Data Privacy Policy

Download as PDF

Version: January 2019

By providing the following information, we want to give an overview of the processing of your personal data which is carried out by us and of your rights under the data protection law in the framework of the contractual relationship with Maltego Technologies GmbH (registered in the Commercial Register of the District Court under HRB 236523, hereinafter referred to as "Maltego"). Which data is processed specifically and in what way it is used substantially depends on the ordered services. Therefore, not all parts of the provided information may apply to you. 

1. The data protection controller is Maltego Technologies GmbH, Thomas-Wimmer-Ring 17, D - 80539 Munich, Email: contact@maltego.com, Phone: +49 (0) 89 24418490. Especially with regard to data protection issues, you may also contact the Data Protection Officer at contact@maltego.com at any time.

2. We process personal data which we receive from our customers or other parties concerned in the course of our business relationship. In the context of the business relationship you are obliged to provide such personal data which is required in order to enter, conduct or terminate a business relationship and to perform the corresponding contractual obligations or such personal data which we are legally obliged to collect. Without this data we shall regularly not be able to conclude a contract with you or to conduct or terminate such a contract. 

3. For the performance of the contract we process the following information:

  • Your contact details (especially title, first name, last name, email address, address, telephone numbers, position, company details),
  • Your payment information (bank details),
  • Your data provided in the context of search queries with our software (IP address, contents of the search input, date and time of the request, operating system and Java Virtual Machine information, language and version of the browser software).

4. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) for the performance of contractual obligations (Article 6 (1) sentence 1 lit. b of the GDPR).

The processing of data is carried out in order to provide goods and services in the course of the performance of the contracts with our customers or the performance of pre-contractual measures that are provided upon request. The purposes of the processing primarily depend on the actual product (e.g. distribution of software licenses) and can include, inter alia, needs analysis and consulting.

5. To the extent necessary for the performance of our services, we also process personal data which we obtain from public sources (e.g. the press, internet) or which is transferred to us by affiliated companies of Maltego or other third parties (e.g. a credit reporting agency). 

6. We also process personal data based on your consent (Article 6 (1) sentence 1 lit. a of the GDPR). If you give your consent to the processing of personal data for a specific purpose (e.g. disclosure of data to subcontractors, evaluation of license and payment data for marketing purposes, newsletters) the processing is considered lawful based on your given consent. Declarations of consent must be given freely. The declaration of consent must indicate the purpose of the processing of data. If you have given your consent to the processing of your data, you may withdraw your consent at any time without having to provide reasons. The lawfulness of processing based on an effectively given consent remains unaffected until the time the consent has been withdrawn. 

7. The processing of your personal data can also take place if this is necessary to realise the legitimate interests of Maltego (Article 6 (1) sentence 1 lit. f of the GDPR). Legitimate interests exist for example, if we assert a legal claim against you or we need to defend ourselves in a legal dispute. The processing of personal data on the basis of a legitimate interest shall not take place if there is an indication that the interest in the processing is overridden by your legitimate interest in that particular case. The existence of legitimate interests shall be assessed in each case of processing.

8. Within Maltego, your data may only be accessed by those who need this data to fulfil our contractual and legal obligations. Service providers and vicarious agents can also receive data for this purpose. These are companies in the categories IT-services, logistics, debt collection, consulting as well as sales and marketing. We only pass on your personal data to third parties, if:

  • you have explicitly given your consent to this in accordance with Article 6 (1) sentence 1 lit. a of the GDPR,
  • this is permitted by law and - in accordance with Article 6 (1) sentence 1 lit. b of the GDPR - necessary to process contracts we concluded with you,
  • in case there is a legal obligation to transfer personal data according to Article 6 (1) sentence 1 lit. c of the GDPR, and
  • the transfer pursuant to Article 6 (1) sentence 1 lit. f of the GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in not passing on your data.

9. We partially use external service providers to process your data. These have been carefully selected and commissioned by us. They are bound by our instructions and controlled regularly. As far as our service providers or partners have their registered office in a country outside the European Union (so called third countries), we will provide information on the consequences of this fact beforehand. A transfer to third countries is carried out, as far as

  • this is required for the (partial) provision of the contractual performance (e.g. search queries with our software), or 
  • you have given your consent. 

To the extent that this is necessary, your personal data is transferred to an IT-service provider in the United States or another third country in order to ensure the IT operations in compliance with the European data protection level.

10. Maltego uses the payment service provider Stripe and Zuora for billing purposes. During the order process, the contact details provided by the Maltego user as well as information regarding the order (first name, surname, address, email address, telephone number, bank account number, bank identification number, possibly credit card number, invoice amount, currency and transaction number) are transmitted to the payment service provider that was chosen by the Maltego user in accordance with Article 6 (1) sentence 1 lit. b of the GDPR. The transmission of data takes place only for the purpose of payment processing with the payment service provider and only to the extent necessary. Personal data is transmitted to the USA by the use of Zuora and Stripe. Zuora and Stripe are certified under the EU-US-Privacy Shield. Therefore, the legal requirements for the adequacy of the level of data protection in accordance with Article 45 of the GDPR have been met. The relevant privacy statements and contact details of the payment service providers are listed at the end of this privacy policy.

