Privacy Policy | Cloudflight

Version 1.8 (Dec 20, 2024)

The secure handling of your data is particularly important. We would therefore like to inform you in detail about the use of your personal data when you visit our website. Personal data includes all data with which you can be personally identified.

1. Definitions

Our data privacy statement is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was issued. You can find more information and explanations as well as the contents of the GDPR here.

2. Responsibility

Responsible for data processing in the sense of the GDPR is:

Cloudflight GmbH (“we” or “Cloudflight”)
Friedenheimer Brücke 16
80639 Munich, Germany
Managing Director: Christian Bigatà Joseph
info@cloudflight.io

The data protection officer of Cloudflight GmbH can be reached out:

Data Protection Officer of Cloudflight GmbH
Friedenheimer Brücke 16
80639 Munich, Germany
privacy@cloudflight.io

3. Purposes of processing and legal basis

3.1 General

We collect, process and use your personal data within the scope of this website for the following purposes:

Initiation, conclusion and implementation of contractual relationships and the associated customer service and support
Registration for events and competitions
Publication in rankings (Hall of Fame)
Processing of applications
Participation in the e-mail newsletter
Advertising and marketing activities

We process your personal data only if and insofar as this processing is based on one or more of the following legal bases:

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

In the case of processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) lit. f GDPR serves as the legal basis for the processing. If and to the extent that this legal basis legitimises the processing, we weigh our legitimate interests against your interests, fundamental rights and/or freedoms on a case-by-case basis and explain this.

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.

3.2 Collection of data when visiting our website

Every time a data subject or automated system accesses the website, data and information is collected by this website. This general data and information is stored in the log files of the server. As far as you do not register or otherwise transmit special information, the technically necessary data is collected such as:

browser types and versions used,
the Internet service provider of the accessing system
the operating system used by the accessing system,
the website from which an accessing system accesses our website
the date and time of access,
the IP address used and
other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

The collected data and information is evaluated by Cloudflight on the one hand statistically and also with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.

This information is required to display the contents of our website correctly, to optimise the advertising content for this website and to ensure its functionality. The processing is therefore carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. We reserve the right to subsequently check the server log files if there are concrete indications of illegal use. Processing with regard to optimisation by evaluation of use is also carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the improvement and functionality of our website and its contents.

3.3 Use of Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit us (persistent cookies). You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.

3.4 Use of Matomo

We use the web analytics service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand, (“Matomo”) on our website as an on-premise solution. We consider this to be the best way to conduct analyses in compliance with data protection regulations. Based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, data is collected and stored. For the same purpose, pseudonymised user profiles can be created and evaluated from this data. Cookies can be used for this purpose. Among other things, the cookies enable the recognition of the Internet browser. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor of this website and is not combined with personal data about the bearer of the pseudonym.

Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.

Further information on data protection can be found in the privacy policy at: matomo.org/privacy-policy/

Legal basis: We use this processing on the basis of Art. 6 Para. 1 lit. f GDPR in the context of the balancing of legitimate interests as explained above. If storage or access to end devices within the meaning of Section 25 TDDDG takes place, the processing is carried out in accordance with Section 25 Para. 1 TDDDG, Art. 6 Para. 1 lit. a GDPR by way of consent.

3.5 Use of Hubspot

3.5.1 General Information

For the data you provide on the Website, we use processing systems of HubSpot.com Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (“HubSpot”) for customer relationship management (“CRM”) purposes. HubSpot may only access the data in accordance with our instructions (order processing). HubSpot is committed to ensuring strict technical measures to protect your personal data. HubSpot will not share your personal information with any third party, unless the disclosure is necessary to perform the agreed services or HubSpot must do so to comply with the law. The personal information provided for this purpose will be kept to the minimum necessary. HubSpot Germany is a subsidiary, HubSpot has its headquarters in the USA, HubSpot, Inc., Two Canal Park, Cambridge, MA 02141-1814, USA. Therefore, it cannot be completely ruled out that the above data may be transferred to the USA. HubSpot guarantees via the EU standard contract clauses that your data is also subject to an adequate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF). Further information on this can be obtained from the provider at the following link: dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

3.5.2 Use of data when entering forms on the website or sending E-Mails

On the Cloudflight website you will be given the opportunity to fill in input masks for the purposes indicated below.

