Harvest Digital Privacy Policy

  1. Subject Matter and Scope of Application

We take the protection of your personal data very seriously. With this Privacy Policy, we inform you of the personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this Privacy Policy.

  1. Data Controller

Harvest Digital Ltd

25 Moorgate

London

EC2R 6AY

United Kingdom

Phone: +44 (0) 207 479 7500

Email: info@harvestdigital.com

  1. Data Protection Officer

Christian Schmoll

Email: info@harvestdigital.com

Anyone concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

  1. Visit to the Website

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, we collect further information about the browser of your terminal device.

We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems. The data is also used to correct errors on the website.

For these purposes the following data will be logged:

– IP address of the calling computer

– Operating system of the calling computer

– Browser version of the calling computer

– Name of the retrieved file

– Date and time of retrieval

– Transferred amount of data

– Referring URL

These data are deleted on a regular basis (maximum one month)Our website is hosted by a service provider on the basis of data processing on behalf of the controller in accordance with Art. 28 GDPR.

The legal basis for this data processing is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.

  1. Customer Contact and Customer Database

If you contact us to request information, the information you provide will be stored for the purpose of processing your request. We need the information requested in the contact form on the website in order to process your enquiry, address you correctly and send you an answer.

Requests are stored in our CRM system. This data can be used by us for direct marketing measures. You can object to such use for direct advertising at any time. Details about your right of objection can be found below under “Right of objection”.

The CRM system is regularly checked to see whether data can be deleted. If data in the context of a customer or prospective customer relationship is no longer necessary or an opposing interest of the customer outweighs, we will delete the relevant data, unless there are any legal storage obligations.

The legal basis for this storage and processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the maintenance of communication with our customers, interested parties and suppliers, the maintenance of our customer relationships and the implementation of direct marketing measures. If the purpose of establishing contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b) GDPR.

  1. Our Services

We process the data of our customers and suppliers or service providers in the context of the performance of our services as an agency. This may involve the processing of  data name and first name of the contact person(s), address(es), contact data (e.g. e-mail address, telephone number), contract data (e.g. subject of contract, duration), payment data and data collected in the context of the performance of our services and/or required for the provision of our services. The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR.

 

In some cases, we act as data processor for our customers. In this case, we offer our customers to enter into a data processing addendum in accordance with the requirements of Art. 28 GDPR. We are happy to provide you with our template for the data processing addendum. Please contact us at privacy@harvestdigital.com for more information.

  1. Cookies

Our website uses cookies. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your browser where they are stored for later retrieval. Cookies can be small files or other types of information storage. Cookies are used to store information that arises in connection with the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is opened again. A cookie also contains information about its origin and the storage period. This does not mean that we will immediately become aware of your identity.

We use cookies to make our website more user-friendly.

On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website (e.g. to enable the storage of your shopping basket contents). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. Session cookies are automatically deleted after leaving our website.

In addition, we use temporary cookies which we store on your terminal for a certain period of time (so-called first party cookies). If you visit our site again, it is automatically recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.

We also use cookies for other purposes, such as web analysis. These cookies are also automatically deleted after a defined period of time. This use is explained in more detail below.

You have the option of preventing the setting of cookies by making the appropriate settings via our cookie preference center and/or in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.

You can object to the use of cookies, which are used for range measurement and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

The legal basis for the processing of personal data using non-essential cookies is your consent (Art. 6 para. 1 lit. a) GDPR.

  1. Google Analytics

We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.

We use Google Analytics web analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google Analytics sets cookies. In addition, data is transmitted to the USA. As part of IP anonymisation, the IP address collected by Google from users of our website within the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases is the unabridged IP address transmitted to Google in the USA and abbreviated there. The IP addresses transmitted are not combined with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent the collection by Google of the data generated by the cookie and related to your use of the online service and the processing of this data by Google by downloading and installing the browser plug-in available under the following link, which Google Analytics uses JavaScript to inform Google Analytics that no data and information on visits to Internet pages may be transmitted to Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=en

When Google Analytics is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are suitable guarantees for data transmission in accordance with Art. 46 GDPR.

The legal basis for this data processing when using web analytics is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the analysis, optimisation and economic operation of our website and our customer interactions.

  1. Google Maps

We use the Google Maps (API) service of Google Ireland Limited on our website. Google Maps enables the display of interactive maps. When you access subpages of the website on which Google Maps is used, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers in the United States.

When Google Maps is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are suitable guarantees for the data transfer in accordance with Art. 46 GDPR.

Further information on data processing by Google can be found in Google’s privacy information: https://www.google.com/policies/privacy.

The legal basis for this data processing when using web analytics is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the analysis, optimisation and economic operation of our website and our customer interactions.

