Data protection declaration
Data privacy statement
We, Jens Reichert und Philip Schwab Medien und Systeme GbR, Ferdinand-Lassalle-Straße 27, 04425 Taucha, Saxony, Germany are the operator of the website jephi.com as well as the service provider of the Jephi mobile App. We are responsible for the collection, processing, and use of personal data according to all Data Protection legislation -specifically the General Data Protection Regulation (“GDPR”).
You, the Customer, are the Data Controller and Jens Reichert und Philip Schwab Medien und Systeme GbR, the Service Provider, is the Data Processor on your behalf. We only use your data under consideration of the relevant data protection legislation.
With this data privacy statement we want to inform you which of your personal data is collected and saved when you visit our website or use our website offered services. Furthermore, you will receive information about how we use your data and which rights you have regarding the use of your data. This data privacy statement also applies for the access and use of the Jephi App as well as the other available services.
1. Data security
In order to protect your data, all the data you provide us with is encrypted according to the security standard TLS (Transport Layer Security). TLS is a secure and tested standard, that is used, for instance, for online banking. You can recognize the secure TLS connection, for example from the “s” after the “http” in the URL shown in your browser (thus https://..), or from the lock symbol depicted in the browser tab.
We also take technical and organisational suitable security measures, in order to protect your data against random or deliberate manipulations, partial or complete losses, destruction and/or against unauthorized access. In order to avoid loss of data, we run a mirrored database setup which means that your data is always stored in two separate locations. Additionally, we update and store the data every hour in an Off-Site backup, and in line with high risk analysis we continuously run safety tests on our infrastructure. Your password is stored through a safe encrypted process. We will never ask you for your password, neither via email nor over the phone. If you happen to forget your password, we can reset it for you. Our security measures are continuously improved according to the technological development.
The personal data that we collect is stored in a secure environment within the EU, and treated confidentially. Access to this data is limited to selected Jens Reichert und Philip Schwab Medien und Systeme gbR employees and suppliers. We adhere to Data Protection legislative requirements at all times.
We do our utmost to secure your data in the best possible way, but we cannot guarantee the safety of your data when transferred over the Internet. When data is transferred over the Internet, there is a certain risk that others can access the data illicitly. In other words, the safety of your data transfer is your own responsibility as the Data Controller.
2. Collection and storage of personal data, and nature and purpose of its use
2.1) If you visit our website
You can visit the data processor’s website without disclosing your identity. Your browser only sends automatically collected information to the servers of our website. This information is temporarily stored in a so called logfile. This is the information which is automatically collected and stored until the automatic deletion:
- IP-Adress of the requesting computer
- Date and time of the access
- Name and URL of the accessed data
- Website, from which the access came (Referrer-URL),
- Browser in use, and if necessary, the operating system of your computer as well as the name of your access provider
This data is collected and processed for the purpose of making our website use (connection establishment) possible, for the purpose of guaranteeing the security and stability of our system, as well as for the purpose of technical administration of the network infrastructure. We do not draw any conclusions about you as a person.
2.2) If you register for our online services
On our website we offer services for online invoicing and accounting. In order to use these services, you have to first register. When you register, you have to enter an email address and create a password, so we can create an account for you and you can log in. In order to use country specific features, you have to select the country where your business is located.
In order to use our services to its full extent, it might be necessary to enter more personal data. For example, in order to create a legal invoice it is necessary to enter your business name, address, invoice number and payment information etc.
We also use your name and your contact data:
- To know who our contracting party is
- For the justification, structure, processing and changes of the contractual relationship with you about the use of our services
- To verify the plausibility of the entered data
- If necessary, to contact you
2.3) If you register for our newsletter / infomail
If you have agreed to receive our newsletter / infomail we can use your email address to send you regular newsletters, as well as information about our services. In order to receive the newsletters, we must first gain consent from you agreeing to such communication. This consent can be chosen during sign up. You can revoke your consent to receiving such communications at any time, either within your account, opting out of the emails[s2] or by emailing us to request that you no longer wish to receive such communications.
You can also opt out of the newsletters at anytime, for example by clicking the opt out link at the bottom of the newsletter. Alternatively, you can also send us an email to email@example.com.
If you cancel your subscription to the newsletter / infomail, we will keep your email address on record only to ensure that you will no longer receive these emails.