When you enter your data in the input mask, we use the HubSpot Tracker exclusively in accordance with your settings in the Consent Manager, which are queried via a cookie banner when you visit the website and can be changed at any time under “Privacy Settings” in the footer of the website. With each subsequent interaction with HubSpot, this is assigned or not assigned to your person according to your settings.

3.5.2.1 Newsletter

You can subscribing to the newsletter or to event information of our group of companies (Cloudflight GmbH, Sappho zweiundzwanzigste Holding GmbH, Cloudflight Austria GmbH, Cloudflight Romania Srl, Cloudflight Poland sp. z o.o, Cloudflight Germany GmbH). Which personal data is transmitted to the data controller when ordering the newsletter is determined by the input mask used for this purpose. Which personal data is transmitted to the controller and his order processor HubSpot results from the applied input mask. We inform our customers, business partners and potential applicants at regular intervals by means of a newsletter about interesting research topics and event announcements.

For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the newsletter for the first time using the double opt-in procedure. This confirmation e-mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the E-Mail as the person concerned.

The data collected by us when registering for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned at the beginning, which also revokes your consent. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.

3.5.2.2 White Papers

You can download our resources e.g. e-books or white papers using dedicated form by providing your details as your name, last name and business email. The basis for the processing of your data is our legitimate interest in distributing educational materials and sharing our expertise.

For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the download digital content for the first time using the double opt-in procedure. This confirmation e-mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the e-Mail as the person concerned.

If you select the appropriate checkbox, your personal data will be processed also for delivering our newsletter to you (please see section 3.5.2.1. “Newsletter” above for detailed information).

Your provision of your personal data is always voluntary, but necessary to download white papers. If you do not provide the required data, we will not be able to deliver the white papers to you.

3.5.2.3 Contact form

The contact form allows you to send inquiries about our services or services of companies from our group of companies (Cloudflight GmbH, Sappho zweiundzwanzigste Holding GmbH, Cloudflight Austria GmbH, Cloudflight Romania Srl, Cloudflight Poland sp. z o.o, Cloudflight Germany GmbH). The legal basis for the processing is our legitimate interest in respond to your message.

If you select the appropriate checkbox, your personal data will be processed also for delivering our newsletter to you (please see section 3.5.2.1. “Newsletter” above for detailed information).

Your provision of your personal data is always voluntary, but necessary to send the message to us. If you do not provide the required data, we will not be able to respond on your message.

Legal basis: We use this processing on the basis of Art. 6 para. 1 lit. f GDPR in the context of the balancing of legitimate interests as explained above, in particular in the case of white paper and the contact form. If storage or access to end devices within the meaning of Section 25 TDDDG takes place, processing is carried out in accordance with Section 25 para. 1 TDDDG, Art. 6 para. 1 lit. f GDPR by way of consent, in particular for the newsletter.

3.6 Use of Google Services

We integrate services of the provider Google and its subsidiaries listed below on our website. In the course of using these services, information (including personal data, in particular your IP address and location data) may be processed by these companies. It cannot be ruled out that information may also be transmitted to a server in a third country.

Google guarantees via the EU standard contractual clauses that your data is also subject to an appropriate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF).

Our necessary legitimate interest lies in the advantage of not having to provide large amounts of data on our servers ourselves. We can thus use these more efficiently elsewhere for the benefit of performance and thus ensure greater stability for you. In addition, you give your consent accordingly via the consent management tool. You can send or inform us of your right to object at any time, see section 4 of this privacy policy.

You are also not obliged to provide personal data. However, failure to provide such data may result in you not being able to use the corresponding services on our website or not being able to use them to their full extent. You can find more detailed information in Google’s privacy policy, which you can access here: www.google.com/policies/privacy/, opt-out option: https://tools.google.com/dlpage/gaoptout, settings for the display of advertisements: https://adssettings.google.com/authenticated.

