Privacy Statement

TRIALTA, your data, and you

 

1. DESCRIPTION OF THE GROUPS OF DATA SUBJECTS

Data and/or categories of data are collected, processed, and used for the following groups for the fulfillment of the intended purpose.

CATEGORIES OF DATA SUBJECTS:

Customer data, in particular contact data such as telephone, fax, and e-mail details, contact history as well as other data necessary for the fulfillment of a contract

Prospect data, in particular, contact information and other data, identification data, and click paths

Employee data, employees include, in particular: employees, trainees, persons undergoing rehabilitation, persons who, because of their economic dependence, shall be considered employee-like persons, applicants, former employees, and interns. Contract data and performance data will be processed to the extent necessary for the decision about establishing an employment relationship or, after starting the employment relationship, for its implementation or termination.

Supplier data: suppliers/service providers/intermediaries/agents/agencies (in particular, contact data such as telephone, fax, and e-mail details, order history as well as other data necessary for the fulfillment of a contract).

Visitors and users of the website.

Hereinafter, we will also collectively refer to the data subjects as "Users".

TYPES OF DATA PROCESSED:

  • Inventory data (e.g., names, addresses).
  • Contact information (e.g., e-mail, telephone numbers).
  • Content data (e.g., text entries, photographs, videos).
  • Contract data (e.g., subject of the contract, term, customer category).
  • Usage data (e.g., websites visited, links clicked, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).
 

2. PROCESSING OF SPECIAL CATEGORIES OF DATA (ART. 9 (1) GDPR)

Generally, no special categories of data are being processed, except users transmit these for processing, e.g., enter them in online forms.

 

3. INTENDED PURPOSE OF DATA COLLECTION, PROCESSING, OR USE

TRIALTA offers inbound marketing services and provides prospects, clients, and partners with topical information from the field of inbound marketing. Insofar as personal data is collected on our websites (e.g., names or e-mail addresses), this is done voluntarily. We collect navigation information of website visitors for purposes of marketing and website optimization. These are data about your computer and your visit to our website, in particular, your IP address, referral source, duration of your visit, and pages you have opened.

Personal data is collected within the framework of the following tasks:

  • provision of the website, its contents, and functions.
  • personalized display of website content.
  • maintenance of the inventory data and usage data.
  • acquisition of new customers.
  • preparation and response to contact requests and communication with users.
  • other services for customers.
  • provision of contractual services, service, and customer care.
  • marketing, advertising, and market research.
  • safety precautions.

Last modified: 25 April 2018

 

4. RELEVANT LEGAL BASIS

In accordance with the provisions of Art. 13 GDPR, we provide information about the legal basis of our data processing. The following shall apply if the legal basis is not referred to in the Privacy Statement: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis of processing for the implementation of our services and the implementation of contractual measures as well as responding to requests is Art. 6 (1) lit. b GDPR, the legal basis of processing to comply with our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis of processing to protect our legitimate interests is Art. 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR shall serve as the legal basis.

 

5. MODIFICATIONS AND UPDATES TO THIS PRIVACY STATEMENT

We ask you to regularly catch up on the content of our Privacy Statement. We will modify the Privacy Statement as soon as changes to our data processing make this necessary. We will inform you as soon as the modifications make your cooperation (e.g., consent) necessary or any other individual notification is required.

 

6. SAFEGUARD

  • In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection adequate for the risk, taking into account the state of the art, implementation costs, and type, scope, circumstances, and purposes of processing as well as different probabilities of occurrence and seriousness of the risk for the rights and freedoms of natural persons; these measures include, in particular, ensuring confidentiality, integrity, and availability of data by controlling physical access to data, as well as access, input, disclosure, securing of availability, and separation relating to them. We have also set up procedures ensuring the observance of data subject rights, erasure of data, and response to threats to the data. In addition, we consider the protection of personal data already during the development and/or selection of hardware, software, and procedures according to the principle of data protection by means of technical design and data protection-friendly defaults (Art. 25 GDPR).
  • The safeguards include, in particular, the encrypted transfer of data between your browser and our server or the servers of our suppliers.
 

