Imprint conformable to § 5 TMG.
District Court Wuppertal, HRB 30206
VAT Id. No.:
Represented by managing directors:
Thank you for your interest in our website steadybit.com. The protection of your personal data is of great importance to us. That is why we pay a lot of attention to this aspect in our Internet activities. The most important legal basis is the EU General Data Protection Regulation (hereinafter “GDPR”). Of course, we also observe all other relevant legal requirements, in particular those of the German Federal Data Protection Act (Bundesdatenschutzgesetz, hereinafter “BDSG”) and the German Telemedia Act (Telemediengesetz, hereinafter “TMG”).
In the following, we would like to inform you about the processing of your personal data
Controller for the processing of your personal data is steadybit GmbH Hochstrasse 11, 42697 Solingen (Germany) Commercial Register of the local court Wuppertal, HRB 30206 (hereinafter “steadybit“, “we” or the “Company”).Also available at email@example.com or firstname.lastname@example.org.
2. Surfing on steadybit.com
2.1 For what purposes do we process your data?
When you visit our website, your browser - as with any other website - contacts our web server to retrieve the pages you require. You do not need to log in or identify yourself for this. The allocation of requests and feedback from our server is based on your IP address, which may be used to establish a reference to your person. In detail, personal data such as your IP address is transmitted to our web server as part of an HTTP/S request. These connection data are processed by our web server to enable access to the website. In addition, the respective HTTP/S calls are logged in a log file. We use this for technical troubleshooting and to defend and clarify attacks (e.g. by hackers) on our systems. In addition, we use the already stored log files to create evaluations that we use to optimize our websites. The evaluation as such takes place in an anonymous form, i.e. by combining call data, so that the results no longer have any personal reference.
2.2 On what legal basis do we process your data?
Your personal data will be processed on the basis of our legitimate interests in accordance with of Article 6 (1) (f) GDPR. Our legitimate interest is to operate a website for general information and communication purposes and to present our Company. The log files are processed on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to protect our facilities and systems from attacks and, if necessary, to take legal action against attackers and to further develop our websites for commercial purposes. The legal basis for the storage of data for the fulfilment of legal retention periods is, if applicable, Art. 6 Para. 1 lit. c GDPR in conjunction with the relevant statutory retention periods (in particular § 257 HGB, § 147 AO). The consent is therefore the legal basis for data processing in accordance with Art. 6 Para. 1 lit. a GDPR as well as the basis for contacting us by telephone and e-mail in accordance with § 7 Para. 2 No. 2-3 of the German Unfair Competition Act (“UWG”).
2.3 Is there an obligation for you to provide your data and what happens if you decide against it?
You are not obliged to provide your personal data. However, it is not possible to use the website without processing your connection data.
2.4 With whom is your data shared or who is involved in the processing of your data?
In principle, processing is fully automatic. Our website is operated via servers of the company Amazon Web Services EMEA SARL, which acts on our behalf (Art. 28 GDPR) as a service provider for hosting services. Our IT department has access to the log files. Where necessary, these data are also transmitted to external recipients (in particular law enforcement authorities to prosecute hacker attacks).
2.5 How long will your data be stored?
The logfile data is stored for 14 days. All other data is deleted immediately after the HTTP/S request has been carried out.
3. Communication by e-mail / contacting
3.1 For what purposes do we process your data?
If you contact us with a request or we contact you, we process your personal data which are necessary for communication with you (“communication data”), e.g. name, address, e-mail, telephone number as well as the contents of the communication. The information you provide may be stored for processing the contact and for any queries.
3.2 On what legal basis do we process your data?
The processing of your data in the context of communication via the contact form or by e-mail takes place on the basis of Article 6 (1) (b) GDPR, insofar as the exchange is connected with the initiation or performance of a contract with you. In other respects, the legal basis depends on the specific purpose of the exchange. In most cases Article 6 (1) (f) GDPR (our legitimate interest in conducting business correspondence or communicating with clients or for example answering questions on data protection) will be relevant.
3.3 Is there an obligation for you to provide your data and what happens if you decide against it?
You are not obliged to provide your data. However, communication by e-mail is not possible without the processing of your personal data.
3.4 With whom is your data shared or who is involved in the processing of your data?
We will only pass on your communication data internally to the persons at steadybit responsible for your request.
3.5 How long will your data be stored?
Your personal data will be deleted as far as they are no longer necessary for communication with you. The data may be kept for longer on the basis of Article 6 (1) (c) GDPR in conjunction with the relevant statutory retention periods (in particular un-der commercial, tax and duty law). In case of business correspondence, this is usually six years after the end of the year in which it has been received.
4. Steadybit platform
4.1 For what purposes do we process your data?
Steadybit is a service offering that assists customers in detecting weak spots in its software and systems. The service analyzes the software itself and injects failures in the systems under test. The service consists of a component installed on the custom-er’s hosts or VMs (hereinafter “Agent“) and a central control unit (hereinafter “Plat-form“) which is either installed and run by the customer on-prem or provided by steadybit as SaaS. For providing access protection and auditing to our SaaS offering, we only store the name and email address of the platform users. When using the on-prem offering we only store the data to administer the license.
