Imprint conformable to § 5 TMG.
steadybit GmbH
HochstraĂźe 11
42697 Solingen
Germany
Commercial Register:
District Court Wuppertal, HRB 30206
VAT Id. No.:
DE326927463
Email:
info@steadybit.com
Represented by managing directors:
Benjamin Wilms
Johannes Edmeier
Thank you for your interest in our website steadybit.com. The protection of your personal data is of great importance to us. That is why we pay a lot of attention to this aspect in our Internet activities. The most important legal basis is the EU General Data Protection Regulation (hereinafter “GDPR”). Of course, we also observe all other relevant legal requirements, in particular those of the German Federal Data Protection Act (Bundesdatenschutzgesetz, hereinafter “BDSG”) and the German Telemedia Act (Telemediengesetz, hereinafter “TMG”).
In the following, we would like to inform you about the processing of your personal data
Controller for the processing of your personal data is steadybit GmbH Hochstrasse 11, 42697 Solingen (Germany) Commercial Register of the local court Wuppertal, HRB 30206 (hereinafter “steadybit“, “we” or the “Company”).Also available at info@steadybit.com or privacy@steadybit.com.
When you visit our website, your browser – as with any other website – contacts our web server to retrieve the pages you require. You do not need to log in or identify yourself for this. The allocation of requests and feedback from our server is based on your IP address, which may be used to establish a reference to your person. In detail, personal data such as your IP address is transmitted to our web server as part of an HTTP/S request. These connection data are processed by our web server to enable access to the website. In addition, the respective HTTP/S calls are logged in a log file. We use this for technical troubleshooting and to defend and clarify attacks (e.g. by hackers) on our systems. In addition, we use the already stored log files to create evaluations that we use to optimize our websites. The evaluation as such takes place in an anonymous form, i.e. by combining call data, so that the results no longer have any personal reference.
Your personal data will be processed on the basis of our legitimate interests in accordance with of Article 6 (1) (f) GDPR. Our legitimate interest is to operate a website for general information and communication purposes and to present our Company. The log files are processed on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to protect our facilities and systems from attacks and, if necessary, to take legal action against attackers and to further develop our websites for commercial purposes. The legal basis for the storage of data for the fulfilment of legal retention periods is, if applicable, Art. 6 Para. 1 lit. c GDPR in conjunction with the relevant statutory retention periods (in particular § 257 HGB, § 147 AO). The consent is therefore the legal basis for data processing in accordance with Art. 6 Para. 1 lit. a GDPR as well as the basis for contacting us by telephone and e-mail in accordance with § 7 Para. 2 No. 2-3 of the German Unfair Competition Act (“UWG”).
You are not obliged to provide your personal data. However, it is not possible to use the website without processing your connection data.
In principle, processing is fully automatic. Our website is operated via WP Engine and servers of the company Amazon Web Services EMEA SARL, which act on our behalf (Art. 28 GDPR) as service providers for hosting services. Our IT department has access to the log files. Where necessary, these data are also transmitted to external recipients (in particular law enforcement authorities to prosecute hacker attacks).
The logfile data is stored for 14 days. All other data is deleted immediately after the HTTP/S request has been carried out.
If you contact us with a request or we contact you, we process your personal data which are necessary for communication with you (“communication data”), e.g. name, address, e-mail, telephone number as well as the contents of the communication. The information you provide may be stored for processing the contact and for any queries.
The processing of your data in the context of communication via the contact form or by e-mail takes place on the basis of Article 6 (1) (b) GDPR, insofar as the exchange is connected with the initiation or performance of a contract with you. In other respects, the legal basis depends on the specific purpose of the exchange. In most cases Article 6 (1) (f) GDPR (our legitimate interest in conducting business correspondence or communicating with clients or for example answering questions on data protection) will be relevant.
You are not obliged to provide your data. However, communication by e-mail is not possible without the processing of your personal data.
We will only pass on your communication data internally to the persons at steadybit responsible for your request.
Your personal data will be deleted as far as they are no longer necessary for communication with you. The data may be kept for longer on the basis of Article 6 (1) (c) GDPR in conjunction with the relevant statutory retention periods (in particular un-der commercial, tax and duty law). In case of business correspondence, this is usually six years after the end of the year in which it has been received.
