Imprint & Privacy

Imprint

Imprint conformable to § 5 TMG.

steadybit GmbH
Hochstraße 11
42697 Solingen
Germany

Represented by Managing Directors:

Benjamin Wilms
Dennis Schulte
Johannes Edmeier

Commercial Register:

District Court Wuppertal, HRB 30206

VAT Id. No.:

DE326927463

Email:

info@steadybit.com

Privacy Notice

Thank you for your interest in our website steadybit.com. The protection of your personal data is of great importance to us. That is why we pay a lot of attention to this aspect in our Internet activities. The most important legal basis is the EU General Data Protection Regulation (hereinafter “GDPR”). Of course, we also observe all other relevant legal requirements, in particular those of the German Federal Data Protection Act (Bundesdatenschutzgesetz, hereinafter “BDSG”) and the German Telemedia Act (Telemediengesetz, hereinafter “TMG”).

In the following, we would like to inform you about the processing of your personal data

1. Controller

Controller for the processing of your personal data is steadybit GmbH Hochstrasse 11, 42697 Solingen (Germany) Commercial Register of the local court Wuppertal, HRB 30206 (hereinafter “steadybit“, “we” or the “Company”).Also available at info@steadybit.com or privacy@steadybit.com.

2. Surfing on steadybit.com

2.1 For what purposes do we process your data?

When you visit our website, your browser - as with any other website - contacts our web server to retrieve the pages you require. You do not need to log in or identify yourself for this. The allocation of requests and feedback from our server is based on your IP address, which may be used to establish a reference to your person. In detail, personal data such as your IP address is transmitted to our web server as part of an HTTP/S request. These connection data are processed by our web server to enable access to the website. In addition, the respective HTTP/S calls are logged in a log file. We use this for technical troubleshooting and to defend and clarify attacks (e.g. by hackers) on our systems. In addition, we use the already stored log files to create evaluations that we use to optimize our websites. The evaluation as such takes place in an anonymous form, i.e. by combining call data, so that the results no longer have any personal reference.

2.2 On what legal basis do we process your data?

Your personal data will be processed on the basis of our legitimate interests in accordance with of Article 6 (1) (f) GDPR. Our legitimate interest is to operate a website for general information and communication purposes and to present our Company. The log files are processed on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to protect our facilities and systems from attacks and, if necessary, to take legal action against attackers and to further develop our websites for commercial purposes. The legal basis for the storage of data for the fulfilment of legal retention periods is, if applicable, Art. 6 Para. 1 lit. c GDPR in conjunction with the relevant statutory retention periods (in particular § 257 HGB, § 147 AO). The consent is therefore the legal basis for data processing in accordance with Art. 6 Para. 1 lit. a GDPR as well as the basis for contacting us by telephone and e-mail in accordance with § 7 Para. 2 No. 2-3 of the German Unfair Competition Act (“UWG”).

2.3 Is there an obligation for you to provide your data and what happens if you decide against it?

You are not obliged to provide your personal data. However, it is not possible to use the website without processing your connection data.

2.4 With whom is your data shared or who is involved in the processing of your data?

In principle, processing is fully automatic. Our website is operated via servers of the company Amazon Web Services EMEA SARL, which acts on our behalf (Art. 28 GDPR) as a service provider for hosting services. Our IT department has access to the log files. Where necessary, these data are also transmitted to external recipients (in particular law enforcement authorities to prosecute hacker attacks).

2.5 How long will your data be stored?

The logfile data is stored for 14 days. All other data is deleted immediately after the HTTP/S request has been carried out.

3. Communication by e-mail / contacting

3.1 For what purposes do we process your data?

If you contact us with a request or we contact you, we process your personal data which are necessary for communication with you (“communication data”), e.g. name, address, e-mail, telephone number as well as the contents of the communication. The information you provide may be stored for processing the contact and for any queries.

3.2 On what legal basis do we process your data?

The processing of your data in the context of communication via the contact form or by e-mail takes place on the basis of Article 6 (1) (b) GDPR, insofar as the exchange is connected with the initiation or performance of a contract with you. In other respects, the legal basis depends on the specific purpose of the exchange. In most cases Article 6 (1) (f) GDPR (our legitimate interest in conducting business correspondence or communicating with clients or for example answering questions on data protection) will be relevant.

