Last updated on: 26/09/22
Mimacom AG is an affiliate of the Mimacom-Flowable Group. This Privacy Notice provides information on the collection, use, sharing and further processing of personal information by the Mimacom-Flowable Group and its affiliates (“the Group”, “we” or “us”). This Privacy Notice also explains the choices you have in relation to these processing activities and your relevant rights in this respect. This Privacy Notice applies as far as the processing activities are not subject to other privacy policies, are evident from the circumstances or are provided for by applicable law. As used in this Privacy Notice, ‘personal information’ or ‘personal data’ means any information that relates to an identified or identifiable individual, for example your name, address, email address, business contact details, or information collected through your interactions with us via our websites, at events or otherwise.
This Privacy Notice applies in connection with your use of our websites, mobile applications, online tools, social media, agreements, general terms and conditions or by way of other means that link to this Privacy Notice, your interactions with us during personal meetings or at Group events, and in connection with other offline sales, services, marketing activities and other business relation-ship activities with the Group.
Every website, every presence on social media, every other application of the Group and every services and other processing activties as described in this Privacy Notice has a controller within the Group responsible for processing your personal information described in this Privacy Notice according to the Regulation (EU) 2016/679 (General Data Protection Regulation ("GDPR")) or other applicable data protection laws. Unless provided otherwise on the website (according to the imprint, terms of use, etc.), Mimacom AG, Weltpoststrasse 5, 3011 Bern, Switzerland is the controller for the website www.mimacom.com. In the event a Group entity communicates through other means (e.g. email, letter, telephone, in person) and the communication does not fall within an activity for which the Group has appointed a dedicated controller within the scope of this Data Privacy or otherwise, the corresponding Group entity is the controller. A list of the Group entities and the countries where they are located is provided in Annex, which may be updated from time to time. Please select a region and country to view the registered address and contact details of the Group entity or entities located in each country. The Mimacom AG is the group representative. Therefore, for any inquiry, claim or concerns regarding data protection at our Group (all companies and affiliates), please contact us by sending an email or a postal message to the following address: email: datenschutz@mimacom.com, Mimacom AG, Weltpoststrasse 5, 3011 Bern, Switzerland.
Pursuant to Article 27 of the GDPR, the representative of companies and affiliates of the Group domiciled outside of the EU is Mimacom Deutschland GmbH, Schloßstraße 70, 70176 Stuttgart, Germany.
Categories of personal data processed, purpose of the processing and legal basis:
When visiting our Group websites, applications or online tools (each a "website offering"), the corresponding Group entity may collect and process the following personal data about you:
Personal data that you actively and voluntarily provide us through a website offering that we use to the extent it is necessary for the provision of a service or the execution of the contract and subject to Article 5 GDPR (e.g., when contacting us with your inquiries, submitting an application, in order to download certain documents, reply to a job offer, open a issue in our forum, etc.), including name, email address, telephone number, information submitted as part of a support request, comments or forum posts, etc.; and
Information that is automatically transmitted to us by your web browser or device in server log-files when you visit and retrieve the content provided for statistical and system-related purposes comprising your IP-address, time stamp (date and time of the access), device type, browser type and operating system of the requesting computer, referring site, sites accessed during your visit, file name accessed, data volume transferred and notification of successful retrieval. The stored IP address is only analyzed in the event of an attack on our information technology systems. An individual cannot be traced back to the stored user data. The logged data is stored for a period of 30 days and is afterwards erased by the system.
We process your personal data for the following purposes:
To provide you with our services and functions and to administer your use of our website offerings;
To verify your identity (e.g. if you registered for a newsletter);
To reply and fulfill your specific inquiries; and
As reasonably necessary to enforce the applicable terms of use, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.
The legal basis for the processing of your personal data are the following:
To perform our obligations in connection with any contract we make with you (Article 6 (1) (b) GDPR);
To comply with our legal obligations (Article 6 (1) (c) GDPR); and/or
Legitimate interests pursued by us (Article 6 (1) (f) GDPR), e.g. the efficient, effective and secure performance or management of our services and your use of our website offerings.
