PRIVACY NOTICE AND Legal Information
Layer 2 GmbH (“Layer2”) maintains a website with the URL: www.layer2solutions.com. The following is to provide information regarding the collection of personal data when using this website. Personal data refers to any and all data that identify you as a natural person by referring, for example, to your name, address, email addresses, or user behavior.
Your data will be collected, processed and used in accordance with the provisions of the German Telemedia Act (Telemediengesetz, TMG) and data protection law, in
1. Collection of personal data when using the website for information purposes
(1) When using the website for information purposes only, meaning when you do not register to use our website or transmit any information otherwise, we do not collect personal data except for the data which your browser will transmit to facilitate your visit of the website. These are:
- IP address
- date and time of enquiry
- time-zone difference to Greenwich Mean Time (GMT)
- content of request (specific page)
- access status/http status code
- data volume transferred each time
- website from which the request was made
- operating system and interface
- language and version of browser software
(2) Also, when using the website, cookies are saved on your computer. Cookies are small text files allocated on your hard drive to the browser that you use which forward specific information to the site that places the cookies (in this case, Layer 2). A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. Cookies cannot execute programs or deliver viruses to your computer. They serve the purpose of making the Internet offer a more user-friendly and efficient experience overall.
- Transient cookies (temporary use) are deleted automatically when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests by your browser can be assigned to the shared session. As a result, your computer can be recognized when you return to the website. Session cookies are deleted when you log out or close your browser.
- Persistent cookies (use for a limited time) are automatically deleted after a predetermined time, which can vary depending on the cookie. You can delete these cookies any time in the security settings of your browser.
- Cookies in connection with third-party services, as described below.
- Flash cookies used are not recorded by your browser, but by your Flash plugin. These cookies store the necessary data regardless of the browser you are using and have no automatic expiration date. If you do not wish Flash cookies to be processed, you must install an appropriate add-on.
- Web beacons are electronic signs (also called "Clear GIFs" or "Web Bugs") that allow us to count the number of users who have visited the website.
You can configure your browser settings as you wish and, e.g., refuse the acceptance of third-party or all cookies. Information on the management and deletion of cookies as well as corresponding instructions for common browsers are also available at www.meine-cookies.org. Please note, however, that you then may not be able to use all the functions of this website.
(3) This information is stored separately from any other data possibly provided to us. The data of the cookies are not linked to your other data.
2. Collection of personal data during the personalized use of this Website
(1) Next to the use of our website for information purposes only, we offer different services and products that you may use. To benefit from this offer, you must provide additional personal information which we use to render the individual service. Wherever it is possible to provide additional voluntary information, this is marked accordingly. We only collect, process and use such personal data of yours which are necessary for you to register and use this platform or which you yourself provide on the platform. These data consist of the following inventory data and usage data which are necessary for you to enter into an agreement for use of the platform, and for us to provide the platform to you in accordance with such agreement:
- name of company
- name (comprising salutation, title, first name, surname and gender)
- telephone number
- fax number
- email address
- user’s registration and login data
- user’s bank details
- value added tax identification number (optional)
3. Erasure dates
Inventory data is deleted two years after the termination of the contractual relationship at the end of the calendar year, unless it needs to be stored for a longer period and this is permitted by law.
4. Statistical anonymized analysis of user data
We are entitled, for the purpose of promotion, market research or tailoring the website to meet your requirements, to create a user profiles using an alias, unless you object. In particular, we analyze the user data for statistical purposes anonymously, to tailor the platform to suit the individual user’s needs. You may object to such use of your personal data by notifying us accordingly.
5. Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how you as a user, use the site. The information generated by the cookie about your use of this website will usually be transmitted to, and stored by, Google on servers in the United States. If IP anonymization has been activated on this website, Google will truncate your IP address in Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of this website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.
(2) Google will not associate your IP address with any other data held by Google within the context of Google Analytics.
(4) To opt out of data collected by cookies and the use of website-related data (including your IP address) to Google as well as the processing of data by Google, download and install the add-on for your current browser plug-in available at the following link:
(5) This website uses Google Analytics with the add-on “_anonymizeIp()”. This process truncates IP addresses, which excludes any direct reference to natural persons.
