This privacy policy applies to data processing by Jetcare UG (haftungsbeschränkt) ("elevaid", "controller", "we" or "us").
When you use our website or our services, personal data is collected and processed in compliance with the applicable data protection regulations. Personal data is any information relating to an identified or identifiable natural person, e.g. name, address, e-mail address. When processing your personal data, we observe the applicable data protection laws, in particular the European Data Protection Regulation ("GDPR") and its implementation into the German Federal Data Protection Act ("DSGVO").
With this privacy policy, we would like to inform you about which personal data we process, for what purposes and on what legal basis.
We take the protection of your personal data very seriously. We will only process your data for the purposes clearly set out in this privacy policy. If we process data for other purposes and/or pass your data on to third parties for other purposes, we will only do so with your express consent.
1 Name and Contact Details of the Data Protection Officer
The responsible party for data processing within the meaning of Art. 4 No. 7 GDPR is Jetcare UG (haftungsbeschränkt), Krumpeterweg 36a, 24558 Henstedt-Ulzburg in Germany, e-mail: info@elevaid.us. We have appointed an internal data protection officer. The contact details of our data protection officer are as follows:
e-mail: privacy@elevaid.us.
2 Collection and Storage of Personal Data, Type and Purpose of your Processing, as well as relevant Legal Basis and Storage Period
2.1 Use of our Website
When you use our website, we automatically collect and store data that your browser transmits to our server (so-called server log files), whereby logging only takes place to the extent that is technically necessary. The following information is collected:
- Operating system and information on the Internet-browser used, including installed add-ons;
- IP address (internet protocol address) of the end device from which the online offer is accessed;
- Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);
- Name of the service provider through which the online offer is accessed;
- Name of the retrieved files or information;
- Date and time and duration of the retrieval.
The legal basis for the collection of this data is Art. 6 (1) lit. f) GDPR. Our legitimate interest in collecting this data follows from the following purposes:
- Ensuring optimal use of our website,
- Ensure smooth connection establishment,
- Evaluation of system security and stability.
2.2 Use of elevaid Services, Purchase of Climate Contributions
Personal data is collected via our website when you provide it to us, e.g. when registering for a elevaid customer account, by filling out (contact) forms, by sending e-mails or by purchasing Climate Contributions. We use this data for the purposes stated or resulting from the request, for example to process a support request or a purchase of Climate Contributions.
To complete the purchase of a Climate Contribution, you must provide the following personal data on our check-out page, which we collect and subsequently process:
- E-mail address
- First name and surname
- Address
- Payment or credit card data
We process this data in order to fulfill the purchase contract concluded with you. This includes in particular the possibility to send you a confirmation of your purchases to the e-mail address you have provided or to ensure the function of a customer account. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR.
2.3 Data Processing when contacting us
If you contact us by e-mail, we will process the information you provide for the purpose of processing the enquiry and for possible follow-up questions. This processing is based on our legitimate interest in being able to answer customer enquiries (Art. 6 (1) lit.f GDPR). For customer support, we use the system "Calendly", from the provider Calendly, LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA, in order to be able to process user enquiries more quickly and efficiently (legitimate interest pursuant to Art. 6 (1) lit. f GDPR). We have concluded a processor contract with Calendly in accordance with Art. 28 GDPR. Calendly may store your personal data in a third country (see chapter 5 of this document). To use Calendly, you must at least provide a correct email address. A pseudonymous use is possible. However, in the course of processing contact requests, it may benecessary to collect further data such as name and address.
2.4 Storage Period
We will delete the data collected and stored in connection with the creation of your elevaid customer account at the latest when you delete your account. However, premature deletion of your personal data is not possible if and to the extent that your data is still required to process a purchase contract. Irrespective of this, we store your data processed during the purchase of our products until the expiry of the statutory or possible contractual warranty rights. After expiry of this period, we retain the information on the contractual relationship required under commercial and tax law for the periods specified by law. For this period, the data will be processed again solely in the event of an audit by the tax authorities. We retain email communications with you for 12 months, unless statutory retention periods apply. In this case, we keep the email communication for 6 or 10 years, depending on the legal regulation. The law requires payment data to be stored for 10 years.
3 Website Hosting and Optimization
3.1 Hosting via Webflow
We host our website using Webflow. The service provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our website, Webflow collects various log files including your IP address. Webflow is a tool for creating and hosting websites.Webflow stores cookies or other recognition technologies that are necessary for the display of the page, to provide certain website functions and to ensure security (necessary cookies). In this respect, the use of Webflow is based on Art. 6 para. 1 lit. f) GDPR, as we have a legitimate interest in the most reliable presentation of our website. We have concluded a contract with Webflow for commissioned data processing in accordance with Art. 28 GDPR.
