Below is an overview of the services and service providers we use to operate our website and its related services.
All information here refers to the category “Website Visitors, Prospects, Customers”.
We process data based on the following legal basis: Performance of pre contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) which arise out of the purpose description of each service provider.
Furthermore, unless otherwise defined for each company, we process content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, 1855 Luxembourg; subsidiary of: Amazon.com Services LLC, 410 Terry Ave. North, Seattle, WA 98109 5210, USA
Services of the Organization
Amazon Web Services
Website: https://aws.amazon.com
Privacy Policy: https://aws.amazon.com/privacy/
Amazon Cloudfront
Website: https://aws.amazon.com/cloudfront/
Privacy Policy: https://aws.amazon.com/privacy/
Contractual Basis; Data Transfer
There is a current Data Processing Agreement between Amazon Web Services EMEA SARL and itdesign GmbH in place.
Purpose of Data Processing
Provision of online services, web hosting
Additional/Specific Deletion Periods
The data collected here is not stored for longer than 365 days and is subsequently anonymized or deleted. This also applies to the unabbreviated IP addresses.
ProductBoard, Inc.
612 Howard street, 4th floor, San Francisco, CA 94105, USA
Services of the Organization
ProductBoard
Website: https://www.productboard.com/
Privacy Policy: https://www.productboard.com/privacy policy/
Contractual Basis; Data Transfer
We have concluded a data processing agreement with ProductBoard, Inc. in accordance with Art. 28 GDPR.
The processed data is transferred to and stored on a ProductBoard, Inc. server in the USA (third country). An adequate level of data protection for the transfer to the USA is ensured due to ProductBoard, Inc.’s certification under the adequacy decision (EU U.S. Data Privacy Framework).
Purpose of Data Processing
Contact and feature requests
Zendesk, Inc.
1019 Market St., San Francisco, CA 94103, USA
Services of the Organization
Zendesk
Website: https://www.zendesk.com
Privacy Policy: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
Contractual Basis; Data Transfer
There is an data processing agreement between Zendesk, Inc. and itdesign GmbH in place. The processed data is stored on a Zendesk, Inc. server in Germany.
In addition, an adequate level of data protection is guaranteed for the cooperation due to the certification of Zendesk, Inc. under the adequacy decision (EU U.S. Data Privacy Framework).
Purpose of Data Processing
Contact and feature requests
Additionally Processed Data Types or Details of Services
Attachments to tickets (e.g., documents and images)
Calendly LLC
271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA
Services of the Organization
Calendly
Website: https://calendly.com/
Privacy Policy: https://calendly.com/pages/privacy
Contractual Basis; Data Transfer
We have concluded a data processing agreement with Calendly in accordance with Art. 28 GDPR.
The processed data is transferred to and stored on a Calendly server in the USA (third country). An adequate level of data protection for the transfer to the USA is ensured due to Calendly’s certification under the adequacy decision (EU U.S. Data Privacy Framework).
Purpose of Data Processing
Online appointment scheduling
Additional/Specific Deletion Periods
Consent for the use of personal data can be revoked at any time for the future by sending an email to team@calendly.com.
Capterra Inc.
1201 Wilson Blvd, 9th Floor, Arlington, VA 22209, USA
Services of the Organization
Capterra (integrated via Google Tag Manager)
Website: https://www.capterra.com/
Privacy Policy: https://www.capterra.com/legal/privacy-policy
Purpose of Data Processing
Online marketing and online advertising
FingerprintJS Inc.
1440 W. Taylor St 735, Chicago, IL 60607, USA
Services of the Organization
Fingerprint
Website: https://fingerprint.com/
Data protection policy: https://dev.fingerprint.com/docs/privacy-policy
Contractual Basis; Data Transfer
We have concluded contracts for order processing with Fingerprint in accordance with Art. 28 GDPR.
