Privacidade

This section provides a simple overview of what happens to your personal data when you visit and use this online offering. This online offering includes the website (seatable.com), the cloud service SeaTable Cloud (cloud.seatable.io), the SeaTable Cloud team administration (account.seatable.com), the SeaTable Forum (forum.seatable.com) and SeaTable Ideas (ideas.seatable.com) as well as the SeaTable Market store (market.seatable.io). It also includes SeaTable instances as part of our product SeaTable Dedicated. “Personal data” means any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in the following sections.

Who is responsible for data processing on this online offering?
Data processing on this online offering is carried out by the operator SeaTable GmbH, whose contact details can be found in the legal notice.

How do we collect your data?
Some of your data is collected when you provide it to us, for example when you register for our cloud service SeaTable Cloud, subscribe to our newsletter, send us an inquiry, or create a user account for the SeaTable Forum.
Other data is collected automatically or after your consent when you visit the online offering through our IT systems. This mainly includes technical data (e.g. internet browser, operating system, time of page access, IP address). This data is collected automatically as soon as you access this online offering.
We consistently apply the principle of data minimization. We do not use so-called third-party cookies (e.g. Google Analytics). Collected data is pseudonymized so that it can no longer be assigned to a specific person (e.g. IP addresses are stored without the last digit).

What do we use your data for?
Most data is collected to fulfill contractual and pre-contractual obligations (e.g. email address, postal address, inquiries) and to ensure the error-free provision of the online offering (e.g. log data). Other data is used for the technical optimization of our online offering. This data may also be used to analyze your user behavior.
Your data is not linked with external data sources nor shared with others. In particular, personal data is not transferred to countries outside the European Union.

What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. For this and other questions regarding data protection, you may contact us at any time at the address provided in the legal notice.

Are analytics tools and third-party tools used?
When visiting this online offering, we collect data about your browsing behavior and make it analyzable. For this purpose, we use a web behavior analytics tool that we operate on our own server in a privacy-friendly configuration. Further information about the analytics programs used can be found below. We do not use third-party solutions (e.g. Google Analytics). This explicitly also applies to third-party AI solutions.

Data Protection

The operators of this online service take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this online service, various personal data are collected. Personal data are data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g. communication by e-mail) may have security vulnerabilities. A complete protection of data against access by third parties is not possible.

Information on the Controller

The controller responsible for data processing on this online service is:

SeaTable GmbH
117er Ehrenhof 5
D-55118 Mainz

Phone: +49 6131 26550
E-Mail: info@seatable.com

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can withdraw consent that has already been given at any time. The lawfulness of the data processing carried out until withdrawal remains unaffected by the withdrawal.

Right to Object to Data Collection in Specific Cases and to Direct Marketing

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. You can find the respective legal basis on which processing is based in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 para. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. If you object, your personal data will then no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or court remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will be done only insofar as it is technically feasible.

Encrypted Online Communication and Payment Transactions

This site uses current TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries, registrations, orders, and especially payment data (e.g. credit card numbers) that you send to us as the operator of the online service. Data transmitted over an encrypted connection cannot be evaluated by others.
You can tell if an encrypted connection is in place by looking at the browser’s address bar. If an encrypted connection is established, a “https://” appears before the site address, and you will see a closed padlock symbol in the address bar.

Information, Deletion and Correction

Within the framework of the applicable statutory provisions, you have at any time the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. For this and any other questions regarding personal data, you may contact us at any time at the address given in the imprint.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint for this purpose. The right to restriction of processing exists in the following cases:

• If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have objected pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your and our interests. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

No Transfer of Data to Non-European Countries

This online service obtains its data center services exclusively from companies based in Europe. This online service also consistently relies on European subcontractors and in particular does not use cloud and AI services of US companies (e.g. AWS, Google, Microsoft).

No transfer or other transmission of personal data to non-European countries takes place. This applies in particular to the use of AI functions in our cloud services. These use a self-hosted AI model (see hoster).

Only in the case of payment by credit card or a similar electronic payment method (e.g. Google or Apple Pay) on this online service may personal data possibly be sent to non-European countries and in particular to the USA. This is unavoidable, as all major credit card providers are based in the USA.