Steadybit is a service offering that assists customers in detecting weak spots in its software and systems. The service analyzes the software itself and injects failures in the systems under test. The service consists of a component installed on the custom-er’s hosts or VMs (hereinafter “Agent“) and a central control unit (hereinafter “Plat-form“) which is either installed and run by the customer on-prem or provided by steadybit as SaaS. For providing access protection and auditing to our SaaS offering, we only store the name and email address of the platform users. When using the on-prem offering we only store the data to administer the license.
The processing of your data in the context of communication via the contact form or by e-mail takes place on the basis of Article 6 (1) (b) GDPR, insofar as the exchange is connected with the initiation or performance of a contract with you. In other respects, the legal basis depends on the specific purpose of the exchange. In most cases Article 6 (1) (b) GDPR (our legitimate interest in conducting business correspondence or communicating with clients or for example answering questions on data protection) will be relevant. In the event that you wish your data to be permanently stored so that you can use our services again and again in the future in a simple and uncomplicated manner without having to provide all data again, this will be done on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
You are not obliged to provide your data. However, using the offering/our services is not possible without the processing of your personal data. The consent to the permanent storage of your data is also voluntary. We only offer this as an additional service.
We will only pass on your communication data internally to the persons and internal systems at steadybit.
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymize it. The data may be kept for longer on the basis of Article 6 (1) (c) GDPR in conjunction with the relevant statutory retention periods (in particular under commercial, tax and duty law). In case of business correspondence, this is usual-ly six years after the end of the year in which it has been received.
The Agents collect data from the customer infrastructure. When using the on-prem offering all data is stored and processed on the customer’s site and not transferred elsewhere. When using the SaaS offering the data is stored and processed by steadybit. This data includes but is not limited to:
infrastructure data: hostnames, ip addresses, account numbers, cloud metadata, container names, image names, operating system, system metrics
application data: application name, remote service addresses/names, used libraries, used databases, application metrics
We do not record passwords, API tokens or other information sensitive to security means from your systems.
We do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social me-dia plug-in to the social network provider. Any data processing is determined solely by the network service provider. In the interest of transparency, we would like to inform you about the processing of your personal data in this context.
To improve your user experience, our website includes social media plug-ins of the large social media networks Twitter and LinkedIn. These plug-ins allow you to directly post links to and other content from our websites on the relevant network.
Upon you opening a website on which a social media plug-in is embedded, the respective social network provider
Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in.
For further information on the processing of personal data, please contact the respective social media provider or refer to their respective privacy policy:
Twitter Inc.: twitter.com/privacy
LinkedIn: linkedin.com/legal/privacy-policy
The processing of personal data in this context by us, if any, is based on our legitimate interests to: (i) improve our website’s user experience thereby making it more attractive and thus increasing user traffic; and (ii) make our content more visible and thereby promote our business.
For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:
Twitter Inc.: twitter.com/privacy
LinkedIn: linkedin.com/legal/privacy-policy
We do not have access to, nor share, any personal data in this context.
For sharing of personal data by the social media provider, please contact the respective social media provider.
We do not transfer personal data to third countries. However, the social media plug-in will connect to the webserver of the social media network in the United States of America. For further information on transfers and relevant safeguards regarding them, please contact the respective social media provider or refer to their respective privacy policy:
Twitter Inc.: twitter.com/privacy
LinkedIn: linkedin.com/legal/privacy-policy
We do not store any personal data in this context.
For storage of personal data by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:
Twitter Inc.: twitter.com/privacy
LinkedIn: linkedin.com/legal/privacy-policy
Without processing the above mentioned personal data, you will not be able to post links to and other content from our website.
To provide our services to you in the best possible way, we also use third parties who perform services owed by us on our behalf or who support us in the provision of ser-vices and who may also be commissioned to process personal data in this context (processors). In particular, we use the following third party:
Google AdWords and Google Conversion Tracking. We use Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Park-way, Mountain View, CA 94043, United States (“Google”). As part of Google Ad-Words, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the Conversion cookie is used to generate conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by easily turning off the Google Conversion Tracking cookie in your Internet browser under User Preferences. You will then not be included in the con-version tracking statistics. Conversion cookies” are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. More information on Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy: https://www.google.de/policies/privacy/. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Google Remarketing. We use the features of Google Analytics Remarketing in con-junction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This feature allows Google Analytics Remarketing to link the ad target groups created with Google Analytics Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized to you based on your past usage and browsing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC). If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising by following this link: https://www.google.com/settings/ads/onweb/. The data collected in your Google Account will only be aggregated on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the data collection is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes. Further information and the data protection regulations can be found in Google’s data protection declaration at: https://policies.google.com/technologies/ads?hl=de.
