Privacy Policy for the Moosle platform
1. Introduction
In this Privacy Policy you will learn,
- how we handle personal data in the context of your use of the Moosle User Platform and
- how we process your personal data in the context of the contractual relationship as well as for your visit to our website.
2. Controller
This Privacy Policy applies to the Processing of Personal Data by us as Controller in accordance with
Art. 4 Para. 7 of the General Data Protection Regulation (GDPR).
Our contact details are:
Moosle GmbH
Im langen Morgen 35
54536 Kröv
Germany
E-Mail: legal@moosle.com
Tel.: +49 (0) 1737564263
3. Definitions of terms
Insofar as this Privacy Policy does not contain or imply a different definition, we refer to the definitions in Art. 4 GDPR with regarding the terms used.
4. Processing of your Personal Data in the context of our Website
4.1. When accessing our website
When you access our website, i.e. if you do not otherwise transmit information to us, we or the host provider acting on our behalf only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system
- Language and version of the browser software
This data is technically necessary for us to display and provide you with our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. This data is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident. The hosting service provider we use processes personal data on our behalf and within the scope of our instructions as a so-called processor in accordance with Art. 28 of the GDPR.
The service provider we use in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called processor pursuant to Art. 28 GDPR, is located in the USA. The level of data protection in the USA is assessed as inadequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.
4.2. Detection of automated queries by MTCaptcha
We use technology from MTCaptcha to ensure that the contact form is not misused for automated requests (e.g. spam). If you contact us via the contact form, you will be asked to perform a cognitive service (e.g., recognizing certain features among a large number of images) as part of the submission process, which can regularly only be performed by a human, but not by a computer. This query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. Therefore, we transmit the following data to MTCaptcha in the USA (Four Embarcadero Center, 1400, San Francisco, CA 94111, USA):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Amount of data transferred in each case
- Website from which the request comes
- Browser and browser-plugins
- Language and version of the browser software
- Screen and window resolution
MTCaptcha evaluates the data anonymously to detect an automated query to ensure that the contact form is not abused. Cookies are used for this purpose, which enable recognition of your internet browser. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR.
Further information on the data processing performed by MTCaptcha can be found at https://www.mtcaptcha.com/legal-privacy-captcha
4.3. Usage analysis through Google Analytics
Our website optionally uses Google Analytics so that we can further improve future websites. You can consent to the use of Google Analytics when accessing the website. You can revoke your consent to the use of Google Analytics at any time. If you give us your consent, we evaluate your use of the website. For this purpose, we process the following personal data from you:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Information about your terminal device
- Operating system and its interface
- Language and version of the browser software
- Screen and window resolution
- Your approximate location
- Information about the time you spend on the site
- Information about actions you perform on the website
Therefore, we transfer the aforementioned data to Google for analysis purposes. On our behalf, Google evaluates the data on the manner of your use, as this data is necessary for us to ensure the stability and security of the website and to further develop it according to your interests. The data collected in this way is not merged with your other profile information, but is included in anonymous statistics that help us to get to know our users better and to better adapt the website to their needs. As already mentioned, we process this data exclusively with your consent. The legal basis for this is Art. 6 para. 1 p. 1 lit. a GDPR.
In the context of the use of Google Analytics services, Google also transmits data to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA has been assessed by the European Commission as inadequate. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact options specified in section 2.
Further information on the data processing performed by Google can be found at https://policies.google.com/privacy
4.4. Integration of fonts from Google Fonts
Furthermore, we use fonts from Google Fonts on our website. This serves to offer you a comfortable, fast and aesthetic presentation of the content of our website. In this context, we transfer the following data to Google:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system
- Language and version of the browser software
- Screen and window resolution
The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.
In the context of the use of the Google Fonts services, there are also data transfers from Google to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA has been judged to be inadequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.
Further information on the data processing performed by Google can be found at https://policies.google.com/privacy
4.5. Integration of SendGrid
We use SendGrid to ensure the reliable delivery of all emails from our system even during peak times with many requests. Without external providers, this would not be economically feasible. We can also analyze the sending of emails with the help of SendGrid. In this way it can be determined whether a message has been opened and which links have been clicked. The following technical information is collected, which is used exclusively for statistical analysis of messages. We primarily use the results of these analyzes to identify delivery problems at an early stage. Therefore, we transmit the following data to SendGrid in the USA (Sendgrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Access status/HTTP status code
- Browser
- Operating system
- Language and version of the browser software
The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.
In the context of the use of the SendGrid services, there are also data transfers from SendGrid to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA has been judged to be inadequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.
Further information on the data processing performed by SendGrid can be found at https://sendgrid.com/policies/privacy
4.6. In the context of contacting us by e-mail
We process e-mails that you transfer to us and we transfer to you using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e. your e-mail address and the information you provide in the e-mail) on our behalf to enable us to communicate with you by e-mail or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 Para. 1 S.1 lit. f or Art. 6 Para. 1 S. 1 lit. b GDPR. We delete the data if they are no longer necessary and no legal obligations are opposed. We review the necessity every six months.
4.7. In the context of contacting us by telephone
If you contact us by telephone, we need your personal data (e.g. name, telephone number, address or e-mail address) to process your inquiry or request. This data processing is necessary to enable us to communicate with you or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 para. 1 p.1 lit. f or Art. 6 para. 1 p. 1 lit. b GDPR. We delete this data if it is no longer necessary and there are no legal obligations to the contrary. We review the necessity every six months.
