The following privacy notice provides an overview regarding the collection and processing of user data. The full information can be found in the Privacy Statement.
We use internet analysis services (Google Analytics) to assess the usage of our web page and to optimize our service offering. With Google Analytics, the user's IP address is processed and transferred in an anonymized form. We also offer the user to follow-us on different social media platforms via a follow-me-button (Twitter, Facebook and LinkedIn).
The access and analysis data are automatically logged during access to our web pages. The form data are collected from what you enter.
We use the access and analysis data in providing our products and services and in optimizing and protecting our web pages. With the consent of our users, we use the form data to respond to contact inquiries, messages and product inquiries (e.g. registration for our product).
We also use the data from our users for direct marketing (newsletter or emails on product updates), if the users register for our SaaS-Tool on our web pages. For this, we work in collaboration with a third-party provider, "MailChimp", which processes the user data on our behalf. Unsubscribing from our newsletter is possible at any time. We use further tools and services from third-party providers to operate the web page and provide our service. The full list of service providers is contained in the Privacy Statement.
Users have the standardized right to information about the personal data being stored about them.
Users have the right to erasure of their data if these are no longer permitted to be stored.
Users have a right to rectification of their personal data if we have stored these about users incorrectly.
Users have the right to object and can contact us in this regard (email@example.com).
Camunda Services GmbH (hereinafter also referred to as "Camunda") is a German provider of services and software in the field of workflow automation. Camunda operates the website cawemo.com that offers a SaaS tool enabling teams to design, discuss and share workflows.
Via this privacy statement, we wish to explain for users which data are required when using the Cawemo web page (“web page”) and Cawemo SaaS app (“Cawemo”), and how we will proceed to use those data if the user browses the webpage.
We take the protection of the personal data of our users very seriously, and we comply with the applicable provisions under data protection law, especially the new General Data Protection Regulation (GDPR) applicable across the EU. We collect, process and use the personal data of our users only if this is essential to respond to their inquiries or to deliver our product and services and insofar as the law permits data processing. This privacy statement is applicable to all services offered in connection with the web pages. If you have any questions or comments about this Privacy Statement, please contact us via firstname.lastname@example.org.
Controller within the meaning of the GDPR, of other data protection laws applicable in the Member States of the European Union and of other provisions having the character of data protection legislation is:
Camunda Services GmbH
Zossener Strasse 55-58
Tel.: +49 30 664 04 09 - 00
The Data Protection Officer for Camunda is:
JBB Data Consult GmbH
Tel.: +49 30 443 765 124
Personal data: Every time our website is visited, our system automatically records data and information from the computer system of the computer making contact.
The following data may be collected for this (access data):
The data are similarly stored in the log files of our system. This data is not correlated with other personal data of the user.
Duration of storage and data erasure: The data are erased as soon as they are no longer necessary for the achievement of the purpose for which they were collected. In the situation of recording data for provision of the web pages, this is the case if the respective session has ended. In the situation of storing the data in log files, this is the case after 6 months at the latest.
Opportunity to object and for removal: The recording of data for provision of the web pages and storage of the data in log files is fundamentally necessary for the operation of the website. There is consequently no opportunity for the user to object.
The following data are stored and transmitted in the technical cookies:
Purpose and legal basis: We use an authentication and session cookie to automatically identify the user's browser or his device when he logs in as a registered user. It also serves as an identifier that saves the user from having to log in repeatedly, provided he does not actively log out. At the same time, the cookie serves as a session cookie.
We require cookies for the following applications:
The user data collected via technically necessary cookies are not used to create user profiles. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) GDPR. The services on our website cannot be offered without the use of the session and authentication cookies.
The web pages use Google Analytics, a web analysis service of Google Inc. ("Google").