This online service uses the services of external infrastructure providers (hosters). Personal data collected on this online service and in the context of your electronic communication with our staff are stored on the servers of the respective hoster. These primarily include IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website accesses, and other data generated in the course of using the online service.

Purpose and legal basis
The hosters are used for the purpose of contract fulfillment with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of the secure, fast, and efficient provision of the online service (Art. 6 Para. 1 lit. f GDPR).

Order processing
To ensure data protection-compliant processing, we have concluded an order processing agreement with all hosters used.

Exoscale

For operating the cloud services SeaTable Cloud and SeaTable Dedicated, we use infrastructure from Akenes SA, Boulevard de Grancy 19A, 1006 Lausanne, Switzerland (Exoscale).

The data is processed and stored exclusively in Exoscale’s German data centers in Frankfurt am Main and Munich. The data center in Frankfurt has certifications according to ISO 9001, 14001, 27001, and 50001. In addition, it is certified according to PCI DSS 3.2 and OHSAS 18001. The data center in Munich is certified according to ISO 9001 and 27001 as well as PCI DSS 3.2, SOC-1 Type II, and SOC-2 Type II. More information about Exoscale’s data centers can be found at https://www.exoscale.com/datacenters/ .

Hetzner

The website seatable.com, the SeaTable Cloud team management, the SeaTable Forum, the SeaTable ticket system, the feature request tool SeaTable Ideas, the SeaTable Market, as well as our mail server and our web conferencing solution use servers from Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany (Hetzner). We also use Hetzner for operating test and demonstration systems as well as hosting language models (LLMs).

We exclusively use Hetzner’s German data centers. More information about Hetzner’s data centers can be found at https://www.hetzner.com/de/unternehmen/rechenzentrum/ .

Log Data

The log files of the servers used store information that your browser automatically transmits to us when using the online service. This includes:

• Browser type and browser version
• Operating system used
• Previously visited website
• Hostname of the accessing computer
• Time of the server request
• IP address

No merging of this data with external data sources takes place.

Purpose and legal basis
We use the log data to ensure the reliable operation of the online service and to continuously develop the technical infrastructure. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

Storage duration
The server log data are automatically cleaned up in regular cycles. The periods depend on the role of the log data for technical operations. At the latest after 180 days, the data will be deleted.

Cookies

The online service uses so-called cookies. Cookies are data records stored by your web browser, which are either stored temporarily for the duration of a session (so-called session cookies) or permanently on your end device (so-called permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or your web browser automatically removes them after their expiration. In addition, cookies are distinguished by their origin: First-party cookies are set by the visited web service, i.e., the visited website/web portal/web shop. Third-party cookies are set by an external service, particularly advertising networks and social media plugins.

Cookies serve various functions. Numerous cookies are technically necessary because they are required for secure electronic communication and certain functions of a web service would not work without them. These necessary cookies include cookies for language and regional settings, for the shopping cart function, and those for protection against fraudulent activities. Other cookies serve to collect data on user behavior and improve performance (so-called performance cookies) or to display personalized advertising (so-called advertising or tracking cookies).

You can configure your browser to be informed about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are disabled for this online service, some functions of the online service may not be available.

Purpose and legal basis
This online service uses exclusively cookies that are necessary for its proper and reliable operation. This is done on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The operator of the online service has a legitimate interest in storing cookies on end devices to ensure the technically error-free and optimized provision of its services.

The online service does not use third-party cookies, so-called third-party cookies.

Storage duration
The following table lists the cookies used by this online service and provides further information about them, particularly their validity:

The “Reichweite” (Scope) column indicates the domains that may access the cookie. (A dot before a domain means the domain itself as well as its subdomains.)

Contact Form, Inquiries by Email and Phone

If you send us inquiries via contact form, your details from the inquiry form including the contact details provided therein will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The same applies to inquiries by email and phone. We do not pass on this data without your consent.

Purpose and legal basis
The processing of this data is based on Art. 6 Para. 1 lit. b GDPR if your inquiry relates to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested.

