Privacy Policy

The responsible entity within the meaning of the data protection laws, in particular the General Data Protection Regulation (EU GDPR), is:

Trialflow GmbH
Wienburgstraße 207
48159 Münster

Represented by:
Leona Turner

Contact privacy officer:  info@trialflow.io

Your rights concerned
You can exercise the following rights at any time by contacting our data protection officer:
- Information about your data stored with us and its processing,
- correction of incorrect personal data,
- deletion of your data stored with us,
- restriction of data processing, provided that we are not yet allowed to delete your data due to legal obligations,
- objection to the processing of your data with us and
- data portability, provided that you have consented to the data processing or have concluded a contract with us.

If you have given us your consent, you can revoke it at any time with effect for the future, and you can contact the supervisory authority responsible for you with a complaint at any time. Your competent supervisory authority will be determined by the state of your residence, your work or the alleged violation. A list of the supervisory authorities (for the non-public sector) with their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Purpose of data processing by the responsible entity and third parties
We process your personal data only for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those mentioned. We will only pass on your personal data to third parties if:
- You have given your express consent,
- the processing is necessary for processing a contract with you,
- the processing is necessary to fulfill a legal obligation,
- the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data

Collection of general information when visiting our website
When you access our website, information of a general nature is collected with each visit. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and similar information. This information is technically necessary in order to correctly deliver the contents of websites requested by you and is mandatory when using the internet. It is processed in particular for the following purposes:
- Ensuring a problem-free connection of the website,
- ensuring a smooth use of our website,
- evaluation of system security and stability and
- for other administrative purposes.

The processing of your personal data is based on the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR) as well as on our legitimate interest (Art. 6 para. 1 lit. f GDPR) from the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible entity and, if applicable, contract processors who are obliged to protect data.

Amazon Cloudfront
We use the Content Delivery Network (CDN) Amazon CloudFront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to improve the security and delivery speed of our Website, which is a legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a server network, which is able to provide optimized content for website users. For this purpose personal data can be processed in AWS server log files. AWS as our data processor is the recipient of your personal data. It is our legitimate interest(Art. 6 para. 1 lit. f GDPR)to not run our own CDN. You have the right to object at any time to the processing of your data. The functionality of the website can not be ensured without this processing. AWS stores your personal data as long as they are needed for the above described purposes.
We have concluded a contract for the processing of personal data with AWS, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

AWS committed itself to extensive compliance rules for processing personal data of natural entities in the EU. They are based on the standard contractual clauses of the European commission. Find more information here: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
Find further information about objection and erasure  at AWS here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

Cookiebot


We use the consent management service Cookiebot, Cybot A / S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage the consent of website users for data processing. The processing is necessary to fulfill a legal obligation (Art. 7 para. 1 GDPR) to which we are subject (Art. 6 para. 1 S. 1 lit. c GDPR). The following data are processed with the help of cookies:

Your IP address (the last three digits are set to '0'). Date and time of consent. Browser information URL from which your consent was sent.

An anonymous, random and encrypted key, your consent status of the end user, as proof of consent.

The key and consent status are stored in the browser for 12 months with the help of the cookie "CookieConsent".

This means that your cookie preference is retained for subsequent page inquiries. With the help of the key, your consent can be proven and traced. If you activate the service function "collective consent" in order to activate the consent for several websites with a single end user consent, the service also stores a separate, random, unique ID with your consent. If all of the following criteria are met, this key is saved in encrypted form in the third-party cookie “CookieConsentBulkTicket” in your browser: YOU activate the collective consent function in the service configuration. You allow third-party cookies via browser settings. The functionality of the website cannot be guaranteed without processing. Cybot is the recipient of your personal data and works for us as a processor. The processing takes place in the European Union. You can find more information on how to object and repair Cybot at: https://www.cookiebot.com/de/privacy-policy/ Your personal data will be continuously deleted after 12 months or immediately after the termination of the contract between us and Cybot. Please note our general information on deleting and deactivating cookies above.




SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

Contact form
If you contact us by e-mail or contact form with regard to questions of any kind, you give us your voluntary consent for the purpose of contacting us. For this purpose, a valid e-mail address is required. This serves to assign the inquiry and to answer it afterwards. The indication of further data is optional. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions. Personal data will be automatically deleted after the completion of your inquiry.

Disclaimer
Despite careful control of the content Trialflow is not liable for the content of external links. For the content of the linked pages the operators of these pages are solely responsible.

Amendment of the data protection regulations
We reserve the right to adapt this data protection declaration so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your renewed visit.

Questions regarding data protection
If you have any questions regarding data protection, please send us an e-mail or contact the person responsible for data protection in our organization directly: info@trialflow.io