Privacy Policy

We at Charles GmbH (Charles) are committed to protecting your privacy. This Privacy Policy applies to the information collected on our website www.hello-charles.com by Charles acting as a controller. In this policy, we describe how we collect, receive, use, store, share, transfer, and process your personal information in relation to your use of our website and our newsletter we send out to you.

This Privacy Policy does not apply to the data our Charles cCom software solution processes on behalf of our clients (Client Data) in our capacity as a platform provider (Charles cCom Software) that you may access using the “Login” function on our website. Your use of the Charles cCom Software as a client of Charles is covered under: the Charles cCom Software Data Processing Addendum we have provided to you before onboarding.

You are free to decide, if you want to visit the websites without submitting personal information about yourself. When you want to request a demo or contact us regarding the Charles cCom Solution, we request that you provide Personal Information about yourself. In addition, we collect information in accordance with your preferences set on our cookie manager. For more information about the cookies we use, please see our Cookie Policy.

We will never sell your Personal Information to any third party.

This privacy policy applies to data processing by:

Controller:

Charles GmbH (hereinafter: Charles or hello-charles.com)

Gartenstraße 86-87

10115 Berlin

Germany

E-Mail: info@hello-charles.com

Managing Director(s): Andreas Tussing, Artjem Weissbeck

Dr. Sabrina Seak

Charles GmbH

Gartenstraße 86-87

10115 Berlin

Germany

Email: dpo@hello-charles.com

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

3. Processing of data

In the following, we inform you about our data processing in relation to our site, its purposes and legal basis, the collected data the respective storage period and, if applicable, specific objection and removal options.

a) Log files

When you visit our website www.hello-charles.com, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.

Type of Data

The following information is collected without your intervention:

• IP address of the computer/mobile device,
• unique device identifier,
• used browser type/version,
• location information,
• date and time of access,
• name and URL of the retrieved file,
• website from which access is made (referrer URL), and
• the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

Purposes

The data mentioned will be processed by us for the following purposes:

• ensuring a smooth connection of the website,
• to ensure a comfortable use of our website, and
• evaluation of system safety and stability.

Legal Basis

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the above listed purposes for data processing.

Storage Period

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are anonymized by deleting the last eight bits, so that an identification of you is no longer possible.

b) Contact us and request a demo

When you contact us regarding the Charles cCom Software on our website or request a demo or other provided material, we process personal information about yourself that you provide.

Type of data

We ask you to provide the following information on our website:

• first name and surname
• email address
• phone number
• job title and role
• company
• company size
• preferred language
• products and features you are interested in

Purposes

The data mentioned will be processed by us for the following purposes:

• assessment of the fit of our Charles cCom Software to your business
• scheduling a demo and/or providing material about our Charles cCom Software
• contract initiation and signing process
• for other administrative purposes.

If you agreed to receive other communications from us, we process your information in addition to request, if you want to sign up to our Newsletter (see more below under Section 5).

Legal Basis

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

Storage Period

We store your personal data collected within the scope of your consent for the above-mentioned purposes until your consent is revoked. You can revoke your consent at any time with effect for the future by contacting us or unsubscribing from our newsletter via the unsubscribe link.

If you revoke your consent, we will delete your personal data immediately, provided that we process them for marketing purposes on the basis of your consent. Please note that the revocation does not result in the deletion of all your personal data which we process in the course of the business relationship with you, if there is another legal basis for this. The revocation of your consent does not affect the legality of the data processing that has taken place up to that point.

We may request your personal data on our website on occasions, such as for recruitment purposes or to manage your participation in a competition or event. In all cases, we will provide you privacy statements on how we use your personal data.

 4. Signing up for the Charles Newschat on WhatApp

On our website, we offer you to sign up for our Newschat on WhatsApp. No data will be sent to WhatsApp until you scanned the QR code or clicked on the link referring to WhatsApp. Only after doing so, you will be directed to WhatsApp and have the possibility to start a conversation with us.

For offering and using WhatsApp, we use our Charles cCom Software, where we store all data in the EU. As an official WhatsApp partner, we use the WhatsApp Business API with the consequence that within our responsibility no other third parties or WhatsApp gain access to your communication content.

