Privacy Notice/Policy

Last updated: 31.05.2023

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of Stonebranch. The use of the Internet pages of Stonebranch is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Stonebranch Legal entities. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, Stonebranch has implemented numerous technical and organizational measures designed to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Also note that this website may include links to third party websites. Stonebranch exercises no control over such websites and is not responsible for their privacy practices. Please review the privacy policy of any third party website you may visit to understand how it handles your data.

Our website is not intended to be used by children under 16 years of age and we do not knowingly collect personal information from children through our website. If we learn we have collected or received personal information from a child under 16 through our website without verification of parental consent, we will immediately delete that information. 

Table of Contents:

  1. Definitions;
  2. Name and Address of the controller;
  3. What kind of personal data we process;
  4. Why we need it;
  5. What we do with it;
  6. How long we keep it;
  7. What are your rights?
  8. Changes to this Privacy Policy;
  9. California Residents: Your Privacy Rights;

1. Definitions

The data protection declaration of Stonebranch is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

Personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymization: Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
 

2. Name and Address of the controller

Controller details for the purposes of the General Data Protection Regulation (GDPR), can be found in our imprint.

3. What kind of personal data we process

From all visitors to our website, we may collect cookies and general connection data such as browser type and version, operating system, Internet service provider, the website from which you accessed our website, the date and time of your access to our website, and your IP address.

From visitors to our website who choose to use our Contact Us form Contact Us | Stonebranch , we may collect first name, last name, email address, phone number, company name, and country.

From visitors to our website who choose to use our Stonebranch Integration Hub - Home, we may collect first name, last name, email address, phone number, company name, postal code, city, country shipping and/or billing address and purchase history.
 

4. Why we need it

In certain cases we will need personal information from you in order to:

  • Provide you with information or advertisements we believe may be of interest to you;
  • To improve our website and services;
  • To comply with legal requirements;
  • To process and complete your orders.

As for:

  • Collection of contact details. The website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes an e-mail address. If a data subject contacts the controller by e-mail, via a contact form or via chat, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject.
  • Collection of Cookies to recognize website users. This is used to provide more user-friendly services that would not be possible without the cookie setting and to optimize our website with the user in mind. We currently allow the following Cookies on this site. In order to control the usage of these Cookies for your visit on our website, please refer to the:
     
    • Integration Hub: By accepting this privacy policy you accept for www.stonebranch.com as well as www.stonebranch.com/integration-hub/. We use cookies in the Integration Hub to differentiate registered users.
    • Google Analytics: We use Google Analytics to understand how our media campaigns work and how you interact with our website in order to improve the user experience. You can view the Google Privacy Policy here: www.google.com/policies/privacy/. You can opt-out of making your site activity available to Google Analytics by installing the Google Analytics opt-out browser add-on.
    • Zendesk: We use Zendesk on this site for support purposes. For information about Zendesk cookies and how to reject or delete them, please go to https://www.zendesk.com/company/privacy.
    • Twitter: We show certain relevant tweets on our website. You can view the Twitter Privacy Policy here: https://twitter.com/en/privacy.
    • YouTube: We embed videos or insert links to videos from YouTube on our website(s). As a result, when you visit a page with content embedded from or linked to YouTube, you may be presented with cookies from YouTube. You can view the YouTube Privacy Policy here: https://www.youtube.com/yt/about/policies/#community-guidelines.
    • LinkedIn: The LinkedIn Insight Tag creates a unique LinkedIn browser cookie on a visitor’s browser and enables the collection of the following data for that cookie: metadata (such as IP address, timestamp, page events (like page views), and LinkedIn demographic information if there is an active LinkedIn.com member cookie present. For more information see: https://www.linkedin.com/help/linkedin/answer/65521
    • Hubspot: Hubspot tracks visitor and prospect activities on our website by setting cookies on your browser. These cookies are set in order to remember preferences when you return to our site, such as form field values. You can view the Hubspot Privacy Policy here: https://legal.hubspot.com/privacy-policy
    • Wistia: Wistia is a video distribution platform. We use it to broadcast videos presented on our website. Wistia's Privacy Policy is available here: https://wistia.com/privacy.
    • IDG Triblio: We use the IDG Triblio ABM platform. This software provides intent based account information and allows us to run highly-targeted display ads and web personalization. You can visit https://triblio.com/privacy-policy/ for more information.
    • Zoominfo: We use Zoominfo (Zoom Information, Inc.) a B2B contact database to gather business-related information for marketing and sales intelligence. For further details, please visit Zoominfo's privacy center https://www.zoominfo.com/about-zoominfo/privacy-policy
    • Hotjar: We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
    • Eventbrite: We use EventBrite for event planning, management, and attendee registration. Eventbrite is a third-party event planning, management, and registration tool and its privacy policy can be found here.
    • Facebook: Facebook provides us with the evaluations created on the basis of the collected data or further information only in aggregated, anonymized form. Facebook Pixel uses cookies from Facebook Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Irland („Facebook“). The Facebook Pixel enables Facebook to collect information about activities of users of our website. By implementing the Facebook Pixel we enable Facebook to collect personal data. The collection and processing of this data takes place after your consent and is the sole responsibility of Facebook. We have no knowledge of further details of the processing of personal data in the area of data controllership of Facebook. For information about the processing of personal data by Facebook, please refer to the Facebook Privacy Policy: facebook.com/about/privacy/.
    • Reddit: We use Reddit and Reddit Pixel for advertising. Reddit is home to thousands of communities, endless conversation, and authentic human connection. The Reddit Pixel is a tracking pixel that measures actions users take on our website, after interacting with our ads on Reddit. For further details, please see Reddit, Inc. privacy policy.
    • Stack Overflow: We use Stack Overflow and Stack Overflow Pixel for advertising. Stack Overflow is a public platform used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers The Stack Overflow Pixel is a tracking pixel that measures actions users take on our website, after interacting with our ads on Stack Overflow. For further details, please see Stack Exchange, Inc. privacy policy.
       

