Data protection

Ulysta GmbH Privacy Policy

Last updated: May 23, 2018

For Ulysta Software and Consulting GmbH and its subsidiaries (“Ulysta”), the protection of your privacy is important. References in this Privacy Policy to “Ulysta”, “we”, “us” and “our” are to the Ulysta entity responsible for processing your personal data. This is generally the Ulysta entity that collects your personal information.

This Privacy Policy describes the types of personal information we collect; how that personal information is used; with whom we may share it; and how you can exercise your rights regarding the processing of that information. This Privacy Policy also describes the measures we take to protect the personal information we collect and who you can contact with questions about our privacy practices.

This Privacy Policy applies to: (i) the personally identifiable information we collect about Ulysta resources, including websites, products, services, desktop and mobile apps and other tools offered by Ulysta and referring to this Privacy Policy (“Online Channels”); (ii) offline surveys, including events, surveys, questionnaires, Ulysta customer research and reviews (“Offline Channels”); and (iii) third-party sources, including business partners, advertising networks and vendors (collectively, the “Offers”). This Privacy Policy does not apply to other Ulysta products and services that have separate privacy policies.

In connection with the provision of support, cloud and other services, Ulysta processes certain data maintained in environments to which Ulysta has access to provide cloud, consulting and support services on behalf of and at the direction of its customers and partners (“Customer Content”). Ulysta also processes log data (such as access and authentication requests) that we collect across services for analysis and security purposes. Our use of such customer content and log information is subject to the terms of our customer agreements, and this Privacy Policy does not apply. However, this Privacy Policy applies to the information we collect when our customers and partners use our website (such as names, addresses, billing information and employee contact information) and our offline interactions with customers and partners.

The online channels may provide links to third-party websites and features. Some of these third- party websites may have a Ulysta logo as part of their co-branding, even if they are not owned, operated or controlled by Ulysta. Ulysta does not share your personal information with these websites and is not responsible for the privacy practices of these sites. These sites have their own privacy policies. Sometimes we offer offers in conjunction with other companies. In these co- branded offers involving a third party, we sometimes share or jointly collect customer information relating to these transactions with that third party.

Personal data that we collect

Which data we collect depends on the offers used. We collect the personal data in the context of interactions with the offers, for example:

– if you register an account with an online channel;
– when you register for an online program, event, seminar, promotion, or contest;

– when you request products (including without limitation product reviews, trial versions, technology previews and beta downloads), services or information;

– if you participate in Ulysta events, surveys, or reviews; or

– otherwise, correspond with us or request information from us. The personal data that we collect includes:

– contact information (such as name, e-mail address, telephone number, postal or home address) for you or other persons (such as directors of your company or contact persons in the billing department);

– information provided when you registered your online account (such as username and password);

– biographical and demographic information (such as gender, job title/position and occupation);

– business profile information and business practices used for evaluations by you as a partner;

– photos;

– billing and financial information (such as name, billing address, payment card and bank account information and purchase history);

– information you submit to Ulysta in connection with a job posting, such as contact information, information in your resume (including career, background and language skills) and information about your current employment relationship;

– location data (such as data derived from your IP address, country and zip code); – the exact geolocalisation of your mobile device;

– clickstream data and other information about your online activities (such as information about your devices, browsing behavior and usage patterns), including on our online channels and third party websites that we collect through the use of cookies, web beacons and similar technologies (see description of cookies and similar technologies below);

– personal information contained in forums, blogs and your statements or obtained from publicly available sources (such as social media);

– information about participation in classroom or online training, including completed programs and achieved certifications;

– information necessary to provide support services or other paid consulting services (such as contact information, chat services, support information and event history);

– personal information in content you submit to us (for example, through our “contact” feature or other in-product or in-service communications); and

– other personal data that we collect through our offers.

We would like to point out that the provision of personal data is voluntary. If you choose not to provide certain information, we may not be able to provide you with certain products and services and you may not have access to certain features of the online channels.

How we use your personal data

We use the collected data as follows:

– providing and managing our products and services (including websites and apps for which you have registered);

– processing and fulfilling orders for your products and services and providing information about the fulfillment of your order;

– assisting you in completing a transaction or order and providing customer support;

– invoicing you for the products and services you purchase;

– providing training, support and consulting services;

– career development, including hiring, onboarding new employees and other human resources purposes;

– set up and management of your Ulysta account;

– operating, evaluating and improving our business (for example, by managing, developing, expanding and improving our products and services; managing our communications and customer relationships; and accounting, auditing, billing, reconciliation and collection);

– data analysis (such as research, trend analysis, financial analysis and customer segmentation);

– communication with you regarding your account and your orders (including sending e-mails regarding registration, account status, order confirmation, renewal or cancellation notices and other important information);