7. COOPERATION WITH PROCESSORS AND THIRD PARTIES

  • If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit these to them, or otherwise grant them access to data, this will only be done based on a legal permission (e.g., if transmission of data to third parties, e.g., to payment service providers, is required for the fulfillment of a contract according to Art. 6 (1) lit. b GDPR), you have given your consent, a legal obligation provides for this or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties with data processing based on a so-called "data processing agreement", this will be done based on Art. 28 GDPR.

 

8. TRANSFERS TO THIRD COUNTRIES

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of services by third parties or disclosure and/or transfer of data to third parties, this will only happen in order to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will process the data, or have them processed, in a third country only in the presence of the special requirements of Art. 44 et seq. GDPR. In other words, the processing is done in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

 

9. RIGHTS OF DATA SUBJECTS

  • According to Art. 15 GDPR, you have the right to request confirmation whether personal data are being processed and to request information about these data and to receive more information and a copy of these data.
  • According to Art. 16 GDPR, you have the right to request the completion of the personal data or rectification of inaccurate personal data.
  • According to Art. 17 GDPR, you have the right to request that respective data be erased immediately or, alternatively, in accordance with the provisions of Art. 18 GDPR, request a restriction of processing of the data.
  • In accordance with the provisions of Art. 20 GDPR, you have the right to request that you obtain the personal data which you have provided to us and their transmission to other controllers.

Moreover, according to Art. 77 GDPR, you have the right to file a complaint with the competent supervisory authority.

 

10. RIGHT OF REVOCATION

You have the right to revoke granted consents according to Art. 7 (3) GDPR with effect for the future.

 

11. RIGHT OF OBJECTION

According to Art. 21 GDPR, you can object to the future processing of personal data at any time. The objection can, in particular, be against processing for purposes of direct marketing.

 

12.Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

 

13. COOKIES AND THE RIGHT TO OBJECT TO DIRECT MARKETING

We use temporary and permanent cookies, i.e., small files stored on the devices of the users (for an explanation of the term and function, see the last section of this Privacy Statement). In part, cookies are used for security or are required for the operation of our website (e.g., for the presentation of the website) or to store the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which users will be informed further down in this Privacy Statement.

A general objection to the use of cookies used for online marketing can be declared for a variety of services, particularly in the case of tracking, at the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent the storage of cookies by disabling them in your browser settings. Please note that you may not be able to use the entire range of functions of this website in this case.

 

14. ERASURE OF DATA

  1. Data processed by us will be erased or their processing will be restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Statement, the data stored with us will be erased as soon as they are no longer required for their intended purpose and no statutory retention obligations oppose their erasure. If the data are not erased because they are required for other legally permitted purposes, their processing will be restricted. In other words, the data are made unavailable and cannot be used for other purposes. This applies, e.g., to data that must be maintained for commercial or tax reasons.

In accordance with statutory requirements, retention takes place in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (commercial books, inventories, opening balances, annual financial statements, business letters, receipts, etc.) as well as for 10 years in accordance with Section 147 (1) German Fiscal Code (books, records, situation reports, receipts, trade and business letters, documents important for taxation, etc.).

 