3.6.1 Google Maps

We integrate maps from the provider Google. The service provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Maps is integrated on our website as an “Iframe”. Our purpose in integrating Google Maps is to provide you with maps and route information (directions to our offices) on our website.

3.6.2 YouTube

We integrate YouTube plug-ins on this website to enable the display of videos. YouTube is a service provided by YouTube LLC (“YouTube”), 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is integrated on our website by means of “iframe”. Our purpose in integrating YouTube is to make various videos available to you on our website so that you can view them directly by clicking on them.

3.6.3 Google Ads

The website uses Google Ads Remarketing as a remarketing service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,

data protection officer: https://support.google.com/policies/troubleshooter/7575787?hl=en

The purpose of data processing is remarketing. Data collected by or through the use of this service are visit duration, IP address, pages visited, content in which the user is interested, website usage. The data is deleted as soon as it is no longer required for the processing purposes. This service may transfer the collected data to another country.

The following Links provide further information:

https://policies.google.com/privacy?hl=en

https://policies.google.com/technologies/cookies?hl=en

https://safety.google/privacy/privacy-controls/

3.6.4 Google Tag Manager

This website uses Google Tag Manager from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Tag Manager is used to centrally integrate and manage code sections of tracking tools that are used on this website. Data transfer is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR. Data is transferred on the basis of Art. 28 GDPR in conjunction with the data processing agreement.

The Google Tag Manager stores your personal data for a period of 2 years. Google may process personal data outside the EU/EEA. For the transfer of your personal data to third countries for which there is no adequacy decision, we have concluded the standard contractual clauses (https://commission.europa.eu/publications/publications-standard-contractual-clauses-sccs_en?etransnolive=1) with Google.

3.6.5 Google Analytics 4.0

This website uses the web analysis service Google Analytics 4.0, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics 4.0 uses cookies and similar technologies that allow us to analyze the use of our website.

The data collected is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage. You can prevent the storage of cookies at any time via your browser settings or revoke your consent via our cookie banner. Alternatively, you can object to data processing by Google by setting an opt-out cookie or installing the browser add-on at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further information on data processing by Google can be found in Google’s privacy policy at: https://policies.google.com/privacy

Legal basis: The processing is based on Section 25 para. 1 TDDDG, Art. 6 para. 1 lit a GDPR by way of consent.

3.7 Microsoft Bookings

Our website uses the Microsoft Bookings service (part of the Microsoft Office 365 software suite) of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (“Microsoft”) for online appointment booking. The software enables the booking of a customer appointment (e.g. for a consultation before or after the conclusion of a contract). The connection to the service is only established when you call up the online booking function via a link or button on our website, in an e-mail or in the newsletter. To make an appointment, your entries in the appointment form are transferred to Microsoft. You can find further information on the handling of your data in Microsoft’s privacy policy.

Microsoft guarantees via the EU standard contractual clauses that your data is also subject to an adequate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF).

Legal basis: We use this processing on the basis of Art. 6 para. 1 lit. f GDPR in the context of the balancing of legitimate interests as explained above. If storage or access to end devices within the meaning of Section 25 TDDDG takes place, the processing is carried out in accordance with Section 25 para. 1 TDDDG, Art. 6 para. 1 lit a GDPR by way of consent.

3.8 Applications and application procedures

We collect and process the personal data transmitted by you for the purpose of handling the application process. Data will only be passed on to companies affiliated with us (see section 5 of this data protection declaration) beyond the fulfillment of internal administrative purposes if you have consented to the transfer. You can object to the storage of your data for applications and in the application process at any time or revoke any consent you have given. The provisions of section 4 of this privacy policy apply. If we conclude an employment contract with you, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with you, the application documents will be deleted 12 months after notification of the rejection decision, unless storage for future applications has been expressly consented to and no other legitimate interests prevent deletion. Another legitimate interest is, for example, our burden of proof in proceedings under the General Equal Treatment Act (AGG). Within the scope of the deletion period, there may also be country-specific deviations on the basis of special retention obligations, which we weigh up according to the above-mentioned legitimate interest.

