General Data Protection Policy

General Information

On our mission, to unleash the power of the self-employed and help them thrive, Jimdo offers the best website builder for the self-employed, a professional online store, and unique tools like the Legal Text Generator, and this is just the beginning. Jimdo continues to work every day to make business for the self-employed in the digital world as effortless as possible, by developing the tools that support them. The collection and processing of personal data, as well as the protection of the privacy of our Customers, Partners and Employees form an integral part of this mission. This General Data Protection Notice provides an overview of the general processing of your personal data by Jimdo. Specific Data Protection Notices, especially for customers of our online services, can be found here.

The Jimdo Applicant Data Protection Notice can be found here.

Contact information

Should you have any questions regarding this Privacy Policy or wish to assert your legal rights, you are welcome to contact our data protection experts in our Customer Service department at the following email/postal address:

Jimdo GmbH
Stresemannstraße 375
22761 Hamburg
privacy(at)jimdo.com

Jimdo has appointed a **Data Protection Officer **who can be reached at the following address: privacy(at)jimdo.com

Communication via Email, Contact Form and Telephone

Jimdo collects personal data which is voluntarily provided to us e.g. via contact form or email. Mandatory fields are marked as such, because in these cases we absolutely need that personal data in order to process your request or open an account, and it is not possible to process your request without this information. The specific data that is collected can be identified on the respective contact forms. We use the data you provide to process your inquiries in accordance with Art. 6 (1) (b) GDPR, insofar as your communication relates to a contract or it is a pre-contractual communication. Otherwise, we process your data in accordance with Art. 6 (1) (f)D GDPR to protect our legitimate interests in processing your request.

General Processing Activities

Jimdo processes your personal data in a lawful and transparent manner, in good faith and in accordance with European and respective national data protection laws (hereinafter the European General Data Protection Regulations is referred to as the “GDPR”) only to the extent and for as long as it is necessary for the performance of a contract with you or for the implementation of pre-contractual measures that are carried out at your request (Art. 6 (1) (b) GDPR), e.g. for conducting business; or where you have given appropriate consent to the processing (Art. 6 (1) (a) GDPR), e.g. for advertising; or where the processing is necessary for the protection of legitimate interests of Jimdo or third parties (Art. 6 (1) (f) GDPR), e.g. detection and elimination of misuse, defense in legal disputes, assertion of claims, prevention and investigation of criminal offenses; or where legal requirements exist (Art. 6 (1) (c) GDPR), e.g., for record keeping for commercial and tax purposes; or where the processing is necessary to protect the vital interests of the data subject or another natural person (Art. 6 (1) (d) GDPR), or where the data processing is in the public interest (Art. 6 (1)(e) GDPR).

If you do not provide Jimdo with the information required for this purpose, we may not enter into the business relationship requested by you, conclude the contract, or execute the order. We may also no longer be able to execute an existing contract and may be forced to terminate the contract.

Personal Data

Jimdo primarily collects data directly from you; in addition, in rare cases, data is also generated from public sources, such as registers and websites.

Personal data processed includes master data (e.g., names, addresses, and customer numbers), contact data (e.g., email addresses and phone numbers), contract data (e.g., services used, order history, contract content, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).

Jimdo only processes special categories of personal data pursuant to Article 9 GDPR if this processing is adequately described and protected in accordance with the GDPR, in particular via a data processing agreement.

Data Recipients

Jimdo undertakes to use only employees and cooperation partners for the provision of services who have been familiarized with the applicable data protection regulations through appropriate measures. Personal data is disclosed to third parties very restrictively, e.g. only where this is necessary for the fulfillment of the (pre-) contractual relationship or for the pursuit of our claims or if there is a legal obligation to do so, as well as in certain cases at the legitimate request of a government agency. In the course of processing, it is possible that your personal data will be passed on to subprocessors (service providers, vicarious agents). These have been carefully selected by Jimdo and are contractually obligated in accordance with the legal provisions of Art. 28 GDPR to ensure the confidentiality of personal data, as well as to comply with Jimdo’s data protection standards. In particular, processors contracted by Jimdo are not permitted to use the personal data they process on Jimdo’s behalf commercially, for their own purposes.