(6) The use of Google Analytics is subject to the requirements that German data protection authorities have agreed to with Google. Information of third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
- Google overview data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
- Google data privacy: http://www.google.de/intl/de/policies/privacy
6. Use of etracker
(1) This website collects and stores data for marketing and optimization purposes using technology by etracker GmbH (www.etracker.com). From these data, user profiles can be created under an alias. Cookies may be used for this. Data collected using etracker technology will not be used without the express, specifically extended approval of the party concerned, to personally identify visitors to this website and will not be merged with the personal data regarding the bearer of the alias. The collection and storage of data can be objected to any time effective for the future.
7. Use of ZenDesk
We host our Knowledge Base Articles unter https://layer2solutions.zendesk.com. The provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA.
The legal basis for the processing of your data is our legitimate interest as defined in Art. 6 Sect. 1 lit. f GDPR.
As a U.S.-based provider, Zendesk is Privacy Shield certified, which means that the company undertakes to comply with the EU data protection regulations. In addition, we have executed a contract data processing agreement with Zendesk (Data Processing Agreement, DPA). This ensures that Zendesk processes the user data received only within the framework of the EU data protection standards and exclusively for the processing of inquiries and that Zendesk will not share these data with third parties.
For more information, please consult Zendesk’s Privacy and Data Protection Terms at: https://www.zendesk.com/company/privacy-and-data-protection/
8. Email newsletter
(1) Subject to your separate consent, we may send you information about our offers and products as well as general customer information (newsletter) by email. Your consent will be recorded and you may retrieve the content of such approval as well as this notice any time. You may revoke your consent any time effective for the future.
(2) To email our newsletter, we use products by EWORX NETWORK & INTERNET GMBH and for this, we transfer your data which are required to send the email, to this provider.
(3) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For the evaluations we link the data mentioned in paragraph 1 and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests. We link this data to actions taken by you on our website. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously.
9. Use of Google AdSense and Bing Ads
(1) This website uses Google AdSense and Bing Ads as online advertising services.
(2) When visiting our website, the providers receive information that you prompted our website. To do this, the providers will place a cookie on your computer. The information listed under item 1 of this statement is transmitted. Also, so-called Web Beacons (invisible images) are used to analyze your user behavior on this website. These services will not associate your IP address with any other data held by these providers within the context of Google Analytics. We cannot influence the data collected, nor are we aware of the full scope of the data collection. These data will be transmitted to the United States and analyzed there. It is possible that these data will be forwarded to contract partners of the providers and to official authorities.
(3) You may prevent the placement of cookies from Google AdSense in various ways: a) by selecting the appropriate settings of your browser software, especially blocking third-party cookies will prevent you from receiving ads from third parties; b) by deactivating interest-based ads at Google via the link http://www.google.de/ads/preferences; however, this setting is deactivated when you delete your cookies; c) by deactivating interest-based ads of those providers who are members of the self-regulating About Ads campaign, via the link http://www.aboutads.info/choices; however, this setting is deactivated when you delete your cookies; d) by permanently deactivating them on your Firefox, Internet Explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin.5. However, please note that if you do this you may not be able to use the full functionality of this offer.
(4) Additional information about the purpose and scope of data collection and their processing as well as further information about your rights and settings options to protect your privacy are available from:
a) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; privacy terms for ads: http://www.google.de/intl/de/policies/technologies/ads and information about DoubleClick Cookies: http://support.google.com/adsense/answer/2839090
b) Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; https://privacy.microsoft.com/privacystatement.
10. Social media plug-ins and third-party services
A) Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Google+, Twitter, LinkedIn. Wherever we use social media plug-ins, we apply what is called a two-click solution: When you visit our website we initially do not forward any personal data to the providers of these plug-ins. You recognize the plug-in providers by the mark of the first letter in the greyed-out box. Only by clicking on a plug-in do you activate it, which automatically transmits personal data to the respective provider, where it is stored (for US providers, in the USA). We cannot influence the data collected or data processing operations, nor are we aware of the full scope of the data collection, of its purposes or of data-retention periods. Since the provider collects data from cookies especially, we recommend that you delete all cookies before clicking on the greyed-out box in the security settings of your browser.
(2) If you activate a plug-in the plug-in provider is informed that you prompted the respective subpage of our online offer. Also, the information named above in item 1. (1) of this privacy statement is transmitted, whereby in the case of Facebook and Xing, according to the individual provider, only an anonymized IP address is collected in Germany. This is regardless of whether you have an account with this provider and are logged in, or not. If you have logged in with the provider these data are attributed directly to your account. If you click on the activated button and e.g. link the page the provider stores this information, too in your user account and publicly informs your contacts of this. If you do not wish this to be attributed to your profile with the provider, you must log off before activating the button.