Legal basis: We carry out this processing on the basis of Art. 6 para. 1 lit. f GDPR in the context of the balancing of legitimate interests as explained above. If data is stored on the basis of your consent (applicant pool), this is done in accordance with Art. 6 para. 1 lit. a GDPR.

3.9 Usercentrics (Consent Manager)

Our website uses Usercentrics (Consent Manager). This is a consent management service of the company Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This company is used on the website as a processor for the purpose of consent management. The purposes of data collection and processing are Compliance with legal obligations and consent storage for the services/technologies used. Typical technologies are cookies and pixels that are placed in the browser. The data is processed in the European Union (consent database is located in Belgium). The data will be deleted as soon as it is no longer required for the specified processing purposes. The consent data (consent and withdrawal of consent) will be stored for three years. The data will then be deleted. Further information and the data protection provisions of the data processor can be found here: https://usercentrics.com/privacy-policy/

Legal basis: We carry out this processing on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with. § 25 para. 2 no. 2 TDDDG.

3.10 Leadfeeder

Our website also uses the services of lead generation tools from Liidio Oy/Leadfeeder, Mikonkatu 17 C Helsinki, Finland. On the one hand, a lead is interested in our company or a product. On the other hand, his information is left to us for further dialog development in order to enable contact initiation. Generating leads is an important part of acquiring new customers. The targeted generation of leads as a purpose of advertising is in our legitimate interest in data processing, whereby the rights of the data subject of lead data within the scope of the willingly provided and general data do not prevail. Leadfeeder accesses the list of IP addresses of website visitors in the analysis and links the list of IP addresses with information about the companies that can be found on the Internet under these IP addresses. As the IP addresses of website visitors are already truncated, no direct personal reference is established. However, a personal reference may arise in individual cases when reviewing the linked company information. Leadfeeder’s privacy policy can be found at https://www.leadfeeder.com/privacy, information about Leadfeeder and compliance with the General Data Protection Regulation: https://www.leadfeeder.com/leadfeeder-and-gdpr/.

Legal basis: We use this processing on the basis of Art. 6 para. 1 lit. f GDPR in the context of the balancing of legitimate interests as explained above and in particular in accordance with § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR by way of consent.

3.11 Facebook Conversion API

Our website uses Facebook Conversions API. This is a technology to improve advertising performance on Facebook by gathering the interaction of our website visitors with our website and passing it on to Facebook. In particular, the time of access, the website accessed, your IP address and your user agent are recorded by us. The provider of the service is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. Contact the data protection officer: https://www.facebook.com/help/contact/540977946302970. The data processing purposes are analysis, marketing, retargeting, tracking and advertising. A complete overview of the data that can be collected can be found here: developers.facebook.com/docs/marketing-api/conversions-api/parameters.
The retention period ends as soon as it is no longer required for the specified processing purposes. The data will then be deleted. This service may transfer the collected data to another country.

Insofar as personal data is collected on our website and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at: facebook.com/legal/controller_addendum.

You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find further information on protecting your privacy in Facebook’s privacy policy: de-de.facebook.com/about/privacy.

Facebook guarantees via the EU standard contractual clauses that your data is also subject to an appropriate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF).

Legal basis: We carry out this processing on the basis of Section 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR by way of consent.

3.12 LinkedIn Tag

Our website uses LinkedIn Insights Tag as a conversion tracking tool, a tool of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight Tag is integrated on our pages and a cookie is set on your end device by LinkedIn. This informs LinkedIn that you have visited our website. Your IP address is collected in the process. Timestamps and events such as page views are also stored. This enables the statistical evaluation of the use of our website. We need this to optimize our website, for example by being able to determine which LinkedIn ad or interaction on LinkedIn brought you to our website. We use this information to control our approach, in particular advertising.

