Privacy Policy

Privacy Policy for the website

We at Charles GmbH (Charles) are committed to protecting your privacy. This Privacy Policy applies to the information and data collected by Charles as a controller, including the information collected on our website www.hello-charles.com or through other channels as described below. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your personal information.

This Privacy Policy does not apply to the data our Charles cCom software solution processes on behalf of our clients (Client Data) in our capacity as a platform provider (Charles cCom Software). Your use of the Charles cCom Software as a client of Charles is covered under the Charles cCom Software Data Processing Addendum we have provided before onboarding.

You are free to explore the Websites without providing any Personal Information about yourself. When you want to request a demo or contact as regarding the Charles cCom Solution, we request that you provide Personal Information about yourself, and we collect Navigational Information.

We will never sell your Personal Information to any third party.

1. Name and contact details of the controller
This privacy policy applies to data processing by:

Controller:
Charles GmbH (hereinafter: Charles or hello-charles.com)
Kleine Präsidentenstraße 1
10178 Berlin
Germany

E-Mail: info@hey-charles.com
Managing Director(s): Andreas Tussing, Artjem Weissbeck

2. Collection and storage of personal data and the nature and purpose of their use

a) When visiting the website
When you visit our website www.hello-charles.com, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information (not personal) is collected without your intervention and stored until it is automatically deleted:

IP address of the requesting computer,
date and time of access,
name and URL of the retrieved file,
website from which access is made (referrer URL),
the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The data mentioned will be processed by us for the following purposes:

ensuring a smooth connection of the website
to ensure a comfortable use of our website
evaluation of system safety and stability as well as
for other administrative purposes.

b) When contacting us and requesting a demo
When you want to request a demo or contact as regarding the Charles cCom Software, we request and store Personal Information about yourself that you provide:

first name and surname
email address
phone number
company
company size
products and features you are interested in

The data mentioned will be processed by us for the following purposes:

analyzing the fit of our Charles cCom Software to your business
scheduling a demo and/or providing material about our Charles cCom Software
contract initiation and signing process
for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
In addition, we use cookies and analysis services when you visit our website. You will find more detailed information on this under points 4 and 5 of this privacy policy.

3. Data transfer

Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
in the event that there is a legal obligation to pass on data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your terminal device and do not contain viruses, Trojans or other malware.
Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we will immediately become aware of your identity.
The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after leaving our site.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal for a specific period of time. If you visit our site again to make use of our services, it is automatically recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to record the use of our website statistically and to evaluate it for the purpose of optimising our offer for you (see point 5). These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. The complete deactivation of cookies may, however, result in you not being able to use all the functions of our website.

5. Analytics tools

a) Tracking tools
The tracking measures listed below and used by us are carried out on the basis of your voluntary consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. With the tracking measures used, we want to ensure that our website is designed to meet your needs and is continually optimised. On the other hand, we use the tracking measures in order to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer. These interests are to be regarded as justified within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
i) Google Analytics
We use Google Analytics, a web analysis service provided by Google LLC (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“) , for the purpose of tailoring our pages to meet your needs and continually optimising them. In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as

browser type/version,
operating system used,
referrer URL (the previously visited page),
host name of the accessing computer (IP address),
time of the server request,
Browser-Typ/-Version,

are transferred to a Google server in the USA and stored there. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see the entry for Google LLC). This information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for market research purposes and to tailor these Internet pages to meet specific needs. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set to prevent your information from being collected in the future when you visit this website. The opt-out cookie applies only to this browser and only to our website and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics-help (https://support.google.com/analytics/answer/6004245?hl=de).

ii) Facebook Conversion Pixel
We use the "conversion pixel" or visitor action pixel from Facebook. This is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). By calling this pixel from your browser, Facebook can then recognize whether a Facebook ad was successful, e.g. whether it led to an online purchase. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA (see also the entry for Facebook Inc.). Facebook only provides us with statistical data without reference to a specific person. This enables us to record the effectiveness of Facebook advertisements for statistical and market research purposes. This data processing is necessary to safeguard our overriding legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to show visitors to our website only advertising for products in which the user is also interested.
In particular, if you are registered on Facebook, we refer you to their data protection information: http://www.facebook.com/about/privacy/.

6. Social media plug-ins

We use social plug-ins of the social networks Facebook, Twitter and Instagram on our website on the basis of Art. 6 Para. 1 S. 1 lit. f DSGVO in order to make our offer better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.

a) Facebook
Social media plugins from Facebook are used on our website to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from Facebook.
If you call up a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and tailoring Facebook Pages to your needs. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options for the protection of your privacy can be found in Facebook's data protection information (https://www.facebook.com/about/privacy/).

b) Instagram
Our website also uses social plugins ("Plugins") from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera".
When you visit a page on our website that contains such a plugin, your browser connects directly to Instagram's servers. Instagram sends the content of the plugin directly to your browser and integrates it into the page. This integration tells Instagram that your browser has accessed the appropriate page on our site, even if you do not have an Instagram profile or are not logged into Instagram.
This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the "Instagram" button, this information is also sent directly to and stored on an Instagram server.
The information is also published to your Instagram account and displayed to your contacts.
If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website.
For more information, see Instagram's privacy policy (https://help.instagram.com/155833707900388).

8. Website Chatbot

For our website chatbot we use the services from Hubspot Inc., 25 First Street, 2nd Floor, Cambridge Massachusetts 02141, USA. Through this chat service, we can store and process the Personal Information needed for your Charles cCom Software requests as mentioned above in section 2 b). The information provided during the chat process might be stored on a Hubspot server in the United States. The transfer follows as a permissible third country transfer on the basis of the so-called Privacy Shield between the EU and the USA.Further information can be found in Hubspots's privacy policy (https://legal.hubspot.com/privacy-policy).

9. Rights of data subjects

You have the right:

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
to demand the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the correctness of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 DSGVO;
in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person;
in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and
to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or at our company headquarters.

10. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.
If you would like to make use of your right of revocation or objection, simply send an e-mail to info@hey-charles.com.

11. Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

12. Actuality und changes to this privacy policy

This privacy policy is currently valid and as of November 2020.
Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this privacy policy.