2.4) Developer, customer, supplier, accountant, and team
With our services you have the possibility to enter data of third-parties, to give third-parties access to your account, to connect your account with third-parties and to offer third-parties your own applications or use applications of third-parties. Of course we respect the data privacy also regarding data of third-parties, which we can access through the use of our service through you. Sometimes this can require a separate contract with you. If you think this is the case, please contact us.
According to our terms and conditions you have no right to share your login data with third-parties, and you are obliged to treat your data with due care. Furthermore, you are responsible for the data of third-parties that you enter in Jephi. Please note that we have no influence on the compliance with data protection and security standards outside of our website, the Jephi App or the services provided by us. In such cases, you – or the third-party that you have granted access to your data – are responsible.
3. Consent to transfer of data
We transmit your personal data to third-parties if you order us to do so (for example when you send an invoice electronically or if you declare your VAT to the financial authorities), only if you have given your explicit consent or if there are legislative obligations to do so.
A transfer of personal data to third-parties for other purposes does not take place. Your data is not disclosed to any third-party without your permission, unless legislative authorities require that they be delivered, and even then only to the extent necessary.
Security of data is assured at all times. By signing up with the data processor’s service, you are giving your consent to the processing of your data.
You are also giving explicit consent to the sharing of your data with any third-parties as required to allow us to provide our service to you. We confirm that we share your data only with third-parties whom we are satisfied in maintaining your data at a standard which is acceptable to us and the standard required under all Data Protection legislation.
Specifically, when we share data with territories outside the EU/EEA or to one not under the approved EU Commission listing, we fully satisfy ourselves with their data security and confidentiality standards and are assured that they maintain all shared data in a manner which is acceptable to EU standards. We are required to make available, upon request, evidence of – or reference to – the appropriate safeguards, and can do so following receipt of a request received to the data processor either in writing or by email.
You retain the right at any time to withdraw your consent to the processing and/or sharing of your data by either closing down your account, which has immediate effect, or by contacting us to request closure, at which stage we will do so as soon as is practicable. After your relationship with the data processor ends, we maintain, only the minimum data that we are required to hold to satisfy all legal requirements, and only for the minimum period required.
If you have any queries about the processing of your personal data, or you would like to make a data access request, by writing to firstname.lastname@example.org. If you are not satisfied, you have the right to lodge a complaint with the relevant data protection authority. The data processor will cooperate fully with any such investigation and endeavour to satisfy all queries as fully as possible. The relevant authority for each country can be found on the European Commission website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080[s4]
The cookies store information in relation to your specific device. However, this does not mean that we receive any detailed knowledge about your identity.
For usability purposes we are using temporary cookies, that are stored on your device for a specific time duration. If you visit our website again to use our services, it will be recognized that you have already visited our website before and which settings and actions you have performed, in order for you to not have to perform them again.
Most of the browsers accept cookies automatically. You can configure your browser in a way so that no cookies are saved on your computer or so that a warning will always appear before a new cookie is created.
However, please note that the complete deactivation of cookies can also lead to a limited functionality of our website.
5. Web analysis
Below you can find further information about our web analysis services and further deactivation options:
5.1) Google Analytics
We are using Google Analytics. This is a web analysis service by Google Inc. The information about your use of our website (including your IP address) that is collected via a cookie, is transferred to a Google server in the US and is stored there. IP addresses are anonymized, therefore it is not possible to assign it to you (IP masking). The information is used to analyse the use of our website, to create reports about website activities for us and to provide us with further services that are connected with the use of our website and internet. The data you have entered while using our service will not be merged with other data that is collected via Google in any way.
The transfer of information by Google to third-parties will only be carried out if it is legally required or if third-parties are processing the data on their behalf.
Furthermore we are using Google Optimize. This is a web analysis service by Google Inc, which is integrated in Google Analytics. Google Optimize enables us to do A/B- and multivariate-testing. Thereby we can find out, which version of our website is preferred by the users. Here you can find further information about this service.
You can prevent the data collection, that is carried out via the cookie, as well as the data processing of Google by downloading and installing a browser-add-on here. As an alternative to the browser-add-on, especially for browsers on mobile devices, you can prevent the data collection of Google Analytics, by clicking on this link. An opt-out-cookie will be placed, that prevents the future collection of data when visiting this website. The opt-out-cookie is valid only in this browser and for our website, and will be archived on your device. If you delete the cookie in your browser, you will have to place the opt-out-cookie again.
