Privacy Policy
We are serious about protecting your data. Therefore, we have created this privacy policy to demonstrate our firm commitment to privacy and to inform you about the manner in which we use your personal data. The following discloses our information gathering and dissemination practices for this website and within our company.
1 Responsibility
The responsibility for data processing by “OKR.Software” lies with:
We Compare XYZ GmbH
Hauptstraße 30
83109 Großkarolinenfeld, Germany
Email: privacy-policy@wecomparexyz.com // datenschutz@wecomparexyz.com
For more information and contact details, please consult the legal notice (https://okr.software/en/imprint/ // https://okr.software/impressum/) of this website.
This Privacy Policy applies only to our services. We may provide links to websites and services of third parties. Please refer to their respective Privacy Policies.
2 General Purposes of Data Processing
We help people and businesses finding the right software for their organization. To this end, we provide this website. We enable users to gather more information about software, but also to test, or sign up for software. Upon request we also mediate agreements between you and the providers of software.
3 The Data We Process and Why We Do That
3.1 Hosting and access data
We collect data to deliver our website and other electronic services in the correct format and to improve the structure and user convenience of our website. This may be information on which browser was used, which subpages were visited, the referrer (the website from which you got to our offers), date and time of the page impression, the device used (e.g. mobile device or computer), the screen resolution used, operating system, and similar data.
Where we use access data to improve our offer (analysis of user behavior, identification of problems using the page etc.), we will use the data in an aggregate form without reference to specific individuals.
The legal basis for the data processing in these cases is our legitimate interests as set out above, Art. 6 (1) f) GDPR (General Data Protection Regulation).
3.2 Data to establish contracts and comply with our duties thereunder
If you establish an account on our website, we will process the data we ask for in the sing-up form.
In some cases, we will process additional data that we will request accordingly.
The legal basis for the processing of those data is Art. 6 (1) b) as we want to establish a contract with you and comply with our duties thereunder.
3.3 Customer Support
When you request customer service, we will process the data necessary to handle your request. Depending on the request, it may also be necessary to collect further data for this purpose. We will make an entry in our computer systems to track the matter.
To the extent that your request involves assets that we have obtained from third parties, we may request data from them and merge such data with the data we hold.
The legal basis for the processing of those data is Art. 6 (1) b) GDPR (General Data Protection Regulation).
3.4 Establishment of contact
When you establish contact with us, e.g. by way of the contact form, email or telephone, we will process the data required to handle the request. To this end, an entry in our computer systems will be made, if applicable.
We erase such data once they are no longer required, provided that they are not subject to any statutory periods of retention.
The legal basis for such data processing is the implementation of pre-contractual measures based on your request or – if you are our customer already – the performance of the contract, Art. 6 (1) b) GDPR.
3.5 Webinars, seminars and trainings
If you register for webinars, seminars or training sessions organized by us, we collect and process the data provided by you on the registration form for the pur-pose of maintaining the list of participants, for conducting the event and for bill-ing purposes.
We delete this data when it is no longer required and there are no legal retention periods to the contrary.
The legal basis for processing this data is Art. 6 (1) b) DSGVO, because this da-ta is required so that we can fulfill our contractual obligations to you.
If we organize training courses, seminars or training sessions together with software providers in third countries, please note the information on data disclosure under section 5.
3.6 Data you provide us with
We will use personal data you provide us with, such as feedback data, but also comments, suggestions, and ideas.
As far as possible we will aggregate, pseudonymize or anonymize such data.
The legal basis for the data processing in these cases is our legitimate interests, Art. 6 (1) f) GDPR (General Data Protection Regulation).
4 The Time We Transfer Data
We do not sell or market personal data to third parties. Transfer of personal data occurs in some cases for us to meet our contractual duty, comply with applicable rules and regulations, as well as to safeguard our legitimate interests.
In some cases, we may transfer data to third countries, in particular the USA, in which the GDPR is not applicable, and the level of data protection is not adequate when compared to the GDPR. In such cases, please take not of Section 5 of this website.
4.1 Data to mediate contracts with third parties
With your explicit consent, we will transfer the data you entered by registering on our Website to pre-register you with software providers for trials and actual licensing and use of such software.
When pre-registering in this manner, we will transfer the data, or a subset thereof, you entered to establish an account on our Website to the provider of the software.
Please note that we have no control over the data processing by the provider of the software as they are not affiliated with us but independent companies. We advise to learn more about their data processing and privacy policy. Please refer to the respective documents on the websites of the providers of software.
Some of the software providers have their seat in third countries, namely the USA. Please also take not of Section 5 of this website regarding the transfer of data to third countries, in which the GDPR is not applicable, and the level of data protection may not be adequate when compared to the GDPR.
