Data Protection Information

Effective Date 17/04/2025

Download

Playbook GmbH
Playbook GmbH ("we," "our," or "us") is committed to protecting the personal data of our customers, partners and their affiliates in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). This document explains how we collect, use, and safeguard personal data in the context of visiting our website.

This Data Protection Information applies for the following services:
‍https://www.getplaybook.com/, https://www.playbk.io/?lng=de.

‍1. Who we are and how you can contact us

Playbook GmbH, located at Urbanstr. 71, 10967 Berlin, Commercial Register: AG Charlottenburg (Berlin) HRB 226474 B, represented by Dr. Nikolai Wessendorf as Managing Director, is responsible for handling your personal data in any relation with us. 
If you have any questions regarding the processing of your personal data by us and the associated rights as well as other data protection notices and suggestions, you can contact our data protection officer at any time in confidence by email to datenschutz@playbk.io or by mail to the above postal address, using the reference "Data Protection Officer".

2. Personal data – information that relates to you
While visiting the Playbook website, we rely on the handling of personal data to make our site available and be able to interact with you. Personal data can be information that directly identifies you, such as your name. In addition, information, which only makes you identifiable together with further details, is also personal data (e.g. your IP address). We classify the personal data that we process from you in the following categories:

3. What we use your personal data for‍
‍
‍3. 1 When you visit our website
‍When you access the website, Access Data is sent automatically from your browser to the server of our website.
This connection data comprises what is known as HTTP header information, including the user agent, and includes in particular:
- IP address of the requesting device,
- Method (e.g. GET, POST), date and time of the request,
- Address of the requested website and path of the requested file,
- If applicable, the previously visited website/file (HTTP referer),
- Information about the browser used and the operating system,
- Version of the HTTP protocol, HTTP status code, size of the file delivered,
- Request information such as language, type of content, coding of content, character sets,
- If applicable, the username used in the case of authentication for directory password protection.
This is necessary to ensure a smooth connection of the website and a comfortable use of the website and to ensure and optimize the security and stability of the system.
The legal basis for data processing is Art. 6 (1) lit. f GDPR, whereby our legitimate interest results from the need to present our website to you in a functional and secure manner in accordance with your expectations.

3.2 When you contact us over the website 
‍Insofar as we offer you the possibility to contact us via a form provided on the website or book a demo, it is necessary for you to provide your name and email address (Master Data) in order to respond to your contact inquiry. You may provide further information (optional), such as company details and phone number. Any communication content will only be processed for the purpose of handling your request.The legal basis for data processing when contacting us is a legitimate interest according to Art. 6 (1) lit. f GDPR; our legitimate interest lies in answering and processing your request, for which the temporary storage of data is also necessary. If you contact us for the purpose of initiating a contract (e.g. product inquiry), the legal basis is the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR.We regularly delete personal data that we collect from you in connection with a contact request as soon as your request has been processed. For more information on the storage period, please refer to section 5 of this data protection information.

3.3 Commercial communication via email‍Registration
‍We offer you the possibility to enter your contact data (Master Data) on the website so that we can contact you in the future with information about current products, services and promotions of Playbook (e.g. product updates, events etc.). Signing up to receive advertising and information by email is in principle done using what is known as a double opt-in process. This means that after subscription you will receive an email in which you are asked to confirm your subscription. This is necessary so that no one can register with other people's email addresses. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address (Log Data). Likewise, changes to your data stored with the dispatch service provider are logged.

If you are contacted by email or telephone, the legal basis for the data processing is your consent in accordance with Art. 6 Para. 1 lit. a, 7 GDPR, which we obtain separately from you. You can unsubscribe from our newsletter at any time. Each email includes a link that allows you to opt out easily. Alternatively, you can let us know via the contact details provided above or in the commercial communication email. The legal basis for the processing of access data for logging purposes is a legitimate interest pursuant to Art. 6 (1) f GDPR, which arises from the need to properly document and, if necessary, prove the declarations made and actions taken.

