When you use our website or engage in a business relationship with Pimcore, personal data is processed. This page provides information about these various processing activities.
The data controller is Pimcore GmbH, Söllheimer Straße 16, 5020 Salzburg ("Pimcore"). For any questions regarding data protection at Pimcore, please contact our Data Protection Officer at privacy@pimcore.com.
Your data is generally not shared with third parties unless it is necessary for the respective processing purpose. In such cases, we will inform you in the descriptions of the individual processing activities. Data transfers to processors acting on behalf of Pimcore are permissible, provided they act strictly under Pimcore's instructions, do not use the data for their purposes, and are bound by contractual agreements to comply with the obligations of the General Data Protection Regulation (GDPR).
You have the right to:
Last updated: November 22, 2024
When you access our website, information about the access (date, time, page viewed, IP address) is stored as log files on our server. We process this data based on our legitimate interest in monitoring technical operations, optimizing the information we provide, and detecting attacks on our website. This data is used exclusively for internal statistical purposes in anonymized form.
Log files are deleted after three months.
The data from your inquiry (name, contact details, content of the inquiry, history of previous interactions) that you submit via the contact form or email is processed for customer support (pre-contractual measures) and marketing purposes (legitimate interest in direct mail marketing). Your data is deleted three years after your last inquiry, provided no legal obligations require its retention.
Newsletters are only sent with your explicit consent. This involves providing your information, including your email address, clicking the "Sign Up" button, and confirming the link in the automatically sent confirmation email (double opt-in).
You may withdraw your consent to receive the newsletter at any time by clicking the unsubscribe link included in every newsletter. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
In addition to your email address, we process information about your newsletter reading behavior, such as which articles are read most frequently. This information helps us make our content more relevant and engaging for you.
Your data is stored until you withdraw your consent or unsubscribe from the newsletter.
This website uses software to analyze user interactions. By evaluating this data, valuable insights into user needs can be obtained, helping to improve the quality of our offerings.
Cookies are used for this purpose. Cookies are data stored in your browser that enable anonymous recognition of a visitor. Generally, cookies can be refused or deleted through your browser settings. The statements made here about cookies apply similarly to other technical browser functions, such as Local Storage and Session Storage.
Some cookies on this website are essential for its functionality and are used based on our legitimate interest in the secure and efficient operation of the website. Information is not shared with third parties for their business purposes.
Cookies for analytical purposes and profiling are only used with your explicit consent. You can withdraw your consent at any time via the purple button (left bottom corner).
Our website uses the Google Analytics service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support@google.com, "Google") exclusively with your consent. Google may further process your data in the USA.
The USA has a lower level of data protection than the EU, and U.S. companies are required to provide data to courts, law enforcement agencies, regulatory bodies, or security authorities. Google has committed to complying with the principles of the EU-U.S. Data Privacy Framework (DPF) to ensure an EU-equivalent level of data protection. Under Article 45 of the GDPR, no additional legal basis is required for data transfers to the USA.
Google may use the collected information for its purposes. Further details can be found at: Google’s Partner Sites Policies.
When using our website, data about your consent settings may be shared with Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google"). This occurs only if you have consented to this data transfer.
Before consent is granted, Google scripts are used to set the consent status initially to "consent denied" to ensure that website usage data (e.g., for personalized advertising) is not used until consent is given. When Google scripts load, the public IP address of your device is technically transmitted to Google but is not further used. This transmission is based on our legitimate interest in a fully GDPR-compliant analysis of website usage.
Data processing may involve transfers to countries outside the EU, particularly the USA. As noted, Google adheres to the EU-U.S. Data Privacy Framework (DPF), ensuring EU-equivalent data protection levels under Article 45 GDPR.
We use the Google Ads service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to display relevant advertisements and measure the success of our ad campaigns. Google Ads enables us to utilize "conversion tracking" and "remarketing."
Conversion tracking helps us understand whether you reached our website via an advertisement and which actions you took (e.g., making a purchase or filling out a contact form).
Remarketing allows us to display targeted ads to you on other websites based on your previous visits to our site.
Data such as your IP address, technical information about your device and browser, visited web pages, interactions with our ads, and, if enabled, your Google account data, is collected and processed. If you are logged into your Google account, Google may link this information with other data about you.
The use of Google Ads is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time via our cookie banner or in the privacy settings.