Google Analytics. Given your consent, this website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States .
The IP-anonymisation is active on this website so that your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transfered to a Google server in the USA and truncated there.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.
The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on our cookie banner or on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser.
For further information we refer to the Google privacy statement: https://policies.google.com/privacy.
Intercom. To improve the user experience in our applications, we use the Intercom service of Intercom Inc. 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA, for sending e-mail messages and for live chats. For this purpose, we provide user data (e-mail, name, company name), as well as usage data based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). Intercom Inc. processes your data on servers in the USA and is certified under the US-EU data protection agreement “Privacy Shield”. For further information we refer to the Intercom privacy statement: https://www.intercom.com/legal/terms-and-policies
Slack. Slack is a messaging app for businesses. We use Slack to provide technical support to Steadybit customers. You can find Slack’s privacy policy here: https://slack.com/intl/en-gb/trust/privacy/privacy-policy.
Brevo. Brevo is a platform for managing customer relationships via Email, SMS, Chat and more. We use Brevo to send transactional emails. You can find Brevo’s privacy policy here: https://www.brevo.com/gdpr/.
ClearFeed. ClearFeed is a Slack-based help desk solution. We use Clearfeed to provide technical support to Steadybit customers. You can find Clearfeed’s privacy policy here: https://clearfeed.ai/privacy-policy.
Amazon Web Services. Amazon Web Services is a global cloud provider offering various computing and storage solutions. We use AWS DynamoDB to store the email addresses of Steadybit tenant administrators. You can find the Amazon Web Services privacy policy here: https://aws.amazon.com/privacy/.
WP Engine. We use WP Engine to host our www.steadybit.com website. WP Engine, headquartered at 504 Lavaca St., Ste. 1000, Austin, Texas 78701, empowers companies and agencies of all sizes to create, manage, and optimize their WordPress websites. We track aggregate overall site visits, but we do not log or store any personal information. For more information about WP Engine’s privacy policy, please visit: https://wpengine.com/legal/privacy/
WP Rocket. We use WP Rocket, from WP Media headquartered in 4 rue de la République, Lyon, France 69001 , to enhance the performance of our www.steadybit.com website. We do not log any personal information. For more information about WP Rocket’s terms of service, please visit: https://wp-rocket.me/terms/
Solid Security Pro. We use Solid Security Pro to shield our site from cyberattacks and prevent security vulnerabilities. It’s headquartered at 2703 Ena Drive, Lansing, MI 48917. We do not log any personal information. For more information about Solid Security Pro’s privacy policy, please visit: https://solidwp.com/privacy-policy/
Arcade. We use Arcade to provide website visitors with access to an interactive demo of the Steadybit platform. Arcade is an interactive demo platform that allows teams to create demos in minutes. When you access and interact with the Arcade service, it uses a cookie to log and store browser information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, unique device identifiers, and click events. You may refuse the use of cookies by selecting the appropriate settings on our cookie banner or on your browser. For more information about Arcade’s privacy policy, please visit: https://www.arcade.software/privacy
Amplitude. We use Amplitude to better understand our users’ needs and to optimize this service and experience. Amplitude is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Amplitude processes and stores the data on servers within the EU in a pseudonymized user profile. For further details, please see Amplitude’s data privacy policy: https://amplitude.com/privacy.
LogRocket. LogRocket is a new type of developer tool. It’s like a DVR for web apps. Instead of guessing why problems happen, we can replay sessions with bugs or user issues to quickly understand the root cause. For further details, please see the “about LogRocket” section of: https://logrocket.com/privacy/
HubSpot. We are supported in our online marketing activities by HubSpot, a software company from the USA with a subsidiary in Ireland. To Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500. HubSpot covers various aspects of our online marketing, such as e-mail marketing, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms. If consented to, a HubSpot cookie is used to collect information on website page views and form submissions. This information and the content of our website is stored on servers of our software partner HubSpot. If processing takes place in the USA, it has to be considered that HubSpot is certified under the US-EU data protection agreement “Privacy Shield”. They can be used by us to get in contact with you and to determine which services are interesting for you. We use all information collected solely to improve our marketing efforts. The legal basis for the use of Hubspot’s services is article 6 para-graph 1 lit. f. GDPR. For further information, please refer to HubSpot’s privacy policy: https://legal.hubspot.com/privacy-policy
Calendly. We use Calendly to offer you the possibility to schedule demo requests and general meetings with us. If you consent, a Calendly cookie will be used to improve the user experience and log information. We collect and share the following personal information: firstname, lastname, email, IP address. For further information, please refer to Calendly’s privacy policy: https://calendly.com/privacy.
