Privacy Policy
Circula GmbH
The following page provides an overview of what happens to your personal information when you use our app or website. Version 1.4 (February 23, 2024)
This privacy policy describes the collection and use of personal data in connection with the use of our website https://www.circula.com/en ("Website") in accordance with the requirements of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this data protection declaration may be supplemented by further data protection declarations, which must be observed separately.
1.1 Responsible party
The responsible party within the meaning of the DSGVO is
Circula GmbH ("Circula"/"we"/"us").
Schönhauser Allee 148
10435 Berlin
Germany
1.2 Data Protection Officer
We have appointed an external data protection officer through Simpliant. Simpliant also advises us on the implementation and operation of our data protection management system. More information about Simpliant can be found at http://www.simpliant.eu.
You can reach our appointed data protection officer:
- by mail at:
Circula GmbH
- Data Protection Officer -
Schönhauser Allee 148
10435 Berlin
Germany
- or by e-mail at:
privacy@circula.com
1.3 Data subject rights and supervisory authority
You can exercise the following rights:
- Right to information about your data stored by us and its processing (Art. 15 GDPR),
- Right to correct incorrect personal data (Art. 16 GDPR),
- Right to have your data stored by us deleted (Art. 17 GDPR),
- Right to restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Right to portability of data if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR),
- Right to object to the processing of your data by us (Art. 21 GDPR).
To exercise your rights, you can contact us by email at privacy@cirula.com.
For identification purposes, we ask you to provide the following information:
- First and last name
- E-mail address
In individual cases, further information may be required for unique identification. The processing of your request and the identification of your person is based on Art. 6 para. 1 lit. c GDPR.
You may at any time pursuant to Art. 77 GDPR in conjunction with. § 19 BDSG to file a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you reside or with the authority responsible for us.
1.4 Processing of data, purpose and legal basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The legal basis for all our processing activities is based on Art. 6 para. 1 GDPR.
We use your data based on your consent pursuant to Art. 6 para. 1 lit. a GDPR for specific purposes, in particular:
- for sending newsletters with regular offers
- to receive special information and offers from Circula
- to support usage processes of the website
- for personalized use of the website and personalized offers
- for analytical purposes to optimize our offer for you.
Consent given can be revoked at any time. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.
In addition, we process your data to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR,
- for the assertion of legal claims including collection and defense in legal disputes.
- for purposes of compiling statistics to improve products and services.
- For contacting you, insofar as a permanent business relationship with you or your employer exists or is intended (business contacts).
In addition, we will process your data pursuant to Art. 6 para. 1 lit. c GDPR, insofar as we are legally obliged to do so, for example, in order to comply with our retention obligations under commercial or tax law.
1.5 Storage period
We take all reasonable steps to ensure that your personal data is only processed for the period required in each case according to the purpose of processing. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g. § 257 HGB, 147 AO). Furthermore, we may store your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.
1.6 Data security
To protect the security of your data during transmission, we use technical and organizational security measures, in particular the encryption of our website to prevent unauthorized access by third parties. The encryption via HTTPS is enforced within the framework of an HSTS header. The data collected from you is generally hosted on ISO 27001 certified servers. Our security measures are continuously improved and adapted according to technological developments.
1.7 Transmission to service providers
We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. If not further specified below, service providers are contracted for the following services:
- Maintenance of IT systems and related services
- Handling our customer service and managing requests
- Measurement of website performance
- Provision of personalized content
1.8 Data transfer to third countries
Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Art. 44-49 GDPR are met, in particular standard contractual clauses, binding corporate rules, adequacy decision of the Commission.
1.9 No obligation to provide data / No profiling.
There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for automated individual decision making including profiling.
Our website offers different areas with different functionalities for the visitor, which are described in more detail below.
