Privacy Policy
This privacy policy was created for the corporate website of Rwazi, Inc. – www.rwazi.com – and for the Rwazi mobile application on both iOS and Android.
I. Name and contact details of the Controller
The Controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws is:
Rwazi, Inc.
2055 Limestone Rd STE 200-C, Wilmington, DE 19808, United States
Phone: +1 (800) 597-5871
E-mail: hello@rwazi.com
Contact details of the internal Data Protection Officer
Rwazi, Inc.
Data Protection Officer
2055 Limestone Rd STE 200-C, Wilmington, DE 19808,United States
data-protection@rwazi.com
II. General information concerning the processing of personal data
Scope of processing of personal data
We (the “Controller” pursuant to the GDPR) take the protection of your data very seriously. In principle, we only process (Art. 4 (2) GDPR) the personal data of our users (“data subjects” within the meaning of GDPR) insofar as this is necessary to deliver a functional website along with our services and content. The collection and use of personal data concerning our users only regularly occurs with the user’s consent. Exceptions apply in cases where obtaining prior consent is not possible due to the factual circumstances and the data processing is permitted by statutory regulations. As a rule, our services are directed towards adults. Persons under the age of 18 should not transfer personal data to us without the consent of their parents or legal guardian(s).
Legal basis for the processing of personal data
Insofar as we obtain the data subject’s consent for the processing of personal data, Art. 6 (1)(a) GDPR is the legal basis for the processing of personal data.
For the processing of personal data that is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract, Art. 6 (1)(b) GDPR is the legal basis.
Insofar as processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1)(c) GDPR is the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1)(f) GDPR is the legal basis for processing.
Duration of storage and deletion of personal data
The personal data concerning the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may extend beyond this period if this is stipulated by EU or national lawmakers in EU directives, laws or other regulations to which the controller is subject, particularly laws concerning taxes and accounting. The data will also be blocked or erased after the expiration of a storage period prescribed by the above regulations, unless continued storage of the data is necessary in order to enter into a contract or for contract performance.
Links to third-party providers
Insofar as our website contains links to third-party services purely as recommendations, partners or customers, such websites are not subject to our privacy policy, but rather to the privacy policy of the third-party provider. This does not include the third parties that are listed individually below.
III. General provisions for all our websites and applications
Provision of website and log files
Description and scope of data processing
For each visit to our websites, our system automatically collects data and information from the computer system of the visiting device.
The following data is collected in this context:
-
your IP address
-
Browser type and browser version
-
Operating system used
-
Referrer URL
-
Host name of the accessing computer of smartphone
-
Time and date of server request
This data will also be stored in our system log files. This data will not be stored together with other personal data of the user.
Legal basis for data processing
The legal basis for temporary storage of data and log files is Art. 6 (1)(f) GDPR. We have a legitimate interest in improving the functionality and stability of the website.
Purpose of data processing
It is necessary for the system to temporarily store the IP address in order to deliver the website to the user’s device. For this purpose, the user’s IP address must be saved for the duration of the session. Storage in log files occurs in order to ensure the functional operation of the website. We also use this data to optimize the website and to ensure the security of our IT systems. The data will not be analyzed for marketing purposes in this context.
Duration of storage
The data will be erased as soon as it is no longer required to fulfill the purpose for which it was collected. Where data is collected for the provision of the website, this is the case when the respective session has ended. Apart from this, the duration of storage is based on the stipulations of tax law and accounting law.
In case of data storage in log files, this occurs after seven days at the latest. Storage for longer periods of time is possible. In this case, the IP addresses of the users will be deleted or disguised so that it is no longer possible to identify the visiting client.
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or which the internet browser stores on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence that enables unambiguous identification of the browser when accessing our website again. On our website, we also use cookies that allow us to analyze the browsing patterns of users.
The following data may be transmitted in this way:
-
Search terms entered
-
Frequency of website access
-
Use of website functions
When accessing our website, the user will be informed about the use of cookies for analytical purposes and give consent to the processing of the personal data used in this context. Reference will also be made to this privacy policy.
