respective user originates (so-called "IP location determination"). However, we use the anonymization function ("IP masking"), i.e. that Google truncates the IP addresses by the last octet within the EU/EEA.

We have concluded a data processing agreement with Google.

The information generated by the cookie and the IP addresses about your use of this Website are usually transferred to a Google server in the USA or in other countries (including countries which do not provide an adequate level of data protection) and processed there. For these cases, Google has contractually undertaken to enter into so-called standard contractual clauses with the data recipients in third countries. For more information on international data transfers please refer to section 3 of this data privacy policy.

The legal basis for the collection and further processing of the information (which takes place for a maximum of […] months) is your given consent (Art. 6 (1)(1)(a) GDPR). The revocation of your consent is possible at any time, without affecting the permissibility of the processing until the revocation. The easiest way to revoke your consent is to use our Consent Manager, or to click here to install the opt-out browser add-on, which can also be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.

Please refer to to Google’s privacy policy for more details: www.google.de/intl/de/policies/privacy/.

bb. HubSpot

We use the services HubSpot, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, a software company from the USA (“HubSpot”). HubSpot is a service platform. The service is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. In the process, cookies are stored on the end device used by you. We use HubSpot to analyze the use of our Website. This allows us to constantly optimize our Website and make it more user-friendly. We also use information to determine which of our services are of interest to customers and newsletter subscribers and to contact them for advertising purposes. In addition, we use the analysis to optimize our Website for you.

In the process, the following personal data may be collected, for example:

• IP address
• Geographical location
• Type of browser
• Duration of the visit
• Pages viewed

However, we only use your IP address in a shortened version. This means that the IP address of the user is shortened by HubSpot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The collected information is stored on servers in the European Union. However, personal data are also transferred to the USA and other third countries. For more information on international data transfers please refer to section 3 of this data privacy policy.

The cookies have a usual lifetime of 13 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless deletion conflicts with legal retention periods.

The data processing is based on your consent pursuant to Art. 6 (1)(1)(a) GDPR. You can revoke your consent at any time. Please follow this link.

Please refer HubSpot’s privacy policy for more details: https://legal.hubspot.com/de/privacy-policy

cc. Google Tag Manager

We use the Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it.

c. DoubleClick for GoogleAds

This Website uses the online marketing tool DoubleClick from Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: “Google”). DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our Website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it.

You can prevent participation in this tracking process in several ways:

• by setting your browser software to suppress third-party cookies which will result in you not receiving third-party ads;
• by disabling conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads). This setting will be deleted when you delete your cookies;
• by permanent disabling in your Firefox, Internet Explorer or Google Chrome browsers (more information available under http://www.google.com/settings/ads/plugin)

Your personal data can also be transferred for further processing to the USA or other third countries which do not provide an adequate level of data protection. For more information on international data transfers please refer to section 3 of this data privacy policy. The legal basis for the processing of your data is your consent, Art. 6 (1)(1)(a) GDPR).

Please refer to Google’s privacy policy for more details: www.google.de/intl/de/policies/privacy/.

6. Social media

This Website offers the possibility to share content on social networks (Facebook, Twitter. LinkedIn and Reddit).This is realized through sharing buttons on our Website. These are integrated into our Website via HTML-links and are inactive at first but they will get activated once you click on them. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective social media platform on which you can (if necessary after entering your login data) e.g. click a like or share button. Only then a network connection to the respective social media platform will be established and cookies of the respective social media platform will be stored on your computer. This will enable the social media platform to receive certain information about you and your visit to our Website, such as the IP address, your user account with the social media platform, and the Website you have visited. This can lead to your personal data being transferred for further processing to the USA or other third countries which do not provide an adequate level of data protection. For more information on international data transfers please refer to section 3 of this data privacy policy.

The legal basis for the processing of your personal data in this regard is your consent under Art. 6 (1)(1)(a) GDPR which you provide by clicking on the respective sharing button.

Please see below for more details about the respective social media platform:

• Facebook: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; privacy policy available at https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
• Twitter: Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103; privacy policy available at https://twitter.com/de/privacy
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; privacy policy available at https://de.linkedin.com/legal/privacy-policy
• Reddit: Reddit Ireland Limited, Georges Quay Plaza, Floor 2 - 101, Dublin D02 F856, Ireland; privacy policy available at https://www.reddit.com/de-de/policies/privacy-policy

7. Rights of the data subject

You have the right:

• to demand information regarding the processing of your personal data by us and a copy of the personal data undergoing processing in accordance with Article 15 GDPR. In particular, you may request information on the purposes of the processing, the categories of personal data, the (categories of) recipients to whom your data have been or are disclosed, the envisaged storage period or, if not possible, the criteria used to determine that period, the existence of the right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data to the extent that these were not collected from you, and the existence of automated decision-making, including profiling and any meaningful information on its details; where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer;
• in accordance with Article 16 GDPR, obtain the rectification of any inaccurate personal data stored by us or completion of such data without undue delay;
• in accordance with Article 17 GDPR, obtain the erasure of your personal data stored by us, unless the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims;
• in accordance with Article 18 GDPR, obtain the restriction of processing of your personal data, to the extent that the accuracy of the data is contested by you, processing is unlawful, but you oppose erasure, we no longer need the personal data, but you still require them for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR pending the verification whether our legitimate grounds override yours;
• in accordance with Article 20 GDPR, demand to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
• in accordance with Article 7 (3) GDPR, to withdraw your consent once given to us towards us at any time. This has the consequence that we may no longer continue the data processing activities that were based on this consent in future but that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, and
• in accordance with Article 77 GDPR, lodge a complaint with a supervisory authority. Usually, you may contact the supervisory authority at your habitual residence or place of work or our registered office for this.

8. Right to object

As far as your personal data are processed based on legitimate interests in accordance with Article 6(1)(1)(f) GDPR, you have the right to object to processing of your personal data in accordance with Article 21 GDPR, to the extent that there are grounds relating to your particular situation. We will no longer process the personal data unless (i) we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or (ii) for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing

If you want to exercise your withdrawal right or right to object, simply send us an email to dataprotection@ververica.com.

9. Further information

In accordance with Art. 13 (2)(e) GDPR we would like to inform you about the following: Unless stated otherwise in this data privacy policy, the provision of personal data is neither a statutory nor contractual requirement, nor a requirement necessary to enter into a contract, and you are not obliged to provide the personal data.

10. Data security

Within the website visit, we use SSL/TLS with at least TLS 1.2. Whether an individual Website is transmitted encrypted or not is evident by the closed display of the key or lock symbol in the lower status bar of your browser. Apart from this, we use appropriate technical and organisational security measures in order to protect your data from accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures will be improved continually according to the technological developments.

11. Topicality and changes of this data privacy policy

This data privacy policy is currently valid as of 30 March 2023. Further development of our Website and offers through it or changed statutory or authority specifications may require changes to this data privacy policy. You may call and print the respective current data privacy policy at any time on the website at https://ververica.com/privacy-policy.