In general, your data may be passed on to the following recipients:

Agencies & cooperation partners, credit agencies & collection service providers (for credit checks, dunning procedures), credit institutions, printing service providers, external legal representatives, auditors, corporate and tax consultants, internal departments, IT service providers, suppliers, market & opinion research companies, newsletter & mail service providers, postal & logistics service providers, telecommunications providers, insurance companies, administrative authorities & other government agencies. The legal basis for the data transfers are Art. 6 (1) (b) and/or Art. 6 (1) (f) GDPR. Transfers for the exercise of legitimate interests may only be made to the extent that this is necessary for Jimdo and does not override the interests or fundamental rights and freedoms of the data subject.

In the event of a corporate transaction, including a merger, investment, corporate reorganization, acquisition, joint venture, assignment, transfer, sale or disposition of all or any portion of our business (including in connection with any bankruptcy or similar proceedings), and for the purpose of due diligence connected with any such transaction or transition of service to another provider, Jimdo may sell and/or transfer any and all personal data to the relevant third party, as permitted by law and/or contracts.

Data Transfers to Third Countries

Jimdo ensures that your data is processed in the EU or in the European Economic Area. Should this no longer be possible and data needs to be transferred to a third country, Jimdo will ensure, after prior review, that an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the EU Commission is adhered to in the country the data is transferred to. In these cases, the data is transferred on the basis of an Adequacy Decision of the European Commission or the Standard Contractual Clauses for the transmission of personal data to third countries in its current valid version. Data transmission to a third country may also take place on the basis of your consent. You will be provided with details of this separately, where applicable.

Storage and Retention

Personal data will generally only be processed as long as it is necessary for the respective purpose, unless you have given Jimdo consent or Jimdo has a legitimate interest in further processing. In these cases, Jimdo will process this data until you revoke your consent or until you object to Jimdos’ legitimate interests based on your particular situation.

We delete your personal data as soon as the purpose of the processing is fulfilled or the storage is otherwise no longer legally permissible. Due to the volume of data, this check for deletion is carried out with regard to specific types of data or purposes of a processing. However, it is possible that your personal data will be stored until legal claims against Jimdo can no longer be asserted (statutory limitation period between 3 and 30 years).

In addition, we store your personal data to the extent that we are required to do so by law. Insofar as we receive and process your personal data for the purposes of implementing, initiating, and processing your contract with Jimdo, we store it until the purpose of storage has been achieved (in particular achieved in the event of the contract being terminated), or insofar as this is required within the statutory retention periods in accordance with section 257 of the German Commercial Code (HGB) and section 147 of the German Tax Code (AO).

Data Subject Rights

You have the right to obtain information about the personal data stored about you by Jimdo (data categories, processing purposes, recipients of the data if applicable, planned storage period), Art. 15 GDPR; You have the right to correction or completion of incorrect or incomplete data stored on you in accordance with Art. 16 GDPR; Furthermore, you have the right to erasure of personal data (in certain cases), Art. 17 GDPR; As well as, restriction of processing (under certain conditions), Art. 18 GDPR; Data portability (under certain conditions), Art. 20 GDPR, and the right to object to the processing of personal data concerning you on the basis of a balance of interests, Art. 21 GDPR, and Revocation of consent to the processing of personal data concerning you with effect for the future, Art. 7(3) GDPR, subject to any other conflicting legal requirements as prescribed in the GDPR.

If you exercise your right to erasure, objection or revocation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

In the case of a request for information or correction that is not made in writing, we ask for your understanding that Jimdo will then require proof of your identity. This serves in particular to protect your data from unauthorized access by third parties.

To exercise these rights, you can contact us at any time - e.g., via one of the contact channels indicated under “Contact Information” above. In addition, you are entitled under Article 77 GDPR to lodge a complaint with a competent supervisory authority for data protection, if you believe that we have processed your data in a way that violates the GDPR.

Updates

It may be necessary to update this Privacy Policy from time to time due to technical developments and/or changes to the law. The current valid version of this Privacy Policy can be accessed at any time via this webpage.