When you enter into a contract with us for the use of the “Playbook” software, we may also use your contact details to keep you informed about relevant product updates and related services by email as part of our customer retention marketing. These emails may include news, special offers, promotions, as well as feedback or satisfaction surveys.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, in conjunction with Section 7 (3) of the German Act Against Unfair Competition (UWG). This permits the use of customer data for direct advertising where a legitimate interest exists.
‍
You can object to the use of your data for marketing purposes at any time—either by clicking the unsubscribe link included in every email or by contacting us directly using the details provided above (e.g., via email or regular mail). No charges apply other than standard transmission costs.
‍
To improve our communication with you, we use the Customer Relationship Management (CRM) service provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA (“HubSpot”). We use HubSpot to integrate contact forms, manage and respond to your inquiries, and organize communication with you in connection with our products, services, or website. This includes handling general and specific queries as well as providing support through contact forms or email.
‍
We process your data solely for the purpose of communicating with you and providing the best possible support. If you prefer not to share your information via HubSpot, you may contact us through alternative channels such as by post.
HubSpot also uses cookies and similar technologies to analyze usage and improve our services. For more information on this, please refer to our Cookie Policy.
‍
Data collected through HubSpot may be transferred to a HubSpot server in the USA and stored there. In the event that personal data is transferred to the USA or other third countries, HubSpot Inc. has certified its compliance with the EU-U.S. Data Privacy Framework. Therefore, the data transfer takes place based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
‍
For more information, please refer to HubSpot’s Privacy Policy.
Please note that we do not track or analyze individual user behavior, such as open or click rates, in connection with these emails.

4. Cookies
‍For detailed information on the use of Cookies on our services please refer to our Cookie Policy 

5. Online Presence on Social Media
We operate online presences on various social media platforms to engage with customers and interested users and to share information about our products, services, and activities.
As a rule, user data is processed by the respective social networks for their own purposes, particularly for market research and advertising. This often involves the creation of user profiles based on interests and interactions. For these purposes, cookies and other technologies may be stored on users’ devices. These profiles enable the delivery of interest-based advertising both within the platform and across third-party websites.
In connection with our social media accounts, we may receive aggregated insights and analytics from the platform operators. These statistics can include demographic data (such as age, gender, region), engagement metrics (e.g., likes, comments, shares, video views), and information on the reach of our content. Such insights help us understand which content resonates with our audience and allow us to optimize our communication and presentation accordingly.In some cases, these analytics are collected under joint responsibility with the platform provider. If applicable, we provide a link to the relevant agreement below.
The legal basis for processing your personal data in this context is Art. 6 para. 1 lit. f GDPR, reflecting our legitimate interest in effective external communication and marketing. In cases where we interact with you directly (e.g., through messages or to respond to specific inquiries), the legal basis may also be Art. 6 para. 1 lit. b GDPR, particularly if the communication is related to an existing or potential contractual relationship.
If you have a user account with a social network and interact with our presence, we may be able to view information you have made public, such as your name, profile image, or shared content. Depending on the platform’s features and your settings, we may also contact you, typically via direct message or by commenting on your posts. Any further processing of this information by us outside the platform (e.g., storing it in our systems) is then carried out under our own responsibility and in accordance with Art. 6 para. 1 lit. b GDPR.
Please note: the primary responsibility for any processing of your personal data on the platforms lies with the respective provider. For detailed information on how your data is collected and used by each social network, including how to exercise your rights or object to data processing, please refer to the privacy policies linked below.If you have any data protection concerns related to your use of a social media platform, we recommend that you contact the provider directly, as only they have full access to your user data.
Below, you will find an overview of the social media platforms where we maintain a presence, along with links to their privacy notices and relevant agreements:
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Operation of the LinkedIn company page in joint responsibility based on an agreement on the joint processing of personal data (the Page Insights Joint Controller Addendum): https://legal.linkedin.com/pages-joint-controller-addendumInformation about the processed Page Insights data and contact options in case of data protection inquiries: https://legal.linkedin.com/pages-joint-controller-addendumPrivacy policy: https://www.linkedin.com/legal/privacy-policyOpt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Xing/Kununu (XING SE, Dammtorstraße 30, 20354 Hamburg)Privacy policy / Opt-out: https://privacy.xing.com/de/datenschutzerklaerungInstagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Instagram business account on the basis of an agreement on the joint processing of personal data (so-called Page Insights Controller Addendum): https://www.facebook.com/legal/terms/page_controller_addendumInformation about the processed Page Insights data and how to contact Facebook in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_dataPrivacy policy: https://help.instagram.com/519522125107875Opt out (explanation): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE
- Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)Privacy policy: https://policies.google.com/privacyOpt out: https://www.google.com/settings/ads.

