Data Privacy

Status: Nov. 2024

Thank you for visiting the appairtime.com website of Airtime Software AG (hereinafter also referred to as "Airtime" / "we" / "us"). The protection of your data is very important to us. In the following, we would like to inform you to what extent and for what purposes we collect and process personal data from you via the appairtime.com website (hereinafter referred to as the "platform").

1 General / Definitions
Our data privacy statement is based on the terms used in the General Data Protection Regulation (hereinafter "GDPR"). We use the following terms, among others, in this data privacy statement:

Personally identifiable information is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier, or to one or more distinctive characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person can be identified (cf. Art. 4 No. 1 GDPR).

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion, or destruction (cf. Art. 4 No. 2 GDPR).

The responsible party for processing is the natural person or legal entity, authority, institution, or other body that, alone or jointly with others, decides on the purposes and means of processing personal data (cf. Art. 4 No. 3, clause 1 GDPR ).

A processor is a natural person or legal entity, authority, institution, or other body that processes personal data on behalf of the responsible party (cf. Art. 4 No. 8 GDPR).

A third party is a natural person or legal entity, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data (cf. Art 4 No. 10 GDPR).

2 Responsibility / Contact
The responsible authority for the collection, processing, and use of personal data within the meaning of the GDPR is:

Airtime Software AG
Schauenburgerstrasse 10
20095 Hamburg
Germany

Phone: +49 40 573 093 730
E-mail: info@airtime-software.com
Internet: www.airtime-software.com

Accordingly, with this data privacy statement, we comply with our information obligations regarding the type, scope, and purposes of the processing of personal data as laid out in Art. 12 - 14 GDPR.

If you would like to view and/or update your personal data or have any questions about data privacy on our platform, please contact us at any time via our email address, office@airtime-software.com or by mail at the address above.

3 Data processing when visiting our platform
The scope and type of collection, processing, and use of your personal data differ depending on whether you are interested in or register for an event via our platform in your personal customer area, make a research request, or use your personal customer area on our platform purely for information. With regard to the data processing processes described below, you can assert your rights as a data subject at any time (see section 6).

3.1 Collection of data with your participation

3.1.1 Interest in or participation in an event
If you are interested in or would like to participate in a local or virtual event via our personal customer area, we will process your personal data in this context. Depending on the selected event, this includes, in particular, your master data stored when you registered for the customer account. If you are not registered on our platform and register for an event, the processing of the following personal data is required:

  • First name and surname
  • E-mail address
  • Position

This personal data is processed exclusively for the purpose of organizing and conducting the respective event (legal basis: Art. 6 Para. 1 (b) GDPR) and for the provision of your information to the issuers also after the event (see section 3.1.2.1).

Further information on processing your personal data provided during the registration process can also be found at: https://airtime-software.com/privacy/.

The data concerning you will be deleted if it is no longer required for the respective purpose or if you have objected to the data processing (Art. 21 GDPR), and we are not legally obliged or entitled to store your personal data.

3.1.2 Organisation and implementation of an event
As part of the organization and implementation of an event, it is necessary for us to share your personal data as a registered participant of this event with third parties.

3.1.2.1 Transmission of information to issuers
As hosts of the platform and event organizer, we will also share your personal data with issuers. Issuers are contractually obliged to treat the information they receive confidentially and to use it only within the scope of the contractual purpose, i.e. within the scope of using the platform and to conduct the events commissioned by the issuer. At the same time, you will receive all the information provided by the issuer about the issuer and the event they have commissioned.

We share the following personal data with issuers:

If you register via our platform as a participant in an issuer's event and/or access research publications from an issuer, the personal data that you have stored in your profile (e.g. profile photo, first and last name, company, position, email address, telephone number, and information about the event you participated in) is also shared via the platform with the respective issuer of the event or the issuer of the research publication. In the form of histories, the issuer also receives information about which other events of the issuer you have already taken part in or which research publications of the issuer you have accessed. If you register for an event without being registered on our platform, only the personal data you provide (see section 3.1.1.) will be shared with the issuer, and after the event has taken place, histories are also made available for the issuer.

The disclosure of your personal data in the context of preparing and implementing events and providing our platform services is therefore carried out to provide the contractual service (Art. 6 Para. 1 (b) GDPR). After the event, your personal data will be stored and made available on the basis of our legitimate interest (legal basis: Art. 6 Para. 1 (f) GDPR) in being able to offer the issuer and you a comprehensive service. This also includes the presentation of the events that have taken place and the storage of the participant lists. The respective issuer thus has the opportunity to contact you as a participant again at a later point in time. If you do not want your personal data to be stored on the platform after the event has taken place, you can object to the processing at any time, e.g. by sending an email to office@airtime-software.com (Art. 21 GDPR).

3.1.2.2 Service providers for the implementation of events
In addition, it may be necessary for us to disclose your personal data and company data to service providers (e.g. operators of the location for local events, service providers for the implementation of a virtual event, etc.) who help organize the event in which you would like to participate.