  1. Social Media Buttons

Our website includes social media buttons from the social media networks Facebook, Twitter, Instagram, and LinkedIn.

If you click on one of these social media buttons, you will be redirected to our pages at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective privacy policies of the providers of the social media networks.

The legal basis for the integration and use of the social media buttons is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is the marketing of our offers and our website.

  1. Social Media Pages

We maintain a publicly accessible profile on the social media networks Facebook, Twitter, Instagram, and LinkedIn (“Social Media Pages” or “Fan Pages”).

If you visit one of our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your usage behaviour and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account at the respective social media network, personal data may be collected by the provider of the respective social media network, for example, your IP address or data collected via a cookie.

The operators of social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network websites and on other websites.

If you visit one of our social media pages, we are jointly responsible for the social media network provider for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, please refer to the privacy policies of the social media networks. We do not have any further information in this respect.

We will be happy to provide you with information on suitable guarantees for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.

You can assert your rights of data subjects in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is the presence and marketing of our products and services on the Internet.

  1. Videos

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. The Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our plugin or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored. Vimeo is certified under the EU – US Privacy Shield and provides appropriate safeguards according to Art. 46 GDPR: https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

The legal basis for this data processing within the framework of the use of YouTube is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is the optimisation and economic operation of our website.

  1. Fonts

We use font libraries on this website in order to present the contents of our website in a correct and graphically appealing manner across all browsers. Calling up font libraries automatically triggers a connection to the library operator. The operator receives the information that the font required for our website has been called up from your IP address.

You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).

We use Google Web Fonts of Google Ireland Limited (https://www.google.com/webfonts/). When using Google Web Fonts, data is transferred to the USA. Further information on data processing by Google can be found in Google’s data protection information: https://www.google.com/policies/privacy.

Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 GDPR.

Legal basis for this data processing Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the optimisation and economic operation of our website and our customer interactions taking place via it.

  1. Applications

We collect and process personal data of applicants for the purpose of processing the application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.

If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, provided that deletion does not conflict with any overriding legitimate interest, such as the defence of claims.

The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR.

  1. Age Restriction

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.

  1. Recipients of Data

Within our company, only those internal departments or organisational units receive your data that need your data to fulfil their tasks, to fulfil contracts with, for data processing with your consent or to safeguard our legitimate interests.

Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 Para. 1 lit. b) GDPR or to safeguard our legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR in the effective conduct of our business operations.

Insofar as we use service providers or third-party providers within the framework of the provision of the website and/or the provision of our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of your personal data.

If we use content or tools from service providers or third-party providers in the course of providing the website and/or our services and their registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data will only be transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular, a suitable guarantee pursuant to Art. 46 GDPR.

It is possible that we acquire or sell the company or parts of the company or individual assets. Personal data may be transferred in connection with such a sale, merger, reorganization or similar event. In this case, your personal data will, of course, continue to be processed in accordance with this Privacy Policy. The legal basis for such a transfer is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in the effective implementation and further development of our business operations.

  1. Your Rights

You have the right to free information about your personal data processed and stored by us, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to limit the processing and to object to the processing.

You also have the right to have your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.

To assert your rights, please contact us using the contact details given above.

You also have the right to appeal to the relevant data protection supervisory authority.

  1. Withdrawal of Consent

Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the withdrawal remains unaffected by the revocation.

  1. RIGHT OF OBJECTION

As far as your data is processed, as explained in this privacy policy, to protect our legitimate interests, you can object to this processing with effect for the future. Please contact us using the contact details given above.

As a matter of principle, you are only entitled to this right of objection if there are reasons arising from your particular situation (Art. 21 para. 1 GDPR). After exercising your right of objection, your personal data will not be further processed for these purposes unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

If the processing is carried out for the purpose of direct advertising, you can exercise your right of objection in this regard at any time (Art. 21 para. 2 GDPR) and your personal data will then no longer be processed for the purpose of direct advertising, irrespective of the reasons for the objection.

  1. Obligation to Provide Data

The provision of personal data is neither required by law nor by contract nor are you obliged to provide personal data. However, the provision of personal information is required for the conclusion and performance of a contract to the extent that certain details are absolutely necessary in order to conclude and perform a contract.

   22. Automated Decision Making

We do not perform automated decision making, including profiling.

   23. Retention and Deletion

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the retention periods provided for by law.

If the storage purpose no longer applies or if a retention period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

  24. Technical and Organisational Measures of Data Security

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data, which you send to us.

  25. Amendments to this Privacy Policy

We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements or in order to implement changes to our services, e.g. when we are introducing new services. Your visit to our website and/or your usage of our services will then be subject to the new version of the Privacy Policy.