Data protection information

netzwerk P GmbH

Forststr. 7

70174 Stuttgart

Germany

E-mail address info@netzwerk-p.com

Phone +49 711 61 55 44 0

‍

We, netzwerk P GmbH, take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws. The following statement gives you an overview of how we ensure this protection and what kind of data is collected for what purpose.

‍

‍

You can reach our data protection officer at: datenschutz@netzwerk-p.com

You have the following data subject rights according to the GDPR both as a user of this website and as a customer in the context of our operational activities with the processing of personal data: 

‍

• The right of access by the data subject in accordance with Article 15 GDPR,
• The right to rectification in accordance with Article 16 GDPR,
• The right to erasure in accordance with Article 17 GDPR,
• The right to restriction of processing in accordance with Article 18 GDPR,
• The right to data portability in accordance with Article 20 GDPR,
• The right to object in accordance with Article 21 GDPR,

1. the right to withdraw consent granted pursuant to Art. 7 (3) GDPR.

‍

You have the right to withdraw your consent at any time with effect for the future without affecting the lawfulness of processing based on consent before its withdrawal,

‍

• The right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.

The legal bases for the processing of personal data are exceptional circumstances that permit the processing of personal data. The main legal bases are set out in particular in Art. 6 GDPR. The legal bases according to which we process personal data are described in the individual processing operations in this privacy policy.

‍

Consent given (Art. 6 para. 1 lit. a GDPR)

Consent is one of these legal bases and requires that the person giving consent does so in an informed manner and on a voluntary basis. Consent on the basis of Art. 6 para. 1 lit. a GDPR can be revoked at any time without giving reasons.

‍

Contract-related data processing (Art. 6 para. 1 lit. b GDPR)

The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 para. 1 lit. b GDPR.

‍

Legal obligation (Art. 6 para. 1 lit. c GDPR)

The exceptional case of data processing due to a legal obligation can be found in Art. 6 para. 1 lit. c GDPR, for example, we are obliged to comply with certain retention periods under commercial and tax law.

‍

Legitimate interests (Art. 6 para. 1 lit. f GDPR)

The processing of personal data on the basis of a balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR allows the processing after careful consideration of financial or legal interests against the legitimate interests of the data subject.

5.1 Consent given (Art. 6 para. 1 lit. a GDPR)

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

‍

We use the following hoster:

Webflow, Inc.
398 11th Street
2nd Floor
San Francisco
CA 94103, USA

‍

Consent is one of these legal bases and requires that the person giving consent does so in an informed manner and on a voluntary basis. Consent on the basis of Art. 6 para. 1 lit. a GDPR can be revoked at any time without giving reasons.

‍

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

‍

Legitimate interests (Art. 6 para. 1 lit. f GDPR)

The processing of personal data on the basis of a balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR allows the processing after careful consideration of financial or legal interests against the legitimate interests of the data subject.

‍

‍

5.2 Processing server log files

Our web server automatically logs all access and therefore also the IP addresses of visitors. This serves to defend against attacks, analyze access figures and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually also records other metadata about the session; you can find this data below.

‍

• Date and time of retrieval
• Information about the browser type and version used Browser
• Details of the operating system used
• Device (client)
• Referrer URL (via which page you landed on our site)
• Called hyperlinks

‍

We only process this data for the above-mentioned purposes. We delete server log files after 15 days at the latest.

‍

‍

5.3 Use of cookies

‍

What are cookies?

Cookies are small text files that are automatically stored in your browser or device. Cookies can have various functions and contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are stored on your device and transmitted from it to our website. As a user, you have full control over the use of cookies. You can specify whether and which cookies you allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies for you. This gives you control over which cookies you want to allow. However, if you do not want to allow cookies, the functionality of websites may be restricted.

Cookies are divided into non-persistent and persistent cookies. A distinction is also made between first party cookies (which come directly from our web server) and third party cookies (which are set by you via third party providers).

