Intershop Commerce-as-a-Service - Arrange an online demo now and jumpstart your digital commerce!

Privacy Policy and Consent to Use of Data

Intershop is committed to the responsible use of personal data. We have a particular obligation to protect and maintain the privacy of our customers and partners. We would therefore like to inform you about how we use your personal data.

We reserve the right to amend this Privacy Policy at any time. You are therefore advised to review this Privacy Policy at regular intervals.

1. Data Controller

The data controller as defined by the General Data Protection Regulation (GDPR) is:

Intershop Communications AG
Intershop Tower
07740 Jena
Germany
Tel.: +49 3641 50-0
Fax: +49 3641 50-1002
E-Mail: info@intershop.com

2. Data Protection Officer

If you have any questions or comments regarding data protection, please contact our data protection officer:
DatenschutzBeauftragter@intershop.de

3. Purpose of and Legal Basis for the Processing of Personal Data

a. When you use our website

Apart from the data collected by cookies and web analytics services, you can use our website without sharing any personal data with us. For information on the cookies and web analytics services used on our website, see Section 7 onwards.

b. When you inquire by email

If you have any questions about our products or services, we provide the option of contacting our customer service team (by phone or email) in accordance with point (f) of Article 6(1) of the GDPR. Sharing your personal data with us is always voluntary. The purpose of collecting your personal data (title, first name, last name, company email address, company name) is to identify you and to respond to your inquiry. Our legitimate interest here is the commercial necessity of being able to contact potential new customers. Any personal data you share with us when inquiring by email will be automatically deleted within 24 months unless longer statutory retention periods apply.

c. When you request a free white paper

You can also request any of our free white papers on digitization and Intershop products and services. These will be sent to you by email in accordance with point (f) of Article 6(1) of the GDPR. To receive a white paper, you will have to provide your title, first name, last name, email address, and company name. You can also provide your phone number if you would like us to contact you that way. The purpose of collecting your personal data is to identify you and to send you the requested white papers. Our legitimate interest here is the commercial necessity of being able to contact potential new customers. Any personal data you share with us via the contact form or phone will be automatically deleted within 24 months unless longer statutory retention periods apply.

d. When you request an online demo or on-site presentation

If you have any questions about our products or services, we provide the option of contacting our cus-tomer service team (by phone or email) in accordance with point (f) of Article 6(1) of the GDPR in order to arrange an online demo or on-site presentation. Sharing your personal data with us is always voluntary. The purpose of collecting your personal data (name, email address, company) is to identify you and to arrange a date for an online demo or on-site presentation. Our legitimate interest here is the commercial necessity of being able to contact potential new customers. Any personal data you share with us via the contact form or phone will be automatically deleted within 24 months unless longer statutory retention periods apply.

e. When you register for an event

To help you lay the foundations for your digital business, we periodically host events on topics relating to digitization of business models. To enable you to participate in these events, we provide the option of registering through our website in accordance with point (f) of Article 6(1) of the GDPR. Sharing your per-sonal data with us is always voluntary. The purpose of collecting your personal data (first name, last name, company email address, position) is to identify you and to process your registration for the event. Our legitimate interest here is the commercial necessity of being able to contact potential new customers. Any personal data you share with us via the contact form or phone will be automatically deleted within 24 months unless longer statutory retention periods apply.

f. When you subscribe to our newsletter

When you subscribe to our newsletter, we will use your email address to send you the regular editions of the newsletter and other information in accordance with point (a) of Article 6(1) of the GDPR. To subscribe to and receive the newsletter, the only information you need to share with us is your email address. At the end of each newsletter is an unsubscribe link, which you can use at any time. You can also cancel your subscription by sending an email to info@intershop.com. Our newsletter is published with the help of a third-party provider, HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 („HubSpot“). When you subscribe to the newsletter, the data you enter will be shared with this provider. If you do not want this data to be shared, you should not subscribe to the newsletter. You can unsubscribe from our newsletters at any time using the email address specified for this purpose when subscribing. If you do not subscribe to our newsletter or email services, no personal data will be shared. HubSpot is contractually obligated to use your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards. Additionally, HubSpot is subject to the EU-US Privacy-Shield (certificate available at: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG). For information on how HubSpot uses your personal data, you can view their privacy policy here: https://legal.hubspot.com/privacy-policy. The personal data you share with us when subscribing to the newsletter will be stored until you unsubscribe and then automatically deleted within 24 months unless longer statutory retention periods apply.