– marketing and sales activities (including sending promotional materials, contact requests, taking advantage of marketing opportunities, market research, determining and controlling the effectiveness of our advertising and marketing campaigns, and controlling our brand exposure);

– communication with you about events, programs, promotions and surveys and the organization of your participation in them;

– connection of employees with the administrator of your company account;

– verification of your identity and protection of your account against unauthorized use or misuse of our services;

– protection against, identification and prevention of fraud and other unlawful acts, allegations and other liabilities;

– fulfillment and implementation of applicable industry standards, contractual obligations and our policies;

– maintenance and improvement of the security of our online channels, products, services, network services, information sources and employees; and

– answers to inquiries.

Depending on the purposes for which the personal data is used and the context in which it is collected, we may rely on one or more of the following legal bases:

– fulfillment of a contract with you or a responsible party;
– our legitimate business interests;
– compliance with a legal obligation, court order or the exercise or defense of a legal right; or – your consent to the processing, which you can revoke at any time.

The data collected may be combined with other sources to improve the accuracy of our marketing and communications and to expand or better customize our interactions with you. This includes the combination of personal information we collect through online channels with information we collect through offline channels and with other information (such as referral programs), each for the purposes described above. We may analyze or aggregate personal information and use it to the extent permitted by law for the purposes described above and for other purposes. This personal information may also be used for additional purposes stated at the time of collection. To the extent required by applicable law, your consent to such additional uses will be obtained.

Where required by applicable law, your consent will be obtained for the processing of your personal data for direct marketing purposes.

Cookies and other technologies

Ulysta uses cookies, web beacons (including pixels and tags) and similar technologies on our online channels that automatically collect certain information about you. A “cookie” is a text file sent by a Web site to a visitor’s computer or other Internet-connected device to identify that visitor’s browser individually or to store information or preferences in that browser. A “web beacon,” also known as an internet tag, pixel tag, or clear GIF, connects web pages to web servers and their cookies, and can be used to transmit information collected through cookies back to the web server.

We use these automated technologies to collect information about your device, browser behavior, and behavior patterns. Information collected in this manner includes IP address and other identifiers associated with your devices, device types associated with our offerings, device features (such as operating system), language selection, referring/exit page, navigation path, access times, browser preferences and features, installed plug-ins, local time zones, local storage preferences, clickstream data, and other information about your online activities. We use both first-party cookies (placed directly from our website domain when you visit our online channels) and third-party cookies (placed by a third-party website when you visit our online channels and certain third-party websites that are our partners) on our online channels. These are session cookies (which are automatically deleted when you close your browser) and persistent cookies (which remain on your computer or other Internet-connected device for a period of time after you close your browser session, unless you delete them).

Our online channels use, among other things, the following cookies: (1) necessary cookies and functionality cookies; (2) analysis cookies; and (3) targeting cookies/advertising cookies as described below.

Required cookies and functionality cookies

Our online channels use cookies, which are necessary for the provision of our products and services. These include necessary cookies (for example, cookies that authenticate you on our website and identify you after you log in), functionality cookies (for example, cookies that remember what you have placed in your shopping cart or what language preference you have specified), and user-centric security cookies that increase the security of the products and services provided (for example, to detect authentication abuse). Due to the functionality of these cookies, it is usually not possible to disable these cookies in our online services.

Analysis Cookies

We use analysis cookies to collect information about users’ browsing habits and use of our online channels, such as how users cross our online channels, which pages they view, how long they stay on a page, and whether the page is displayed correctly or errors occur. These cookies help improve the performance and usability of our online channels. These cookies are provided by third-party analytics providers, including Google Analytics and Marketo. For more information about Google Analytics and your opt-out options, see Google Analytics.

Advertising Cookies

Advertising cookies are used to control and manage advertising. These cookies may collect information about whether a user has responded to an advertisement and visited another website. These cookies allow us to provide you with content and targeted information that is more relevant to your interests. They also help us measure the effectiveness of our advertisements and communications. In the EU, we only use analytical and promotional cookies on our websites when users have chosen to do so in accordance with applicable law.

Your browser may notify you when certain types of cookies are received or how to restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use the full functionality of our online channels. By customizing the privacy and security settings on your mobile device, you can control how your device and browser share certain device information.

To the extent required by applicable law, we will obtain your consent before using cookies or similar tools.

Third party apps, tools, widgets and plug-ins providers on our online channels (such as Twitter, LinkedIn and Facebook) may also use automated means to collect information about your interactions with these features. This information is collected directly from the vendors of those features and is subject to the privacy policies or statements of those vendors. Ulysta is not responsible for the information practices of these vendors to the extent permitted by law.