Legal basis for data processing
The legal basis for the processing of personal data using cookies that are essential because of technical requirements is Art. 6 (1)(f) GDPR (essential cookies). We have a legitimate interest in providing a stable service and improving our website. The legal basis for the processing of personal data using cookies for the purposes of functionality and marketing, if the user has granted consent in this regard, is Art. 6 (1)(a) GDPR (functional and marketing cookies).
Purpose of data processing
Analytical cookies are used for the purpose of improving the quality of our website and its content. Analytical cookies allow us to learn how the website is used and allow us to optimize our services continually.
Duration of storage
Cookies are stored on the user’s device and transmitted to our website by the device. For this reason, you as a user have complete control over the use of cookies.
Contact form and e-mail contact
Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input screen will be transmitted to us and stored. This data includes:
-
Name
-
E-mail
E-mail address and the time the message is sent, the following data will also be stored:
-
Data and time of registration
-
E-mail address
-
Name and phone number if provided
Alternatively, contact is possible via the e-mail address provided. In this case, the user’s personal data submitted with the e-mail will be stored.
In this context, the data will not be transferred to third parties. The data will exclusively be used to process the conversation.
Legal basis for data processing
The legal basis for the processing of data is contractual pursuant to Art. 6 (1)(b) GDPR, if the aim of e-mail contact is to enter into a contract.
The legal basis for the processing of data that is transmitted when sending an e-mail in other events is Art. 6 (1)(f) GDPR.
Purpose of data processing
We only process personal data from the input screen in order to establish contact. In case of contact via e-mail, we also have the required legitimate interest in data processing. Other personal data processed during the sending process helps to prevent misuse of the contact form and to guarantee the security of our IT systems.
Duration of storage
The data will be erased as soon as it is no longer required to fulfill the purpose for which it was collected. For the personal data from the input fields in the contact form and data sent via e-mail, this is the case once the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the situation in question has been resolved definitively.
Usercentrics
Description and scope of data processing
This website uses Cookie Consent Management Tool, a cookie service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Usercentrics uses so-called “Cookies”. These are text files that are stored on your computer, making it possible to analyze your use of our website. The information generated by the cookie about your use of this website (including your IP address) is generally transferred to a Usercentrics server and stored there.
Legal basis for data processing
The legal basis for the processing of personal data using Usercentrics’s is Art. 6 (1)(f) GDPR. We have a legitimate interest in improving the functionality and stability of the website and a legal obligation to provide consent management tools.
Purpose of data processing
The data is required for the improvement and analysis of our website. By anonymising the data, this statistical collection is exclusively used to improve our services. You can find more information in Usercentrics’s privacy policy at https://usercentrics.com/privacy-policy/.
Duration of storage
Data is not stored for longer periods than necessary. Data will be erased after the statistical analysis has been performed. You can find more information at: https://usercentrics.com/privacy-policy/.
Google Tag Manager
Description and scope of data processing
We use Google Tag Manager, which is provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, that allows companies to manage website tags via an interface. It is a cookieless domain that does not collect any personal data. Google Tag Manager is responsible for triggering other tags, such as Google Analytics, which may in turn collect data. This data is not accessed via Google Tag Manager. If you prevent the acceptance of cookies via this site in your browser settings, this shall remain applicable for all tracking tags.
The information generated by the information call about your use of this website (including your IP address) is generally transferred to a Google server in the EU or USA and stored there. You can find more information in Google’s privacy policy at https://policies.google.com/privacy?hl=de.
Legal basis for data processing
Google Tag Manager is used in the interest of a unified and attractive display of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1)(a) GDPR.
Purpose of data processing
The purpose of use is the unified and attractive display of our website.
Duration of storage
We do not store the data in this process. Regarding the storage of data by Google, we refer to the privacy policy: https://policies.google.com/privacy?hl=de.
Google Analytics
Description and scope of data processing
On our website we use Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. Google utilizes the Data collected to track and examine the use of Rwazi, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
The information generated by the information call about your use of this website (including your IP address) is generally transferred to a Google server in the EU or USA and stored there. You can find more information in Google’s privacy policy at https://policies.google.com/privacy?hl=de.
