Privacy Policy

We, HybridOffice21 GmbH ("we" or "us"), are committed to protecting your privacy when you ac- cess and use our Websites and use and/or receive our Services and to ensure the security and integrity of your personal data in accordance with applicable data protection laws.

Personal data means any information relating to an identified or identifiable natural person.

This Privacy Policy governs our websites including www.yoffix.com and app.yoffix.com ("Web- sites") and other services offered by us ("Services"). It gives details of what data is collected by and/or provided to us when accessing and using our Websites and using and/or receiving our Services, how we may store and use such personal data and what rights you have as a data subject regarding your personal data.

DATA CONTROLLER

The data controller for the processing of personal data is

HybridOffice21 GmbH Kastanienallee 98b, D-10435 Berlin hello@yoffix.com

For further information on this Privacy Policy and for exercising your statutory data protection rights laid down in Section H of this Privacy Policy, you may contact us at the above contact details.

COLLECTION OF PERSONAL DATA

We collect your personal data when

§ you use our Websites or use and/or receive our Services,

§ you contact us via any means, including via phone, email, social media or contact forms,

§ you disclose or submit information via channels operated by us (including our Websites and Services, blogs and community forums) or register for or log-in to such channels operated by us, and

§ third parties (e. g. business partners, users, resellers, subcontractors) provide us with your personal data in accordance with applicable data protection laws.

It is necessary for us to collect personal data in order to offer you our Websites and Services. If you do not provide us with the personal data that we request, we may not be able to offer you our Websites and Services properly.

C. TYPES OF DATA COLLECTED

We may collect the following data of you:

§ Contact Data: Personal information such as name, address, telephone number, email address, birth date, company information and employment status.

§ Contract Data: Information relating to any contract between you and us such as customer numbers, contract numbers and contractual dates.

§ Transaction Data: Details about transactions made between you and us.

§ Payment Data: Information such as bank account data and credit card data.


§ Preferences: Information regarding how you wish to interact with us such as information regarding how you wish to be contacted by us and how you wish to use and/or receive our Services.

§ Input Data: Information you provide when you contact us or information you disclose or submit within channels operated by us (including our Websites, our Services, blogs and community forums) or when you register for or log-in to such channels operated by us.

§ Usage Data: Information about how you use and interact on our Websites and in relation to our Services such as type, IP address, IP location and unique device identifiers of your internet access device, information on browser type and version, information on browser plug-in types and versions, log-in data, mobile network information, time zone settings, operating system and platform, URL clickstream to, through and from our Websites and Services, length and time of visit to our Websites and use of our Services, information on what features of our Websites and Services are being used, interactions with user interfaces, page interactions including scrolling and mouseovers.

D. PURPOSES OF PROCESSING | LEGAL BASIS OF PROCESSING | LEGITIMATE INTERESTS

We will only process your personal data insofar as such processing is permissible under applicable laws.

The following table describes for what purposes and on what specific legal basis we process your personal data and – where the processing is based on Art. 6 (1) 1 f) of the EU General Data Protection Regulation (GDPR) – gives details about our legitimate interests for such processing:


Purpose of Processing


Legal Basis


Legitimate Interests


Specific purposes chosen by you Providing marketing information and communication regarding any of our services, including newsletters Conducting market research Verification of your identity for the use of certain our Websites and the use of certain our Services

Complying with a statutory duty or an order of a competent court or public authority
Providing the possibility to be contacted for any reason and to be able to respond to enquiries and feedback Providing our Websites and our Services for the public and for registered users

Enabling and maintaining the functionality of our Websites and our Services


Art.6(1)1a)GDPR Art.6(1)1a)GDPR

Art.6(1)1a)GDPR Art.6(1)1a)GDPR

Art.6(1)1c)GDPR

Art.6(1)1a)GDPR Art.6(1)1b)GDPR Art. 6 (1) 1 f) GDPR Art.6(1)1b)GDPR Art. 6 (1) 1 f) GDPR

Art.6(1)1b)GDPR Art. 6 (1) 1 f) GDPR


n/a n/a

n/a n/a

n/a

To ensure our availability for any requests

To inform about and carry out the business activities of us

To inform about and carry out the business activities of us


Fulfilling our obligations under contracts entered between you and us (including any contract regarding our Services), performing such contracts and taking necessary steps requested by you be- fore entering into such contract