Further information can be found at https://www.linkedin.com/legal/privacy-policy.

The data is stored by LinkedIn and processed in such a way that a connection to your user profile is possible and LinkedIn can use the data for its own purposes. You can find more information on this in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

You can prevent the processing of your usage behavior by LinkedIn at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Legal basis: We carry out this processing on the basis of Section 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR by way of consent.

3.13 Reddit Pixel

On our website, we use a tracking pixel from the provider Reddit, Inc.1455 Market Street, Suite 1600, San Francisco, CA 94103, United States, to display interest-based advertising on the Reddit platform. We use cookies from Reddit Inc. on our website for conversion measurement and retargeting so that our company’s advertisements on the Reddit platform are displayed as accurately as possible and we receive feedback on the success of our advertising. The use of cookies and comparable technologies and the further use of the data only takes place with consent.

Further information on the processing of data when using Reddit can be found at Reddit Privacy Policy.

Reddit guarantees via the EU standard contractual clauses that your data is also subject to an adequate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).

Legal basis: We carry out this processing on the basis of Section 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR by way of consent.

3.14 Microsoft Teams

Our website uses Microsoft Teams (part of the Microsoft Office 365 suite), an online meeting and video conferencing service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521. When using Microsoft Teams, various personal data and data types are processed, depending on the information you provide before or during participation in an online meeting. The following personal data may be processed:

User details: display name, email address, profile picture, preferred language
Meeting metadata: Date, start and end time, meeting ID, telephone number, location
Text, audio and video data: Audio and video data is processed during the online meeting. In addition, you can optionally use the chat function during an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting.

In special situations, Cloudflight can make recordings of the online meetings. You will be informed of this before the start of the meeting or displayed in the online meeting and, if necessary, you will be asked for your consent. In the event of a recording, files of all video, audio and presentation slides will be created and, if necessary, a text file of the online meeting chat will be saved.

Personal data that is processed in connection with participation in online meetings will not be shared with third parties by us unless it is intended to be shared.

Microsoft Teams is a service offered by a European subsidiary of Microsoft Corporation based in the USA. There is an data processing agreement (DPA) between Microsoft Teams and us, which contractually obliges Microsoft to comply with the General Data Protection Regulation (GDPR). It cannot be completely ruled out that Microsoft Corporation or US security authorities may have access to the circumstances and content of communication via Teams.

Microsoft guarantees via the EU standard contractual clauses that your data is also subject to an appropriate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).

Further information on the processing of data when using Microsoft Teams can be found at Data Protection and Microsoft Teams.

Legal basis: The legal basis for conducting online meetings with our business partners in the context of contract fulfillment is Art. 6 para. 1 lit. b GDPR. If personal data is not required for the performance of a contract with business partners or the fulfillment of an employment relationship, Art. 6 para. 1 lit. f GDPR justifies the data processing. If the processing of the data is based on consent, Art. 6 para. 1 lit. a GDPR is the relevant legal basis.

3.15 Events

Cloudflight organizes and hosts various events, expert exchanges, get-togethers, and meet-ups to engage in scientific discussions, sometimes in cooperation with partners or sponsors..

Cloudflight and its partners and sponsors have a justified interest in presenting their events in the usual media in a correspondingly promotional manner. Cloudflight will also publish the usual images and videos associated with the event concerning the course and execution/content of the event for the purpose of reporting on this event and promoting future events. If an event is streamed live, participants will be informed before entering the venue.

Legal basis: We use this processing on the basis of Art. 6 para. 1 lit. f GDPR in the context of the balancing of legitimate interests as explained above. If storage is based on your consent (if applicable for individual images and videos), this is done in accordance with Art. 6 para. 1 lit. a GDPR.

3.16 Use of AI-Tools

Cloudflight uses AI tools for the purpose of increasing efficient workflows by utilizing data processors, such as providers like Microsoft. More information can be found via https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-portal. By providing training to our employees, we avoid that personal data is shared. However, it cannot be completely ruled out that information may be transmitted to a server in a third country. If processing takes place in third countries, an adequate level of data protection is ensured. For example, Microsoft guarantees via the EU standard contractual clauses that your data is also subject to an appropriate level of data protection in the USA. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).

