1. General

1.1. We, apilayer Data Products GmbH, FN 532531i (the “Company“), e-mail address: [[email protected]] (the „E-Mail Address“), process your personal data as part of your use of our products (“Products”) or platform (“Platform” and, together with the Products, “Services”). We deal with your personal data in a confidential and responsible way. The processing of your personal data takes place in compliance with the General Data Protection Regulation („GDPR“) and the Austrian data protection act in its current form.

1.2. In this Privacy Policy we want to provide you with information about the company, the nature, scope and purposes of the data collection and use, trying to offer you an insight into the processing of your personal data.

1.3. For some of our Products we will only process data pursuant to purposes and means you determine. In these cases, we will provide you with separate data processing agreements.

1.4. The controller for the processing of your personal data within the meaning of the GDPR is the Company. You can contact us via mail under the address shown below or via e-mail using the E-Mail Address.

Company address:
apilayer Data Products GmbH
Elisabethstrasse 15/5
1010 Vienna, Austria

2. Data We Process

2.1. General: We process such personal data that you as a user of the Services make available to us, for example upon registration or when using the Services (the „Data“).

2.2. Website Use: If you visit our website, we process only personal data that your browser communicates to our server. We collect the following data, which is necessary for us in order to display the website correctly and guarantee the necessary stability and security:

• IP-address;
• date and time stamp, time difference to GMT;
• requested site, site from which the request was sent, transmitted data volume;
• access status/HTTP status code;
• browser, operating system, interface, language and version of the browser software.

2.3. Registration Data: Upon registration we collect and process the following information:

• registration details: date of registration, password;
• personal information: full name; email address; address, zip code, city, region, country;
• company information (optional): company name, website, tax ID;
• payment information:
  • credit card type, last four digits, expiration date;
  • date of payment, invoice ID, currency, amount;
  • monthly or annual payment.

2.4. Product Use Data: Data processed when using the Services is processed by us only as a processor, not as a controller. Please see the separate data processing agreement for details.

3. Why We Process Your Data

3.1. Purpose: The processing of Data pursues the following purposes (“Purposes”):

• provide and improve the Services;
• customer relations management, including newsletters;
• security and stability of the Services.

3.2. Lawfulness of Processing: The lawfulness of processing (Art. 6 GDPR) stems from:

• 3.2.1. your consent, where we have asked your explicit consent (para.1 subpara. a GDPR); and
• 3.2.2. the necessity for the performance of contract fulfillment, as your data is needed for a satisfactory use of the Services (para 1 subpara. b GDPR); and
• 3.2.3. the necessity for the purposes of the legitimate interests pursued by the Company or by a third party (para 1 subpara. f GDPR).

3.3. Legitimate Interests: The legitimate interests pursuant 4.2.3 are to monitor, analyze and improve the Services, to support you with any to protect the security, integrity, performance and functionality of the Services, and to provide you with advertisements.

4. How We Use And Transfer Your Personal Data

4.1. Use: We use Data that you, as user of the product, have provided us with, only for the Purposes.

4.2. Transfer: We transmit Data to third parties only, if this is (i) necessary for the Purposes, e.g. when we use service providers, (ii) due to a request from a national authority, (iii) due to a court ruling, or (iv) if you have consented beforehand.

4.3. Service Providers:

• 4.3.1. For some parts of our Services, we use third party providers to process data for us, such as
  • PayLane Sp. z o.o.;
  • International Business Machines Corporation (IBM BlueMix);
  • Zendesk, Inc.; or
  • The Rocket Science Group LLC d/b/a MailChimp.
• 4.3.2. When using some of the service providers, Data is transferred to recipients in third countries namely the USA. All service providers are part of the EU-US Privacy Shield or otherwise adhere to sufficient data protection standards.

5. Storage And Data Safety

5.1. Storage Period: We store your Data as long as you are a registered user of the Product. Beyond that, we only store Data, if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.

5.2. Deletion: Data will be deleted if you (a) revoke your consent to the storage (b) Data is not needed to fulfill the user contract concerning the Product anymore, or (c) the storage is or becomes legally impermissible. A deletion request does not affect Data, if the storage is legally necessary, for example for accounting purposes.

5.3. Safety Measures: To avoid unauthorized access to Data and generally secure the Data, we apply the following safety measures: encrypted transmission, encrypted storage, an authorization concept, a data backup concept, and physical safety measures for servers. Those safety measures are constantly revised to comply with the latest technological developments.

6. Information About Rights

6.1. Exercise of Rights: To exercise the rights defined in Section 7.2 to 7.8, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted in Section 1.4.

