Privacy Policy

I. General Information

The web presence www.planqk.de ("website") is a service provided by Anaqor AG (hereinafter also referred to as "Anaqor" or "we"/"us"). The following provides information on how we use your personal data.

When you visit our website and use the offered service, we will process your personal data. As we are highly committed to protecting your privacy, we would like to give you the opportunity to obtain comprehensive information about our data processing activities.
Preliminary note: We strictly comply with the legal provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz; "BDSG") and any other data protection regulations.

 

II. Name and Address of the Controller

Anaqor is responsible for processing personal data in connection with the use of the website and acts as data controller.

Anaqor AG
represented by its managing board: Andreas Liebing, Dr. Mathias Petri Keithstraße 6, 10787 Berlin
10787 Berlin, Germany
Tel: +49 (0)30 469 99 07 18
info(at)anaqor.io

 

III. Personal Data Processing

1. Provision of the Website through Webflow and Creation of Log Files

a) Description and Scope of the Data Processing

Whenever you access our website, the following data transmitted by your browser will be automatically stored for technical reasons:

  • Information on your browser type and version
  • The operating system you are using
  • The website from which you are visiting us (referrer URL)
  • Your IP address
  • Date and time of your visit
  • Our system stores your personal data in log files. These data will not be stored together with other personal data about you.

To provide the website we are using Webflow, a US-registered company that provides software as a service for website building and hosting and have signed a data processing agreement to act as a data processor. To this end information will be downloaded from Webflow servers, and above mentioned information may be stored on their servers.

Since Webflow may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Webflow, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Art. 46 (2) (c) GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.b) Legal Basis for the Data Processing

The legal basis for the temporary processing of the data and log files is Art. 6 (1) (f) GDPR.

c) Purpose of the Data Processing

The temporary processing of your IP address by our system is necessary to enable the website to be delivered to your device. In addition, we use your personal data to ensure the security of our IT systems. In this context, your data will not be analyzed for marketing purposes. Our legitimate interest in processing your personal data lies in these purposes.

d) Storage Period

The afore-mentioned personal data will be deleted as soon as they are no longer needed to fulfill the purpose for which they are processed. All server log files are deleted no later than 30 days after the end of your visit to the site.

e) Objection and Deletion Options Pursuant to Art. 21 GDPR

As the processing of the data is strictly necessary for delivering the website, there is no possibility for you to object to this data processing.

2. Contacting us via Contact Form or E-Mail

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to contact us using the corresponding contact form. The data you provide when contacting us will be transmitted to, and used by, us for the purpose of dealing with your query. At the time of your query, the following data will be collected:

  • your name
  • your e-mail address
  • your phone number (optionally)
  • other personal data you provide in the contact form (optionally)

When sending your query, the following data will additionally be processed:

  • your IP address
  • date and time of sending your query

If you contact us through the e-mail address provided, your personal data transmitted with that e- mail will be processed. We do not disclose these data to any third party.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data transmitted when sending the contact form or an e- mail is Art. 6 (1) (f) GDPR.

If you contact us using our contact form or sending an e-mail with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) (b) GDPR.

c) Purpose of the Data Processing

We will use your personal data for the purpose of dealing with your query only.

Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.

Our legitimate interest in processing your personal data lies in these purposes pursuant to Art. 6
(1) 1st subparagraph, lit. (f) GDPR.

d) Storage Period

We delete your personal data as soon as it is no longer needed to fulfill the purpose for which the data concerned is processed.

Any personal data that you have transmitted in the context of contacting us via our contact form or e-mail will be deleted as soon as the respective conversation with you is finished. The conversation will be considered finished when it is clear from the circumstances that the matter concerned has been resolved.

e) Objection and Deletion Options Pursuant to Art. 21 GDPR

You have the right to object to the processing your personal data at any time regarding processing activities based on the legitimate interest. In such case the conversation cannot be continued. Please send your objection to Planqk-gdpr@anaqor.io. Any personal data processed in the context of the communication will be deleted in this case.

3. Contacting us via Live Chat

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to contact us via live chat. The data you provide in this context will be transmitted to, and used by, us for the purpose of dealing with your query. When sending your query, the following data will be collected:

  • your IP address
  • your location
  • your name (optionally)
  • other personal data provided by you in the live chat protocol.