11. Maltego uses the service provider SendGrid to send order confirmations. For this purpose, the first name and surname as well as the email address provided by the Maltego user are transmitted to SendGrid in accordance with Article 6 (1) sentence 1 lit. b of the GDPR. The transmission of data takes place only for the purpose of sending order confirmations and only to the extent necessary. The processing of this data can be objected to at any time by sending a message to SendGrid. Personal data is transmitted to the USA by the use of SendGrid. SendGrid is certified under the EU-US-Privacy Shield. Therefore, the legal requirements for the adequacy of the level of data protection in accordance with Article 45 of the GDPR have been met. SendGrid processes all data in compliance with the European standards for data protection. The privacy statement and contact details of SendGrid are listed at the end of this privacy policy.

12. Maltego uses a software provided by the service provider Freshworks to manage customer relationships. This software enables Maltego to manage and view all customer- and sales-related activities, in particular the entire communication (via email, chat, telephone, newsletter or contact form) by using one service only. The software manages the following personal data: First name and surname, user name, email address, telephone number, company, industry. Personal data is transmitted to the USA by the use of Freshworks. Freshworks is certified under the EU-US-Privacy Shield. Therefore, the legal requirements for the adequacy of the level of data protection in accordance with Article 45 of the GDPR have been met. If the customer objects to the use of the services of Freshworks, the product shall not be used. The privacy statement and contact details of Freshworks are listed at the end of this privacy policy.

13. Maltego uses a software provided by the service provider Keylight to manage the online shop as well as the customer and order data. The software manages the following personal data: first name and surname, user name, email address, telephone number, orders, order number, encrypted password. The privacy statement and contact details of Keylight are listed at the end of this privacy policy.

14. We adhere to the principles of data avoidance and data minimization. Therefore we store your personal data only for as long as required to achieve the purposes mentioned here or for the duration of the diverse storage periods specified by the legislator. After the respective purpose has ceased to exist or after the expiry of these storage periods, the corresponding data is blocked or deleted routinely and in accordance with the legal provisions.

15. Your data will no longer be used and will be deleted after the contract with you has ended. Exceptions are only the use for recovery measures to the extent permitted by law or statistical evaluations or market research, provided you have given your consent. Apart from that, your data is stored only for as long as this is necessary to observe statutory obligations to archive and to retain the data. 

16. We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against access by unauthorized third parties. Our security measures are continuously improved in line with technological development.

17. You have the right:

  • to access information on your personal data which has been processed by us in accordance with Article 15 GDPR. In particular, you may access the information on the purposes of processing, the categories of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the envisaged period of storage, the existence of the right to rectification, erasure, restriction of processing data or objection, the existence of the right to lodge a complaint, the source of your data, insofar as it was not collected on our part, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information on the details;
  • to claim rectification of inaccurate personal data or the completion of incomplete personal data that is stored with us in accordance with Article 16 GDPR;
  • to claim the erasure of the personal data stored with us according to Article 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • to claim the restriction of processing of your personal data according to Article 18 GDPR as far as the accuracy of the personal data is contested, the processing is unlawful but you oppose to the erasure and we no longer need the data, but you require them for the establishment, exercise or defense of legal claims or you have objected to the processing of your personal data in accordance with Article 21 DSGVO;
  • to receive the personal data you provided to us in a structured, commonly used and machine readable format or to claim the transmission to another controller according to Article 20 DSGVO;
  • to withdraw your given consent at any time by notifying us in accordance with Article 7 (3) GDPR. This has the consequence that we cannot continue the data processing which was based on this consent in the future and 
  • to complain with a supervisory authority in accordance with Article 77 GDPR. In general, you may turn to the supervisory authority of your habitual residence or your place of work or of the locations of our law office.

18. Information on your right to object in accordance with Article 21 of the GDPR 

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning yourself which is based on Article 6 (1) sentence 1 lit. f of the GDPR (processing on the basis of a balance of interests).

In case you object we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning yourself for such marketing purposes. 

19. This Privacy Statement is currently valid and is dated as of January 2019. We reserve the right to adjust this Privacy Statement occasionally to make sure it always complies with the current legal requirements or to implement changes to our services in the privacy statement, for example, if new services are introduced.

20. For the performance the services of Maltego, personal data of Maltego users are transmitted to the following third parties for the following purposes:

Third Party name:

Purpose of the processing: 

Categories of personal data: 

Legal basis:

Name and address of the service provider:

Privacy statement and contact details:

Freshworks

Management of customer relationships, newsletter distribution, management of inquiries via the contact form of the website 

Customer data

Performance of contract, Article 6 (1) sentence 1 lit. b of the GDPR 
 

Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA 

https://www.freshworks.com/privacy/

support@freshworks.com

Keylight

Management of the online shop and the user accounts 

Customer data, contract data

Performance of contract, Article 6 (1) sentence 1 lit. b of the GDPR 

Keylight GmbH, Nürnberger Straße 8, 10787 Berlin, Germany

https://www.keylight.de/de/privacy-policy

privacy@keylight.de

SendGrid

Sending order confirmations 

Customer data 

Performance of contract, Article 6 (1) sentence 1 lit. b of the GDPR 

SendGrid Inc., 1801 California St 500, Denver, CO 80202, USA

https://sendgrid.com/policies/privacy/

datasubjectrequests@sendgrid.com

dpo@sendgrid.com

Stripe

Payment processing 

Credit card information, customer data, contract data 

Performance of contract, Article 6 (1) sentence 1 lit. b of the GDPR 

Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA 

https://stripe.com/de/privacy

info@stripe.com

Zuora

Management of billing data and subscriptions 

Customer data, contract data

Performance of contract, Article 6 (1) sentence 1 lit. b of the GDPR 

Zuora, Inc., 3050 S. Delaware Street, Suite 301, San Mateo, CA 94403, USA

https://www.zuora.com/privacy-statement/

support@zuora.com