Privacy Notice/Policy
Last updated: 21.07.2025
Thank you for visiting our website and for your interest in our company. The protection of your personal data is important to us, which is why we comply with the provisions of the EU GDPR, CCPA the BDSG (Bundesdatenschutzgesetz) and other national data protection regulations.
The processing of personal data of a data subject shall always be in line with the relevant privacy laws. By means of this data protection declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
I. Who we are:
Stonebranch, Inc. (Headquarters), United States of America 4550 North Point Parkway, Suite 400 Alpharetta, GA, 30022, USA. For more information about all other Stonebranch legal entities, please see here: Global Locations
Stonebranch Inc., as all other Stonebranch entities, acts as Controller, which means we determine the purposes and the means by which your personal data is processed. In certain situations, we act both as Data Controller and Processor.
II. What kind of personal data we process:
We may collect cookies and general connection data from all visitors to our website, such as browser type and version, operating system, Internet service provider, the website from which you accessed our website, the date and time of your access to our website, and your IP address.
From visitors to our website who choose to use our Contact Us form, Contact Us | Stonebranch, we may collect first name, last name, email address, phone number, company name, and country.
From visitors to our website who choose to use our Stonebranch Integration Hub - Home, we may collect first name, last name, email address, phone number, company name, postal code, city, country shipping and/or billing address and purchase history.
Our website is not intended to be used by children under 16 years of age and we do not knowingly collect personal information from children through our website. If we learn we have collected or received personal information from a child under 16 through our website without verification of parental consent, we will immediately delete that information.
Stonebranch does not sell personal data.
III. What is our reason for processing?
Our purposes for processing are:
- To provide you with information or advertisements we believe may be of interest to you;
- To improve our website and services;
- To comply with legal requirements;
- To process and complete your orders;
- To conduct and provide training courses;
- To provide educational content;
- To organize and deliver both virtual and onsite events;
- Collection of contact details This website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes an e-mail address. If a data subject contacts the controller by e-mail, via a contact form or via chat, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject.
- Collection of Cookies to recognize website users This is used to provide more user-friendly services that would not be possible without the cookie setting and to optimize our website with the user in mind. Please be informed that some website functionality might be limited or unavailable based on your choice of the cookies. For more information about our cookies, please refer to the Stonebranch Cookie Notice.
IV. Legal ground for processing
Stonebranch is not allowed to collect, process, use, store, etc., personal data without a valid legal ground. Lawfulness may be derived from your consent and from our legitimate interest as a business. When it comes to Stonebranch website visitors, we rely on consent and we rely on the legitimate interest which shall not override your data protection interests or fundamental rights and freedoms.
V. Who has access to your personal data
Your personal data is available and accessible only by those who need the data to accomplish the intended processing purpose. To the extent necessary, your personal data may be shared between the companies within the Stonebranch Group, with suppliers and sub-contractors (processors and sub-processors) and with independent third parties.
We may also disclose personal data to third parties, if we have reason to believe that using or disclosing such information is necessary or advisable to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, including the prevention of fraud.
Stonebranch has concluded Data Protection Agreements in place with all data processors to ensure that your information is only processed for the intended purpose. Stonebranch also ensures that the third party will provide suitable technical and organizational measures to protect the personal data as required by the applicable law.
The third party processors are:
| Entity Name | Entity Type and Service | Country | Participants in EU-U.S. DPF Data Privacy Framework or see the link to privacy notice |
| Salesforce, Inc. | Third-party service provider: Salesforce CRM, | United States | Active participant in EU-U.S. Data Privacy Framework |
| Hubspot, Inc. | Third-party service provider: Hubspot Marketing Automation | United States | Active participant in EU-U.S. Data Privacy Framework |
| Zendesk, Inc. | Third-party service provider: Customer Support Software | United States | Active participant in EU-U.S. Data Privacy Framework |
| Google, Inc. | Third-party service provider: Google Analytics | United States | Active participant in EU-U.S. Data Privacy Framework |
| Mediatis AG | Third-party service provider: Marketing Agency | Germany | Privacy Policy |
| Amazon Web Services, Inc. | Third-party service provider: Website Hosting | United States | Active participant in EU-U.S. Data Privacy Framework |
| X-Corporation | Third-party service provider: Social Media Button | United States | Active participant in EU-U.S. Data Privacy Framework |
| Meta Platforms, Inc. (Facebook) | Third-party service provider: Social Media Button | United States | Active participant in EU-U.S. Data Privacy Framework |
| LinkedIn Corporation | Third-party service provider: Social Media Button, LinkedIn Insight Tag | United States | Active participant in EU-U.S. Data Privacy Framework |
