Last update: January 21th, 2020
Your privacy is very important to us. Warhol offers a variety of collaborative tools, including our web app and browser extensions, and operates a number of websites and offers related services, like support. We refer to all of these products, together with our other services and websites as “services” in this policy. We comply with GDPR and all German laws. This privacy statement provides all information about how and why we collect, use, share, store and delete your data. Furthermore, it informs you about your rights regarding your data.
1. Controller of Personal Information
The controller in compliance with the General Data Protection Regulation is:
Hans-Christian Reinl Internetdienstleistungen
2. Categories of data, purpose, and lawfulness of data processing
We collect and process personal information while we operate our business as described below:
- Account information
- Organization information
- Service, support and performance records
- Device and connection information
We consider confidentiality, integrity, availability and resilience when working with your data.
We process your personal information to provide the services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the services. We process this data lawful based on Article 6 (1) a, b, and f GDPR.
We collect and store data that you post, send, receive and share in Warhol's services. This content includes:
- any information about yourself that you may choose to include
- information regarding a problem you are experiencing with a service, when you submit it to our customer support or through one of the feedback forms
- payment and billing information when you register for paid services
We process all data lawful based on Article 6 (1) a and b GDPR. Your consent is revocable at any time. We use your data for contractual purposes managing and operating our business.
We collect information about the devices you use to access the services. Your browser transmits personal data, such as IP address, date and time of the request, GMT time zone difference, request content (concrete page), access status / HTTP status code, amount of data transferred, requesting URL, browser, operating system and interface, language and version the browser software, during your visit on our services. This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the services has a legitimate interest in the error free operation and the optimization of the operator’s services. In order to achieve this, server log files with the above data must be recorded.
2.1. Other Users
Other users of our services may provide information about you when they submit content through the services. We receive your email address from other service users when they provide it in order to invite you to the services. Similarly, an organization owner may provide your contact information when they invite you as a organization member.
2.2. Browser Extensions
The browser extensions collects and temporarily store test results on user's computer. If the user has enabled the "Telemetry" option in the extension's options page, test results will be sent to our other services. The test results contain a SHA1 hash the URL of the web page that the results are for. This information is only collected when you actively use the browser extension with an activated pattern library and enable the "Telemetry" option. The information is used for statistical analysis and for debuggig errors in the extension.
2.3. Automated Services
Warhol's automated services that collect pattern library data and perform automated tests do not collect or store any personal information. The automated services do not take any screenshots or collect any content data, but rather pure style information like colors, font sizes and the like.
3. Data transmission to non-EU countries / automated individual decision-making
You are not subject to automated individual decision-making, including profiling. We neither transfer your data to non-EU countries non international organizations unless required for the purpose of providing you with the services.
3.1. Google Analytics
We use hosting service provider Heruko to run most our services and store almost all the information we collect. The provider is salesforce.com, inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Salesforce.com is certified licensee of the TRUSTe Privacy Seal and has certified certain services under the rules of the EU-US Privacy Shield.
Most of our data stored by Heroku and is therefore usually transferred to and stored on a server in the United States. We use technical measures to secure your data. We process this data lawful based on Article 6 (1) a, b, and f GDPR.
If you do not want to permit transferring data to Heroku, you can not use any of our services except for the website at https://warhol.io.
We use cloud application platform ZEIT, Inc to host our website athttps://warhol.io. The provider is ZEIT, Inc 1046 Kearny Street, San Francisco, CA 94133, USA. ZEIT complies with the EU-US and Swiss-US Privacy Shield framework.
Our website is hosted by ZEIT and almost all of its content is served from a server in the United States. When requesting a web page, your browser transmits personal data, such as IP address, date and time of the request, GMT time zone difference, request content (concrete page), access status, HTTP status code, amount of data transferred, requesting URL, browser, operating system and interface, language and version the browser software. This is in accordance with Article 6 GDPR. If you do not want to permit the transfer of this data to ZEIT, you can not use our website.
We use SendGrid for transactional emails in the app. The provider is Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. SendGrid complies with the EU-US and Swiss-US Privacy Shield framework.
