Visitor Analytics DPA – Reference to services

In order to provide our service, we may process your and your website’s visitors’ personal data. Therefore we prepared a Data Processing Agreement (DPA) that outlines how we will perform this processing, what are our obligations, how do we keep your and your website’s visitors data secure and what are your obligations as a customer
Visitor Analytics is a data processor for all the customers (controllers) and the Data Processing Agreement represents the parties’ agreement with regard to the processing of personal data performed using our service.
As a Controller, in order to sign this agreement, you must review and digitally sign a copy of the Data Processing Agreement. You can find it in your account at any moment by Signing in to Visitor Analytics and going to Settings. You can also see the DPA content below.
If you have further questions on this topic, do not hesitate to write us an e-mail to supulho4portxbt8d@visihhtor-s4analjh8oyticd2ms.iolho.


Data Processing Agreement

(“DPA”)

WHEREAS

(A) Visitor Analytics offers the Services described in Section 5 of the Service Terms to Customer. To enable Customer to use the Services, the Parties entered into the Contract described in Sections 1.3. and 3. of the Service Terms. This DPA forms an integral part of the Contract.

(B) The provision of the Services involves the Processing of Personal Data. Within the framework of the Contract, the Customer shall remain the responsible body for the Processing of Personal Data, for assessing the legal admissibility of Processing the Personal Data and for respecting the rights of Data Subjects (as defined below).

(C) The Parties wish to enter into this DPA in compliance with the provisions of the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the applicable national Data Protection Laws.
In consideration of the mutual covenants and undertakings stated herein, THE PARTIES AGREE AS FOLLOWS:

1. Definitions and Interpretation

1.1 The following definitions apply in addition to those provided in Section 2. of the Service Terms.

Definitions

All capitalized terms used in this DPA that are defined in the Contract described in Sections 1.3. and 3. of the Service Terms have the same meaning as in the Contract unless otherwise defined herein. Additionally, the following definitions apply:

“Data Protection Laws” means all applicable data protection laws and regulation in the jurisdiction where the Customer is located, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation, GDPR”), Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), and applicable local data protection laws.

“Instruction” means an instruction, issued by Customer to Visitor Analytics, and directing the same to perform a specific action with regard to Personal Data as further set out in Section 3.2 of this DPA.

“Personnel” means all persons authorized to process Personal Data under the Contract.

“Purposes” means the purposes for which Visitor Analytics Processes Personal Data as listed in Section 2 and Exhibit 1 of this DPA.

“Security Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.

1.2 All capitalized terms used but not defined in this DPA shall have the meaning ascribed to such terms in the Service Terms. In the case of conflict or ambiguity between any provision in this DPA and any provision contained in the Service Terms, the provision in the Service Terms shall prevail.

1.3 References to the terms “Personal Data”, “Processing”, “Processed” and “Data Subject” in this DPA shall be construed in accordance with the meanings attributed to them in the GDPR.

1.4 Any words following the terms “including”, “include” or “in particular” or any similar phrase are illustrative and shall not limit the generality of the related words.

1.5 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.

1.6 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of the Contract. Such reference shall include all subordinate legislation made as at the date of the Contract under that statute or statutory provision.

2. Subject-Matter of the DPA

The subject matter of this DPA is the Processing of Personal Data as set forth in Exhibit 1 in connection with the services (to the extend ordered by Customer) described here (“Services”). 

3. Rights and obligations of Customer

3.1 Customer acknowledges and agrees that:

3.1.1 It is Customer’s responsibility as Customer to ensure that its use of the Services complies with all Data Protection Laws applicable to Customer (including, in particular, in respect of the capturing of any necessary consents required to be obtained from the Data Subjects);

3.1.2 If Customer requests Visitor Analytics to transfer Personal Use Data (including Personal Data) to a third party, Customer is solely responsible and liable for this transfer and in any event, Customer shall not act or omit to act in a way which places Visitor Analytics in breach of any applicable Data Protection Laws;

3.1.3 Visitor Analytics is under no duty to investigate the completeness, accuracy or sufficiency of the Personal Use Data, including Personal Data.