When sending your query, the following data will additionally be processed:

  • date and time of sending your query.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data transmitted when contacting us via live chat is Art. 6
(1) (f) GDPR. If you contact us using our contact form with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) (b) GDPR.

c) Purpose of the Data Processing

We will use your personal data only for the purpose of dealing with your query. Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.
Our legitimate interest in processing your personal data lies in these purposes pursuant to Art. 6
(1) (f) GDPR.

d) Storage Period

We delete your personal data as soon as they are no longer needed to achieve the purpose for which they are processed. Any personal data that you have transmitted in the context of contacting us via live-chat will be deleted as soon as the respective conversation with you is closed. The conversation will be considered finished when it is clear from the circumstances that the matter concerned has been resolved.

e) Objection and Deletion Options Pursuant to Art. 21 GDRP

You have the right to object to us processing your personal data at any time regarding processing activities based on the legitimate interest. In such case the conversation cannot be continued.

Please send your objection to Planqk-gdpr@anaqor.io. Any personal data processed in the context of the correspondence will be deleted in this case.

4. Newsletter & other Marketing activities via HubSpot

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to subscribe to our free newsletter. For these marketing activities, we are using HubSpot on our website and have signed a data processing agreement with them to that effect. HubSpot is a software company from the USA with a branch office HubSpot Ireland Limited in 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. We use this integrated software solution for our own marketing, lead generation and customer service purposes. This includes email marketing, which regulates the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. In order to be able to send the newsletter to you, we need you to provide the following personal data when you subscribe and interact with the newsletter:

  • your title
  • your name
  • your e-mail address
  • the newsletter you have selected
  • your academic title (if any)
  • other personal data provided by you in the contact form (optionally)
  • Opening of content in newsletter

In addition, we will use your IP address, the date and time of your subscription, and your language selection. No other data will be processed. When subscribing to our newsletter, you will be asked to consent to the processing of your personal data.

Since HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Art. 46 (2) (c) GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data after your subscription to our newsletter is the consent you have given in this context pursuant to Art. 6 (1) (a) GDPR.

c) Purpose of the Data Processing

We will use your personal data for sending the newsletter to you.

In this context, we check the e-mail address provided in order to verify that you are the owner and/or that the owner of the e-mail address consents to receiving the newsletter.

We will process your IP address and the date and time or your subscription for security reasons in case a third party registers on our website without your knowledge or misuses your personal data.

d) Storage Period

We delete your personal data as soon as it is no longer needed to achieve the purpose for which the data was collected when you chose to opt out of our newsletter. In such case your personal data will be deleted immediately; other data collected in the context of your subscription, like your IP address and the date and time of your subscription, will be deleted within 60 days in a system- defined deletion cycle.

e) Withdrawal Option Pursuant to Art. 7 GDPR

You have the right to withdraw your consent to the processing of your data, to its use for sending out the newsletter, and to your newsletter subscription at any time pursuant to Art. 7 GDPR. You can do so by clicking the unsubscribe button, which is contained in every newsletter. This will not affect the lawfulness of the processing of your data until that moment. In case of withdrawal, we will stop processing your personal data and will delete it as soon as possible.

5. Use of Plausible for website analytics

a) Description and Scope of the Data Processing

Our website uses Plausible as a web analytics services provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (“Plausible”)
All the site measurement is carried out absolutely anonymous. Cookies are not used and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. Your site data is not used for any other purposes. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.

b) Legal Basis for the Data Processing

The legal basis for the use of Plausible is your consent according to Art. 6 (1) (a) GDPR.

c) Purpose of the Data Processing

We use Plausible for the purposes of understanding how users interact with our website and to improve it.

d) Storage Period

The storage period for the data transmitted by you and associated with cookies is 2 months. Upon expiry of that period, the data will automatically be deleted. Data will be deleted automatically once every month after expiry of the storage period. In addition, you can uninstall the cookies placed on your device by Google Analytics on your own and thereby delete the data stored. More details on how to delete cookies using your browser settings are provided below.

e) Withdrawal Option Pursuant to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 DSGVO. To do so, please contact: Planqk-gdpr@anaqor.io. The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and will be deleted.