4.2 IT Services and Website hosting
Our data is either stored on servers of Cloudways Ltd., 52 Springvale, Pope Pius XII Street, Mosta MST2653, Malta, or
On European servers of Amazon Web Services, Inc., 410 Terry Avenue North
Seattle WA 98109, United States.
Cloudways and AWS are processing data on our behalf as a processor. The processing is governed by a data processing agreement according to Art 28 Sec. 3 GDPR. In the case of AWS such data processing agreement incorporates the EU-SCC (Standard Contractual Clauses) according to Art. 46 Sec II lit c) GDPR.
Cloudways Privacy Policy can be found at https://www.cloudways.com/en/terms.php#privacy, AWS’s Privacy Policy can be found at https://aws.amazon.com/privacy/.
4.3 Google Services
4.3.1 Google Analytics
We use Google Analytics, a web analyzer service of Google Inc. (“Google”). Google Analytics allows us to analyze how you use our website. We use that information to be able to improve and optimize our website. This is also where our legitimate interest rests pursuant to Art. 6 (1) sentence 1 f) GDPR.
The information generated is usually transferred to a server of Google in the USA and stored there. However, your IP address will first be truncated by Google within the member states of the European Union or in other contract states of the Agreement on the European Economic Area.
You can prevent the transfer of data to Google as well as the processing of those data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
4.3.2 Googlefonts
We integrate fonts from the “Google Fonts” font library provided by Google Inc. into our website. This allows us to ensure a uniform appearance of our websites on different devices and using different browsers and operating systems. This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) DSGVO.
By calling up the font library and the associated script library, a connection is automatically established between your browser and the provider. In the process, cookies are set by Google and personal data may be transferred.
4.3.3 Google Maps
We integrate maps of the service Google Maps on our Website, by Google Inc. This allows us to show locations on our Website. This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) DSGVO.
By displaying the respective content, a connection is automatically established between your browser and the provider. In the process, cookies are set by Google and data, such as your location, may be transferred.
4.3.4 YouTube
We embed videos on our website using YouTube, a service of Google Inc. In doing so, we can display video contents on our website. This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) DSGVO.
Owing to such embedding, a connection will be established between your browser and the provider. In the process, Google sets cookies and personal data may be transferred.
4.3.5 Further information regarding the Google Services
The provider of the Google services is either Google Ireland Ltd., Gordon House, Barrow Str., Dublin 4, Ireland, or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using Google Services, data may be transferred to location outside of the EU or other countries with a similar level of data protection. In particular, data may be transferred to the USA. We and Google are parties to a Data Protection Agreement incorporating the EU-SCC (Standard Contractual Clauses) according to Art. 46 Sec II lit c) GDPR. For more information on data protection by Google, please consult the relevant privacy policy: https://www.google.com/policies/privacy/.
4.4 OpenAI
When you are using our OKR-Generator tool, we are transferring data you enter to OpenAI’s AI-Tool using an API-Interface. We do this with your explicit consent according to Art. 6 (1) sentence 1 b) GDPR. Data will be transferred to locations outside of the EU or other countries with a similar level of data protection.
The provider of this Service is OpenAI OpCo, LLC at 3180 18th Street, San Francisco, CA, United States. For more information on data protection by OpenAI, please consult the relevant privacy policy: https://openai.com/policies/privacy-policy.
4.5 Vimeo
We embed videos on our website using Vimeo. In doing so, we can display video contents on our website. This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) DSGVO.
Owing to such embedding, a connection will be established between your browser and the provider. In the process, Vimeo sets cookies and personal data may be transferred. We and Vimeo are parties to a Data Protection Agreement incorporating the EU-SCC (Standard Contractual Clauses) according to Art. 46 Sec II lit c) GDPR.
The provider of this service is Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. For more information on data protection by Vimeo, please consult the relevant privacy policy: https://vimeo.com/privacy
4.6 Meta Pixel
We use Meta Pixel, a service of Meta Platforms Ireland Limited (“Meta”). This enables users of our Website to receive interest-based advertisements when visiting one of Meta’s social networks. Through Meta Pixel, your browser automatically establishes a direct connection with Meta’s servers. We have no influence on the scope and further use of the data collected by Meta.
Through the integration of Meta Pixel, Meta receives the information that you have clicked on an ad from us or have called up our corresponding Website. If you are registered with a Meta service, Meta can assign the visit to your account. Even if you are not registered with Meta or have not logged in, Meta may learn about your IP address and other identifiers and store them.
We use Meta pixel to display our Social Media ads only to those users of Meta’s products who have also shown an interest in us. Furthermore, with the help of Meta pixel, we can track the effectiveness of Social Media ads. This is also where our legitimate interest rests pursuant to Art. 6 (1) sentence 1 f) GDPR.