| Wistia, Inc. | Third-party service provider: Video hosting platform | United States | Active participant in EU-U.S. Data Privacy Framework |
| ZoomInfo Technologies LLC | Third-party service provider: Chat | United States | Active participant in EU-U.S. Data Privacy Framework |
| Hotjar Ltd. | Third-party service provider: Analytics | Ireland | Privacy | Hotjar |
| Eventbrite, Inc. | Third-party service provider: Online Event Management Platform | United States | Active participant in EU-U.S. Data Privacy Framework |
| G2 , Inc.G2: Business Software and Services Reviews | Third-party service provider: B2B Social Media Review Platform | United States | Active participant in EU-U.S. Data Privacy Framework |
| PeerSpot Inc. (IT Central Station Ltd.) | Third-party service provider: B2B Social Media Review Platform | United States | Active participant in EU-U.S. Data Privacy Framework |
| Anthology Inc. | Third-party service provider: Learning Management System | United States | Active participant in EU-U.S. Data Privacy Framework |
| Airmeet Inc. | Third-party service provider: Virtual event hosting technology platform | United States | Active participant in EU-U.S. Data Privacy Framework |
| TYPEFORM S.L. | Third-party service provider: Online Surveys | Spain | Typeform's terms, conditions & policies |
| Demandbase, Inc. | Third-party service provider: B2B ABM Platform, Advertising, Sales Intelligence | United States | Privacy Notice | Demandbase |
| Shopware AG | Third-party service provider: ecommerce platform | Germany | Privacy | Shopware |
| Parmonic | Third-party service provider: B2B Video Platform | United States | Privacy Policy |
We may also disclose the personal information we collect in the event of a merger, sale, acquisition, or other corporate transaction, to our corporate affiliates, as required by law or law enforcement, or otherwise in accordance with your consent.
VI. How long we keep personal data
We retain personal information only for as long as necessary to carry out the intended functions, and in line with our retention schedule and the respective statutory retention period. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information. Please contact us for more information on our personal data retention schedule.
VII. International transfer
As a global company, we and our service providers operate, and our website, products, and services are accessed from all over the world. When you give us personal data, that data may be used, processed, or stored anywhere in the world, including in countries that have data protection laws that are different to the country in which you reside.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this privacy notice. For example, these include implementing the European Commission’s Standard Contractual Clauses (SCCs) for transfers of personal data between our group companies, which require all group companies to protect personal data they process from the European Economic Area in accordance with European Union data protection law. We also perform privacy risk assessment to our sub processors in order to assess their privacy, security, and confidentiality practices.
VIII. What are your rights
When it comes to processing your personal data, your rights in accordance to GDPR are:
- Right to be informed (GDPR Articles 12 to 14): Data subjects have the right to be informed about the collection and use of their personal data;
- Right to access (GDPR Article 15): Data subjects have the right to view and request copies of their personal data;
- Right to rectification (GDPR Article 16): Data subjects have the right to request inaccurate or outdated personal information be updated or corrected;
- Right to be forgotten/Right to erasure (GDPR Article 17): Data subjects have the right to request their personal data be deleted. Note that this is not an absolute right and may be subject to exemptions based on certain laws;
- Right to data portability (GDPR Article 20): Data subjects have the right to ask for their data to be transferred to another controller or provided to them. The data must be provided in a machine-readable electronic format;
- Right to restrict processing (Article 18): Data subjects have the right to request the restriction or suppression of their personal data;
- Right to withdraw consent (GDPR Article 7): Data subjects have the right to withdraw previously given consent to process their personal data;
- Right to object (GDPR Article 21): Data subjects have the right to object to the processing of their personal data;
- Right to object to automated processing (GDPR Article 22): Data subjects have the right to object to decisions being made with their data solely based on automated decision making or profiling.
Should you believe that any personal data we hold on to you is incorrect or incomplete, or you want to invoke on your other rights, please contact us through Data Subject Access Request Form.
In the event that you wish to complain about how we have handled your personal data, please contact the DPO Resources at Stonebranch dpo@stonebranch.com or in writing at
Bojana Georgievska Markovska
Stonebranch GmbH
Europa-Allee 54
60327 Frankfurt am Main
Germany
Our Privacy Team will then look into your complaint and work with you to resolve the matter.
If you still feel your personal data has not been handled appropriately according to the law, you can contact Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany and file a complaint with them.
IX. California Residents: Your Privacy Rights
California residents (“you” and “your” for purposes of this “California Residents: Your Rights” section) have specific rights regarding your personal information under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) (collectively referred to herein as the “CCPA”). The terms used in this section shall have the meanings ascribed to them in the CCPA, and the CCPA definitions shall take precedence over definitions elsewhere in this Privacy Policy. Note that the CCPA and, as a result, this section of the privacy policy, applies to personal information collected both online and offline.