(3) The provider stores these data as user profiles and uses them for the purpose of promotion, market research and/or to tailor the design of its website to your requirements. This analysis is done specifically (even for users who are not logged in) to present demand-actuated promotions and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the individual provider.
(4) Further information about the purpose and scope of data collection and processing by the individual provider is available in the privacy statements of these providers listed below. These statements also include additional information about your rights and settings options to protect your privacy.
(5) Addresses of the individual providers and URL plus privacy statements:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other applications plus http://www.facebook.com/about/privacy/your-info everyone info.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
B) Embedding third-party services
(1) We have embedded YouTube videos in our online offer which are stored at http://www.YouTube.com and which can be played directly from our website. All YouTube videos are embedded under the “extended data privacy mode”, meaning that no data about you as a user are transmitted to YouTube unless you play the videos. Only when you play the videos are the data as listed in paragraph 2 transmitted. We cannot influence this data transfer. We have also embedded the following third-party content on this website: Google Maps.
(2) When visiting the website, third-party providers receive information that you prompted the respective subpage on our website. Also, the information listed in 1.(1) of this statement is transferred. This is regardless as to whether this third party provides a user account via which you are logged in or if there is no user account. If you have logged in with the plug-in provider these data are attributed directly to your account. If you do not wish this to be attributed to your profile with the third-party provider, you must log off before activating the button.
(3) The third-party provider stores these data as user profiles and uses them for the purpose of promotion, market research and/or the demand-actuated design of its website. This analysis is done specifically (even for users who are not logged in) to provide demand-actuated advertising. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective third-party provider.
(4) Further information about the purpose and scope of data collection and processing by the individual third-party provider is available in the privacy statements of these providers listed below. These statements also include additional information about your rights and settings options to protect your privacy.
(5) Addresses of the individual providers and URL plus privacy statements:
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.
In the course of processing personal data we use subcontractors and conclude contracts with these contract data processors in accordance with the requirements of Art. 28 GDPR.
We use Microsoft Azure (Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Irland) to host the platform on our behalf.
12. Use of the scheduling platform "Calendly“
On our website, you can directly schedule a meeting with one of our sales agents. For this scheduling, we use the online calendar platform “Calendly” which is an external service of Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309, United States.
We will store your information and data you provided on the Calendly form in order to process your request and for further queries that may occur in the future. The data remains stored until you ask us to delete it, you withdraw your consent for the storage or the purpose of the storage ceases to apply. Mandatory legal requirements – in particular, retention periods – remain unaffected.
13. Protection of personal data
We pursue technical and organizational measures in accordance with the requirements under Art. 32 GDPR to protect the user’s personal data. All our employees who have been entrusted with processing personal data of the platform are committed to maintain data secrecy. Users’ personal data are HTTPS-encrypted during transmission to the platform.
14. Layer2 Licensing Telemetry
Our providers and the OEM drivers from CData in the Layer2 Cloud Connector Enterprise Edition do communicate the usage (version, anonymized machine ID, core count, and license key) to our servers and/or Microsoft Log Analytics for license compliance and usage analytics. Core components of telemetry include:
- OEM license (identical for all Layer2 provider)
- Driver Version information
- Java Runtime Information (i.e. JRE version) or .NET version as applicable
- Number of queries & affected rows
- CPU Core count
This does not affect the functioning of the drivers in any way. If for instance, the request is blocked, the driver will continue to function.
The Personal and Professional Editions Providers of the Layer2 Cloud Connector V 9.6.5 and earlier do not communicate any usage, licensing or telemetry data to Layer2 or any other party.
15. Legal grounds
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing.
- Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
- In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
- Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
- The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
- The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 para. 1 lit. f GDPR GDPR.
- After your registration for our newsletter we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 letter f GDPR serves as the legal basis for processing.
If the processing of personal data is based on Article 6 I lit. f GDPR, it is in our legitimate interest to conduct our business for the well-being of all our employees and our shareholders.
16. Rights of data subjects
The user and other data subjects may demand from us the following rights in respect of their personal data:
- Right of access by the data subject (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure ('right to be forgotten') (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to revoke consent given at any time without affecting the legality of the processing carried out on the basis of the consent until revocation, if the data processing is based on consent pursuant to Art. 6 para. 1 lit. a or Article 9 para. 2 lit. a GDPR.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
17. Reference to the right to object under Art. 21 GDPR
A) Right to object on grounds relating to your particular situation
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e (puplic interest) or lit. f (legitimate interests) of Article 6 para. 1, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
B. Rigth to object relating to direct marketing
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data is no longer be processed for such purposes.