Purpose of Data Processing
Web analysis, monitoring and optimization
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland; subsidiary of: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Services of the Organization
Cloud Firestore
Website: https://cloud.google.com/
Security information: https://cloud.google.com/privacy
Google Analytics
Website: https://marketingplatform.google.com/about/analytics/
Data protection policy: https://policies.google.com/privacy
Google Tag Manager
Website: https://marketingplatform.google.com
Data protection policy: https://policies.google.com/privacy
Google Signals
Website: https://marketingplatform.google.com
Privacy Policy: https://policies.google.com/privacy.
Google Ads and conversion measurement
Website: https://marketingplatform.google.com
Data protection policy: https://policies.google.com/privacy
Google Maps
Website: https://cloud.google.com/maps platform
Data protection policy: https://policies.google.com/privacy
reCAPTCHA v3
Website: https://www.google.com/recaptcha/
Data protection policy: https://policies.google.com/privacy
YouTube
Website: https://www.youtube.com
Data protection policy: https://policies.google.com/privacy
Contractual Basis; Data Transfer
An order processing contract has been concluded with Google in accordance with Art. 28 GDPR.
In the case of Google, the information generated by the cookie is transferred to a Google server in the USA (third country) and stored there. Google may use this data for its own purposes and link it to other data records, e.g. your search history or personal accounts known to Google. We have no influence whatsoever on this data processing. The data processing is essentially carried out by Google. An appropriate level of data protection is guaranteed for the transfer to the USA due to Google’s certification under the EU U.S. Data Privacy Framework.
Other / Opt Out
Google Analytics
Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Settings for the display of advertisements: https://adsettings.google.com/authenticated
Another possibility to object to web analysis by Google Analytics is to not allow cookies from Google Analytics. You can use the following “Borlabs” switch to specify whether you want to allow analysis by Google Analytics (On) or not (Off).
Google Maps
Opt out plug in: https://tools.google.com/dlpage/gaoptout?hl=en
Settings for the display of advertisements: https://adssettings.google.com/authenticated
ReCaptcha
Opt out plug in: https://tools.google.com/dlpage/gaoptout?hl=en
YouTube videos
Opt out plug in: https://tools.google.com/dlpage/gaoptout?hl=en
Purpose of Data Processing
User feedback;
Web analysis, monitoring and optimization;
Online marketing and online advertising and procurement of applications via app stores;
Plugins and embedded functions as well as content
Additionally Processed Data Types or Details of Services
We use the following Google Services: Cloud Firestore, Google Ads, Google Analytics, Google Maps, Google Play, Google Signals, Google Tag Manager, ReCaptcha, YouTube.
Additional/Specific Deletion Periods
Google Analytics: The user and event data collected by us from Google Analytics is deleted within a period of 36 months.
Google Signals: The user and event data collected by us from Google Analytics is deleted within a period of 36 months.
Google Tag Manager: The user and event data collected by us from Google Tag Manager is deleted within a period of 36 months. We have no influence on the storage duration of your data that is stored by the operators of the advertising platforms for their own purposes. For details on this, please inform yourself directly with the operators of the tools.
Google Cloud EMEA Ltd.
70 Sir John Rogerson’s Quay, Dublin 2, Ireland
Services of the Organization
Google BigQuery
Website: https://cloud.google.com/
Data protection policy: https://cloud.google.com/terms/cloud-privacy-notice
Contractual Basis; Data Transfer
Wir verwenden einen automatisierten Export von Google Analytics nach BigQuery. Dabei werden nur Daten verarbeitet, die durch Google Analytics erhoben wurden.
Purpose of Data Processing
Web analysis, monitoring and optimization
Additional/Specific Deletion Periods
See information provided for Google Ireland Limited
LogMeIn Ireland Limited
Bloodstone Building Block C 70, Sir John Rogerson’s Quay Dublin 2, Ireland; subsidiary of: LogMeIn, Inc., 320 Summer Street, Boston, MA 02210 320 Summer Street Boston, Massachusetts 02210, USA
Services of the Organization
GoToMeeting
Website: https://www.gotomeeting.com/
Data protection policy: https://www.logmeininc.com/legal/privacy
GoToWebinar
Website: https://www.gotomeeting.com/
Data protection policy: https://www.logmeininc.com/legal/privacy
Contractual Basis; Data Transfer
Data processing agreements according to Art. 28 GDPR have been concluded with the service provider GoToMeeting.