The disclosure of the data to the respective service provider is necessary for the provision of the contractual service and is only carried out to the extent necessary for this purpose. The legal basis for the disclosure of data is Art. 6 Para. 1 (b) GDPR.

3.1.2.3 Service providers for the implementation of virtual events
We use the "Zoom" video conferencing system from Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA ("Zoom") to hold virtual events. The video conference system is embedded directly on our platform via iFrames, among other things. Alternatively, you can use a link on our platform. In this case, you will be forwarded to the Zoom platform, which is directly responsible for processing your data.

Various types of data are processed when using Zoom. The scope of the data also depends on what information you provide before or when participating in virtual events.

The following personal data may be the subject of processing by Zoom when used:

  • User information: first name, last name, telephone (optional), email address, password, profile data such as user name (optional)
  • Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
  • for recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat
  • when dialling in by telephone: details of the incoming and outgoing number, country name, start and end time; If necessary, further connection data such as the IP address of the device can be stored.
  • Text, audio and video data: You may have the opportunity to use chat, question, or poll functions during a virtual event. In this context, the text you enter will be processed to display in the virtual event and logged if necessary. To enable the display of video and the playback of audio, the data from your end device's microphone and any video camera on the end device are processed accordingly for the duration of the event. You can switch off or mute the camera or microphone anytime via the "Zoom" application.

To participate in a virtual event via Zoom, you must regularly provide at least your name. You may need to create a user account with the respective provider. In this case, the provider regularly uses the customer data for their own purposes.

If we want to record virtual events, we inform you transparently in advance and – if required – ask for your consent (legal basis Art. 6 Para. 1 (a) GDPR). The fact that the virtual event is recorded will also be displayed to you during the event. The recorded virtual event is then made available to the issuer for use and publication on the platform.

In the case of virtual events, we can also process the questions asked by participants for the purpose of recording and following up on this event.

The legal basis for data processing when holding virtual events is Art. 6 Para. 1 (b) GDPR, insofar as the events are held within the framework of contractual relationships.

Since Zoom is a provider from the USA, your personal data is regularly processed in a third country. For this reason, we have concluded an order processing contract with Zoom that meets the requirements of Art. 28 GDPR and ensures a data protection level corresponding to the EU standard contractual clauses (Art. 46 Para. 2 (c) GDPR). According to this contract, Zoom has committed itself to comply with European data protection regulations and guarantees an appropriate level of data protection.

The communication-related metadata will be deleted as soon as the storage is no longer required to provide or maintain the service.

Further information on the purpose and scope of data collection and its processing by Zoom can be found in Zoom's data privacy statement at: https://zoom.us/de-de/privacy.html.

3.1.3 Contact initiation on the part of Airtime after your registration
If you participated in an event and provided your email address, we can also use it to send emails to obtain feedback or to extend invitations to future events. The legal basis for sending these emails is Art. 7 Para. 3 Unfair Competition Act (UC) and Art. 6 Para. 1 (f) GDPR. In this case, you can unsubscribe from the distribution list for these emails at any time (Art. 21 GDPR). To do this, either click the unsubscribe link in the respective email or send us an email to office@airtime-software.com.

3.2 Collection of information without your participation
We collect and use personal data generated automatically by your visit to our platform for the technical provision of our platform. When using our platform and logging into the personal customer area, our server temporarily lists the following personal data in so-called log files:

  • IP address assigned by the provider
  • File request from the client (file name and URL)
  • http status code
  • the website from which you are visiting us.

This data is technically necessary for the functioning and operation of our platform. In addition, the short-term storage of log files is useful to subsequently track attempts to attack the web server or any misuse. Our legitimate interest in this data processing is, therefore, the provision of our offer to you on the basis of these circumstances (legal basis: Art. 6 Para. 1 (f) GDPR). The data will be deleted when it is no longer required for this.

In addition, we use so-called "cookies" in several places on our platform, which serve to make our offer more user-friendly and effective. Cookies are small text files our platform places on your computer or other internet-enabled devices, such as tablets or smartphones, provided your browser settings accept cookies.

Cookies do not damage your computer and do not contain viruses. Most of the cookies used on the platform are so-called session cookies, which are automatically deleted once you close your browser. They create a so-called session ID for your browser, with which various requests from your browser can be assigned to a session so that you are recognized when you return to our platform with the browser. The session cookies are deleted when you close the browser. You can set your browser so that these cookies are not saved in the first place or that the cookies are deleted at the end of your internet session. Please note, however, that in this case, you may not be able to use all the functions of our platform.

You can object to the future processing of your data using cookies at any time (Art. 21 GDPR). Please note, however, that you may no longer be able to use all the functionalities of our platform.

4 Sharing data with processors
We must share some data with third parties in strict compliance with applicable data protection laws.

4.1 For content-technical support and design of our online presence
For the content and technical support of our platform, external service providers must have access to personal data (in particular, IT service providers).

