1. Privacy at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit our website or use our services. Personal data is any data that can be used to identify you personally.
For detailed information on data protection, please refer to the sections below of this Privacy Policy.
Data collection on this website
Data processing on this website is carried out by the website operator. You can find their contact details in the section “Controller”.
On the one hand, your data is collected when you provide it to us (e.g., via contact forms or during registration). Other data is collected automatically by our IT systems when you visit the website, or after your consent (e.g., technical data such as browser, operating system, or time of page access).
What do we use your data for?
Some of the data is collected to ensure the website and our services are provided without errors. Other data may be used—provided you have given your consent—to analyse user behaviour and for marketing and advertising purposes.
Storage period
Unless a more specific storage period is stated within this Privacy Policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place once these reasons no longer apply.
2. Controller
Within the meaning of Art. 4(7) GDPR, the controller responsible for data processing on this website is:
PollHero GmbH
Wiefelsteder Str. 13
26127 Oldenburg
Germany
Email: info [at] poll-hero.com
3. Hosting and infrastructure
The website and the underlying SaaS platform are operated on servers of Hetzner Online GmbH (Germany). Processing takes place exclusively on servers within the European Union.
In addition, we use services from IONOS SE (Germany) for platform operations, infrastructure, and content delivery. IONOS operates a Content Delivery Network (CDN) through which content can be delivered technically. In doing so, data may be transmitted via international network nodes. Processing is carried out on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR.
4. Cookies and consent management
Cookies
Our website uses cookies. Cookies are small text files that are stored on your device and can have various functions.
Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. All other cookies (e.g., for analytics or marketing) are set only after your explicit consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You can prevent the use of technically non-essential cookies in whole or in part. However, this website may then no longer be usable to its full extent.
CookieFirst: cookie consent tool
To manage consent for the use of cookies and external services, we use the CookieFirst tool from Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands (https://cookiefirst.com). Consent decisions are logged (e.g., consent ID, timestamp, possibly IP address) in order to be able to demonstrate compliance with legal requirements.
The legal bases for using the cookie consent tool are Art. 6(1)(c) GDPR (legal obligation pursuant to Section 25(1) TDDDG) and our legitimate interest in legally compliant consent management pursuant to Art. 6(1)(f) GDPR. Further information on data processing by CookieFirst can be found here: https://cookiefirst.com/legal/privacy-policy/.
5. Analytics tools
Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies about your use of this website (including page views, time spent on the site, devices used, and approximate location data) is generally transmitted to and stored on servers of Google LLC in the USA. Your IP address is processed in anonymised form. The storage period is 14 months.
Google Analytics is used only if you have previously given explicit consent pursuant to Art. 6(1)(a) GDPR. Google Consent Mode v2 is enabled. Google is certified under the EU-US Data Privacy Framework. Further information on data processing by Google Analytics can be found here: https://policies.google.com/privacy.
Plausible Analytics
In addition, we use Plausible Analytics from Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (https://plausible.io/) for privacy-friendly web analytics. Plausible works without cookies and without user tracking. No personal data is stored.
The legal basis for data processing is our legitimate interest in anonymised reach measurement pursuant to Art. 6(1)(f) GDPR. Further information on data protection at Plausible can be found here: https://plausible.io/privacy.
6. Tag management
We use Google Tag Manager from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). It is used solely to manage and deliver other services. Google Tag Manager itself does not set cookies and does not create user profiles. It is used only after appropriate consent, insofar as services requiring consent are loaded via Tag Manager.
7. Advertising and marketing
Google Ads incl. Customer Match
We use Google Ads, including conversion tracking, remarketing functions, and AdSense, from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
When you visit our website, Google and we can recognise that you clicked on one of our ads and were redirected to our site. The information obtained with the help of conversion cookies helps us create so-called conversion statistics in order to analyse the effectiveness of our Google advertising measures. Google provides us with the total number of users who clicked on our ad and were redirected to our site. We do not receive any information that could be used to identify you personally as a visitor to the site.
In addition, we use Google Ads Customer Match, in which hashed customer data (e.g., email addresses) is used for targeted outreach.
The processing of your personal data by the Google tools mentioned above is based on your explicit consent pursuant to Art. 6(1)(a) GDPR. Google is certified under the EU-US Data Privacy Framework. Further information on data processing by Google can be found here: https://policies.google.com/privacy.
Meta Pixel
We use the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). This enables us to create so-called Custom Audiences—i.e., to segment visitor groups of our online offering, determine conversion rates, and then optimise them. This happens in particular when you interact with ads that we have placed with Meta Platforms Ireland Ltd. Enhanced matching is used (email, first and last name), with the data being hashed before transmission.
