B-Yond Privacy Policy
Last updated: August 03, 2022
B.Yond, Inc. ("B-Yond") herewith informs you about the processing of personal data for which B-Yond is the responsible controller according to the provisions of the EU General Data Protection Regulation (GDPR). Your data may also be processed by other companies belonging to the B-Yond group, whereas such data processing is based on Adequacy Decisions by the EU Commission and EU standard contractual clauses (with additional safeguards where legally required).
Apart from sending us a letter, you may contact us at any time via email at contact@b-yond.com.
You can reach our data protection officer by sending an email to dataprotectionoffcer@b-yond.com or by sending a letter to:
B-Yond, Inc
2295 Dallas Parkway, Suite 300
United States
Texas, Frisco
75034
Below you can find the most important information on the typical processing of your data, organized by affected user groups (groups of data subjects). For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, we refer to personal data within the meaning of the GDPR only.
Website Visitor User Groups include:
- B-Yond Account User, B-Yond Product Customer
- Newsletter Recipients
- Survey, interview, and usability test participants
- Job Candidates
- Help and Support Requesters
- B-Yond Social Media Pages Visitors
- Development Partners
- Rights of Data Subjects and Further Information
- Information for Non-EU und US Residents
1. Website Visitors
1.1 Server-log data
When using our websites, certain information is sent to the server of our websites by the browser used on your device for technical reasons. This data is stored and processed on our server.
(i) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website, and to manage cookies.
(ii) The data processed is HTTP data: HTTP data is protocol data that is generated when the Websites is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (for example: when requesting third-party content).
(iii) The legal basis for the processing of the abovementioned data is our legitimate interest in the operation of an online presence, communication with communication partners and internal compliance reporting (Article 6 para. (1) (f) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.
(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
1.2 Technically required cookies
We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Cookies that are technically required for the functioning of the websites cannot be deactivated via the cookie management function of the websites. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the websites may not or no longer function properly if you generally deactivate cookies in your browser settings.
a) Consent Cookies:
We use so-called Consent Cookies to store your consent, possible right to withdraw your consent, and opt-out of the use of cookies on our websites.
(i) The purpose of data processing is the storage of the user decisions on cookies (consent, withdrawal, opt-out).
(ii) The processed data are:
- HTTP data:
- HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type, and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
- User decision on cookies:
- User's decision on individual cookies or groups of cookies including the time of the decision and the last visit.
(iii) The legal basis for the processing is our legitimate interest of easy and reliable control of cookies settings in accordance with the respective user decisions and improving of user experience (legal basis: Article 6 para. (1) (f) GDPR).
(iv) The data is actively provided by the user (decision on cookies) or automatically transmitted by the user's browser (protocol data, timestamp).
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) Information about a users' decision to reject cookies is deleted at the end of the session. The remaining other data will be deleted after one year.
(vii) Without disclosure of personal data, the use of the website is not possible. Additionally, communication via the website without the disclosure of data is technically not possible.
b) Session Cookies:
We use Session Cookies on our websites. This enables us to save information about your customer account, individual settings, and certain user actions for the duration of your visit (for example, login and language settings).
(i) The purpose of data processing is to enable login, and user-specific settings (for example, language preference and payment processing).
(ii) The processed data are data concerning the customer account, language selection, country, and cookie settings.
(iii) The legal basis for the processing is the usage contract for visiting the website and our legitimate interest in the provision of the individual sessions for the users, including the cookies accepting/rejecting function, ,or the respective language setting function, each in accordance with Article 6 para. (1) (f) GDPR.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data is deleted after one year.
(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.
c) IT Security Cookies:
We use IT Security Cookies on our websites to protect our websites and our website visitors against IT Security attacks, like, for example, so-called cross-site request forgery attacks or other attacks by malicious visitors. Some attackers attempt to display fake requests to website visitors.
(i) The purpose of the data processing is to increase the IT Security of the website and our website's visitors and to prevent IT Security attacks.
(ii) The data processed are the IT Security test results and the HTTP log data. Wherever it is possible we use one-way hashes of certain test result values.
(iii) The legal basis for the processing is our legitimate interest in protecting our website and our website visitors from IT Security attacks (Article 6 para. (1) (f) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data is usually deleted at the end of the session.
(vii) Without disclosure of personal data, the use of the website is not possible. Additionally, communication via the website without the disclosure of data is technically not possible.
1.3 Tracking Cookies
We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use the processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Depending on their function and purpose, the use of certain cookies may require the user's consent. Your consent is given through a so-called "cookie banner": When you visit our websites, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. In the cookie settings section, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the websites.