Your use of WhatsApp is governed solely by the agreements you entered into with WhatsApp. According to the terms of use of WhatsApp, we have your phone number and username through your contact. We use this and other information you provide to:

• recognize and respond to you
• administrate your preferences, and
• send you newsletter on WhatsApp (see more below under Section 5).

The respective legal bases are: (i) your consent in accordance with Art. 6 (1) (a) GDPR to answer your requests; and (ii) our outweighing legitimate interest to conduct customized marketing and for business development activities in accordance with Art. 6 (1) (f) GDPR.

You can revoke consent already given at any time, with future effect.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted or anonymized as soon as it is no longer needed for the processing purposes.

For further information, please contact: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland or refer to the respective privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea

5. Newsletter

If you have agreed to receive newsletters or other update services sent via WhatsApp, e-mail or otherwise, we will process your contact data and other data you submitted to us (see above Section 3 b) to provide those services to you.

To further optimise the user experience and in particular to tailor the information provided to you, we process information on your specified preferences, if any, and in some instances, follow your interaction with our newsletter (user statistics). In this context, we use Hubspot as the marketing tool for e-mail newsletter and for deal and/or lead registration.

For further information please contact: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA or refer to the respective privacy policy https://legal.hubspot.com/privacy-policy.

All newsletter activities and other update services serve marketing purposes and business development.

Legal Basis

The processing enabling us to send you newsletter is based on your explicit consent we obtained. In other cases, processing is based on our outweighing legitimate interests to conduct customized marketing and pursue business development activities, or, as the case may be, for the performance of a contract according.

Storage Period

We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it.

There are no negative consequences if you do not provide us the above-mentioned personal data. However, without providing your personal data, you cannot receive our newsletter or other update services.

6. Social media hyperlinks

We refer to our social media accounts (Facebook, Instagram and LinkedIn) on our webpage using hyperlinks. Although the reference links to our social media account are embedded in the corresponding logos, no data about you as a user are transferred to the respective social network provider. You will be directed to the respective website only if you click on the logos. The respective social network provider will collect and process information on your visit to our website for its own business purposes. We have no influence on this data processing on the respective linked websites.

For further information on the processing of personal data by these social network providers, please contact the respective social media provider or refer to their respective privacy policy:

• Facebook: https://www.facebook.com/policy.php
• Instagram: https://help.instagram.com/519522125107875/
• LinkedIn: https://linkedin.com/legal/privacy-policy

7. Disclosure

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

• You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation to pass on data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

8. Transfer to third countries

As a company working on a global scale, we share the data we process with recipients (service providers or other third parties) who may be located outside the EEA. To the extent that no statutory level of security comparable to the European data protection laws exists in such countries, we will adopt appropriate measures to ensure that your personal data will be adequately protected in these countries. In particular, we may apply the standard contractual clauses published by the European Commission.

In case we transfer data to the USA, you should be aware that the European Court of Justice (CJEU) evaluated the applicable data protection level providing less protection than the applicable data protection in the EU („Schrems II“ C-311/18). This assessment is based on the US authorities’ intelligence activities concerning the personal data transferred to the United States. According to the CJEU, surveillance programmes cannot be regarded as limited to what is strictly necessary and data subjects have no right to an effective remedy actionable in the courts against the US authorities. Considering these circumstances, we regular monitor the legal requirements of data transfers to the US. In addition, we conduct assessments regarding the risks of the access by US authorities to the personal data we send to the USA and the need to provide additional safeguards.

You may contact our data protection officer for further information, and, in particular, request inspection of the standard contractual contracts concluded.

9. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.

If you would like to make use of your right of revocation or objection, simply send an e-mail to dpo@hello-charles.com

10. Further rights of data subjects

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• to demand the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the correctness of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing in accordance with Art. 21 DSGVO;
• in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person;
• in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and
• to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or at our company headquarters. In the latter case, you can contact our Lead Data Protection Authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

https://www.datenschutz-berlin.de/ueber-uns/kontakt

11. Actuality and changes to this Privacy Policy

This Privacy Policy is currently valid as of 27 April 2022. Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this privacy policy.