6. Registration and contract processing

a) Description and scope of data processing

We offer you the opportunity to register on our platform with a customer account. For this purpose, we require the following personal data from you, which we request from you via an input form:

  • Salutation
  • First name, last name
  • E-mail address

To enable you to place orders, we also require the following personal data from you:

  • Address
  • Credit card data
  • Contact data about the organization

b) Legal basis for data processing

The legal basis for the processing of your data, which is collected and processed in the course of registering an account and performing the contract, is Art. 6 (1) (b) GDPR.

c) Purpose of data processing

The purpose of data processing is contract processing, in particular processing of orders.

d) Duration of storage

We delete your personal data when they are no longer required to achieve the processing purpose. This is usually the case after the expiry of the limitation period, starting with the end of the year in which the contractual relationship is terminated, for example by deleting your customer account. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations.

7. PayPal and Stripe as payment processors

a) Description and scope of data processing

We collect payment details to process payment for any credit or debit card orders you place with us. We share these details with our chosen payment processors, which are PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and Stripe, a service Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2. Our chosen payment processors process your personal data, such as first and last name, address, email address, IP address, telephone number, information about goods/services, historical information, information about your previous purchases, payment history, any refusals, financial information, details payment notes, device information and geographical information.

Please note that customers of our platform can also be payment recipients. In these cases the customer who receives the payment is processing the transferred payment details for his own purposes. Depending on the payment method selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal will be transmitted by PayPal to credit agencies. Your personal data may also be disclosed by PayPal to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or the personal data is to be processed on behalf. An overview of these third parties can be found at the following link: https://www.paypal.com/de/webapps/mpp/ua/third-parties-list .
In the context of the data processing, personal data is transferred to the U.S. To ensure an appropriate level of data protection, we have concluded a processing agreement with Paypal which contains standard contractual clauses.

b) Legal basis for data processing

The use of a payment processor and the associated data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. The payment processing for the implementation of contractual performance obligations is carried out according to Art. 6 (1) (b) GDPR. The additionally collected data is processed according to Art. 6 (1) (f) GDPR.

c) Purpose of data processing

Your data is processed by the payment processors to confirm your identity, verify personal data and contact information, and to perform internal and external credit assessments. We need this information to process payments requested by you.

If you revoke your consent to a payment processor, it may still be entitled to process, use and transmit your personal data. This serves the contractual payment processing, as far as necessary.

Furthermore, the processing serves to remedy technical and administrative malfunctions as well as to conduct risk analyses, fraud prevention and risk management. These purposes are also our legitimate interest for processing your personal data.

d) Duration of storage

The provided data will only be stored for as long as it is needed to fulfill the contract concluded with you. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the order was placed. After the statute of limitations has expired, your data will be blocked and deleted after expiration of the statutory retention. In addition, the payment processor may be required by law to continue to store your data. Such obligations may arise from anti-money laundering laws, accounting and tax legislation, and consumer protection regulations.

e) Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. To do so, please contact us directly at Planqk-gdpr@anaqor.io or contact PayPal at https://www.paypal.com/uk/smarthelp/contact-us/privacy or Stripe at dpo@stripe.com. The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and deleted unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

f) Possibility of objection and removal according to Art. 21 GDPR in relation to the storage of the IP address

You may object to the processing of your personal data for the purpose of fraud prevention at any time, unless there are compelling legitimate grounds for the processing. To do so, please use the above-mentioned contact possibilities.

8. Credit card information

a) Description and scope of data processing

Besides using the above-mentioned payment providers, you can conclude a payment online by credit card. In this case, we process your first and last name, credit card number, IP address, information about goods/services, contact data of the organization and any refusals.
Depending on the payment method selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal will be transmitted by PayPal to credit agencies. Your personal data may also be disclosed by PayPal to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or the personal data is to be processed on behalf. An overview of these third parties can be found at the following link: https://www.paypal.com/de/webapps/mpp/ua/third-parties-list.

In the context of the data processing, personal data is transferred to the U.S. To ensure an appropriate level of data protection, we have concluded a processing agreement with Paypal which contains standard contractual clauses.

b) Legal basis for data processing

The use of a payment processor and the associated data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. The payment processing for the implementation of contractual performance obligations is carried out according to Art. 6 (1) (b) GDPR. The additionally collected data is processed according to Art. 6 (1) (f) GDPR.

c) Purpose of data processing

Your data is processed by the payment processors to confirm your identity, verify personal data and contact information, and to perform internal and external credit assessments. We need this information to process a purchase on account, in particular to assess which payment methods can be offered to you.

