Data protection regulations of Hornetsecurity GmbH
I. Contact Information
Responsible for data processing within the scope of this website within the meaning of the General Data Protection Regulation (GDPR):
Am Listholze 78
Managing Directors: Oliver Dehning, Daniel Hofmann, Daniel Blank Commercial Register: Hanover Local Court HRB 201937
Sales tax ID: DE256599255
Chief Information Security Officer: Olaf Petry
Data Protection Officer: Michael Schramm, LL.M. (Minnesota)
II. General information on data processing
The basis of effective data protection is comprehensive information about the collection, processing and use of your data (“data processing”). Therefore we would like to inform you,
- when or for which actions we process data,
- which data we process for which reasons,
- who receives data,
- which rights you have because of the data processing through us.
This data protection declaration only regulates the use of personal data on our website www.hornetsecurity.com/en including its subpages. If you leave our website via a link or visit our website on a social media platform, you also leave the scope of this data protection declaration.
The transmission of information to or from this website is secured with TLS encryption.
You can download this data protection declaration permanently and at any time at the address
www.hornetsecurity.com/en/privacy-policy, print it out or download it.
1. Scope of the processing of personal data
The provision of the website requires the processing of various information. In addition, the scope of data processing depends on your use of the functionalities of the website, for example if you communicate with us via the contact form or consent to the processing of data.
You are not obliged to provide us with personal data. However, if the provision of this data is technically mandatory when you access our site, refusal will result in your being unable to access and use our website.
As a visitor to our websites, you are not subject to any automated decision-making within the meaning of Art. 22 GDPR.
2. Legal basis for the processing of personal data
Reason for processing Legal basis in the GDPR Explanation
|Performance of contract or performance
|Art. 6 Abs. 1 b)||Processing shall only take place to the extent necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data will only be processed by us to this extent.|
|Justifiable interest||Art. 6 Abs. 1 f)||Processing takes place insofar as we have a legitimate interest and no conflicting overriding interests of the data subject are apparent. The specific interest is explained in this data protection declaration within the framework of the processing description.|
|Consent||Art. 6 Abs. 1 a)||The data will be processed if you have expressly consented to the type and scope of data processing. You can revoke your consent at any time with effect for the future. However, this does not affect processing up to this point in time.|
|Legal obligation||Art. 6 Abs. 1 c)||They are processed insofar as this is necessary to fulfil German or European legal obligations.|
3. Data erasure and storage time
We will delete your personal data as soon as the legal basis for their processing ceases to exist. In some cases, however, legal bases can also exist in parallel or, in the absence of a legal basis, can intervene in a new one, such as the obligation to store certain data in order to fulfil a legal obligation to store data.
III. Data processing for the provision of the website
In order for us to display the website to you, it is necessary to process certain information. This is already done when you visit our website. In addition, we offer various functionalities on our website which require further data processing.
1. Log Files
When you use our services or visit our website, various information is passed on to our servers. We need these to establish and maintain the connection. Among the data is also your IP address, which we treat as personal data. In addition, the following data is collected:
- batch record version
- Website requested by the client
- Possible error code(s) from Squid / Detailed error description
- HTTP status code of the requested server
- HTTP status code forwarded to client
- browser version
- operating system
We store this data in so-called server log files. This data is not combined with any other data about you. The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files will be deleted after 14 months at the latest, unless longer storage is required, for example to prevent or clarify an attack on our website.
The use of technically conditioned cookies and the associated data processing takes place due to our legitimate interest in a technically flawless and comfortable use of our website. Technically conditioned cookies are usually deleted automatically when you close your browser (session cookies), in other cases only after some time (persistent cookies). The duration of storage of persistent cookies is determined by the provider and can be viewed by you in your browser, for example.
3. Contact forms
At various points on our website you will find contact forms via which you can send us an enquiry or, for example, request a quotation for one of our services. For general inquiries, the following information is requested: recipient at Hornetsecurity, company, name, e-mail address, telephone and your message. When you request a quotation for our services, you must provide the following information: Company, title, last name, e-mail address, telephone number, desired service as well as the number of planned users. The information is marked as mandatory fields. All other data that you transmit to us within the scope of the inquiry, also via the free text field, are voluntary.