3.3 Is there an obligation for you to provide your data and what happens if you decide against it?

You are not obliged to provide your data. However, communication by e-mail is not possible without the processing of your personal data.

3.4 With whom is your data shared or who is involved in the processing of your data?

We will only pass on your communication data internally to the persons at steadybit responsible for your request.

3.5 How long will your data be stored?

Your personal data will be deleted as far as they are no longer necessary for communication with you. The data may be kept for longer on the basis of Article 6 (1) (c) GDPR in conjunction with the relevant statutory retention periods (in particular un-der commercial, tax and duty law). In case of business correspondence, this is usually six years after the end of the year in which it has been received.

4. Steadybit platform

4.1 For what purposes do we process your data?

Steadybit is a service offering that assists customers in detecting weak spots in its software and systems. The service analyzes the software itself and injects failures in the systems under test. The service consists of a component installed on the custom-er’s hosts or VMs (hereinafter “Agent“) and a central control unit (hereinafter “Plat-form“) which is either installed and run by the customer on-prem or provided by steadybit as SaaS. For providing access protection and auditing to our SaaS offering, we only store the name and email address of the platform users. When using the on-prem offering we only store the data to administer the license.

4.2 On what legal basis do we process your data?

The processing of your data in the context of communication via the contact form or by e-mail takes place on the basis of Article 6 (1) (b) GDPR, insofar as the exchange is connected with the initiation or performance of a contract with you. In other respects, the legal basis depends on the specific purpose of the exchange. In most cases Article 6 (1) (b) GDPR (our legitimate interest in conducting business correspondence or communicating with clients or for example answering questions on data protection) will be relevant. In the event that you wish your data to be permanently stored so that you can use our services again and again in the future in a simple and uncomplicated manner without having to provide all data again, this will be done on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

4.3 Is there an obligation for you to provide your data and what happens if you decide against it?

You are not obliged to provide your data. However, using the offering/our services is not possible without the processing of your personal data. The consent to the permanent storage of your data is also voluntary. We only offer this as an additional service.

4.4 With whom is your data shared or who is involved in the processing of your data?

We will only pass on your communication data internally to the persons and internal systems at steadybit.

4.5 How long will your data be stored?

We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymize it. The data may be kept for longer on the basis of Article 6 (1) (c) GDPR in conjunction with the relevant statutory retention periods (in particular under commercial, tax and duty law). In case of business correspondence, this is usual-ly six years after the end of the year in which it has been received.

4.6 What other data is stored?

The Agents collect data from the customer infrastructure. When using the on-prem offering all data is stored and processed on the customer’s site and not transferred elsewhere. When using the SaaS offering the data is stored and processed by steadybit. This data includes but is not limited to:

  • infrastructure data: hostnames, ip addresses, account numbers, cloud metadata, container names, image names, operating system, system metrics
  • application data: application name, remote service addresses/names, used libraries, used databases, application metrics

We do not record passwords, API tokens or other information sensitive to security means from your systems.

5. Social PLUG-INS

5.1 Who control the data in the context of social media plug-ins

We do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social me-dia plug-in to the social network provider. Any data processing is determined solely by the network service provider. In the interest of transparency, we would like to inform you about the processing of your personal data in this context.

5.2 Description and purposes of the processing

To improve your user experience, our website includes social media plug-ins of the large social media networks Twitter and LinkedIn. These plug-ins allow you to directly post links to and other content from our websites on the relevant network.

Upon you opening a website on which a social media plug-in is embedded, the respective social network provider

  • Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in.

For further information on the processing of personal data, please contact the respective social media provider or refer to their respective privacy policy:

  • Twitter Inc.: twitter.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

5.3 Legal basis for the processing and legitimate interests for the processing

The processing of personal data in this context by us, if any, is based on our legitimate interests to: (i) improve our website’s user experience thereby making it more attractive and thus increasing user traffic; and (ii) make our content more visible and thereby promote our business.