‍

‍

5.4 Cookie types by duration

‍

Session cookies

Session cookies are deleted at the latest when you leave our website and close your browser.

‍

Persistent cookies

These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different lifetimes, from one day to several years. These cookies can fulfill various functions, for example, your login data can be stored so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking and marketing purposes.

‍

‍

5.5 Cookie types by origin

We use both first-party cookies and third-party cookies. First-party cookies are cookies that originate directly from us. Third-party cookies are cookies that are placed by a third-party provider.

‍

‍

5.6 Cookie types by function

‍

Technically required or necessary cookies
These cookies enable the operation of our website, without technically necessary cookies our site would not be usable or only to a very limited extent. For example, such cookies are used when you log in to our website. Some necessary cookies are also used for security purposes.

Analysis and statistics cookies
Analysis cookies collect information about the behavior of site visitors, provide information about the time spent on the site and what information was accessed. Information is also collected about which website visitors come from, how many visitors the websites have and how long the user stays on the websites. The aim of these cookies is to optimize our website based on the information collected.

Tracking and marketing cookies
Tracking and marketing cookies (also remarketing and retargeting cookies) enable an analysis of browsing behavior, they store which content has been visited or which products the user has searched for (tracking in this sense means tracking). On the basis of these cookies, a user can also be identified across pages with the aim of placing advertisements tailored to their interests.

Functional cookies
These are cookies that are used to integrate additional functions into our website. These can be map or video services, for example.

‍

‍

5.7 Legal basis for the use of cookies

If we use technically necessary cookies, this is done in the interest of a functional and stable website (Art. 6 para. 1 lit. f GDPR), we only use other cookies with your consent (Art. 6 para. 1 lit. a GDPR in conjunction with §25 para. 1 TDDDG).

‍

‍

5.8 Cookie Consent Management

Our website uses CookieFirst to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document them in accordance with data protection regulations. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, The Netherlands (hereinafter "CookieFirst").

When you visit our website, a connection is established to the CookieFirst servers to obtain your consent and other declarations regarding the use of cookies. CookieFirst then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The IP address (anonymized), the user agent of the browser and operating system as well as the URL from which the consent was given are processed and integrated into CookieFirst. The data collected in this way is stored until you ask us to delete it, delete the CookieFirst cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

CookieFirst transmits personal data to third-party providers. These include CDN from Slovenia, IP geolocalization from Romania and hosting at OHV in Germany and France. CookieFirst is based in Amsterdam, the Netherlands.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR, our legitimate interest lies in the use of user-friendly cookie consent management to fulfill the legal obligations when using cookies.

Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

‍

‍

5.9 Direct marketing

‍

Direct marketing to existing customers in the legitimate interest
We reserve the right to use the data collected in the context of a purchase contract or service contract for direct advertising by email or post in accordance with Section 7 (3) UWG if the customer does not object or has not objected to this use. Direct advertising only includes offers for similar products or services to those already purchased from us by the user. We use your data for up to five years after the last purchase for direct marketing purposes in our legitimate interest.

We have a legitimate, economic interest (Art. 6 para. 1 lit. f GDPR) in informing our customers about new products and improving our services. Of course, you can object to receiving direct advertising at any time. Please address your objection to the controller named above.

Email communication via CleverReach
To send emails as part of our business communication (e.g. information about our services, offers or events), we use the services of CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany.

CleverReach enables us to efficiently plan, implement and evaluate email campaigns. Your contact details (e.g. name, email address) are stored on CleverReach servers in Germany or the EU. Your data will not be passed on to third parties.
The processing is based on our legitimate interest in the professional and secure processing of email communication in accordance with Art. 6 para. 1 lit. f GDPR. If the communication is based on a contractual relationship or serves to initiate a contract, Art. 6 para. 1 lit. b GDPR is the legal basis.