2. B-Yond Account User, B-Yond Product Customer
(i) We process your data for the purpose of performing the obligations stemming from our contractual relationship and for license checks . This includes setting up and using your B-Yond Account for interactions with B-Yond as well as consulting, support, providing information about new features in the product and new products, and the analysis of the usage behavior of the software for product improvement. We also process your data for verification and authentication purposes and storing such authentication information. A change of these purposes is not planned.
(ii) The processed data includes: IP address, name and contact data, username, language settings, data of the registration of the B-Yond account, account events, communication data, usage data, and content preferences.
If you acquire a B-Yond product, the processed data also includes billing address and details, data of the registration of the B-Yond license, type of B-Yond Product, download data, account events including validation, timestamps,and details on your usage behavior related to the B-Yond products
You can change the contact data, account settings, and content preferences in your user account anytime.
(iii) The legal basis for processing the data of account users and customers who are natural persons is the contract with you (Article 6 para. (1) (b) GDPR) and legal obligations (Article 6 para. (1) (c) GDPR). The legal basis for the processing of contact data for account users or customers who are not natural persons is the legitimate interest, namely communication with the customer (Article 6 para. (1) (f) GDPR). The legal basis for information on products is the legitimate interest, namely advertising (Article 6 para. (1) (f) GDPR). The legal basis for the analysis of the usage behavior of the software is the legitimate interest, namely product and service improvement (Article 6 para. (1) (f) GDPR). The legal basis for the transfer of payment information to payment providers is the fulfillment of contract or legitimate interest of performing payments of our purchase transactions (Article 6 para. (1) (b) or (f) GDPR). The legal basis for the transfer of historic order and payment information to payment providers is your consent (Article 6 para. (1) (a) GDPR). The legal basis for keeping your data – which might be relevant for certain legal disputes – usually for three years (statutory limitation period), is the legitimate interest to defend us against possible claims (Article 6 para. (1) (f) GDPR). The legal basis for processing your data related to the skipping authentication cookie is your consent (Article 6 para. (1) (a) GDPR).
(iv) The IP address, the download data, the account events, and details on your usage behavior of the B-Yond software are transmitted automatically by your browser. The payment confirmation is provided via the payment processor. All other data is provided by you.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, such as a service provider, which enables installment payments, as well as other services providers for the provision, maintenance, and servicing of IT systems. Banks and payment providers may be recipients of data for the processing of payments and credit worthiness checks. In individual cases, data may be transferred to debt collection service providers, lawyers, and courts.
(vi) All data relevant to contracts and bookkeeping shall be stored for a period of ten calendar years after the contract's end in accordance with tax and commercial law retention periods. Data that become relevant for a defense against possible claims is stored for three years (statutory limitation). If you do not want your data to be included in softawareusage behavior analysis (conducted for product improvement purposes), you can prevent this at any time by yourself in the software preferences. Data relateing to user preferences to skipthe authentication cookie is stored for up to two years.
(vii) The provision of data is obligatory for account users to create a B-Yond account and for product customers based on statutory and contractual regulations. The contractual relationship cannot be established and carried out without providing data. If you choose to use this option, data are necessary for skipping the authentication process on certain devices. You can withdraw such consent at any time via removing the skip authentication cookie in the cookie settings in your browser.
3. Newsletter Recipients
If you subscribe to a newsletter, we will send you information about B-Yond and our products and partners. We also occasionally invite you to participate in surveys as part of our newsletter. If you participate in such surveys, the information in Section 4 applies, and we also monitor the reach and success of the newsletter.
If we have an existing contractual relationship with you and you did not optout, we may send you information about similar B-Yond products and services.
(i) In these events, we process your data for the purpose of sending the newsletter. We may also use your usage data to send you more relevant content.
(ii) The processed data are:
- name, email address
- HTTP data:
- This is protocol data that is technically required for opening the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type, and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
- Web Extend Identifiers
- These are pseudonymized identifiers such as external IDs or hashed email addresses
- Opening and reading times of the newsletter
(iii) If you subscribed to our newsletter, the legal basis for the processing of newsletter data is Article 6 para. (1) (a) GDPR (consent). If we have an existing contractual relationship with you and you did not opt out, the legal basis for processing newsletter data is Article 6 para. (1) (b), (f) GDPR, 7 German Unfair Competition Act (contract with you, legitimate interest about keeping you updated about our products). We may also process your usage data based on our legitimate interest in improving our newsletters, verifying mailing lists, and showing you more relevant content (Article 6 para. (1) (f) GDPR).