3.2 Visitor Analytics shall Process Personal Use Data only on Instructions from Customer. The Customer instructs Visitor Analytics to Process the types of Personal Data listed in Exhibit 1 and Annex 1 – Description of Services and Prices for the Purposes. This is the final Instruction of Customer to Visitor Analytics with regard to the Processing of Personal Use Data. If Customer requests Visitor Analytics to Process Personal (Use) Data outside the scope of the Contract, it is Customer’s obligation to enter into an additional agreement with Visitor Analytics and Customer will have to bear the costs for such additional Processing.

3.3 In case of a claim of a Data Subject against Visitor Analytics, Customer undertakes to assist Visitor Analytics with regard to the verification of the active legitimation and subject matter in the defense of the claim.

4. Rights and obligations of Visitor Analytics

4.1 Visitor Analytics shall Process Personal Data only to the extent, and in such a manner, as is reasonably necessary for the Purposes and in accordance with the Contract and Customer’s written Instructions from time to time, unless the exception in Art. 28 (3) (a) GDPR applies.

4.2 Visitor Analytics may only transfer, store or Process Personal Data outside the European Economic Area or the country where Customers are located if an adequate level of data protection is established, unless Visitor Analytics is required to do so by applicable law. In such a case, Visitor Analytics shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest. Section 8 of this DPA remains unaffected.

4.3 Visitor Analytics shall keep a record of any Processing of Personal Data it carries out on behalf of Customer and shall only disclose such records to third parties with the prior written consent of Customer, unless provided otherwise by applicable law.

4.4 At Customer’s request and sole expense, Visitor Analytics shall provide to Customer a copy of all Personal Data held by it under the Contract in a commonly used and machine-readable format.

4.5 Visitor Analytics shall notify Customer promptly in writing (and in any event within five (5) working days of receipt) of any communication received from a Data Subject relating to its rights to access, modify, correct, erase or block his or her Personal Data.

4.6 To the extent not prohibited by applicable Data Protection Laws and applicable national laws, Visitor Analytics shall notify Customer as soon as reasonably practicable in writing of any subpoena or other judicial or administrative order or proceeding seeking access to or disclosure of Personal Data. Visitor Analytics acknowledges that Customer may, at its sole expense, seek to defend against or contest such action in lieu of and on behalf of Visitor Analytics.

4.7 Visitor Analytics shall assist Customer within the scope of its ability to fulfil the requests and claims of Data Subjects laid down in Chapter III of the GDPR and to comply with the obligations pursuant to Articles 32 to 36 of the GDPR. To the extent Customer has notification or communication obligations in case of a Security Incident, Visitor Analytics undertakes to provide cooperation and support to Customer at Customer’s sole expense.

4.8 Visitor Analytics shall notify Customer immediately if, in its opinion, an Instruction infringes Data Protection Laws. Visitor Analytics is not obliged to actively monitor Instructions for infringements of Data Protection Laws.

4.9 Visitor Analytics shall comply with its obligation to implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing pursuant to Art. 32 (1) (d) of the GDPR.

5. Security obligations of Visitor Analytics

5.1 Visitor Analytics shall implement appropriate technical and organizational measures to protect the Personal Use Data which shall meet the requirements of Art. 32 GDPR. In particular, Visitor Analytics shall implement technical and organizational measures to provide the ongoing confidentiality, integrity, availability and resilience of processing systems and services. The technical and organizational measures are described in Exhibit 2. Customer has knowledge of these technical and organizational measures and is responsible for ensuring that they provide an appropriate level of protection for the risks of the Personal Use Data being Processed. Visitor Analytics may update or modify the measures listed Exhibit 2 from time to time provided that such updates or modifications do not result in any material degradation of the security of the Personal Use Data.

5.2 Visitor Analytics shall notify Customer without undue delay after becoming aware of a Security Incident and assist Customer with its third party notification and communication obligations, taking into account the nature of Processing and the information available to Visitor Analytics. However, Customer is solely responsible for fulfilling any third party notification and communication obligations. Visitor Analytics will take, where appropriate, measures to mitigate the possible adverse effects of the Security Incident.

5.3 In the event of any loss or damage to Personal Use Data, Visitor Analytics shall use commercially reasonable endeavors to restore the lost or damaged Personal Use Data from the latest back-up of such Personal Use Data maintained by Visitor Analytics in accordance with its standard archiving procedures.

5.4 Visitor Analytics shall not be responsible for any destruction, loss, alteration or disclosure of Personal Use Data caused by any third party (except any third parties subcontracted by Visitor Analytics to perform services related to Personal Use Data maintenance and back-up).