Art. 6 (1) 1 b) GDPR


n/a


Purpose of Processing


Legal Basis


Legitimate Interests


Continuous optimization of our Web- sites and our Services


Art. 6 (1) 1 b) GDPR Art. 6 (1) 1 f) GDPR


To ensure, that our Websites and our Services remain innovative, up to date and can be used in a suitable manner


Analyzing and monitoring the use of our Websites and our Services


Art. 6 (1) 1 a) GDPR Art. 6 (1) 1 b) GDPR Art. 6 (1) 1 f) GDPR


To understand and meter how our Websites and our Services are used in order to recognize any faults and disruptions, to enhance their functionality and to improve user experience


Ensuring the overall system security, health and stability of our Websites and our Services


Art. 6 (1) 1 b) GDPR Art. 6 (1) 1 c) GDPR Art. 6 (1) 1 f) GDPR


To provide our Websites and our Services free from errors and defects and to ensure their security


Preventing unauthorized or unlawful use of and access to our Websites and our Services


Art. 6 (1) 1 c) GDPR Art. 6 (1) 1 f) GDPR


To protect your data and your interests, to ensure the security of our Websites and Services and to protect our business activities, business interests, intellectual property and other rights of us


Safeguarding and defending our vital interests and exercising any rights and asserting any claims we may have


Art. 6 (1) 1 f) GDPR


To protect our business activities, business interests, intellectual property and other rights of us and to safeguard any rights and remedies available to us


The respective legal basis mentioned in the above table is further described as follows:

§ Art. 6 (1) 1 a) GDPR: You have given your consent to the processing of your personal data by us.

§ Art. 6 (1) 1 b) GDPR: The processing by us is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such contract.

§ Art. 6 (1) 1 c) GDPR: The processing is necessary for us to comply with its legal obligations.

§ Art. 6 (1) 1 f) GDPR: The processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where your interests or your fundamental rights and freedoms which require the protection of personal data override such legitimate interests.

E. USE OF COOKIES

We use cookie technology on our Websites. When you access and use our Websites, a cookie may be placed within the memory of your internet access device. A cookie is a small piece of data containing alphanumerical information that our Websites can store via your internet access device for later retrieval. We use such cookies to provide you with a personalized and improved user experience.

Our Websites use both transient cookies and persistent cookies.

§ Transient cookies: Transient cookies are automatically deleted upon closing of your browser. Such transient cookies also include, in particular, session cookies. Session cookies contain a session identifier, allowing different requests from your browser to


be assigned to your particular browsing session and will allow your internet access device to be recognized upon your return to our Websites.

§ Persistent cookies: Persistent cookies will be automatically deleted after a specified period of time, which may vary depending on the type of cookie placed. We may use persistent cookies to help us to track use of our Websites, such as the number and frequency of visits to our Websites and which parts of our Websites are visited.

Many browsers accept cookies per default. However, your browser settings can be configured in order to prevent the storage of cookies. You may also delete cookies placed by our Websites at any time within your browser settings. Deactivating the storage of or deleting cookies may limit the functionality of our Websites.

F. RECIPIENTS OF PERSONAL DATA | THIRD-PARTY SERVICES

We will not sell, license, rent or trade your personal data. We will not otherwise disclose your personal data except as described within this Privacy Policy.

To facilitate the purposes for processing your personal data (as described in Section D of this Privacy Policy), we may disclose your personal data to the following recipients in connection with services that these recipients perform for, or with, us, always provided that these recipients are restricted from using such personal data in any way other than to provide such services:

§ Email service providers,

§ IT services providers (currently Amazon Web Services EMEA SARL),

§ billing solution providers (currently Stripe Inc.), ),

§ communication and messaging solution providers (currently Stripe Inc.), and

§ data analytics providers (currently Google Ireland Limited and Amplitude Inc.).

