Protezione dei dati

Privacy Policy for the Moosle platform

1. Introduction

In this Privacy Policy you will learn,

2. Controller

This Privacy Policy applies to the Processing of Personal Data by us as Controller in accordance with
Art. 4 Para. 7 of the General Data Protection Regulation (GDPR).
Our contact details are:

Moosle GmbH
Im langen Morgen 35
54536 Kröv
Germany

E-Mail: legal@moosle.com
Tel.: +49 (0) 1737564263

3. Definitions of terms

Insofar as this Privacy Policy does not contain or imply a different definition, we refer to the definitions in Art. 4 GDPR with regarding the terms used.

4. Processing of your Personal Data in the context of our Website

4.1. When accessing our website

When you access our website, i.e. if you do not otherwise transmit information to us, we or the host provider acting on our behalf only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:

This data is technically necessary for us to display and provide you with our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. This data is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident. The hosting service provider we use processes personal data on our behalf and within the scope of our instructions as a so-called processor in accordance with Art. 28 of the GDPR.

The service provider we use in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called processor pursuant to Art. 28 GDPR, is located in the USA. The level of data protection in the USA is assessed as inadequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.

4.2. Detection of automated queries by MTCaptcha

We use technology from MTCaptcha to ensure that the contact form is not misused for automated requests (e.g. spam). If you contact us via the contact form, you will be asked to perform a cognitive service (e.g., recognizing certain features among a large number of images) as part of the submission process, which can regularly only be performed by a human, but not by a computer. This query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. Therefore, we transmit the following data to MTCaptcha in the USA (Four Embarcadero Center, 1400, San Francisco, CA 94111, USA):

MTCaptcha evaluates the data anonymously to detect an automated query to ensure that the contact form is not abused. Cookies are used for this purpose, which enable recognition of your internet browser. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR.

Further information on the data processing performed by MTCaptcha can be found at https://www.mtcaptcha.com/legal-privacy-captcha

4.3. Usage analysis through Google Analytics

Our website optionally uses Google Analytics so that we can further improve future websites. You can consent to the use of Google Analytics when accessing the website. You can revoke your consent to the use of Google Analytics at any time. If you give us your consent, we evaluate your use of the website. For this purpose, we process the following personal data from you:

Therefore, we transfer the aforementioned data to Google for analysis purposes. On our behalf, Google evaluates the data on the manner of your use, as this data is necessary for us to ensure the stability and security of the website and to further develop it according to your interests. The data collected in this way is not merged with your other profile information, but is included in anonymous statistics that help us to get to know our users better and to better adapt the website to their needs. As already mentioned, we process this data exclusively with your consent. The legal basis for this is Art. 6 para. 1 p. 1 lit. a GDPR.

In the context of the use of Google Analytics services, Google also transmits data to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA has been assessed by the European Commission as inadequate. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact options specified in section 2.

Further information on the data processing performed by Google can be found at https://policies.google.com/privacy

4.4. Integration of fonts from Google Fonts

Furthermore, we use fonts from Google Fonts on our website. This serves to offer you a comfortable, fast and aesthetic presentation of the content of our website. In this context, we transfer the following data to Google:

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of the Google Fonts services, there are also data transfers from Google to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA has been judged to be inadequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.

Further information on the data processing performed by Google can be found at https://policies.google.com/privacy

4.5. Integration of SendGrid

We use SendGrid to ensure the reliable delivery of all emails from our system even during peak times with many requests. Without external providers, this would not be economically feasible. We can also analyze the sending of emails with the help of SendGrid. In this way it can be determined whether a message has been opened and which links have been clicked. The following technical information is collected, which is used exclusively for statistical analysis of messages. We primarily use the results of these analyzes to identify delivery problems at an early stage. Therefore, we transmit the following data to SendGrid in the USA (Sendgrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA):

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of the SendGrid services, there are also data transfers from SendGrid to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA has been judged to be inadequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.

Further information on the data processing performed by SendGrid can be found at https://sendgrid.com/policies/privacy

4.6. In the context of contacting us by e-mail

We process e-mails that you transfer to us and we transfer to you using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e. your e-mail address and the information you provide in the e-mail) on our behalf to enable us to communicate with you by e-mail or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 Para. 1 S.1 lit. f or Art. 6 Para. 1 S. 1 lit. b GDPR. We delete the data if they are no longer necessary and no legal obligations are opposed. We review the necessity every six months.

4.7. In the context of contacting us by telephone

If you contact us by telephone, we need your personal data (e.g. name, telephone number, address or e-mail address) to process your inquiry or request. This data processing is necessary to enable us to communicate with you or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 para. 1 p.1 lit. f or Art. 6 para. 1 p. 1 lit. b GDPR. We delete this data if it is no longer necessary and there are no legal obligations to the contrary. We review the necessity every six months.

4.8. In the context of contacting us via the contact form

If you contact us via contact form, e-mail, we need your personal data (eg name, contact details, etc.) to process your request or your request. This data processing is necessary to enable us to communicate with you or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 para. 1 p.1 lit. f or Art. 6 para. 1 p. 1 lit. b GDPR. We delete the data if it is no longer necessary and there are no legal obligations to the contrary. We review the necessity every six months.