g. When you subscribe to our investor newsletter

When you subscribe to our investor newsletter, we will use your email address to send you the regular editions of the newsletter and other information in accordance with point (a) of Article 6(1) of the GDPR. To subscribe to and receive the newsletter, the only information you need to share with us is your email ad-dress. At the end of each newsletter is an unsubscribe link, which you can use at any time. You can also cancel your subscription by sending an email to info@intershop.com. Our investor newsletter is published using the plugins and functions of the MailChimp service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (“The Rocket Science Group”). When you subscribe to the newsletter, your personal data will be shared with this provider. If you do not want your personal data to be shared, you should not subscribe to the newsletter. You can unsubscribe from our newsletters at any time using the email address specified for this purpose when subscribing. If you do not subscribe to our newsletter or email services, no personal data will be shared. The Rocket Science Group is contractually obligated to use your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards. For information on how The Rocket Science Group uses your personal data, you can view their privacy policy here: http://mailchimp.com/legal/privacy/. The personal data you share with us when subscribing to the newsletter will be stored until you unsubscribe and then automatically deleted within 24 months unless longer statutory retention periods apply.

h. When you apply for a job

You can also use our website to apply for a job. If you do so, we will manage your application using software provided by Rexx Systems GMBH, Süderstrasse 75–79, 20097 Hamburg, Germany (“Rexx”). Rexx is contractually obligated to use your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards. We will only use the personal data you share with us in your application to process that application in accordance with points (b) and (c) of Article 6(1) of the GDPR. Your personal data will be treated in the strictest confidence in accordance with the law. Your personal data will be accessible to the relevant staff in our HR department and may be shared with management and employee representatives in some cases. When applying for a job, you must complete all the mandatory fields on the application form. If you do not provide this information, you will not be able to apply. Unless you ask us to delete it, we will store your personal data for a maximum of six months after the application process is completed. If we want to retain your application beyond that time because a suitable position is expected to become available at a later date, we will request your consent in writing. If your application is successful, we will generally store your application data in accordance with the scope of your employment contract and in compliance with the retention periods for personal data specified in the relevant commercial, tax, and social security legislation.

i. When you register on our partner portal

You can register as a partner and access a range of partner offerings at https://synaptic.intershop.com. We will only use the personal data you share with us when registering to process your registration and to facilitate your use of the partner portal in accordance with point (b) of Article 6(1) of the GDPR. If you do not want to share the personal data required when registering, you will not be able to use our partner portal. If you do not ask us to delete the personal data you share with us, we will store it for a maximum of ten years.

j. When you register for a webinar

We periodically host webinars on topics relating news to our software, the increase of your online success or other topics. To enable you to participate in these webinars, we provide the option of registering through our website. We will only use the personal data you share with us when registering to process your registration, the provision of the webinar as well as communication in the pre- and after field and to facilitate your participation in the webinar in accordance with point (b) of Article 6(1) of the GDPR. For this we make use of a third-party provider, LogMeIn Inc., 333 Summer Street, Boston, Massachusetts 02210 (“LogMeIn”), based in the USA. Your personal data will be shared with this provider. If you do not want your personal data to be shared, you should not register to our online-webinars. LogMeIn is contractually obligated to use your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards. For information on how LogMeIn uses your personal data, you can view their privacy policy here: https://www.logmeininc.com/de/gdpr/resource-center. Additionally, LogMeIn is subject to the EU-US Privacy-Shield (certificate available at: https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA). All relevant personal data you share with us for the purpose of the participating in the webinar via the contact form and if necessary any related documents (e.g. commercial letters, invoices) will be stored for a maximum of six to ten years after the completion of the webinar in accordance with legal requirements and regulations.

4. Consent

If you wish, you can give us the following consent in accordance with point (a) of Article 6(1) of the GDPR. We will log your consent and make it available for you to review at any time on this page (Privacy Policy and Consent to Use of Data). Yes, I would like to be kept up to date by email about events, industry news, reports, and publications related to Intershop Communications AG. Intershop’s short newsletter is usually published every two weeks.* I can withdraw this consent at any time by sending an email to info@intershop.com or by clicking the unsubscribe link at the end of any newsletter. For more information, see our Privacy Policy.

5. Right of Withdrawal and Right to Object

You may withdraw your consent for us to use your personal data as shown in Section 4 (including declarations of consent you may not have given) either entirely or for selected processes only, free of charge. Withdrawal of consent does not affect the lawfulness of any prior processing of data to which you had consented. If you withdraw your consent, you will no longer receive our newsletter. You have the right, in accordance with Article 21 of the GDPR, to object to the processing of your personal data in pursuit of the legitimate interests of Intershop or a third party if your reasons for ob-jection relate to your particular situation or if your objection concerns general or personalized direct marketing. In the latter case, you have a general right to object and you do not need to provide details of your particular situation. If you would like to use your right of withdrawal or right to object, please send an email to info@intershop.com or contact the data controller in some other way (see Section 1).

