Privacy policy
1. The name and address of the person responsible
2. The name and address of the Data Protection Officer
3. Server logs
4. Newsletter and status information
5. Support contact form
6. Online marketing
7. Single sign-on login
8. Recipient of data
9. Your rights as a data subject
10. Right of appeal
1. The name and address of the person responsible
The responsible entity according to the terms of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is the:
Biganto GmbH
Schloßschmidstr. 5
80639 Munich
Tel. +49 (89) 262-195-67
E-Mail: info@biganto.com
Managing Director: Alexander Jazuk
2. The name and address of the Data Protection Officer
A data protection officer has not been appointed at present, as the legal requirements do not apply. Please contact info@biganto.com if you have any questions regarding data protection.
3. Server logs
In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, security and technical maintenance services.
When accessing our website, using Biganto VR player, Biganto mobile applications or Biganto applications for Oculus Quest VR headset (hereinafter collectively called Applications), personal data of the visitors is collected and processed by us. This may include, for example, the IP address of the system calling up the website and other communication data required to call up the website. Information provided by visitors in addition to this may also be part of the personal data collected and processed by us.
The following data is stored in a log file, the so-called server log, when you visit our website:
- Information about the browser type and version used
- The user's operating system
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the user's system accessed our website
- Websites that are called up by the user's system via our website
The following data is stored in a log file, when using Applications:
- The user's device data (model, OS, etc.)
- The IP address of the user
- Date and time of access
The legal basis for collecting this data is Art. 6 para. 1 lit. f) GDPR (legitimate interest). It is not possible to object to this data collection, as the server log is indispensable to ensure the availability of this website and Applications and in case of attacks on the website.
The data from the server log is automatically deleted after 14 days.
Services and service providers used in the provision of the service:
Amazon Web Services (AWS): web hosting and infrastructure services; service provider: Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, USA; Web site: https://aws.amazon.com/de/; Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active.
4. Newsletter and status information
If you register for our newsletter or our notifications about status of service provided, this is done on the legal basis of your consent to do so (Art. 6 para. 1 lit. a) GDPR).
You can object to the further delivery of the newsletter or notifications at any time by clicking on the unsubscribe link displayed at the end of each email or by sending us an informal e-mail with the subject "Unsubscribe newsletter" to the address info@biganto.com.
5. Support contact form
If you contact us by means of the contact form provided on the website, this is done on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). We will use the data received via the contact form only to answer your request. A further use of this data by Biganto GmbH or third parties will not take place at any time.
6. Online marketing
We also process personal data for online marketing purposes, which may include the marketing of advertising space and the presentation of advertising and other content (hereinafter "advertising content") based on the potential interests of users and the measurement of its effectiveness.
For the above-mentioned purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used. Information in the user profiles may include, for example, the content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times.
When storing IP addresses, we use the available IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect the user. As a general principle, raw user data is not stored for online marketing purposes.
The profile data stored in e.g. cookies can later be read out and analysed for the purpose of content presentation, supplemented with further data and stored on the server of the online marketing procedure provider on other websites that use the same online marketing procedure.
If Users are members of a Social Network whose online marketing procedure is used by Biganto, it is possible that the provider of the online marketing procedure (who may also be the provider of the Social Network) can assign raw data to the profiles. For this reason, we ask you to observe the data protection settings of the provider of the respective network. Biganto only receives access to summarized information about the success of our advertisements, such as statistical evaluations, for example. Within the scope of so-called conversion measurements, Biganto can check which of our online marketing activities have led to a so-called "conversion", i.e. whether, for example, a contract has been concluded with us due to an advertising activity. These measurements are only used to analyse the success of our marketing activities.
The cookies will be stored for a period of two years unless otherwise specified.
Notes on legal bases: If we ask users for their consent for data processing by third party providers, the legal basis for processing data is consent. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services).
Used services and service providers in the context of online marketing:
-
Google Tag Manager:
Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate services, such as Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (by which the tags are implemented) does not process any personal data of the users. With regard to the processing of users' personal data, we refer to the following information on Google services. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
-
Google Analytics:
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f). GDPR) we use Google Analytics, a web analysis service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transferred to a Google server in the USA and stored there.
Google is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are part of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser settings accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online service and from processing this data by Google by downloading the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can find further information on data use by Google, settings and objection options in Google's data protection policy(https://policies.google.com/technologies/ads) as well as in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
The users' personal data will be deleted or anonymised after 14 months.
-
Google Ad Manager:
We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads on the Google advertising network (e.g. in search results, in videos, on web pages, etc.). The Google Marketing Platform is characterised by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to better target ads for and within our online offering to show users only ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called "remarketing". Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
-
Google Fonts
Google Fonts is a collection of fonts for commercial and personal use provided by Google LLC or by Google Ireland Limited. We use the "Google Fonts" to serve different fonts to our website visitors and users of our products to ensure the best visual experience and optimized site performance. Google Fonts does not set cookies. However, if a font is requested by the visitor’s browser, the visitor’s IP address is recorded by Google in order to send the font and can be further used for analytical purposes. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
-
Facebook Pixels, Custom Audiences and Facebook Conversion
Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook pixel, Facebook is able to determine the visitors of our online service as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not appear to be annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook Ad (so-called "conversion").