4.8. In the context of contacting us via the contact form
If you contact us via contact form, e-mail, we need your personal data (eg name, contact details, etc.) to process your request or your request. This data processing is necessary to enable us to communicate with you or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 para. 1 p.1 lit. f or Art. 6 para. 1 p. 1 lit. b GDPR. We delete the data if it is no longer necessary and there are no legal obligations to the contrary. We review the necessity every six months.
4.9. Within the framework of the subscription to our newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. In addition, our newsletters contain information about our products, promotions and our company.
For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
Mandatory information for sending the newsletter is only your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. We store your email address for this purpose until you revoke your consent.
4.10. Map Integration from Google Maps
If you are an Enterprise Customer of ours, e use technology from Google Maps to offer you map representations. Each time you access a page that contains one or more map displays from Google Maps, information about your visit, your IP address and the interaction with the plug-in (e.g. scrolling, changing the section, using the navigation function) is transmitted to a Google server in the USA and stored there. This serves to offer you a comfortable, fast and efficient visual representation of the areas of your operation. Therefore, we transmit the following data to Google in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
- Data on interaction with the Google Maps plug-in
- Device identifier of your end device, if applicable.
The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.
In the context of the use of Google Maps, there are also data transfers from Google to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA is not considered adequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact options specified in section 2.
Further information on the data processing performed by Google can be found at https://policies.google.com/privacy
4.11. Payment Processing by Stripe
If you book a paid service from us, we use the payment service provider Stripe in order to process your payments with the highest level of security. Therefore, we transmit the following data to Stripe in the USA (Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
- Data on interaction with the Google Maps plug-in
- Device identifier of your end device, if applicable.
- Name
- Address
- Provided payment information
- Phone number
- Email address
The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.
In the context of the use of Stripe, there are also data transfers from Stripe to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA is not considered adequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact options specified in section 2.
Further information on the data processing performed by Stripe can be found at https://stripe.com/privacy
5. When registering on our platform
5.1. Mandatory information for registration on our user platform
When you register on our platform, you must provide certain information about yourself as mandatory data. We therefore process the following personal data from you:
- Name
- Email address
- Password
- Language
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. We store your data until you cancel your user account. After that, your data with regard to the user account will be deleted, unless their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.
The service provider we use in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called processor pursuant to Art. 28 GDPR, is located in the USA. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses and is carried out on the basis of our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR in conjunction with. Art. 28 GDPR, 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.
5.2. Optional information on our user platform
In addition to the required mandatory information, you may provide additional information. We may therefore process personal data that you voluntarily add to your profile, such as
- Profile picture
- Phone number
- Address
- Description
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. The deletion of this data takes place either selectively for certain details when you remove them from our platform or completely when you delete your account on our platform.
To fulfill our contractual obligations, we rely on the services of carefully selected third parties who process the data on our behalf. In each case, these are processors with whom we have concluded an agreement in accordance with Art. 28 GDPR. In addition, we naturally ensure prior compliance with all data protection requirements by our processors, so that your data is always secure.
One of the service providers we use in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called processor pursuant to Art. 28 GDPR, is located in the USA. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses and is based on our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR in conjunction with. Art. 28 GDPR, 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.
5.3. Transfer of your data to farms
The main function of the Moosle user platforms is to make it easier for you to cooperate with growers who use Moosle for cultivation. The central component of this solution is the Moosle user platform: You only have to register once and can "connect" to different farms with the data stored. The following data is transferred to the cultivation company as part of the connection:
- Name
- Phone number
- E-mail address
This processing is necessary to fulfill the usage contract concluded between you and us; the legal basis for the processing is Art. 6 (1) p. 1 lit. b GDPR.
A prerequisite for the connection is that the respective company invites you to do so and generates a "connection token" for you in the process. You can then use this token to connect to the site.
We are not responsible for the further processing of your data by the Controller and it is not the subject of this Privacy Policy. If you have any questions about how the respective company processes your data, please contact the respective company.
6. Deletion of Data
The data processed by us will be deleted in accordance with Art. 17 GDPR or restricted in their processing in accordance with Art. 18 GDPR.
Unless otherwise provided for in this data protection declaration, the data processed by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. We review the necessity of this every six months. If the data are not deleted because they are required for other, legally permissible purposes, their processing is restricted. This means that the data is blocked and not used. This applies, for example, to data that must be retained for commercial or tax law reasons.
7. Rights of Data Subjects
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- in accordance with Art. 16 GDPR, to demand the correction of incorrect or complete personal data stored by us without delay;
- to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller;
- to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
8. Revocation of Consent
If we process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR with effect for the future.
If you would like to make use of your right of revocation, you can inform us by e-mail to legal@moosle.com. Alternatively, you can also use the contact data listed under section 2 above.
9. Objection in case of processing on the basis of our legitimate interest
If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection to direct advertising is directed. In the latter case, you have a general Right to object, which we will implement without specifying a particular situation.
If you would like to exercise your Right to object, you can inform us by e-mail to legal@moosle.com. Alternatively, you can also use the contact data listed under section 2 above.
10. Security Measures
We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.
11. Changes to this Privacy Policy
We reserve the right to change our Privacy Policy if this should be necessary due to new technologies or changes in our data processing processes or to adapt it to changes in the legal situation relevant to us. However, this only applies to this data protection declaration. If we process your personal data on the basis of a consent given by you, any changes will only be made with your consent. If the change includes mandate data, we will inform you at the time of each new processing that takes place for the first time after a change to the Privacy Policy takes effect.
You can find the current version of our Privacy Policy at https://moosle.de/es/privacy.
Date: July 19th, 2021