2.1 Server protocols
Nature and purpose of data processing:
When you access our website, information of a general nature is automatically collected. This information, known as server log files, includes:
- IP address
- Name of the access provider
- Browser type, browser software version and browser language
- Operating system
- Date and time of access
- Content of the access
- Amount of data transferred
- Access status (successful transmission/error)
- Web page(s) to which the access was redirected
- Visited web pages
- Processing is performed for the following purposes:
- Ensuring a trouble-free connection to the website
- Ensuring smooth use of our website
- Evaluation of system security and stability
Legal basis:
Processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in hosting the website and improving and monitoring the security, stability and functionality of the website.
Recipient:
The recipient of the data is a technical service provider who is responsible for the operation (hosting) and maintenance of our website. As a processor, the service provider is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
The servers through which our website is offered are located in Frankfurt am Main, Germany. Under certain circumstances, however, usage data may occasionally be transferred to the United States of America. The transfer is based on an adequacy decision by the EU Commission on the basis of the Data Privacy Framework. The order processing contracts with the service providers also contain standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.
Retention period:
Server log files are deleted after 30 days at the latest.
2.2 Consent management
Nature and purpose of processing:
Our website uses cookies for various processing activities for which your consent is required. In order to obtain such consent and store it, we use a so-called Consent Management Platform from Usercentrics. As part of this, a cookie - a small text file - is set on your terminal device to register your selection/consent. For this purpose, we process your IP address, among other things. On our website, you can make gradual privacy settings regarding these cookies.
Legal basis:
The processing is based on our legitimate interests in documenting compliance with the provisions of the GDPR regarding obtaining consent (Art. 6 para. 1 lit. f GDPR).
You can find more information under the item "Cookies".
2.3 Newsletters
Type and purpose of processing:
On our website, we offer you the opportunity to sign up for an e-mail newsletter with news and updates regarding our industry, events, and from our blog. For all the above purposes, we need to process your name and e-mail address. This data is processed in order to send you previously mentioned information.
Legal basis:
The processing is based on your consent (Art. 6 para. 1 lit. a GDPR).
Recipients:
The recipients of the data are technical service providers. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to the United States of America. The transfer is based on an adequacy decision by the EU Commission on the basis of the Data Privacy Framework. The order processing contracts with the service providers also contain standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.
Retention period:
We process your data until you unsubscribe from our newsletter, revoke your consent, or request that we delete it.
Withdrawal of consent:
If you no longer wish to receive newsletters from us in the future and/or wish to object to the analysis of your data by such newsletters, please use the "unsubscribe" link contained in each newsletter or send us an email at privacy@circula.com.
2.4 Contact
Nature and purpose of processing:
In order to provide you with the best possible support in the context of using our offers, we offer you the possibility to contact our customer service in the form of a chat or contact form on the website or by e-mail. All communications addressed to us become support tickets. In this context, we process your name, e-mail address, if any, as well as contents of your request.
Legal basis:
The data is processed for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). It is also processed to protect our legitimate interests (Art. 6 para. 1 lit. f GDPR. We want to provide customers with a customer service available anywhere on the website (in the form of chat or a customer-facing e-mail).
Recipients:
The recipients of the data are technical service providers. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to Third Countries:
Data is transferred to the United States of America. The transfer is based on an adequacy decision by the EU Commission on the basis of the Data Privacy Framework. The order processing contracts with the service providers also contain standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.
Retention period:
If there is no assignment to a user account, the data will be deleted within 12 months after data entry.
2.5 Online Learning Portal
Nature and purpose of processing:
You have the option to register with our online learning portal via the website in order to complete online courses via Circula. For this, we need your name and email address to provide you with the relevant materials and access to the course.
Legal basis:
The data is processed for the implementation of contractual measures (Art. 6 para. 1 lit. b GDPR, free user relationship of the online learning portal). It is also carried out to protect our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in providing information regarding the implementation of our service. For this purpose, we require your name and e-mail address.