6. Personnel

6.1 Visitor Analytics shall provide that access to Personal Use Data is limited to those Personnel who need access to the Personal Use Data to meet Visitor Analytics’ obligations under this DPA and/or other parts of the Contract.

6.2 Visitor Analytics shall provide that all Personnel authorized to Process Personal Use Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

7. Information to demonstrate compliance

7.1 At Customer’s request, Visitor Analytics makes available to Customer the information necessary to demonstrate compliance with the statutory obligations, in a commonly used and machine-readable format.

7.2 As of the date of this Contract, Visitor Analytics is certified under ISO 27001. If Customer requests to conduct audits, including inspections, Visitor Analytics will use external auditors to demonstrate compliance with the obligations laid down in this DPA. This audit will be performed by a third party auditor annually according to ISO 27001 standards or other standards that are substantially equivalent to ISO 27001 at the selection and expense of Visitor Analytics. Visitor Analytics will provide the audit report to Customer at Customer’s written request.

7.3 In cases of official requests of data protection authorities with jurisdiction over the Processing hereunder, or in case Customer has reasonable grounds to assume that a Security Incident has taken place, Customer may upon at least fourteen (14) days prior written notice to Visitor Analytics conduct a site visit at Visitor Analytics’ at Customer’s expense by a representative of Customer or its independent third party auditor. Such audits shall be carried out at normal business hours without disrupting the ongoing business operations of Visitor Analytics. Visitor Analytics may make the audits dependent on the signing of a nondisclosure agreement with Visitor Analytics. If the auditor commissioned by Customer is in a competitive relationship with Visitor Analytics, Visitor Analytics shall have the right to object to Customer.

8. Subprocessors

8.1 Customer consents that Visitor Analytics shall be entitled to subcontract the Visitor Analytics’ obligations specified in this DPA to Subprocessors. Customer approves the Subprocessors listed in Exhibit 3 that are currently used by Visitor Analytics.

8.2 Prior to adding new Subprocessor or replacing existing Subprocessor, Visitor Analytics shall inform Customer thereof and provide a reasonable deadline to Customer to object for important reasons. If Customer does not object within the deadline, the consent to the change of Subprocessor shall be deemed to be given. If there is an important reason and an amicable solution is not possible between the Parties, the Parties are granted a special right of termination.

8.3 Visitor Analytics undertakes in the Subprocessor agreement to provide for the same protection level of Personal Use Data as set out in this Contract.

9. Term and termination

The term of this DPA shall commence along with the Term of the Contract and end upon termination of the Contract. Unless otherwise agreed by the Parties termination of this DPA shall automatically terminate the whole Contract.

10. Limitation of Liability

The limitation of liability agreed between the Parties base on the Service Terms shall also apply to this DPA, unless otherwise expressly agreed.

11. Indemnity

Customer shall defend Visitor Analytics against any damage claim as a result of an infringement of Data Protection Laws, unless the damage was caused because Visitor Analytics did not comply with obligations of the Data Protection Laws specifically directed to Processors or where it has acted outside or contrary to lawful Instructions of Customer or the Contract.

12. General

12.1 Upon expiry or termination of the whole Contract or this DPA, or upon earlier request by Customer, Visitor Analytics shall – at the choice of Customer - return to Customer or securely delete or destroy all Personal Use Data and existing copies (including Personal Data) in a manner appropriate to the sensitivity thereof, unless applicable Data Protection Laws require storage of the Personal Use Data. Visitor Analytics shall provide written confirmation to Customer that the deletion process has been completed.

12.2 A waiver of any right under this DPA is only effective if it is in writing and it applies only to the circumstances for which it is given. No failure or delay by a Party in exercising any right or remedy under this DPA or by law shall constitute a waiver of that (or any other) right or remedy, nor preclude or restrict its further exercise. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that (or any other) right or remedy. Unless specifically provided otherwise, rights arising under this DPA are cumulative and do not exclude rights provided by law.

12.3 If and to the extent that one of the provisions of this DPA is held to be illegal, void or unenforceable, the validity of the remaining provisions of this DPA shall not be affected. The Parties agree to replace such an invalid provision by a valid one which comes as close as possible to the Parties' original objective as regards this DPA.