Please note that the CCPA does not apply to certain categories of personal information, and our processing of CCPA-exempt categories of information may not be addressed below. Additionally, our privacy practices with respect to the personal information of employees and job applicants are not addressed below.
Categories of Personal Information Collected and/or disclosed in the Last Twelve (12) Months:
| Category | Examples | Collected? | Source | Purpose of Collection | Categories of Third Parties to Whom Disclosed | Categories of Third Parties to Whom Sold/Shared |
|---|---|---|---|---|---|---|
| A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name. | YES | Directly from you; Indirectly from your activity on our website | To provide To respond To provide you with information and advertisements we believe may be of interest; To administer and improve our website and services; | To our service providers so they may help us provide our services | To our analytics and advertising service providers and partners |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, address, telephone number, employment, | YES | Directly from you; Indirectly from your activity on our website | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest To administer and improve our website and services; | To our service providers so they may help us provide our services | To our analytics and advertising service providers and partners |
| C. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | Directly from you; Indirectly from your activity on our website | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website and services; | To our service providers so they may help us provide our services | To our analytics and advertising service providers and partners |
| D. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement | YES | Indirectly from your activity on our website | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website and services; | To our service providers so they may help us provide our services | To our analytics and advertising service providers and partners |
| E. Geolocation data. | Physical location or movements. | YES | Indirectly from your activity on our website | To provide our services; To respond to requests for information; To provide you with information and advertisements we believe may be of interest; To administer and improve our website and services; | To our service providers so they may help us provide our services | To our analytics and advertising service providers and partners |
| F. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | N/A | N/A | N/A | N/A |
| G. Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristic, psychological trends, predispositio, behavior, attitudes, intelligence, abilities, and aptitudes. | YES | We make inferences based on your activity with us | To provide you with information and advertisements we believe may be of interest | To our service providers so they may help us provide our services | To our analytics and advertising service providers and partners |
Retention of Personal Information
Please refer to Section VI of the Privacy Notice.
Right to Know and Data Portability
You have the right to request that Stonebranch disclose certain information to you about our collection, use, disclosure and sale of your personal information. Once we receive and confirm your request, to the extent you have requested them, we will disclose to you:
- The categories of personal information we collected about you;
- The categories of sources from which your personal information was collected;
Our business or commercial purpose for collecting, or sharing your personal information; - The categories of third parties to whom we disclosed, or shared your personal information, if any;
- The categories of personal information we have disclosed, or shared about you; and
- The specific pieces of personal information we have collected about you (also called a data portability request).
Right to Correct
You have the right to request that Stonebranch correct any inaccurate personal information we have collected and maintain about you. Once we receive and confirm your request, we will make the corrections you requested.
Right to Delete
You have the right to request that Stonebranch delete any of the personal information we have collected and maintain about you, subject to certain exceptions. Once we receive and confirm your request, we will either delete, de-identify, or aggregate your personal information, unless a CCPA exception such as those listed below applies, and not doing so is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation; or
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Your Rights to Know, Correct, and Delete
To exercise your rights to know, correct, and delete under the CCPA please submit a request by emailing us at dpo@stonebranch.com or calling us at 0016783667887
Only you, or someone legally authorized to act on your behalf (i.e., your authorized agent), may make a request related to your personal information. Stonebranch may require an agent to provide verification that they are acting on your behalf when they submit a request related to your personal information.
All requests to know, correct, or delete (whether made by you or an authorized agent) must (1) provide sufficient information for us to reasonably verify you by providing two to three pieces of personal information which we will match with personal information we maintain in our records, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Right to Opt-Out of Sale or Sharing
We do not sell or share personal information as those terms are defined by the CCPA.
Sensitive Personal Information
Stonebranch does not use or disclose sensitive personal information for purposes other than those set forth in the CCPA such as to perform the services or provide the goods reasonably expected by the average consumer, to prevent and detect security incidents, to display non personalized advertising shown as part of your current interaction with us, or otherwise for a purpose that does not infer characteristics about you.
Right to Non-Discrimination
Stonebranch will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny your services;
- Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of services; or
- Suggest that you may receive a different price or rate for services or a different level or quality of services.
Right to Appeal
Stonebranch provides consumers the right to appeal any decisions we make regarding consumer requests to know, correct, or delete. You may appeal any decision within 30 days of receiving notice of the decision.
Contact Information
If you have questions about this privacy policy or Stonebranch’s privacy practices, or wish to exercise any of the rights described above, please contact us at:
Stonebranch, Inc.
4550 North Point Pkwy
Suite 400
Alpharetta, GA, USA 30022
dpo@stonebranch.com
0016783667887