Your Consent related to the relevant use of your personal data that we may ask you for, which can be withdrawn at any time according to applicable laws (Article 6 (1) (a) GDPR).
Categories of personal data processed, purpose of the processing and legal basis:
In connection with a prospective or existing business relationship with a Group entity, we may process the following categories of personal data of current and future contact persons of our customers, partners, suppliers and other business partners (each a “Business Partner”):
Contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address;
Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
Further information necessarily processed in a project or contractual relationship with a Group entity or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones;
Personal data collected from publicly available resources, integrity data bases and credit agencies; and
If legally required for Business Partner compliance screenings: date of birth, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.
We process your personal data for the following purposes:
To communicate with our Business Partners about services, products and projects of the Group or Business Partners, e.g. by responding to inquiries or requests or providing you with technical information about purchased products;
For planning, managing and performing the contractual relationship with our Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, and providing maintenance and support services;
To administrate and perform customer surveys, market analysis, marketing campaigns, sweepstakes, contests, or other promotional activities or events;
To maintain and protect the security of our websites, services and products, preventing and detecting security threats, fraud or other criminal or malicious activities;
To ensure compliance with legal obligations (e.g. record keeping obligations), Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and Group policies or industry standards; and
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
The legal basis for the processing of your personal data are the following:
To perform our obligations in connection with any contract we make with you (Article 6 (1) (b) GDPR);
To comply with our legal obligations (Article 6 (1) (c) GDPR); and/or
Legitimate interests pursued by us (Article 6 (1) (f) GDPR), e.g. the efficient, effective and secure performance or management of our business relationship with you.
Your Consent related to the relevant use of your personal data that we may ask you for, which can be withdrawn at any time according to applicable laws (Article 6 (1) (a) GDPR).
We offer applicants the option to apply for job openings online on our Career-site or via third party providers websites. You can apply for an open position by submitting your application via our application form or the one provided by a specific job board. You can also apply by sending your information via email at jobs@flowable.com.
You will be asked when you submit your application whether you give us consent to hold your details for the full 24 months in order to be considered for other positions or not. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed in accordance with applicable laws.
Categories of personal data processed, purpose of the processing and legal basis:
Contact information, such as name and last name, address, phone number and email address, photo, copy of ID or passport;
Information related to your professional background and skills such as cv, date of birth, professional experience, former employers, cover letter;
Social media pages, websites or any other information a candidate decides to share with us.
We process your personal data for the following purposes:
Examination of job applications suitability, including verifications of qualifications provided by candidates;
Contact candidates for recruitment purposes.
The legal basis for the processing of your personal data are the following:
To perform our obligations in connection with any contract we make with you (Article 6 (1) (b) GDPR);
Your Consent related to the relevant use of your personal data that we may ask you for, which can be withdrawn at any time according to applicable laws (Article 6 (1) (a) GDPR)
In connection with the attendance to one of our online events we may process the following categories of personal data :
Contact information, such as full name, company name, job title and region and email address;
Information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns (such as time of drop in and out of a presentation). We might collect this information on a non-anonymous basis.
We process your personal data for the following purposes:
To enable you to log-in and attend the event
To improve the content and quality of our events. We collect this information on a non-anonymous basis in order to improve our website, our events, their content and the services we provide, and for analytical and research purpose.
The legal basis for the processing of your personal data are the following:
To perform our obligations in connection with any contract we make with you (Article 6 (1) (b) GDPR);
Legitimate interests pursued by us (Article 6 (1) (f) GDPR), e.g. the efficient, effective and secure performance or management of our services and online events.
In accordance with applicable data protection laws, Group entities and our affiliates may transfer personal data of you and our Business Partners to the following categories of Group entities and third parties who process personal data in connection with the use of our website offerings, services and products or our business relationship with you and our Business Partners in accordance with the purpose of data processing as described in this Privacy Notice on behalf of the Group or for their own purposes:
other Group entities;
service providers and other processors (within the Group and external third parties) which provide IT or other services to us and which process such data only for the purpose of such services (e.g. hosting or IT maintenance and support services);
customers, partners, suppliers and other business partners;
media agencies, the public, including visitors of websites and social media of the Group;
industry organizations, associations, organizations and other committees;
acquires or parties interested in acquiring business units, companies or other parts of the Group;
Courts, arbitration bodies, law enforcement authorities, regulators, attorneys and other parties in potential or actual legal proceedings, if necessary to comply with the law or for the establishment, exercise or defense of rights or legal claims.