For GoToMeeting and GoToWebinar, data is transferred to contract partners within the EU. In this processing of your data, it may be transferred to countries outside the EU or EEA (so called third countries). In this case, the transfer to third countries is based on standard contractual clauses.
Purpose of Data Processing
Video conferences, online meetings, webinars, and screen sharing
Additional/Specific Deletion Periods
The data collected directly by us through the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage duration of your data that is stored by the operators of the conference tools for their own purposes. For details on this, please inform yourself directly with the operators of the conference tools.
HubSpot
Am Postbahnhof 17, 10243 Berlin; subsidiary of: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA
Services of the Organization
HubSpot
Website: https://www.hubspot.com/
Privacy policy: https://legal.hubspot.com/privacy-policy
Contractual Basis; Data Transfer
We have concluded a data processing agreement with HubSpot in accordance with Art. 28 GDPR.
For HubSpot, data is transferred to contract partners within the EU.
In addition, an adequate level of data protection is ensured for the collaboration due to Hubspot Inc.’s certification under the adequacy decision (EU U.S. Data Privacy Framework).
Purpose of Data Processing
Contact and feature requests;
Newsletters and marketing emails;
Emails regarding the use of Meisterplan, Online marketing and online advertising
Additionally Processed Data Types or Details of Services
HubSpot will share the following data with LinkedIn for marketing purposes: Email address (hashed), First name, Last name, Title, Company, Country, Stage
UsabilityHub Pty Ltd
UsabilityHub Pty Ltd ACN 158 305 205 trading as Lyssna, Lvl 4/54 Wellington St Collingwood, Victoria 3066, Australia
Services of the Organization
Lyssna
Website: https://www.lyssna.com/
Security information: https://app.lyssna.com/privacy
Purpose of Data Processing
User feedback
Additional/Specific Deletion Periods
The deletion periods are based on the framework of legal requirements for deletion and retention.
Microsoft Corporation
One Microsoft Way, Redmond, WA 98052 6399, USA
Services of the Organization
Microsoft Cloud Services:
Microsoft Office 365.
Website: https://www.microsoft.com/en us/
Data protection policy: https://privacy.microsoft.com/en us/privacystatement
Security information: https://www.microsoft.com/en us/trust-center
Microsoft Teams
Website: https://www.microsoft.com/en us/
Data protection policy: https://privacy.microsoft.com/en-us/privacystatement
Security information: https://www.microsoft.com/en- us/trust -center
Microsoft Clarity
Website: https://clarity.microsoft.com/
Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
Cookie Policy: https://privacy.microsoft.com/en- us/privacystatement
Microsoft Advertising (integrated via Google Tag Manager)
Website: https://about.ads.microsoft.com/
Privacy Policy: https://privacy.microsoft.com/privacystatement/
Contractual Basis; Data Transfer
Data processing agreements in accordance with Art. 28 GDPR have been concluded with Microsoft.
The processed data is transferred to and stored on a Microsoft server in the USA (third country). An adequate level of data protection for the transfer to the USA is ensured due to Microsoft’s certification under the adequacy decision (EU U.S. Data Privacy Framework).
Other / Opt Out
Microsoft Clarity
Opt Out: Choose Microsoft here: https://optout.aboutads.info/?c=2&lang=EN
Microsoft Advertising (integrated via Google Tag Manager)
Opt out: https://choice.microsoft.com/opt-out.
Purpose of Data Processing
Contact and feature requests;
Video conferences, online meetings, webinars, and screen sharing;
Cloud services;
Web analysis, monitoring and optimization;
Online marketing and online advertising
Additionally Processed Data Types or Details of Services
Microsoft Cloud Services, Microsoft Teams, Microsoft Clarity, Microsoft Advertising
Additional/Specific Deletion Periods
Microsoft Teams: The data collected directly by us through the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage duration of your data that is stored by the operators of the conference tools for their own purposes. For details on this, please inform yourself directly with the operators of the conference tools.