Algolia. We use the search “Algolia Instantsearch” after consent on the reliability hub, address: 55 Rue d’Amsterdam, 75008 Paris, France, a search engine service of Algolia Inc (“Algolia”) to search and index our content. The use of Algolia Instantsearch is to make the information on our website easier to find and thereby ensure user-friendliness. By using Algolia Instantsearch, your IP address and search query are transmitted to an Algolia server and stored there for 90 days for statistical purposes. Please refer to Algolia’s Terms of Use https://www.algolia.com/policies/terms/ and Algolia’s Privacy Policy https://www.algolia.com/policies/privacy/.
Okta. We use Okta (Okta, Inc., Attn: Legal Team, 100 First Street, Floor 6, San Francisco, CA 94105) as the authentication and authorization platform for your registration and login. We share below personal data with Okta, under their privacy policy, https://www.okta.com/privacy-policy. For as far as necessary to deliver you this authentication service, data is processed and stored on servers within the EU. The personal data we collect during this process are your: email, name, IP address, profile picture.
Instana. For our platform, we use the End Use Monitoring (EUM) software of Instana, Inc, 222 S. Riverside Plaza, 15th Floor, Chicago, IL 60606. Riverside Plaza, 15th Floor, Chicago, IL 60606 (hereinafter referred to as “Instana”).
With Instana we can observe the condition of the platform as well as detect technical faults in order to remedy these as soon as possible. In addition, with Instana we can evaluate the use of the platform.
Instana functions through a JavaScript, which is carried out by your browser. This JavaScript collects information for the aforementioned purposes and transmits this data in an anonymised form to Instana, Inc. your IP address is transmitted in an anonymised form. In addition, the date and time of the request, time zone difference to the Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, respectively transferred data volume, the website, from which the request comes, browser, operating system and its interface and the language and version of the browser software transmitted to Instana, Inc. If you opted in into the analytics, the name and email address is transferred as well.
For more information about Instana’s privacy policy, please visit: https://www.instana.com/privacy-policy/.
Sentry.io. We use sentry.io to track and log errors that occur on our platform. The stored data is related to your device while using our platform. No personal data is shared with sentry.io, as they recommend in their security privacy policy. Want to know more about their privacy policy? Please visit https://sentry.io/privacy/
Mezmo. We use Mezmo for our SaaS platform to store and manage the application logs. We don’t log any personal information. For more information about Mezmo’s privacy policy, please visit: https://www.mezmo.com/privacy-policy
YouTube. We embed videos of the website YouTube at the Steadybit Platform, Reliability Hub and website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. This means that videos are not accessed via youtube.com, but via youtube-nocookie.com. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy.
If our Company processes personal data about you, you have the right, within the respective legal scope – i.e. in accordance with the regulations of the GDPR – to information, in particular on data stored by the controller and their processing purposes (Art. 15 GDPR) correction of incorrect or incomplete data (Art. 16 GDPR) deletion, for example of data processed unlawfully or no longer required (Art. 17 GDPR) restrictions on processing (Art. 18 GDPR) objection to the processing, in particular if it is carried out to protect the legitimate interests of the controller (Art. 21 GDPR) and data transfer, provided that the processing is based on consent or for the execution of a contract or with the aid of automated procedures (Art. 20 GDPR)
If processing is based on a consent given by you (Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, you have the right to revoke the consent at any time. The legality of the processing carried out on the basis of the consent until your revocation is not affected by this.
The assertion of your rights as well as other questions and concerns can be addressed to us by the means of communication most convenient for you:
By mail: steadybit GmbH , Hochstr. 11, 42697 Solingen, Germany
By email: privacy@steadybit.com
Furthermore, you have the possibility to address complaints to the responsible supervisory authority. For steadybit, this is the Landesbeauftragte fĂĽr Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine Westphalia), P.O. Box 200444, 40102 DĂĽsseldorf, poststelle@ldi.nrw.de.