Recipients:
The recipient of the data is a technical service provider. As a processor, the service provider is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to Canada. For Canada, there is an adequate decision of the EU Commission regarding an adequate level of data protection.
Retention period:
Your data will be processed until the user account is deleted.
2.6 Website analysis
Nature and purpose of data processing:
This website uses cookie-based technologies to help us better understand how the website is used and how we can further optimize it for the benefit of performance and user experience. We do this by compiling reports about activity on the website that do not identify specific individuals. Analytics cookies process your IP address and data about usage behavior on our website (e.g. which pages were visited and which buttons were clicked) for this purpose.
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can find more information under the item "Cookies".
2.7 Personalized advertising
Type and purpose of data processing:
We use cookie-based technologies that help us deliver relevant and personalized advertising.
This enables us to determine the visitors to our online offering as the target group for the display of advertising (so-called "targeted advertising"). In addition, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (so-called "conversion tracking"). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (so-called "retargeting").
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can find more information under the item "Cookies".
Our website uses so-called cookies. Cookies do not cause any damage to your device and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your terminal device and in your browser.
Most of the cookies we use are so-called session cookies. These cookies are automatically deleted at the end of the session. Session cookies are used to assign successive page views to individual users accessing our website at the same time. Other cookies are stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies, decide on a case-by-case basis whether to accept them or exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser.
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Opera: https://www.opera.com/help
We would like to point out that the use and especially the comfort of use may be limited without the use of cookies. The cookies are set via a consent management tool. The settings can be defined here.
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
By visiting our social media presence, numerous data protection-relevant processing operations are triggered.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis:
Our social media presence is intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsible party and assertion of rights:
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Retention period:
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly.
4.1.1 Facebook
We have a company profile on Facebook. We have concluded an agreement with Facebook on joint responsibility for the processing of data (Controller Addendum). This agreement specifies the data processing operations for which we or Facebook is responsible when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum
4.1.2 LinkedIn
We have a company profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy
4.1.3 Instagram
We have a business profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, which in turn belongs to Facebook.
For details on their handling of your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875
4.1.4 X
We have a company profile on Twitter. The provider is X Corp. San Francisco, USA.
For details on how they handle your personal data, please refer to Twitter's privacy policy: https://twitter.com/de/privacy
4.1.5 Crunchbase
We have a company profile on Crunchbase. The provider is Crunchbase, 564 Market Street, Suite 700, San Francisco, CA 94104, USA.
For details on their handling of your personal data, please refer to Crunchbase's privacy policy: https://about.crunchbase.com/terms-of-service/privacy-policy/
4.1.6 Xing
We have a company profile on Xing. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
For details on their handling of your personal data, please refer to the privacy policy of LinkedIn:
https://privacy.xing.com/de/datenschutzerklaerung
4.1.7 YouTube
We have a company profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google's privacy policy for YouTube can be found at the following link:
https://policies.google.com/privacy
4.1.8 Google My Business
We have a company profile on Youtube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google's privacy policy for Youtube can be found at the following link: https://policies.google.com/privacy
Circula's app is distributed exclusively to companies. The majority of data processing therefore takes place as a processor for companies and on their instructions. These processing operations on behalf of companies are governed by the data processing agreement between Circula and its customers as data controllers, who in turn are obliged to inform data subjects about the data processing.
However, the following processing activities are carried out by Circula as controller.
5.1 Admin Account
Nature and purpose of the processing:
To enable the use of our app and the service processing, it is necessary to provide a so-called admin account. This is used to map all settings for the organization of our customers. As part of the provision of this account, name, company, e-mail address and usage data, as well as so-called log files, which record information about connections to servers.
Legal basis:
The processing is carried out in the context of the performance of the contract for the use of the app (Art. 6 para. 1 lit. b GDPR).
Recipients:
The recipient of the data is a service provider who operates a high-security data center in Frankfurt/Main. As a processor, the service provider is obliged to process the data only within the scope of our instructions.