Your data may also be transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection.
We use the service stape.io, provided by Stape Europe OÜ (Harju maakond, Tallinn, Lasnamäe linnaosa, Väike-Paala tn 2, 11415, Estonia), to implement server-side tagging on our website. Stape.io allows us to handle certain tracking and analytical processes more efficiently by transmitting data via a server instead of directly through your browser. Data such as your IP address, device and browser information, and interaction data (e.g., visited pages or clicks) is processed.
This data transmission occurs solely based on your consent, as per Article 6(1)(a) of the GDPR.
We use the Microsoft Ads service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) to display relevant advertisements and measure the success of our ad campaigns.
Microsoft Ads enables us to use:
Conversion tracking: Helps us analyze whether users reached our website via ads and their subsequent actions (e.g., making a purchase or completing a form).
Remarketing: Allows us to serve targeted ads based on your previous interactions with our website.
Data such as your IP address, device and browser technical details, visited pages, and interactions with our ads are processed. If you are logged into a Microsoft account, Microsoft may link this data to your profile.
Processing is based on your consent, as per Article 6(1)(a) of the GDPR. You can withdraw your consent anytime via our cookie banner or privacy settings.
Microsoft may transfer data to the USA or other third countries. To ensure adequate data protection, Microsoft complies with the EU-U.S. Data Privacy Framework (DPF). More details about Microsoft Ads’ data processing can be found at Microsoft Privacy Statement.
We occasionally run advertisements on the Facebook social media platform, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). Clicking on these ads may redirect you to our website.
The Facebook Pixel is integrated into our website only with your consent. Using the Facebook Pixel, we can assess which ads are more or less effective by tracking which pages on our website are visited after clicking on an ad.
Meta may transfer data to the USA, which has a lower level of data protection compared to the EU. U.S. companies may be required to provide data to courts, law enforcement, or regulatory authorities. However, Meta voluntarily complies with the EU-U.S. Data Privacy Framework (DPF), ensuring an EU-equivalent level of data protection. No additional legal basis for data transfers to Meta in the USA is required under Article 45 of the GDPR.
For details on data collection and further processing by Facebook, as well as privacy options, see Facebook Privacy Policy.
If you are a Facebook user and do not wish for Facebook to link data collected through our online offerings to your account, you should log out of Facebook and delete your cookies before using our website. Privacy settings and objections to data use for advertising purposes can be managed in your Facebook profile: Facebook Ad Settings.
Our online offerings include features and content from LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. These may include images, videos, text, or buttons that allow users to interact with LinkedIn content (e.g., liking posts or following accounts).
If users are members of LinkedIn, LinkedIn may associate interactions with these features to their LinkedIn profiles. Additionally, the integration enables us to monitor the effectiveness of our marketing campaigns on LinkedIn.
LinkedIn processes data only with your consent. Without this consent, our website remains fully functional. You can withdraw your consent at any time via the privacy settings on this website.
LinkedIn may transfer data to countries outside the EU, particularly the USA, where there is a lower level of data protection. LinkedIn complies with the EU-U.S. Data Privacy Framework (DPF), recognized by the EU Commission as ensuring adequate protection for personal data. No additional legal basis for data transfers to LinkedIn in the USA is required under Article 45 of the GDPR.
For more information, see the LinkedIn Privacy Policy.
To enhance the performance of our website and detect attacks, we use services from Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Certain website content may be directly loaded from Cloudflare’s servers, allowing them to process your IP address.
This information is used solely to provide IT security services. Cloudflare complies with the EU-U.S. Data Privacy Framework (DPF), ensuring an EU-equivalent level of data protection. No additional legal basis for data transfers to Cloudflare in the USA is required under Article 45 of the GDPR.
For more details, see the Cloudflare Security Policy.
We use the service Supademo, provided by Supademo Inc. (13320 Hauser St, Overland Park KS 66213, USA), to deliver interactive guides and product demos directly on our website. Supademo allows us to present clear, step-by-step explanations of our products and services. During use, technical information such as your IP address, browser type, operating system, and interactions with the demos is processed.
This data processing is based on your consent, as per Article 6(1)(a) GDPR, granted via our cookie banner. Since Supademo processes data on servers in the USA, the data transfer to this third country occurs based on your explicit consent under Article 49(1)(a) GDPR, as there is no adequacy decision or comparable level of data protection.