The processing of data by Facebook takes place within the framework of Facebook's Data Usage Policy. Accordingly, general information on the display of Facebook ads is provided in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its functionality can be found in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
You may object to the data collection by the Facebook Pixel and use of your information to display Facebook Ads. To control what types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions for usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, which means they apply to all devices, such as desktop computers or mobile devices.
You may also opt-out of the use of cookies for audience measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
7. Single sign-on login - Facebook Connect
On our website, you can log in to create a customer account or register using the plugin "Facebook Connect" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), using the so-called single sign-on technique, provided you have a Facebook profile.
If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook. The content of the plugin is transmitted from Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a corresponding profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of the legitimate interest of Facebook in the display of personalized advertising based on browsing behavior.
By using this plugin on our website, you also have the possibility to log in or register on our website using your Facebook user data. We will receive general and publicly accessible information stored in your profile when using this logon, depending on your personal data protection settings on Facebook. We will receive this information only if you give your express consent in accordance with Art. 6 Para. 1 lit. a) GDPR before the registration process on the basis of a corresponding note on the exchange of data with Facebook. This information includes the user ID, name, profile picture, age and gender.
We would like to point out that after changes to the privacy policy and terms of use of Facebook, when you give your consent, there may also be a transfer of your profile pictures, your friends' user IDs and your friend list, if these have been marked as "public" in your privacy settings. This data is stored and processed by us to create a user account with the necessary data, if you have given your consent to do so on Facebook (title, first name, last name, address data, country, email address, date of birth). Conversely, data (e.g. information on your browsing behavior) can be transferred by us to your Facebook profile based on your consent.
The consent granted can be revoked at any time by sending a message to the person responsible named at the beginning of this document.
Facebook Inc. with headquarters in the USA is certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
To learn the purpose and scope of data collection and the further processing and use of data by Facebook as well as your rights and to set options for protecting your privacy, please refer to the respective privacy policy: http://www.facebook.com/policy.php
If you do not want Facebook to directly assign the data collected via our website to your user profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of the login plugins by using add-ons for your browser, e.g. "Adblock Plus" (https://adblockplus.org/de/).
- Data types processed: general data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
- Persons concerned: Users (e.g. website visitors, users of online services).
- Purposes of the processing: contractual and other services, registration procedure.
- Legal basis: Consent (Art. 6 para.1 S.1 lit. a) GDPR), contract obligations and pre-contractual enquiries (Art. 6 para.1 S.1 lit. b) GDPR), Legitimate interests (Art. 6 para.1 S.1 lit. f) GDPR).
Used services and service providers:
- Facebook Single-Sign-On: Authentication Service; Service Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out: https://www.facebook.com/settings?tab=ads.
8. Recipient of data
For the operation of this website, to provide our services and provide information concerning the status of the provided service, we use service providers that we have carefully selected and with whom we have concluded appropriate contracts for service processing to comply with the provisions of the GDPR and the BDSG. In addition, we do not pass on your data to third parties, neither for a fee nor free of charge, without your permission.
If you perform payment for the services offered on our website via our payment service provider, your personal data will also be passed on to the payment service providers carefully selected by us for the purpose of executing the payment. The legal basis for this is the execution of the contract concluded with you (Art. 1 para. 1 b) GDPR).
9. Your rights as a data subject
You are entitled to the following rights:
- the right to information (Art. 15 GDPR)
- the right of rectification (Art. 16 GDPR)
- the right of cancellation (Art. 17 GDPR)
- the right to restrict processing (Art. 18 GDPR)
- the right to object (Art. 21 GDPR)
- the right to data transferability (Art. 20 GDPR)
To exercise your rights, you can contact us using the contact details given above.
Deleting personal user data:
Your personal data can be deleted upon request or you can delete it on your own.
In order to delete your Biganto account, enter the account settings page (https://biganto.com/my/settings) and select “Delete account”. Your account will be flagged for removal and you will have 28 days to reconsider if you would like to do so. After 28 days your account as well as all the personal data will be deleted permanently.
You can also send us a request to info@biganto.com to remove all your personal data.
Some of your personal data may be recorded in the so-called server log. It is not possible to object to this data collection, as the server log is indispensable to ensure the availability of this website and Applications and in case of attacks on the website. The data from the server log is automatically deleted after 14 days.
This site uses cookies. A cookie is a small file that stores Internet settings, it is downloaded by your Internet browser on the first visit to a website. In case you would like to remove Biganto cookies from your device, please refer to your browser settings.
10. Right of appeal
If you are of the opinion that data processing on our website or collected by Applications is being carried out in a manner that is questionable in terms of data protection law, you can also contact the data protection supervisory authority responsible for you. You can find out which supervisory authority is responsible for you on the website of the Federal Commissioner for Data Protection and Freedom of Information at the following link: https://www.bfdi.bund.de/ZASt/EN/Service/DatenschutzerklZASt_EN/datenschutzerklaerung-node.html
As of: February 2022