You can find more details in CleverReach's privacy policy at: https:de

Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

‍

‍

5.10. Request for whitepapers/print data

When you request whitepapers, the following information is stored - assuming you have given your consent:

‍

• E-mail address
• First name and surname
• Company
• Date and time of the request

‍

The personal data provided will be used by netzwerk P GmbH to send whitepapers and to contact you by email. The user is aware that the personal data provided by him or her thus represents the contractual consideration which is provided for the free provision of the whitepaper. It is possible to revoke the use of personal data for the future at any time by sending an email to datenschutz@netzwerk-p.com.

The basis for data processing is Art. 6 para. 1 lit. a, b GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or, in the case of statutory retention periods, as soon as these have expired.

‍

‍

5.11. Integration of third-party content and plugins

‍

Use of YouTube
We integrate videos from YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube can store various cookies on your device or use comparable technologies to recognize you (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. Furthermore, the data collected is processed in the Google advertising network.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time by accessing the cookie settings again and adjusting your preferences.

Further information on the handling of user data can be found in YouTube's privacy policy at: https:de

Google Maps
We use the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is based on your consent on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time by calling up the cookie settings again and adjusting your preferences.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/
and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.



You can find more information on the handling of user data in Google's privacy policy: https:de

‍

• E-mail address
• First name and surname
• Company
• Date and time of the request

‍

The personal data provided will be used by netzwerk P GmbH to send whitepapers and to contact you by email. The user is aware that the personal data provided by him or her thus represents the contractual consideration which is provided for the free provision of the whitepaper. It is possible to revoke the use of personal data for the future at any time by sending an email to datenschutz@netzwerk-p.com.

The basis for data processing is Art. 6 para. 1 lit. a, b GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or, in the case of statutory retention periods, as soon as these have expired.

‍

‍

5.12. Analysis and marketing tools

‍

5.12.1 Google Tag Manager

‍

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a solution with which we can manage so-called "website tags" via a user interface. The Tag Manager itself (which implements the tags) does not process any personal user data. The service merely triggers other tags, which in turn may collect data. However, this data is not stored or processed by the Google Tag Manager itself.

Note:
If a deactivation has been made at domain or cookie level (e.g. through opt-out or cookie settings), this remains in place for all tracking tags implemented with Google Tag Manager.

Legal basis:
The use of Google Tag Manager is based on
Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the simple and efficient integration and management of tracking tags.

If the integration of tracking tags requires your consent (e.g. for Google Analytics or marketing tags), this will only take place after your express consent via our cookie banner.

‍

5.12.2 Google Analytics

‍

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyze the behavior of visitors to our website and thereby improve our offerings.

Google Analytics uses cookies or similar tracking technologies for this purpose, which enable your use of the website to be analyzed.

The data collected may be

• IP address (shortened/anonymized)
• Visited pages
• Dwell time
• Click paths
• Technical information (e.g. browser, operating system, end device)

‍

We use Google Analytics with activated IP anonymization. This means that your IP address is shortened by Google within the EU or the European Economic Area before it is processed further.

Purpose of data processing:
Analysis of user behaviour to optimize our website and our offer.

Legal basis:
The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. § 25 para. 1 TDDDG. You can revoke your consent at any time via our cookie banner.

Google Ireland Limited is a subsidiary of the Google Group with headquarters in the USA. A transfer of data to the USA cannot be ruled out. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://privacy.google.com/businesses/gdprcontrollerterms/
and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Storage period:
We have limited the data storage period for user and event data to 14 months. This storage period is automatically reset after each new activity on our website (so-called "rolling retention"). This means that your data will be deleted or anonymized no later than 14 months after your last interaction with our website.

‍

5.12.3 Google Ads

‍

We use Google Ads on our website, an online advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

‍

With Google Ads, we can place advertisements in Google search and in the Google advertising network and analyze visitor actions on our website (so-called conversion tracking).

‍

If you access our website via a Google ad, Google Ads will store a cookie on your device that enables an analysis of your user behavior.

‍

Collected data can be:

• Clicked ads
• IP address (shortened/anonymized)
• Visited pages
• Conversion actions (e.g. purchases, registrations)
• Browser and device information

‍

Purpose of processing:
Measurement of the success rate of our advertising campaigns (conversion tracking) and, if necessary, placement of personalized advertising (remarketing).