We use this data exclusively for answering your inquiry and the associated communication. The legal basis for processing this information and all data stored in Hornetsecurity’s services is the necessity to fulfil the existing contractual relationship. In principle, our legitimate interest in providing the contact functionality and responding to your enquiry transmitted via it applies here. If your request is aimed at concluding a contract with us, the processing will take place within the framework of this pre-contractual obligation.
Your data will be deleted as soon as your request has been processed. In case of a contract conclusion we process the data if necessary for the fulfilment of the contract.
4. Comment function in the blog
You can comment on the contributions in our Hornetsecurity Blog and take part in the discussion. No registration is required. To add a comment, you can fill in the form at the end of each blog post. We absolutely need the following information from you: Your e-mail address, the name under which you would like to publish the comment as well as your comment. You do not necessarily have to use your clear name. Your email address will not be published.
The legal basis of the processing is our legitimate interest in offering the commentary function to our contributions, thus enabling us to exchange opinions between our website visitors and ourselves. When you leave a comment on the blog, your IP address and name will be stored. This is for our safety, if someone writes illegal content in comments (insults, forbidden political propaganda, etc.). In this case we could be prosecuted for the comment ourselves and are therefore interested in the identity of the author of the comment. Your information will be stored until you object to its storage or until our legitimate interest ceases to exist for any other reason.
If you are interested in distributing our services as a Hornetsecurity partner, you can register via our website in our partner program. To do this, you must fill out the online partner application in the course of which you must provide various information about your company and your contact persons. The mandatory information is marked in each case. All other information is provided voluntarily.
In this respect, the legal basis of the processing is the execution of pre-contractual measures or, upon conclusion of the partner contract, the necessity for the performance of the contract. The storage period is measured accordingly in principle on the duration of the contractual relationship. However, alternative legal bases, such as legal storage periods, can intervene after their end.
6. Login to Control Panel and Webmail
If you are already a Hornetsecurity customer, you can register via our website in the Control Panel, from which you can use and manage your services. As a customer of Webmail you can register via a separate link in your mailbox. You will need your user name, e-mail address and password to register. The legal basis for processing this information and all data stored in Hornetsecurity’s services in order to fulfil the existing contractual relationship. The storage period is measured accordingly in principle on the duration of the contractual relationship. However, alternative legal bases, such as legal storage periods, can intervene after their end.
To test our services Spamfilter Service, the Archiving Service or the Hornetsecurity Continuity Service, you can register directly via our website. For this we need various information about you personally, the domain, server and user for which the service is desired as well as the desired service. The mandatory fields are marked accordingly. All other information is voluntary.
In this respect, the legal basis of the processing is the execution of pre-contractual measures or the necessity for the performance of the contract. The storage period is measured accordingly in principle on the duration of the contractual relationship. However, alternative legal bases, such as legal storage periods, can intervene after their end.
8. Online application
You can also apply to us at any time using our online application form. Personal data is transmitted to us as part of the application via our website. This can be done directly via the input fields or indirectly via application documents to be uploaded, such as your CV. The information marked as mandatory in the registration form is mandatory. All other information, even if included in the uploaded application documents, is voluntary. We process your data only to the extent necessary to carry out the application procedure.
By submitting your information on our Careers page or by registering for the Talent Pool, you also agree that we may contact and inform you in writing and by telephone as part of our recruitment marketing or talent retention programs. Should you no longer wish to do so at a later date, you can have your data deleted at any time without giving any reasons. All you need to do is send a short message to moc.y1547759257tiruc1547759257esten1547759257roh@b1547759257oj1547759257.
The legal basis of the processing is the necessity for the initiation of an employment relationship. Your data will be stored for a period of 90 days after the end of the application process, unless you have given us your consent to further storage.
This process is supported by an HR tool which Hornetsecurity GmbH uses for candidate management and personnel administration.