Collection of a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files and may be used to diagnose technical problems and in the event of attacks on our information technology systems.Please note that the Stonebranch website does not respond to Do Not Track signals. 

In order to control the usage of these Cookies for your visit on our website, please refer to the Cookie Preferences.

5. What we do with it

Your personal data is processed in our main offices located in Germany, Greece and the United States. Hosting and storage of your data takes place via the following.

Stonebranch, as the data controller, utilizes third party data processors that provide several marketing related services for us. Stonebranch has contracts in place with all data processors to ensure that your information is only processed for the intended purpose. Stonebranch also ensures that the third party will provide suitable technical and organizational measures to protect the personal data as required by the applicable law.
 

The third party processors are:

Entity NameEntity Type and ServiceCountry
Salesforce.com, Inc.Third-party service provider: Salesforce CRM,United States
Hubspot, Inc.Third-party service provider: Hubspot Marketing Automation, ChatUnited States
Zendesk, Inc.Third-party service provider: Customer Support SoftwareUnited States
Google, Inc.Third-party service provider: Google AnalyticsUnited States
Mediatis AGThird-party service provider: Marketing AgencyGermany
Amazon Web Services, Inc.Third-party service provider: Website HostingUnited States
Twitter, Inc.Third-party service provider:
Social Media Button
United States
Facebook, Inc.Third-party service provider: Social Media ButtonUnited States
LinkedIn, Inc.Third-party service provider:
Social Media Button, LinkedIn Insight Tag
United States
Triblio, an IDG Communications, Inc. CompanyThird-party service provider: Online advertising platform, remarketingUnited States
Wistia, Inc.Third-party service provider: Video hosting platformUnited States
Zoom Information, Inc.Third-party service provider: B2B contact databaseUnited States
Hotjar Ltd.Third-party service provider:
Analytics
Ireland
Eventbrite, Inc.Third-party service provider: Online Event Management PlatformUnited States
G2.com, Inc.Third-party service provider: B2B Social Media Review PlatformUnited States
IT Central Station Ltd.Third-party service provider: B2B Social Media Review PlatformIsrael


We may also disclose the personal information we collect in the event of a merger, sale, acquisition, or other corporate transaction, to our corporate affiliates, as required by law or law enforcement, or otherwise in accordance with your consent.

Stonebranch does not sell personal information.

6. How long we keep it

We retain personal information only for as long as necessary to carry out the intended functions, and in line with our retention schedule and the respective statutory retention period. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information. Please contact us for more information on our personal data retention schedule.

7. What are your rights?

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through [Data Subject Access Request Form].

In the event that you wish to complain about how we have handled your personal data, please contact the DPO Resources at Stonebranch dpo@stonebranch.com or in writing at

Karl Schleps
Stonebranch GmbH
Europa-Allee 54
60327 Frankfurt am Main
Germany

Our Privacy Team will then look into your complaint and work with you to resolve the matter.

If you still feel your personal data has not been handled appropriately according to the law, you can contact Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany and file a complaint with them.

8. Changes to this Privacy Policy

We may revise this policy from time to time and we hold no responsibility for notifying you regarding that. When we make changes to this policy, we will post the updated version on our website and indicate the date the policy was last updated. We encourage you to review this policy periodically to check for any updates. Your continued use of our website indicates your consent to the terms of this policy.

9. California Residents: Your Privacy Rights

California residents (“you” and “your” for purposes of this “California Residents: Your Rights” section) have specific rights regarding your personal information under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) (collectively referred to herein as the “CCPA”). The terms used in this section shall have the meanings ascribed to them in the CCPA, and the CCPA definitions shall take precedence over definitions elsewhere in this Privacy Policy. Note that the CCPA and, as a result, this section of the privacy policy, applies to personal information collected both online and offline.


Please note that the CCPA does not apply to certain categories of personal information, and our processing of CCPA-exempt categories of information may not be addressed below. Additionally, our privacy practices with respect to the personal information of employees and job applicants are not addressed below. 