Sometimes the recipients to whom we may transfer or disclose personal data of you and our Business Partners are located in third countries in which applicable laws do not offer the same level of data protection as the laws of the home country. If personal data is disclosed to such countries that do not guarantee adequate protection, we will ensure adequate protection of data disclosed by putting adequate contractual guarantees in place, (e.g. on the basis of EU standard contractual clauses), binding corporate rules, or transferring data pursuant to consent, conclusion or performance of a contract, or in connection with the determination, exercise or enforcement of legal claims according to applicable data protection laws. You may request further information about the safeguards implemented in relation to specific transfers and a copy of the contractual guarantees by contacting datenschutz@mimacom.com. We reserve the right to redact such copies for applicable legal or secrecy reasons. Moreover, please note that personal data published by you on our website offering (e.g. forums) may be globally accessible to other registered users of the respective website offering.
In accordance with the principles of data minimization (Article 5 (1) (c) GDPR) and data economy (Article 5 (1) (e) of the GDPR), the Group retains personal data for no longer than it is necessary for the purposes for which the personal data are processed. Notwithstanding the foregoing, we may process personal data for longer periods subject to the following rules and obligations:
We retain personal data as long as we (i) have an obligation to do so (e.g. by way of contract, law or other provisions) or (ii) we have an overriding interest (e.g. an interest for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements or an interest in non-personalized analysis). Deviating rules are reserved with respect to anonymization or pseudonymization of personal data subject to applicable law.
As a rule for contract related personal data (including business records and communication) we retain personal data as long as the contractual relation is ongoing and for ten years after the termination of the contractual relationship unless (i) a shorter or longer statutory storage obligation is applicable on a case-by-case basis, (ii) the retention is required for reasons of proof or another valid reason based on applicable law, or (iii) the deletion of the data is required earlier (because e.g. the data is no longer required or a Group entity is required to delete the respective data).
As a rule for operational data containing data (e.g. protocols, logs), we retain personal data for a period of 3 - 12 months.
In general, Group entities and our affiliates retain personal data as long as necessary to achieve the purposes for which it was collected, usually for the duration of the ongoing employment relationship and for 10 years or any other period after the termination of the employment relationship as legally required or permitted by applicable law. For operational data containing personal data (e.g. protocols, logs), the Group retains it for 3 to 12 months. For Business records, the Group normally retains them as long as there is a legitimate interest in them which is usually not longer than for 10 years. Such legitimate interests may be for example for reasons of proof in case of establishment, exercise or defense of legal claims, documentation of compliance with certain legal or other requirements (if no longer statutory retention periods apply). Deviating retention periods may apply namely with respect to anonymized or pseudonymized data as long as Group entities and our affiliates have a legitimate interest of retention of such data.
Personal data will be destroyed by Group entities and our affiliates without delay once there is no longer the need to retain it. If printed on paper, the personal data will be shredded or incinerated. If saved in electronic form, the personal data will be destroyed using irreversible technical means.
WITHDRAW CONSENT
In case you declared your consent for the processing of certain personal data by the Group, you have the right to withdraw your consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal.
SIGNING UP FOR NEWSLETTER
You can subscribe to our newsletter to receive up-to-date information about our products and services. When you sign up for our newsletter, the information you provide (mandatory fields: first name, last name, email address) will be used exclusively for this purpose (Article 6 (1) (a) of the GDPR). Other than that, we do not process any further data. We use the 'double opt-in process' to ensure that you are the actual owner of the email address you provided. For this purpose we record the:
your consent to receive newsletters;
You may revoke your consent to the processing of your personal data and to it being used to send you the newsletter at any given time. You can either use the Unsubscribe link in the newsletter or contact us via email at marketing@mimacom.com.
