Privacy Policy

Effective from: November 21, 2024

§ 1 General

Your personal data (e.g. title, name, address, e-mail address, telephone number) will only be processed by us in accordance with the provisions of the German Data Protection Act (“DSGVO”) and the Data Protection Act of the European Union (“GDPR”). The following regulations inform you not only about the processing purposes, recipients, legal bases, storage periods, but also about your rights and the persons responsible for your data processing. This data protection declaration only refers to the use of our websites and Content Sync product, including the cms_content_sync module and the Sync Core. If you are forwarded to other sites via links on our pages, please inform yourself there about the respective handling of your data.

§ 2 Contact

(1) Processing purpose

We process your personal data, which you make available to us by e-mail, contact form etc., in order to answer and deal with your enquiries. You are not obliged to provide us with your personal data. However, we will not be able to reply to you by e-mail without your e-mail address.

(2) Legal bases

a) If you have given us express permission to process your data, § 6, 1a) DSGVO is the legal basis for this processing.

b) If we process your data to carry out pre-contractual measures, § 6, 1b) DSGVO is the legal basis.

c) In all other cases (especially when using a contact form) § 6, 1f) DSGVO is the legal basis.

You have the right to object at any time to data processing based on § 6, 1 f) DSGVO which does not serve direct marketing for reasons arising from your particular situation. In the case of direct marketing, however, you can object to the processing at any time without stating any reasons.

(3) Legitimate interest

Our legitimate interest in the processing consists in communicating with you quickly and answering your enquiries cost-effectively.

(4) Recipient categories

Hosting providers and other service providers (see below for a complete list).

(5) Storage period

Your data will be deleted if it can be inferred from the circumstances that your enquiry or the facts concerned have been conclusively clarified.

If, however, a contract is concluded, the data required under commercial and tax law will be kept by us for the legally specified periods, i.e. regularly ten years (in accordance with § 257 HGB, § 147 AO).

(6) Right of withdrawal

You have the right to revoke your consent for processing your data at any time.

§ 3 Web Analytics with Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plugin available under the following link: optout

This website uses Google Analytics with the extension “anonymizeIP()”, so that the IP addresses are processed only shortened to exclude a direct personal reference.

 § 4 Usage of Google Adwords Conversion-Tracking

On our website we use the online advertising program “Google AdWords” and in this context conversion tracking. Google Conversion Tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not expired, Google and we may recognize that you clicked on the ad and were directed to that page. Each Google AdWords customer receives a different cookie. The information collected from the Conversion cookie is used to compile conversion statistics, which are used to track the traffic to and from this site. We learn the total number of users who clicked on one of our ads and were directed to a page tagged with a conversion tracking tag. However, we do not receive information that personally identifies users. The processing is based on Art. 6 (1) lit. f DSGVO for the legitimate interest in targeted advertising and the analysis of the effect and efficiency of this advertising.
For reasons arising from your particular situation, you have the right at any time to object to this processing of your personal data based on Art. 6 (1) f DSGVO.
To do this, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You will then not be included in the conversion tracking statistics.
For more information and Google’s privacy policy, please visit: https://www.google.de/policies/privacy/

§ 5 Information about cookies

(1) Processing purpose

Technically necessary cookies are used on this website. These are small text files that are not permanently stored in or by your Internet browser on your computer system and are only used for the functionality of the website. Other cookies remain permanent and recognize your browser on the next visit to increase the user friendliness of the website.

(2) Legal bases

The legal basis for the processing is § 6, 1f) DSGVO.

(3) Legitimate interest

Our legitimate interest is the functionality and usability of our website. The user data collected through technically necessary cookies and the long-term cookies described here are not used to create user profiles. This will safeguard your interest in data protection.

(4) Storage period

The technically necessary cookies are usually deleted when the browser is closed. Permanently stored cookies have a varying lifespan from a few minutes to several years.

(5) RIGHT OF OBJECTION

If you do not wish these cookies to be stored, please deactivate the acceptance of these cookies in your Internet browser. However, this can result in a functional limitation of our website. You can also delete permanently stored cookies at any time via your browser.

§ 6 Server log files

(1) On the basis of our legitimate interests within the meaning of § 6, 1f), we collect data on each access to the server on which this service is located (so-called server log files). The access data includes:

  • Name of the website accessed
  • Browser type/ browser version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request

These data cannot be assigned to specific persons. This data will not be merged with other data sources.

(2) Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify abuse or fraud) and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until the respective incident has been clarified.

§ 7 Newsletter

(1) Processing purpose

When you register for the newsletter, your e-mail address will be used for advertising purposes, i.e. within the scope of the newsletter we will inform you in particular about the services of Edge Box GmbH. For statistical purposes we can evaluate which links are clicked in the newsletter. It is not recognizable to us which specific person clicked. You have expressly given the following consent separately or, if applicable, in the course of the ordering process: Yes, please send me the Content Sync Newsletter.