Legal basis for data processing
The legal basis for the processing of data is Art. 6 (1)(a) GDPR.
Within the scope of processing by Google Analytics, data may be transmitted to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Google Analytics consent management system in accordance with Art. 49 (1) (a) DSGVO.
Purpose of data processing
The purpose of use is the unified and attractive display of our website.
Duration of storage
We do not store the data in this process. Regarding the storage of data by Google, we refer to the privacy policy: https://policies.google.com/privacy?hl=de.
Hubspot
Description and scope of data processing
On our website we use the Marketing Hub, Sales Hub, CMS Hub, Operations Hub and Service Hub services provided by Hubspot, Inc., 2 Canal Park, Cambridge, MA 02141, United States. Hubspot utilizes the Data collected to track and examine the use of Rwazi and to prepare reports on its activities.
The information generated by the information call about your use of this website (including your IP address) is generally transferred to a Hubspot server in the EU or USA and stored there. You can find more information in Hubspot’s infrastructure FAQ here:
Legal basis for data processing
The legal basis for the processing of data is Art. 6 (1)(a) GDPR.
Within the scope of processing by Hubspot, data may be transmitted to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Google Analytics consent management system in accordance with Art. 49 (1) (a) DSGVO.
Purpose of data processing
The purpose of use is the unified and attractive display of our website, as well as to gauge the interest of prospective customers.
Duration of storage
We do not store the data in this process. Regarding the storage of data by Hubspot, we refer to the privacy policy: https://knowledge.hubspot.com/account/hubspot-cloud-infrastructure-and-data-hosting-frequently-asked-questions
IV. Rights of the data subject
For the processing of personal data, you are a data subject within the meaning of the GDPR and have the following rights with respect to the controller:
1. Right of the data subject to access information
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) The purposes of the processing;
b) The categories of personal data concerned;
c) The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
d) Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) The right to lodge a complaint with a supervisory authority;
g) Where the personal data is not collected from the data subject, any available information as to their source;
h) The existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data is transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
In case of processing for scientific or historical research purposes or statistical purposes, this right can be restricted insofar as this would make impossible or significantly impede the research or statistical purposes and the restriction is necessary in order to fulfill the research or statistical purposes.
2. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
In case of processing for scientific or historical research purposes or statistical purposes, this right can be restricted insofar as this would make impossible or significantly impede the research or statistical purposes and the restriction is necessary in order to fulfill the research or statistical purposes.
3. Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) The data subject withdraws consent on which the processing is based according to Art. 6 (1)(a) GDPR, or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.
c) The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
d) Host name of the accessing computer
e) Time and date of server request
d) The personal data has been unlawfully processed.
e) The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
f) The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
Where the controller has made the personal data public and is obliged pursuant to the above paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
The above paragraphs 1 and 2 shall not apply to the extent that processing is necessary
a) For exercising the right of freedom of expression and information;
b) For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) GDPR as well as Art. 9(3) GDPR;
d) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph 1 above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) For the assertion, exercise or defense of legal claims.
4. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of is use instead;
c) The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims;
d) The data subject has objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted under paragraph 1 above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing pursuant to paragraph 1 above shall be informed by the controller before the restriction of processing is lifted.
In case of processing for scientific or historical research purposes or statistical purposes, this right can be restricted insofar as this would make impossible or significantly impede the research or statistical purposes and the restriction is necessary in order to fulfill the research or statistical purposes.
5. Right to be informed
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17(1) and Art. 18 GDPR to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
6. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
-
The processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(b)
-
GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
-
The processing is carried out by automated means.
In exercising his or her right to data portability pursuant to the above paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to the right to erasure of data. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to withdraw consent for data processing
You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) (GDPR), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest. This right of objection can be restricted insofar as this would make impossible or significantly impede the research or statistical purposes and the restriction is necessary in order to fulfill the research or statistical purposes.
9. Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The above paragraph 1 shall not apply if the decision:
a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller;
b) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c) Is based on the data subject’s explicit consent.
In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.