Microsoft Clarity: All data in Microsoft Clarity is automatically deleted after 365 days.
Pagely Inc.
515 E Grant St #150, Phoenix, AZ 85004, USA
Services of the Organization
Pagely
Website:https://pagely.com
Privacy policy: https://pagely.com/legal/privacy-policy/
Contractual Basis; Data Transfer
We have concluded a data processing agreement with Pagely in accordance with Art. 28 GDPR.
The processed data is transferred to and stored on a Pagely server in the USA (third country). An adequate level of data protection for the transfer to the USA is ensured due to Pagely’s certification under the adequacy decision (EU U.S. Data Privacy Framework).
Purpose of Data Processing
Provision of online services, web hosting
Additional/Specific Deletion Periods
The data collected here is not stored for longer than 365 days and is subsequently anonymized or deleted. This also applies to the unabbreviated IP addresses.
Meta Platforms Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; subsidiary of: MetaPlatforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Services of the Organization
Meta Pixel and Target Group Formation (Custom Audiences) (integrated via Google Tag Manager)
Website: https://about.meta.com/de/
Privacy Policy: https://www.facebook.com/about/privacy
Contractual Basis; Data Transfer
We are jointly responsible, together with Meta Platforms Ireland Ltd., for the collection or receipt of “event data” through Meta Pixel and similar functions (e.g., interfaces) that are executed or obtained as part of a transmission for the following purposes as part of a
transfer: a) display of content advertising information that corresponds to the presumed interests of users; b) delivery of commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improving the delivery of ads and personalization of functions and content (e.g., improving the recognition of which content or advertising information is presumed to be in the interests of users). We have concluded a special agreement with Meta (“Additional For Persons Responsible”, https://www.facebook.com/legal/controller_addendum) which regulates in particular which security measures Meta must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Meta has agreed to comply with the affected rights (i.e., users can, for example, send information or deletion requests directly to Meta). Note: If Meta provides us with metrics, analyses and reports (which are aggregated, i.e., do not receive information about individual users and are anonymous to us), then such processing does not take place within the scope of joint responsibility, but on the basis of an order processing contract (“Data Processing Conditions “, https://www.facebook.com/legal/terms/dataprocessing) , “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of standard contractual clauses (“Meta EU data transfer https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, opposition and complaint to the competent supervisory authority) are not restricted by the agreements with Meta.
Other / Opt Out
Opt out: https://www.facebook.com/settings?tab=ads
Purpose of Data Processing
Online marketing and online advertising
Aditionally Processed Data Types or Details of Services
Event Data (Facebook) (“Event Data” are data that can be transmitted by us to Meta via Meta Pixel (via apps or other means) and relate to persons or their actions; The data includes, for example, information about visits to websites, interactions with content, features, app installations, product purchases, etc.; Event Data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as comments written), no login information, and no contact information (i.e., no names, email addresses, and phone numbers). Event Data is deleted by Meta after a maximum of two years, the target groups formed from them with the deletion of our account).
On our website, we offer users the ability to share our blog posts on social media. The purpose is to increase awareness of our offerings or to provide content. No forwarding of your data occurs by accessing our website. Data transmission only takes place after you have clicked on the corresponding button. Please note that clicking a share icon for Facebook, X, Xing, or LinkedIn may result in certain data being transferred to the respective social media service provider.
If you are already logged into the corresponding social media service at the time of activating the social plug in, the social media service provider is also able to determine your username and possibly even your real name from the aforementioned data. The processed data may be transferred to and stored on a server of Meta, X, or LinkedIn in the USA (third country). An adequate level of data protection for the transfer to the USA is ensured due to the certification of Meta, X, and Microsoft under the adequacy decision (EU U.S. Data Privacy Framework). We have no influence on the scope, nature, and purpose of data processing by the social media service provider. Please note that the social media service provider is indeed able to create pseudonymized and even individualized usage profiles with the aforementioned data.