The provider of those services is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland. We and Meta are parties to a Data Protection Agreement incorporating the EU-SCC (Standard Contractual Clauses) according to Art. 46 Sec II lit c) GDPR.
For more information on data protection by Meta, please consult the relevant privacy policy: https://www.facebook.com/legal/terms/dataprocessing.
4.7 Newsletter Services
With your consent or with a legal permit, we send out newsletters with company and product information, notices on promotional offers, press releases and similar contents.
To subscribe to the newsletter, the data requested in the subscription process are required. The newsletter subscription is recorded in a protocol. After the subscription, you receive a message at the indicated email address asking you to confirm the subscription (“Double Opt-in”). This is necessary to avoid that third parties can subscribe with your email address.
You may withdraw your consent to the receipt of newsletters at any time, thus unsubscribing from the newsletter.
We store the subscription data as long as they are needed for sending the newsletter. We store the recording of the subscription and the destination address as long as there is an interest in preserving evidence of the initially given consent; as a rule, this is done for periods equivalent to the periods of limitation for civil-law claims, i.e. for a maximum of three years.
The legal basis for sending the newsletter is your consent pursuant to Art. 6 (1) a), Art. 7 GDPR. The legal basis for recording the subscription is our legitimate interest in the evidence that the newsletter was sent with your consent, Art. 6 (1) f) GDPR.
We use the services of GetResponse and ActiveCampaign as a technical platform for sending our newsletters as well as press releases.
The provider of those services are, respectively:
ActiveCampaign, LLC, 1 North Dearborn St, 5. Etage, Chicago, IL 60602, USA; For more information on data protection at ActiveCampaign, please refer to the corresponding privacy policy: https://www.activecampaign.com/legal/privacy-policy, and
GetResponse S.A., Gdansk (80-387), Arkonska 6, A3, Poland. For more information on data protection at GetResponse, please refer to the corresponding privacy policy: https://www.getresponse.com/legal/privacy.
We and ActiveCampaign as well as GetResponse are parties to a Data Protection Agreement, in the case of ActiveCampaign incorporating the EU-SCC (Standard Contractual Clauses) according to Art. 46 Sec II lit c) GDPR.
4.8 Understanding our users
In order to understand how users interact with our Website and to make the Website more accessible and useful, we use certain services. This is also where our legitimate interest rests pursuant to Art. 6 (1) sentence 1 f) GDPR.
Those services may identify you by setting a cookie or similar identifier and then track your usage of our website. The respective data may be transferred to the provider of the service.
The provider of those services are, respectively:
MADixel GmbH, Königsdorfer Str. 25, 82515 Wolfratshausen, Germany;
and
Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta. For more information on data protection at Hotjar, please refer to the corresponding privacy policy: https://www.hotjar.com/legal/policies/privacy/.
We and Hotjar Ltd are parties to a Data Protection Agreement according to Art. 46 Sec II lit c) GDPR.
4.9 Firewall and Website Security
We use certain tools to keep our Website secure from attacks and hacking. This is also where our legitimate interest rests pursuant to Art. 6 (1) sentence 1 f) GDPR.
In particular we use Wordfence as a firewall service. The provider of the service is Defiant Inc., 1700 Westlake Ave N Ste 200 98109-6212 Seattle, United States, USA. For more information on data protection at Wordfence, please refer to the corresponding privacy policy: https://www.wordfence.com/privacy-policy/.
We use Cloudflare to protect our Website from Denial-of-Service-Attacks. The provider of the service is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. For more information on data protection at Cloudflare, please refer to the corresponding privacy policy: https://www.cloudflare.com/privacypolicy/.
We and Wordfence as well as Cloudflare are parties to a Data Protection Agreement incorporating the EU-SCC (Standard Contractual Clauses) according to Art. 46 Sec II lit c) GDPR.
4.10 Webinars, Seminars and Trainings
In cases where we organize webinars, seminars and trainings together with software providers or pre-register participants with software providers, we transmit the collected data to the providers, where it is processed and stored until the stated purposes are achieved. In these cases, we act as joint controllers under data protection law (Art. 25 GDPR).
We transmit this data with your consent in accordance with Art. 6 Para. 1 lit a) GDPR. Please note that some of the providers are located in so-called third countries, i.e. countries that do not offer a level of data protection comparable to the GDPR.
4.11 Further Transfers
We may, in certain cases, transfer data to third parties in connection with complying with legal obligations or establishing, exercising, or defending rights or claims (e.g., for court and arbitration proceedings, to regulators, law enforcement and government authorities, to attorneys and consultants).
