Privacy (EU GDPR & revDSG)

Data protection is important. Just like your competitiveness.

Privacy Policy

General information about the processing of your data

We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. We take the protection of your personal data very seriously. This privacy policy informs you about the details of how your data is processed and your legal rights in this regard. For terms such as “personal data” or “processing,” the legal definitions in Art. 4 GDPR apply. We reserve the right to amend the privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies, or changes to the legal basis or relevant case law. We recommend that you read the privacy policy from time to time and keep a printout or copy for your records.

Scope

The privacy policy applies to all pages of https://www.highpots.com/en. It does not extend to any linked websites or Internet presences of other providers.

Responsible provider

Responsible for the processing of personal data within the scope of this data protection declaration is:
HighPots GmbH
Steinenvorstadt 33
4051 Basel
Schweiz
+49 6102 7485-600 or
+41 41 / 5520-189

Questions about data protection

If you have any questions about data protection in relation to our company or our website, please contact our data protection officer:
Dr. Thomas Schneider
HighPots GmbH
Steinenvorstadt 33, 4051 Basel (Switzerland)
+49 6102 7485-600
privacy@highpots.com

Security

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss, and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.

Your rights

You have the following rights with regard to your personal data, which you can assert against us:

  • Right to information: You may request information about your personal data that we process in accordance with Art. 15 GDPR.
  • Right to rectification: If the information concerning you is no longer accurate, you may request rectification in accordance with Article 16 of the GDPR. If your data is incomplete, you may request that it be completed.
  • Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request a restriction on the processing of your personal data.
  • Right to object to processing: You have the
  • Right, for reasons that arise from your particular situation, at any time to object to the processing of your personal data, which on the basis of Art. 6 para. 1 p. 1 lit. e) or lit. f) GDPR, you have the right to object in accordance with Art. 21 para. 1 GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing serves to establish, exercise, or defend legal claims (Art. 21 para. 1 GDPR). Furthermore, in accordance with Art. 21 para. 2 GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing; this also applies to any profiling, insofar as it is connected with direct marketing. We would like to point out your right to object in this privacy policy in connection with the respective processing.
  • Right to withdraw your consent: If you have given your consent to processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format (“data portability”) and the right to transmit this data to another controller if the conditions of Art. 20 (1) (a), (b) GDPR are met (Art. 20 GDPR).

You can assert your rights by contacting the contact details listed in the “Responsible Provider” section or by contacting the data protection officers designated by us.
If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority of your choice.

Your rights

You can assert your rights by contacting the contact details listed in the “Responsible Provider” section or by contacting the data protection officers designated by us.
If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority of your choice.

Your rights

You can assert your rights by contacting the contact details listed in the “Responsible Provider” section or by contacting the data protection officers designated by us.
If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority of your choice.

Use of our website

You have the following rights with regard to your personal data, which you can assert against us:

  • Browser type/Browser version
  • Operating system used,
  • Language and version of the browser software,
  • Date and time of access,
  • Host name of the accessing device,
  • IP address,
  • Content of the request (specific website),
  • Access status/HTTP status code,
  • Websites accessed via the website,
  • Referrer URL (the previously visited website),
  • Message indicating whether the call was successful and
  • the amount of data transferred.

The temporary processing of this data is necessary to technically enable the course of a website visit and the delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 p. 1 lit. GDPR. Our legitimate interests lie in ensuring the functionality, integrity, and security of the website. Storing access data in log files, particularly the IP address, for an extended period allows us to detect and prevent abuse. This includes, for example, defending against requests that overload the service or any potential bot usage. The access data will be deleted as soon as it is no longer required for the purpose of its processing. In the case of collecting data for website provision, this is the case when you end your visit to the website. The log data is generally stored directly and exclusively accessible to administrators and is deleted after seven days at the latest. Thereafter, it is only indirectly available through the reconstruction of backup tapes (backups) and will be permanently deleted after a maximum of four weeks.
You can object to the processing. You have the right to object for reasons arising from your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.

Cookies

In addition to the aforementioned access data, when you use the website, so-called cookies are stored in the Internet browser of the device you are using. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the PC system and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may be used for other purposes (e.g., analysis/evaluation of website usage).

Technically necessary cookies

Some elements of our website require that the calling browser can be identified even after a page change. The following data is processed in the cookies:

  • Language settings,
  • Items in shopping cart,
  • Login information.
  • Information you provide us with when using project enquiries (project enquiry button)
  • Information that you provide to us via the chat system (Live Helper Chat).