Categories of Personal Information Collected and/or disclosed in the Last Twelve (12) Months:
 

CategoryExamplesCollected?SourcePurpose
of Colelection
Categories of Third Parties to Whom DisclosedCategories
of Third Parties to Whom Sold/Shared
A. IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name.YES

Directly from you;

Indirectly from your activity on our website

To provide
our services;

To respond
to requests for information; 

To provide you with information and advertisements we believe may be of interest; 

To administer and improve our website and services;

To our service providers so they may help us provide our servicesTo our analytics and advertising service providers and partners
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, address, telephone number, employment,YES

Directly from you; 

Indirectly from your activity on our website
 

To provide our services; 

To respond to requests for information; 

To provide you with information and advertisements we believe may be of interest; 

To administer and improve our website and services;
 

To our service providers so they may help us provide our servicesTo our analytics and advertising service providers and partners
C. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES

Directly from you;

 Indirectly from your activity on our website

To provide our services; 

To respond to requests for information; 

To provide you with information and advertisements we believe may be of interest; 

To administer and improve our website and services;
 

To our service providers so they may help us provide our servicesTo our analytics and advertising service providers and partners
D. Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisementYESIndirectly from your activity on our website

To provide our services; 

To respond to requests for information; 

To provide you with information and advertisements we believe may be of interest; 

To administer and improve our website and services;
 

To our service providers so they may help us provide our servicesTo our analytics and advertising service providers and partners
E. Geolocation data.Physical location or movements.YESIndirectly from your activity on our website 

To provide our services; 

To respond to requests for information; 

To provide you with information and advertisements we believe may be of interest; 

To administer and improve our website and services;
 

To our service providers so they may help us provide our servicesTo our analytics and advertising service providers and partners
F. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NON/AN/AN/AN/A
G. Inferences drawn from other personal informationProfile reflecting a person's preferences, characteristics, psychological trends, predisposition, behavior, attitudes, intelligence, abilities, and aptitudes.YESWe make inferences based on your activity with usTo provide you with information and advertisements we believe may be of interest To our service providers so they may help us provide our servicesTo our analytics and advertising service providers and partners
       

Retention of Personal Information
Please refer to Section 6 of the Privacy Policy above titled “How long we keep it.”

Right to Know and Data Portability 
You have the right to request that Stonebranch disclose certain information to you about our collection, use, disclosure and sale of your personal information. Once we receive and confirm your request, to the extent you have requested them, we will disclose to you:

  • The categories of personal information we collected about you;
  • The categories of sources from which your personal information was collected;
    Our business or commercial purpose for collecting, or sharing your personal information;
  • The categories of third parties to whom we disclosed, or shared your personal information, if any;
  • The categories of personal information we have disclosed, or shared about you; and
  • The specific pieces of personal information we have collected about you (also called a data portability request).

Right to Correct
You have the right to request that Stonebranch correct any inaccurate personal information we have collected and maintain about you. Once we receive and confirm your request, we will make the corrections you requested.

Right to Delete 
You have the right to request that Stonebranch delete any of the personal information we have collected and maintain about you, subject to certain exceptions. Once we receive and confirm your request, we will either delete, de-identify, or aggregate your personal information, unless a CCPA exception such as those listed below applies, and not doing so is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation; or
    Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Your Rights to Know, Correct, and Delete
To exercise your rights to know, correct, and delete under the CCPA please submit a request by emailing us at dpo@stonebranch.com or calling us at 0016783667887

Only you, or someone legally authorized to act on your behalf (i.e., your authorized agent), may make a request related to your personal information. Stonebranch may require an agent to provide verification that they are acting on your behalf when they submit a request related to your personal information.

All requests to know, correct, or delete (whether made by you or an authorized agent) must (1) provide sufficient information for us to reasonably verify you by providing two to three pieces of personal information which we will match with personal information we maintain in our records, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Right to Opt-Out of Sale or Sharing 
We do not sell or share personal information as those terms are defined by the CCPA. 

Sensitive Personal Information
Stonebranch does not use or disclose sensitive personal information for purposes other than those set forth in the CCPA such as to perform the services or provide the goods reasonably expected by the average consumer, to prevent and detect security incidents, to display non personalized advertising shown as part of your current interaction with us, or otherwise for a purpose that does not infer characteristics about you.

Right to Non-Discrimination
Stonebranch will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny your services;
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of services; or
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

Right to Appeal
Stonebranch provides consumers the right to appeal any decisions we make regarding consumer requests to know, correct, or delete. You may appeal any decision within 30 days of receiving notice of the decision.

Contact Information
If you have questions about this privacy policy or Stonebranch’s privacy practices, or wish to exercise any of the rights described above, please contact us at:

Stonebranch, Inc.
4550 North Point Pkwy
Suite 400
Alpharetta, GA, USA 30022
dpo@stonebranch.com  
0016783667887