Personal data: Google Analytics uses something known as "cookies", text files that are stored on the user's computer and enable analysis of the use of the web pages by the user. Information generated by the cookie regarding the use of these web pages is generally transferred to a Google server in the USA and stored there. IP anonymization is enabled on this website, the user's IP address is, however, previously abbreviated by Google within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional instances is the full IP address transmitted to a Google server in the USA and abbreviated there. Google Analytics processes the data on behalf of Camunda. Google Analytics is certified under the US Privacy Shield. An agreement for data processing to order with Google Analytics is in place that conforms to the requirements of the GDPR.
Purpose and legal basis: Google will use this information on behalf of Camunda to evaluate the use of the website by the user, to put together reports on web page activities and to provide additional services connected with use of the web pages and use of the internet for the web page operator. The IP address transmitted as part of Google Analytics by the user's browser is not put together with other Google data. Google Analytics is used to increase the effectiveness of our web pages and requires the passing-on of data about users to us. Generally, the user's consent is not obtained for this. However, use of these services is justified via Art. 6 (1) (f) GDPR, because Camunda simplifies and accelerates the handling of the visits by its users to the web pages through the use of Google Analytics.
Duration of storage, data erasure, opportunity to object and for removal: The user is able to prevent storage of cookies via a corresponding setting on their browser software; however, we advise that in that case, the user may not be able to use all functions of these web pages to the full extent. In addition, the user can prevent the recording of the data generated by the cookie and relating to their use of the web pages (including their IP address) being sent to Google and the processing of this data by Google by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout.
In our website-footer we offer links to the social media platforms Twitter, Facebook,and LinkedIn where you can follow Camunda. We have not implemented Like-, Share- or other social-media-Buttons (Plug-Ins).
If the user uses a follow-me button, indicated using the respective social-media logo, a direct connection with the social-media servers is established by their browser. Information is then transferred to the social-media platform indicating that the page was visited.
Twitter: is a micro-blogging service from the American company Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107).Further information on data collection, evaluation and processing of the user’s data by Twitter and on their rights in relation to this can be obtained by the user from Twitter’s privacy statement, downloadable from http://twitter.com/privacy.
LinkedIn: is a business and employment-oriented service (LinkedIn Headquarters 2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043). Further information on data collection, evaluation and processing of the user’s data by LinkedIn and on their rights in relation to this can be obtained by the user from LinkedIn’s privacy statement, downloadable from https://www.linkedin.com/legal/privacy-policy
Facebook: is an American online social media and social networking company based in California (1 Hacker Way, 94025 Menlo Park). Further information on data collection, evaluation and processing of the user’s data by Facebook and on their rights in relation to this can be obtained by the user from Facebook’s privacy statement, downloadable from https://www.facebook.com/legal/FB_Work_Privacy
If the data subject uses the opportunity on the web page to register for Cawemo by entering personal data, the data in the respective input mask are transferred to Camunda.
Personal data: The following data are collected as part of the registration process:
If the user is registering for the commercial version of our Cawemo product (paid seat) he also enters the following data:
The data in the respective input mask are stored in Cawemo’s internal database. We also transfer the data to MailChimp (https://mailchimp.com) for marketing purposes (newsletter). This company processes the data on behalf of Cawemo. MailChimp is certified under the US Privacy Shield. A commissioned data processing agreement conforming to the requirements of the GDPR exists with MailChimp. The handling of paid seats operates exclusively via our third-party provider Chargebee and Stripe. Those companies process the data on behalf of Camunda. Both are certified under the US Privacy Shield. Agreements for data processing to order with Chargebee and Stripe are in place that conforms to the requirements of the GDPR.
|Third-party Provider||Service||Data processing agreement||Where is user data stored|
|Chargebee (https://www.chargebee.com/privacy)||Payment system||Data processing agreement in place||Data stored in the US; Standard contractual clauses. Chargebee is also certified under the US-Privacy Shield|
|Stripe (https://stripe.com/us/privacy)||Payment system||Data processing agreement in place||Data stored in the US; Stripe is certified under the US-Privacy Shield|
In order to operate and maintain Cawemo and to ensure the continued and best possible operation of Cawemo for the user, to detect and fix any incidents that may be in the way of providing the best possible service, to enable users to communicate with each other and with us, we share the user data with other third-party providers. All third-party providers are either certified under the US Privacy Shield or so-called standard contractual clauses have been signed. Agreements for data processing are in place that conforms to the requirements of the GDPR:
|Third-party Provider||Service||Data processing agreement||Where is user data stored|
|Pusher (https://pusher.com/legal/privacy)||Communication distributer between users||Data processing agreement in place||Data stored in Irland|
|SparkPost (https://www.sparkpost.com/policies/privacy)||Email-Gateway||Data processing agreement in place||Data stored in the US; SparkPost is certified under the US-Privacy Shield|
|Waffle (https://www.ca.com/us/legal/privacy.html)||Tracking of workflows and issues||Data processing agreement in place||Data stored in the US; Standard contractual clauses. Waffle is also certified under the US-Privacy Shield|
|GitHub (https://help.github.com/articles/github-privacy-statement)||version control system||Data processing agreement in place||Data stored in the US; GitHub is certified under the US-Privacy Shield|
|Zendesk (https://www.zendesk.de/company/customers-partners/privacy-policy)||Ticket system for handling support requests||Data processing agreement in place||Data stored in the US; Standard contractual clauses. Zendesk is also certified under the US-Privacy Shield|
|Sentry (https://sentry.io/privacy)||logfile capturing and analyzing service||Data processing agreement in place||Data stored in the US; Sentry is certified under the US-Privacy Shield|
Purpose and legal basis: Registering for Cawemo serve to initiate and, under some circumstances, to fulfill a service. When the user contacts us, we keep a record of his communication with us to help solve the respective issue. For example, we use the user´s email address to send him his registration confirmation (via a double opt-in method) as well as to later contact him about matters concerning his user account and/or with regard to contractual matters; any optional data the user may have uploaded will only be used for allowing the user to use his user account as desired. The legal basis for processing the data is, therefore, Art. 6 (1) (b) GDPR. The forwarding of the data to external third parties is similarly justified pursuant to Art. 28 GDPR and Art. 6 (1) (f) GDPR.
Duration of storage, data erasure, opportunity to object and for removal:The data are erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. If the user deletes his account (paying or non-paying users), all respective data get automatically deleted, too. The user can, of course, also send an e-mail at any time for rectification or erasure of their data to email@example.com. Further information on data collection, evaluation and processing of the user's data by our third-party providers can be obtained by the user from the third-party´s privacy statement´s, which are available to download under the above-mentioned links.
The web page allows the users to register via a Third-Party account. Currently we are offering this service for Linked-In and Google. This service may be reduced or extended in the future.
This allows for usage of certain data stored by Google, LinkedIn or Facebook in relation to the user´s account there to register the Cawemo user account and, subsequently, log into the Cawemo account. We may then ask the user to complete the necessary account information as applicable and described above.
In addition to certain basic profile information (e.g. user name) we also receive the email address the user is using for his Google or LinkedIn account as we need this address to initiate and, subsequently, administrate the Cawemo user account.
We also offer the user the opportunity to keep up to date about Cawemo and upcoming developments in the process modeling field via our newsletters.
Personal data: If the user subscribes to our Cawemo´s newsletter, we require only the user's e-mail address, which we will store for as long as the user wishes to obtain the newsletter. The data in the respective input mask are stored in Cawemo’s internal database and transmitted to MailChimp (https://mailchimp.com). This company processes the data on behalf of Camunda. MailChimp is certified under the US Privacy Shield. An agreement for data processing to order with MailChimp is in place that conforms to the requirements of the GDPR.
Purpose and legal basis: Collecting the user's e-mail address is used for sending the newsletter. In addition, we use the data to further optimize our newsletter for our users, by operating newsletter tracking via MailChimp (specifically "open rate" and "click rate" tracking). The user´s consent to receiving the newsletter is obtained via a double-opt-in process. The legal basis for processing the data after the user registers for the newsletter is hence Art. 6 (1) (a) GDPR. Newsletter tracking is similarly justified pursuant to Art. 6 (1) (f) GDPR.