12.4 Neither Party may assign any of its rights or obligations under this DPA without the prior written consent of the other Party, except that either Party may assign this DPA as a whole without such consent to an entity of good standing (other than any direct competitor of the other Party) capable of complying with the rights and obligations under this DPA succeeding to all or substantially all of such assigning Party’s assets or business. A person who is not a party to this DPA shall not have any rights under or in connection with it.

12.5 This DPA shall be governed by the local laws at Visitor Analytics’ and is to be interpreted accordingly, notwithstanding the laws which could otherwise apply in accordance with the principles of international private law. The Parties hereby exclusively and irrevocably submit to the place of jurisdiction of the principal place of business of Visitor Analytics, concerning any legal disputes which arise from this DPO. Visitor Analytics’ Service Terms apply. Customer's general terms and conditions shall not apply.

12.6 The DPA is an attachment to the Service Terms and integral part of the Contract. Notwithstanding section 1.2. of this DPA, in case of contradictions between clauses of the Service Terms and this DPA, the clauses of this DPA shall prevail.

Exhibits


Exhibit 1 – Description of the Processing activities

Permitted Purpose:

Collecting information on Visitors’ use of Customer Website via the Services Analyzing this information via the Services and making it available to Customer on a web-based platform in statistics dashboards featuring charts, graphs and maps and/or in other visualisations, e.g. in Recordings and Heatmaps (if ordered), respectively. Customers may export parts of the Statistics Data and visualisations for free use. Customers can use the Services via their own Visitor Analytics account (the “Master Account” which includes access to visualisations) or enable Customer’s employees to use the Services by allocating accounts to them (the “Guest Accounts”).

Categories of Data Subjects

The categories of Data Subjects affected by the Processing are Customers; third parties related to Customer such as employees or other authorized persons; Visitors; and persons authorized by Visitor Analytics such as employees or other authorized Personnel.

Processing operations

Depending on the person of the Data Subject, the Personal Data inserted will be processed for providing Customer with inter alia edited information (Visitor Analytics), statistics; export of statistics; and the exclusion of Customer’s visits to Customer Website (depending on the SELECTED Service).
Categories of data

Depending on the person of the Data Subject and the selected Service, the Personal Data inserted concern the following categories of data: name; company name; email address; website address; Braintree details (directly provided to payment service by Customer); log-in details (user name, password); data on the connection of a Visitor to Customer Website (timestamp, number of pages viewed, IP address — if IP anonymization is not enabled); information about the Visitor’s device (e.g. mobile or computer, OS and version, browser, screen size); approximate geolocation data inferred from Visitor’s IP address location; information on Visitor’s visit to Customer’s Website (e.g. clicks, scrolls, visited subpages).

Sensitive data (if appropriate)

The Parties do not anticipate that sensitive data will be Processed.

Personal Data collected by Cookies

Additionally, the following Cookies are set by Visitor Analytics on the Visitors’ devices to provide the Services:

 

Name

Purpose

Collected Data

Lifespan

Category

Platform

visa_WEBSITE_UNIQUE_HASH

The Visitor Analytics App uses this cookie in order to track the actions that the user is doing on the website such as the pages visited, frequency and so on.

Visitor ID

365 days

Strictly Necessary

Standard Integration (https://app.visitor-analytics.io)

visa_WEBSITE_UNIQUE_HASH_ignore

The Visitor Analytics app places this cookie at the request of the user for a specific website, in order to disable Visitor Analytics website analytics tracking for that specific website.

Ignore Visits

365 days

Strictly Necessary

Standard Integration (https://app.visitor-analytics.io)

wix_visitor_analytics_WEBSITE_UNIQUE_HASH

The Visitor Analytics App uses this cookie in order to track the actions that the user is doing on the website such as the pages visited, frequency and so on.

Visitor ID

365 days

Strictly Necessary

Visitor Analytics App on WiX (https://www.wix.com/app-market/visitor-analytics/overview)

wix_ignoreVisits_UniqueHash

The Visitor Analytics app places this cookie at the request of the user for a specific website, in order to disable Visitor Analytics website analytics tracking for that specific website.

Ignore Visits

365 days

Strictly Necessary

Visitor Analytics App on WiX (https://www.wix.com/app-market/visitor-analytics/overview)

wix_ignoreVisits_all

The Visitor Analytics app places this cookie at the request of the user in order to disable the website analytics tracking for all the Wix websites using Visitor Analytics.

