Data privacy | AllocNow

AllocNow Privacy Policies

This data privacy statement was last reviewed and updated on Jan 17, 2024

1. Overview

AllocNow GmbH ("AllocNow", “we” or “us”) is committed to protecting the privacy and security of your data. This Data Privacy Statement outlines how we collect, use, disclose, and protect the personal information provided to us, in compliance with the General Data Protection Regulation (GDPR).

AllocNow is a data processor registered in Germany that provides the AllocNow Product Sustainability Platform (“software” or “service”) to your employer. Our software is designed to automate lifecycle assessments and environmental footprint management for businesses.

As the sole operator of the software, AllocNow acts as a data processor in accordance with Article 28 of the General Data Protection Regulation (GDPR). In the course of providing our software, AllocNow processes data, which may include personal data, particularly for the operation of the software. The details of this processing are explained further in this Data Privacy Statement.

The processing of personal data by AllocNow is governed by a data processing agreement entered into between your employer, acting as the data controller, and AllocNow as the data processor. Additionally, AllocNow may engage sub-contractors, such as hosting providers, to facilitate the provision of the service.

If you have any questions regarding the processing of your personal data in the context of your employment relationship, please direct your inquiries to your employer.

2. Legal Basis for Processing

AllocNow processes your personal data on the AllocNow Product Sustainability Platform because it is necessary for fulfilling the contractual agreement with your employer. When users engage with our service, we collect and process their personal information to fulfill contractual obligations and provide the agreed-upon features and functionalities. This includes tasks such as user account management, service delivery, and customer support. The processing of personal data is essential for the execution of contractual agreements between AllocNow and your employer, ensuring a seamless and efficient experience.

3. Data Collection

In the course of operating the AllocNow Product Sustainability Platform, AllocNow collects specific data to facilitate the provision of our services. This includes the collection of user names, business email addresses, and user ID, for example the Microsoft Entra UserPrincipalName (UPN), which are essential for user identification, and account management. Additionally, AllocNow logs user activities within the platform to enhance functionality and ensure optimal performance. Furthermore, login events, including date and time information, IP-address, and information about web browser and version as well as the user’s operating system are recorded to maintain the security and integrity of user accounts. The collection of this data is crucial for AllocNow to fulfill its contractual obligations, deliver a seamless user experience, and uphold highest security standards.

4. Use of Browser Cookies

In certain instances, our software employs what are commonly known as browser cookies. These are small text files stored on the device you use to access the software. Typically, cookies play a vital role in ensuring the security of the software ("mandatory"), implementing specific features like standard language settings ("functional"), or enhancing the overall user experience and software performance ("performance").

Primarily, the software relies on mandatory and functional cookies, particularly for user identification, security assurance, and the implementation of default settings. The use of cookies is deemed essential for delivering our service, constituting our legitimate interest as per Article 6(1)(f) of the General Data Protection Regulation (GDPR).

The retention period for these cookies extends until the closure of the software session. Users have the autonomy to configure their browser settings, allowing them to either permit or object to the use of cookies. It is important to note that deactivating cookies may constrain or entirely inhibit the operability of the software.

5. Secure Data Storage

Ensuring the secure storage of data is a paramount priority at AllocNow. We employ robust measures to protect the confidentiality, integrity, and availability of the information entrusted to us. Our data storage practices adhere to industry-leading security standards, encompassing encryption protocols, access controls, and regular security assessments. By implementing these measures, we aim to fortify the resilience of our systems against unauthorized access, data breaches, or any compromise of sensitive information. AllocNow is committed to maintaining a secure environment for our users' data, fostering trust and confidence in our platform.

6. Data Retention Policy

Our data retention policies at AllocNow are designed to balance the need for efficient service provision with a commitment to privacy and security. In general, personal data collected are retained only for the duration of the user's access to the service. We maintain a standard retention period of 180 days for logs. This time frame allows us to analyze system activities, diagnose issues, and enhance the overall performance of the AllocNow Product Sustainability Platform. After the 90-day period, logs are routinely and securely purged from our systems, aligning with our dedication to data minimization and privacy principles.

7. Rights of Data Subjects

Users of the AllocNow Product Sustainability Platform possess certain rights concerning their personal data.