For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:

  • Twitter Inc.: twitter.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

5.4 Recipients

We do not have access to, nor share, any personal data in this context.

For sharing of personal data by the social media provider, please contact the respective social media provider.

5.5 Transfer of personal data to third countries or international organisations

We do not transfer personal data to third countries. However, the social media plug-in will connect to the webserver of the social media network in the United States of America. For further information on transfers and relevant safeguards regarding them, please contact the respective social media provider or refer to their respective privacy policy:

  • Twitter Inc.: twitter.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

5.6 Retention period

We do not store any personal data in this context.

For storage of personal data by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:

  • Twitter Inc.: twitter.com/privacy
  • LinkedIn: linkedin.com/legal/privacy-policy

5.7 Possible consequences of failure to provide personal data

Without processing the above mentioned personal data, you will not be able to post links to and other content from our website.

6. Use of third party companies

To provide our services to you in the best possible way, we also use third parties who perform services owed by us on our behalf or who support us in the provision of ser-vices and who may also be commissioned to process personal data in this context (processors). In particular, we use the following third party:

  • Google AdWords and Google Conversion Tracking. We use Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Park-way, Mountain View, CA 94043, United States (“Google”). As part of Google Ad-Words, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser places on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the Conversion cookie is used to generate conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by easily turning off the Google Conversion Tracking cookie in your Internet browser under User Preferences. You will then not be included in the con-version tracking statistics. Conversion cookies" are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. More information on Google AdWords and Google Conversion Tracking can be found in Google's privacy policy: https://www.google.de/policies/privacy/. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

  • Google Remarketing. We use the features of Google Analytics Remarketing in con-junction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This feature allows Google Analytics Remarketing to link the ad target groups created with Google Analytics Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized to you based on your past usage and browsing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC). If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising by following this link: https://www.google.com/settings/ads/onweb/. The data collected in your Google Account will only be aggregated on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the data collection is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes. Further information and the data protection regulations can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=de.

  • Google reCAPTCHA. We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a person or by an automated program. To this end, reCAPTCHA analyzes the behavior of the website visitor using various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various in-formation (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is for-warded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting his web offers against abusive automated spying and against SPAM. For further information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

  • HubSpot. We are supported in our online marketing activities by HubSpot, a soft-ware company from the USA with a subsidiary in Ireland. To Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500. HubSpot covers various aspects of our online marketing, such as e-mail marketing, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms. This information and the content of our website is stored on servers of our software partner HubSpot. If processing takes place in the USA, it has to be considered that HubSpot is certified under the US-EU data protection agreement "Privacy Shield". They can be used by us to get in contact with you and to determine which services are interesting for you. We use all information collected solely to improve our marketing efforts. The legal basis for the use of Hubspot's services is article 6 para-graph 1 lit. f. GDPR. For further information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy

7. Your rights

If our Company processes personal data about you, you have the right, within the respective legal scope - i.e. in accordance with the regulations of the GDPR – to information, in particular on data stored by the controller and their processing purposes (Art. 15 GDPR) correction of incorrect or incomplete data (Art. 16 GDPR) deletion, for example of data processed unlawfully or no longer required (Art. 17 GDPR) restrictions on processing (Art. 18 GDPR) objection to the processing, in particular if it is carried out to protect the legitimate interests of the controller (Art. 21 GDPR) and data transfer, provided that the processing is based on consent or for the execution of a contract or with the aid of automated procedures (Art. 20 GDPR)

If processing is based on a consent given by you (Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, you have the right to revoke the consent at any time. The legality of the processing carried out on the basis of the consent until your revocation is not affected by this.

The assertion of your rights as well as other questions and concerns can be addressed to us by the means of communication most convenient for you:

By mail: steadybit GmbH , Hochstr. 11, 42697 Solingen, Germany
By email: privacy@steadybit.com

Furthermore, you have the possibility to address complaints to the responsible supervisory authority. For steadybit, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine Westphalia), P.O. Box 200444, 40102 Düsseldorf, poststelle@ldi.nrw.de.