To send transactional emails, we may share your email adress with SendGrid when you register an account or use other account-related functionality (eg. request a new password). The data is processed based on your consent and is required to provide services to you (Article 6 GDPR). You may revoke any consent you have given at any time by informing us that you want your account with us to be deleted.
We use the services of Sentry to get notified about errors in our Services. The provider is Functional Software, inc., 132 Hawthorne St, San Francisco, CA 94107, USA. Senry is EU-U.S. Privacy Shield Certified and providesa form for GDPR requests.
When an error occurs in one of our web app or browser extension, Sentry reports the error by sending data about the the error to their servers and by notifying us about the error. Sentry captures a technical data about the user that the error happend to, in order to enable us to diagnose the problem. This data includes the user's IP address, date and time of the request, the requesting URL, browser, operating system and interface, language and version the browser software. This data is needed by us to identify causes of errors in our services. You can opt out of Sentry in the browser extension by deactivating the "Telemetry" option on the options page.
We use the services of MailChimp to send out our newsletters. The provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Among other things, MailChimp is a service that can be deployed to organize and analyze the sending of newsletters. Whenever you enter data for the purpose of subscribing to a newsletter (e.g. your email address), the information is stored on MailChimp servers in the United States. MailChimp is in possession of a certification that is in compliance with the EU-US Privacy Shield. The Privacy Shield is a compact between the European Union (EU) and the United States of America (USA) that aims to warrant the compliance with European data protection standards in the United States.
With the assistance of the MailChimp tool, we can analyze the performance of our newsletter campaigns. If you open an e-mail that has been sent through the MailChimp tool, a file that has been integrated into the email (a so-called web beacon) connects to MailChimp’s servers in the United States. As a result, it can be determined whether a newsletter message has been opened and which links the recipient possibly clicked on. Technical information is also recorded at that time (e.g. the time of access, the IP address, type of browser and operating system). This information cannot be allocated to the respective newsletter recipient. Their sole purpose is the performance of statistical analyzes of newsletter campaigns. The results of such analyzes can be used to tailor future newsletters to the interests of their recipients more effectively.
If you do not want to permit an analysis by MailChimp, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
The data you archive with us for the purpose of the newsletter subscription shall be archived by us until you unsubscribe from the newsletter. Once you cancel your subscription to the newsletter, the data shall be deleted from our servers as well as those of MailChimp. This shall not affect data we have been archiving for other purposes.
For more details, please consult the Data Privacy Policies of MailChimp at: https://mailchimp.com/legal/terms/.
4. Retention period
We retain your account information until you delete or request the removal of your account (excluding financial records, which have to be kept for 10 under german law).
If you provide us with your data by using our contact form, we will store your data until we have answered your request. If you provide us with your data by using our contact form, we will store your data until we have answered your request. Any data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.
If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the services.
Any data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.
If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.
5. Your rights
You have the following rights related to your data:
- You have the right to obtain information whether or not your data is processed, and, where that is the case, access to the personal data and information in compliance with Article 15 GDPR.
- You have the right to obtain from us the rectification of your inaccurate data without undue delay in compliance with Article 16 GDPR.
- You have the right to obtain the erasure of your data from us without undue delay if one of the reasons listed in Article 17 GDPR applies. (e.g. the processing of your is no longer necessary)
- You have the right to obtain the restriction of processing from us where one of the reasons listed in Article 18 GDPR applies. (e.g. during the time we decide if your legitimate reasons to object processing surpass our legitimate reasons to process)
- You have the right to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to a different controller without hindrance from us. Prerequisite is, that we process your data either based on consent (Article 6 (1) (a) or Article 9 (2) (a) GDPR) or based on a contract (Article 6 (1) (b) GDPR) and the processing is carried out by automated means.
- You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Please tell us your exact reasons why we should stop processing your data. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. We will no longer process your data for direct marketing purposes when you object to processing.
- Right to withdraw your declaration of consent You have the right to withdraw your consent at any time. Your withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal and is valid for future processing only.
- If you believe that processing your data violates data protection laws, you have the right to file a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to complain in the Member State of your habitual residence, place of work or place of the alleged infringement.
You can assert your rights personally, in written form as follows:
Hans-Christian Reinl Internetdienstleistungen
Please note that we will only provide you with information if you identify yourself.