Storage duration
The data you enter in the contact form remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Registration

This online service includes services for which you must register to use them (e.g., SeaTable Cloud). We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The information required for registration must be provided completely. Otherwise, we will reject the registration.

We use the email address provided during registration to inform you about important changes to the offer scope or technically necessary changes.

Purpose and legal basis
The processing of the data entered during registration is carried out for the purpose of implementing the usage relationship established by the registration and, if applicable, for initiating further contracts (Art. 6 Para. 1 lit. b GDPR).

Storage duration
The data collected during registration are stored by us as long as you are registered and will then be deleted. Statutory retention periods remain unaffected.

Posthog

This online service uses the development and analytics platform Posthog (Self-Hosted Edition). Posthog (Self-Hosted Edition) is published under the MIT Expat License and is therefore free, open-source software.

Posthog enables us to specifically activate or display new or selected features (so-called Feature Flags) for certain user groups. In addition, Posthog can be used to analyze the behavior of website visitors to better understand the usage and interaction with our online service.

Posthog collects usage data such as pages visited, dwell time, operating system used, browser language, and the approximate origin of visitors. For this purpose, Posthog stores a cookie on the end device (see above). The collection is done in such a way that no conclusions can be drawn about specific individuals: IP addresses are truncated before processing and thus do not allow direct identification of persons. Other personal data is hashed.

We host Posthog on our own server, and the data processing takes place exclusively on this server. No transfer to third parties occurs. No merging with external data sources takes place.

Purpose and legal basis
We use Posthog to technically optimize our online service and to specifically activate and test new features on the online service. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

If you wish to receive one or more of the newsletters offered, we require your email address as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

Purpose and legal basis
The processing of the data you enter when subscribing to the newsletter is based exclusively on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke the consent given for the storage of the data, the email address, and its use for sending the newsletter at any time. The easiest way to revoke your consent is to click on the “Unsubscribe” link, which is included in every newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

Brevo

This online service uses the newsletter service provider Brevo, a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

The data you enter for the purpose of subscribing to the newsletter is stored on Brevo’s servers in Germany. Further information on Brevo’s data storage locations can be found at https://help.brevo.com/hc/de/articles/360001005510-Speicherort-der-Daten .

Data analysis by Brevo
Brevo allows us to organize and analyze the sending of newsletters. For example, we can see who opened a sent newsletter and how often, and which included links were clicked the most. This allows us to determine, among other things, which links generated particular interest.

Additionally, we can recognize whether certain predefined actions were performed after opening/clicking (conversion rate). For example, we can recognize whether you made a purchase after clicking on the newsletter.

Brevo also enables us to divide newsletter recipients into various categories (clustering). Newsletter recipients can be segmented, for example, by age, gender, or place of residence. This allows newsletters to be better tailored to the respective target groups.

Detailed information on Brevo’s features can be found at https://www.brevo.com/de/features/email-marketing/ .

Brevo’s privacy policy can be found at https://www.brevo.com/de/legal/privacypolicy/ .

Purpose and legal basis
The use of Brevo is for the purpose of implementing the usage relationship established by registration (Art. 6 Para. 1 lit. b GDPR) and initiating further contracts (Art. 6 Para. 1 lit. f GDPR). You can unsubscribe from newsletters at any time. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

Storage duration
The data you provide us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and will be deleted from the newsletter distribution list after unsubscribing. Data stored by us for other purposes remain unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and not merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.

If you do not want analysis by Brevo, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose.

Order processing
To ensure data protection-compliant processing, we have concluded an order processing agreement with Brevo. In addition, Brevo is certified by TÜV Rheinland. This confirms that Brevo has established a data protection management system to protect customer data.

YouTube

This online service links to YouTube videos via text and image links. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).

Linking to a video on a page of this online service does not result in data being transmitted to YouTube or cookies being stored on your end device when the page is accessed. When calling up the page with a linked video, only data from the servers of this online service is loaded.

Only when you click the link are you redirected to the YouTube page and a connection to YouTube’s servers is established. In this case, YouTube is informed, among other things, from which page you jumped to the video. If you are logged into your Google account, you enable Google to directly assign your browsing behavior to your personal profile.

Further information on data protection at YouTube can be found in their privacy policy at https://policies.google.com/privacy?hl=de .