4.2 On what legal basis do we process your data?
The processing of your data in the context of communication via the contact form or by e-mail takes place on the basis of Article 6 (1) (b) GDPR, insofar as the exchange is connected with the initiation or performance of a contract with you. In other respects, the legal basis depends on the specific purpose of the exchange. In most cases Article 6 (1) (b) GDPR (our legitimate interest in conducting business correspondence or communicating with clients or for example answering questions on data protection) will be relevant. In the event that you wish your data to be permanently stored so that you can use our services again and again in the future in a simple and uncomplicated manner without having to provide all data again, this will be done on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
4.3 Is there an obligation for you to provide your data and what happens if you decide against it?
You are not obliged to provide your data. However, using the offering/our services is not possible without the processing of your personal data. The consent to the permanent storage of your data is also voluntary. We only offer this as an additional service.
4.4 With whom is your data shared or who is involved in the processing of your data?
We will only pass on your communication data internally to the persons and internal systems at steadybit.
4.5 How long will your data be stored?
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymize it. The data may be kept for longer on the basis of Article 6 (1) (c) GDPR in conjunction with the relevant statutory retention periods (in particular under commercial, tax and duty law). In case of business correspondence, this is usual-ly six years after the end of the year in which it has been received.
4.6 What other data is stored?
The Agents collect data from the customer infrastructure. When using the on-prem offering all data is stored and processed on the customer’s site and not transferred elsewhere. When using the SaaS offering the data is stored and processed by steadybit. This data includes but is not limited to:
infrastructure data: hostnames, ip addresses, account numbers, cloud metadata, container names, image names, operating system, system metrics
application data: application name, remote service addresses/names, used libraries, used databases, application metrics
We do not record passwords, API tokens or other information sensitive to security means from your systems.
5. Social PLUG-INS
5.1 Who control the data in the context of social media plug-ins
We do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social me-dia plug-in to the social network provider. Any data processing is determined solely by the network service provider. In the interest of transparency, we would like to inform you about the processing of your personal data in this context.
5.2 Description and purposes of the processing
To improve your user experience, our website includes social media plug-ins of the large social media networks Twitter and LinkedIn. These plug-ins allow you to directly post links to and other content from our websites on the relevant network.
Upon you opening a website on which a social media plug-in is embedded, the respective social network provider
Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in.
Twitter Inc.: twitter.com/privacy
5.3 Legal basis for the processing and legitimate interests for the processing
The processing of personal data in this context by us, if any, is based on our legitimate interests to: (i) improve our website’s user experience thereby making it more attractive and thus increasing user traffic; and (ii) make our content more visible and thereby promote our business.
Twitter Inc.: twitter.com/privacy
We do not have access to, nor share, any personal data in this context.
For sharing of personal data by the social media provider, please contact the respective social media provider.
5.5 Transfer of personal data to third countries or international organisations
Twitter Inc.: twitter.com/privacy
5.6 Retention period
We do not store any personal data in this context.
Twitter Inc.: twitter.com/privacy
5.7 Possible consequences of failure to provide personal data
Without processing the above mentioned personal data, you will not be able to post links to and other content from our website.
6. Use of third party companies
To provide our services to you in the best possible way, we also use third parties who perform services owed by us on our behalf or who support us in the provision of ser-vices and who may also be commissioned to process personal data in this context (processors). In particular, we use the following third party:
Google Remarketing. We use the features of Google Analytics Remarketing in con-junction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This feature allows Google Analytics Remarketing to link the ad target groups created with Google Analytics Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized to you based on your past usage and browsing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC). If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising by following this link: https://www.google.com/settings/ads/onweb/. The data collected in your Google Account will only be aggregated on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the data collection is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes. Further information and the data protection regulations can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=de.
Intercom To improve the user experience in our applications, we use the Intercom service of Intercom Inc. 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA, for sending e-mail messages and for live chats. For this purpose, we provide user data (e-mail, name, company name), as well as usage data based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). Intercom Inc. processes your data on servers in the USA and is certified under the US-EU data protection agreement "Privacy Shield". For further information we refer to the Intercom privacy statement: https://www.intercom.com/de/terms-and-policies
LogRocket LogRocket is a new type of developer tool. It’s like a DVR for web apps. Instead of guessing why problems happen, we can replay sessions with bugs or user issues to quickly understand the root cause. For further details, please see the "about LogRocket" section of: https://logrocket.com/privacy/
Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics' website. https://usefathom.com/compliance
7. Your rights
If our Company processes personal data about you, you have the right, within the respective legal scope - i.e. in accordance with the regulations of the GDPR – to information, in particular on data stored by the controller and their processing purposes (Art. 15 GDPR) correction of incorrect or incomplete data (Art. 16 GDPR) deletion, for example of data processed unlawfully or no longer required (Art. 17 GDPR) restrictions on processing (Art. 18 GDPR) objection to the processing, in particular if it is carried out to protect the legitimate interests of the controller (Art. 21 GDPR) and data transfer, provided that the processing is based on consent or for the execution of a contract or with the aid of automated procedures (Art. 20 GDPR)
If processing is based on a consent given by you (Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, you have the right to revoke the consent at any time. The legality of the processing carried out on the basis of the consent until your revocation is not affected by this.
The assertion of your rights as well as other questions and concerns can be addressed to us by the means of communication most convenient for you:
By mail: steadybit GmbH , Hochstr. 11, 42697 Solingen, Germany
By email: email@example.com
Furthermore, you have the possibility to address complaints to the responsible supervisory authority. For steadybit, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine Westphalia), P.O. Box 200444, 40102 Düsseldorf, firstname.lastname@example.org.