Data security information

Information in accordance with Art. 13 GDPR

Halo­cli­ne coll­ects and pro­ces­ses various data in order to make the soft­ware pro­ducts offe­red available in the best pos­si­ble way and to pro­vi­de sup­port accordingly.

Halo­cli­ne pro­ces­ses this data in the fol­lo­wing situa­tions in particular

  • when the soft­ware is first activated
  • when using the software
  • for sup­port requests

Inso­far as the pro­ces­sed data is per­so­nal data, we have lis­ted the legal basis for the pro­ces­sing below. We have also named the ser­vice pro­vi­ders who sup­port us in offe­ring our pro­duct and also pro­cess data for this pur­po­se. We have con­cluded the neces­sa­ry data pro­tec­tion con­tracts with all ser­vice providers.

Categories of personal data

Technical Data:

Tech­ni­cal data is requi­red in order to ope­ra­te our soft­ware and so that we can veri­fy that the soft­ware is being used in accordance with our licen­se terms. The tech­ni­cal data also enables us to ope­ra­te the soft­ware securely.

Data

  • IP address (no dis­clo­sure to third-par­­ty providers)
  • Hard­ware ID/fingerprint of the computer
  • Com­pu­ter name
  • Ope­ra­ting sys­tem version
  • Time of the ser­ver communication
  • Com­pa­ny name
  • Start time
  • Licen­se type used
  • Instal­led ver­si­on of Halocline
Legal basis and inten­ded use

Contract performance Art. 6 (1) (b) GDPR

Legitimate interest Art. 6 (1) (f) GDPR

Service provider used (see below): Keygen LLC, Microsoft Ireland Operations, Ltd.

Usage data

Usa­ge data is coll­ec­ted to impro­ve our soft­ware based on the usa­ge beha­vi­or of the users and for bet­ter error ana­ly­sis of the software.

Data

  • IP address
  • Sen­ding time
  • Type of inter­ac­tion with the software
  • Cus­to­mer ID, Instal­la­ti­on ID, Licen­se ID, Ses­si­on ID, Appli­ca­ti­on identifier
  • Gene­ral infor­ma­ti­on about the ope­ra­ting sys­tem and hard­ware used, inclu­ding the type of gra­phics card and VR headset
Legal basis and inten­ded use

Legitimate interest Art. 6 (1) (f) GDPR

Service provider used (see below): Elastic International BV, Microsoft Ireland Operations, Ltd, Unity Technologies ApS

Legitimate interest:

  • Customer success optimization and support for license renewals
  • Product improvement across the license lifecycle (standard license term: 12 months)
  • Proactive support for decreasing usage activity
  • Feature adoption analysis and error diagnosis

Note on retention: Authentication data, including the last login timestamp, is stored in Microsoft Entra ID for the duration of the license relationship (Art. 6 para. 1 lit. b GDPR - contract fulfillment) and serves account and license management. This storage is separate from the 18-month analytics data retention in Elastic.

Data processing: Unity collects pseudonymized usage data for software stability and error analysis. The collected data does not contain direct identifiers such as names or email addresses.

Use of third-party tools for data collection and evaluation:

Unity Technologies ApS

Our software is based on the development environment and 3D engine Unity 3D. Therefore, our software contains components of the third-party software Unity 3D from Unity Technologies ApS, Niels Hemmingsens Gade 24, 1153 Copenhagen, Denmark (hereinafter referred to as "Unity").

Legal basis: The processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in ensuring software stability and error analysis).

Storage location: Data processing takes place on servers in the EU. Unity Technologies ApS is headquartered in Denmark (EU).

Unity's privacy policy can be found at the following link: https://unity3d.com/de/legal/privacy-policy.

Elastic International BV

Halocline uses Elastic Cloud as a managed service for usage analytics and application monitoring. The responsible service provider is Elastic International BV, Keizersgracht 281, 1016 ED Amsterdam, The Netherlands ("Elastic").

Purpose: Collection and analysis of usage data for software improvement, customer success, and license renewal optimization.

Data processing: Usage data sent by Halocline to Elastic is stored and processed on Azure infrastructure in Frankfurt, Germany (EU). Elastic acts as a data processor in accordance with Art. 28 GDPR and uses Microsoft Azure as a sub-processor.

Legal basis: The processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in product improvement and customer success).

Retention period: Usage data with user association is stored for 18 months. After 18 months, user identifiers are permanently deleted (anonymization). Anonymized data may be stored indefinitely.

Data protection: A Data Processing Agreement (DPA) has been concluded with Elastic. Data processing takes place exclusively within the EU.

Further information on Elastic's terms of use and data protection:
https://www.elastic.co/de/legal/product-privacy-statement
https://www.elastic.co/pdf/v063022.0-elastic-customer-dpa-ci-no-ci.pdf

Microsoft Ireland Operations, Ltd.

