Privacy Policy & DPA

This Privacy Policy describes how Centify processes personal data when you use our websites and platform, and tells you about your privacy rights and how the law protects you.

1. Introduction

1.1 Identity and Contact Details of the Controller

Centify GmbH, Alter Güterbahnhof 5e, 22303 Hamburg, Germany (along with its affiliated companies within the meaning of §§ 15 ff. German Stock Corporation Act (AktG) involved in providing our products and services, hereinafter “Centify,” “we,” “our,” or “us”) is committed to protecting personal data in compliance with legal requirements. Contact: datenschutz@getcentify.com

1.2 Scope

We provide incentive commission management solutions exclusively to corporate customers, but these services are used by natural persons. Consequently, we process both company data and personal data. As our products and services may be available within the European Union (EU), the European Economic Area (EEA), or the United Kingdom (UK), we process personal data in accordance with applicable data protection laws and this Policy. We comply in particular with the European Regulation (EU) 2016/679 (GDPR).

1.3 Content

In this Policy, we explain how we process personal data when you use our websites (the “Centify Websites”) and our web application (the “Centify Platform”); the services provided through them are jointly referred to as the “Centify Platform Services.” We also address the use of cookies and similar website technologies.

1.4 Role

In the context of your interaction with the Centify Platform Services, we process specific personal data as a controller. Additionally, we also process personal data as a processor on behalf of our customers, based on a data processing agreement concluded separately with our customers.

1.7 Categories of Personal Data

We may process the following categories of personal data:

• Contact Data: First and last name, email and postal addresses, phone numbers, or social media profiles.
• Professional Data: Job title, role, employer, and in the case of job applications, CVs and cover letters with references.
• Communication Data: Personal data used in or attached to any form of communication, including calls, chats, emails, or attachments.
• Financial Data: Salary data, commission details.
• User Data: Personal data related to a personal profile on the Centify Platform (the “Centify Account”), such as UserID, optional profile pictures, mobile phone numbers, personal IBAN for payouts, etc.
• Marketing Data: Contact preferences, webinar/event registrations, attendance and participation information.
• Traffic Data: Data about the device or browser, data volume, date, time, and duration of access, and reference to specific Centify Platform Services or Cookie information.

2. Personal Data Collected from Data Subjects

The personal data we process depends on the specific service used and includes job applications, webchat and other communication, product demonstrations, customer onboarding, user registration and login, Centify Platform Services, notifications, customer support and success, integrations, marketing, and newsletter subscriptions (with double opt-in).

3. Personal Data Collected from Other Sources

We may also process personal data collected from customers (e.g. when a customer adds you as a user), other service providers, and publicly available sources to identify potential customers and partners.

4. Browsing Centify Websites

When accessing and browsing the Centify Websites, we may process traffic data and use cookies. Our consent management platform, accessible at any time, allows you to manage essential and non-essential cookies. Essential cookies are necessary for the safe and secure provision of the Centify Platform Services; non-essential cookies make using the services more user-friendly and help us evaluate usage.

5. Purposes of and Legal Basis for Processing Personal Data

We process personal data to provide services (Art. 6(1)(b) and (f) GDPR), improve services (Art. 6(1)(f) and (a) GDPR), ensure security (Art. 6(1)(f), (b) and (c) GDPR), comply with legal obligations (Art. 6(1)(c) and (f) GDPR), provide efficient support and communication, conduct marketing (with consent under Art. 6(1)(a) GDPR), and where you have given consent (Art. 6(1)(a) GDPR). For user invitations via email we use the sub-processor MailerSend, Inc., 228 Park Ave S, PMB 54955, New York, NY 10003-1502, USA.

6. Storage Period

Personal data will be deleted as soon as it is no longer needed for the intended purposes and any applicable retention periods have expired. We are required to retain personal data to comply with legal obligations under German commercial and fiscal law (HGB, AO), with retention periods ranging from two (2) to ten (10) years, and in some cases up to thirty (30) years for the preservation of evidence.

7. Data Processing in the EU/EEA and UK

The processing of personal data generally takes place within the EU/EEA and the UK. We may transfer personal data to partners in third countries (subject to an adequacy decision or standard contractual clauses) where necessary. We will provide a copy of these clauses upon request.

8. Automated Processing

In general, we do not make decisions based solely on automated individual decision-making and profiling within the meaning of Article 22 GDPR.

9. Protection of Personal Data

We store personal data within highly secure networks, accessible solely by designated employees bound by strict confidentiality obligations. In the event of a data breach, we will promptly notify the competent supervisory authority and any affected data subjects within the timeline set by the GDPR.

10. Your Rights

Subject to the respective legal requirements, you are entitled to the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and to object (Art. 21 GDPR), in addition to the right to withdraw consent at any time (Art. 7(3) GDPR). To exercise your rights, contact us at datenschutz@getcentify.com. You may also lodge a complaint with the competent supervisory authority (Art. 77 GDPR).

If personal data has been processed by us as a processor on behalf of our customers, please reach out directly to the relevant customer to exercise your rights related to such data.