Retention period:
The personal data will be stored as long as your account exists. If necessary, we are obliged to process individual data longer due to legal retention periods (esp. tax obligations).
5.2 Service accounting and license management
Nature and purpose of the processing:
In order to process your order and payment, your data provided during the ordering process (name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency and transaction number) will be processed. In addition, we use a unique identification number (UUID) to be able to track whether the use of our software is through a valid license.
Legal basis:
The processing of your data is carried out according to Art. 6 para. 1 lit. b GDPR.
Recipients:
We pass on your payment data to the commissioned credit institution as part of the payment processing, insofar as this is necessary for the payment processing. Further recipients of the data are payment and invoice service providers such as Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (“Stripe”) and Chargebee, Inc., 909 Rose Avenue, Suite 610, North Bethesda, MD 20852, USA (“Chargebee”). As processors, they are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to Stripe, Inc. and Chargebee, both located in the United States of America. The European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. In accordance with Art. 45 para. 1 GDPR it stipulates that the United States of America ensure an adequate level of protection – comparable to that of the European Union – for personal data transferred from EU to U.S. companies within the new framework. Stripe, Inc. participates in the EU-U.S. Data Privacy Framework. Beyond that, the data processing agreement with Stripe and Chargebee contain standard contractual clauses approved by the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR.
Retention period:
Personal data is stored for as long as your user account exists. If necessary, we are obligated to process individual data longer due to legal retention periods (esp. tax law obligations).
5.3 Web App Error Correction (Error Tracking)
Nature and purpose of the processing:
We process personal data to ensure and improve the technical stability of our service, such as by monitoring system stability and identifying code errors. The processing is solely for these purposes and does not evaluate data for advertising purposes.
Legal basis:
Your data is processed pursuant to Art. 6 (1) lit. f GDPR, based on our legitimate interest in the technical stability of our service.
Recipient:
The recipient of the data is Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA (“Sentry”). As a processor, Sentry is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to the United States of America. The European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. In accordance with Art. 45 para. 1 GDPR it stipulates that the United States of America ensure an adequate level of protection – comparable to that of the European Union – for personal data transferred from EU to U.S. companies within the new framework. Sentry participates in the EU-U.S. Data Privacy Framework. Beyond that, the data processing agreement with Sentry contains standard contractual clauses approved by the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR.
Retention period:
Your data is deleted after 90 days.
5.4 App analysis
Nature and purpose of the processing:
Our app uses cookie-based technologies to help us better understand how our app is used. We do this by compiling reports about activity in the app that do not identify specific individuals. Analytics cookies transmit your IP address and usage behavior data to a service provider for this purpose.
Legal basis:
The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.
You can find more information under the item "Cookies".
5.5 Customer Service
Nature and purpose of the processing:
In order to provide you with the best possible support when using our offers, we offer you the possibility to contact our customer service in chat form on the website or by e-mail. All communications directed to us become support tickets. In this context, we process your name, e-mail address, if any, as well as contents of your request.
Legal basis:
The data is processed for the fulfillment of contractual measures (Art. 6 para. 1 lit. b GDPR). It is also carried out to protect our legitimate interests, Art. 6 para. 1 lit. f GDPR. We want to provide customers with a customer service that is available everywhere (in the form of chat or a customer-facing email).
Recipient:
The recipient of the data is Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland (“Intercom”). As a processor, Intercom is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to Intercom Affiliates, such as Intercom, Inc., that is located in the United States of America. The European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. In accordance with Art. 45 para. 1 GDPR it stipulates that the United States of America ensure an adequate level of protection – comparable to that of the European Union – for personal data transferred from EU to U.S. companies within the new framework. Intercom, Inc. participates in the EU-U.S. Data Privacy Framework. Beyond that, the data processing agreement with Intercom contains standard contractual clauses approved by the EU Commission and appropriate guarantees in accordance with Art. 46 para. 2 lit. c GDPR.