6. Disclosing Data to Third Parties / Recipients of Data

Subject to the above provisions we do not disclose your personal data to third parties. When providing our services, we may use technical service providers as processors in accordance with Article 28 of the GDPR, e.g., Microsoft Azure for hosting.

7. Cookies

What are cookies and what are they used for?

To improve the design of our website and to provide certain features (e.g., user-friendliness, readability, arrangement of content, and delivery of personalized content and functionality), we use “cookies” on a number of pages in accordance with point (f) of Article 6(1) of the GDPR. Cookies are small text files, which your browser downloads when you visit a website. Some of the cookies we use are deleted at the end of your browser session, i.e., after you close your browser (“session cookies”). Other cookies remain on your device and enable us to recognize your browser the next time you visit (“persistent cookies”).

Which cookies do we use?

We use so-called "first-party cookies", which are set by us as controller, as well as "third-party cookies", which are used by other providers.

Third-Party cookies

Name Provider Description
BizoID, bcookie , bscookie, lang, lidc, UserMatchHistory linkedin.com (https://www.linkedin.com/legal/cookie-table) Used by the social networking service, LinkedIn, for tracking the embedded services.
_cfduid hubspot.com, hs-analytics.net, hs-scripts.com (https://legal.hubspot.com/privacy-policy) The Cloud Flare cookie, set by HubSpot, is used to identify individual clients behind a shared IP address.

How to change your cookie settings

You can configure your web browser to be informed when a cookie is set and then choose whether to allow it. You can also configure your browser to automatically allow certain types of cookies or block all cookies completely. If you do not allow our website to set cookies, some features may not be available.

The following links will give you further information on how to deactivate the use of cookies in certain browsers and/or how to delete cookies.

8. Using Anonymized User Profiles for Web Analytics

This website uses Google Analytics, a web analytics service from Google, Inc. (“Google”), in accordance with point (f) of Article 6(1) of the GDPR. Google Analytics uses “cookies”—small text files, which your browser downloads to your device and which enable us to analyze how you use this website. The infor-mation generated by the cookie about your use of the website is generally transferred to and saved on a Google server in the United States. However, if IP anonymization is activated on this website, Google will shorten your IP address within a Member State of the European Union or in another Contracting Party to the European Economic Area Agreement. Only in exceptional circumstances will your entire IP address be transmitted to, and shortened on, a Google server in the United States. We have authorized Google to use this data to evaluate your use of this website, to compile reports on your activity on this website, and to provide us with additional services relating to the use of this website and the Internet. The IP address transferred from your browser by Google Analytics will not be merged with any other Google data. You can prevent your browser from downloading cookies by changing your browser settings accordingly; if you do this, however, please note that some features of the website may not be available. You can prevent Google Analytics from collecting and processing data relating to your use of this website (including your IP address), by downloading and installing the Google Analytics opt-out browser add-on here: https://tools.google.com/dlpage/gaoptout?hl=en. To view Google’s terms of service and privacy policy, go to https://policies.google.com/?hl=us. Please note that the Google Analytics “anonymizeIp” function is active on this website, i.e., IP addresses are anonymized (“masked”). Our legitimate interests lie in the analysis, optimization, and efficient operation of our website.

9. Google Tag Manager

Google Tag Manager is used on this website. Google Tag Manager allows marketers and webmasters to deploy website tags all in one place. The Tag Manager tool (which deploys the tags) is a cookieless domain. It is used to manage other tags, which may collect data under certain circumstances. Google Tag Manager does not access this data. If recording is deactivated on the domain or cookie level, this setting will apply for all tracking tags that are deployed using Google Tag Manager. For more information, go to https://www.google.com/intl/de/tagmanager/faq.html.

10. Hotjar

To improve the user experience, this website uses the Hotjar web analytics service in accordance with point (f) of Article 6(1) of the GDPR. A tracking code-based tool, Hotjar is provided by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, Europe, http://www.hotjar.com (“Hotjar”). Hotjar enables us to record and analyze user behavior on our website (clicks, cursor movements, scrolling, etc.). Hotjar uses “cookies”—small text files, which your browser downloads to your device and which enable us to analyze how you use this website. In order to prevent information being directly linked to a particular individual, IP addresses are anonymized before they are saved and processed. In addition, information on your operating system, browser, inbound and outbound links, geographical origin, and the resolution and type of device is analyzed for statistical purposes. This information is anonymous and is not shared with third parties, either by us or by Hotjar. If you want to stop Hotjar from collecting data on all websites that use the service, you can opt out of Hotjar on your browser here via the Do Not Track header: https://www.hotjar.com/opt-out.