Ignore Visits

365 days

Strictly Necessary

Visitor Analytics App on WiX (https://www.wix.com/app-market/visitor-analytics/overview)

cookie_banner_acknowledged

Used to improve user experience by not showing the cookie banner once the user has acknowledged the use of cookies on the website and app.

Acknowledge of cookie use.

365 days

Strictly Necessary

Homepage

(https://www.visitor-analytics.io/)

intercom-id-kjwzpnq0

Anonymous visitor identifier cookie. As people visit the website, they get this cookie.

Anonymous visitor identifier

9 months

Strictly Necessary

Homepage

(https://www.visitor-analytics.io/)

intercom-session-kjwzpnq0

Identifier for each unique browser session. This session cookie is refreshed on each successful logged-in ping, extending it to 1 week from that moment. The user can access their conversations and have communicated on logged out pages for 1 week.

Anonymous visitor identifier

1 week

Strictly Necessary

Homepage

(https://www.visitor-analytics.io/)

_fprom_track

The affiliate cookie is set when a visitor clicked a referral link in order to identify the person who promotes Visitor Analytics by implementing the signup tracking script.

By default, the information consists of the visitor ID (saved in the cookie), the IP (used only for fraud analysis), the email(optional) and another ID (called "uid").

2 months

Strictly Necessary

Standard Integration (https://app.visitor-analytics.io)

_fprom_code

The affiliate cookie is set when a visitor clicked a referral link in order to identify the person who promotes Visitor Analytics by implementing the signup tracking script.

By default, the information consists of the visitor ID (saved in the cookie), the IP (used only for fraud analysis), the email(optional) and another ID (called "uid").

60 days

Strictly Necessary

Standard Integration (https://app.visitor-analytics.io)

_fprom_signup

The affiliate cookie is set when a visitor clicked a referral link in order to identify the person who promotes Visitor Analytics by implementing the signup tracking script.

By default, the information consists of the visitor ID (saved in the cookie), the IP (used only for fraud analysis), the email(optional) and another ID (called "uid").

60 days

Strictly Necessary

Standard Integration (https://app.visitor-analytics.io)

Facebook Cookies & advertising consent

We use these cookie to serve you with advertisements that may be relevant to you and your interests. The information may also be used for frequency capping purposes and to help us regulate the advertisements you receive and measure their effectiveness.

User information

90 days

Only on consent

Homepage & Integrations

Social Sharing Cookies (sometimes called “Third Party” cookies, or “Social Widgets”)

Social sharing offered on the Website is run by third parties. These third parties may drop cookies on your computer when you use social sharing features on the Website, or if you are already logged into them. These cookies help improve your experience on the Website. They allow you to share comments/ratings/pages/bookmarks and help to provide access to social networks and social online tools more easily.

These cookies may collect personal information that you have voluntarily disclosed, such as your username. Visitor Analytics will not process this data!

  

Performance Cookies

Homepage

(https://www.visitor-analytics.io/)

Personal Data collected by tracking code
For the provision of the Services in connection with Visitor Recordings, Visitor Analytics provides Customer with a personalized snippet of tracking code to be integrated into Customer’s Website’s source code.


Exhibit 2 - Technical and organizational measures

in accordance with Art. 32 GDPR

Description of the Technical and Organizational Security Measures taken by Visitor Analytics.

Visitor Analytics has implemented the following technical and organizational security measures to provide the ongoing confidentiality, integrity, availability and resilience of processing systems and services:

1. Confidentiality

Visitor Analytics has implemented the following technical and organizational security to provide the confidentiality of processing systems and services, in particular:

1.1 Visitor Analytics Processes all Personal Use Data on remote server sites owned and operated by industry leading cloud service providers that offer highly sophisticated measures to protect against unauthorized persons gaining access to data processing equipment (namely telephones, database and application servers and related hardware). Such measures include:

1.1.1 Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders;

1.1.2 Access logs, activity records, and camera footage are available in case an incident occurs;

1.1.3 Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training;

1.1.4 Documented distribution of keys to employees and colocation customers for colocation racks;

1.1.5 Only approved employees with specific roles may access the servers.

1.2 Visitor Analytics implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by:

1.2.1 Automatic detection of repeated or mass unauthorised access; Allowing access to Visitor Analytics App solely based on an encrypted key which can be decrypted only by Visitor Analytics through the means of a secret;