If you revoke your consent to a payment processor, it may still be entitled to process, use and transmit your personal data. This serves the contractual payment processing, as far as necessary.

Furthermore, the processing serves to remedy technical and administrative malfunctions as well as to conduct risk analyses, fraud prevention and risk management. These purposes are also our legitimate interest for processing your personal data.

d) Duration of storage

The provided data will only be stored for as long as it is needed to fulfill the contract concluded with you. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the order was placed. After the statute of limitations has expired, your data will be blocked and deleted after expiration of the statutory retention. In addition, the payment processor may be required by law to continue to store your data. Such obligations may arise from anti-money laundering laws, accounting and tax legislation, and consumer protection regulations.

e) Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. To do so, please contact us directly at Planqk-gdpr@anaqor.io or contact PayPal at https://www.paypal.com/uk/smarthelp/contact-us/privacy or Stripe at dpo@stripe.com. The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and deleted unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

f) Possibility of objection and removal according to Art. 21 GDPR in relation to the storage of the IP address

You may object to the processing of your personal data for the purpose of fraud prevention at any time, unless there are compelling legitimate grounds for the processing. To do so, please use the above-mentioned contact possibilities.

9. Use of Social Media Buttons with “Shariff”

On our website we use the c’t project "Shariff" developed by Heise.de. In this way we want to avoid a comprehensive collection and analysis of your visit by providers of social media/ social sharing functions. Shariff replaces the usual share buttons on social networks and thereby protects your surfing behavior. Shariff only integrates the share buttons of the social networks listed below as graphics on our website. The graphic contains a link to the corresponding social network.

Without the use of Shariff, the usual social media buttons would transfer your data to the social networks each time you visit the site and give them information about your surfing behavior, regardless of whether you are logged in on, or a are member of, the social network. A Shariff button, on the other hand, does not establish direct contact between the social network and you until you actively click on the share button. Without clicking the Shariff button, there will be no data exchange between the social network and you. In this way, Shariff prevents you from leaving a digital fingerprint by merely visiting the website.

More information about the c’t project "Shariff" is available at https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
On our website, we integrate the following social networks with Shariff:

  • Google+ recommendation components
  • Facebook components
  • Twitter recommendation components
  • Xing recommendation components
  • LinkedIn recommendation components
  • Instagram

The purpose and scope of data collection and the further processing and use of the data by the providers on their pages as well as your related rights and setting options for protecting your privacy can be found in the privacy policies of the social network providers, which are available at:

IV. Your Rights as a Data Subject

Where we process your personal data, you are a data subject as defined in the GDPR, which means that you have the following rights with respect to us:

1. Right of access
You have the right to demand access to your personal data that are processed by us at any time. This also includes information on the origin, recipients or categories of recipients, to whom we transmit your data and the purposes for which we process your personal data.

2. Right to rectification
You have the right to demand prompt rectification and/or completion of your personal data if the personal data are inaccurate or incomplete.

3. Right to deletion and/or restriction of processing
You have the right to demand prompt erasure of your personal data. If you ask us to, we have the obligation to delete the data without undue delay. The foregoing does not apply, however, if any contractual and/or legal provisions require us to continue processing your personal data. This may be the case, for example, when retention periods under tax law prohibit us from deleting the data. In such case, we will restrict the processing and delete the personal data immediately after expiry of the retention period.

4. Right to data portability
You have the right to receive your personal data provided to us in a structured, commonly- used and machine-readable format wherever this is technically possible. In addition, you have the right to transmit these data to another controller without hindrance, if you wish to do so.
5. Automated individual decision-making, including profiling.

You have the right not to be subject to a decision based solely on automated processing – including profiling, which produces legal effects concerning you or significantly affects you in a similar way.

6. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of the personal data relating to you infringes the general data protection regulation. In general, you may address the supervisory authority of your habitual residence, place of work or our domicile. The supervisory authority competent for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstraße 219
10969 Berlin, Germany

E-mail: mailbox@datenschutz-berlin.de
Phone: +49 (0) 30 138890