11. SalesFeed

If you are using our website in the Benelux countries, we occasionally use services of SalesFeed Nederland B.V., ‘s-Gravelandseweg 46D, 1211 BT Hilversum, Netherlands. SalesFeed is contractually obligated to use and store your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards.

12. HubSpot

For our online marketing activities, we use HubSpot on our website in accordance with point (f) of Article 6(1) of the GDPR, an integrated software solution from HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 ("HubSpot"). We use HubSpot for the following purposes: content management (landing pages, contact forms), e-mail marketing (mailings), social media publishing, reporting (access, traffic sources, etc. ...). HubSpot uses "cookies", text files, which your browser downloads to your device and which enable us to analyze how you use this website. In order to prevent information being directly linked to a particular individual, IP addresses are anonymized before they are saved and processed. In addition, information on your operating system, browser, inbound and outbound links, geographical origin, and the resolution and type of device is analyzed for statistical purposes. This information is anonymous and is not shared with third parties, either by us or by HubSpot. If you want to stop HubSpot from collecting data on all websites that use the service, you can opt out of HubSpot on your browser via the Do Not Track header. HubSpot is contractually obligated to use your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards. Additionally, HubSpot is subject to the EU-US Privacy-Shield (certificate available at: https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA). For information on how HubSpot uses your personal data, you can view their privacy policy here: https://legal.hubspot.com/privacy-policy.

13. Use of Social Plugins (Facebook, Twitter, Google+, LinkedIn, Xing, YouTube)

13.1 Facebook social

This website uses plugins for the Facebook social networking service operated by Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA (“Facebook”). You can recognize these plugins by the Facebook logo or the phrase “social plugin from Facebook” or “Facebook social plugin.” You can see the Facebook plugins here: https://developers.facebook.com/docs/plugins. When you access a page on our website that contains a Facebook plugin, your browser will create a direct link to the Facebook servers. The plugin content is then transferred directly from Facebook to your browser and integrated into the page. This informs Facebook that your browser has visited the respective page on our website, even if you do not have a Facebook account or if you are not currently logged in to one. This information (including your IP address) is transferred by your browser directly to a Facebook server in the United States, where it is stored. If you are logged in to your Facebook account at the same time, Facebook will associate your visit to our website with your Facebook account. If you interact with the Facebook plugin, e.g., click the Like button or leave a comment, this information will also be transferred directly to a Facebook server and stored. It will also be published on your Facebook page and displayed to your Facebook friends. Facebook may use this information for the purpose of advertising, market research, and personalization of your Facebook page. To do this, Facebook creates usage, interest, and relationship profiles, for example to analyze your use of our website with regard to targeted Facebook ads, to inform other Facebook users about your activities on our website, and to provide other services associated with using Facebook. If you do not want Facebook to associate the data it collects via our website with your Facebook account, you should log out of Facebook before visiting our website. For information on the purpose and scope of data collection and processing by Facebook as well as your rights and options for protecting your privacy, please refer to Facebook’s privacy policy: http://www.facebook-com/policy.php.

13.2 Twitter

This website uses plugins for the Twitter social networking service operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”), in accordance with point (f) of Article 6(1) of the GDPR. You can recognize these plugins by the Twitter Bird logo. You can see the Twitter plugins here: https://about.twitter.com/en_us/company/brand-resources.html. When you access a page on our website that contains a Twitter plugin, your browser will create a direct link to the Twitter servers. The plugin content is then transferred directly from Twitter to your browser and integrated into the page. This informs Twitter that your browser has visited the respective page on our website, even if you do not have a Twitter account or if you are not currently logged in to one. This information (including your IP address) is transferred by your browser directly to a Twitter server in the United States, where it is stored. If you are logged in to your Twitter account at the same time, Twitter will associate your visit to our website with your Twitter account. If you interact with the Twitter plugin, e.g., click the Tweet button, this information will also be transferred directly to a Twitter server and stored. The Tweet will appear on your Twitter timeline and be visible to your Twitter followers and, if your Tweets are public, to other users. For information on the purpose and scope of data collection and processing by Twitter, as well as your rights and options for protecting your privacy, please refer to Twitter’s privacy policy: https://twitter.com/privacy. If you do not want Twitter to associate the data it collects via our website with your Twitter account, you should log out of Twitter before visiting our website.