Further information is available under the following link: https://www.hornetsecurity.com/en/privacy-policy-personio.
9. Google Maps
On our website we use the map service Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to show our location.
When you enter the page on which the Google Maps map is integrated, our website sends various information including your IP address to Google in the USA, where it is stored on its servers. If you have a Google account and are logged in at the time you visit our site, the information will be associated directly with your account. But even without a user account, Google will create a user profile about you. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists.
Our transmission of the data to Google is based on our legitimate interest in offering you the map function of Google Maps on our website.
More information about Google and the use of Google Maps can be found here:
10. Google Fonts
We use so-called web fonts from Google to display fonts. When you call up a page, your browser loads the required web fonts into your browser to display texts and fonts correctly. To do this, your browser connects to Google, which tells Google that our websites have been accessed via your IP address. The use of Google Fonts is based on the legal basis of our legitimate interest in a consistent and appealing presentation of our websites. If your browser does not support Google Fonts or Web Fonts, your device uses a default font.
11. Social-Media Plugins
If you like contributions from our website, you can share them directly via buttons in various social media networks and microblogging services. For this purpose, appropriate social media plug-ins are integrated on our website.
If you enter a subpage on which the social media plug-ins are embedded, your browser establishes a direct connection to the servers of the respective operators. When the connection is established, various information including your IP address is sent to the operators and stored by them. Since most of the operators are based in the USA, the data is also stored there. This tells the operators that your browser has called up the relevant subpage of our website. This also applies if you do not have a user account with the social media network or microblogging service or are not logged in at the time you visit our website.
If you are simultaneously logged in to your account there, the operator assigns your visit to our website and any further interaction with the plugin (activation of the respective consent buttons, comments) directly to your account and saves this information. These actions may also be visible to other users of the network. You can prevent this data processing by not pressing the buttons. You can also log out of your social media network before visiting our site. You can also use add-ons such as the “NoScript” script blocker (http://noscript.net) for your browser to generally prevent social media plug-ins from being executed.
The legal basis for data processing is our legitimate interest in offering you an easy way to share information on our website on social media networks and microblogging services and thus increase our visibility.
Our website uses the following social media plugins:
Our website contains a social plugin of the social media network Facebook. The corresponding button can be recognized by the Facebook logo.
Our website contains a social plugin of the social media network Google+ by Google. The corresponding button can be recognized by the “G+” logo.
Our website contains a social plugin of the microblogging service Twitter of Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The corresponding button can be recognized by the Twitter bird.
Our website contains a social plugin of the social media network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, (“LinkedIn”) represented in Europe by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. The corresponding button can be recognized by the “in” logo.
Our website contains a social plugin of the Instagram Inc. 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) microblogging service. The corresponding button can be recognized by the Instagram camera logo.
By setting up your Instagram account you have the possibility of direct influence (objection). You can find out more about this under the following link:
The controller has integrated the LiveZilla component into this website. LiveZilla is a Live-Support-Helpdesk-Software, which enables a direct communication in real time (so called Live-Chat) with visitors of your own website.
The developer of the LiveZilla component is LiveZilla GmbH, Byk-Gulden-Straße 18, 78224 Singen, Germany.
Each time you visit our website, which is equipped with a LiveZilla component, this component collects data for the purpose of operating the live chat system and analyzing the operation of the system. More information about LiveZilla can be found at http://www.livezilla.net/home/en/.
The LiveZilla component sets a cookie on the person’s information technology system. What cookies are has already been explained above. Pseudonymised user profiles can be created via the LiveZilla cookie. Such pseudonymised usage profiles may be used by the data controller to analyse visitor behaviour and to analyse and maintain the proper operation of the live chat system. The analysis also serves to improve our offer. The data collected via the LiveZilla component will not be used to identify the data subject without the prior express consent of the data subject. This data is not combined with personal data or with other data containing the same pseudonym.
The person concerned can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent the LiveZilla component from placing a cookie on the information technology system of the person concerned. In addition, a cookie already set by the LiveZilla component can be deleted at any time via the Internet browser or other software programs.
