Privacy Policy and Data Processing

Introduction

Komorebi GmbH, a company based in Germany, registered in the Commercial Register B of the Local Court of Bonn, registration number HRB 28210, that manages the business provided by the website www.aidaform.com and its services (collectively “AidaForm”, “we” and “us”), offers a privacy management solution and a web marketing compliance policy (collectively “Privacy Policy and Data Processing Agreement”). This policy describes the types of information we collect from you when you interact with our websites and software (collectively the “Services”) in any manner; and how the information is being used, stored, maintained, protected and disclosed. BY ACCESSING OR USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO BE BOUND BY THE TERMS OF THIS PRIVACY POLICY AND DATA PROCESSING AGREEMENT.

Definitions:

  1. “User” means the individual using this Application who, unless otherwise specified, coincides with the Data Subject.

  2. “Data” means all information provided by any User or obtained by the Services about a User.

  3. “Personal Data” means any information that directly or indirectly, or in connection with other information allows to identify a natural person.

  4. “Data Subject” means the natural person to whom the Personal Data refers.

  5. “Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Services.

  6. “Data Processor” means the natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller, as described in this Privacy Policy.

  7. “Form Creator” means the natural or legal person who uses AidaForm Services to create, share, and host web forms in order to gain responses with some information from Form Respondents.

  8. “Form Respondent” - is a person acting as a physical entity or on behalf of a company, who enters information in a form created and shared by a Form Creator.

AidaForm is used by both Form Creators and Form Respondents. AidaForm acts as a Data Processor and Data Controller towards Form Creators, and as a Data Processor towards Form Respondents.

Form Creators act as Data Controllers towards their Respondents, this means that Form Creators are fully responsible for the approaches and means they use while storing, sharing, transferring, and disclosing the information. We strictly advise Form Creators to provide their own Privacy Policy to their Respondents at the time of sharing created form to inform them about the above-stated procedures.

IF YOU CREATE FORMS:

  • Your form data is owned by you. Unless you made your forms publicly available via a direct link, AidaForm does not make the forms available to anyone.

  • AidaForm does not use the form responses you collect for purposes other than those determined by the Form Creator unless it’s required by applicable laws.

  • AidaForm holds your data securely.

  • Form data is stored on servers located on the Amazon servers in the United States and Germany.

IF YOU ANSWER FORMS:

Forms are managed by the Form Creator. Form Creators build thousands of forms every day using our services. AidaForm hosts the forms on its websites and collects the responses that you submit to the Form Creator. Please contact the Form Creator directly regarding any questions about the form and its contents. The Form Creator is usually the same person that invited you to complete the form. This individual, company, or organization may have its own privacy policy. Read the Form Creator’s Privacy Policy to learn how they store, safeguard, transfer, and disclose the information that you provide via the created web form.

AidaForm does not make your responses available to third parties (although the Form Creator might do so, so we advise that you contact this individual, company, or organization to learn more). AidaForm acts on behalf of the Form Creator who is in full control of your data.

If you think a form violates our Terms of Use or is used for an illegal activity, report the issue to support@aidaform.com.

Please, read our Privacy Policy to understand how we process your personal data and the Privacy for Form Respondents section to get information which is specific to you.

PRIVACY NOTICE FOR FORM CREATORS:

What information does AidaForm collect?

AidaForm gathers various types of information, including information that identifies or may identify you as an individual (“Personal Information” or “Personal Data” ) as explained in more detail below.

Information You Provide to Us:

From the Website: We may collect any Personal Information that you send or provide to us, for example, via online forms available on our website or through email communication. We will keep a record of our correspondence.

From the Services:

  • We receive and store information you provide when registering and setting a new account or a new user. The types of information we may collect include names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), as well as any other contact or other information you choose to provide us or upload to our systems in connection with the Services.

  • The data provided with your responses to surveys and questionnaires that we might ask you to complete for research and development purposes.

  • The data provided with the uploaded files for support purposes, etc.

Information We Automatically Collect:

When you use our Website we collect some information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website.

When you use the Services:

Usage information – we keep track of user activity in relation to the types of Services our customers use, the configuration of their computers, and performance metrics related to their use of the Services.

Log information – we log information about our customers and their collaborators when you use one of the Services including the Internet Protocol (“IP”) address.

Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers.