3.17 Whistleblowing

If you make a report of irregularities in Cloudflight and provided any personal data in it, the administrator of such data will be the group company to which the report relates. These data will be processed for the purpose of accepting a notification and conducting an investigation or taking follow-up action on the basis of the legal obligation of that company is subject under the law ( Art. 6 para. 1 lit. c GDPR). Personal data may furthermore be processed for the purposes of that company’s legitimate interests consisting, in particular, the ability to establish or assert possible claims or defend against such claims in connection with Article 6(1) para. f of GDPR.

As a result of the requirement to provide personally identifiable information in the notification, your personal data, shall not be disclosed to unauthorised persons (i.e. persons outside the team responsible for the investigation of the notified case), except with your express consent. In connection with investigations carried out by public authorities or pre-trial or judicial proceedings carried out by courts, including for the purpose of guaranteeing your rights of defence, your data may be disclosed when such action is a necessary and proportionate obligation under the law.

Providing the data is voluntary, but if you do not provide contact information, we will not be able to confirm acceptance of your application.

3.18 Storylane

Our website uses the services of Storylane Inc., represented by Akash Bansal – 2261 Market Street #4813, San Francisco, CA 94114, United States, to support our interactive storytelling and presentation services. To access these functions, users are forwarded directly to the Storylane Inc. website. When interacting with the videos provided there, personal data such as your e-mail address, IP address, usage statistics and interactions are collected and processed. This information is used to improve the user experience and offer high-quality services. It is possible that this personal data may be transferred to servers in the USA. Further information can be found at the following link: : https://www.storylane.io. The provider’s privacy policy is available at: https://www.storylane.io/privacy-policy
Legal basis: We use this processing on the basis of Art. 6 para. 1 lit. f) GDPR in the context of the balancing of legitimate interests as explained above. If storage or access to end devices within the meaning of Section 25 TDDDG takes place, the processing is carried out in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) EU GDPR by way of consent.

3.19 Microsoft Clarity

Our website uses Microsoft Clarity, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The service uses cookies and similar technologies to enable the analysis of website visitors’ behavior.

The data collected is used to better understand how visitors interact with our website. In particular, the tool enables the creation of heatmaps and session recordings, allowing us to improve the user experience and design content more effectively.

The following data may be collected:

Clicks and interactions on the website
Mouse movements and scrolling behavior
Device screen size, browser type, and operating system
IP address (anonymized)

You may prevent the storage of cookies at any time via your browser settings or withdraw your consent via our cookie banner.

For more information about data protection at Microsoft, please refer to Microsoft’s general privacy policy: Microsoft Privacy Statement.

Legal basis: Processing is carried out on the basis of Section 25 para. 1 TDDDG and Art. 6 para. 1 lit. a GDPR, by way of consent.

4. Right of revocation and objection / opt-out possibility

You can revoke all consents to the use of your personal data that you have given us (including any declarations of consent that you may not have given), either in total or for individual processing operations, free of charge. The legality of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.
Since your personal data are required for the creation of a user profile for the sending of personalised newsletters, a revocation of your consent may result in either no personalised newsletters being sent to you or, in the event of an objection, no newsletters being sent to you at all for all processing operations. Depending on the scope of the revocation, notifications of participation in events and competitions as well as the Hall-of-Fame may also be omitted.

You also have the right to object, in accordance with Art. 21 GDPR, to the processing of your personal data that is carried out on the basis of a legitimate interest on our part or on the part of a third party, provided that there are reasons for doing so that arise from your particular situation or that the objection is directed against general or customised direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating a special situation.

If you do not wish cookies to be stored in your browser, you can also do so by selecting the appropriate browser setting under Tools/Internet Options. If you want to allow the writing of cookies only for certain websites, please proceed according to the settings for each browser:

Please note, however, that in this case you have to expect a limited presentation of the online offers and a limited user guidance. You can also delete cookies at any time. In this case, the information stored in them will be removed from your end device.