4.9. Within the framework of the subscription to our newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. In addition, our newsletters contain information about our products, promotions and our company.

For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

Mandatory information for sending the newsletter is only your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. We store your email address for this purpose until you revoke your consent.

4.10. Map Integration from Google Maps

If you are an Enterprise Customer of ours, e use technology from Google Maps to offer you map representations. Each time you access a page that contains one or more map displays from Google Maps, information about your visit, your IP address and the interaction with the plug-in (e.g. scrolling, changing the section, using the navigation function) is transmitted to a Google server in the USA and stored there. This serves to offer you a comfortable, fast and efficient visual representation of the areas of your operation. Therefore, we transmit the following data to Google in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of Google Maps, there are also data transfers from Google to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA is not considered adequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact options specified in section 2.

Further information on the data processing performed by Google can be found at https://policies.google.com/privacy

4.11. Payment Processing by Stripe

If you book a paid service from us, we use the payment service provider Stripe in order to process your payments with the highest level of security. Therefore, we transmit the following data to Stripe in the USA (Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA):

The legal basis for the processing is Art. 6 para. 1 c. 1 lit. f GDPR.

In the context of the use of Stripe, there are also data transfers from Stripe to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA is not considered adequate by the European Commission. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses pursuant to Section 46 (2) c of the GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact options specified in section 2.

Further information on the data processing performed by Stripe can be found at https://stripe.com/privacy

5. When registering on our platform

5.1. Mandatory information for registration on our user platform

When you register on our platform, you must provide certain information about yourself as mandatory data. We therefore process the following personal data from you:

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. We store your data until you cancel your user account. After that, your data with regard to the user account will be deleted, unless their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.

The service provider we use in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called processor pursuant to Art. 28 GDPR, is located in the USA. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses and is carried out on the basis of our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR in conjunction with. Art. 28 GDPR, 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.

5.2. Optional information on our user platform

In addition to the required mandatory information, you may provide additional information. We may therefore process personal data that you voluntarily add to your profile, such as

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. The deletion of this data takes place either selectively for certain details when you remove them from our platform or completely when you delete your account on our platform.

To fulfill our contractual obligations, we rely on the services of carefully selected third parties who process the data on our behalf. In each case, these are processors with whom we have concluded an agreement in accordance with Art. 28 GDPR. In addition, we naturally ensure prior compliance with all data protection requirements by our processors, so that your data is always secure.

One of the service providers we use in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called processor pursuant to Art. 28 GDPR, is located in the USA. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA therefore takes place on the basis of the standard contractual clauses and is based on our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR in conjunction with. Art. 28 GDPR, 46 para. 2 lit. c GDPR. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087. Alternatively, you can also request these documents from us using the contact details provided in section 2.

5.3. Transfer of your data to farms

The main function of the Moosle user platforms is to make it easier for you to cooperate with growers who use Moosle for cultivation. The central component of this solution is the Moosle user platform: You only have to register once and can "connect" to different farms with the data stored. The following data is transferred to the cultivation company as part of the connection:

This processing is necessary to fulfill the usage contract concluded between you and us; the legal basis for the processing is Art. 6 (1) p. 1 lit. b GDPR.

A prerequisite for the connection is that the respective company invites you to do so and generates a "connection token" for you in the process. You can then use this token to connect to the site.

We are not responsible for the further processing of your data by the Controller and it is not the subject of this Privacy Policy. If you have any questions about how the respective company processes your data, please contact the respective company.

6. Deletion of Data

The data processed by us will be deleted in accordance with Art. 17 GDPR or restricted in their processing in accordance with Art. 18 GDPR.

Unless otherwise provided for in this data protection declaration, the data processed by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. We review the necessity of this every six months. If the data are not deleted because they are required for other, legally permissible purposes, their processing is restricted. This means that the data is blocked and not used. This applies, for example, to data that must be retained for commercial or tax law reasons.

7. Rights of Data Subjects

You have the right:

8. Revocation of Consent

If we process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR with effect for the future.

If you would like to make use of your right of revocation, you can inform us by e-mail to legal@moosle.com. Alternatively, you can also use the contact data listed under section 2 above.

9. Objection in case of processing on the basis of our legitimate interest

If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection to direct advertising is directed. In the latter case, you have a general Right to object, which we will implement without specifying a particular situation.

If you would like to exercise your Right to object, you can inform us by e-mail to legal@moosle.com. Alternatively, you can also use the contact data listed under section 2 above.

10. Security Measures

We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.

11. Changes to this Privacy Policy

We reserve the right to change our Privacy Policy if this should be necessary due to new technologies or changes in our data processing processes or to adapt it to changes in the legal situation relevant to us. However, this only applies to this data protection declaration. If we process your personal data on the basis of a consent given by you, any changes will only be made with your consent. If the change includes mandate data, we will inform you at the time of each new processing that takes place for the first time after a change to the Privacy Policy takes effect.

You can find the current version of our Privacy Policy at https://moosle.com/it/privacy.

Date: July 19th, 2021