Our Websites and Services make use of the following third-party services:


Third-Party Services


We use Google Analytics on our Websites, a cookie-based web analytics service provided by Google Ireland Limited. The information generated by the cookie about your use of our Websites may be transmitted to a Google server in the USA and stored there subject to the EU Standard Contractual Clauses entered into between us and Google. As "IP anonymization" is activated for our Websites, any collected IP address will be truncated by Google within the European Union or within the European Economic Area before being transmitted to a Google server in the US, and only in exceptional cases will your full IP address be transmitted to a Google server in the US and be truncated there. Google will use this information on our behalf to analyze the use of our Websites, to compile reports on website activity and to provide services to us related to the use of our Websites. According to Google's terms, the IP address transmitted by a browser in the context of Google Analytics will not be merged with other data of Google. Your browser settings can be configured in order to prevent the storage of cookies. Deactivating the storage of cookies may limit the functionality of our Websites. Transmission of the data generated by the cookie and relating to the usage of our Websites (including your IP address) to Google as well as the processing of such data by Google can be prevented by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout. Information on the data use and retention practices of Google and its affiliates and subsidiaries can be found within the Google Privacy Policy.


We use Amplitude on our Websites and within our Services, a web analytics service provided by Amplitude Inc.. Amplitude also uses cookies (see Section E of this Privacy Policy). The information generated by the cookie about the use of our Websites and our Services will be transmitted to Amplitude. The afore- said information may also be transmitted to Amplitude's servers in the USA subject subject to the EU Standard Contractual Clauses entered into between us and Amplitude. Amplitude will use this information on our behalf to analyze the use of our Websites and our Services and to provide services to us related to the use of our Websites and Services. Your browser settings can be configurated in order to prevent


Third-Party Services

the storage of cookies. Deactivating the storage of cookies may limit the functionality of our Websites and Services. Information on the data use and retention practices of Amplitude can be found within the Amplitude Privacy Policy.


We use Google AdWords Conversion on our Websites, a service provided by Google Ireland Limited. By using a tracking code and a cookie on our Websites, it can be determined whether you have been forwarded to our Websites by clicking on content on pages of Google and which actions you perform thereafter. The usage data obtained in this way is evaluated by Google on behalf of us. Google AdWords Conversion enables us to evaluate the success of our individual advertising measures on pages of Google, to make our Websites and Services more appealing and to dynamically adjust them to your preferences. If you are logged into a Google service with a user profile, Google may also associate your visit to our Websites with such user profile. Even if you are not logged in to Google, Google may still store your IP address. The aforesaid information may also be transmitted to Google's servers in the USA subject to the EU Standard Contractual Clauses entered into between us and Google. Your browser settings can be configured in order to prevent the storage of cookies. Deactivating the storage of cookies may limit the functionality of our Websites. You may also opt-out this tracking process by opting out of interest- based advertising from Google at https://youradchoices.com/. Information on the data use and retention practices of Google can be found within the Google Privacy Policy.


We use LinkedIn Insight Conversion, a service of LinkedIn Ireland Unlimited. By using a tracking code and a cookie on our Websites, it can be determined whether you have been forwarded to our Websites by clicking on content on pages of LinkedIn and which actions you perform thereafter. The usage data obtained in this way is evaluated by LinkedIn on behalf of us. LinkedIn Insight Conversion enables us to evaluate the success of our individual advertising measures on pages of LinkedIn, to make our Websites and Services more appealing and to dynamically adjust them to your preferences. If you are logged into a LinkedIn service with a user profile, LinkedIn may also associate your visit to our Websites with such user profile. Even if you are not logged in to LinkedIn, LinkedIn may still store your IP address. Your browser settings can be configurated in order to prevent the storage of cookies. Deactivating the storage of cookies may limit the functionality of our Websites. You may also opt-out this tracking process by activating the opt-out cookie at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. In- formation on the data use and retention practices of LinkedIn can be found within the LinkedIn Privacy Policy.


We use Google Sign-in by Google Ireland Limited. This tool enables us to verify your identity for the use of certain our Websites and Services by means of existing Google profiles, without leading you through a separate registration process. You may initiate the respective login process by clicking on the Google Sign-in button. After entering your login data, a connection will be established between your Google profile and our Websites/Services. Depending on your personal privacy settings with Facebook and Twitter, these providers may transmit publicly accessible data of your respective profile (such as name, profile picture, and user name) to us. Information on the data use and retention practices of Google can be found within the Google Privacy Policy.


