Privacy Policy

1. Introduction

In this Privacy Policy you will learn,

  • how we handle personal data in the context of your use of the Moosle User Platform and
  • how we process your personal data in the context of the contractual relationship as well as for your visit to our website.

2. Controller

This Privacy Policy applies to the Processing of Personal Data by us as Controller in accordance with

Art. 4 Para. 7 of the General Data Protection Regulation (GDPR).

Our contact details are:


Moosle GmbH
Im langen Morgen 35
54536 Kröv
Germany

E-Mail: legal@moosle.com
Tel.: +49 (0) 1737564263

3. Definitions of terms

Insofar as this Privacy Policy does not contain or imply a different definition, we refer to the definitions in Art. 4 GDPR with regarding the terms used.

4. Processing of your Personal Data in the context of our Website

4.1. When accessing our website

When you access our website, i.e. if you do not otherwise transmit
information to us, we or the host provider acting on our behalf only
collect the personal data that your browser transmits to our server. If you
wish to view our website, we collect the following data:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system
  • Language and version of the browser software

This data is technically necessary for us to display and provide you with
our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR.
This data is stored for security reasons (e.g. for the
clarification of abuse or fraud) for a maximum of 7 days and then deleted.
Data whose further storage is necessary for evidentiary purposes is exempt
from deletion until the final clarification of the respective incident. The
hosting service provider we use processes personal data on our behalf and
within the scope of our instructions as a so-called processor in accordance
with Art. 28 of the GDPR.

The service provider we use in this context, which processes personal data
for us on our behalf and within the scope of our instructions as a
so-called processor pursuant to Art. 28 GDPR, is located in the USA. The
level of data protection in the USA is assessed as inadequate by the
European Commission. The data transfer to the USA therefore takes place on
the basis of the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. The standard contractual clauses are available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact details provided in section 2.

4.2. Detection of automated queries by MTCaptcha

We use technology from MTCaptcha to ensure that the contact form is
not misused for automated requests (e.g. spam). If you contact us via the
contact form, you will be asked to perform a cognitive service (e.g.,
recognizing certain features among a large number of images) as part of the
submission process, which can regularly only be performed by a human, but
not by a computer. This query is used to distinguish whether the input is
made by a human or abusively by automated, machine processing. Therefore,
we transmit the following data to MTCaptcha in the USA (Four Embarcadero Center, 1400, San Francisco, CA 94111, USA):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser and browser-plugins
  • Language and version of the browser software
  • Screen and window resolution

MTCaptcha evaluates the data anonymously to detect an automated query to ensure that the
contact form is not abused. Cookies are used for this purpose, which enable
recognition of your internet browser. The legal basis for the processing is
Art. 6 para. 1 p. 1 lit. f GDPR.

Further information on the data processing performed by MTCaptcha can be found at https://www.mtcaptcha.com/legal-privacy-captcha

4.3. Usage analysis through Google Analytics

Our website optionally uses Google Analytics so that we can further improve
future websites. You can consent to the use of Google Analytics when
accessing the website. You can revoke your consent to the use of Google
Analytics at any time. If you give us your consent, we evaluate your use of
the website. For this purpose, we process the following personal data from
you:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Information about your terminal device
  • Operating system and its interface
  • Language and version of the browser software
  • Screen and window resolution
  • Your approximate location
  • Information about the time you spend on the site
  • Information about actions you perform on the website

Therefore, we transfer the aforementioned data to Google for analysis
purposes. On our behalf, Google evaluates the data on the manner of your
use, as this data is necessary for us to ensure the stability and security
of the website and to further develop it according to your interests. The
data collected in this way is not merged with your other profile
information, but is included in anonymous statistics that help us to get to
know our users better and to better adapt the website to their needs. As
already mentioned, we process this data exclusively with your consent. The legal basis for this is Art. 6 para. 1 p. 1 lit. a GDPR.

In the context of the use of Google Analytics services, Google also
transmits data to group companies and/or subcontractors. In this context,
the above-mentioned data may be transferred to the USA and stored there.
The level of data protection in the USA has been assessed by the European
Commission as inadequate. The data transfer to the USA therefore takes
place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR.
The standard contractual clauses are available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact options specified in section 2.