5. Transfer of data to third parties

Your data will only be passed on to service providers and partner companies that have been carefully selected and contractually bound. In doing so, we will only transfer your data to processors and service providers to the extent that this is necessary for the performance of the contract (Art. 6 para. 1 lit. b GDPR); data processing is required in particular to ensure the completeness and accuracy of the data and to be able to perform the contract, or to the extent that this is necessary to fulfil a legal obligation (Art. 6 para. 1 lit. c GDPR; the data processing is required in particular to guarantee the completeness and accuracy of tax data in accordance with the German Tax Code), insofar as this is covered by your voluntarily given consent (Art. 6 para. 1 lit. a GDPR), or if this is necessary to safeguard the legitimate interests of the person responsible or of a third party (Art. 6 para. 1 lit. f GDPR; a legitimate interest is in particular our customer loyalty interest).

This includes in particular service providers for IT services, for the delivery of products or for marketing such as lettershops or newsletter dispatch and/or service partners such as online payment providers, to whom we only pass on the data (e.g. name, address) necessary for the fulfilment of the task.

This also includes the forwarding of data to companies affiliated with us, which are required for the fulfilment of internal administrative purposes and the uniform control of company-wide objectives. The processing is therefore carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

All personal data will, of course, be treated in strict confidence. The recipients are contractually bound by us in accordance with the strict provisions of the GDPR and may not use the data for any other purposes. With the exception of any recipients named in this data protection declaration, your data will not be transferred to third countries (countries outside the European Economic Area, EEA). In the event of a data transfer, this always takes place on the basis of so-called standard contractual clauses of the European Union, which guarantee a sufficient level of data protection.

6. General duration of data storage

Your personal data will only be stored for the period of time required to fulfil the purpose of storage, unless we are obliged to store the data for a longer period of time due to legal, statutory or contractual retention periods. Your personal data will be deleted or blocked once the purpose is no longer applicable or fulfilled. In the case of blocking, the data will be deleted as soon as legal, statutory or contractual retention periods are no longer opposed. Only in exceptional cases can we refrain from deleting the data, which would cause a disproportionately high effort due to the special type of storage.

7. Rights of the data subject

You are entitled to the following rights with regard to your data processed by us:

The right to obtain information about your personal data stored by us in accordance with Art. 15 GDPR; in particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you,
The right to correct incorrect data or to complete correct data in accordance with Art. 16 GDPR,
The right to delete your data stored with us in accordance with Art. 17 GDPR, insofar as no legal or contractual retention periods or other legal obligations or rights for further storage must be observed,
The right to restrict the processing of your data in accordance with Art. 18 GDPR, if you dispute the accuracy of the data, if the processing is unlawful but you refuse to have it deleted; if the person responsible no longer needs the data but you need it to assert, exercise or defend legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR,
The right to data transferability in accordance with Art. 20 GDPR, i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to request transfer to another responsible party,
The right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters. The competent authority is then:
Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Postfach 1349
91504 Ansbach
Tel.: 0981/180093-0
Fax: 0981/180093-800
poststelle@lda.bayern.de,
https://www.lda.bayern.de

If you have any further questions regarding the processing of your personal data or the exercise of any of the rights available to you, please send us an e-mail to: privacy@cloudflight.io.

8. Data security

The protection of your data and compliance with legal regulations in all data processing procedures (e.g. collection, processing and transmission) is our highest priority.

On this website, all personal data is encrypted appropriately and in accordance with the generally recognised state of the art before it leaves your terminal device (e.g. PC, laptop) for transmission on the Internet. Your details are therefore not visible to outsiders.

9. Changes

Changes in the law or changes in our internal processes, technologies used and/or selection of partners may make it necessary to amend this privacy policy. In the event of such a change, we advise you to visit this section regularly and keep yourself informed of the latest changes. Please note that the current version of the data protection declaration is the valid one.