Privacy Notice
Privacy Notice for customers and users of Dealfront pursuant to Article 13 of the EU General Data Protection Regulation (GDPR)
(February 2024)
Introduction
Dealfront Group GmbH and its affiliates, including but not limited to Dealfront Germany GmbH and Dealfront Finland Oy, (in the following "Dealfront", “we”, “our”, “us”) takes the protection of your personal data very seriously. With this privacy notice (“Privacy Notice”), we want to inform the public and data subjects about the nature, extent, and purpose of the personal data collected, used, and processed by us pursuant to Article 13 of the GDPR and inform data subjects about their rights.
Dealfront also operates one of the largest search engines/crawlers in the world for the provision of its services. Data and information that are publicly available on the Internet are thereby automatically collected. This processing may also affect personal data that is not collected directly from the data subject. Therefore, we have also developed the document Privacy Information for Data Subject to inform data subjects pursuant to Article 14 of the GDPR. (see https://marketing.dealfront.com/privacy-information-for-data-subjects-en.pdf)
This Privacy Notice is structured as follows: In the overview (A) we provide an overview of our privacy practices related to our services and our platform as well as your rights. In the second part, we explain in detail the processing operations carried out by us (B), their respective data scope, purpose, and associated legal bases. In the third part you receive information about how and when we share data with third parties (C) .
Dealfront has implemented numerous measures to ensure the protection of personal data. For more information, visit our online privacy center at: https://www.dealfront.com/privacy-center
A) Overview
In this Privacy Notice, we use the terms defined in Article 4 of the GDPR: personal data, data subject, processing, restriction of processing, pseudonymisation, controller, processor, recipient, third parties, and consent. Since Dealfront is a company specialising in data processing in the Business-to-business (B2B) sector, we have also defined other terms that are intended to help you understand the following explanations:
Publicly available data means all data, information, and entries which are accessible or viewable for everyone via public sources directly (e.g. by a link) or indirectly (e.g. by a query). Examples of public sources are: websites, news portals, press or blog articles, publicly shared posts and profiles from social media, as well as public databases of specialist portals, job boards, forums, the commercial register, the Federal gazette, or Wikipedia.
Business related data is data that is associated with a business or an organisation. For example, a change of management notification may include the name of the company and the manager; a press release may include the contact of the press representative; include a public social media profile (e.g. LinkedIn or XING) with the name of the employer and mention a product rating of the manufacturer concerned.
A1) The controller / data protection officer
For the purposes of this Privacy Notice, the data controller of the personal data collected, processed and stored through the platform, or through the communication platforms related thereto, is Dealfront Group GmbH, with registered office at Durlacher Allee 73, D-76131 Karlsruhe, Germany (hereinafter "Data Controller").
You can always contact the Data Controller by e-mail at: privacy@dealfront.com.
For any questions regarding the data processing carried out in the context of using the platform or our services and products, may also contact Henri Markkanen, the group data protection officer ("DPO") designated by Dealfront at any time by email: dpo@dealfront.com.
A2) How and when do we obtain personal data from you?
Dealfront may collect personal data from you in the following circumstances:
Data collected by automated means such as cookies or similar technologies when you visit the Dealfront website or use Dealfront’s services (for additional information see here: https://www.dealfront.com/cookies-and-tracking/)
Data collected from you when you create an account, complete a form, contact us directly or subscribe to our services
Data you provide us about others in your organisation or data that others have provided about you.
A3) Legal bases for data processing?
We process personal data in accordance with the applicable data protection regulations, namely the GDPR:
a) for the fulfilment of contractual obligations pursuant to Article 6 para. 1 lit. b of the GDPR
We process your personal data in the context of the performance of our contracts with our customers, users and/or applicants or for the implementation of pre-contractual measures. The purposes of the data processing are based primarily on the specific product and may include, but are not limited to, general communication about our services, analysis and consulting for the purpose of creating an offer, support or consulting, the provision of online software, or the processing of application documents.
b) if we have a legitimate interest pursuant to Article 6 para. 1 lit. f of the GDPR
If necessary, we may process your personal data prior to the initiation or fulfilment of a contract or beyond if we have a legitimate interest in doing so. Legitimate interests include:
Operation of our website and optimisation of our offers on the Internet
Analysis and optimisation of customer journeys and procedures
Advertising, marketing, and sales, insofar as you have not objected to the use of your data for this purpose
Market and opinion research, insofar as you have not objected to the use of your data for this purpose
Asserting legal claims and defence in legal disputes
Ensuring IT security and IT operations; elimination of errors and malfunctions
Prevention of crime
Measures for business and risk management and controlling
Further development of services and products
Event management
c) on the basis of your consent pursuant to Article 6 para. 1 lit. a of the GDPR
Certain processing activities (e.g. the receipt of newsletter, downloads of whitepapers or other materials) are based on your consent. Consent given can be revoked at any time.
d) in case we are legally required to process your data (Art. 6 para. 1 lit. c of the GDPR)
Insofar as Dealfront is required by law to process certain data, personal data may also be affected.