C) Exercise of the right of objection
The right of objection can be exercised informally, by mail to Layer 2 GmbH, Wendenstrasse 21 b, 20097 Hamburg or via E-Mail to [email protected].
18. No automated individual decision-making / no profiling
We do not make automated decision making or profiling.
19. Service Provider / Responsible Agency / Contact Information / Objection / Revocation of Consent
The service provider in accordance with § 13 of the German Tele Media Act (Telemediengesetz, TMG), and responsible body in accordance with Art. 4 No. 7 GDPR other data protection laws and other provisions of a data protection nature in force in the Member States of the European Union is:
Layer 2 GmbH, Wendenstrasse 21 b, 20097 Hamburg, Email: [email protected]
Any and all requests for information, correction and erasure, objections or the revocation of a consent, the enforcement of the right to restrict the processing of data or the right of data portability as well as comments or questions on behalf of the user in relation to privacy must be sent to this address.
20. Data protection authorities and right to appeal
The data protection authority competent for us to whom a complaint can be submitted for the violation of privacy rights, is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Klosterwall 6 (Block C), 20095 Hamburg
Tel: +49 (0)40 / 428 54 - 4040
Email: [email protected]
21. Data protection officer
You can contact our data protection officer via [email protected] or by using the address mentioned in the imprint.
From time to time it may be necessary to adjust the content of this privacy statement. We therefore reserve the right to change this statement any time. We will transmit the amended version of this privacy statement by email to registered users prior to such statement coming into effect and will publish the amended version precisely where this privacy statement was previously published.
We value your privacy at Layer2. We comply with the European Union's Global Data Protection Regulation (GDPR). All data will only be processed as documented here and not stored, processed or analyzed for purposes beyond that.
Personally identifiable information
The person which registers for a Layer2 Smoove account maintains ownership of the provided personally identifiable information and is eligible to retrieve it or demand deletion at any time, by contacting us at [email protected] Access to the data is restricted to Layer2 employees who work on maintaining, supporting or administrating Layer2 Smoove. All Layer2 personnel with access to personally identifiable information is trained in privacy protection and has signed a confidentiality agreement. We are advised by a data protection supervisor. Processing of the data is performed at European Microsoft Data Centers and at the Layer2 GmbH site in Hamburg, Germany. We commit to report data breaches to the supervisory authority and affected customers, who will be contacted using the email address of their account.
The following personally identifiable information will be stored as long as you have a Layer2 Smoove account:
- Email address
- Given name
- Phone number
Hosting and Physical Security
To keep your data secure and private, we store all data encrypted using 256-bit AES. We host Layer2 Smoove in the Microsoft Azure cloud, in data centers located in Europe. Microsoft strives to provide the best security and protection in their cloud offerings. The Azure platform provides a lot modern industry standard security measures by default. Microsoft Azure Cloud servers run in secure data centers, and access to them is restricted to authorized personnel only. Microsoft Azure Cloud implements the best security practices and complies with a wide set of national, regional, and industry-specific requirements and security standards. Including, but not limited to SOC 2, ISO 27001.
Access to the Layer2 Smoove system is restricted to the Hypertext Transfer Protocol Secure (HTTPS), so the all data transmissions are encrypted by TLS end-to-end encryption with strong encryption keys of 128 bits or more. All interactions between our web-interface and backend Application Programming Interfaces (APIs) are also HTTPS-protected.
We allow signing in by creating an account with username and password. Passwords are not stored on Layer2 servers, only the a secure hash is stored.
Third party systems
For authentication on third party systems, we use the secure industry standard Open Authentication 2.0 protocol (OAuth 2.0). This ensures that you do not have to provide any of your third party system credentials to Layer2 Smoove. Access to the third party system is therefore restricted to what you have consented to and is revokable at any time.
In order to provide access to Layer2 Smoove, we may collect the following types of information:
While you use Layer2 Smoove, we may send a small file to your browser to identify it. This is called a "cookie". We use this identification to improve the quality of our service. We do not link this information with any of your account data, so that it remains anonymous.
During your interaction with Layer2 Smoove, we collect information about web requests, which includes the time, Internet Protocol adress, browser type and parts of the data wich is transferred. These logs are used to identify and fix failures and provide support. They are stored for maximum period of 30 days and they will be deleted completety afterwards.
Emails that you send to us are stored to provide support and enable us to process your inquiries.