COOKIES
We also use cookies and other tracking technology which collect certain kinds of information when you interact with our sites and applications such as IP addresses or browsing preferences. For further information on cookies please refer to our Cookie Notice.
GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses "cookies", text files that are stored on your computer to help analyze your use of the website. Information generated by the cookie about your website usage is usually transmitted and saved to a Google server in Ireland. If IP anonymization is activated on this website, your IP address will first, however, be truncated by Google within the member states of the European Union or in other signatory states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server outside the European Uniont and in the USA and truncated there. Google will use this information to analyze your use of the website, to compile reports on website activities and to perform other services linked to website and internet usage on behalf of the website operator. The IP address communicated by your browser in the context of Google Analytics will not be amalgamated with other Google data. You can block the use of cookies by adjusting your browser software accordingly; however, please note that by doing so you may be prevented from using the full range of this website's functions. You can also prevent the data generated by the cookie about your use of the website (including your IP address) being sent to Google and this data being processed by Google by downloading and installing the browser plugin available at the following link. The current link is here: Browser-Add-On to uninstall Google Analytics.
We remind you that on this website Google Analytics and Google Remarketing was expanded by the code 'gat.anonymizeIp();' in order to assure anonymous recording of IP-addresses (so-called IP-masking).
SALESFORCE PARDOT
Our website uses Pardot Services, an analytical tool from salesforce.com, inc, The Landmark @ One Market Street, San Francisco, CA 94105, USA. Pardot Services sets a maximum of two cookies. These are text files that are stored on your computer and allow an analysis of the use of the website. The set cookies are a "Visitor Cookie" and a "Pardot App Session Cookie". Via the "Visitor Cookie" an identification number is generated. That means the browser of the website visitor will be recognized. The identification number is a generated number code that has no meaning outside of Pardot Services. The "Pardot App Session Cookie" is only set when a customer logs in as a user in the Pardot app. All cookies will only receive the generated code number. In addition, we also use Pardot for registering our email service. Emails sent by Pardot use tracking technologies. We use this data to find out which topics you are interested in by tracking whether our emails are opened and which links you click. We use this information to improve the emails and the services we provide. If you want to prevent the tracking by Pardot, you can ensure this by your browser settings or by an appropriate extension of your browser. However, this may result our offerings with some limitations in the features and usability.
SECURITY
We implement appropriate technical and organizational security measures to protect your data managed on our systems against accidental or intentional tampering, loss, or access by unauthorized persons. The security measures are subject to continuous improvement in line with technological developments. We take the appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure or access, in particular where processing involves the transmission of data over a network, and against all other unlawful forms of processing and misuse. In the event personal data is compromised as a result of a Personal Data Breach we will make the necessary notifications, as required under applicable laws.
CHILDREN
Our websites, services and products are not intended for children and we do not knowingly collect personal data from children under the age of 16. If we are notified or otherwise learn that personal data of a child under the age of 16 has been improperly collected, we will take all reasonable steps to delete that personal data.
LINKS TO OTHER WEBSITES AND THIRD-PARTY PRIVACY POLICIES
We may provide links to other websites and applications (e.g. social media websites). Please note that our browsing and interaction on any other website is subject to the terms of use and privacy policies and notices of such third-party websites. This Privacy Notice applies only to the website and services of the Group as set forth in this Privacy Notice and not to other websites or applications operated by third parties where we do not control the privacy practices of such other websites or applications. We strongly encourage you to read the terms of use and privacy policies and notices of other websites carefully before providing personal data through that website. We are not responsible or liable for the privacy practices, information or content of such third-party websites. In case of the Joint Controllership Agreement, please read the following documents about Linkedin and Facebook
RIGHTS OF DATA SUBJECTS (ART. 13 (2) (B) GDPR)
Any affected individual may request information from us as to whether data concerning him or her is being processed. In addition, they have the right to request the correction, destruction or restriction of personal data regarding them as well as to object to the processing of personal data. Should the processing of personal data be based on consent, the affected individual may withdraw consent at any time. Moreover, in countries of the EEA the affected individual may, in certain cases, have the right to obtain data gathered during the use of online services in a structured, common and machine-readable format which allows for further use and transfer. We reserve the right to restrict the rights of the affected individual in accordance with applicable law (e.g. not to disclose comprehensive information or not to delete data). In the event a Group entity makes an automated decision with respect to a certain individual which may have a legal effect for the affected individual or seriously affect him or her in a similar way, the affected individual shall have the right subject to applicable law to communicate with a controller of the Group and to request a reconsideration of the decision or to request the prior evaluation by the controller. In this case the affected individual may no longer be able to use certain automated services. The individual will be informed thereof subsequently or separately in advance.
