This data privacy information serves to inform you about our handling of your personal data. To make the processing of your data as transparent as possible, we would like to provide you with the following overview of processing operations. In order to guarantee fair processing, this data protection declaration contains general information about our handling of your data as well as information concerning your rights according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) .
We will inform you in detail about
- General Data Processing
- Data processing on our website
The party responsible for data processing is gap intelligence Inc. (here’s ‘we’ or ‘us’).
I.General Data Processing
If you have any questions or feedback concerning this information or wish to contact us to assert your rights, please send your enquiry to
If you want to contact our German branch, please direct your inquiry to
2. Legal basis
The term “personal data” under data protection law refers to all information relating to a specific or identifiable person.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data
- with your consent (Art. 6 sec. 1 letter. a) GDPR),
- for the performance of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 sec. 1 letter b) GDPR),
- for the fulfilment of a legal obligation (Art. 6 sec.1 letter c) GDPR)
- or where the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and fundamental freedoms requiring the protection of personal data prevail (Art. 6 sec. 1 letter f) GDPR).
3. Duration of storage
Unless otherwise stated in the following notices, we shall only store the data for as long as it is necessary to achieve the purpose of the processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations.
4. Categories of recipients of the data
We use processors as part of the processing of your data. Processing operations performed by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and disk destruction. A processor is a natural or legal person, authority, body or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection.
In addition, we may transfer your personal data to bodies such as postal and delivery services, bank, tax advisors/auditors or the tax administration.
If your data is transmitted to other recipients, we will inform you under the respective processing process.
5. Processing in the exercise of your rights in accordance with Articles 15 to 22 GDPR
If you exercise your rights in accordance with Articles 15 to 22 GDPR, we process the personal data transmitted for the purpose of our implementation of these rights and in order to provide proof of this. For the purpose of providing information and preparing it, we will process data stored only for this purpose and for data protection control purposes and will otherwise restrict the processing in accordance with Article 18 GDPR.
These processing operations are based on the legal basis of Art. 6 Sec. 1 letter c) GDPR combination with Art. 15 to 22 GDPR and § 34 Sec. 2 BDSG.
6. Your rights
As a data subject, you have the right to assert your rights against us. In particular, you have the following rights:
- In accordance with Art. 15 GDPR and § 34 of the German Data Protection Act (BDSG), you have the right to request information as to whether and, if so, to what extent we process personal data about you or not.
- You have the right to request us to rectify your data in accordance with Art. 16 GDPR.
- You have the right to request the deletion of your personal data in accordance with Art. 17 GDPR and § 35 of the German Data Protection Act (BDSG).
- You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
- You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller.
- If you have given us separate consent to the processing of data, you can revoke this consent at any time in accordance with Art. 7 sec. 3 GDPR. Such revocation shall not affect the legality of the processing, which has been carried out until the revocation on the basis of consent.
- If you believe that processing of personal data concerning you violates the provisions of the GDPR, you have the right to complain to a supervisory authority in accordance with Art. 77 GDPR.
7. Right to object
In accordance with Article 21 Sec. 1 GDPR, you have the right to take action against processing operations which are based on the legal basis of Art. 6 Sec. 1 letter e) or (f) GDPR to object for reasons arising from your particular situation. If personal data about you is processed by us for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 sec. 2 and sec. 3 GDPR.
II.Data processing on our website
When you use our website, we collect information that you provide yourself. In addition, certain information about your use of our website is automatically collected during your visit to our website. In data protection law, the IP address is also considered personal data. An IP address is assigned to each Internet-connected device by the Internet provider so that it can send and receive data.
1. Processing server log files
When using our website in a purely informative manner, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). These include by default: browser type/version, operating system used, page accessed, previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code. The processing is carried out in order to safeguard our legitimate interests and is based on the legal basis of Art. 6 sec. 1 letter f) GDPR. This processing is used for the technical management and security of the website. The stored data will be deleted after seven days, unless there is a legitimate suspicion of illegal use on the basis of concrete indications and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as a data subject based on the information stored. Articles 15 to 22 GDPR therefore do not apply in accordance with Art. 11 sec. 2 GDPR, unless you provide additional information enabling your identification in order to exercise your rights as set out in these articles.
2. Data transfer to the USA
Visiting our website may involve the transfer of certain personal data to the United States. For the transfer of data to the USA as a third country, i.e. a country in which the GDPR is not applicable, the European Commission has decided in accordance with Article 45 GDPR that an appropriate level of data protection is required with regard to companies that are certified under the EU-US Privacy Shield. The transfer to the USA is then carried out in a permissible manner. Certified companies are listed by the U.S. Department of Commerce: https://www.privacyshield.gov/list.