Further information on the data processing performed by Google can be found at https://policies.google.com/privacy

4.4. Integration of fonts from Google Fonts

Furthermore, we use fonts from Google Fonts on our website. This serves to
offer you a comfortable, fast and aesthetic presentation of the content of
our website. In this context, we transfer the following data to Google:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system
  • Language and version of the browser software
  • Screen and window resolution

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of the Google Fonts services, there are also data
transfers from Google to group companies and/or subcontractors. In this
context, the above-mentioned data may be transferred to the USA and stored
there. The level of data protection in the USA has been judged to be
inadequate by the European Commission. The data transfer to the USA
therefore takes place on the basis of the standard contractual clauses
pursuant to 46 para. 2 lit. c GDPR. The standard contractual clauses are
available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact details provided in section 2.

Further information on the data processing performed by Google can be found at https://policies.google.com/privacy

4.5. Integration of SendGrid

We use SendGrid to ensure the reliable delivery of all emails from our system even during peak times with many requests. Without external providers, this would not be economically feasible. We can also analyze the sending of emails with the help of SendGrid. In this way it can be determined whether a message has been opened and which links have been clicked. The following technical information is collected, which is used exclusively for statistical analysis of messages. We primarily use the results of these analyzes to identify delivery problems at an early stage.
Therefore, we transmit the following data to SendGrid in the USA (Sendgrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Access status/HTTP status code
  • Browser
  • Operating system
  • Language and version of the browser software

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of the SendGrid services, there are also data
transfers from SendGrid to group companies and/or subcontractors. In this
context, the above-mentioned data may be transferred to the USA and stored
there. The level of data protection in the USA has been judged to be
inadequate by the European Commission. The data transfer to the USA
therefore takes place on the basis of the standard contractual clauses
pursuant to 46 para. 2 lit. c GDPR. The standard contractual clauses are
available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact details provided in section 2.

Further information on the data processing performed by SendGrid can be found at https://sendgrid.com/policies/privacy

4.6. In the context of contacting us by e-mail

We process e-mails that you transfer to us and we transfer to you using the
services of our e-mail provider. In the context of e-mail communication,
our e-mail provider processes your personal data (i.e. your e-mail address
and the information you provide in the e-mail) on our behalf to enable us
to communicate with you by e-mail or, if you are our customer, to process
the contract. The processing of your personal data is based on Art. 6 Para. 1 S.1 lit. f or Art. 6 Para. 1 S. 1 lit. b GDPR.
We delete the data if they are no longer necessary and no legal obligations are opposed.
We review the necessity every six months.

4.7. In the context of contacting us by telephone

If you contact us by telephone, we need your personal data (e.g. name,
telephone number, address or e-mail address) to process your inquiry or
request. This data processing is necessary to enable us to communicate with
you or, if you are our customer, to process the contract. The processing of
your personal data is based on Art. 6 para. 1 p.1 lit. f or Art. 6 para. 1 p. 1 lit. b GDPR.
We delete this data if it is no longer necessary and
there are no legal obligations to the contrary. We review the necessity
every six months.

4.8. In the context of contacting us via the contact form

If you contact us via contact form, e-mail, we need your personal data (eg
name, contact details, etc.) to process your request or your request. This
data processing is necessary to enable us to communicate with you or, if
you are our customer, to process the contract. The processing of your
personal data is based on Art. 6 para. 1 p.1 lit. f or Art. 6 para. 1 p. 1 lit. b GDPR.
We delete the data if it is no longer necessary and there are
no legal obligations to the contrary. We review the necessity every six
months.

4.9. Within the framework of the subscription to our newsletter

With your consent, you can subscribe to our newsletter, with which we
inform you about our current interesting offers. In addition, our
newsletters contain information about our products, promotions and our
company.

For the registration to our newsletter we use the so-called double opt-in
procedure. This means that after your registration, we will send you an
e-mail to the e-mail address you provided, in which we ask you to confirm
that you wish to receive the newsletter. In addition, we store your IP
addresses and the times of registration and confirmation. The purpose of
this procedure is to be able to prove your registration and, if necessary,
to clarify a possible misuse of your personal data.

Mandatory information for sending the newsletter is only your e-mail
address. After your confirmation, we store your e-mail address for the
purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
We store your email address for this purpose until you revoke
your consent.