(iv) You provide your contact details yourself when you engage in a contractual relationship with us or subscribe to the newsletter; the further data for analysis is transmitted automatically by your browser and email client.
(v) We use service providers as processors within the framework of a data processing agreement for the provision and improvement of services, especially for the provision, maintenance, and servicing of IT systems.
(vi) Data regarding newsletters will be deleted when you unsubscribe from the newsletters (for example, via using the unsubscribe button in a newsletter or via the settings in your B-Yond Account). Data with regard to opening and reading times, will usually be deleted or anonymized after 13 months. The remaining data will be deleted after one year if we are not required to keep your data for legitimate interests (such as follow-up questions) or compliance with our legal retention obligations of the data.
(vii) Data is required to receive newsletters. Without providing data, they cannot be sent. A withdrawal of your consent is possible at any time. Please use the unsubscribe function in the newsletter.
4. Survey, Interview, and Usability Test Participants
(i) We process your data for the purpose of conducting surveys, interviews, and usability tests and the evaluation of the respective results.
(ii) Processed data include name (if it is provided), survey and interview content, timestamp of participation, and technical metadata pertaining participation.
(iii) The legal basis for data processing for the conduction and evaluation of surveys, other interviews, and usability tests is your consent (Article 6 para. (1) (a) GDPR) or, if you are a frequent tester, a contract (Article 6 para. (1) (b) GPDR). We may also process your mostly aggregated data with our legitimate interest of aligning and improving our products, services and customers' needs (Article 6 para. (1) (f) GDPR). The legal basis on keeping your data – which might be relevant for certain legal disputes - for three years (statutory limitation period) is Article 6 para. (1) (f) GDPR (legitimate interest to defend us against possible claims).
(iv) You provide your name and the survey, interview and usability test content yourself when you take part in the survey, interview or usability test; the further data is transmitted automatically by your browser.
(iv) We use service providers as processors within the framework of a data processing agreement for conducting and evaluating surveys, interviews and usability tests, as well as for the provision, maintenance and servicing of IT systems. A data transfer to the USA takes place, when we use the software of our service providers. This enables us to align and improve our needs of our customers and improve them. The basis for data processing in the USA is your consent (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. Enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future.
(v) If we are not required to keep your data for follow-up questions or compliance with our legal retention obligations, the data regarding surveys, other interviews, or usability tests will usually be deleted once the user testing contract with you has ended or one year after having taken part in a survey, interview or test, at the latest. Data that become relevant for defense against possible claims is stored for three years (statutory limitation). If you no longer wish to participate in surveys, you can use the unsubscribe button in the emails or change your settings in your B-Yond Account under "Personal Details".
(vi) Taking part in surveys, interviews, and usability tests is voluntary and not obligatory. The use of all B-Yond products and services is possible without taking part in surveys, interviews, and usability tests.
5. Job Candidates
(i) The purpose of data processing is the selection of job candidates. In addition, after the conclusion of an unsuccessful application procedure and with your consent, we may store your applicant data in our applicant pool for the purpose of contacting you again. In this case, we may also contact you in the future with suitable job offers that match your profile. There are no plans to change these purposes.
(ii) Processed data includes: name, contact data, communication details, job application documents including certificates and curriculum vitae, timestamp of communication as well as technical metadata of communication.
(iii) The legal basis is Article 88 GDPR and, in the event of requested inclusion in our applicant pool, Article 6 para. (1) (a) GDPR (consent).
(iv) You provide your application data and communication details yourself when you apply for jobs at B-Yond; the further data is transmitted automatically by your browser.
(v) Candidate's data will be transferred internally to the responsible employees in charge of the decision-making. We also use service providers as processors within the framework of a data processing agreement for the provision of services.
(vi) Candidate data is be deleted three months after the application process has ended. In the event of a requested inclusion in our applicant pool, your data will be deleted if you withdraw your consent or after two years.
(vii) The provision of personal data is required to examine the job application and, if applicable, the subsequent conclusion of an employment contract. Without personal data, a job application cannot be considered. However, applications can be submitted without providing information that has been marked as voluntary. If you do not give your consent to the inclusion of your applicant data in our applicant pool, this will not result in disadvantages for you in future application procedures.
6. Help and Support Requests
(i) The purpose of the processing is to provide you with a knowledge base and contact support regarding sales questions and technical support requests.