Google Fonts

This online service uses fonts provided by Google (Google Fonts). Further information on Google Fonts can be found at https://fonts.google.com .

We have installed all used Google Fonts on the servers of the online service. This allows the use of the fonts in this online service without establishing a connection to Google’s servers.

For processing inquiries, we use the helpdesk and ticket system Zammad (Zammad). The software developer is Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany. The software is published under the GNU Affero General Public License (AGPL), Version 3, and is therefore free, open-source software.

We have installed Zammad on our own server. If you send us an inquiry by email (except emails to personal mailboxes), all data associated with this communication process is processed exclusively on this server. No transfer takes place.

Purpose and legal basis
We use Zammad to process your inquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

Storage duration
Inquiries and messages directed to us remain with us until you request us to delete them or the purpose for data storage no longer applies (e.g. after completion of processing your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.

Processing of Data (Customer and Contract Data)

We collect, process, and use personal data only insofar as they are necessary for the establishment, content design, or amendment of the legal relationship (master data). This is done on the basis of Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process, and use personal data about the use of this online service (usage data) only insofar as this is necessary to enable or bill the user for the use of the service.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data Transfer Upon Contract Conclusion for Services and Digital Content

We only transmit personal data to third parties if this is necessary in the context of contract processing, such as to the payment processing service provider commissioned.

No further transfer of data takes place or only if you have expressly consented to the transfer. No transfer of your data to third parties without express consent, e.g. for advertising purposes, takes place.

Stripe

This online service uses Stripe for managing customer and contract data, invoicing, and processing payments. The provider for customers within the European Union is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (Stripe).

Stripe is a service that allows, among other things, capturing and managing customer data from online registrations, automatically generating and sending invoices, and processing payments. Customers can manage their customer data and contract status via a self-service portal (e.g. change billing address, upgrade/downgrade/cancel subscription), change payment methods and means, and download invoices.

Your customer, contract, and payment data are transmitted to Stripe via an encrypted interface from the SeaTable service or the SeaTable Market store and stored on Stripe’s servers. Billing takes place automatically at the contractually stipulated times. For payment methods that allow automatic processing (e.g. credit card), invoice amounts are automatically collected.

More information on Stripe’s features can be found at https://stripe.com/de/use-cases/saas

Stripe’s privacy policy can be found at https://stripe.com/de/privacy

Purpose and legal basis
The transmission of your data to Stripe is based on Art. 6 Para. 1 lit. b GDPR (contract processing) as well as our legitimate interest in using reliable and secure payment processes (Art. 6 Para. 1 lit. f GDPR).

Order processing
To ensure data protection-compliant processing, we have concluded an order processing agreement with Stripe.

For communication with our customers, we use web conferencing tools. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide/use to use the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants, and other “context information” related to the communication process (metadata).

In addition, the tool provider processes all technical data necessary for handling the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise provided within the tool, it is also stored on the tool providers’ servers. Such content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during use of the service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective tools used, which we have listed below this text.

Purpose and legal basis
The conferencing tools are used to communicate with prospective or existing contractual partners or to provide certain services to our customers (Art. 6 Para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been obtained, the use of the respective tools is based on this consent; the consent can be revoked at any time with effect for the future.

Storage duration
The data directly collected by us via the video and conferencing tools is deleted from our systems as soon as you request us to do so, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage duration of your data stored by the operators of the conferencing tools for their own purposes. Please contact the operators of the conferencing tools directly for details.

TeamViewer

This online service uses the web meeting and remote maintenance software TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstraße 30, 73037 Göppingen, Germany (TeamViewer). Details on data processing when using TeamViewer can be found in TeamViewer’s privacy policy at https://www.teamviewer.com/de/datenschutzerklaerung .

Conclusion of an order processing agreement
We have concluded an order processing agreement with the provider of TeamViewer and fully implement the strict requirements of the German data protection authorities when using TeamViewer.

Jitsi-Meet Web Conference

We use the open-source web conferencing solution Jitsi-Meet. We have installed this solution on our own server. When you communicate with us via Jitsi Meet, all data associated with this communication process is processed exclusively on this server.