In order to exercise your data protection rights as a data subject or to obtain further information about the processing of your personal data by us, make suggestions or lodge complaints, please contact us by sending an email or a postal message to the following addresses: datenschutz@mimacom.com. Any affected individual may also raise a complaint with the competent data protection authority, which in the case of a mimacom controller in Switzerland is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch), the mimacom controller in Germany is the Data Protection Office in Bonn (Der/Die Bundesbeauftragte für den Datenschutz und die Informationssicherheit, www.bfdi.bund.de). In all other cases a list of the competent data protection authorities can be found here.
CHANGES TO THIS PRIVACY POLICY
As we are constantly developing our web pages, services and products and employing new technologies, or to comply with legal requirements or to meet changing business needs, we reserve the right to amend this Data Privacy Notice at any time and without prior notice or announcement. In case there is an important change that we want to highlight to you, we will inform you in an appropriate manner (e.g. via a pop-up notice or statement of changes on our website). We therefore recommend that you carefully re-read this Privacy Notice from time to time. The latest version posted on this website shall be applicable. Should the Privacy Notice form part of an agreement with our Business Partners, we may inform them of an update or amendments by email or in another appropriate manner and in accordance with applicable laws. The amendments shall be deemed to have been accepted unless an objection is raised within 30 days of notification. In case of objection the corresponding Group entity shall be free to terminate the agreement exceptionally and with immediate effect.
DO YOU HAVE ANY QUERIES REGARDING DATA PROTECTION?
For any queries pertaining to data protection please send us an email to: datenschutz@mimacom.com.
Annex
Switzerland and EEA countries
Mimacom Management AG, Weltpoststrasse 5, 3015 Bern, Switzerland, +41 31 329 09 00,
Mimacom AG, Weltpoststrasse 5, 3015 Bern, Switzerland, +41 31 329 09 00,
Mimacom Deutschland GmbH, Schloßstraße 70, 70176 Stuttgart, Germany, +49 711 460 59 64 – 0,
Mimacom ibérica s.l., Avda Cortes Valencianas 58, 7º, 05, 46015 Valencia, Spain, +34 96 506 33 05,
Flowable Holding AG, Weltpoststrasse 5, 3015 Bern, Switzerland Switzerland, +41 31 329 09 00,
Flowable International GmbH, Weltpoststrasse 5, 3015 Bern, Switzerland, +41 31 329 09 07,
Flowable Deutschland GmbH, Schloßstraße 70, 70176 Stuttgart, Germany, +49 711 460 59 64 – 0,
Flowable Licences AG, Weltpoststrasse 5, 3015 Bern, Switzerland, +41 31 329 09 00,
Flowable AG, Weltpoststrasse 5, 3015 Bern, Switzerland, +41 31 329 09 00,
Flowable Services GmbH, Weltpoststrasse 5, 3015 Bern, Switzerland, +41 31 329 09 00,
Flowable Services Spain s.l.u., Avda Cortes Valencianas 58, 7º, 05, 46015 Valencia, Spain, +34 96 506 33 05,
Non-EU countries
Mimacom USA Inc., 309 East Paces Ferry Rd. NE Suite 20, Atlanta, GA 30305-2367, USA, +1 704 997-8468,
Flowable USA Inc., 309 East Paces Ferry Rd. NE Suite 20, Atlanta, GA 30305-2367, USA, +1 704 997-8468,
Flowable Canada IT Services IN., 95 Foundry Street, Suite 300, Moncton, NB E1C 5H7, Canada.