The current data protection regulations of LiveZilla GmbH can be found at https://www.livezilla.net/disclaimer/en/
13. Information on the newsletter and consents
With the following information we will inform you about our newsletters as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to the receipt and the described procedures. We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletters”) with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users.
a) Double-Opt-In and logging
Subscription to our newsletter (more precisely referred to on the website as “Hornetsecurity News”) takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address.
b) Statistical surveys and analyses
The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the Pardot server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention, nor that of Pardot, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. Your consent to its dispatch via Pardot and the statistical analyses will thus expire at the same time. A separate cancellation of the dispatch via Pardot or the statistical evaluation is unfortunately not possible.
14. Other personal data
We would like to point out once again that on this website Google Analytics has been extended by the code “_anonymizeIp();” in order to guarantee anonymous collection of IP addresses (so-called IP masking). Hornetsecurity GmbH therefore does not store any personal data of a website visitor.
Clearly personal data is only collected if you provide it voluntarily, e.g. in the case of individual inquiries/as part of an application/talent loyalty programme or in the case of a service or support inquiry via a contact form, by e-mail, online or in writing. We may forward your personal data to the department responsible for the processing of your inquiry/application. Your personal data is processed and stored via the marketing automation tool Salesforce Pardot, the ticket system OTRS and our servers. Furthermore, the data will not be passed on to third parties or used for purposes other than those stated in each case. Personal data transmitted to us (e.g. name, address, telephone number, fax number or e-mail address) will only be used to answer your inquiry or to process your request or application. With explicit consent (double opt-in procedure) your personal data will also be used for advertising purposes. They are only stored by us for as long as this is necessary for the aforementioned purposes or as we are legally obliged to store them. You have the possibility to withdraw your consent at any time. Please contact our data protection officer (see above). We would like to point out that messages via e-mail in unencrypted form are not an absolutely secure means of communication against access by third parties and in particular also become accessible to the e-mail provider.
V. Possibility of objection and elimination
If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to revoke your consent at any time. Your objection or revocation only has an effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You may at any time exercise your right of objection or revocation by contacting moc.y1547759257tiruc1547759257esten1547759257roh@o1547759257fni1547759257 bzw. moc.y1547759257tiruc1547759257esten1547759257roh@y1547759257cavir1547759257p1547759257 wenden. If you object to processing on the basis of our legitimate interest, we may nevertheless continue processing if we can prove compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms.
IV. Usage analysis and tracking
We would like to further improve the usability of this website and the attractiveness of its services. For this reason, when you visit our website, we also collect data on usage behavior, which we evaluate for this purpose. For this reason, the following tracking and analysis cookies are also used on our website in addition to the technically conditional cookies shown above.
1. Google (Universal) Analytics
This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google collects information about your use of this website (including your IP address) in the USA via a cookie, and stores the information. However, we only use Google Analytics with an anonymisation function in which the IP address is reduced before it is transmitted by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google in the USA and only shortened there. Google analyses the information collected and sends us reports on the usage activities on our website and provides us with additional services for this purpose. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
In addition to blocking all cookies by your browser, you can prevent Google from processing your data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent future collection by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=en.
2. Google AdWords
Our website uses the advertising tool “Google AdWords” from Google including its conversion tracking. We use this tool to determine how successful advertising for our services on websites other than our own is. For this purpose, a conversion cookie is set when you click on one of our advertisements. This cookie enables us to recognize that you have accessed our website via this ad. We use such usage statistics to compile statistics for evaluating the conversion of our advertisements. We do not receive any information about you personally. The conversion cookie set in your browser is individual and cannot be used by other Google AdWords customers for their statistics.
You can prevent tracking by disabling the conversion tracking cookie in your browser settings.