3. Contact options and enquiries
Our website contains a contact form through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory fields are required to process your request. Failure to deploy means that we will not be able to address your request. Further data will be provided voluntarily. Alternatively, you can send us a message via the contact e-mail.
We process the data for the purpose of answering your request. If your enquiry as an end customer is directed to the conclusion or execution of a contract with us, our legal basis for data processing is Art. 6 sec. 1 letter b) GDPR. Otherwise, we process the data due to our legitimate interest in contacting requesting persons. The legal basis for data processing is then Art. 6 sec. 1 letter f) GDPR.
We use a chat form from HubSpot, Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141 USA, “Hubspot”) on our website. If you send us inquiries via the chat form, your details from the form, including the contact details you provide there, will be stored in Hubspot’s systems for processing the request and in case of follow-up questions.
We process the data for the purpose of answering your request. If your enquiry as an end customer is directed to the conclusion or execution of a contract with us, Art.6 sec. 1 letter b) GDPR is the legal basis for data processing. Otherwise, we process the data due to our legitimate interest in contacting requesting persons. The legal basis for data processing is then Art. 6 sec. 1 letter f) GDPR.
HubSpot Inc. is certified under the EU-US Privacy Shield.
In order to use certain functions of the website, registration via the website is required. The required information can be seen from the registration form. The provision of information marked as mandatory information is mandatory in order for the registration to be completed.
The data provided will be processed for the purpose of providing the service. The processing is based on the legal basis of Article 6 sec. 1 letter b) GDPR.
a.Registration and deregistration and analysis
We offer the possibility to subscribe to our newsletter on our website. After registration, we will keep you regularly informed about the latest news about our offers. A valid e-mail address is required to register for the newsletter. To verify the email address, you will first receive a sign up email, which you must confirm via a link (Double Opt-In). When you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 sec. 1 letter a) GDPR.
You can revoke your consent at any time with effect for the future, for example via the “Unsubscribe” link in the newsletter or by contacting us via the above-mentioned channels. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
When registering for the newsletter, we also store the IP address as well as the date and time of the registration. The processing of this data is necessary in order to be able to prove a given consent. The legal basis arises from our legal obligation to document your consent (Art. 6 sec. 1 letter c) in combination with Art. 7 sec. 1 GDPR).
We also analyze the reading behavior and opening rates of our newsletter. For this purpose, usage data is collected and processed by us. This analysis is used to optimize our newsletter and is based on your consent. The legal basis for the analysis of our newsletter is Art. 6 sec. 1 letter a) GDPR. You can withdraw your consent at any time by unsubscribing from the newsletter.
We use the MailChimp service of The Rocket Science Group LLC d/b/a MailChimp (USA) to manage subscribers, send the newsletter and analyze it. Your e-mail address will therefore be transmitted by us to MailChimp.
The processing takes place on our behalf and is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR and serves our legitimate interest in optimizing and sending our newsletter economically. If you do not want your data to be processed by MailChimp, you should not sign up for the newsletter or unsubscribe from it.
The Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield.
6. Blog with comment functionality Disqus
On our website we offer a blog in which we publish articles on various topics. You have the opportunity to comment on these posts. We have integrated the Disqus comment system for this purpose. The comment system is an offer of Disqus, Inc. (717 Market St, San Francisco, CA 94103, USA, “Disqus”).
This processing is based on the legal basis of Art. 6 sec. 1 letter f) GDPR. It serves our legitimate interest in a simple integration and the versatile usability of the comment function.
To make a comment using Disqus, you must log in via a Disqus user account. When a comment is made, the e-mail address and the IP address are processed, among other things. For information about data processing by Disqus, see https://help.disqus.com/terms-and-policies/disqus-privacy-policy. Alternatively, you can sign in to Facebook, Twitter and Google Plus via an existing user account. If you log in to the DISQUS function on our website using such a user account, the respective service provider will also collect and process information about your use of the DISQUS functions. For more information, please contact the provider.
Disqus processes data to deliver targeted content and advertising to websites. To prevent this processing, you can place an opt-out cookie on your device under https://disqus.com/data-sharing-settings.
The specified e-mail address, the IP address used when entering a comment, is transmitted to us by Disqus. We process this data exclusively for the purpose of contacting you in connection with your use of Disqus, for example if we have questions about your user comment. This processing is based on the legal basis of Art. 6 sec. 1) letter f) GDPR. It serves our legitimate interest in being able to contact you and to ensure enforcement in the event of an illegal comment.
Disqus is certified under the EU-US Privacy Shield.