The processing of your personal data is based on your explicit consent pursuant to Art. 6(1)(a) GDPR. Meta is certified under the EU-US Data Privacy Framework. Further information on data processing by Meta can be found here: https://www.meta.com/de/legal/privacy-policy/.
LinkedIn Insight Tag
We use the LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, USA (“LinkedIn”) to create audiences, segment visitor groups of our online offering, determine conversion rates, and then optimise them. This happens in particular when you interact with ads that we have placed with LinkedIn. LinkedIn also offers retargeting for website visitors in order to display targeted advertising outside our website.
The LinkedIn Insight Tag collects data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamp. This data is used to provide anonymised reports about the website audience and ad performance.
The processing of your personal data is based on your explicit consent pursuant to Art. 6(1)(a) GDPR. LinkedIn is certified under the EU-US Data Privacy Framework. Further information on data processing by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy.
8. Use of Tolt in affiliate marketing
In the area of affiliate marketing, we are a partner of the network of Tolt, Inc., 2093 Philadelphia Pike, #2726, Claymont, DE 19703, USA (www.tolt.com).
The processing of your personal data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Tolt is not certified under the EU-US Data Privacy Framework. Further information on data processing by Tolt can be found here: https://tolt.com/privacy-policy.
9. Contact forms and appointment booking
Contact forms
If you contact us by email or via a contact form, the information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions. This data will not be passed on to third parties without your consent.
Appointment booking (Cal.com)
For scheduling appointments, we use Cal.com from Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA (www.cal.com). The data you enter is processed to organise and carry out the appointment.
The processing of your personal data is based on Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (our legitimate interest in efficient appointment scheduling). Cal.com is not certified under the EU-US Data Privacy Framework. Further information on data processing by Cal.com can be found here: https://cal.com/de/privacy.
10. Newsletter and CRM
We use ActiveCampaign from ActiveCampaign LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA, to send newsletters. When you sign up for the newsletter via our double opt-in procedure, the data requested in the input form is transmitted to us. In addition, the IP address of the registrant’s computer as well as the date and time of registration are collected.
The data you provide is used to create and send your newsletters and to manage the newsletter subscription. In this context, we may also inform subscribers by email about circumstances that are relevant to the newsletter subscription or registration (e.g., changes to the newsletter offering or technical conditions).
In addition, we collect further personal data in connection with sending the newsletter:
- Date and time when the recipient received an email
- Indicator of whether a recipient opened an email
- Indicator of whether a recipient clicked on any link in the email
The legal basis for processing your data after subscribing to the newsletter is your consent pursuant to Art. 6(1)(a) GDPR and, in the case of advertising to existing customers, Section 7(3) UWG. You can withdraw your consent at any time with effect for the future or unsubscribe from the newsletter. Each newsletter contains a corresponding unsubscribe link.
ActiveCampaign is certified under the EU-US Data Privacy Framework. Further information on data processing by ActiveCampaign can be found here: https://www.activecampaign.com/legal/privacy-policy.
11. Shopify app
PollHero offers an app for Shopify. As part of using the app, we process data from Shopify merchants and their shop visitors, including order data. Processing is carried out in accordance with the Shopify Partner Program Agreement and Shopify’s applicable data protection provisions: https://www.shopify.com/de/legal/datenschutz.
12. Notice on data transfers to the USA
On our website, we use, among other things, tools from companies based in the USA or other third countries that may not provide an adequate level of data protection. If these tools are active, your personal data may be transferred to these third countries and processed there.
Most of our partners used on this website that are headquartered in the USA are certified under the currently valid data protection agreement “EU-US Data Privacy Framework” (DPF). According to the corresponding adequacy decision of the EU Commission, we may assume a level of data protection comparable to the GDPR for these partners. For US providers without DPF certification, we have, where possible, ensured that they apply the so-called “Standard Contractual Clauses” (SCC) defined by the EU pursuant to Art. 46(2)(c) GDPR for data processing.
If a US provider is neither certified under the DPF nor uses the Standard Contractual Clauses, we cannot guarantee that it provides a level of data protection comparable to that of the EU. Regardless of this, even for DPF-certified companies it cannot be ruled out that, upon request, they may disclose personal data stored on servers in the EU to US security authorities without you, as the data subject, being able to take legal action against this. We have no influence over these processing activities.
15. What rights do you have regarding your data?
You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time with effect for the future. In addition, under certain circumstances you have the right to request the restriction of the processing of your personal data.
In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
Phone: +49 (0511) 120 45 00
Email: poststelle@lfd.niedersachsen.de