We also use Google’s Doubleclick service. A cookie is set and a pseudonymous identification number (ID) is assigned to your browser. The cookie determines whether and which advertisements were displayed and clicked in your browser. This enables us to tailor your advertising even better to your interests. Since we have activated Google’s IP anonymisation on this website, your IP address is also shortened within the scope of Doubleclick before being transmitted by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases the full IP address is transmitted to Google in the USA and only shortened there. Google analyses the information collected and sends us reports on the usage activities on our website. and provides us with additional services for this purpose. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
In addition to the general options mentioned above for preventing cookies, you can also specifically prevent Google from saving the Doubleclick cookie by downloading an appropriate browser plug-in. You can find it here.
4. Facebook-Custom Audience
We use so-called Facebook pixels on our websites. This is the function of a web analysis service of Facebook. Facebook pixels are invisible graphic files built into our website. When you visit our website, information from the pixel is stored in your browser. This enables us to track which of our sub-pages you have visited. We share this information with Facebook to better match our ads there to your real interests and to analyze the effectiveness of our ads on Facebook. Depending on your use of our website, Facebook assigns you to certain groups of interested parties known as custom audiences. The information generated by the cookie is usually transferred to a Facebook server in the USA and stored there. For more information on how Facebook Trackingpixel collects data, visit here or here.
Irrespective of this, you can generally object to the use of such cookies via various third-party sites, e.g.:
- Network advertising initiative: http://optout.networkadvertising.org/
- aboutads: http://www.aboutads.info/choices
- Youronlinechoices: http://www.youronlinechoices.com/uk/your-ad-choices/
You can revoke your consent at any time with effect for the future. For this purpose, please contact the above-mentioned responsible body. In addition, you can deactivate the creation of pseudonymized user profiles at any time by configuring your Internet browser so that cookies from the “salesforce.com” domain are not accepted. However, this can lead to certain limitations in the functions and user-friendliness of our offer.
6. LinkedIn Analytics
The legal basis of data processing for analysis purposes is our legitimate interest in a statistical evaluation of your user behaviour in order to be able to constantly optimise and better market our website and our services.
7. Bing Ads
On our website we use the Bing Ads Conversion Tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).
Bing Ads places cookies on your computer if you have accessed our website via a Microsoft Bing advertisement. This allows Microsoft Bing and us to determine that our ad has been clicked, as well as that the visitor has been redirected to our Website and has reached a predetermined target page (conversion page). We do not receive any personal information about you, only the total number of users who came to the conversion page via a Bing advertisement will be provided. This allows us to determine the effectiveness of our ads.
VI. Rights of the persons concerned
If personal data are processed, you are a data subject within the meaning of Art. 4 para. 1 GDPR. As the data subject, you have the following rights with regard to your personal data. To exercise these rights, please contact us using the contact details above.
Right to information according to Art. 15 GDPR
You have a right to information about your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.
Right to correction under Article 16 GDPR
You have the right to correct incorrect personal data without delay and to complete incorrect personal data.
Right to cancellation in accordance with Art. 17 GDPR
You have the right to request the deletion of your personal data if one of the reasons mentioned in Art. 17 GDPR intervenes, in particular if there is no longer a legal basis for the processing.
Right to limitation of processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if one of the reasons mentioned in Art. 18 GDPR intervenes, in particular at your request instead of deleting the data.
Right to data transferability according to Art. 20 GDPR
You have the right to request all personal data stored by us about you in a structured, current and machine-readable format and to transmit this data to another person in charge without obstruction by the person responsible to whom the personal data was provided.
Right of appeal to the competent supervisory authority, Art. 77 GDPR
According to Art. 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for you.
VII. Data transfer to third countries
The personal data we collect from you through the Site will also be transferred to some extent to third countries outside the European Economic Area.
In the exceptional cases described above, when using Google tools, your IP address may be transmitted to Google LLC in full and only shortened there.
When using the analysis tool Pardot from salesforce and LinkedIn Analytics from LinkedIn, as well as in the context of the listed social media plugins, your IP address and other information is transmitted to the respective operators.
Google, Facebook (Instagram), Salesforce, LinkedIn and Twitter are all located in the USA and thus in a so-called “third country” according to Art. 44 GDPR. All of these companies are certified under the “EU-US Privacy Shield” data protection agreement, which guarantees compliance with a European level of data protection.
Last updated: August 22, 2018