‍6. With whom we share your personal data
We only share the personal data we collect when there is a valid legal basis under data protection law. This is particularly the case when:you have given your express consent pursuant to Art. 6 para. 1 lit. a GDPR;
- disclosure is necessary for the establishment, exercise, or defense of legal claims under Art. 6 para. 1 lit. f GDPR, and there is no overriding legitimate interest on your part against the disclosure;
- we are legally required to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, for instance in response to official requests, court orders, or legal proceedings aimed at enforcing or defending rights;
- it is legally permissible and necessary to fulfill a contract with you or to carry out pre-contractual measures upon your request, in accordance with Art. 6 para. 1 lit. b GDPR.
In certain cases, your data may also be processed by service providers who support us in fulfilling our contractual and legal obligations. These include, among others, hosting providers for our website and databases, software and IT service providers, agencies, market research firms, affiliated companies, and consulting firms. These third parties are engaged solely for the specific tasks assigned to them. We carefully select and commission our service providers, ensure they are contractually bound to follow our instructions, verify they have adequate technical and organizational measures in place to protect your rights, and carry out regular monitoring.

7. Transfer of Data to Third Countries
As outlined elsewhere in this privacy policy, we sometimes use services from providers based in so-called third countries—i.e., countries outside the European Union (EU) or European Economic Area (EEA)—or where personal data is processed in such regions. The level of data protection in these countries may not always be equivalent to that of the EU.
If no adequacy decision has been issued by the European Commission for a particular country under Art. 45 GDPR, we ensure an adequate level of data protection through appropriate safeguards. These may include the use of Standard Contractual Clauses (SCCs) issued by the European Commission or Binding Corporate Rules (BCRs) adopted by the service provider.
If such safeguards are not in place, we rely on exceptions provided under Art. 49 GDPR, such as your explicit consent or the necessity of the data transfer for the performance of a contract or to take pre-contractual steps at your request.
In cases where data is transferred to a third country without an adequacy decision or sufficient safeguards, it is possible that local authorities (e.g., intelligence agencies) may access your data for monitoring purposes. In such instances, the enforcement of your data subject rights may not be fully guaranteed. You will be informed of this risk when your consent is obtained through the consent banner.

‍8. Data Retention
‍We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected. Once these purposes have been fulfilled, your data will be deleted immediately, unless we are legally required to retain it, need it for the establishment or defense of legal claims, or another lawful basis applies to the continued storage in a specific case.
For instance, for legal documentation and evidence in civil claims, we retain contract-related data for three years following the end of the calendar year in which our business relationship ends. This aligns with the general statutory limitation period for civil claims.
In addition, we may be legally obliged to retain certain data for accounting and regulatory purposes, in compliance with the requirements of the German Commercial Code (HGB), Tax Code (AO), Banking Act (KWG), Money Laundering Act (GwG), and Securities Trading Act (WpHG). Depending on the applicable law, these retention periods range from two to ten years.
‍Your personal data may be transferred to other recipients, such as public authorities in order to comply with statutory notification obligations (e.g. social security institutions, tax authorities or law enforcement agencies) or to other companies in connection with company transactions or restructuring (e.g. for due diligence, transfer of business).‍