Interest Based Advertising

When you use our online channels, information about your online activities is collected over time and across third-party Web sites (such as Web sites that display advertisements) both by us and by certain third parties (such as our advertising networks, digital advertising partners, and social media

platforms). We may use this information to show you advertisements about products and services that are tailored to your individual interests. We may also collect information for this purpose from third-party websites that display our advertisements. Certain advertisements may be displayed on other websites because we use external advertising networks to serve advertisements. These ad serving networks allow us to use our advertising messages to target users based on context, demographics, and specific interests. Information that our advertising networks may collect on our behalf may include information about your visits to websites that provide advertisements to Ulysta, such as the pages or advertisements you view and the actions you take on those websites. This information is collected both on our websites and on third-party websites that participate in these advertising networks. This process helps us understand the effectiveness of our marketing efforts. Here you will find information on how to opt out of this interest-based advertising of the advertising network. To the extent required by applicable law, we will seek your consent before using interest- based advertising.

How we share your personal information

Except as provided herein or at the time of collection, we do not sell or otherwise disclose your personal information. Ulysta may share your personal information as follows:

– when sharing your information is necessary to provide products, services or information that you have requested;

– as part of a joint sales promotion or to share sales notices with our business partners;

– to keep you up to date with the latest product announcements, software updates, special offers, or other information that we believe you would like to receive from us, our marketing agencies, or our business partners;

– within Ulysta (including its subsidiaries and affiliates) for the purposes set out in this Privacy Policy;

– to validate employment relationships, completed training or received product certifications;

– to connect employees with the company’s administrators;

– with our customers, to report and resolve issues that require support services, or as part of consulting services;

– with our customers and partners to inform them of the use of our services by their users (for example, if a user has obtained certification or completed a course);

– with service providers that we have contracted to provide services on our behalf (such as payment processing, order fulfillment, customer support, customer relationship management and data analysis). These service providers have a contractual obligation to protect the information provided to them and may not use or disclose that information except to the extent necessary to provide the services on our behalf or to comply with legal requirements;

– with authorized Ulysta partners to offer and provide you our products and services; and

– with our joint marketing and sales partners and other business partners who support us in our business activities or other aspects of our business and for the purposes described in this Privacy Policy.

We may also disclose personal information about you in the following circumstances: (1) if required or permitted by applicable law, regulation or legal process (such as a court order or subpoena), (2) to law enforcement or other government officials to comply with a legitimate claim, (3) if we believe that disclosure is necessary to comply with Ulysta, to protect its users or the public from physical harm or financial loss to the extent required or permitted by law, (4) the enforcement, exercise or defense of our legal rights, and (5) in connection with any investigation resulting from suspected or actual fraud, illegal activity, security or technical problems.

We also reserve the right to transfer any information we hold about you to any third party in the event of a potential or actual sale or transfer of all or any part of our business or assets (including mergers, acquisitions, joint ventures, restructurings, disposals, dissolutions or liquidations) or other business transactions.

We may also share the information in other ways that we may specifically inform you about and obtain your consent to at the time of collection, as required by applicable law.

International data transmission

We transmit and store personal information collected through the channels to other countries in which Ulysta and its service providers operate, including the United States, where the privacy laws of those countries may differ from those of the country in which the information was provided. In this case, we will only transfer the personal information for the purposes described in this Privacy Policy. When transferring personal data to recipients in other countries, we will take steps to protect such data where required by applicable law, including, where appropriate, implementing data transfer agreements based on the European Commission’s standard contractual clause pursuant to Article 46 of the Basic Data Protection Regulation (DSGVO) or by selecting data recipients who participate in the EU-US and Swiss EU-US Privacy Shield Programme described below.

EU-US and Swiss US Privacy Shield

With regard to the transfer of personal data from the EU and Switzerland to the US, Ulysta is certified under the EU-US Privacy Shield Programme and the Swiss EU-US Privacy Shield Programme, which have been established by the US Department of Commerce and the European Commission for the transfer of personal data from the EU to the US pursuant to Article 45 of the DSGVO (each a “Privacy Shield Programme” and together the “Privacy Shield Principles”). In the event of any conflict between the provisions of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall prevail. For more information about the Privacy Shield program and our certification, please visit https://www.privacyshield.gov/.

Under the Privacy Shield Program, Ulysta is responsible for processing the personal information it receives and subsequently transfers it to a third party as an agent on its behalf. Ulysta complies with all privacy shield principles for the transfer of personal data from the EU and Switzerland, including the liability regulations for the transfer of personal data.

Ulysta is subject to the supervisory enforcement powers of the U.S. Federal Trade Commission with respect to personal data received or submitted to the Privacy Shield Program. In certain situations,

Ulysta may be required to disclose personal data in response to lawful requests from public authorities, for example, to comply with national security or criminal prosecution requirements.