For further information, please read the section below headed “Cookies and other Tracking Technologies” and/or read our Cookie Notice.

How does AidaForm use the information?

We use the information we collect:

  • To improve our websites and to present content and Services in the most effective manner.

  • To set up accounts and to provide you with the services, content, information that you request from us.

  • To keep our services running flawlessly - to send you notices regarding the status of your account and/or subscription, including expiration and renewals.

  • Notify you about updates and new features of our Services.

  • Process and complete transactions, and send related information, including transaction confirmations and invoices.

  • Manage our customers’ use of the Services, respond to inquiries and comments and provide customer service and support.

  • To carry out other obligations under the agreement between AidaForm and you stated in our Terms of Use.

  • For trend monitoring, marketing, and advertising.

  • To investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities.

  • For any other purposes about which we notify customers and users.

The Usage Information we collect allows us to improve our Services and to deliver a more personalized experience. For these purposes we:

  • Estimate our audience size and usage patterns.

  • Store Data about your preferences, which enables customization of our Services according to your individual interests.

Cookies and Other Tracking Technologies

Cookies Policy. This notice is designed to help you understand what cookies are, how AidaForm uses them and the choices you have in regards to their use. By continuing to use our Services, you are agreeing to use of cookies in the manner described in this policy.

What are cookies?

Cookies are small text files that are created and stored in your browser or on the hard drive of your computer or another device when you visit our Services. This allows the Services to recognize you as a user either for the duration of your visit (using a ‘session cookie’) or for repeat visits ( a ‘persistent cookie’). Cookies do not contain the information like your home address, date of birth, or credit card details.

The cookies we use fall into four broad types:

Strictly Necessary Cookies

These cookies are essential for helping you to navigate our Services and use its features, such as accessing some secure areas, for example, your User Account. Without these cookies, the services you have asked for, such as setting up an account, a shopping baskets or billing cannot be provided. These cookies are necessary for the Services to function and cannot be switched off in our systems. You can set your browser to block or alert you about these cookies, but some parts of the Services may not work then.

Analytical/Performance Cookies

To keep our Services relevant and easy to use, we use Google Analytics to help us understand how our visitors use our Services. For example, these cookies allow us to count traffic sources, to help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is anonymous. If you do not allow these cookies, we will not know when you have visited our site.

If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on.

Functionality Cookies

These cookies allow us to remember setting a user has applied to our website (such as a user name, language or the region a user is in), choices a user has made (such as not to be asked again to fill in a questionnaire), as well as to detect if our Services has already been offered to provide enhanced, more personal features. The information these cookies collect is anonymized which means we cannot identify you personally. Disabling functionality cookies may lead to errors in the performance of the Service.

Targeted Marketing Cookies

We also use cookies to assist in targeted advertising. The cookies work by uniquely identifying your browser and device. Disabling the cookies does not mean that you will not see online advertisements, it just makes the advertisements less relevant to you and your interests. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

You may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves advertisements by viewing its Customer Ads Help Center.

For information on how to disable cookies, please consult the “Settings” section of your browser via the menu bar. Should you need any help, please contact us via email at support@aidaform.com.

AidaForm collects and process information about you only where we have legal bases for doing so under applicable laws. We collect and use your information only when:

  1. We need the information to provide you the Services, including operating the Services, providing customer support and personalized features and protection of the safety and security of the Services;

  2. It satisfies a legitimate interest (which is not overridden by your data protection interests), such as research and development, marketing and promotion of the Services and protection of our legal rights and interests;

  3. You give us consent to do so for a specific purpose; or

  4. We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to withdraw your decision at any time, but this cannot affect any processing that has already taken place. When we are using your information, because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

Place of Processing

The Data is processed at the AidaForm’s operating office in Germany and in any other places where the Third Parties involved in the processing are located. Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. Further details are provided in the Section entitled “Information Regarding Third Parties Involved in the Processing of Personal Data” below. Users in the European Union may be entitled to learn about the legal basis of Data transfers to a country outside the European Union and about the security measures that were taken by the AidaForm to safeguard their Data. To find out more, please submit an inquiry to us using the email support@aidaform.com.

How Can I Exercise My Data Subject Rights?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us and use our Services.

If you would like to review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can either do it from inside your account with AidaForm Services in the “My Account - Settings” section, or send your request at support@aidaform.com. Our privacy specialist will examine your request and respond to you as quickly as possible.