13.3 Google

This website uses plugins for the Google+ social networking service operated by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can recognize these plugins by the +1 button on a white or colored background. You can see the Google+ plugins here: https://developers.google.com/+/plugins. When you access a page on our website that contains a Google+ plugin, your browser will create a direct link to the Google servers. The plugin content is then transferred directly from Google to your browser and integrated into the page. This informs Google that your browser has visited the respective page on our website, even if you do not have a Google+ account or if you are not currently signed in to one. This information (including your IP address) is transferred by your browser directly to a Google server in the United States, where it is stored. If you are signed in to your Google+ account at the same time, Google will associate your visit to our website with your Google+ account. If you interact with the Google+ plugin, e.g., click the +1 button, this information will also be transferred directly to a Google server and stored. It will also be published on your Google+ page and be streamed to your circles. For information on the purpose and scope of data collection and processing by Google as well as your rights and options for protecting your privacy, please refer to Google’s privacy policy: http://www.google.com/intl/de/+/policy/+1button.html. If you do not want Google to associate the data it collects via our website with your Google+ account, you should sign out of Google+ before visiting our website.

13.4 LinkedIn

This website uses the LinkedIn button for the LinkedIn social networking service operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The LinkedIn button features the white LinkedIn logo (“in”). When you click on the LinkedIn button on one of our website pages, your browser will create a direct link to the LinkedIn servers. The plugin content is then transferred directly from LinkedIn to your browser and integrated into the page. This informs LinkedIn that your browser has visited the respective page on our website. If you are signed in to your LinkedIn account at the same time, LinkedIn will associate your visit to our website with your LinkedIn account. If you do not want LinkedIn to associate this information with your LinkedIn account, you should sign out of LinkedIn before visiting our website. For information on the purpose and scope of data collection and processing by LinkedIn, please refer to LinkedIn’s privacy policy (https://www.linkedin.com/legal/privacy-policy) and user agreement (https://www.linkedin.com/legal/user-agreement).

13.5 Xing

We’d also like to tell you how your personal data is handled in relation to the XING share button, which is also used on this website. When you visit this website, your browser connects briefly with the XING SE (“XING”) servers, which provide the XING share button functionality (including the visitor counter). XING does not save any of your personal data when you visit this website. In particular, it does not save your IP address, nor does it use cookies to monitor how you use the XING share button. To view the latest privacy policy for the XING share button, go to: https://www.xing.com/app/share?op=data_protection.

13.6 YouTube

This website uses plugins for the YouTube video-sharing service operated by YouTube, LLC, headquar-tered at 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). YouTube is represented by Google, Inc., based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access a page on our website that contains a YouTube plugin, your browser will create a direct link to the YouTube servers and download the plugin content. This also tells YouTube which of our web pages you are currently viewing. If you are signed in to YouTube, it will associate this information with your account. If you interact with the YouTube plugin, e.g., click the start button on a video, this information will also be associated with your account. If you do not want YouTube to associate this information with your account, you should sign out of all YouTube and Google accounts and delete all YouTube and Google cookies before visiting our website. For more information on how YouTube (Google) processes and protects your personal data, please refer to Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

14. Intercom

Our website also has a live chat function where we provide one-on-one customer advice. The platform is provided by Intercom, Inc., based at 55 2nd Street, 4th Floor, San Francisco, CA 94105, United States. Intercom will only collect and process the data it requires to facilitate the live chat function in accordance with point (b) of Article 6(1) of the GDPR. Intercom is contractually obligated to use your personal data in accordance with European data protection standards, strictly as instructed, not for its own purposes, and in compliance with the relevant security standards. For more information on how Intercom handles personal data, go to: https://www.intercom.com/de/terms-and-policies.

15. General Data Retention Period

The length of time we store your personal data depends on what we need to use it for. Generally, we will delete your personal data when it is no longer required unless longer statutory retention periods apply. For more information on our data retention periods, see the respective sections in this Privacy Policy.

16. Rights of Data Subjects

You have the following rights regarding your personal data processed by us:

  • The right of access to information on your personal data stored by us in accordance with Article 15 of the GDPR
  • The right to rectification of inaccurate or incomplete personal data stored by us in accordance with Article 16 of the GDPR
  • The right to erasure of your personal data stored by us (“right to be forgotten”) in accordance with Article 17 of the GDPR
  • The right to restriction of processing of your personal data in accordance with Article 18 of the GDPR
  • The right to data portability in accordance with Article 20 of the GDPR
  • The right to object to processing of your personal data in accordance with Article 21 of the GDPR
  • The right of withdrawal of consent in accordance with Article 7(3) of the GDPR
  • The right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR

If you have any questions on how your personal data is processed or how to exercise your rights as a data subject, please send an email to info@intershop.com.