5 Transfers to third countries
In some cases, we may transfer personal data to parties located in third countries. These are countries there the GDPR is not applicable. In particular, we may transfer personal data to the USA.
While we take appropriate measures to ensure the best protection of your personal data, please be advised that:
• the level of data protection in such third countries, and in particular in the USA, is not adequate when compared to the standard of the GDPR;
• governmental agencies and services, under applicable local law, may have the right to access your personal data; and that
• your rights as a data subject according to the GDPR may not or not fully enforceable.
6 Retention Periods
Unless indicated otherwise at the time of the collection of your personal data or in this Privacy Policy, we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed. In most cases, the respective data will be erased after the contractual relationship ends.
In some cases, to comply with legal obligations, we may store such data for an additional period of time to comply with obligations under tax or commercial laws. We will not use such data for any other purposes.
You may request erasure of your personal data or assert similar rights as a data subject. Please refer to section 9 of this Privacy Policy.
7 The Way We Use Cookies
When you visit parts of our Website, you may receive a text file called a “cookie” located in the browser directory of your computer’s hard drive. A cookie is a small piece of information that a website can store on your computer for use by your web browser.
Cookies enable our Website to recognize and remember information that you consented to give us to personalize your experience or to make your user experience more efficient.
You may control the handling of cookies by appropriate settings of your browser. For more information on such settings, please consult the documentation of your browser. You may also give or revoke consent regarding the use of certain non-necessary cookies here.( https://okr.software/en/cookies/ // https://okr.software/cookies/)
8 The Way We Protect Your Data
To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical, and organizational security measures.
9 Your Rights as Data Subject
According to the applicable laws, you have various rights in respect of your personal data. If you desire to assert your rights, please direct your request via email or mail to the address indicated in section 1 above clearly identifying your person.
• Right of information: You are entitled to information (Article 15 GDPR) from us relating to the processing of your personal data.
• Right to rectification: You have the right to request that we rectify (Article 16 GDPR) any inaccurate or incomplete personal data concerning yourself.
• Right to erasure: You have the right to have your data deleted, provided the preconditions stated in Article 17 of the GDPR have been met. For example, you may ask for your data to be erased if it is no longer necessary for the purposes for which it was collected. You may also ask for your data to be erased if we process your data based on your consent and you withdraw that consent.
• Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if the requirements specified under Article 18 of the GDPR have been met. This is the case, for example, if you dispute the accuracy of your data. You can then demand a restriction of processing for the period it takes to verify the accuracy of the data.
• Right to object: You have the right to object to the processing of your data if the processing is based on an overriding interest or if your data is used for the purpose of direct marketing. An objection is permitted if processing is conducted in either the public interest or for the exercise of official authority, or if it is conducted for a legitimate interest of us or of a third party. If you object to the processing of your data, please notify us of the grounds for your objection. You also have the right to object to data processing for the purposes of direct marketing. The same applies to profiling, insofar as it is related to direct marketing.
• Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format and to transmit those data to another data processor, provided that the data processing is based on consent or performance of a contract and an automated means of processing is used.
• Right to lodge a complaint: You also have the right to lodge a complaint with a supervisory authority about our processing of your data.
10 Information For US Users
10.1 Our website does currently not recognize or respond to “Do Not Track” browser signals.
10.2 Our website is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.
10.3 Depending on the US state in which you reside, you may have special rights with respect to your personal data.
11 Information for Brazilian Users
11.1 This section applies and provides you with further information if the processing of personal data
• occurs in Brazilian territory,
• concerns the data of individuals located in Brazilian territory,
• comprises personal data collected in Brazilian territory, or
• has as its objective the offer or supply of goods or services to individuals located in Brazilian territory.
In these cases, the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados – LGPD) applies to the processing of your personal data and the following additions and/or deviations apply to this Data Privacy Notice.
10.2 In addition to the rights mentioned in this Data Processing Policy, you are entitled under LGPD to:
• In case your data is not being processed in accordance with the applicable data protection law or in an excessive way, request us to anonymize, block or delete unnecessary or excessive personal data or;
• Request information regarding the public and/or private entities we shared your personal data with;
• Be informed about the possibility of not giving your consent to process your data and the consequences of not giving the consent in case we request your consent to process your data;
• Revoke at any time your consent to our processing of your personal data in case we request your consent to process your data.
11.3 For information about the legal basis of processing and data retention periods please refer to the respective sections of this Data Processing Policy.
12 No Automated Decision-Making
There will be no automated decision-making based on the personal data collected on this website.
13 Data Protection Questions
If you should have additional questions or inquiries on data protection on our Website, please contact us via the website.
Status of this Privacy Policy: 22.05.2023