Details can be found in the privacy policy of Webflow at https://webflow.com/legal/eu-privacy-policy.
3.2 Cookies
On our website, we use cookies that are temporarily stored in the main memory ("session cookie") or permanently stored on the hard disk ("permanent cookie"). Cookies are small textfiles that are automatically created by the browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website.
These files allow us to design the website more efficiently. Most of the cookies we use are session cookies, which are only stored in the RAM, but not on your hard drive, and which expire when you close your internet browser and are therefore automatically deleted. Session cookies enable us to recognize that you have already visited individual pages of our website or that you have already logged into your account. We automatically receive certain data, such as IP address, browser used, operating system about your computer and your connection to the internet.
Cookies cannot be used to launch programs or transfer viruses to a computer. The information contained in cookies allows us to facilitate your navigation and enable the correct display of our website. Under no circumstances will the data we process be passed on to third parties or linked to other personal data without your consent. Of course, you can also view our website without cookies. Internet browsers are regularly set to automatically accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how to change these settings. Please note that some features of our website may not work if you have disabled the use of cookies. You can also control and/or delete cookies as you wish. You can find out howhere: www.aboutcookies.org.
Since the activation of cookies is necessary for the proper functioning of our website, we have a legitimate interest in your use. The legal basis for the associated data processing is therefore Art. 6 (1) lit. f) GDPR.
If we use cookies for other purposes (e.g.for analysis or marketing purposes), we will inform you separately in this privacy policy.
3.3 Google Fonts
In order to make the font of our website available on your terminal device, we use the Google Fonts service. Google Fonts requires your IP address for this purpose. We use this service on the basis of a legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in order to offer you a better website experience. The IP address is transmitted to the tool operator so that the service can be provided correctly on your device. Google only stores this data temporarily and uses it exclusively for the correct display of the fonts on your device.
3.4 Analysis- and Marketing Cookies
3.4.1 Piwik Pro
Our website uses the analysis tool Piwik Pro. Piwik PRO group, that includes Piwik PRO SA (ul. Św. Antoniego 2/4, 50-073 Wrocław, Poland) and Piwik PRO GmbH (Kurfürstendamm 21, 10719 Berlin, Germany), is the data controller for such service. We use Piwik Pro to collect aggregated, anonymized data. This data helps us understand how customers use our website and identify opportunities for improvement. In addition, the data performs important functions, such as detecting errors and fraudulent use, and provides operational data. We use this information to improve the quality, effectiveness and performance of our website so that you can get the most out of it. We use this service on the basis of a legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in order to offer you a better website experience. You can find Piwik Pros's data guidelines at: https://piwik.pro/privacy-policy/.
3.4.2 Plausible Analytics
Our website uses the analysis tool Plausible Analytics. Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, is the data controller for such service. We use Plausible Analytics to collect aggregated, anonymized data. This data helps us understand how customers use our website and identify opportunities for improvement. In addition, the data performs important functions, such as detecting errors and fraudulent use, and provides operational data. We use this information to improve the quality, effectiveness and performance of our website so that you can get the most out of it. We use this service on the basis of a legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in order to offer you a better website experience. You can find Plausible Analytics' data guidelines at: https://plausible.io/data-policy.
4 Marketing Communication and Newsletter
If you give us your express consent, we will send you information about our services and offers by e-mail. For this purpose, we process your name and email address. You may revoke your consent at any time. You can send your objection to receiving product and advertising mails or revoke your consent to our newsletter by e-mail to: privacy@elevaid.com or by post to:
Jetcare UG (haftungsbeschränkt)
Krumpeterweg 36a
24558 Henstedt-Ulzburg
Germany
5 Transfer of Personal Data to Third Parties
Data will only be transferred to third parties if there is an explicit legal basis for this or if you have consented to the transfer. In addition to the service providers mentioned above under clauses 3-5, we have involved processors for the following processing activities in accordance with Art. 28 GDPR:
- Email services,
- Hosting services
These service providers process your personal data on our behalf, in accordance with our instructions and under our supervision, solely for the purposes set out in this privacy policy.
6 Data Transfer to Third Countries
In the course of our business relationships, your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. This concerns the use of the following services:
- Google: Google Fonts is a service of companies of the Google LLC group, 1600 Amphitheatre Parkway, Mountain View, CA94043, USA
- Webflow: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103,USA
- Calendly: Calendly, LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA
In the context of the transfer of personal data to a third country, we will regularly ensure through appropriate safeguards, for example by concluding the European Commission's standard contractual clauses, that a transfer of data to a third country only takes place on the basis of a level of protection that complies with the GDPR. Insofar as data is transferred to a third country, in particular the USA, for which there is no Commission adequacy decision, this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) of the GDPR in conjunction with appropriate technical and organizational measures to protect your data.