The data lis­ted under “Tech­ni­cal data” is pro­ces­sed via Micro­soft Azu­re. The data is pro­ces­sed exclu­si­ve­ly in the EU and dele­ted after the peri­ods lis­ted under “Sto­rage and dele­ti­on of data”. The pro­ces­sing is car­ri­ed out on the basis of con­tract ful­fill­ment and legi­ti­ma­te inte­rest to ensu­re the neces­sa­ry data secu­ri­ty in accordance with Art. 6 para. 1 sen­tence 1 lit. a GDPR. The con­tract for com­mis­sio­ned data pro­ces­sing (DPA) and the data pro­tec­tion pro­vi­si­ons can be found within Micro­sof­t’s Online Ser­vices Terms (OST) under the fol­lo­wing link:https://www.microsoft.com/de-de/licensing/product-licensing/products.aspx?rtc=1

Keygen LLC

The data requi­red for licen­se manage­ment, which is lis­ted under “Tech­ni­cal data”, is pro­ces­sed by the Key­gen ser­vice. This data is trans­fer­red to the USA for this pur­po­se. The appro­pria­te level of data pro­tec­tion is ensu­red by the con­clu­si­on of EU stan­dard con­trac­tu­al clau­ses. The pro­ces­sing is car­ri­ed out on the basis of the ful­fill­ment of the con­tract pur­su­ant to Art. 6 para. 1 sen­tence 1 lit. f GDPR and our legi­ti­ma­te inte­rest in ensu­ring the neces­sa­ry data security.

The data pro­tec­tion pro­vi­si­ons can be found here:https://keygen.sh/terms/

Storage and deletion of data

Authentication and contract data: Personal data processed for contract fulfillment (e.g., contact data, license data, authentication information) is retained for the duration of the contractual relationship and then deleted, insofar as this does not conflict with statutory retention obligations of 10 years under §257 HGB (German Commercial Code).

Usage analytics data: Usage data with user association is stored for 18 months (corresponding to the standard license term of 12 months plus renewal and reactivation windows). After this period expires, user identifiers are automatically and permanently deleted (anonymization). Anonymized usage data may be stored indefinitely as it no longer constitutes personal data.

Rights of data subjects (users whose personal data is stored in the software)

Data sub­jects have the right of access to per­so­nal data con­cer­ning them and the right to rec­ti­fi­ca­ti­on of inac­cu­ra­te data or era­su­re if one of the reasons spe­ci­fied in Art. 17 GDPR appli­es, e.g. if the data is no lon­ger requi­red for the pur­po­ses pur­sued. The­re is also the right to rest­ric­tion of pro­ces­sing if one of the con­di­ti­ons spe­ci­fied in Art. 18 GDPR appli­es and, in the cases of Art. 20 GDPR, the right to data por­ta­bi­li­ty. If data is coll­ec­ted on the basis of Art. 6 para. 1 sen­tence 1 lit. e (data pro­ces­sing for the per­for­mance of offi­ci­al tasks or for the pro­tec­tion of the public inte­rest) or lit. f (data pro­ces­sing for the pro­tec­tion of legi­ti­ma­te inte­rests), the data sub­ject has the right to object to the pro­ces­sing at any time for reasons ari­sing from their par­ti­cu­lar situa­ti­on. Halo­cli­ne will then no lon­ger coll­ect the per­so­nal data unless the­re are demons­tra­b­ly com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject or for the estab­lish­ment, exer­cise or defen­se of legal claims. Every data sub­ject also has the right to lodge a com­plaint with a super­vi­so­ry aut­ho­ri­ty if they belie­ve that the pro­ces­sing of their data vio­la­tes data pro­tec­tion regu­la­ti­ons. The right to lodge a com­plaint may be exer­cis­ed in par­ti­cu­lar with a super­vi­so­ry aut­ho­ri­ty in the Mem­ber Sta­te of the data sub­jec­t’s habi­tu­al resi­dence or place of the alle­ged infringement.

Changes to this privacy policy

We occa­sio­nal­ly make chan­ges to this pri­va­cy policy.

We will noti­fy you (via e‑mail to key users) of any signi­fi­cant chan­ges to this pri­va­cy policy.

Contact

Respon­si­ble party:

Halo­cli­ne GmbH & Co. KG, Net­ter Platz 3, 49090 Osnabrück

E‑Mail: datenschutz@halocline.io

Halo­cli­ne GmbH & Co. KG has appoin­ted the fol­lo­wing data pro­tec­tion officer:

Mr Oli­ver Stutz, daten­schutz nord GmbH,
Kon­­­sul-Smidt-Str. 88, 27217 Bremen
Pho­ne: +49 421 69 66 32 0
E‑Mail: office@datenschutz-nord.de

Data protection information for older product versions

2022.1.1 — 2023.3Pri­va­cy Product_ENG_07_2022

2023.4 — 2024.3Pri­va­cy product_ENG_01_2024