Please note that we may still use any aggregated and anonymous Personal Information that does not identify any individual and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Marketing Communications

You can opt out of receiving certain promotional or marketing communications from us at any time by using the unsubscribe link in the emails we send.

If you have an account for our Services, we will still send you non-promotional communications, like service-related emails.

California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to support@aidaform.com

How Does AidaForm Share and Disclose Information to Third Parties?

We do not rent or sell your Personal Information. We may share and disclose information (including Personal Data) about our customers in the following limited circumstances:

Consulters and Service Providers:

We may share your information with third-party vendors, consultants, and other service providers whom we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies, product feedback or help desk software providers, CRM service providers, email service providers, and others. You can find an updated detailed list of these parties as well as links to their privacy notices in the section Information Regarding Third Parties involved in the Processing of Personal Data.

Business Transfers:

We may choose to buy or sell assets and may share and/or transfer customer information in connection with the evaluation of and entering into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

Disclosures for National Security or Law Enforcement:

We may also be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Security

We undertake every possible step to keep our service secure.

We use appropriate technical, organizational, and administrative security measures, implement the latest encryption and security technologies to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or other devices and browser.

Retention Time

We generally retain your data for as long as you have an account with AidaForm Services, or to comply with our legal obligations, resolve disputes, or enforce our agreements. Data that is deleted from our servers may remain as residual copies on offsite backup media for up to approximately one month afterward.

International Data Transfers

Personal Information you submit through our Services will be primarily processed by us in the USA and Germany and potentially in other countries, on our servers or on our hosted service providers’ cloud servers on our behalf. These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information in accordance with this Privacy Policy wherever it is processed.

Data Location

AidaForm servers are located in the Amazon Web Services (AWS) cloud-based architecture in Germany and the United States, so your personal information will be hosted and processed by AidaForm in Germany and the United States. Your personal information may also be processed in, transferred or disclosed to countries in which AidaForm’s subsidiaries and offices are located and in which our service providers are located or have servers.

AidaForm may use third-party services in the following cases: to host and backend infrastructure, handle payments, analytics, interaction with external social networks and platforms, monitor infrastructure, manage contacts, and send messages as well as manage support and contact requests. Below you will find a list of third parties involved in the processing of your Personal Information (Personal Data). We recommend that you also learn about their Privacy Policy.

Recently, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as model clauses. The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States (US). However, in the same ruling, the CJEU confirmed that companies can continue to use SCCs as a valid mechanism for transferring data outside of the EU.

Information Regarding Third Parties Involved in the Processing of Personal Data

Your Personal Information (Personal Data) is collected for the following purposes and using the following services:

Analytics

The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Inc.): Registration address: 1600 Amphitheatre Parkway Mountain View, CA 94043 United States.

  • Personal Data collected: Usage Data.
  • Place of processing: the United States of America – Privacy Policy.
  • Learn how AidaForm uses Cookies in the Cookies and Other Tracking Technologies section.

Handling payments

Payment processing services process all payments on behalf of our company by credit card, bank transfer, or other means. AidaForm does not collect, process, or store any information regarding your bank account, credit card, or any other sensitive data. AidaForm gets only the information necessary to provide you with relevant Services, such as your current tariff plan, whether or not your transaction has been successful, etc.

AidaForm has a reseller agreement with a 2checkout secure system to collect and process payments for AidaForm paid plans. AidaForm does not transfer any information to 2checkout. AidaForm gets some information from 2checkout that allows us to keep your AidaForm plan alive and to make changes for your current AidaForm plan.

Verifone Payments BV dba 2checkout: is a global payment processing company. Registration address: Singel 250, 4th floor, 1016AB Amsterdam, The Netherlands.

  • Personal Data collected: various types of Data as specified in the privacy policy of the service.
  • Place of processing: USA and Europe – Privacy Policy.

Amazon Web Services (AWS) (Amazon Web Services, Inc.): Amazon Web Services is a hosting and cloud service provider. Registration address: 410 Terry Avenue North, Seattle WA 98109, United States.

  • Personal Data collected: various types of Data as specified in the privacy policy of the service.

  • Place of processing: Germany and the USA. In an AidaForm account it is possible to specify where collected response data will be stored for every form. The setting is called ”Data Center.” The setting Data Center -> Germany stores your response data on servers that are located in Germany only.