Information on how cookies and similar technologies are used by us can be found below under the description of the specific processing activity.
8. Analysis of our website
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the users is truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser will not be merged with other data from Google.
We use the variant Google Universal Analytics. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to context individual user actions and analyze long-term relationships.
The data on user actions is stored for a period of 14 months and then automatically deleted. The deletion of the data whose storage period has expired is automatically deleted once a month.
The setting of cookies and the further processing of personal data described here is done with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 sec. 1 letter a) GDPR. You can prevent the storage of cookies by Google Analytics by setting your browser software accordingly. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout . If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link. Please also note that we document your consent in order to comply with our obligation to provide proof under Art. 7 sec. 1 GDPR. Since we are obliged to do so, this storage is based on the legal basis of Art. 6 sec 1) letter c) GDPR).
When using Google Analytics, we cannot exclude the transmission of the processed data to The US-based Google LLC. Google LLC (USA) is certified under the EU-US Privacy Shield.
The legal basis for data processing is Art. 6 sec. 1 letter f) GDPR.
HubSpot Inc. is certified under the EU-US Privacy Shield.
Jetpack, a tool for statisticalevaluation of visitor access, operated by Automattic Inc. (USA), uses the tracking technology of Quantcast Inc. (USA). WordPress.com-Stats uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is stored on a server in the USA. The IP address is anonymized immediately after processing and before it is stored.
The legal basis for the data processing in connection with the Jetpack service is Art. 6 sec. 1 letter f) GDPR and the processing serves the legitimate interest of the analysis of our website and the possibility of needs-based design.
You can prevent the setting of cookies by setting up your browser software accordingly. You can object to quantcast’s collection and use of the data with effect for the future by setting a so-called opt-out cookie at the address http://www.quantcast.com/opt-out by selecting “Opt Out”. If you delete all cookies on your computer, you will need to set the opt-out cookie again.
Automattic is certified under the EU-US Privacy Shield.
9. Social network plugins
We use buttons on our website for social networks and similar offers of third parties (hereinafter referred to as “plugin”). These plugins allow you to distribute the contents of our website on the respective social network. In order to integrate the plugin into our website, its program code is transmitted directly from the servers of the respective provider when it is called up to our website. For this purpose, a transmission of the used IP address is technically necessary. This transmission takes place regardless of whether you click on the plugin or not. If you are logged into your user account with the social network or interact with the plugin when you visit our website, further data may be transmitted. Further information can be obtained from the respective provider of the plugin. The data processing takes place in order to safeguard our legitimate interests in increasing the awareness and reach of our website and are based on the legal basis of Art. 6 sec. 1 letter f) GDPR.
We have integrated plugins of the following third-party providers into our website:
The plugin of the social network facebook.com Facebook Inc. (USA). For European users, facebook.com is operated by Facebook Ireland Ltd. (Ireland/EU) (“Facebook”). Facebook. Inc. is certified under the EU-US Privacy Shield.
The social network plugin twitter.com Twitter International Company (Ireland/EU). Twitter is certified under the EU-US Privacy Shield.
The social network’s plugin Instagram.com that of Facebook Inc. (USA). For European users, facebook.com is operated by Facebook Ireland Limited (Ireland/EU). Facebook Inc. is certified under the EU-US Privacy Shield.
The social network plugin Linkedin.com linkedIn Ireland Unlimited Company, (Ireland/EU). If data is transferred to the United States, LinkedIn is certified under the Privacy Shield Agreement.
10.Integrated services and content of third parties
We use third-party services, services and content on our website (collectively, “Content”). For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third-party providers. These data processing operations are carried out in order to safeguard our legitimate interests in the optimization and economic operation of our website and are based on the Legal basis of Art. 6 sec. 1 letter f) GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. For example, the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers represents such an extension. Please note that this may result in functional limitations on the website.
We have incorporated content from the following third-party services into our website:
- Services of Google Ireland Limited (Ireland/EU):
- “Google Maps” for displaying maps;
- “Google Web Fonts” for displaying fonts;
- “Google reCAPTCHA” to verify that form entry is made by a natural person.
When using Google services, we cannot exclude the transmission of the processed data to US-based Google LLC (USA). Google LLC is certified under the EU-US Privacy Shield.
- “YouTube” of YouTube LLC (USA) for viewing videos.
- YouTube is certified as a subsidiary of Google under the EU-US Privacy Shield
- “Vimeo” by Vimeo Inc. (USA) for viewing videos.
- Vimeo is certified under the EU_US Privacy Shield.
- “BootstrapCDN”, offered by StakPath LLC (USA) for displaying content. StackPath is certified under the EU-US Privacy Shield.