1. introduction
Revalu takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data with which you can be personally identified (hereinafter also referred to as "data"). We therefore ask you to enter only corporate data in contact forms (with the exception of the application form). Revalu keeps its privacy policy under regular review and places any updates on this web page.
We would like to point out that this website is directed exclusively at commercially interested parties (companies, architects, manufacturers, partners, universities, developers).
2. Responsible Party
The responsible party within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulation is:
Revalu Impact AG,
Kurfürstendamm 125 A,
10711 Berlin
Directors: Kika Brockstedt, Dr. Ernst von Stegmann
E-mail:
hello@revalu.io Furtherinformation can be found in the
imprint.
3. data protection contact
If you have any questions about Revalu’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at:
dataprotection@revalu.io4. Data processing
Your personal data will be processed according to the so-called “legitimacy principle” if you use our website, if processing is necessary to perform a contract or another legal relationship, if you consent to data processing, and if you contact us or vice versa. Your personal data will be shared within Revalu and with commissioned service providers, partners and other authorised recipients. This particularly applies in the following situations:
4.1. Enquiries from you
If you contact us by email, fax, phone or post, if you use our contact form or any other means of communication (incl. from external partners), or if you contact us in person (e.g. at trade fairs, events), we will process the personal data you provide (salutation, title, name, company, contact details) for the purpose of processing, documenting and following up on your request on the basis of Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. If you use the contact form offered on the website to get in touch with us, we need the data requested in the form to answer your request. Some data is only collected on a voluntary basis. This data fields are marked as optional. We use this data exclusively to process your request and do not pass it on to third parties.
4.2 Order processing
We will process the personal data you provide (salutation, title, name, company, address, contact details, transaction data) to process orders (e.g. to perform a contract of sale or to provide services) on the basis of Art. 6 (1) (b) GDPR. We will send the necessary information to the companies commissioned to deliver or execute the order, and to banks, insurance companies and service providers commissioned to execute the transaction, adjust claims, run credit checks and check sanctions lists. This also applies to the execution of any pre-contractual measures and post-contractual services and complaints.
4.2.1. Newsletter data / application for waiting list (to be invited to theplatform)
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties. The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you have canceled the newsletter. Data stored by us for other purposes remain unaffected.
4.3. Disclosure of personal data
Your personal data will be shared with commissioned service providers, partners and other authorised recipients. We will only disclose your personal data to third parties to fulfil a contract, to pursue our relevant legitimate interests, to observe mandatory legal provisions or to comply with a court order. Your personal data will not be sold to third parties for commercial gain.
4.4. storage period
The data will be deleted within a reasonable period of time as soon as they are no longer required to achieve the purpose for which they were collected. In the case of a contact enquiry, this is the case when the respective conversation with the user has ended, unless contractual or legal obligations prevent deletion. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified. The deletion takes place three years after the end of the year in which the conversation with you ended. If you have a contractual relationship with Revalu, your personal data will be deleted in accordance with the mandatory deletion requirements, such as those stipulated in the German Commercial Code (HGB) and the German Fiscal Code (AO).
5. web hosting
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type and browser version
• operating system used
• Referrer URL
• Host name of the accessing computer
• Time of server request
• IP addressThis data is not merged with other data sources.
This data is recorded on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - the server log files must be recorded for this purpose.
For our website we use the web hosting provider Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103. Webflow uses the AWS cloud with data centers within Europe for data storage. Further information about data protection at Webflow, Inc. can be found
here. Webflow, Inc. acts as our data processor. We have concluded a DPA, including the SCC with Webflow, Inc.
6. cookies
Our website uses cookies to offer a smooth surfing experience and optimise the use of our webpages. Cookies are small text files that are saved on a user’s device and contain specific user and usage information. Technical necessary cookies are set on the basis of our legitimate interest. In addition, you may consent to the use of other cookies (e.g. for analysis and marketing purposes). You will be asked to give your consent before using our website for the first time.
7.1. personio
We use Personio as HR and applicant management software. Personio is provided by Personio SE & Co. KG, Seidlstraße 3, 80335 Munich. Data is stored in data centers within Germany. Personio is acting as our data processor according to Art. 28 GDPR. We have concluded a DPA with Personio. Further information about Personio can be found
here and in our applicant privacy policy.
7.2. hubspot
We use HubSpot as our CRM system. The system is provided by the company Hubspot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. The European headquarter is placed in 1 Sir John Rogerson's Quay, Dublin 2. The data is stored in HubSpot data centers within Europe. When you contact us as an interested party, customer, partner or supplier and request an offer or conclude a contractual relationship, we create a data record in HubSpot. The data you send us, in particular your business organisational information: name, company name, address, email address and telephone number, is stored in HubSpot. Data is deleted according to point 4.5.
Further information about data privacy at HubSpot can be found
here.
7.3. Google Analytics / Google Tag Manager / Linkedin Connection
We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics will use cookies to generate information on your use of our website, and this information will be transferred to a Google server in Europe or the USA and stored there. As IP anonymisation is activated on all our webpages, however, Google will truncate your IP address before transferring data within member states of the EU or the EEA. Your full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases.
Google will use this information on behalf of us to evaluate your use of the website, compile reports on website activities and provide us with other services related to the use of this website and the Internet. The IP address transmitted by your browser via Google Analytics will not be merged with other Google data. More information on the handling of user data at Google can be found here.