Our Websites use embedded videos offered by YouTube, a service of Google Ireland Limited . We have activated the "extended data protection mode" offered by YouTube. According to YouTube, data will therefore only be transmitted to YouTube when an embedded video is played. If you play these videos, YouTube may collect certain usage data as described in Section C of this Privacy Policy and other infor- mation about your use of the video. The aforesaid information may also be transmitted to YouTube's servers in the USA subject to the EU Standard Contractual Clauses entered into between us and Google. If you are logged into a YouTube service with a user profile, YouTube may also associate such information with such user profile. Information on the data use and retention practices of YouTube can be found within the Google Privacy Policy.


We use Google Fonts on our Websites, a service of Google, LLC for the integration of external fonts. In order to integrate such fonts, they are usually retrieved from a Google server in the USA. When you visit our Websites, certain usage data as described in Section C of this Privacy Policy is transmitted to such server subject to the EU Standard Contractual Clauses entered into between us and Google and stored by Google. Information on the data use and retention practices of Google and its affiliates can be found within the Google Privacy Policy.


We may also disclose your personal data to third parties, if required by law, e.g. in order to respond to a court or government request.

G. RETENTION TIME

We store your personal data for the period of time that is necessary for the purpose for which it was collected (see part D of this Privacy Policy) and/or for as long as we have a legitimate


interest in storing such data. We also store your personal data for a period prescribed by law, by court order or by official regulation – the exact period may vary from case to case. To the extent necessary, we also store your personal data until the expiry of applicable limitation periods for the enforcement of our own claims.

The criteria applied by us to determine the storage period include:

§ The period of time over which we provide our Websites and Services to you,

§ whether there is a legal retention obligation to which we are subject, and

§ whether retention is advisable in view of our legal position.

H. DATA SUBJECT RIGHTS

You have the following rights under the GDPR with regards to the processing of your personal data:

§ The right to obtain confirmation as to whether or not your personal data is being processed and, where that is the case, access to such personal data and certain relevant information. Such information includes, inter alia, the purposes of processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data is been or will be disclosed (Art. 15 GDPR). Please note that the rights and freedoms of other individuals may restrict your right of access.

§ The right to obtain the rectification and completion of your personal data, where such data is inaccurate or incomplete (Art. 16 GDPR).

§ The right to obtain the erasure of your personal data without undue delay under certain circumstances ("right to be forgotten") (Art. 17 GDPR).

§ The right to obtain the restriction of processing of your personal data under certain circumstances (Art. 18 GDPR).

§ The right to receive your personal data in a structured, commonly used and machine- readable format and the right to transmit such data to another controller without hindrance from us (Art. 20 GDPR).

§ The right to object to the processing of your personal data in certain circumstances, where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to Art. 6 (1) 1 e) GDPR, is based on legitimate interests of us or a third party pursuant to Art. 6 (1) 1 f) GDPR, or such personal data is processed for direct marketing purposes (Art. 21 GDPR).

§ The right to withdraw, at any time, any consent you had previously provided to us regarding our processing of your personal data. Such withdrawal will not affect the law- fulness of the processing prior to your withdrawal.

To exercise the above rights, please contact us at the contact details provided in Section A of this Privacy Policy.

Irrespective of the above rights, you have the right to lodge a complaint with a competent supervisory authority.


DATA SECURITY

We have established a privacy program designed to help protect your personal data. We maintain reasonable administrative and technical safeguards intended to protect against the loss, misuse, unauthorized access, alteration, or disclosure of your personal data. All data is securely stored and can only be accessed by entitled employees of us on a "need to know basis".

SENSITIVE DATA

We ask that you not disclose sensitive information (e.g. political opinions, religion, health, genetic or biometric information) to us through or in connection with our Websites and Ser- vices unless we have explicitly requested such disclosure from you.

VERSION

This is the current version of our Privacy Policy. We may revise this Privacy Policy from time to time (e.g. in the event that applicable laws are altered or our Websites and Services are modified). Changes to this Privacy Policy will be made by updating this page and will be communicated to you, if required. We nevertheless recommend that you check this Privacy Policy at regular intervals.