A copy of the standard contractual clauses or further information on the standard contractual clauses used can be downloaded from the respective websites of the service providers we use:
- Google: https://privacy.google.com/businesses/processorterms/mccs/
- Webflow: https://webflow.com/legal/dpa
- Calendly: https://calendly.com/dpa
7 Data Security
All personal data transmitted by you is transferred using the secure and proven SSL (Secure Socket Layer) standard, which is also used for online banking, for example. We also use appropriate technical and organizational security measures to protect stored personal data against manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
8 Your Rights
In relation to our processing of your personal data, you have the following rights free of charge:
8.1 Right to Information pursuant to Art. 15 GDPR
You have the right to request information from us at any time about the data we hold about you, as well as its origin, recipients or categories of recipients to whom this data is disclosed, and the nature and purpose of the processing. In addition, we can provide you with acopy of this data.
8.2 Right of Withdrawal according to Art. 7 GDPR
If you have given your consent to the use of data, you can revoke this at any time without giving reasons with effect for the future.
8.3 Right of Rectification pursuant to Art. 16 GDPR
If your data stored with us is incorrect or incomplete, you can correct or complete it at any time in your customer account or have it corrected or completed by us. If required by law, we will also inform third parties about this correction if we have passed on your personal data to them.
8.4 Right of Deletion and Blocking according to Art. 17 GDPR
Under certain circumstances, you have the right to block or delete your personal data stored by us if one of the following cases applies:
- your data is no longer necessary for the purposes for which it was collected or otherwise processed or the purpose has been achieved;
- you revoke your consent and there is no other legal basis for the processing;
- you object to the processing and there are no overriding legitimate grounds for processing; in the case of the use of personal data for direct marketing, amere objection by you to the processing is sufficient;
- your personal data have been processed unlawfully;
- the deletion of your personal data is necessary for compliance with a legal obligation under European Union law or the law of a Member State to which we are subject.
The deletion or blocking of your personal data will take place as soon as we have checked the conditions for the legitimacy of your request. If legal, contractual or tax law or company law retention obligations or other legally anchored reasons contradict the deletion, only the blocking of your data can be carried out instead of the deletion. After the deletion of your data, it is nolonger possible to provide information.
8.5 Data Transfer Right according to Art. 20 GDPR
You may receive the data we process relating to you, if we have received it from you ourselves, in a machine-readable format determined by us or instruct us to transfer this data directly to a third party chosen by you, provided that this recipient enables us to do so from a technical point of view and that the transfer of the data is not prevented by unreasonable effort or by legal or other obligations of secrecy or confidentiality considerations on our part or on the part of third parties.
8.6 Right of Objection according to Art. 21 GDPR´
You have the right to object to the processing of your data at any time on grounds relating to your particular situation, if we base this processing on legitimate interests pursuant to Article 6(1)(f) of the GDPR. If you object, we will no longer process your personal data, except in two cases:
- we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- the processing serves the assertion, exercise or defence of legal claims.
In particular, if we process your personal data for direct marketing, you have the right to object at any time to the processing of your data for the purpose of such marketing. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this purpose.
8.7 Right to Restriction of Processing pursuant to Art. 18 GDPR
You have the right to request that were strict the processing of your personal data for one of the following reasons:
- you dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of your personal data;
- we no longer need your personal data for the purposes of processing; however, you need them to assert, exercise or defend legal claims, or
- you have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
If you have obtained a restriction on processing under the above list, we will inform you before the restriction is lifted.
8.8 Contact for the Assertion of Data Subject Rights
To exercise your data protection rights, you can contact us by e-mail at: privacy@elevaid.us or in writing at:
Jetcare UG (haftungsbeschränkt)
Krumpeterweg 36a
24558 Henstedt-Ulzburg
Germany.
For all your requests, we ask you to always provide proof of your identity, for example by sending an electronic copy of your ID.
8.9 Right of Appeal to the Supervisory Authority
You have the right to lodge a complaint with the competent supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. The competent supervisory authority for us is the:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein– ULD –
Holstenstraße 98
24103 Kiel
Germany
Phone: +49 (0) 431 9881200
E-Mail: mail@datenschutzzentrum.de
9 Changes to the Privacy Policy
We reserve the right to amend this data protection declaration from time to time so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. We recommend that you regularly check the data protection declaration for possible changes. Insofar as your prior consent is required for a change to our services or for the introduction of a new service, we will inform you accordingly in good time and ask for your consent.