(ii) The data processed includes:
- Login data of the B-Yond Account:
- To provide you with our support regarding your technical requests, you have to log into your B-Yond Account. Otherwise, we cannot help you with your specific question.
- Name and contact data (email, phone, fax, and, as applicable, social media information)
- Description of your support request, including corresponding data files and metadata
- B-Yond Products you are using:
- To provide you with the relevant information, we need to know which B-Yond Products you use.
(iii) The legal basis is the existing contract with you relating to the B-Yond account and products (Article 6 para. (1) (b) GDPR) and our legitimate interest to provide our users with a knowledge base, a support contact, and our legitimate interest in analyzing and evaluating support requests (Article 6 para. (1) (f) GDPR). We may also process your pseudonymous data with our legitimate interest of aligning and improving our products, services, and customers' needs (Article 6 para. (1) (f) GDPR). The legal basis on keeping your data – which might be relevant for certain legal disputes - for three years (statutory limitation period) is the legitimate interest to defend us against possible claims (Article 6 para. (1) (f) GDPR).
(iv) You provide the data yourself, if you send us an inquiry.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance, and servicing of IT systems.
(vi) Your data will be deleted after you deleted your B-Yond Account or your request has been resolved from our active systems. All contractual data and data relevant for accounting is stored for 10 calendar years. Data that becomes relevant for defense against possible claims is stored for three years (statutory limitation).
(vii) The processing of the data is necessary to help you with your inquiries. If the data is not provided, we cannot provide you with the service of our help center.
7. B-Yond Social Media Pages Visitors
B-Yond operates social media sites. Social media pages are run by service providers who process data for providing such sites.
(i) The purpose of data processing on our social media sites is to provide you with interesting content and to interact with you on social media platforms. Depending on the social media service usage data may also be analyzed to improve our social media presence.
(ii) The data processed includes content and usage data on such social media pages.
(iii) Information and data displayed or shared on B-Yond’s social media sites may be accessible to the applicable provider of the social media platform, its users, and B-Yond (or engaged service providers).
(iv) Further details on data processing on the respective social media sites can be found on the respective social media pages and this Privacy Policy.
8. Development Partners
(i) The purpose of the processing is the preparation and execution of a contractual relationship, other communication or improving B-Yond products.
(ii) The data processed includes: contact data (name, contact details, GitHub name, organization, B-Yond Account information), data about development activities, license contract data, usage data (such as: usage data of B-Yond products).
(iii) The legal basis for processing the data is a starting or existing contractual relationship (Article 6 para. (1) (b) GDPR, for contracts with legal persons Article 6 para. (1) (f) GDPR with legitimate interest, namely communication with contact persons relevant to the contract). We may also process your data based on statutory obligations, such as tax and commercial law (Article 6 (1) (c) GDPR) and legitimate interests, including the verification of your contact data, documentation of the communication, and improving B-Yond products (Article 6 para. (1) (f) GDPR).
(iv) You provide data yourself. Further data is transmitted automatically by your browser.
(v) Contact and contract data can be transmitted to other service providers, business partners, as well as offices and authorities if necessary for the execution of the contract. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance, and servicing of IT systems.
(vi) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract.
(vii) The processing of contact data on the part of the service providers and business partners is necessary to execute the contract. If the data is not provided, the communication may be considerably disturbed.
9. Rights of Data Subjects and Further Information
(i) We do not use any methods of automated individual decision-making.
(ii) You have the right to request information at any time about all your personal data which we are processing.
(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
(iv) You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
(v) If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
(vi) You have the right to object to the processing insofar as the data processing is based on profiling or direct marketing purposes.
(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
(ix) If we process your data on the basis of a declaration of consent, you have the right to withdraw your consent at any time with future effect. The processing carried out prior to a withdrawal remains unaffected by such withdrawal.
(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.
10. Information for Non-EU and US Residents
B-Yond generally falls within the scope of the GDPR, which is why we have aligned the drafting of the entire Privacy Policy with the provisions of the GDPR. However, other local privacy laws may be additionally applicable in individual cases if you are a non-EU/EEA resident and visit the B-Yond websites or online presences and interact with B-Yond products, services, or communities. We will provide additional information on such local laws via separate information where required.
11. Information Regarding the Processing of Personal Data from Children Under 13 Years
(Under Children's Online Privacy Protection Act, COPPA)
B-Yond does not knowingly collect or use personal data from children under 13 years without obtaining verifiable consent from their parents. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this privacy policy by instructing their children never to provide personal data without their permission.