Additional/Specific Deletion Periods
We have no influence on the storage duration of your data that is stored by the operators of the advertising platforms for their own purposes. For details on this, please inform yourself directly with the operators of the tools.
LinkedIn Corporation
2029 Stierlin Court, Mountain View, CA 94043, USA
Services of the Organization
LinkedIn (integrated via Google Tag Manager)
Website: https://www.linkedin.com
Data protection policy: https://www.linkedin.com/legal/privacy-policy
Cookie Policy: https://www.linkedin.com/legal/cookie-policy
Other / Opt Out
Security measures: IP masking (pseudonymization of the IP address)
Opt out: https://www.linkedin.com/psettings/guest controls/retargeting-opt-out
Purpose of Data Processing
Online marketing and online advertising;
Plugins and embedded functions as well as content
Additionally Processed Data Types or Details of Services
We offer users the ability to share our blog posts on social media on our website. The purpose is to increase awareness of our offerings or to provide content. No forwarding of your data occurs by accessing our website. Data transmission only takes place after you have clicked on the corresponding button. Please note that clicking a share icon for Facebook, X, Xing, or LinkedIn may result in certain data being transferred to the respective social media service provider.
If you are already logged into the corresponding social media service at the time of activating the social plug in, the social media service provider is also able to determine your username and possibly even your real name from the aforementioned data. The processed data may be transferred to and stored on a server of Meta, X, or LinkedIn in the USA (third country). An adequate level of data protection for the transfer to the USA is ensured due to the certification of Meta, X, and Microsoft under the adequacy decision (EU U.S. Data Privacy Framework). We have no influence on the scope, nature, and purpose of data processing by the social media service provider. Please note that the social media service provider is indeed able to create pseudonymized and even individualized usage profiles with the aforementioned data.
New Work SE
Am Strandkai 1, 20457 Hamburg, Germany
Services of the Organization
XING
Website: https://www.xing.com
Privacy policy: https://privacy.xing.com/en/privacy-policy
Purpose of Data Processing
Plugins and embedded functions as well as content
Additionally Processed Data Types or Details of Services
We offer users the ability to share our blog posts on social media on our website. The purpose is to increase awareness of our offerings or to provide content. No forwarding of your data occurs by accessing our website. Data transmission only takes place after you have clicked on the corresponding button. Please note that clicking a share icon for Facebook, X, Xing, or LinkedIn may result in certain data being transferred to the respective social media service provider.
We have no influence on the scope, nature, and purpose of data processing by the social media service provider. Please note that the social media service provider is indeed able to create pseudonymized and even individualized usage profiles with the aforementioned data.
Wingify Software Pvt. Ltd. tätig als VWO
Wingify Software Pvt. Ltd. tätig als VWO, Heidenkampsweg 58, 20097 Hamburg, Germany
Services of the Organization
VWO
Website: https://vwo.com/
Privacy policy: https://vwo.com/de/privacy-policy/
Other / Opt Out
Opt out: Users can opt out of optimization testing on meisterplan.com via the following link: https://meisterplan.com?vwo_opt_out=1
If users want to opt out from tracking for all websites in their currently used browser, they can do so by clicking the button on the following website: https://vwo.com/de/opt out/
Purpose of Data Processing
Web analysis, monitoring and optimization
X Corp.
865 FM 1209, Building 2 , Bastrop, TX 78602, USA
Services of the Organization
X (integrated via Google Tag Manager)
Website: https://x.com/
Data protection policy: https://x.com/de/privacy
Other / Opt Out
Opt out: https://x.com/settings/account/personalization
Purpose of Data Processing
Online marketing and online advertising
Aditionally Processed Data Types or Details of Services
If you are already logged into the corresponding social media service at the time of activating the social plug in, the social media service provider is also able to determine your username and possibly even your real name from the aforementioned data.