Legal basis:
The processing is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. You can revoke your consent at any time via our cookie banner or the cookie settings.

Google Ads Remarketing:
Our website also uses the Google Remarketing function to target website visitors on other websites (e.g. within the Google advertising network) with advertising based on their interests.

Pseudonymous user profiles are created for this purpose without us being able to directly identify you as a person.

Google Ireland Limited is a subsidiary of the Google Group with headquarters in the USA. A transfer of data to the USA cannot be ruled out. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ 

and 

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Speicherdauer:
Die Daten werden in der Regel 30 Tage nach Erhebung automatisch gelöscht.

‍

5.12.4 Hotjar

‍

We use Hotjar on our website, a web analysis tool from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta.

Hotjar helps us to better understand the behavior of our website visitors (e.g. user interactions, clicks, scrolling behavior). This enables us to improve the user experience.

What data does Hotjar process?

• IP address (in anonymized form)
• Screen size
• Device type (Unique Device Identifiers)
• Browser information
• Geographical location (country only)
• Preferred language settings

‍

Hotjar does not record any keystrokes or personal data (such as names, emails, etc.).

Purpose of use:
Analysis of user behavior to optimize the website and improve user-friendliness.

Legal basis:
The processing takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG, which you can give via our cookie banner. You can revoke your consent at any time.

Storage period:
The data collected by Hotjar is automatically deleted after 365 days.

‍

5.12.5 LinkedIn Insight Tag

‍

Our website uses the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag allows us to track the behavior of visitors to our website who have come to our website through a LinkedIn ad. This allows us to analyze the effectiveness of our LinkedIn campaigns and place targeted advertising (retargeting) on LinkedIn.

Data collected may include:

• IP address (shortened/anonymized)
• Timestamp
• Browser and device information
• LinkedIn user ID (if the user is a LinkedIn member)
• URL of the page visited

‍

Intended use:

• Conversion tracking: measuring the performance of our LinkedIn ads
• Retargeting: Displaying targeted advertising to website visitors on LinkedIn

‍

Legal basis:
The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. § 25 para. 1 TDDDG, which you can give via our cookie banner. You can revoke this consent at any time.

Storage period:
The direct identification data of members is pseudonymized by LinkedIn within 7 days. The pseudonymized data will be deleted within 180 days.

LinkedIn Ireland Unlimited Company is a subsidiary of LinkedIn Inc. with headquarters in the USA. A transfer of data to the USA cannot be ruled out. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

‍

5.12.6 HubSpot

‍

On our website, we use services from HubSpot, a software provider from the USA with a branch in Europe:
HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

HubSpot is an integrated software solution that we use for marketing activities, sales processes and customer communication.

This includes, for example:

• Email marketing
• Social Media Publishing
• Reporting
• Landing pages and contact forms
• CRM system
• Newsletter subscriptions
• Newsletter dispatch
• Web analysis

‍

Collected data can be:

• Name
• E-mail address
• Company
• IP address
• Usage behavior on our website (e.g. pages visited, clicks)

‍

HubSpot uses cookies that enable website usage to be analyzed. The information collected (e.g. IP address, geographical location, browser type, duration of the visit and pages viewed) is analyzed by HubSpot to generate reports on the visit and the pages visited.
‍
Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. The storage of cookies can be prevented by a corresponding setting in the browser software or consent can be revoked at any time.

There is a possibility that HubSpot may transfer data to the USA. However, HubSpot is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

‍

Newsletter distribution with HubSpot

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No other data is collected, or only on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

HubSpot enables us to manage newsletter subscriptions, send them and analyze user behavior as part of our email marketing. Data processing takes place on servers within the EU. However, data transfer to the USA cannot be ruled out. HubSpot is certified under the EU-U.S. Data Privacy Framework and thus offers an adequate level of data protection in accordance with Art. 45 GDPR.