(2) Legal basis

The legal basis for this processing is § 6, 1a) DSGVO.

(3) Recipient categories

Newsletter providers:

  • Mailchimp: https://mailchimp.com/legal/
  • Sendgrid: https://www.twilio.com/en-us/legal/privacy
  • Hubspot: https://legal.hubspot.com/privacy-policy

(4) Storage period

Your e-mail address will only be stored for the duration of the desired registration.

(5) Right of withdrawal

You can revoke your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you can unsubscribe as follows: Via an unsubscribe link in the newsletter.

§ 8 Integration of third-party services and content

(1) Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of § 6, 1f) of the German Civil  Code 7 DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online offering, as well as may be linked to such information from other sources.

(2) The following presentation provides an overview of third party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):

(3) The following services are used to support our visitors and users that have questions or run into unforeseen issues:

  • Error reporting with Sentry: https://sentry.io/privacy/ . The integration of the Sentry service is done through a server call to Sentry (usually in the USA). Data that is shared with this form is accessible to employees and subcontractors of Edge Box who are responsible for the support. The data is only stored at servers of Functional Software Inc. You should not share personal or confidential information.
  • Chat support with FreshChat: https://www.freshworks.com/privacy/ and https://www.freshworks.com/gdpr/ . The integration of the FreshChat service is done through a server call to FreshWorks. Data that is shared with this form or the chat widget is accessible to employees and subcontractors of Edge Box who are responsible for the support. The data is only stored at servers of FreshWorks Inc. You should not share personal or confidential information.
  • Logging and Performance Monitoring with Datadog: https://www.datadoghq.com/legal/privacy/
  • Status page from Instatus: https://instatus.com/policies/privacy

(4) The following services are used to host our applications and user data may be forwarded, processed and stored:

  • Amazon Web Services: https://aws.amazon.com/privacy/
  • Auth0: https://auth0.com/docs/secure/data-privacy-and-compliance
  • Stripe: https://stripe.com/privacy
  • Xero: https://www.xero.com/legal/privacy/
  • Cloudflare: https://www.cloudflare.com/privacypolicy/
  • Elastic.co: https://www.elastic.co/trust/security-and-compliance
  • Linear: https://linear.app/privacy
  • MongoDB Atlas: https://www.mongodb.com/legal/privacy/privacy-policy
  • Sendgrid: https://www.twilio.com/en-us/legal/privacy

(4) The following services are used to answer contact requests:

(5) The following services are used to manage privacy consent:

  • Cloudflare: https://www.cloudflare.com/privacypolicy/
  • Cookiebot: https://www.cookiebot.com/en/privacy-policy/

§ 9 Content Sync

(1) Processing purpose

(a) The module “cms_content_sync” as part of our product “Content Sync” can be integrated by users free of charge into their own Drupal applications. Depending on the configuration, the module also processes personal data. The respective provider of the Drupal application is responsible for the proper configuration and local processing of the data.

(b) The module “cms_content_sync” connects to one or more “Sync Core” applications as part of our product “Content Sync” according to the respective configuration. The Sync Core receives data, stores it and forwards it to other websites according to the configuration of the respective Drupal application. The responsible operator of these Drupal applications must ensure that the processing and configured distribution of the data is carried out in accordance with all applicable data protection laws and that it is appropriately declared.

(c) If the Sync Core is managed and operated by Edge Box (SaaS model), this Privacy Policy applies. In this case, personal data will only be processed according to the configuration for which the operator of the Drupal application is responsible.

(d) If the Sync Core is managed and operated by the customer (license model), the privacy policy of the respective responsible operator of the software applies.

(e) The Content Sync Backend at app.cms-content-sync.io is available to our users / customers to manage their contracts / subscriptions and to manage and assign their sites to their available licenses. The Content Sync Backend uses the service auth0 to securely store user accounts and to register and authenticate users. Users can either create their own account at auth0 or login with their existing Google account. If they use Google for authentication we will store their user ID, name and email address so that we can send necessary emails that are related to the Content Sync Backend.

(2) Legal basis

The legal basis for the processing of data in the case of §9c) is §6, 1f) DSGVO.

(3) Legitimate interest

Our legitimate interest is the functionality of our product.

(4) Storage period

The lifetime of the data depends on the configuration of the “cms_content_sync” module for which the provider is responsible.

After deletion of the data by the provider, data remains in backups for up to 180 days, which are necessary for recovery in the event of a disaster (“disaster recovery”).

(5) RIGHT OF OBJECTION

If you do not want this data to be stored, contact the Content Sync user who is responsible for processing your data about the configuration of the product.

