Privacy Policy
Version: May 6, 2023
We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.
Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.
Personal data stored
The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.
Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.
If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.
The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.
Which personal data we store
On this website
You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.
In the app
Using the app is only possible if your organization previously set up a user account for you. The processing of your login details (username, password, and other information) happens on our servers or directly on the servers of your organization, depending on your organization’s configuration. If your organization processes your login information, we use established standards such as OpenID Connect or OAuth so your sensitive data is processed directly by your organization’s systems. In this case, your log in details are neither stored nor processed by our servers. However, your email address is always stored on and processed by our systems to identify the relevant organization and the available authentication methods.
To enable a personalized usage of the app, it’s necessary to store a minimum set of personal information after logging in. This includes your email address as an identifier, your name and a unique account ID provided by your organization’s authentication system.
Furthermore, we store and process the bookings you place using the app. For these bookings, we store the timestamp, enter and leave date, and the details of your booking (such as the selected space) and link them with your user account.
Where we store your data
Our servers are located in Germany.
Your rights according to General Data Protection Regulation (GDPR)
According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:
Right to have your data corrected (article 16 DSGVO) Right to have your data deleted (article 17 DSGVO) Right to limit the processing of your data (article 18 DSGVO) Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO) Right to data portability (article 20 DSGVO) Right to refuse (article 21 DSGVO) Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO) If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.
How long we store your data
If you sign up for our services or place a booking using the app, we will store the data as described above for an indefinite period of time. If your organization decides to terminate the contractual relationship with us, we will delete all related data directly after the contract has ended. Due to technical reasons, it may be necessary to keep backups after the date the contract ends.
Which rights to have regarding your data
If you have an account in the app and/or you have placed a booking, you can request an export of your personal data from us, including the data you have chosen to share with us. Furthermore, you can request the deletion of all your personal data stored on our systems. This does not include data we have to keep due to administrative, legal or security reasons.
Where we send your data
We will not share your data with third parties. Please note that your organization’s administrators can view your bookings in order to manage them and create statistics.
TLS encryption using HTTPS
In both our website and our app, we use HTTPS to transport data securely (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.
Cloudflare
We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).
Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.
The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/
For more information on Cloudflare's security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/
Web Analytics
For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.
Source: Translation based on the German version created with the Datenschutz-Generator by AdSimple