In this case, your personal data will be handled exclusively in accordance with our express instructions and on the basis of an agreement on order processing in accordance with Art. 28 GDPR. With this agreement, the service provider guarantees that the service provision is in accordance with applicable data protection laws. The involvement of professional providers of corresponding services is expressly provided for by law and serves our legitimate interest in professionalizing our offer for you and being able to offer it in an economically sensible way (legal basis: Art. 6 Para. 1 (f) GDPR). In this case, too, we remain responsible for the protection of your data.

In this context, we disclose your data to the following service providers:

  • To provide our management platform
    bestbytes GmbH, Pienzenauerstraße 10, 81679 Munich, Germany
    Further information about bestbytes GmbH can be found here:
    https://www.bestbytes.com
  • For authentication and registration on the platform:
    Hanko GmbH, Ringstr. 19, 24114 Kiel, Germany
    Further information to Hanko GmbH can be found here:
    https://www.hanko.io/privacy
  • To secure our platform:
    Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107 USA
    Further information to Cloudflare Inc. can be found here:
    https://www.cloudflare.com/privacypolicy/
  • For emails and newsletters distribution:
    Mailjet GmbH, Alt Moabit 2, 10557, Berlin, Germany
    Further information to Mailjet GmbH can be found here:
    https://www.mailjet.com/de/rechtliches/datenschutzerklaerung
  • For hosting our platform:
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    You can find more information on data protection at Google Cloud Limited here: https://cloud.google.com/terms/cloud-privacy-notice?hl=de

Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Art. 6 Para. 1 (f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.

Usage and user-related information, such as IP address, location, time, or frequency of visits to our website, is transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymization function. With this function, Google already shortens the IP address within the EU or the EEA.

The data collected this way is, in turn, used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the Internet.

Google states that it does not associate your IP address with other data. In addition, Google has further data protection information available for you at https://www.google.com/intl/de/policies/privacy/partners , for example, on the possibilities of preventing the use of data.

In addition, Google offers a so-called deactivation add-on at https://tools.google.com/dlpage/gaoptout?hl=de along with further information on this. This add-on can be installed with the most common Internet browsers and offers further control over the data that Google collects when you visit our website. The add-on informs the Google Analytics JavaScript (ga.js) that information about the visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or other web analysis services. You can, of course, also find out whether and which other web analysis services we use in this data privacy statement.

4.2 Disclosure due to legal obligation
We also reserve the right to disclose your personal data if we are demonstrably legally obliged to do so or if the authorities or law enforcement agencies require us to release it in a legally compliant manner.

5 Place of data processing and data security
The processing of your data takes place mainly in Germany. Your data will only be transferred to a country outside the European Union or the European Economic Area if there is an appropriate level of protection within the meaning of Art. 45 GDPR et seq. or if there are suitable guarantees within the meaning of Art. 46 Para. 2 GDPR. Data collected on our site may be forwarded to the United States (e.g. Citrix Systems Inc.) on this basis. To protect your data from unauthorized access and misuse, we have taken extensive, state-of-the-art technical and organizational security precautions in accordance with European data protection law (Art. 32 GDPR).

6 Data subject rights
You can contact us by email (office@airtime-software.com) anytime to exercise the following rights.

Right to information: You can request information about the scope, origin, and recipient of the stored data and the purpose of storage at any time, free of charge (Art. 15 GDPR). If you wish to exercise your right to information, you can contact a Airtime employee anytime.

Right to data portability: You can receive the personal data that you have provided to us in a structured, common, and machine-readable format (Art. 20 GDPR), provided that (1) the processing is based on consent in accordance with Art. 6 Para. 1 (a) GDPR or Art. 9 Para. 2 (a) GDPR or on a contract under Art. 6 Para. 1 (b) GDPR and (2) the processing is conducted using automated procedures.

Right to rectification: Every person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them (Art. 16 GDPR). Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data.

Right to delete (right to be forgotten): Every person affected by the processing of personal data has the right to demand that the person responsible delete the personal data concerning them immediately if one of the following reasons applies and if the processing is not necessary (Art. 17 GDPR): (1) The personal data was collected or otherwise processed for purposes for which they are no longer necessary. (2) The data subject revokes their consent on which the processing was based, and there is no other legal basis for the processing. (3) The data subject objects to the processing, and there are no overriding legitimate grounds for the processing. (4) The personal data was processed unlawfully. (5) The deletion of personal data is necessary to fulfil a legal obligation.

Right to objection: Any person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning them (Art. 21 GDPR).

We no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims. If we process personal data to operate direct advertising, the person concerned has the right to object to the processing of personal data for the purpose of such advertising at any time.

Right to revoke consent under data protection law: Any person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time (Art. 7 Para. 3 GDPR).

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state where you live, work, or where the alleged infringement took place if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).

When asserting your claims against us, we will examine this claim and comply with it if there is no other legal basis for further processing. We will inform you about the result.

As a rule, compliance with a certain form is not required to assert your rights as a data subject; write to us, for example, by email at office@airtime-software.com.

7 Updating and changes
We may change or update parts of the data privacy statement without informing you in advance. Please review the data privacy statement in each case before using our offer to be up to date with possible changes or updates.