Under certain conditions, which are fully described on the Privacy-Shield-Website, you may seek binding arbitration when other dispute resolution measures are exhausted.

Ulysta is committed to settling complaints regarding the collection or use of your personal information in accordance with the Privacy Shield Principles. If you have any questions or complaints regarding our privacy policies or procedures, you can contact us by e-mail at kontakt@ulysta.com This applies to domestic persons as well as persons from the EU and Switzerland.

Ulysta has also undertaken to cooperate with the Committee of EU Data Protection Authorities (DPO) and the Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved privacy shield complaints about the transfer of personal data from the EU and Switzerland within the framework of employment relationships.

Your rights and options

With respect to the personal information we collect about you, you have certain choices, such as how we use that information and how we communicate with you. If you would like to update your preferences, limit our communications to you, or submit a request, please contact us. You will find this information in the Contact Information section of this Privacy Policy. You can also unsubscribe from our mailing lists by clicking on the “unsubscribe” link in our emails.

In accordance with the laws of your place of residence, you have the right to request access to the personal information we hold about you, or to request that we correct, update, modify or delete your information, or restrict the processing of that information. Please contact us for the exercise of these rights as indicated below. To protect your privacy and security, we may verify your identity before granting you access to this information. To the extent permitted by law, there may be a charge for issuing a copy of your stored personal information. Depending on where you live, you may have the right to file a complaint with a state regulatory authority if you are not satisfied with our response.

We support the Online Behavioral Advertising (“Principles”) self-regulatory principles of the Digital Advertising Alliance in the United States, the Digital Advertising Alliance of Canada, and the European Digital Advertising Alliance in the European Union. If you live in the US, Canada or the EU, Ad Choices, Ad Choices Canada or Your Online Choices give you a convenient way to specify your preferred settings, including the option to “universally” exclude interest-based advertising to Program Participants. These websites also provide you with detailed information about interest- based advertising and how to manage your privacy online and in applications. Please note that excluding interest-based advertising does not mean that you will no longer see advertisements from us or on the online channels. Rather, exclusion means that the online ads displayed are no longer based on your specific interests. In addition, if you choose to opt out of interest-based advertising through the links above, data collection tools on the online channels may still collect information about your use of the service, including for analytical purposes, fraud prevention, and for any purposes permitted under the self-regulatory principles.

As you use our online channels, we and certain third parties (such as our advertising networks, digital advertising partners, and social media platforms) may collect information about your online activities over time and across third-party websites. Certain Web browsers provide the ability to send Do Not Track (“DNT”) signals to Web sites you visit that inform those sites that you do not want

your online activities tracked. Our online channels are not designed to respond to “Do Not Track” signals received from web browsers.

If required by law, you may revoke your previously given consent or object to the processing of your personal information at any time for a legitimate reason and we will respect your preferences from that point. This does not affect the legality of our use of your data, which was based on your consent prior to your revocation.

How we protect your personal data

We maintain administrative, technical and physical safeguards in accordance with the legal requirements at the location where the personal data was collected to protect the personal data provided to us through the channels from unlawful or unauthorized destruction, loss, alteration, use or disclosure and access.

How we store your personal data

To the extent permitted by law, we will normally retain your personal information collected for as long as (1) is necessary for the purposes for which we collected it and in accordance with the provisions of this Privacy Policy – this generally means that we will retain your personal information for the duration of our relationship or as long as your account exists with us; or (2) it is necessary to comply with applicable statutes or statutes of limitations and to comply with applicable laws, resolve disputes and enforce agreements. As described in the “Your Rights and Options” section above, in accordance with the laws of your place of residence, you have the right to request the deletion of your data or the limitation of the processing of such data. Please contact us in this regard as indicated below.

Personal data of children

The online channels have been developed for the general public and are not aimed at children under the age of 13. We do not knowingly collect or solicit personal information from children under the age of 13 through the Online Channels. If we notice that personal information has been collected from children under the age of 13, we will immediately delete that information from our records. If you suspect that a child under the age of 13 has provided us with personal information, please contact us. Our contact information can be found in the Contact Information section of this Privacy Policy.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time without notice to reflect changes in our information practices. The date of the last update is stated above in our Privacy Policy. We encourage you to review this Privacy Policy from time to time to obtain the latest information about our privacy practices.

Contact Information

If you have any questions or comments about this Privacy Policy, or if you would like to update your information collected or preferences, please contact us by e-mail at kontakt@ulysta.com or by post at:

Ulysta Software and Consulting GmbH Steinheil Str. 4
85737 Ismaning
Germany

Address

Social Media

Contact

Legal information