A4) Deletion and retention periods
We process and store your personal information as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is intended for several years. If the data are no longer required for the fulfilment of contractual or legal obligations, these are regularly deleted unless the consent given also extends beyond the end of the contract or a balance of interests comes to the conclusion that a legitimate interest of Dealfront exists for further storage which outweighs the interests of the data subject.
A5) How do we share the data?
We may share data as follows:
within the Dealfront group in order to provide you the requested services and products
with service providers that perform services or handle transaction on our behalf
other parties when we are required to do so by law or as necessary to protect our rights, or in the context of corporate transactions.
A6) Rights of data subjects
You may be entitled to exercise some or all of the following rights:
require (i) information as to whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
object, on grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators;
require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.
You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting at: privacy@dealfront.com.
If you want to lodge a complaint with the official data protection authority, please visit the website https://www.baden-wuerttemberg.datenschutz.de/ for more information.
A7) Non-use of "profiling"
Profiling describes a type of automated processing of personal data that consists in assessing, analysing, or predicting certain personal aspects such as health or personal preferences and which produces legal effects on the data subject. Dealfront does not use such profiling.
B) Comprehensive Privacy Notice
When you visit our platform, use our services or contact us directly, we obtain various types of data related to you and your use of our services. This data may include information that directly identifies you such as your name or contact details as well as identifiers (e.g. your IP address) or cookie-level data that may indirectly identify you. The information we obtain generally consists of (B1) automatically collected data about your interactions with our platform and our services or (B2) data you provide us about yourself or we directly collect from you or (B3) data you provide us about others in your organisation or (B4) data that others have provided us with about you.
B1) Information automatically collected
If you are visiting our websites or accessing our applications, we collect the following information provided by your browser or mobile device: pages accessed, time of visit and time of last visit, frequency of recurring visits, IP address, name of the owner of the IP address, domain or provider of IP address, referrer (site/service/queries that led you to our website), browser information, device information.
Such data is collected and processed for different purposes such as:
to deliver the contents of our websites and apps correctly,
to optimise the content of our website, enhance user experience and to advertise our services and products,
to ensure the permanent functioning of our systems and the technology of our website,
to provide law enforcement with information necessary for prosecution in the event of a cyber-attack, and
to facilitate the access to and the use of our services.
The legal basis for the processing of the data collected in this way is Article 6 para. 1 lit. f (legitimate interest in aforementioned purposes) as well as Art. 6 (1) lit. b GDPR (performance of a contract if such processing is necessary in order to provide you access to our services and products via the platform).
To collect such data, we use cookies and similar technologies. For more information about cookies and other technologies used by us please see here: https://www.dealfront.com/cookies-and-tracking/.
B2) Information provided by you
If you contact Dealfront, if you send us an email or inquiry, or if you wish to use certain offers and services of our company, the processing of your personal data may be necessary. Examples include:
You request a whitepaper, a price list, or another document.
You sign up to receive our newsletter.
You contact our service team or our sales team.
You apply for one of our job advertisements.
You contact us during a lecture, trade fair or similar event.
You are testing software or an app and sharing your data with us.
In such cases, the following personal data may be collected directly from you:
name, job title, affiliation
email address, phone number or other contact details
billing and payment information
user information from integrated tools
messages with our support and sales teams
metadata related to your request or inquiry
search queries and results of such queries
other data uploaded by you to our systems
In these cases, we process your personal data for the following purposes:
B2.1) To provide you with our services and products (Art, 6 (1) lit. b GDPR)
Such services may include:
processing your requests and inquiries on our platform,
deliver platform/website content to you
providing customer assistance and IT support, and/or
providing online learning content to you.
B2.2) To communicate with you
We may communicate with you via different means, such as by post, email, personal contact, messenger or chat systems or social media. The communication purposes may include:
sending you service-related messages and notifications (Art. 6 (1) lit. f GDPR (our legitimate interest in marketing and sales of our products and services);
sending you our newsletter (Art. 6 (1) lit. a GDPR);
responding to your questions or addressing your requests (Art. 6 (1) lit. b GDPR);
sending you materials you have requested (Art. 6 (1) lit. b GDPR);
sending you payment or billing related information (Art. 6 (1) lit. b GDPR) and to fulfil our legal obligations regarding accounting and bookkeeping (Art. 6 (1) lit. c GDPR in conjunction with Sec. 257 (4) of the German Commercial Code)
in conjunction with job applications and the application procedure (Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. c GDPR).
B2.3) To protect our rights or the rights of others
This may include activities like:
Detecting and preventing fraud or illegal activities or misuse of our services (Art. 6 (1) lit. f GDPR);
Backing up our systems (Art. 6 (1) lit. f GDPR (our legitimate interest in IT security and recovery of our data));
Performing audits, testing, assessments or other troubleshooting activities (Art. 6 (1) lit. f GDPR (our legitimate interest in IT security and recovery of our data));
Complying with and enforcing applicable legal requirements (Art. 6 (1) lit. c GDPR);
Collecting and recovering money owed to us (Art. 6 (1) lit. b GDPR).
