Sourcetrail Privacy Policy

We take your privacy very seriously and protecting your personal data is very important to us. This Privacy Policy explains the what, why and how of the information we gather when you visit our website or when you use our services. It also explains how we use this information and who the information may be disclosed to.

1. Who is responsible for processing my personal data and who can I talk to?

The person who is responsible for data processing is:

Eberhard Gräther
Schmalzhofgasse 18/2/8
1060 Vienna
Austria
Email: egraether@coati.io

2. What kind of personal data is processed?

We process and store all personally identifiable data that we require to establish and maintain a business relationship with our customers (e.g. if you buy one of our products) or to establish and maintain other contractual relationships with the users of our services (e.g. if you request a test license to evaluate our products or if you subscribe to our mailing list). This data may either be provided by you directly or it may be provided by a software reseller who purchases one of our products on your behalf.

The relevant personally identifiable data that we process are your personal particulars (name, address, contact information), company data (e.g. name, address, contact person), software license information (e.g. license key), bank transfer data, documentation data (e.g. support mail history), marketing and sales data, website data (e.g. website visited, time of access, referring website, browser used, operating system used, essential session cookie, IP address) and other data that is similar to the categories mentioned above.

3. Why is my data processed and what is the legal basis for that?

When we process your personally identifiable information we adhere to the General Data Protection Regulation (GDPR):

(a) For the performance of a contract (Art. 6 Par. 1 b GDPR)

We process your personally identifiable data in order to provide our services regarding the scope of our contractual relation with you or to conduct measures that are initiated by you in order to establish a contractual relation with us. The primary reason for us to process this data is to handle payment, validate your claim to services provided by us or check if you are eligible for certain offers and discounts.

(b) In the context of weighted interests (Art. 6 Par. 1 f GDPR)

We may use and disclose your data only for the following purposes:

• To provide, support, and improve the services we offer.
• To provide customer support.
• To ensure IT security and IT operations of our systems.
• To advance and improve our products and services.
• To enforce compliance with our End User License Agreement and applicable law.
• To prevent abuse of our free evaluation license.
• To protect the rights and safety of our users and third parties, as well as our own.
• To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
• To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
• To prosecute and defend a court, arbitration, or similar legal proceeding.
• To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
• To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Website.

(c) Based on your permission (Art. 6 Par. 1 a GDPR)

If you choose to subscribe to our mailing list, we are processing your data in order to inform you about new features and releases of our products and services.

4. Who is my personal data disclosed to?

For internal purposes we guarantee that each person who processes your personal data is obliged to treat that information confidentially. Only for the reasons listed above we may share your personal data with third party organizations of the following categories:

• IT-service providers
• E-Mail delivery service providers
• Website analytics providers
• Payment service providers and banks
• Accountants
• Government authorities if required
• Insurance companies if required
• Lawyers and courts if required

When we do have to share personal information with third parties in order to provide certain services, we take steps to protect your information by requiring these third parties to use the personal information we transfer to them in a manner that is consistent with this policy.

5. Is my personal data transferred to any third country or international organization?

We do not transfer your personal data to any third country or international organization directly. However, third parties that work with us in order to provide our services often depend on other third parties that may process your data in a third country.

Transmitting your personal data is permitted if the European Commission has decided that the respective third country offers an acceptable degree of data protection (Art. 45 GDPR). If the European Commission has not made such a decision we will only transmit your personal data to our third parties if they agree on maintaining the acceptable degree of data protection.

6. How long is my personal data stored?

We try to keep both, the amount of data that we store and the duration of storing that data to a minimum. How long we store your personal data mainly depends on the reason why we store that data. After that reason ceases to exist (e.g. the license key you purchased expired, you unsubscribed from our mailing list) we keep your data in our system for another year so that we may still be able to answer any of your questions that arise during this period. For special cases a longer storage duration is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this duration, the corresponding data will be routinely deleted.

7. What are my rights regarding the processing of my personal data?

Every person affected by this Privacy Policy has the right of access based on article 15 GDPR, the right to rectification based on article 16 GDPR, the right to be forgotten based on article 17 GDPR, the right to restriction of processing based on article 18 GDPR, the right to object to processing of personal data based on article 21 GDPR and the right to data portability based on article 20 GDPR. Furthermore, every person affected has the right to lodge a complaint with a supervisory authority based on article 77 GDPR.

If we are processing your personal data because you gave us your permission, you can always revoke that permission. Please be aware that revoking the permission only affects the future and does not affect processing of your personal data that has been conducted before you revoked the permission.

8. Am I required to provide my personal data?

When entering into a business relationship or other contractual relationship with us, we need you to provide personally identifiable data that is required to establish and maintain that relationship or that we are required to record by law. Without that data we are usually not able to enter into a contractual relation with you or to maintain this contract.

9. Is my data used for automatic decision making?

We are not using your data for any automatic decision making or profiling.

10. Privacy Policy Changes

We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the top of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the website signifies your continuing consent to be bound by this Privacy Policy. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Privacy Policy which were in effect on each respective date you visited the Website.