The user data collected through technically necessary cookies will not be processed to create user profiles. We also use so-called “session cookies” which store a session ID that allows us to assign different requests from your browser to the same session. “Session cookies” are necessary for the use of the website. In particular, they allow us to recognize the device used when you return to the website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests in processing consist of providing the aforementioned special functionalities and thereby making the use of the website more attractive and effective. The “session cookies” will be deleted, depending on the browser you are using and the browser settings you have made, when you close the browser.

Contacting our company

When you contact our company, e.g. by email or via the contact form on the website, we will process the personal data you provide in order to respond to your inquiry. To process inquiries via the contact form on the website, you must provide a name or pseudonym, your company name, and a valid email address. When you send us a message, your IP address and the date and time of contact will also be processed. The legal basis for processing is Art. 6 para. 1 p. 1 lit. f) DSGVO bzw. Art. 6 Abs. 1 p. 1 lit. b) GDPR, if the purpose of the contact is to conclude a contract. If the request is aimed at concluding a contract, the provision of your data is necessary and mandatory for the conclusion of a contract. If the data is not provided, it will not be possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. The processing of personal data from the input mask serves solely to process the contact request. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data. The other data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. In this context, no data will be passed on to third parties. We delete the data collected in this context once processing is no longer necessary—usually two years after the end of communication—or restrict processing to compliance with existing mandatory legal retention obligations, if applicable.
You can object to the processing. You have the right to object for reasons arising from your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.

Processing for contractual purposes

We process your personal data if and to the extent this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) GDPR. The provision of your data is necessary for the conclusion of the contract, and you are contractually obliged to provide your data. If your data is not provided, it will not be possible to conclude and/or execute the contract. After the purpose has been achieved (e.g., contract processing), personal data will be blocked or deleted for further processing, unless we are authorized for further processing based on consent granted by you (e.g., consent to process the email address for sending electronic advertising mail), a contractual agreement, a legal authorization (e.g., authorization to send direct advertising) or based on legitimate interests (e.g., retention for the enforcement of claims).

Your personal data will be disclosed to third parties if

  • It is necessary for the establishment, execution, or termination of legal transactions with our company (e.g., when data is transferred to a payment service provider/shipping company for the purpose of executing a contract with you) (Art. 6(1)(b) GDPR), or
  • a subcontractor or vicarious agent whom we employ exclusively for the purpose of providing the offers or services you have requested requires this data (unless you have been expressly informed otherwise, such vicarious agents are only authorized to process the data to the extent necessary for the provision of the offer or service), or
  • an enforceable official order (Art. 6 (1) sentence 1 lit. c) GDPR) exists, or
  • an enforceable court order exists (Art. 6 (1) sentence 1 lit. c) GDPR), or
  • we are required to do so by law (Art. 6 (1) (c) GDPR), or
  • processing is necessary to protect the vital interests of the data subject or another natural person (Art. 6 (1) (d) GDPR), or
  • it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1) (e) GDPR), or
  • we can invoke our overriding legitimate interests or those of a third party for disclosure (Art. 6 (1) (f) GDPR).

A further disclosure of your personal data to other persons, companies or bodies will not take place unless you have effectively consented to such disclosure. The legal basis for processing is then Art. 6 para. 1 p. 1 lit. a) GDPR. Within these data protection information, we will inform you about the respective recipients in relation to the respective processing operation.

Login area

Si vous avez créé un compte client et que vous souhaitez l’utiliser sur notre site web, vous devez vous inscrire en fournissant les informations obligatoires suivantes :

  • First name,
  • Last name,
  • Password,
  • Business email address,
  • Details of your company.

Further information is voluntary. Furthermore, your IP address and the date and time of registration will be processed at the time of registration. We use the double opt-in procedure for registration. After you have submitted the data required for registration, you will receive an email with an activation link. Only after you have activated the link by clicking on it will access to your customer account be created and the registration successfully completed. For subsequent logins, you must enter the access data (user ID and password) you chose when you first logged in. If the link you received is not confirmed within 24 hours, we will block the information you provided and automatically delete it after one month at the latest. Otherwise, your data will be deleted as soon as it is no longer required for the purpose for which it was processed. This is the case for data collected during the registration process if the registration on the website is canceled or changed.

  • Settings for software and applications.