4.10. Map Integration from Google Maps

If you are an Enterprise Customer of ours,
e use technology from Google Maps to offer you map representations. Each
time you access a page that contains one or more map displays from Google Maps,
information about your visit, your IP address and the interaction
with the plug-in (e.g. scrolling, changing the section, using the
navigation function) is transmitted to a Google server in the USA and
stored there. This serves to offer you a comfortable, fast and efficient
visual representation of the areas of your operation. Therefore,
we transmit the following data to Google in the USA (Google LLC, 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • Data on interaction with the Google Maps plug-in
  • Device identifier of your end device, if applicable.

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of Google Maps, there are also data transfers
from Google to group companies and/or subcontractors. In this context, the
above-mentioned data may be transferred to the USA and stored there. The
level of data protection in the USA is not considered adequate by the
European Commission. The data transfer to the USA therefore takes place on
the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR.
The standard contractual clauses are available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact options specified in section 2.

Further information on the data processing performed by Google can be found at https://policies.google.com/privacy

4.11. Payment Processing by Stripe

If you book a paid service from us, we use the payment service provider Stripe in order to process your payments with the highest level of security. Therefore,
we transmit the following data to Stripe in the USA (Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • Data on interaction with the Google Maps plug-in
  • Device identifier of your end device, if applicable.
  • Name
  • Address
  • Provided payment information
  • Phone number
  • Email address

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of Stripe, there are also data transfers
from Stripe to group companies and/or subcontractors. In this context, the
above-mentioned data may be transferred to the USA and stored there. The
level of data protection in the USA is not considered adequate by the
European Commission. The data transfer to the USA therefore takes place on
the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR.
The standard contractual clauses are available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact options specified in section 2.

Further information on the data processing performed by Stripe can be found at https://stripe.com/privacy

5. When registering on our platform

5.1. Mandatory information for registration on our user platform

When you register on our platform, you must provide certain information
about yourself as mandatory data. We therefore process the following
personal data from you:

  • Name
  • Email address
  • Password
  • Language

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. We
store your data until you cancel your user account. After that, your data
with regard to the user account will be deleted, unless their retention is
necessary for commercial or tax reasons in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.

The service provider we use in this context, which processes personal data
for us on our behalf and within the scope of our instructions as a
so-called processor pursuant to Art. 28 GDPR, is located in the USA. The
level of data protection in the USA is assessed by the European Commission
as not adequate. The data transfer to the USA therefore takes place on the
basis of the standard contractual clauses and is carried out on the basis
of our legitimate interests in a secure and efficient provision and
optimization of our online offer pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR
in conjunction with. Art. 28 GDPR, 46 para. 2 lit. c GDPR. The
standard contractual clauses are available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact details provided in section 2.

5.2. Optional information on our user platform

In addition to the required mandatory information, you may provide
additional information. We may therefore process personal data that you
voluntarily add to your profile, such as

  • Profile picture
  • Phone number
  • Address
  • Description

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. The
deletion of this data takes place either selectively for certain details
when you remove them from our platform or completely when you delete your
account on our platform.

To fulfill our contractual obligations, we rely on the services of
carefully selected third parties who process the data on our behalf. In
each case, these are processors with whom we have concluded an agreement in
accordance with Art. 28 GDPR. In addition, we naturally ensure
prior compliance with all data protection requirements by our processors,
so that your data is always secure.

One of the service providers we use in this context, which processes
personal data for us on our behalf and within the scope of our instructions
as a so-called processor pursuant to Art. 28 GDPR, is located in the USA.
The level of data protection in the USA is assessed by the European
Commission as not adequate. The data transfer to the USA therefore takes
place on the basis of the standard contractual clauses and is based on our
legitimate interests in a secure and efficient provision and optimization
of our online offer pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR in
conjunction with. Art. 28 GDPR, 46 para. 2 lit. c GDPR. The standard
contractual clauses are available at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087.
Alternatively, you can also request these documents from us using the
contact details provided in section 2.

5.3. Transfer of your data to farms

The main function of the Moosle user platforms is to make it easier for you
to cooperate with growers who use Moosle for cultivation. The central
component of this solution is the Moosle user platform: You only have to
register once and can “connect” to different farms with the data stored.
The following data is transferred to the cultivation company as part of the
connection:

  • Name
  • Phone number
  • E-mail address

This processing is necessary to fulfill the usage contract concluded
between you and us; the legal basis for the processing is Art. 6 (1) p. 1 lit. b GDPR.