We will only use Google Analytics if you give us your consent via the consent management in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time. You can adjust your browser settings to generally prevent cookies from being saved in your browser. You can also stop the data generated by cookies on your use of this website (incl. your IP address) from being transferred to Google for processing by downloading and installing the following browser plug-in:
https://tools.google.com/dlpage/gaoptout.
For the purpose of tracking downloads and video starts, we also use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager. For more information on terms of use and privacy, please visit
https://support.google.com/tagmanager/answer/9323295 For B2B purposes only, a google account is connected with the corresponding Linkedin account.
7.4. google fonts
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). We integrated Google Fonts locally, so on our own webserver and not on Google’s servers. Hence, there is no connection to Google’s servers and consequently no data transfer or retention. Google Fonts was previously called Google Web Fonts. It is an interactive list with over 800 fonts which Google LLC offer for free use. With the use of Google Fonts, it is possible to utilise fonts without uploading them to your own server. For that matter, in order to prevent any transfer of information to Google’s servers, we downloaded the fonts to our own server. This way we comply with the data privacy and do not transmit any data to Google Fonts. Unlike other web fonts, Google offers us unrestricted access to all its fonts. Thus, we have a vast sea of font types at our disposal, which helps us to get the most out of our website. You can find out more answers and information on Google Fonts at
https://developers.google.com/fonts/faq?tid=111621967.
7.5. google cloud cdn
We use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google offers a globally distributed content delivery network. This technically routes the transfer of information between your browser and our website via Google's network. This allows us to increase the worldwide accessibility and performance of our website. The use of Google Cloud CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 (1) (f) GDPR). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found
here.
You can find more information about Google Cloud CDN here:
https://cloud.google.com/cdn/docs/overview.
8. Online presence in social networks
We operate our own social media pages together with the provider of the respective social media platform. The provider of the respective social media platform is solely responsible for the processing of personal data on the social media platform itself on which we operate our social media pages. Further information can be found in their privacy policies. The social media platforms provide us with anonymous usage statistics (so-called page insights data) of our social media pages based on the actions and interactions of our followers. We have no influence or access to the creation and processing of these usage statistics and the underlying data; it is carried out under the sole responsibility of the provider of the respective social media platform and without us being able to view personal data of individual followers or users. We use these anonymous usage statistics to display targeted interest-based advertisements on the social media platforms we use or to highlight our posts. The display of interest-based advertisements or the highlighting of posts on the social media platforms we use is carried out on the basis of an analysis of the user's prior usage behaviour by the respective social media platform without us being able to view personal data of individual users or merge it with any personal data we may process or obtain knowledge of the identity of the users to whom interest-based advertisements are displayed. This data processing is based on our legitimate interests. If, in the context of interest-based advertising, we exceptionally carry out a so-called extended comparison with customer lists to be uploaded by us to the respective social media platform, this would only be done on the basis of consent granted by you for this purpose.
When you visit a Revalu social media site, we process your actions and interactions with our social media site (e.g. the content of your messages, enquiries, posts or comments that you send to us or leave on our social media sites or when you like or share our posts) as well as your publicly viewable profile data/ business profile data (e.g. your name and profile picture). Which personal data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in your settings on the social media platform in each case. Please generally take care not to transmit or share sensitive data or confidential information (e.g. application documents, bank or payment data) via social media platforms; we recommend that you use a more secure means of transmission (e.g. letter post, e-mail). We operate our social media sites and process the aforementioned data for the purpose of providing information about us and communicating with our followers and interested parties. This data processing is carried out on the basis of our legitimate interests and, where applicable, in order to respond to your messages, enquiries, contributions or comments that you send to us (Art. 6 (1) (b) GDPR). We check whether comments or other interactions on our social media pages violate applicable law or the respective community guidelines and delete such comments if necessary. In the event that such comments occur frequently, we may process the user names involved for internal coordination purposes. We base this processing on our legitimate interest in providing a reputable online presence and meeting legal requirements.
We will process your personal data for as long as is necessary for the aforementioned purposes. In the event of an objection to processing based on our legitimate interests, we will delete personal data unless its further processing is permitted under the relevant legal provisions. We also delete personal data if we are obliged to do so for other legal reasons. Applying these general principles, we generally delete personal data immediately after the legal basis ceases to exist, if it is no longer required for the stated purposes or if the stated purposes cease to exist and if there is no other legal basis (e.g. retention periods under commercial and tax law), otherwise after the other legal basis ceases to exist.
8.3. privacy information for applicants
Any data and documents that you provide as part of your application will be processed according to our privacy policy for applicants which can be found
here.
9. data security
Revalu is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to protect your personal information from unauthorized access, use, or disclosure.
10. your rights
If you would like to exercise your rights as a data subject under GDPR, as described below, please refer to the contact details indicated in this privacy policy. If we cannot comply with your request, we will let you know why we reject your request.
• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object and automated individual decision-making
• Right to withdrawal consent
11. Administration for opening customer business user accounts
In the course of opening a business user account we process the following information – in a B2B context:
First Name
Last Name
Location
E-Mail Address
Company Name
Job Title
Password (Hash only)
Photo (if provided).
By clicking
“Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our
Privacy Policy for more information.
