Mandatory Public Information pursuant to Art. 28 DA
Our services are subject to German law.
To prevent international governmental access to and transfer of non-personal data where such access or transfer would conflict with Union law or German law, we implement appropriate technical, organizational, and contractual measures. These include: primarily hosting data within the EU, encrypting data (e.g., during transmission), technical access restrictions such as identity and access management, password managers, single sign-on with 2FA, authorization management, monitoring and logging of access attempts, regular penetration testing, employee training, internal policies, and the review and contractual obligation of subcontractors.
Mandatory Information for Customers pursuant to Art. 25 and Art. 26 Data Act
- Upon request, in the event of a switch pursuant to Art. 25 DA, the customer may export the following categories of data and structures from the provider:
- HEART analytics data (e.g. survey results, engagement metrics)
- Content analytics data
- Guide texts and translations
- User list
- The provider transmits the data using the following switching and transfer methods, open interfaces, and in the following file formats:
- Download link via the Userlane Portal (CSV)
- API-based export (JSON)
- The following data categories of exportable data are excluded from the exportable data to be transmitted, as they are specific to the internal functioning of the provider’s software or involve the risk of infringement, endangerment, or disclosure of the provider’s or a third party’s trade secrets, intellectual property, or the security and integrity of the exportable data, the customer, a third party, or the provider:
- Internal system algorithms and proprietary AI models
- Raw user event data
