Tenzir Logo

Privacy Statement

September 2, 2023

Privacy Statement

This Privacy Statement explains how Tenzir GmbH and its affiliates (“Tenzir”, “we”, “us”, “our”) collect and use data from you (also “user” or “customer”) while you are browsing on our company website tenzir.com (“Website”), visiting our product app at app.tenzir.com (“App”) and/or, navigate to our documentation at docs.tenzir.com (“Documentation”).

Data Controller

The controller under data protection law is: Tenzir GmbH, Nagelsweg 41, 20097 Hamburg, Germany, info@tenzir.com, +49 40 209337260; entry in the commercial register under commercial register number: HRB 148081, register court: Hamburg Local Court.

Collection and Processing of Personal Data

When visiting and using Website, App, and Documentation, we collect personal data from you. Personal data in the meaning of Art. 4 EU General Data Protection Regulation (GDPR) is any information relating to an identified or identifiable natural person, e.g. name, address, email addresses, etc.

We use your data only if necessary and only for a specified purpose. The purpose may be the preparation or conclusion of a contract between you and Tenzir and/or the use of our consulting and support services.

If not specified otherwise throughout this Privacy Statement, the collection and processing of your personal data is based on legitimate interests according to Art. 6 para. 1 p. 1 lit. f. GDPR.

In the course of processing your personal data, we may transfer it to non-EU countries, such as the United States. The EU Commission issued an adequacy decision under Article 45 para 3 of the GDPR on July 10, 2023, ruling that the United States ensures an adequate level of protection for personal data transferred from the EU to U.S. companies within the new EU-US Data Privacy Framework.

Web Hosting

We host Website and App on Vercel. Vercel Inc., 340 S Lemon Ave 4133, Walnut, CA 91789, USA, collects the following information:

  • Types of data processed: device and usage information (e.g., IP addresses, log data); other service-generated data and contact data.
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of online offer.
  • Security measures: Vercel will implement and maintain technical and organizational security measures designed to protect its customer’s data from security incidents and to preserve its security and confidentiality; for more information see Vercel’s security FAQ.

Please note that Vercel Inc. also processes data in the U.S. The data processing conditions comply with the EU’s standard contractual clauses (SCC) and are further regulated in Vercel’s DPA. You can also consult Vercel’s Privacy Policy for further details on their privacy practices.

We host Documentation on GitHub Pages. Github B.V., Prins Bernhardplein 200, Amsterdam, 1097JB, Netherlands, collects information (e.g., in the form of web server log files), including your IP address, your browser type, language preference, referring site, additional websites requested, and the date and time of your request. Github needs this data to ensure functionality and security of our page.

  • Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., web pages visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: provision of online offer and user-friendliness.

Please consult GitHub’s Privacy Statement for further details on their privacy practices.

Analytics

For Website and Documentation, we use Plausible as a lightweight and open source web analytics solution. Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, does not require cookies and is fully compliant with GDPR, CCPA and PECR. Plausible is made and hosted in the EU, powered by European-owned cloud infrastructure. Please refer to Plausible’s Privacy Policy for a complete list of collected metrics.

  • Types of data processed: IP address; page URL; HTTP referer; browser; operating system, device type, location
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: collection of aggregate statistics on top sources, top pages, locations, and devices.
  • Security measures: running data points through a hash function with a rotating salt and generating a random string of letters and numbers (anonymization of the IP addresses).

For App, we use Segment, June, Highlight, and Google BigQuery. Segment provides a standardized data model for product analytics, that decouples the collection from the downstream analytics.

We use Segment to collect data on App as follows:

  • Types of data processed: User name and email address; custom events constructed on-the-fly when user performs a specific action
  • Data subjects: Users
  • Purposes of processing: Understand usage of App, identify pitfalls in user journey, measure user retention
  • Security measures: TLS-encrypted connection; see https://segment.com/security/ for details

Segment services are covered by Twilio’s DPA and Binding Corporate Rules. Twilio Ireland Ltd. is located in 3 Dublin Landings, North Wall Quay, Dublin 1, Ireland. For more information, please consult Twilio’s Privacy Notice.

June Inc., 8 The Green Suite #11384, Dover, DE 19901, USA, distills the event feed from Segment into user-centric KPIs. We use June as follows:

  • Types of data processed: a subset of events sent to Segment, only email addresses as personal data
  • Data subjects: Users
  • Purposes of processing: analytics to understand the user journey and improve App for a better user experience; aggregate KPI about
  • Security measures: TLS-encrypted connection

For more information, please consult June’s Privacy Policy.