1.2.2 SSL encryption on all public customer endpoints;

1.2.3 All access to data content is logged, monitored, and tracked.

1.3 Visitor Analytics’ employees entitled to use its data processing systems are only able to access Personal Data within the scope of and to the extent covered by their respective access permission (authorization). In particular, access rights and levels are based on employee job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. This is accomplished by:

1.3.1 Employee policies and training;

1.3.2 Effective and measured disciplinary action against individuals who access Personal Data without authorization;

1.3.3 Limited access to Personal Data to only authorized persons;

1.3.4 Industry standard encryption; and

1.3.5 Policies controlling the retention of backup copies.

2. Integrity

Visitor Analytics has implemented the following technical and organizational security to provide the integrity of processing systems and services, in particular:

2.1 Visitor Analytics implements suitable measures to prevent Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by:

2.1.1 Use of state-of-the-art firewall and encryption technologies to protect the gateways and pipelines through which the data travels;

2.1.2 Industry standard encryption; and

2.1.3 Avoiding the storage of Personal Data on portable storage media for transportation purposes and on company issued laptops or other mobile devices.

2.2 Visitor Analytics does not access any Customer content except as necessary to provide Customer with the Visitor Analytics Services Customer has selected or to repair system faults. Visitor Analytics does not access Customers’ content for any other purposes. Accordingly, Visitor Analytics does not know what content Customer choose to store on its systems and cannot distinguish between Personal Data and other content, so Visitor Analytics treats all Customer content the same. In this way, all Customer content benefits from the same robust Visitor Analytics security measures, whether this content includes Personal Data or not.

3. Availability

Visitor Analytics has implemented the following technical and organizational security measure to provide the availability of processing systems and services, in particular:

3.1 Visitor Analytics implements suitable measures to provide that Personal Data is protected from accidental destruction or loss. This is accomplished by:

3.1.1 Infrastructure redundancy;

3.1.2 Policies prohibiting permanent local (workstation) storage of Personal Data; and

3.1.3 Performing regular data backups.

4. Resilience

Visitors Analytics is using a thread-pooled web server for better performance to make sure that we can support a huge number of connections. Most of our project is based on a producer/consumer pattern to make sure that connections are closed as soon as possible to make resources available for pending connections. Also, our databases are backed-up to make sure that we can revert to an older version in case of an unforeseen circumstances.

Also the servers setup processes are automatized (and except for databases, stateless) to make sure that we can recreate and start a new server in case something happens with the old instance.


Exhibit 3 - Subprocessors

Name of Subprocessor

Address

Function/Processing steps performed

Hetzner Online GmbH

Industriestr. 25
91710 Gunzenhausen
Germany

Web Hosting provider.

Sendgrid

1401 Walnut Street, Suite 500
Boulder, Colorado 80302
U.S

We integrate with Sendgrids’ email API in order to send email to our users.

Zendesk

1019 Market St
San Francisco, CA
94103
U.S

Customer Support platform.

Digital1 Ventures Development SRL

21 Garii,
ClujNapoca,
400267,
Romania

Subcontractor & infrastructure provider.

Digital1 GmbH

Auenstraße 100
80469 Munich
Germany

Amtsgericht
München HRB
214117

Subcontractor & infrastructure provider.

WiX

40 Namal Tel-Aviv St.
TEL-AVIV, Israel

Commercial Agent.

Intercom

55 2nd Street
4th Floor
San Francisco, CA 94105
US

Customer support via live chat; Website automations

First Promoter (Igil Webs SRL)

Str. Talmacelului, nr. 30, Talmaciu, Sibiu

Romania

Affiliate marketing program

Braintree (PayPal (Europe) S.a.r.l. et Cie, S.C.A.)

22-24 Boulevard Royal L-2449, Luxembourg

Payments provider

Quaderno (Recrea Systems, SLU)

Fernando Guanarteme 111 - 35010 Las Palmas, Spain

Payments and VAT compliance

Google LLC

1600 Amphitheatre Parkway, Mountain View, California U.S.

Google for Business

ChartMogul CMTDE GmbH & Co. KG

Oberwallstraße 6 – 10117 Berlin, Germany

Revenue Reporting