6.2. Revocation of Consent: You can revoke the consent for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation.

6.3. Right of Access: You have the right to obtain (i) confirmation as to whether or not your Data is being processed by us and, if so, (ii) more specific information on the Data. The more specific information concerns, among others, processing purposes, categories of Data, potential recipients or the duration of storage.

6.4. Right to Rectification: You have the right to obtain from us the rectification of inaccurate Data concerning you. In case the Data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification.

6.5. Right to Erasure: Should you decide that you do not want us to process your data any further, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted in Section 1.4. We will erase your Data immediately and inform you of this process. Should mandatory provisions of law prevent such erasure, we will inform you without undue delay thereof.

6.6. Right to Restriction of Processing: You have the right to obtain from us a restriction of processing of your Data in the following cases:

• 6.6.1. You make an inquiry pursuant para. 7.4, if you so request;
• 6.6.2. you are of the opinion, that the processing of your Data is unlawful, but are opposed to an erasure of Data;
• 6.6.3. you still require the Data for the establishment, exercise or defense of legal claims; or
• 6.6.4. you have objected to the processing pursuant para. 7.8.

6.7. Right to Data Portability: You have the right to (i) receive your Data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us.

6.8. Right to Object: You have the right to object at any time to the processing of Data.

6.9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (in Austria: Datenschutzbehörde), if you think that the processing of Data infringes applicable law, especially the GDPR.

7. Cookies

7.1. What are Cookies? The Website uses 'cookies' ─ small text files that are placed on the user's computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Website/Product, the user’s browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.

7.2. Disabling of Cookies: The user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Internet Explorer, Mozilla Firefox, Opera, or Safari). However, in this case the user may jeopardize his/her use of the complete range of functions on the Website.

7.3. Cookie Policy: Please see our Cookie Policy for more information.

8. Analytics Services

8.1. Google Analytics:

• 8.1.1. General: This Website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies. The information on your use of the Website created by a cookie, will usually be transmitted to a Google server in the USA and stored there. The Website uses Google Analytics in conjunction with the option „_anonymizeIP()“. This means, that your IP-address will be shortened by Google beforehand within member states of the EU or other members of the Agreement on the European Economic Area. Only in exceptional cases the whole IP-address will be transmitted to a Google server in the USA and shortened there. Any connection with a specific person is therefore precluded and personal data immediately deleted. The IP-address transmitted by your browser within the use of Google Analytics will not be combined with other data held by Google.
• 8.1.2. Plug-in: You can prevent the collection of data through the cookie concerning your use of the website (incl. your IP-address) as well as its processing of this data by Google, by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
• 8.1.3. Purpose: On behalf of the Website operator, Google will use this information in order to evaluate your use of the Website, compose reports on the website activities, and provide further services to the operator related to the website and internet usage. We use Google Analytics to analyze and be able to constantly improve the use of our Website. Through the statistics we are able to improve our services and make them more interesting for users. In those special cases in which personal data is transmitted to the USA, Google is certified via EU-US privacy shield. The basis for the processing is Art 6 para 1 subpara f GDPA.
• 8.1.4. Information on Third-Party Provider:
  Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,
  Fax: +353 (1) 436 1001;
  Terms: https://www.google.com/analytics/terms/gb.html;
  overview on data protection: https://support.google.com/analytics/answer/6004245?hl=en;
  and Privacy Policy: https://www.google.de/intl/en/policies/privacy/.

8.2. LogsHero LTD: LogsHero is a software logging service that helps us to manage and analyze log data. Any data transmitted to and processed by LogsHero will be in anonymized form only. Unfortunately, no opt-out is possible at the time. Please see LogsHero’s Privacy Policy here.

8.3. Papertrail Inc: We use software of Papertrail Inc. for server error logging. Any data transmitted to and processed by Papertrail will be in anonymized form only. Unfortunately, no opt-out is possible at the time. Please see Papertrail’s Privacy Policy here.

8.4. Functional Software Inc. (Sentry): We use Sentry for server error logging. Any data transmitted to and processed by Papertrail will be in anonymized form only. Unfortunately, no opt-out is possible at the time. Please see Sentry’s Privacy Policy here.

8.5. Runscope Inc: We use software of Runscope Inc. for API performance monitoring. Any data transmitted to and processed by Runscope will be in anonymized form only. Unfortunately, no opt-out is possible at the time. Please see Runscope’s Privacy Policy here.

8.6. Pingdom AB: We use software of Pingdom AB for website and API performance monitoring as well as uptime monitoring. Any data transmitted to and processed by Pingdom will be in anonymized form only. Unfortunately, no opt-out is possible at the time. Please see Pingdom’s Privacy Policy here.

9. Changes To This Privacy Policy

9.1. If the Company decides to change this Privacy Policy, it will post those changes directly in the Services. Should the changes be material to you, especially concerning your right to data protection, you need to confirm them.