You can find further information about data protection in conjunction with Google Analytics in Google Analytics help.
Furthermore we are using Google Cloud Vision-API. The OCR (Optical Character Recognition)-tool serves the purpose of optical character recognition and allows the automatic recognition and analysis of letters as well as the categorisation of documents. You can find further information about this service here. The character recognition based on Cloud Vision-API is essential for the use of our services. If you don’t want Cloud Vision-API to be used, you have the possibility to create expenses without uploading documents. In this case you cannot use the services of the data processor to their full extent.
Here you can find further information about data protection by Google: https://www.google.com/policies/privacy/
Mailgun is service provided by Mailgun,Inc. (620 Folsom St, Ste 100, San Francisco, CA 94107, USA) for sending our e-mails. This service may also collect information about date and time when messages were read by the user and when the user interacts with incoming messages (e.g. by clicking on links contained therein). The company is a party to the Safe Harbor Agreement with the EU and is committed to upholding European data protection standards (https://www.mailgun.com/privacy).
Jephi uses the service of the payment service provider Braintree. Braintree is a company of PayPal, Inc. which processes credit card payments. Your personal data will only be passed on to „Braintree“ for the purpose of processing the online order. The data protection regulations are identical to those of Paypal. Details on data protection at Braintree can be found here: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
8. Facebook tracking
We are not using the Social Plugins of Facebook or other social networks. In connection with our Facebook advertising, we are using a pixel based tracking mechanism. This is a web analysis service provided by Facebook Ireland Ltd. The information is used to track conversions coming from the Facebook platform.
This service is provided by Facebook Ireland Ltd. for which the data privacy law of the European Union applies. We do not share any data that you enter while using our service with Facebook.
Please look into the data protection information of Facebook for more information about purpose and extent of the data collection, and the processing and use of the data by Facebook, as well as your rights and setting options for privacy protection.
This website uses Klick-Tipp to send newsletters. Provider is KLICK-TIPP LIMITED, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, United Kingdom. Klick-Tipp is a service with which among other things the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of newsletter subscription is stored on Klick-Tipp’s servers.
If we send newsletters with the help of Klick-Tipp, we can determine whether a newsletter message has been opened and which links have been clicked on.
Klick-Tipp also allows us to divide the newsletter recipients according to different categories (so-called tagging). Newsletter recipients can be subdivided according to gender, personal preferences or customer relationship (e.g. customer or potential customer). In this way, the newsletters can be better adapted to the respective target groups. Further information is available at: https://www.klick-tipp.com and https://www.klick-tipp.com/handbuch.
If you do not want to receive an analysis by Klick-Tipp, you must therefore unsubscribe from the newsletter. For this purpose, we provide an appropriate link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
The data will be processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing processes already carried out remains unaffected by the revocation.
The data you provide us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Klick-Tipp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
We have concluded a contract on order data processing with Klick-Tipp, in which we oblige Klick-Tipp to protect our customers‘ data and not to pass it on to third parties.
11. Information, correction, blocking, and deletion
You have an information right concerning the personal data of you that we store, and a right to correct or amend wrong data as well as a right to block and delete it.
As Data Controller, you are responsible for the content you publish. You have the right to rectify, block or erase any of your data at any time. We may decide to remove content published by you on your request, but we maintain our right not to remove content which is already published or which we are required to maintain to satisfy legal requirements. For information about your personal data, for correction of wrong data or for the blocking or deletion as well as for further questions about the use of your personal data please send an email to email@example.com.
Furthermore, you can look into and change the data that is stored in your account by logging into our website via your login data. You can delete your data on your account at all times. This can be done by use of the relevant option in your account. We are pointing out that if you delete your data, you will not be able to make use of our service to full extent or at all.
12. Changes to this data privacy statement
This data privacy statement is currently effective and has been last updated in May 2018.
13. Using Web Fonts
External fonts, Google Fonts, are used on this website. Google Fonts is a service of Google Inc. „(„Google“). These web fonts are integrated via a server call, usually a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the terminal device of the visitor to these Internet pages is also stored by Google. You can find more detailed information in Google’s data protection information, which you can call up here: