Legal Notice

Mooncamp GmbH
Im Mediapark 5
50670 Cologne
Germany

Register Court (Handelsregister): Amtsgericht Köln, HRB 100526
Managing Directors (Geschäftsführer): Daniel Breucker
VAT-ID (Ust.-Id): DE328858964

Email: info@mooncamp.com

Responsible for content according to § 55 Abs. 2 RStV:
Daniel Breucker (Address as above)

Disclaimer

We assume no liability for the content of websites linked to us.
The owners of these linked websites take sole responsibility for their contents.

General Terms and Conditions

1. Scope of application, privacy policy, current version

1.1 The following General Terms and Conditions (hereinafter referred to as "Terms of Service") govern the contractual relationship between Mooncamp GmbH (hereinafter "Mooncamp") and the respective companies in accordance with § 14 BGB (German Civil Code) (hereinafter referred to as "user") and their employees in terms of section 4.1 who would like to use the HR platform for goal management and project management, feedback and employee development (hereinafter "platform"; as exemplified under the domain app.mooncamp.com) provided by Mooncamp.

1.2 Furthermore, the privacy policy applies.

1.3 The version of the terms of service valid at the time of conclusion of the contract is binding.

2. Subject matter of the contract

2.1 Mooncamp offers various services on the platform in connection with the management and handling of employees (hereinafter "services"). Among other things, goals (OKRs), check-ins and surveys can be created on the platform. The scope of use of the services can be selected by the user within the context of various subscriptions in accordance with section 3.2 and results from the service description in the version applicable at the time of conclusion of the contract.

2.2 Mooncamp is entitled to make changes to the content or functionality (e.g. through patches, updates or modifications) of the services that are reasonable, taking into account the interests of the user. Mooncamp is also entitled to have parts or all of the services provided by third parties, in particular subcontractors.

2.3 The user may test the services free of charge for fourteen (14) days after successful registration in accordance with section 3.1.a. The user shall not be entitled to use the services after this period. Subsequently, the use of the services shall be blocked for the user, unless the user concludes a paid subscription pursuant to section 3.2.

3. Registration and its Requirements, Conclusion of Contract, Right of Use, Test Period, Conclusion of a Subscription

3.1 Registration on the platform takes place by opening an account on the platform and agreeing to these Terms of Service:

1. In the registration form, each user must provide a valid email address. By submitting the completed registration form, the user creates a user account (hereinafter "account") and submits his or her offer to enter into a contract for the use of the platform. If Mooncamp accepts this offer by sending a confirmation email and the user subsequently confirms his or her registration by selecting the code listed in the confirmation email (double opt-in), a contract for the use of the platform is concluded between the user and Mooncamp (hereinafter "usage agreement"). A registration that the user does not confirm within one week by clicking on the activation link can be deleted by Mooncamp.
2. Each user may only register once. One account must be created per user. An account is not transferable.
3. Within the first fourteen (14) days after successful registration in accordance with section 3.1.a, the user may use the services with limited functionality free of charge (hereinafter "test period"). Mooncamp is entitled to terminate the test period at any time or to further restrict the services during the test period.

3.2 A checkout process on the platform is available to the user for the conclusion of the contract. The conclusion of the contract within the checkout process on the platform is governed by the following section 3.3. Mooncamp also offers users individual quotes upon request. In this case, the contract is concluded by the user's acceptance of Mooncamp's individual quote in accordance with section 3.4 below.

3.3 The conclusion of a paid subscription within the checkout process on the platform is carried out as follows:

1. The user first selects a subscription. The user enters his or her contact details, email address and the data required for the payment method. Before sending the booking, the user can check all the data previously entered by him or her again and, if necessary, correct it by entering other data or delete the data entered in the respective input field.
2. A booking is only possible if the user has agreed to the validity of these terms of use. By sending the booking, the user makes an offer to book a paid subscription.
3. Mooncamp accepts the booking by sending a confirmation email to the user or by requesting payment from the user, thereby booking a paid subscription based on these terms of use. If Mooncamp does not accept the user's offer within five (5) business days, this is considered a rejection of the offer with the consequence that the user is no longer bound to his declaration of intent.

3.4 Mooncamp provides users with individual contract quotes (hereinafter "quote") for the conclusion of subscriptions upon request. Unless otherwise specified in the quote, quotes are valid for 30 days. The conclusion of a subscription comes into effect through the customer's acceptance of the quote in text form.

3.5 There is no claim to the conclusion of a user agreement or a subscription. Mooncamp reserves the right to refuse the registration and the conclusion of a subscription without giving reasons.

3.6 Contracts may only be concluded by legal entities with unlimited legal capacity and only in their own name and for their own account. Only entrepreneurs within the meaning of § 14 BGB (German Civil Code) may register as users. The registration as a legal entity or partnership as well as the administration of an account may only be carried out by persons who act as legal representatives or other authorized persons of the legal entity or partnership on its behalf and will. To verify the authorization according to the previous sentence, Mooncamp will request additional documents (e.g. power of attorney, written permission, etc.) from the user if necessary.

3.7 The data requested when concluding a contract must be provided completely and truthfully. If the data changes subsequently, the user is obliged to update the information immediately. Upon request of Mooncamp the user has to confirm the data.

4. Up- and Downgrades

4.1 The upgrade of a subscription to a higher-value subscription and the addition of further user licenses (hereinafter "upgrade") shall be possible at any time. In the event of an upgrade, the current term shall be adopted for the upgrade. Payment for the higher-value subscription or license shall be made on a pro rata basis in proportion to the remaining term of the contract.

4.2 The downgrade to a lower subscription and the termination of user licenses (hereinafter "downgrade") shall only be possible at the beginning of the next term. If the user performs the downgrade at an earlier point in time, the downgrade shall not commence until the beginning of the next term.

5. Employee Accounts

5.1 The user can activate his or her own employees (hereinafter referred to as "employees") under his or her account. For this purpose he invites employees to register on the platform.

5.2 The user warrants that he or she only invites people to the platform as employees if he or she is entitled to do so. Before sending the invitation, the user is obliged to ensure that the employee agrees to receive the invitation. In case the employee asserts claims against Mooncamp due to unsolicited sending of the invitation, the user indemnifies Mooncamp from all claims in connection with the sending of the invitation. Mooncamp reserves the right to assert further claims against the user from this circumstance.

5.3 In the registration form each employee has to create a password. By sending the completed registration form the employee will get access to their user account (hereinafter referred to as "employee account").

5.4 Access to the employee account is only permitted to natural persons with unlimited legal capacity and only in their own name. Employees must be at least 18 years of age at the time of registration.

5.5 The user can restrict or delete the employee account at any time via his or her account.

6. Prices and terms of payment

6.1 The conclusion of subscriptions for the use of the services is subject to a fee. The subscriptions shall be governed by (i) the service description currently in effect at the time of conclusion of a contract and the prices stated therein for the monthly or annual remuneration or (ii) the prices stated in the quote (hereinafter "remuneration").

6.2 For users based in Germany, all prices are exclusive of statutory value added tax. Users who are located outside of Germany are responsible for the payment of any applicable taxes and the payment of any applicable fees, such as VAT and customs duties. Users from other EU countries must provide their VAT ID during the booking process in order to carry out the reverse charge procedure.

6.3 The remuneration owed by the user is due for payment in advance at the beginning of the booking period.

6.4 The remuneration owed by the user can only be paid using the payment methods supported by Mooncamp. The supported payment methods are listed on the platform. Mooncamp reserves the right to exclude individual payment methods with respect to selected users, as far as a return debit note or cancellation of the payment or an insufficient coverage of the bank account to be debited is to be feared due to justified indications.

6.5 The user may be charged costs by third parties in connection with the use of the services (e.g. for the use of telecommunications networks); Mooncamp has no influence on such costs.

7. Rights to the contents of the user

7.1 The user grants Mooncamp the simple right of use (hereinafter "license") to the content (hereinafter "user content") posted by the user on the platform, which is unlimited in terms of territory and limited to the contractual term of the usage agreement as well as to the processing of the user content on the Mooncamp platform or the integrations used, insofar as this is necessary for the purpose of providing the contractual services described in section 2.1 of these terms of service. In particular, Mooncamp is entitled to technically edit, prepare and adapt the user content in such a way that it can also be displayed on mobile receiving devices.

7.2 The license ends when the user deletes his or her user content or account as well as upon termination of the usage agreement.

7.3 The user guarantees that he or she is the owner of the transferred rights and that it is possible for him or her to effectively grant the rights mentioned in clause 7.1. The user also guarantees that the created content does not violate any rights of third parties, in particular trademark, competition, copyright, property or personal rights.

8. Account use, Confidentiality, Sanctions and blocking of the account

8.1 The user/employee undertakes:

1. not to create any insulting, violence glorifying, discriminating, inhuman or slanderous contents
2. not to create pornographic or racist content;
3. not to create any content that violates youth protection laws or criminal laws;
4. not to carry out any actions that could block, overload or impair the proper functioning or appearance of the Platform (e.g. denial of service attacks or the uploading of viruses or other malicious code);
5. not to create untrue or unobjective content;
6. not to engage in unauthorised commercial communication (e.g. spam) on the Platform;
7. not to use automated mechanisms (such as bots, robots, spiders or scrapers) to collect content or information from other users or to access the platform in any other way without the explicit prior permission of Mooncamp;
8. not to obtain login information or access an account belonging to another user and not to collect, use or process data of other users without being authorized to do so;
9. not to use legally protected content without being authorized to do so;
10. not to advertise for a company for commercial purposes;
11. or to set links to such content;
12. to provide all data collected in the course of the conclusion of the contract truthfully and completely;
13. not to misuse the benefits of the services.

8.2 Mooncamp is entitled to block or delete content that violates the terms of service or legal regulations, that violates the applicable rules of politeness, etiquette, objectivity and respectful interaction, or that is otherwise offensive and/or improper. Mooncamp will subsequently obtain a statement from the user/employee and, based on the statement, re-evaluate the deletion/blocking decision.

8.3. If the user/employee violates the terms of use or legal regulations, or if there is any other important reason, Mooncamp may, in addition to Section 8.2

8.4 After a user/employee has been blocked, there is no entitlement to restoration of the blocked account/employee account. Once a user/employee has been blocked, this user/employee may also not log in with another account/employee account.

9. Confidentiality

9.1 The user/employee is obliged to keep the login data, passwords, etc. secret and not to pass on his access data to unauthorized third parties and to log off after each session. Declarations and actions which are made or committed after a login with the password and the email address of the user/employee can be attributed to the user/employee even if he/she has no knowledge of them. An attribution is made in particular if the user/employee provides third parties (including family members) with access to the password or the account/employee account intentionally or negligently. The user/employee has to inform Mooncamp immediately as soon as he/she becomes aware that unauthorized third parties have access to the access data and are aware of it.

9.2 In case of a justified suspicion that access data became known to unauthorized third parties, Mooncamp is entitled but not obligated for security reasons to independently change the access data without prior notice or to block the use of the account/employee account at its own discretion. Mooncamp will inform the user/employee about this immediately and will provide new access data on request within an appropriate period of time. The user/employee has no right to have the original access data restored.

10. Duration and termination

10.1 The usage agreement begins with the successfully completed registration in accordance with section 3.1.a and has an unlimited term. If the user does not book a subscription after the end of the test period, the usage agreement ends with the end of the test period.

10.2 The user may choose between different terms when concluding a subscription. The subscription shall be extended by the initial term in each case if it is not terminated with 30 days' prior notice to the end of the respective term. Upon termination of the subscription, the usage agreement also ends.

10.3 Notwithstanding the above provision, Mooncamp may terminate the subscription without notice if the user is in default of payment of the remuneration or a not insignificant part of the remuneration for two consecutive months or, in a period extending over more than two months, in default of payment of an amount equal to the remuneration for two months.

10.4 The right to terminate for good cause remains unaffected.

10.5 Any termination must be made in writing. For the notice of cancellation an email to info@mooncamp.com or any other communication in text form to Mooncamp is sufficient. Alternatively, the notice of cancellation can also be made via the user's account.

11. Settlement after termination

The personal data deposited by the user/employee and the account will be deleted by Mooncamp upon termination of the user agreement. If Mooncamp is obligated to store data for legal or other reasons, Mooncamp may alternatively also block the data; with loss of authority the data will be deleted by Mooncamp.

12. Availability

12.1 Mooncamp guarantees an availability of the services to 99% on a monthly average. This does not take into account scheduled maintenance times and downtimes which are not based on a breach of duty by Mooncamp, such as attacks on systems of Mooncamp by third parties, hardware failures through no fault of Mooncamp or cases of force majeure, as well as related unscheduled maintenance work. Through maintenance work, further development or malfunctions the possibilities of use can be limited or temporarily interrupted.

12.2 Scheduled maintenance work takes place regularly between 11 pm and 6 am (Central European time) and is announced to the user in the account at least 4 hours in advance. Scheduled maintenance work will affect the availability of the services for a maximum of 10 hours in a calendar month.

12.3 Mooncamp provides the services only on the platform. Errors or disturbances outside the sphere of influence of Mooncamp are not subject to the service obligation of Mooncamp. The user remains obligated to pay the corresponding remuneration in case of errors or disturbances which are not within the sphere of influence of Mooncamp.

12.4 It is the responsibility of the user to create, maintain, operate and, if necessary, update a sufficiently dimensioned hardware and software environment for the use of the services at his place.

13. Data protection

13.1 The personal data voluntarily provided by the user in the course of using the services will be used by Mooncamp exclusively in accordance with the provisions of the German Federal Data Protection Act (BDSG), the General Data Protection Regulation (EU-GDPR) and other applicable data protection regulations.

13.2 The processing of personal data is based on a separate data processing agreement (DPA) within the scope of a contractual relationship according to article 28 GDPR. The data processing agreement will be handed over to the user separately upon conclusion of the contract.

14. Limitations of liability

14.1 Subject to the further provisions of this section 14, Mooncamp is only liable if and as far as Mooncamp, its legal representatives, executives, employees or other vicarious agents are guilty of intent or gross negligence. However, in case of debtor's delay of Mooncamp or the impossibility of performance of services for which Mooncamp is responsible as well as in case of violation of essential contractual obligations (so-called cardinal obligations) Mooncamp is liable for each own culpable conduct or that of its legal representatives, executives, employees or other vicarious agents. In this context, essential contractual obligations are abstractly defined as those obligations whose fulfillment is essential for the proper execution of the contract and on whose compliance the user/employee may regularly rely.

14.2 Except in the case of intent or gross negligence of Mooncamp, its legal representatives, executives, employees or other vicarious agents, the liability of Mooncamp is limited in amount to the typically foreseeable damages at the conclusion of the contract.

14.3 The exclusions and limitations of liability regulated in the above clauses 14.1 and 14.2 do not apply in the case of the acceptance of explicit guarantees, in the case of claims due to the lack of warranted characteristics and for damages resulting from injury to life, body or health as well as in the case of mandatory legal regulations. Furthermore, the limitations of liability regulated in section 14.2 do not apply in case of a debtor's default of Mooncamp for claims for default interest, for the default lump sum according to § 288 para. 5 BGB (German Civil Code) as well as for compensation of the damage caused by default, which is based on the legal costs.

14.4 Claims according to the product liability law remain unaffected by the regulations of this section.

15. Online dispute resolution

Mooncamp hereby refers to the Online Dispute Resolution (OS) site of the European Commission with the following link: https://ec.europa.eu/consumers/odr/ Mooncamp is not responsible for the contents of this site or for the conduct of complaint handling procedures through this site.

Mooncamp is not responsible for the contents of this site or for the conduct of complaint handling procedures through this site.

16 Indemnification, Attribution of behaviour of employees

The conduct of the employees is attributed to the user. The user is liable to Mooncamp for the behavior of the employees. The user is responsible to Mooncamp for the fact that his or her employees act according to the contract and do not violate these terms of service, laws and/or rights of third parties in connection with the use of services. Violations of these regulations by the employees are attributed to the user, the user is in these cases the claimant of Mooncamp.

17. Assignment of claims

17.1 The user is only entitled to assign claims from or in connection with the business relationship with Mooncamp with the prior written consent of Mooncamp; § 354a HGB remains unaffected.

17.2 Unless otherwise regulated in the individual case, neither party is entitled to offset against claims of another party from this agreement or to assert a right of retention with regard to an obligation from the business relationship, unless the claims of the respective party asserting a right of offsetting or retention are ready for decision and undisputed or have been recognized by the other party or have been determined by a legally binding decision of a competent court or arbitration court. This restriction does not apply to synallagmatic, i.e. mutually dependent claims.

18. Exclusion of foreign general terms and conditions, Language, Contract text, Applicable law, Place of jurisdiction and place of performance

18.1 The validity of general contractual or business conditions of the user/employee is expressly excluded. This also applies if Mooncamp has not explicitly contradicted the terms and conditions of the user/employee and/or provides services without contradiction.

18.2 The registration, login and all conclusions of contracts between the user/employee and Mooncamp are exclusively in German language. The contractual language is German.

18.3 All contractual texts are accessible to the user/employee on the platform only in the current version. However, the respective text of the contract will be sent to the user by email and can be saved or printed out by the user.

18.4 These Terms of Service and the Usage Agreement as well as subscriptions regulated therein are subject to the law of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods.

18.5 If the user is a merchant in the sense of commercial law, a legal entity under public law or a special fund under public law, then the registered office of Mooncamp is the exclusive place of jurisdiction for all legal disputes arising from or in connection with the terms of use. In all other respects the legal places of jurisdiction apply.

18.6 In relation to entrepreneurs in the sense of § 14 paragraph 1 BGB the place of performance is the registered office of Mooncamp.

19. Amendment of these Terms of Service

19.1 Changes to these Terms of Service must be made in text form. No collateral agreements exist.

19.2 Mooncamp reserves the right to change these Terms of Service at any time without giving reasons, unless the change is not reasonable for the user/employee. Mooncamp will inform the user/employee about changes of the terms of use immediately by email. If the user/employee does not object to the validity of the changed terms of use within a period of four weeks after receipt of the changed terms of use, the changed terms of use are considered accepted by the user/employee.

19.3 If a provision of these Terms of Service is invalid, the remaining provisions shall remain unaffected. The invalid provision shall be deemed replaced by a provision that comes closest to the meaning and purpose of the invalid provision in a legally effective manner. The same applies to possible regulatory gaps.

Privacy Policy

We are pleased that you are visiting our website (hereinafter referred to as "website"). This data protection declaration also applies to our services on our platform (hereinafter "platform") and other online presences, such as our social media appearances. In the following, we inform you in detail about the type, scope and purpose of the personal data collected, used and processed by us and inform you about your rights as a data subject.

We reserve the right to change the privacy policy at any time with effect for the future. If you visit our website again, the updated and published data protection declaration will apply. The current version of the data protection declaration can be called up, saved and printed out at any time on our website.

With regard to the terms used (e.g. personal data, person responsible) we refer to the definitions of the General Data Protection Regulation (GDPR).

I. Name and address of the data controller

The data controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states is:

Mooncamp GmbH
Im Mediapark 5
50670 Cologne, Germany

Phone: +49 221 954 9095 0
E-Mail: info@mooncamp.com

II. Name and address of the data protection officer

The data protection officer of the data controller is:

Joel Schneider
c/o Mooncamp GmbH
Im Mediapark 5
50670 Cologne, Germany

E-Mail: privacy@mooncamp.com

III. General information on data processing

1. Scope of processing

As a matter of principle, we collect and use personal data only to the extent that this is necessary to provide a functioning website, contents and services, as well as when you have given your consent or the processing of the data is permitted by a legal regulation.

2. Legal basis for the processing of personal data

Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data which is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Legitimate interests in the processing

If the processing of your personal data is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest, unless otherwise stated, is the performance of our business activities. In all other respects, we have stated our purposes and interests in each case within the framework of the above list of processing.

4. Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you revoke your consent. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. If the purpose of storage ceases to apply, if you revoke your consent or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.

5. Recipient of the collected data / data transmission

Recipients of the data collected via our website are primarily us as a responsible company. In addition, any processors (web host, IT service provider, etc.) may have access to the data collected via our website. Compliance with the legal regulations is, however, ensured in this respect by means of data processing agreements which we conclude with our processors based in the EU. Data will only be transferred to so-called third countries outside the EU if and insofar as this has been pointed out below.

6. Need to disclose personal data

You can visit our website without personal data being collected. However, if you wish to make use of our services, the provision of personal data is mandatory for the execution of the contract.

7. Existence of automated decision making

We do not carry out automatic decision making or profiling in the sense of Art. 22 GDPR.

8. Data security

We secure our website and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement in order to guarantee the current state of the art.

IV. Data processing when using our website and our services

1. Access data in server log files

Our hosting provider automatically stores access data in so-called server log files every time our website and platform is accessed.

This includes the date and time of access, the browser used and its version, the operating system used, IP address and requested URL including sub-pages.

Temporary storage of the IP address by the system is necessary to enable delivery of the website and platform to your end device. For this purpose, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and log files is Art. 6 para. 1 lit. f GDPR.

This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and the platform, to improve the content and to transmit it to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems. For this purpose, the above-mentioned data is stored for a maximum of 7 days. Data whose further storage is required for evidence purposes will be stored until the respective incident has been finally clarified.

The collection of data for the provision of the website and the platform and the storage of the data in log files is absolutely necessary for the operation of our website and the platform. There is therefore no possibility of objection.

2. Use of cookies

When calling up our website, you will be informed about the use of cookies. You can declare your consent to the processing of personal data used in this context within the framework of the so-called cookie banner. In this context, there is also a reference to this privacy policy. You can revoke your consent at any time with effect for the future.

Many cookies contain a so-called cookie ID. It consists of a character string by which websites and servers can be assigned to a specific browser in which the respective cookie was stored.

We set the following cookies:

The purpose of using technically necessary cookies is to simplify the use of our website for you (e.g. your settings are saved). Some functions of our website cannot be offered without the use of cookies. For these it is necessary that your browser is recognized even after a page change. If cookies are not accepted or deactivated, the functionality of our website may be limited.

The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR.

In addition, we use cookies on our website which enable us to analyse your surfing behaviour. We inform you about these in the corresponding section of this data protection declaration.

Some third party services that we integrate may also use cookies. Please refer to the websites of the respective providers for information on how they work and how they process data. The services used by us can be found in this privacy policy.

When you access our website, you will be informed about the use of cookies.

The legal basis for the processing of personal data using cookies, which are not necessary for the operation of our website, is Art. 6 para. 1 lit. a GDPR, if you have given your consent to this.

Cookies are stored on your end device and transmitted to our website. You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general or set it so that the setting of cookies is prevented and thus permanently contradict the setting of cookies. In addition, you can delete already set cookies at any time via your browser. A comprehensive objection to online marketing cookies can also be declared at http://www.youronlinechoices.com/ This also applies to all third-party cookies listed below.

3. Data collection and use during registration and use of our services/use of our services

You have the possibility to register on our platform. When you create a user account or register, you must provide certain mandatory information in order to gain access to your user account and to manage it ("Mandatory Information"). Mandatory data within the scope of registration are marked and are required for the conclusion of the user contract. Which data is collected can be seen from the respective input forms. Within the scope of the registration these are: Your name and your e-mail address. You must also create a password. If you do not provide this data, you cannot create a user account.

The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

We use the information you provide to authenticate you when you log in and to respond to requests to reset your password, to verify your authorization to manage the user account, to enforce the Platform's terms of service and all related rights and obligations, and to contact you in order to send you technical or legal notices, updates, security messages or other messages concerning, for example, the management of the user account. We therefore only use the data you provide us with to process the contract and to provide our services to be rendered within the scope of the contract. We may also pass on your data to one or more processors who will also use your data exclusively for internal use on our behalf.

We also store your IP address and the date and time of registration in order to prevent misuse of our website and the services offered on it and, if necessary, to clarify any criminal offences committed. The storage of this data is therefore necessary for our own protection. The legal basis for this processing of personal data is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

Within the framework of the use of our services, we also use the data you provided during registration.

The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

In principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.

After complete processing of the contract or deletion of your account, your data will first be blocked for further use and then deleted after the legal retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you below.

You have the possibility to object to the processing at any time and to delete your account. In such a case the contractual relationship with you cannot be continued.

4. Data collection and use when using our services as employees

If you use our platform as an employee, your employer may collect data about you via our platform, e.g. through surveys. Your employer alone is responsible for this data collection and processing. In this case we only act as a processor for your employer and are bound by the instructions of your employer.

Your employer will provide you with further information on data processing by your employer when you use the platform.

5. Alternative login via Single-Sign-On (SSO)

Alternatively, you can also log in via Single-Sign-On with just a few clicks. An additional registration is not necessary in this case.

We will redirect you to the appropriate service after you have clicked the registration button. There you can log in with your existing login data. By logging in, your profile of the SSO service and our service will be linked together. Through the link we automatically receive your name and email address from the SSO service.

This information is mandatory for the conclusion of the contract in order to register and identify you. The legal basis for the processing of your data is accordingly the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

We use the following social log-ins on our platform:

Google Sign-In is a service of Google LLC (www.google.com), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The entity responsible for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

We process on behalf of our customers, the following categories of personal data when you use or interact with our products and services: email, profile information (e.g. name).

For more information about Sign in with Google, please see the Google Privacy Statement at: https://policies.google.com/privacy

Microsoft offers a sign in over its own software "Azure", which is operated by the Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). The security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

For more information about Sign in with Microsoft, please see the Microsoft Privacy Statement at: https://privacy.microsoft.com/de-de/privacystatement

The same provisions on revocation and deletion periods apply as for registration via our website in accordance with the above clause.

6. Integrations

Our customers have the option of activating third-party services through integrations, for example with the communications provider Slack or the SSO services described above.

In this case, additional information may be shared with the third-party providers. The third party providers usually clarify about shared information, but they are not explicitly controlled by Mooncamp. Third parties who have been granted access to additional information may have their own policies and practices regarding collection and use of the information. Please check the privacy settings and notices of third party services or contact the third party service provider if you have any questions. The decision to use a third party service provider is the responsibility of the customer.

In addition to the SSO services described above, integrations with the following service providers are currently offered:

Slack is a communication tool from Slack Technologies, Inc. (www.slack.com) , 500 Howard Street, San Francisco, CA 94105, USA.

For more information about Slack, please see the Slack Privacy Policy at: https://slack.com/intl/en-de/privacy-policy

Microsoft Teams is a communication tool from Microsoft Corporation One, Microsoft Way, Redmond, WA 98052-6399, USA („Microsoft“).

For more information about MS Teams, please see the Slack Privacy Policy at: https://learn.microsoft.com/en-us/microsoftteams/teams-privacy

7. Use of third-party tools

In order to provide and continuously improve our services, we rely on the services of the following third-party providers, through which personal data may also be processed. We have selected these third-party providers carefully and in accordance with the provisions of the GDPR.

a) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google LLC (www.google.com), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google Analytics"). The responsible body for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses methods that enable an analysis of your use of the website, in particular from which internet page you came to our website (so-called referrers), which subpage you access or how often and for how long you view a subpage. Google Analytics uses cookies for this purpose. Every time you call up a page of our website on which Google Analytics has been integrated, your browser on your end device is automatically prompted to transmit data to Google Analytics for analysis.

The generated information about your use of our website can also be transferred to a Google LLC server in the USA and stored there. The USA is an unsafe third country. However, the security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

By activating IP anonymization on our website, the IP address is shortened before transmission within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

Google will use this information on our behalf to evaluate the use of our website by you and our other users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR, provided that you have given your consent to this effect.

You can give your consent via our cookie banner and revoke it at any time in the settings with effect for the future.

The terms of use and privacy policy of Google and Google Analytics can be found here: https://policies.google.com/privacy or here http://www.google.com/analytics/terms/de.html .

b) Hubspot (CRM, Contact-Form and Newsletter)

We use Hubspot on our websites, a service provided by Hubspot Inc, a U.S. software company with a European office located at HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("Hubspot"). The information generated about your use of this site may be transmitted to and stored on a Hubspot server in the United States. The USA is an unsafe third country. However, the security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

We use Hubspot for analysis and marketing purposes and also use Hubspot to manage our customer relationship management (CRM) and to handle your inquiries through our contact form and newsletter.

Hubspot uses "web beacons" and "cookies" that are stored on your device and allow us to analyze your use of our site. Hubspot may use this information (e.g., IP address, geographic location, browser type, length of visit, pages viewed) to generate reports on our behalf.

If you contact us through our contact form, necessary information such as last name, first name, email address, phone number and the text you enter will be collected through our site to respond to your request.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR on the basis of our justified interest in effective customer service.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent via contact form, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.

We also store your data in Hubspot's CRM, which allows us to respond more quickly and efficiently to your requests. We therefore use Hubspot to improve our services and marketing.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR if you have given your consent to do so or, if a contractual relationship exists with you, the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. B GDPR.

You can give your consent via our cookie banner and revoke it at any time in the settings with effect for the future.

If you do not want HubSpot to record your data, you can prevent the storage of cookies at any time by changing your browser settings accordingly.

We also send our newsletter via Hubspot. To subscribe, you must provide us with your e-mail address. You can voluntarily provide us with additional information, such as your name. The registration is done in a so-called double opt-in procedure. After registering on our website, you will receive a confirmation email from us in which you must confirm your registration again. This entire process is documented and stored. This includes the storage of the registration and confirmation time as well as your IP address. The collection of this data is necessary so that we can trace the processes in the event of misuse of the email address and therefore serves as a legal safeguard. By subscribing to our newsletter, you agree to receive it.

The legal basis for the processing of your data after you have registered for the newsletter is Art. 6 para. 1 lit. a GDPR, if you have given your consent.

Your data will be stored on the servers of Hubspot in the USA. Hubspot uses this information to send and evaluate the newsletter. The evaluation is done on our behalf, but Hubspot may also use the data to ensure and improve the quality of its services.

You may withdraw your consent to the storage and use of your personal information to receive the newsletter and the analysis described above at any time with effect for the future. To revoke your consent, you can use the link provided for this purpose in the newsletter or notify us of your revocation by email to the following address: privacy@mooncamp.com.

Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your email address will therefore be stored as long as the subscription to the newsletter is active.

For more information, please refer to Hubspot's privacy policy https://legal.hubspot.com/de/privacy-policy .

c) Mail dispatch by Mailjet

If you register as a user on our platform, we will send you system and service emails. To send the system emails (e.g. reset password) and our other emails, we use the mailjet service, which is operated by Mailjet SAS, 13 - 13 bis Rue de l'Aubrac, 75012 Paris, France ("mailjet").

We use the system and service mails to send you the system and service mails to enable you to manage your user account with us.

mailjet may use the data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. to technically optimise the sending and display of emails or for statistical purposes. mailjet does not, however, use the data to contact you itself or to pass the data on to third parties.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR or if the processing is necessary for the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection or as soon as the contractual relationship with you is terminated.

Further information on data protection can be found in the data protection regulations https://www.mailjet.de/privacy-policy/ of mailjet.

d) Datadog Inc.

We use on our websites and our platform "Datadog", a service of Datadog Inc, 620 Eight Avenue, 45th Floor, New York, NY 10018, USA. The security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR. The information generated is processed in EU data centers.

We use Datadog to control and monitor the performance of our infrastructure, as well as for troubleshooting. The service collects IP addresses as well as tenant and user ID.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR or if the processing is necessary for the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

Further information on data protection can be found in the data protection regulations https://www.datadoghq.com/security/ by Datadog.

e) Usercentrics

We use "Usercentrics" on our websites, a service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. Usercentrics is a consent management service that is used to obtain consents required by data protection law. In this context, the following data are processed:

• Browser-Information
• Opt-in- and Opt-out-Data
• Website page path
• Geographic location
• Date of the visit
• Device Information

The legal basis for the processing of your data is Art. 6 para. 1 lit. c GDPR.

The data (consent and revocation of consent) is stored for as long as necessary for processing -- regularly this is three years.

f) Cloudflare

For security purposes and to provide static content (CDN), our websites and platform use the services of Cloudflare Inc, 101 Townsend St, San Francisco, USA. As part of the processing by Cloudflare, your IP address is collected and processed. This data may be transmitted to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in processing is to ensure the security and user-friendliness on our website for users.

g) Custify (Customer Service)

To assist our customers with the implementation of our Platform, we use Custify, a tool provided by Custify S.R.L, Zagazului Street, No. 4E Bucharest, Romania ("Custify"). For this purpose, when you use our Platform, your data such as name, email and IP address are transmitted to Custify.

The legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. The personal data are kept for as long as they are necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

7. Social Media

Besides this website, we also maintain presences in various social networks. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the data you specifically entered in this social network, further information may also be processed by the social network provider. Thus, your data is usually processed for market research and advertising purposes, among other things, to create corresponding user profiles and to display personalised advertising to you. For this purpose, the social network provider usually stores cookies on your end device, in which your usage behaviour and interests are stored. In addition, the social network provider may process the most important data of the computer system from which you visit it - for example your IP address, the type of processor used and browser version including plug-ins.

If you are logged in during your visit to such a network with your personal user account of the respective network, this network can assign the visit to your account. If you do not wish such an assignment, you must log out with your account and delete the cookies before visiting our social media presence.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR. Provided that you have given your consent for the processing to the respective provider of the social network, the legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR.

We maintain presences in the respective social networks in order to be able to communicate with you there and inform you about our services. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

For further information on the purpose and scope of data collection as well as on the further processing and use of your data and the possibility of opting out, please refer to the data protection regulations of the respective network:

Facebook

Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a data sharing agreement with Facebook pursuant to Art. 26 GDPR. For more information on shared data processing, please see the Facebook terms and conditions.

Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

Twitter

Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

LinkedIn

LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

Xing is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Privacy Policy and Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

8. Contact via Email

Due to legal regulations, we provide information on our website that enables rapid electronic contact with us and direct communication with us. This includes above all our email address. If you contact us by email, the personal data you provide will be stored automatically.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

However, we will use the personal data transmitted by you exclusively for the processing of your specific inquiry. The data provided will always be treated confidentially.

Your details may be stored in a customer relationship management system (so-called CRM system) or another organisation tool for customer data.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by email, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.

9. Payment service provider

We use the external payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland to process payments.

You provide the payment service provider with your inventory data, such as first name, last name, address, date of birth, gender, e-mail address, IP address, telephone number, cell phone number, as well as your bank details, insofar as they are necessary for processing the payment, e.g. account numbers, credit card numbers, passwords, TANs, verification numbers, expiration date and CVC code. Also necessary for the processing of the payment are such personal data that are related to your respective order, such as prices and tax charges or information on previous ordering behavior, which we transmit to the payment service provider.

The transmission of the data is solely for the purpose of payment processing. The legal basis for the transmission of data to the payment service provider is therefore Art. 6 para. 1 lit. b. GDPR, if the payment serves to fulfill a contract. Otherwise, we use external payment service providers on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR in order to offer you an effective and secure payment option.

We do not get access to the entered data, they are processed and stored exclusively by the payment service provider. The payment service provider may transfer your data to credit agencies for identity and credit checks and fraud prevention.

The terms and conditions of the payment service provider apply to the payment transactions. For further information on data protection, please refer to the Privacy Policy:

Stripe Payments Europe Ltd: https://stripe.com/en-de/privacy

V. Data subject rights

If your personal data are processed, you have the following rights as a data subject within the meaning of the GDPR:

1. Right to gain access to the stored personal data (Art. 15 GDPR)

You have the right to receive free information from us at any time about the personal data stored about you and a copy of this information. You also have a right to information regarding the following information:

• the processing purposes,
• the categories of personal data being processed,
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations,
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
• the existence of a right of rectification or erasure of personal data relating to them or of a right of opposition to or limitation of the processing by the controller,
• the existence of a right of appeal to a supervisory authority,
• if the personal data are not collected from the data subject: all available information on the origin of the data and,
• the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.

You also have a right of information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, you also have the right to be informed of the appropriate guarantees relating to the transfer.

2. Right of correction (Art. 16 GDPR)

You have the right to request the immediate correction and/or completion of incorrect or incomplete personal data concerning you. We must make the correction without delay.

3. Right to limit data processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period of time sufficient to enable the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to assert, exercise or defend legal claims.
• The data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right of deletion (Art. 17 GDPR)

You have the right to ask us to delete your personal data immediately if one of the following reasons applies and if the processing is not necessary:

• The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws the consent on which the processing was based pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, and there is no other legal basis for the processing.
• The data subject lodges an objection to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 para. 2 GDPR.
• The personal data were processed unlawfully.
• The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the personal data have been made public by us and if we, as data controllers, are obliged to delete the personal data pursuant to Art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary.

The right of erasure shall not apply insofar as the processing is necessary:

• to the exercise of the right to freedom of expression and information;
• to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health pursuant to Article 9 paragraph 2 letters h and i and Article 9 paragraph 3 of the GDPR;
• for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
• to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or limitation of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients.

6. Right to data transferability (Art. 20 GDPR)

You have the right to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance from us, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us.

Furthermore, when exercising your right to data transfer pursuant to Art. 20 para. 1 GDPR, you have the right to request that personal data be transferred directly from us to another responsible party, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

The right to data transferability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6, paragraph 1, letters e or f of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

You can contact us at any time to exercise your right to object.

8. Right to revoke a consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

[Deutsche Version anzeigen]