The data we collect when registering for the newsletter is further used to inform the user via email about product updates and upcoming events. This is our legitimate interest, which we can only pursue by sending emails and running product specific marketing-campaigns. We assume that the user has a continuing interest in Cawemo-specific products and services (6 (1) (f) GDPR).
Duration of storage, data erasure, opportunity to object and for removal: The data are used solely for dispatch of the newsletter and for other marketing-campaigns, where we inform the user about product-updates and upcoming events. The data subject can cancel the newsletter subscription and the receipt of further email-communication at any time. Similarly, consent to storage of personal data can be withdrawn at any time. There is a corresponding link for this purpose in every newsletter. And the user can, of course, send an e-mail at any time for rectification or erasure of their data to firstname.lastname@example.org. Further information on data collection, evaluation and processing of the user's data by MailChimp and on their rights in relation to this can be obtained from MailChimp's privacy statement, which is available to download from https://mailchimp.com/legal/privacy.
If the user's personal data are processed, this person is a data subject in the sense of the GDPR. The data subject/user is entitled to the following rights vis-à-vis Camunda:
The user can demand confirmation from Camunda regarding whether personal data concerning them are being processed by us.
Where such processing takes place, the user can demand details from Camunda concerning the following information:
The user has a right to rectification and/or completion by Camunda where the processed personal data concerning them are incorrect or incomplete. Camunda will make the rectification without undue delay.
Under the following conditions, the user can request restriction of processing of the personal data concerning them:
If the processing of the personal data concerning the user was restricted, this data will, with the exception of storage, only be processed with their consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where the restriction of processing was established in accordance with the above provisions, the user will be informed by Camunda before the restriction is lifted.
The user may demand that Camunda erase the personal data concerning them without undue delay, and Camunda will have the obligation to erase these data without undue delay where one of the following grounds applies:
Where Camunda has made the personal data concerning the user public and where Camunda is obliged pursuant to Art. 17 (1) GDPR to erase the data, Camunda, taking account of the available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user has requested from Camunda the erasure of all links to those personal data or of copies or replications of those personal data.c) Exceptions
The right to erasure does not exist to the extent that processing is necessary
Where the user has asserted the right to rectification, erasure or restriction of processing by Camunda, Camunda will be obliged to notify all recipients to whom the personal data concerning the user were disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or is associated with disproportionate expense.
The user has the right Camunda to be informed by Camunda about these recipients.
The user has the right to receive the personal data concerning them, which they have provided to Camunda, in a structured, commonly used and machine-readable format. The user further has the right to transfer those data to another controller without hindrance from Camunda, to whom the personal data have been provided, where
In exercising this right, the user further has the right to have the personal data concerning them transferred directly by Camunda to another controller, where technically feasible. This will not adversely affect the freedoms and rights of other persons.
The right to data portability does not apply for the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Camunda.
The user has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on Art. 6 (1) (e) or (f) GDPR.
Camunda will cease to process the personal data concerning the user, unless the user can demonstrate compelling legal grounds for the processing which override the interests, rights and freedoms of Camunda, or where processing serves the establishment, exercise or defense of legal claims.
Where personal data concerning the user are processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning them for the purposes of such marketing.
Where the user objects to processing for direct marketing purposes, the personal data concerning them will cease to be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the user may exercise their right to object by automated means using technical specifications.
The user has the right to withdraw their declaration of consent under the privacy law at any time. The revoking of consent does not affect the lawfulness of the processing that has taken place by reason of the consent up to the time of withdrawal.
Not applicable; no automated decision-making or other profiling measures take place at Camunda.
Without prejudice to any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their workplace or the place of the alleged infringement, if the user considers that the processing of the personal data concerning them infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
This privacy statement was first published on May 16 2018previous versions