‍9. Your Rights
‍In addition, you have the right to obtain information about your personal data processed by us at any time under the conditions of Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right of rectification, deletion, limitation of the processing or opposition to the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details.Within the scope of your right to information, you may request a copy of your personal data. Data copies are generally made available in electronic form unless you have indicated otherwise. The first copy is free of charge for you, for further copies a reasonable fee may be charged. The provision shall be subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy.Under the conditions of Art. 16 GDPR, you may immediately request the correction of incorrect or incomplete personal data stored by us.In addition, under the conditions of Art. 17 GDPR, you may, in principle, request the deletion of your personal data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.Pursuant to Art. 18 GDPR, you may also demand that the processing of your personal data be restricted if you dispute the accuracy of the personal data stored by us or if you have objected to the processing pursuant to Art. 21 GDPR. In this case, we have to limit processing of your data for the duration of the examination of your request. You can also demand the restriction if the processing is unlawful, but you refuse to have your data deleted or you need your data stored with us to assert, exercise or defend legal claims. Under the conditions of Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or, as far as technically feasible, to request the transfer directly to another responsible person. This right to data transfer exists only if the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and is carried out by automated means. The restrictions of Art. 20 (3) and (4) GDPR must be considered.If we process data based on a consent given by you, you are also entitled to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This also applies to declarations of consent issued to us before the GDPR came into force, i.e. before 25 May 2018. Your withdrawal means that we will not continue the data processing, which until then was based on this consent, for the future. Please contact our Data Protection Officer regarding your data protection rights. The contact details can be found under section 1 of this data protection information.
To the extent necessary to pursue the processing purposes described above, we may transfer your personal data to service providers as data processors according to Art. 28 GDPR in the United States of America ("US”) and South Africa (SA). Regarding the transfer to the US and SA, there is no adequacy decision by the European Commission within the meaning of Art. 45 (1) GDPR. Therefore, we together with the service providers have concluded EU standard data protection clauses in accordance with Art. 46 (2)(c) GDPR. You may request a copy of these agreements from our data protection officer (for contact details, refer to section 1 of this data protection information).

Your Right To Lodge A Complaint With A Supervisory Authority
‍If you are of the opinion that the processing of your personal data by us violates the provisions of data protection law, you also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, workplace or place of presumed infringement, pursuant to Art. 77 GDPR. The competent supervisory authority for Playbook in Berlin, Germany is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin, Germany
Email: mailbox@datenschutz-berlin.de

‍Right to withdraw consent and right to object
You have the right to withdraw any consent given at any time with effect for the future (e.g. via an unsubscribe link provided in every advertising email). If data processing is made for direct marketing purposes, you may object to the processing at any time with effect for the future. If you object, your data will no longer be processed for these advertising purposes. 
You may object to the processing of your data on grounds relating to your particular situation, insofar as we process them for our legitimate interest according to Art. 6 (1)(f) GDPR. In the event of objection, we shall refrain from any further processing of your data unless it is necessary for overriding, compelling or legitimate reasons or for the assertion, exercise, or defense of legal claims. Insofar as we process your data on the basis of Art. 6 (1) (f) GDPR for direct marketing purposes, you may object to this processing at any time without stating reasons; this also applies to profiling, insofar as it is associated with direct marketing. If you object to processing for direct marketing purposes, we will no longer use your personal data for these purposes. If you wish to exercise your right of objection, please contact our Data Protection officer or us. The contact details can be found under section 1 of this data protection information.
Please contact our Data Protection Officer regarding your data protection rights. The contact details can be found under section 1 of this data protection information.
‍
10. Updates to This Data Protection Information
‍We may update this document to reflect changes in our practices, legal requirements, or operational needs. Any changes will be communicated through our website or other appropriate channels.
Effective Date: 17/04/2025