Right to Access (Art. 15 GDPR): Users have the right to request access to the personal data we hold about them, allowing them insight into the information processed.
Right to Rectification (Art. 16 GDPR): Users can request corrections to any inaccurate or incomplete personal data, ensuring accuracy and completeness.
Right to Erasure (Art. 17 GDPR): Users possess the right to withdraw consent and request the deletion of their personal data, subject to legal requirements.
Right to Restriction of Processing (Art. 18 GDPR): Users have the right to request the restriction of processing in specific circumstances, providing an additional layer of control over their personal data.
Right to Object (Art. 21 GDPR): Users can raise concerns or lodge complaints about our data processing practices, seeking resolution and transparency.

To exercise any of these rights, users can contact us at privacy@allocnow.com. We are committed to promptly and transparently addressing inquiries and concerns, in compliance with the General Data Protection Regulation (GDPR).

Kindly be aware that to assert your data subject rights stemming from the processing related to the employment relationship, it is imperative that you directly approach your employer. We retain the right to choose not to respond to these requests or to forward them to your employer.

8. Disclosure of Personal Data to Sub-Processors

In order to provide the AllocNow Product Sustainability Platform and ensure its seamless operation, we engage with trusted sub-processors. These sub-processors play vital roles, such as providing authentication services and hosting our platform infrastructure. We want to assure our users that the selection of sub-processors is done with careful consideration of their commitment to data protection and security. To this end, we have established Standard Contractual Clauses (SCCs) with our sub-processors to ensure compliance with data protection regulations, including the General Data Protection Regulation (GDPR). Below is a list detailing key information about two of our sub-processors, AWS and Microsoft.

AWS

Purpose: Hosting Services
Location: United States
SCC in Place: Yes

Microsoft

Purpose: Authentication
Location: United States
SCC in Place: Yes

9. Changes to this Data Privacy Statement

We retain the right to modify or revise this Data Privacy Statement at our discretion. We recommend users regularly revisit this page to stay informed about any updates or alterations, ensuring awareness of our ongoing efforts to safeguard the personal data we gather.

10. Contact

10.1 Inquiries to AllocNow

For any inquiries or concerns related to data privacy or the processing of personal information at AllocNow, users are encouraged to contact us.

AllocNow GmbH, Friedrich-Ebert-Str. 17, 53177 Bonn, Germany

privacy@allocnow.com

10.2 Data Protection Officer

We have appointed a data protection officer for our company.

Markus Knipp
permanIT GmbH
Bachstraße 32
53115 Bonn

E-Mail: privacy@allocnow.com

10.3 Supervisory authority

Users have the right to contact the relevant data protection authorities in North Rhine-Westphalia, Germany, should they believe their data protection rights have been infringed. The local supervisory authority in North Rhine-Westphalia is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen), and they can be contacted at poststelle@ldi.nrw.de. We are committed to collaborating with users and relevant authorities to address any concerns and ensure compliance with applicable data protection laws.

This data privacy statement was last reviewed and updated on Aug 1, 2022

General information

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site. The data you provide via the contact forms are used to get in touch with you as requested.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy. You can object to this analysis. We will inform you below about how to exercise your options in this regard.

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

AllocNow GmbH
Friedrich-Ebert-Str. 17
53177 Bonn

Telephone: +49228748860
Email: hello@allocnow.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Data protection officer

We have appointed a data protection officer for our company.

Markus Knipp
permanIT GmbH
Bachstraße 32
53115 Bonn
E-Mail: privacy@allocnow.com

Data collection on our website

Wix.com

Our website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to present our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. Inquiries about EU data protection regulations can be sent to privacy@wix.com. We are users of Wix.com, if you use our homepage, you are "user of users" in the sense of Wix.com.

You can find the complete version of the privacy policy of Wix.com at https://de.wix.com/about/privacy.

Wix.com may store and process personal data in the USA, Europe, Israel or other jurisdictions - either by itself or through our affiliated companies and service providers. The data storage providers with which Wix.com works together are contractually bound to protect your data. Wix.com complies among other things with the data protection principles of the EU-US and Swiss-US Privacy Shield Agreement to protect the data of our users even better. Some jurisdictions require that we manage and store the data of their citizens locally. Wix.com may also collect, process and store such data in other locations, including the USA.

Contact form

Wix.com provides contact forms where users can enter their name, email adress and a personal message to contact AllocNow. The input data are sent to AllocNow by email and stored within the wix.com application.

If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us as well as within the hosting infrastructure provided by WIX.com in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.

Hence, the processing of the data entered into the contact form occurs exclusively based on your consent (Art. 6 Sect. 1 lit. a GDPR). You have the right to revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an in-formal notification via e-mail. This shall be without prejudice to the lawfulness of any da-ta collection that occurred prior to your revocation.

The information you have entered in the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions retention periods.