In particular, the following personal data is processed as part of sending the newsletter

• E-mail address
• If applicable, name and other information provided voluntarily
• Usage behavior (e.g. opening rates, clicks on links)

‍

The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future, e.g. via the unsubscribe link at the end of each newsletter email.

You can find further information on data processing by HubSpot at

https://legal.hubspot.com/de/privacy-policy

Verwendungszweck:
Die Datenverarbeitung erfolgt zum Zweck der Kundenkommunikation, Leadgenerierung, Kampagnenauswertung und zur Verbesserung unserer Services.

Rechtsgrundlage:
Die Verarbeitung erfolgt auf Grundlage deiner Einwilligung gemäß Art. 6 Abs. 1 lit. a DSGVO (z. B. bei Newsletter-Anmeldung) oder zur Vertragserfüllung gemäß Art. 6 Abs. 1 lit. b DSGVO, wenn du bereits Kunde bist.

Speicherdauer:
Personenbezogene Daten speichern wir so lange, wie es zur Erfüllung der jeweiligen Zwecke erforderlich ist oder bis du deine Einwilligung widerrufst.

Weitere Informationen:
Datenschutzerklärung von HubSpot:
https://legal.hubspot.com/privacy-policy

Die HubSpot Ireland Limited ist eine Tochtergesellschaft der HubSpot Inc. mit Hauptsitz in den USA. Eine Übertragung von Daten in die USA kann nicht ausgeschlossen werden. Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details findest du hier: https://legal.hubspot.com/dpa
 
Wir haben einen Vertrag über Auftragsverarbeitung (AVV) zur Nutzung des oben genannten Dienstes geschlossen. Hierbei handelt es sich um einen datenschutzrechtlich vorgeschriebenen Vertrag, der gewährleistet, dass dieser die personenbezogenen Daten unserer Websitebesucher nur nach unseren Weisungen und unter Einhaltung der DSGVO verarbeitet.

If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It is irrelevant to us whether you apply by post, by e-mail or, if available for the respective position, by online form. As a matter of principle, we only process the data that you have sent us yourself as part of the application process. The use of other sources may be considered after informing and consulting with you. For example, whether we may contact a former employer. The legal basis for the implementation of an application procedure is §26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR (initiation of an employment contract).

Deletion periods for applicant data
We delete applicant data a maximum of 4 months after completion of the application process (once a candidate has been selected and all applicants have been informed of the outcome). The purpose of the data processing is generally no longer given with the end of the selection process, but we have a legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interests in immediate deletion outweigh our interests, you have the opportunity to request us to do so. We will then review your request and provide you with feedback.

After the above-mentioned period has expired, your data will be deleted unless we have to defend ourselves in ongoing proceedings, for example due to a complaint under the General Equal Treatment Act. In this case, we will delete your data after the proceedings have been concluded, provided there are no statutory retention periods.

If we are allowed to store your data for a longer period of time on the basis of your consent, we will delete your data if you request us to do so and revoke your consent. We may also delete your data before you withdraw your consent if it is foreseeable that no vacancy will be available.

Inclusionin our applicant pool
If we are unable to offer you a position at the current time, we may ask you for your consent to continue storing your data. The purpose of this is to offer you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 para. 1 lit. a GDPR). Of course, you can withdraw your consent at any time with effect for the future. Insofar as you give us your consent to store your data for a longer period of time, this is done on the legal basis of Art. 6 para. 1 lit. a GDPR.

We use the software solution Microsoft Teams, a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, to conduct audio, video and online conferences and for internal and external collaboration.

Purpose of processing:
It is used to conduct online meetings, webinars, video conferences and team communication.

What data is processed?
When using Microsoft Teams, the following personal data may be processed

‍

• User data: Name, e-mail address, profile picture (if provided)

• Meeting metadata: Date, time, participants, meeting ID
• Content data: Chat messages, audio and video data, shared files or screen transmissions
• Telephony data: Telephone number (for dial-in by telephone)

‍

Note: Video or audio content is only processed if you activate your camera or microphone.