Retention period:
To provide the best support possible, we process your data during the existing relationship.
5.6 Product Updates
Nature and purpose of the processing:
Depending on the feature usage and user activity of our registered customers, we offer regular product updates to improve the user experience. In this context, we process your name, user role, locale, app language, products in use and e-mail address to be able to compose relevant, specific and localized content.
Legal basis:
We process your personal data pursuant to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing certain groups of our existing customers with product news relevant to them.
Recipients:
For the purposes of product updates and the associated information to users, we use the services of Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland ("Intercom") and HubSpot, Inc, Two Canal Park, Cambridge, MA 02141, USA (“HubSpot”). As a processor, Intercom and HubSpot are obliged to process the data only in accordance with our instructions. Please note also the information in Section 5.5.
Transfer to third countries:
Data is transferred to Intercom Affiliates, such as Intercom, Inc., and HubSpot that are located in the United States of America. The European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. In accordance with Art. 45 para. 1 GDPR it stipulates that the United States of America ensure an adequate level of protection – comparable to that of the European Union – for personal data transferred from EU to U.S. companies within the new framework. Intercom, Inc. participates in the EU-U.S. Data Privacy Framework. Beyond that, the data processing agreements contain standard contractual clauses approved by the EU Commission and appropriate guarantees in accordance with Art. 46 para. 2 lit. c GDPR.
Retention period:
We process your data for as long as you are registered as a user with us, unless you unsubscribe from the product update mailing list beforehand.
5.7 Credit cards
Nature and purpose of the processing:
Circula provides its customers with credit card management software. Pliant GmbH, Saarbrücker Str. 36, 10405 Berlin, Germany (hereinafter "Pliant") is a cooperation partner of Circula that offers an online platform for connecting physical and virtual credit cards, which includes various functions. In cooperation with Pliant, Circula offers a Circula Pliant credit card to its customers. Pliant and Circula process data under joint controllership within the meaning of Art. 26 GDPR and, in this regard, have established agreements to comply with data protection obligations; we will provide you with the essential content upon request. Further information on the data processed via the partner application can be found in the partner's privacy policy. If you have any questions regarding the protection of data subject rights, you can contact us (including by e-mail to privacy@cirula.com) as well as the respective partner.
The issuer of the credit card is Transact Payments Malta Limited, which issues corporate credit cards under a license from VISA Europe Limited. The privacy policy can be found here, the terms and conditions here and the attachment here. Transact Payments Malta Limited is duly licensed and regulated by the Malta Financial Services Authority as a financial institution under the Financial Institutions Act 1994. Registration number C 91879.
Legal basis:
The data is processed for the fulfillment of contractual measures (Art. 6 para. 1 lit. b GDPR).
Recipients:
Personal data will be transferred to Pliant. Pliant, as a joint controller, is legally and contractually obligated to adequately protect your personal data. Pliant transfers personal data to MeaWallet AS, Lysaker Torg 2, N-1366 Lysaker, Norway (“MeaWallet”) as a technical service provider for the purpose of technical connection for the functions relevant within the scope of the application for the use of Credit Cards and the display of Credit Card transactions and user data in the app. As a processor on behalf of Pliant, Pliant has entered into a data processing agreement with MeaWallet and is primarily responsible for data subject rights concerning the data processing by MeaWallet.
Retention period:
We delete personal data when it is no longer required for the aforementioned processing purposes and no legal retention periods prevent deletion.
Circula offers the possibility for customers to integrate Circula's app with other services. This is not a processing as a Controller of Circula, but a transfer from one Processor (Circula) to another Processor (Integrated Service) on the instruction of the responsible customer.
An overview of integrations can be found here: https://www.circula.com/en/product/integrations
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or to make changes to our offers in the data protection declaration, e.g. when introducing new services. The current version of the data protection declaration applies in each case.
Last update: February 2024