  • The AWS Service Terms include the SCCs adopted by the European Commission (EC) in June 2021, and the AWS GDPR DPA confirms that the SCCs will apply automatically whenever an AWS customer uses AWS services to transfer customer data to countries outside of the European Economic Area that have not received an adequacy decision from the EC (third countries). As part of the AWS Service Terms, the new SCCs will apply automatically whenever a customer uses AWS services to transfer customer data to third countries. Customers can therefore be comfortable that any customer data they transfer to third countries using AWS services has the same high level of protection that customer data receives in the EEA. For more information, please see the blog post, New Standard Contractual Clauses now part of the AWS GDPR Data Processing Addendum for customers.

  • AWS is responsible for protecting the global infrastructure that runs all of the AWS services. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services, which provide powerful controls to customers, including security configuration controls, for the handling of customer content. AWS provides several compliance reports from third-party auditors who have verified its compliance with a variety of computer security standards and regulations (for more information, visit the AWS Compliance webpage. These reports show that AWS is protecting their customer data. Examples include AWS’ ISO 27001, 27017, and 27018 compliance. ISO 27018 contains security controls that focuses on protection of customer data.

Transfers outside the European Economic Area (EEA)

AWS customers can continue to use AWS services to transfer customer data from the EEA to non-EEA countries that have not received an adequacy decision from the European Commission (including the United States) in compliance with the GDPR. At AWS, the highest priority is securing customer data, and AWS implement rigorous technical and organizational measures to protect its confidentiality, integrity, and availability, regardless of which AWS Region the data is processed and stored.

To read more about GDPR compliance when using AWS services, please visit: https://aws.amazon.com/compliance/gdpr-center/

Managing support and contact requests

This type of service allows us to manage support and contact requests received via email or by other means, such as the contact form. The types of Personal Data we process depend on the information provided by you in the messages.

ServiceDesk Plus Cloud by Zoho Corporation B.V. : ServiceDesk Plus Cloud is a support and contact request management service provided by Zoho Group. Registration address: Beneluxlaan 4B, 3527 HT UTRECHT, The Netherlands.

  • Personal Data collected: information provided by you in the messages.
  • Place of processing: European Union – Privacy Policy.

Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with our users. These services may also collect data concerning the date and time when the message was viewed by users, as well as when users interacted with it, such as by clicking on links included in the message.

MailChimp by Intuit Inc. MailChimp is an email address management and message sending service provider. Registration address: 2700 Coast Avenue Mountain View, CA 94043 United States.

  • Personal Data collected: Name, Email address
  • Place of processing: the United States of America – Privacy Policy, Data processing addendum
  • SCCs: Mailchimp agrees to abide by and process EU Data in compliance with the SCCs in the form set out in Annex C

Amazon Simple Email Service (Amazon SES) (Amazon Web Services, Inc.): Amazon SES is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. Registration address: 410 Terry Avenue North, Seattle WA 98109, United States.

  • Personal Data collected: email address, first name, and last name.
  • Place of processing: Ireland and the United States of America – Privacy Policy.
  • The AWS Service Terms include the SCCs adopted by the European Commission (EC) in June 2021, and the AWS GDPR DPA confirms that the SCCs will apply automatically whenever an AWS customer uses AWS services to transfer customer data to countries outside of the European Economic Area that have not received an adequacy decision from the EC (third countries). As part of the AWS Service Terms, the new SCCs will apply automatically whenever a customer uses AWS services to transfer customer data to third countries. Customers can therefore be comfortable that any customer data they transfer to third countries using AWS services has the same high level of protection that customer data receives in the EEA. For more information, please see the blog post, New Standard Contractual Clauses now part of the AWS GDPR Data Processing Addendum for customers.

To read more about GDPR compliance when using AWS services, please visit: https://aws.amazon.com/compliance/gdpr-center/

AidaForm Services provide opportunities for integration of your User account with many third-party services, available either from inside the User account or by means of connection via Zapier services. AidaForm is not responsible for Privacy Policies carried out by the third parties and you use, integrate and transfer any information to these services at your own discretion.

Age Policy

We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under the age of 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us with Personal Information, please contact us at support@aidaform.com.