Legal basis:

• Art. 6 para. 1 lit. b GDPR: Contract fulfillment (e.g. for customer meetings)
• Art. 6 para. 1 lit. f GDPR: Legitimate interest in efficient and secure communication
• Art. 6 para. 1 lit. a GDPR: Consent, if recordings are made (separate consent required!)

‍

Recordings:
If online meetings are recorded, this will only be done with the prior express consent of the participants. You will be clearly informed of the recording in advance.

Recipient of the data:
The data is processed via Microsoft servers. Some of the processing may also take place in the USA. Further information:de

Storage period:
Personal data is deleted as soon as it is no longer required for the purpose of processing or you withdraw your consent (in the case of recordings).

Rights of data subjects:

• Right to information, correction, deletion
• Right to restriction of processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

We use the Jira ticket system, a service provided by Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia, to process support requests, internal task management processes and project management.

Purpose of processing:
Recording, managing and processing service requests, project tasks or support tickets as well as for internal communication and documentation.

What data is processed?

• Name
• E-mail address
• Company name (if available)
• Ticket and process content (texts, screenshots, attachments)
• Technical metadata (e.g. time of the request)

‍

Legal basis:

• Art. 6 para. 1 lit. b GDPR: Performance of a contract or implementation of pre-contractual measures (e.g. processing customer inquiries)
• Art. 6 para. 1 lit. f GDPR: Legitimate interest in effective ticket and project management    

‍

Data transfer to third countries:
Some of the data is processed on servers in Australia or the USA.
Atlassian has contractually undertaken to comply with an appropriate level of data protection in accordance with the EU Commission's standard contractual clauses.

Further information on data protection at Atlassian:
https://www.atlassian.com/legal/privacy-policy

Storage period:
Personal data in Jira is only stored for as long as is necessary to process your request or for as long as there are legal retention periods.

For the secure transmission of large files or confidential data, we use the Wyfiles service, operated by Wycomco GmbH, Josef-Henle-Str. 9, 89257 Illertissen, Germany.

Purpose of processing:
Provision of a secure platform for the exchange of files and data between us and our customers, partners or service providers.

What data is processed?

• Name of the sender
• E-mail address of the sender
• Recipient e-mail address
• Uploaded files (content data)
• Metadata for sending files (e.g. upload and download time, IP address)

‍

Legal basis:

• Art. 6 para. 1 lit. b GDPR: Fulfillment of a contract or implementation of pre-contractual measures (if the data transfer is part of a business relationship)
• Art. 6 para. 1 lit. f GDPR: Legitimate interest in secure, traceable and data protection-compliant file transfer

‍

Security measures:
Wyfiles offers end-to-end encryption, password-protected downloads and time-limited access options to ensure a high level of protection for the transmitted data.

Storage period:
The transferred files are automatically deleted after the defined storage period has expired (usually within a few days).

For document workflows, approval processes and collaborative review procedures, we use the Zyflow platform, operated by Zyflow Technologies Inc, 548 Market St, PMB 49222, San Francisco, California 94104-5401, USA.

Purpose of processing:
Zyflow is used to edit, approve, comment on and version documents in real time.
We use the service to facilitate internal workflows as well as customer approvals and feedback processes.

What data is processed?

• Comments and feedback content
• Name and e-mail address of the user
• IP address
• Usage behavior within the platform (e.g. document views, processing times)
• Uploaded documents (content data)

Legal basis:

• Art. 6 para. 1 lit. b GDPR: Fulfillment of a contract or implementation of pre-contractual measures
• Art. 6 para. 1 lit. f GDPR: Legitimate interest in efficient document sharing and internal collaboration

‍

Data transfer to third countries:
As Zyflow is operated by a provider based in the USA, personal data may be transferred to the USA.

Further information: https://www.zyflow.com/privacy-policy

Storage period:
Personal data is only stored for as long as it is necessary for the respective processing or until you request deletion.

Note:
Zyflow is used exclusively within the scope of the existing contractual or customer relationship or internal project processing.