B2.4) For advertising and marketing activities (Art. 6 (1) lit. f (legitimate interest in marketing our products and services) GDPR
These activities include:
Developing, managing and executing advertising and marketing campaigns, promotions and offers related to our services, products and our platform;
Interest-based advertising. We use online and offline information obtained from you for interest-based advertising and marketing activities. To learn more about this, please also refer to our cookie notice.
B3) Information provided by you about third parties
You may provide information about other people, such as the name and email of a contact who you want to invite as a user to our services and products. These third parties may include team members or colleagues in your organisation or external agencies with whom you are, in accordance with our terms and conditions, authorised to give access to our services. Such information may include the name, job title and contact information. Do not give us information about others unless you are authorised or have their permission to do so. We will use their information for the purposes described in this Privacy Notice.
B4) Information provided about you by third parties
Others may have provided us with information about you, such as your name and contact details either because they wanted to invite you as a user to our services or products or in the context of verifying your information for the use of or in the context of our services. We inform and ask anyone sharing information with us not to give us such information about others unless they are authorised or have the respective data subjects permission and knowledge to do so. We will use your information for the purposes described in this Privacy Notice.
C) Data Sharing
C1) Recipients
We may share data with the following recipients:
C1.1) Dealfront group
In order to offer you comprehensive support and to ensure an ongoing high quality of our services and products, Dealfront Group GmbH relies on the assistance of Dealfront Germany GmbH and Dealfront Finland Oy (each a “Joint Controller” and together the “Joint Controllers”). The legal basis for such processing is Art. 6 (1) lit. b as well as Art. 6 (1) lit. f (legitimate interest in providing and improving our services). In accordance with Art. 26 of the GDPR, the Joint Controllers have entered into a Joint Controller Agreement stipulating in a transparent manner their respective responsibilities with regard to compliance with their obligations under the GDPR. The essential content of the Agreement is available here: https://marketing.dealfront.com/essential-content-of-the-joint-controller-agreement-en.pdf.
In addition, we may share data with other affiliates for marketing or customer support purposes. Such processing activity is based on Art. 28 GDPR in conjunction with a data processing agreement concluded with the respective affiliates.
C.1.2) Service Providers
Dealfront doesn’t sell your data to our service providers. We may share some data with some companies that help us provide our services (for example accounting or job application tools). The legal basis for this data transfer and processing activity is Art. 28 GDPR in conjunction with a data processing agreement concluded with the respective service provider. These service providers are only allowed to use the data shared with them for the specific task they’ve been hired to do.:
Web analysis service providers
Advertising service providers
Map Services / Maps
CDN / Content Delivery Networks
Video Player
Screensharing / Video Chats
Tools for communication
Contact data management / CRM tools
Job application tools
Accounting tools
Cloud Storage and Hosting Providers
Online learning systems and tools
As our business operates globally, the service providers mentioned above may occasionally reside outside the jurisdiction where you are based. Further details on this matter can be found below (see C2).
C.1.3) Legal Disclosure
We may disclose your personal data to comply with legal requirements and obligations, including court orders or to comply with legitimate requests from law enforcement agencies or regulators.
C.1.4) Change of ownership
We may disclose your personal data in the event of an acquisition, merger or other transaction to the new owner
C2) Cross Border Data Transfers
Dealfront operates globally, however, data provided by you and processed by us in the context of providing our services to you is exclusively stored and processed on servers within the European Union.
We also strive to have all our service providers be based within the EEA/EU. Thus, only in rare cases and as part of our data sharing activities mentioned above (see (C)), we may need to transfer your personal data to other countries, including those outside the European Economic Area (EEA), which may have different data protection standards than your country of residence. We will ensure that your personal data is adequately protected when shared with such service providers.
In the event of a transfer outside of the EEA, we use EU Standard Contractual Clauses or (where applicable) rely on adequacy decisions as a safeguard in compliance with Article 46 of the GDPR. For more information on these safeguards, please visit https://ec.europa.eu/info/law/law-topic/data-protection_en or contact our Group Data Protection Officer at dpo@dealfront.com.
D) Integration Disclosure
You may choose to use Dealfront’s Google Ads integration in order to enable you to gain valuable insights into your advertising campaigns and track and improve their effectiveness. We use the Google OAuth protocol for authentication without requiring you to share your login credentials with us. OAuth also allows secure access to the user’s data.
Dealfront’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Dealfront does not transfer information received from Google APIs to any third party or app without your consent. Provided that you have consented, the non-personal data received from Google APIs will be used to provide you with the services as well as for security (e.g. fraud prevention) and analytical purposes.
E) Changes to our Privacy Notice
We reserve the right to amend this Privacy Notice to ensure continued compliance with legal requirements or to reflect changes to our services in the Privacy Notice.