As far as you use the login area of the website, we also process the data about your person required for the initiation or fulfillment of the contract, in particular address data and information about the payment method. The legal basis for the processing is Art. 6 Para. 1 p. 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion and/or execution of the contract. If you do not provide your data, you cannot register or use the login area, meaning that a contract conclusion and/or execution is not possible. The data will be deleted as soon as it is no longer required for the purpose of its processing, or processing will be restricted if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to retain your address, payment, and order data for a period of up to ten years. Two years after the termination of the contract, we will restrict processing and reduce it to compliance with existing statutory obligations.

E-mail marketing

Existing customer acquisition
We reserve the right to use the e-mail address you provide during the order to send you the following content via e-mail during and/or after the order, in accordance with legal regulations, provided that you have not already objected to this processing of your e-mail address:

  • Information about our business areas and research projects in the fields of software development and data analysis,
  • Interessante angebote aus unserem portfolio, insbesondere datenanalyse und softwareentwicklung,
  • Nieuwe aanbiedingen voor diensten met betrekking tot onze producten en diensten, en
  • Inquiries about customer feedback.

Sofern die Zusendung elektronischer Informationen für die Vertragsabwicklung (z.B. E-Mail in informatorischer Ausgestaltung) erforderlich ist, beruht die Verarbeitung auf der Rechtsgrundlage aus Art. 6 Abs. 1 p. 1 lit. b) GDPR. In this case, you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to send you electronic information by email for the purposes of contract performance. If the sending of electronic information is not necessary for the execution of the contract (e.g., e-mail for informational purposes), the processing is based on the legal basis pursuant to Article 6(1) 1 p. 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct advertising, and ensuring customer satisfaction. We will delete your data when you terminate your use of the service, but no later than three years after the termination of the contract.

We would like to point out that you can object to receiving direct marketing and processing for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective email or send us your objection to the contact details listed in the “Responsible Provider” section.

Newsletter

You can subscribe to our email newsletter on the website, which will provide you with regular updates on the following topics:

  • News in the field of software development, data analysis, and requirements management,
  • Offers for data analysis, software projects, and applications,
  • new business models,
  • Cooperation and research projects between us and our partners,
  • Inquiries about customer feedback.

To receive the newsletter, you must provide your name or pseudonym and a valid e-mail address. If you can subscribe to further newsletters on our website (e.g., to receive job offers), you will receive further information on the newsletter content at the appropriate place. Registration for our e-mail newsletter is done via the double opt-in procedure. After you have entered the data marked as mandatory, we will send you an e-mail to the address you provided, asking for your explicit confirmation of registration for the newsletter (by clicking on a confirmation link). This ensures that you actually wish to receive our e-mail newsletter. If confirmation is not received within 24 hours, we will block the information transmitted to us and automatically delete it after one month at the latest. After your confirmation, we will process the e-mail address and name/pseudonym of the recipient for the purpose of sending our e-mail newsletter. The legal basis for processing is Art. 6 Abs. 1 p. 1 lit. GDPR. We delete this data when you end. We process this data until two years after contract termination. Insofar as the newsletter registration takes place outside of a contract conclusion, we process this data until two years after the end of the usage process. We delete this data when the newsletter subscription ends.

You can revoke your consent to the processing of your email address for the purpose of receiving the newsletter at any time, either by sending us a message (see the contact details in the section “Responsible provider”) or by clicking on the unsubscribe link contained in the newsletter. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Furthermore, the following data is processed at the time of subscription:

  • IP address,
  • Date/time of newsletter registration and
  • The time at which you clicked on the confirmation link.

We also process your IP address, the time of newsletter registration, and the time of your confirmation to document your newsletter registration and prevent misuse of your personal data. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest in this processing lies in fraud prevention. We delete these data at the latest when the newsletter subscription ends.

We also evaluate the open/click rates of our newsletters when sending them. For this evaluation, the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files and are also integrated on our website. The processing is carried out for the purpose of analyzing the reading behavior of our newsletters. In doing so, we record when you read our newsletters, which links you click on in them, and infer from this our customers’ interests. The legal basis for the processing is Art. 6 Para 1 p. 1 lit. f) GDPR. Our legitimate interests in this processing consist of reach measurement and creation of statistical analyses of our newsletters, as well as the optimization of our e-mail advertising. The information will be processed as long as you are subscribed to the newsletter. After unsubscribing, we process the data purely statistically and anonymously.

We would like to point out that you can object to receiving direct marketing and processing for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective email or send us your objection to the contact details listed in the “Responsible Provider” section.