Highlight Inc., 1120 Hoeschler Dr, Sparta, Wisconsin, 54656, USA, provides GDPR-compliant session recording and replay. We use Highlight as follows:

  • Types of data processed: Mouse movement, key presses, UI events; all text and images are obfuscated using Strict Privacy Mode
  • Data subjects: Users
  • Purposes of processing: Improve product, understand feature usage, discover UX issues
  • Security measures: TLS-encrypted connection; see compliance and security for details

For more information, please consult Highlight’s Privacy Policy.

Google BigQuery acts as long-term storage of our analytics data that comes from Segment. We use BigQuery as follows:

  • Types of data processed: a subset of events sent to Segment
  • Data subjects: Users
  • Purposes of processing: longitudinal analytics
  • Security measures: we rely on the security of Segment’s Google Cloud connector

Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, Dublin 2, Ireland, provides a Cloud Data Processing Addendum (CDPA), which we have opted in for, that includes SCC to meet security, contractual, and data transfer requirements under EU, UK, and Swiss data data protection laws. For more information, please consult Google’s Privacy Policy.

Sub-processors

In order to provide App and Documentation to you and operate our business effectively, we may need to share your personal information with certain third parties and service providers (“Sub-Processors”), some of which may not apply to every user. We have selected these Sub-Processors carefully and pursuant to the provisions of the GDPR. This section explains which data types we share for which purpose and contains links to the respective privacy policies/security measures of the relevant Sub-Processors if you wish to learn more:

Sub-Processor Data Types Purpose Security
Cloudflare
101 Townsend St., San Francisco, CA 94107, USA
Domain Domain hosting Privacy Policy
Auth0
Auth0 Inc., NE 8th St #700, Bellevue, WA 10800, USA
User login data User authentication Privacy Policy Auth0 General Data Protection Regulation Compliance
AWS
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA
Tenant data Implementation of Platform Privacy Notice
GCP
Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
Longitudinal analytics Product analytics Security and Privacy Considerations
Vercel
Vercel Inc., 340 S Lemon Ave 4133, Walnut, CA 91789, USA
App Web application Privacy Policy

Protection of Data

We deploy technical (e.g., encryption technologies) and organizational measures to protect your data and to prevent unauthorized access, changes or loss of your data. To accomplish this, we have implemented a compliance management system and other sub-policies to protect your personal information. For example, our team is only allowed to access personal user data to the extent necessary to fulfill the relevant business purposes and to perform their job, and they are bound by confidentiality obligations.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, telephone or social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries and maintaining user or business relationships.

  • Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms).
  • Data subjects: Communication partners.
  • Purposes of processing: contact requests and communication.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Contact Form and Newsletter

At Website, we use Pipedrive for our contact form and newsletter subscription.

Our web form gives you the possibility to contact us directly via Website.

  • Types of data processed: Name, email address
  • Data subjects: Website visitors
  • Purposes of processing: The ability to respond to inquiries, and optionally the ability to subscribe to our newsletter
  • Security measures: Encryption via HTTPS
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. GDPR)

Occasionally, we also send newsletters via Pipedrive based on our legitimate interests in efficient and secure delivery. Pipedrive logs the subscription for the newsletter in order to be able to prove the registration process according to the legal requirements.

Option to object (Opt-out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the above contact options, preferably email, for this purpose.

  • Types of data processed: Name, email address
  • Data subjects: Website visitors
  • Purposes of processing: direct marketing via email
  • Security measures: Encryption via HTTPS
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. GDPR)

Data Retention

Based on the principle of data avoidance and data economy, we retain your data for as long as it is necessary for us to perform a service that you have requested or for which you have granted your permission, unless legal requirements oblige us to retain your data for a longer period (e.g., storage periods according to trade or tax regulations).

Your Rights

You are at any time entitled to request information on what data we store about you (Art. 15 GDPR) and ask for rectification (Art. 16 GDPR), deletion (entirely or partially, Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object (Art. 21 GDPR). In case the processing of personal data is subject to your consent, you have the right to revoke this consent granted under data protection law in accordance with Art. 7 III GDPR. To exercise your rights as a data subject in relation to the data processed for the operation of this website, please direct your concern to legal@tenzir.com.

Should you consider the processing of your personal data as unlawful, you can directly submit your complaint (Art. 77 GDPR) with the responsible supervisory authority, which is the Hamburg representative for data protection and freedom of information.

Updates & Changes

The continuous development of legal requirements and technical or organizational measures makes it necessary for us to apply changes in this Privacy Statement from time to time. We reserve all rights to do so at any time. Hence, we kindly ask you to read this Privacy Statement before using our services.