§ 10 Rights of the subject

If your personal data is processed, you are the subject within the meaning of the DSGVO and you have the following rights:

1. Right to information

You may request confirmation from us as to whether personal data concerning you will be processed by us.

If such processing exists, you can request information from us about the following information:

(1) the purposes for which the personal data will be processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom the personal information about you has been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if this is not possible, criteria for determining the storage duration;

(5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by us or a right to object to this processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data, if the personal data is not collected from the subject;

(8) the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) DSGVO and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.

2. Right to rectification

You have a right of rectification and/or integration with us if the personal data processed concerning you is inaccurate or incomplete. We must carry out the rectification immediately.

3. Right to limitation of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

(1) if you dispute the accuracy of the personal data relating to you for a period of time that allows us to verify the accuracy of the personal data;

(2) if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;

(3) if we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims, or

(4) if you have lodged an objection against the processing pursuant to § 21, 1 DSGVO and it has not yet been determined whether the legitimate reasons to which we are entitled outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may request us to delete your personal information immediately and we are required to delete that information immediately for any of the following reasons:

(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke the consent on which the processing was based pursuant to § 6, 1a) or § 9, 2a) DSGVO, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to § 21, 1 DSGVO and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to § 21, 2 DSGVO.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.

(6) The personal data concerning you has been collected in relation to information society services offered pursuant to § 8, 1 DSGVO.

b) Information to third parties

If we have made the personal data concerning you public and if we are obliged to delete them in accordance with § 17, 1 DSGVO, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exemptions

The right to deletion does not exist if the processing is necessary

(1) on the exercise of freedom of expression and of information;

(2) to fulfil a legal obligation required by the law of the Union or of the Member States to which we are subject, or to perform a task in the public interest or in the exercise of official authority vested in us;

(3) on grounds of public interest in the field of public health pursuant to § 9, 2h and i and § 9, 3 DSGVO;

(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to § 89, 1 DSGVO, insofar as the law referred to under section a) presumably makes it impossible or seriously impairs the attainment of the objectives of such processing, or

(5) to assert, exercise or defend legal claims.

5. Right to information

If you have exercised the right to correction, deletion or limitation of processing against us, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of this correction, deletion or limitation of processing, unless this proves impossible or involves disproportionate effort.

You shall have the right to be informed of such recipients.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another responsible person without hindrance, provided that

(1) the processing is based on a consent pursuant to § 6, 1a) DSGVO or § 9, 2a) DSGVO or on a contract pursuant to § 6, 1b) DSGVO and

(2) processing is carried out using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by us to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to us.

7. Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of § 6, 1e) or f) DSGVO; this also applies to profiling based on these provisions.

We will then no longer process the personal data concerning you unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is connected with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in relation to the use of Information Society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.

9. Automated decision in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and us,

(2) is permitted by the laws of the Union or of the Member States to which we are subject and those laws contain adequate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) is made with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to § 9, 1 DSGVO, unless § 9, 2a) or g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With respect to the cases referred to in (1) and (3) above, we shall take reasonable steps to safeguard your rights and freedoms and your legitimate interests.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is in breach of the DSGVO.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.

§11 LinkedIn Analytics and LinkedIn Ads

We use the conversion tracking technology and retargeting feature of LinkedIn Corporation on our website.
This technology allows visitors to this site to play personalized ads on LinkedIn. It also provides the ability to create anonymous reports on ad performance and website interaction information. To do this, the LinkedIn Insight tag is included on this website, which connects you to the LinkedIn server when you visit this website and are logged into your LinkedIn account at the same time.
Please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy for more information on data collection and use, and the choices and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time by clicking on the following link: https://www.linkedin.com/psettings/enhanced-advertising.

§12 Facebook Analytics and Facebook Ads

On our website we use the remarketing function “Custom Audiences” of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”) and the Facebook tracking pixel.
This function serves the purpose of targeting the visitors of the website with interest-related advertising in the social network Facebook and evaluating conversions.
For this purpose, the remarketing tag and the tracking pixel of Facebook were implemented on the website. This tag establishes a direct connection to the Facebook servers when visiting the website. This transmits to the Facebook server which of our pages you have visited. Facebook associates this information with your personal Facebook user account. When you visit the social network Facebook, you will be shown personalized, interest-based Facebook ads. Processing is based on Art. 6 (1) lit. f DSGVO for the legitimate interest in the above-mentioned purpose.
For reasons arising from your particular situation, you have the right at any time to object to this processing of your personal data based on Art. 6 (1) f DSGVO.
Further information on the collection and use of the data by Facebook, on your rights in this regard and on ways of protecting your privacy can be found in Facebook’s data protection information at https://www.facebook.com/about/privacy/.

Responsible for data processing:

Edge Box GmbH
Am roten Morgen 75
64846 Gross-Zimmern
[email protected]