Linked Websites

Hyperlinks that link to other websites may be posted on the Websites. This is made for your convenience and for reference purposes only. We are not responsible for and this Privacy Policy does not apply to the privacy practices of any linked sites. Please, read the privacy notice of each linked website that you visit to get an understanding of how they collect, process, use, store, protect, and disclose the data about you.

PRIVACY FOR FORM RESPONDENTS:

What Information Does AidaForm Collect?

When you respond to forms hosted on AidaForm, we act on behalf of Form Creators and according to the purposes determined by Form Created. AidaForm collects information relating to you and your use of our services from a variety of sources. These are listed below.

Information AidaForm collects directly from you.

Form responses. AidaForm collects and stores the form responses that you submit. The Form Creator controls and manages these Data, including your Personal Data, and is responsible for the Data. If you have any questions about a form you are going to complete, please contact the Form Creator directly, as AidaForm is not responsible for the content of the form. The Form Creator is usually the same person that invited you to complete the form and they may have their own privacy policy.

Information AidaForm collects about you from other sources.

  • Usage data. When you interact with our Services, AidaForm collects usage data. This may include the web pages you visit, your navigation path, and so on. Additionally, in compliance with a usual practice for websites today, AidaForm web servers keep log files that record data each time a device accesses those servers. The log files contain data, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps. This data is not linked to your form responses.

  • Device data. AidaForm collects data from the device and application you use to access our services, such as your IP address, operating system version, device type, system and performance information, and browser type. Your IP address will be linked to your form responses only when the Form Creator has enabled IP address collection for the form you respond to.

  • Referral data. AidaForm gets information about the source that referred you to a form (e.g. a link on a website or in an email).

Providing form responses is voluntary.

You can always choose not to answer any given form question (especially those requesting your personal information or data). However, sometimes this will prevent you from completing a form if the Form Creator identified that question as requiring an answer.

How Does AidaForm Use the Collected Information?

Your form responses are owned and managed by the Form Creator. Please contact the Form Creator directly to understand how the individual, company, or organization uses your form responses. AidaForm does not sell, rent or make available form responses to third parties without the Form Creator’s prior instructions. AidaForm does not use any contact details collected in our Uses’ forms to contact form respondents.

AidaForm uses the information collected from you, including usage data, device data, referral data, and information from page tags to manage and enhance our services, for research purposes, and for other purposes described in this Privacy Policy.

With Whom Does AidaForm Share or Disclose Your Information?

AidaForm does not sell or make available your form responses. AidaForm shares your form responses with third parties only as described in this Privacy Policy.

AidaForm discloses your form responses to Form Creators.

AidaForm hosts forms created by Form Creators. Any information you expressly provide to the Form Creator when filling out forms will be provided to them. Please contact Form Creator directly to understand how they might share your form responses. Please review this Privacy Policy to understand what AidaForms tells Form Creators about how it handles form responses, and to whom it may disclose form responses.

What are Your Rights to Your Information?

Contact the Form Creator to access and correct your responses and personal data. AidaForm provides Form Creators with tools to maintain the responses they collect through their forms. You may request access to and correction of the personal information we hold about you by contacting us at support@aidaform.com, however in the cases when the Form Creator additionally stores and uses your Data with other services, AidaForm cannot guarantee that your personal information will be updated within those services. AidaForm will respond to your request for correction within a reasonable time and, where reasonable and practicable to do so, AidaForm will provide access to your personal information in the manner requested by you.

Changes to the Privacy Policy

We’re constantly improving our websites and Services, so there may appear a need to change this Privacy Policy as well. We will alert you about substantial changes by, for example, placing a notice on our website or within our Services account, and/or by sending you an email (if you have registered your email details with us) when we are required to do so by an applicable law. You are responsible for regularly reviewing this Privacy Policy. If, after being informed of these changes, you do not cancel your subscription and continue to use AidaForm Services beyond the advance-notice period, you will be considered as having expressly consented to the changes in the Privacy Policy. If you disagree with the terms of any updated privacy policy, you cannot continue using our Service and you will need to terminate your account at AidaForm.

Contact Us

Personal Information (Personal Data) Controller Details:

Alexander Grigorev

Address: Im Uckerfeld 14, Bonn, 53127, Germany

If you have any questions or concerns regarding our privacy policy, please send a detailed message to support@aidaform.com or by post to the address listed above.

Last Updated: Oct 17, 2023