Integration of third-party content

The website incorporates third-party content such as videos, maps, or graphics from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of the users. Without the IP address, they cannot send the content to the browser of the respective user. The IP address is therefore necessary for the display of this content. Below, we provide information about the services of external providers currently used on our website, the respective processing in each case, and your existing options for objection.

Live Helper Chat

Live Helper Chat is a system that is primarily used by our existing customers to, for example, send us a support request. Secondarily, the Live Helper system is also used by potential customers (prospects). The Live Helper system is operated on HighPots’ own servers. In order to communicate better with you on our website and to be able to answer support requests and questions about our offers more quickly, we use the customer support system “Live Helper Chat” (Mr. Remigijus Kiminas, https://livehelperchat.com/), which allows us to contact you directly. If you have questions about our products and services as well as our company, you can reach us via the displayed chat window and leave us a message. You will be asked to provide your name, email address, and question/message. Usage data such as your IP address will also be processed for the provision of the service. If the use of “Live Helper Chat” is necessary for the preparation or execution of a contract, the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. In this case, you are contractually obliged to provide your data. If your data is not provided, it is not possible to answer your questions using “Live Helper Chat”. If answering your questions is not necessary for contract processing, the processing is based on the legal basis pursuant to Article 6(1) 1 p. 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, ensuring customer support, responding to inquiries, and maintaining customer satisfaction. The data generated in connection with the use of the chat function will be stored as long as necessary for the achievement of the purpose. Deletion will occur after the purpose has been achieved, but according to “Live Helper Chat” information, at the latest after one year.
We would like to point out that you can object to receiving direct messages and to processing for the purpose of direct advertising at any time, without incurring any costs other than the transmission costs according to the basic tariffs. You have a general right of objection without giving reasons (Art. 21 para. 2 GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details mentioned in the “Responsible Provider” section. You can also object to the processing of your usage data. You have the right to object for reasons arising from your particular situation. You can prevent processing by opening the browser used in “private mode”.

Matomo

We use the web analytics service Matomo, an open-source software for statistical analysis of the use of our website. This enables us to ensure that you have a user-friendly and optimized experience on our website. Matomo is operated on HighPots’ own servers. With the help of a locally integrated Matomo script on our website, we process information about the use of our website by your end device – e.g., that you have accessed a specific web page – and process, among other things, the data mentioned in the “Access data” section, in particular your IP address, browser information, the previously visited website, and the date and time of the server request for the purpose of statistical analysis of website usage. Matomo is provided by Innocraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand, contact@innocraft.com. The IP address transmitted by your device is only processed in abbreviated form. The legal basis for processing is Art. 6 (1) (f) GDPR. Our legitimate interests lie in the statistical analysis of website usage and the optimization and improvement of our website. Our legitimate interests in processing lie in the statistical analysis of website usage, measuring reach, and optimizing and improving our website. The maximum storage period is set at 13 months. Further information on data protection you can find Matomo at https://matomo.org/privacy-policy/.
You can object to the processing. You have the right to object for reasons arising from your particular situation. You can object to the processing in various ways: by activating the opt-out button at the following link: https://matomo.org/privacy-policy/ (“Opt-Out of website tracking”) or by opening the browser you are using in “private mode”.

Real Cookie Banner

Real Cookie Banner asks website visitors for consent to set cookies and process personal data. To do this, each website visitor is assigned a UUID (pseudonymous user identification) that is valid until the cookie expires for storing consent. Cookies are used to test whether cookies can be set, to store references to the documented consent, to store which services from which service groups the visitor has consented to, and, if consent is obtained according to the Transparency & Consent Framework (TCF), to store the consents to TCF partners, purposes, special purposes, features, and special features. As part of the disclosure obligation under GDPR, the collected consent is fully documented. This includes, in addition to the services and service groups the visitor has consented to, and if consent is obtained according to the TCF standard, which TCF partners, purposes, and features the visitor has consented to, all settings of the cookie banner at the time of consent, as well as the technical circumstances (e.g., viewport size at the time of consent) and user interactions (e.g., clicking on buttons) that led to the consent. Consent is collected once per language.

Button/Image link “Request Project”

The button/image link “Project Requests” serves as support for organizations interested in our services. After clicking the “Request Project” button, a web form appears that allows organizations to enter the current project situation in a structured format. Information relevant for an effort estimation for the provision of services is requested. Based on this, HighPots can create an initial effort estimation and send it back to the interested organization. So that our effort estimation reaches the organization, information such as name, contact details (email and/or phone number) are collected.

Cookie Consent with Real Cookie Banner