A prerequisite for the connection is that the respective company invites
you to do so and generates a “connection token” for you in the process. You
can then use this token to connect to the site.

We are not responsible for the further processing of your data by the
Controller and it is not the subject of this Privacy Policy. If you have
any questions about how the respective company processes your data, please
contact the respective company.

6. Deletion of Data

The data processed by us will be deleted in accordance with Art. 17 GDPR or
restricted in their processing in accordance with Art. 18 GDPR.

Unless otherwise provided for in this data protection declaration, the data
processed by us will be deleted as soon as they are no longer required for
their intended purpose and the deletion does not conflict with any
statutory storage obligations. We review the necessity of this every six
months. If the data are not deleted because they are required for other,
legally permissible purposes, their processing is restricted. This means
that the data is blocked and not used. This applies, for example, to data
that must be retained for commercial or tax law reasons.

7. Rights of Data Subjects

You have the right:

  • to request information about your personal data processed by us in
    accordance with Art. 15 GDPR. In particular, you may request information
    about the purposes of processing, the category of personal data, the
    categories of recipients to whom your data have been or will be disclosed,
    the planned storage period, the existence of a right to rectification,
    deletion, restriction of processing or objection, the existence of a right
    of appeal, the origin of your data, if these have not been collected by us,
    and the existence of automated decision-making including profiling and, if
    applicable, meaningful information on their details;
  • in accordance with Art. 16 GDPR, to demand the correction of incorrect
    or complete personal data stored by us without delay;
  • to request the deletion of your personal data stored with us in
    accordance with Art. 17 GDPR, unless the processing is necessary to
    exercise the right to freedom of expression and information, to fulfil a
    legal obligation, for reasons of public interest or to assert, exercise or
    defend legal claims;
  • in accordance with Art. 18 GDPR, to restrict the processing of your
    personal data if you dispute the accuracy of the data, if the processing is
    unlawful but you refuse to delete the data and we no longer need the data,
    but if you need it to assert, exercise or defend legal claims or if you
    have filed an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you
    have provided to us in a structured, current and machine-readable format or
    to request its transfer to another controller;
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. As a
    rule, you can contact the supervisory authority at your usual place of
    residence or workplace or at our company headquarters.

8. Revocation of Consent

If we process your personal data on the basis of your consent pursuant to
Art. 6 para. 1 lit. a GDPR, you have the right to revoke any consent
granted to us pursuant to Art. 7 para. 3 GDPR with effect for the future.

If you would like to make use of your right of revocation, you can inform
us by e-mail to legal@moosle.com. Alternatively, you can also use
the contact data listed under section 2 above.

9. Objection in case of processing on the basis of our legitimate interest

If we process your personal data on the basis of our legitimate interests
pursuant to Art. 6 para. 1 sentence 1 f GDPR, you have the right to object
to the processing of your personal data pursuant to Art. 21 GDPR, provided
that there are reasons for this which arise from your particular situation
or the objection to direct advertising is directed. In the latter case, you
have a general Right to object, which we will implement without specifying
a particular situation.

If you would like to exercise your Right to object, you can inform us by
e-mail to legal@moosle.com. Alternatively, you can also use the
contact data listed under section 2 above.

10. Security Measures

We take organizational, contractual and technical security measures in
accordance with the state of the art in order to ensure that the
regulations of data protection laws are observed and thus to protect the
data processed by us against accidental or intentional manipulation, loss,
destruction or against access by unauthorized persons. The security
measures include in particular the encrypted transmission of data between
your browser and our server.

11. Changes to this Privacy Policy

We reserve the right to change our Privacy Policy if this should be
necessary due to new technologies or changes in our data processing
processes or to adapt it to changes in the legal situation relevant to us.
However, this only applies to this data protection declaration. If we
process your personal data on the basis of a consent given by you, any
changes will only be made with your consent. If the change includes mandate
data, we will inform you at the time of each new processing that takes
place for the first time after a change to the Privacy Policy takes effect.

You can find the current version of our Privacy Policy at http://q5r.a48.myftpupload.com/en/privacy.

Date: July 19th, 2021