We use the service WebinarGeek, provided by WebinarGeek B.V. (Röntgenlaan 37, 2719 DX Zoetermeer, Netherlands), to host webinars for customers and prospects. WebinarGeek enables us to plan, host, and analyze participant interactions during webinars. Data such as your name, email address, device and browser technical information, and interactions during the webinar (e.g., questions, polls, or chat messages) are processed.
Processing is carried out under Article 6(1)(b) GDPR, as it is necessary for providing and conducting the webinar as part of our agreement with you. WebinarGeek processes all data exclusively on servers within the EU in compliance with applicable data protection laws.
We use HubSpot CRM, provided by HubSpot Ireland Limited (One Sir John Rogerson's Quay, Dublin 2, Ireland), to manage customer relationships and enhance customer support. HubSpot CRM allows us to efficiently handle inquiries, centrally store contact information, and coordinate communication with you. Data processed includes your name, contact information (e.g., email address, phone number), and the content of our correspondence.
Processing is based on Article 6(1)(b) GDPR, as it is necessary for fulfilling agreements with you or taking pre-contractual steps.
When not directly related to a contractual relationship, processing is based on our legitimate interest in ensuring efficient and structured customer support under Article 6(1)(f) GDPR.
HubSpot may process data on servers outside the EU, particularly in the USA. HubSpot is certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of data protection.
We use ZiftOne, provided by Zift Solutions, Inc. (6501 Weston Parkway, Suite 200, Cary, NC 27513, USA), to manage and support our sales partners. ZiftOne helps us organize partner programs, provide resources, and optimize communication and collaboration with our partners. Data processed includes names, contact information (e.g., email address, phone number), company information, and interaction or usage data within the platform.
Processing is based on Article 6(1)(b) GDPR, as it is necessary for executing and managing partnerships.
When not directly related to a contractual relationship, processing is based on our legitimate interest in ensuring efficient partner management under Article 6(1)(f) GDPR.
ZiftOne processes data on servers outside the EU, particularly in the USA. Zift Solutions ensures an adequate level of data protection through certification under the EU-U.S. Data Privacy Framework (DPF).
For conducting our online trainings and certifications, we use the Learning Management System (LMS) provided by Eurekos. In this context, your personal data, such as your name, email address, and training progress, are processed to grant you access to courses, track your learning progress, and issue certificates. Eurekos, headquartered at Torvet 4A, DK-3400 Hilleroed, Denmark, processes this data on our behalf and in accordance with our instructions. The data is used exclusively for the purpose of conducting the trainings and certifications and is not shared with third parties. Your data will be stored for up to 24 months after the validity of your certificate expires and will then be deleted.
We use Microsoft Teams, provided by Microsoft Ireland Operations Limited (One Microsoft Place, Dublin 18, Ireland), for video conferencing. Data processed may include your name, email address, profile picture (if provided), shared content, video and audio data, and chat messages. Recorded meetings may also include video/audio recordings and shared content. AI features may create transcripts or summaries.
Processing is based on Article 6(1)(b) GDPR when necessary for fulfilling contracts or pre-contractual measures.
For other purposes, processing is based on our legitimate interest in efficient communication and documentation under Article 6(1)(f) GDPR.
Participation in recorded meetings requires your prior consent.
Microsoft stores data on servers within the EU but may transfer data to third countries, particularly the USA. Microsoft complies with the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of data protection.
We process personal data submitted during job applications to select candidates. This includes general contact information (name, address, phone number), certificates, qualification documents, and interview notes. Processing is based on pre-contractual measures necessary for this purpose under Article 6(1)(b) GDPR. If a criminal record check is required, it will be documented but not stored.
The Pimcore Group comprises several companies. If a position is posted by another Pimcore Group company, your data may be shared with them for further steps (e.g., trial workdays). If your application is not selected for the advertised role but another position is available within the Pimcore Group, your data may be shared based on our legitimate interest in selecting the best candidates.
Data is retained for six months after the selection process to assert or defend legal claims.
Longer retention of up to three years requires your explicit consent, which you may withdraw in writing at any time.
Copyright © 2024 Pimcore, All Rights Reserved | Imprint | Privacy Policy | General Terms & Conditions (PTC)