15. PROVISION OF CONTRACTUAL SERVICES

  1. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) in order to meet our contractual obligations and for the provision of services according to Art. 6 (1) lit. b GDPR. The entries in online forms marked as mandatory are required for the conclusion of the contract.
  2. Users can optionally create a user account where they can view their orders in particular. In the context of the registration, the necessary mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have canceled their user account, their data with regard to the user account will be deleted unless their storage is required for commercial or tax reasons according to Art. 6 (1) lit. c GDPR. It is the responsibility of the users to secure their data before the end of the contract in the event of a cancellation. We are entitled to irretrievably delete all the user data stored during the term of the contract.
  3. In the context of the registration and re-registration as well as using our online services, we will store the IP address and the time of the respective user action. The storage takes place based on our and the users’ legitimate interests in protection against misuse and other unauthorized use. Any transfer of this data to third parties does not generally take place, except this is required to pursue our claims or there is a legal obligation in this regard according to Art. 6 (1) lit. c GDPR.
  4. We process usage data (e.g., the visited pages of our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to display the user, e.g., product information based on services previously used.
  5. The deletion will be carried out after the expiration of statutory warranty and similar obligations, the necessity of the retention of the data is reviewed every three years; in the case of legal archiving obligations, deletion will take place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); information in the customer account remains up to its deletion.
 

16. CONTACT

  1. When contacting us (via contact form or e-mail), the user's information is processed to handle the contact request and its processing in accordance with Art. 6 (1) lit. b GDPR.
  2. The information provided by the user may be stored in our customer relationship management system and marketing automation platform (“CRM & marketing system”) or similar inquiry management systems.
  3. We use the CRM, registration, and marketing automation system "HubSpot" by the provider HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin, Germany) based on our legitimate interests (efficient and quick processing of user requests and applications, and optimization of our website). For this purpose, we have concluded a contract with HubSpot with so-called standard contractual clauses, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. Learn more about HubSpot’s privacy statement here: https://legal.hubspot.com/de/dpa and https://legal.hubspot.com/de/privacy-policy
  4. Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information as well as other demographic information. This information is stored on servers of our software partner HubSpot. It can be used by us to get in contact with visitors to our website and to learn which services of our company are of interest to them. All information collected by us is subject to this Privacy Statement. We use all collected information exclusively to optimize our marketing processes.

We will delete the requests if they are no longer required. We will check the requirement every two years; inquiries by customers who have a customer account will be stored permanently. Regarding the deletion, we refer to the information on the customer account. In the case of the legal archiving obligations, the deletion will take place after their expiry (end of commercial law retention obligation (6 years) and tax law retention obligation (10 years)).

 

17. AIRCALL

We use the software "AirCall" (Aircall SAS, 11-15 rue Saint Georges, 75009 Paris) for the purpose of telephone communication. AirCall is a software-based telephone system which is used in conjunction with Hubspot.

The following categories of personal data are processed in this context: Metadata (call forwarding, time and date, phone number of the recipient and caller, duration, employee with whom you communicate); in addition, content data (recordings of telephone calls, voice messages). However, telephone calls are only recorded and stored if you have expressly consented to this. In addition, log files concerning communication (call) are processed for the purpose of technical security; these contain pseudonymised identifiers.

When contact is made by telephone, we process the above-mentioned categories of personal data in accordance with the provisions of the General Data Protection Regulation and the Federal Data Protection Act, insofar as this is necessary for the establishment, implementation and fulfilment of a contract as well as for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 (1) lit. b GDPR. If you give us express consent to process personal data for specific purposes (e.g. forwarding to third parties, evaluation for marketing purposes or advertising by e-mail), this processing is lawful on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. Likewise, the recording of conversations is based on your consent. Consent given can be revoked at any time with effect for the future (see section 10 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfilment of legal obligations in accordance with Art. 6 Para. 1 lit. c GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties (such as answering general telephone enquiries which do not correspond to the above-mentioned cases) as well as for the defence and assertion of legal claims in accordance with Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

We have concluded a data processing agreement with the service provider in which we oblige him to protect our customers' data and not to pass it on to third parties.

As a transfer of personal data to the USA may occur, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.

You can find more information on data protection at AirCall at https://aircall.io/privacy-faqs/ and at https://aircall.io/privacy/.

 

18. COMMENTS AND CONTRIBUTIONS

Users can write comments and posts only after prior registration. This requires consent to the storage and use of data as well as the acceptance of our Privacy Statement.

 

19. COLLECTION OF ACCESS DATA AND LOGFILES

  1. Based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR, we collect information about each access to the server on which this service is located (so-called server logfiles). Access data include the name of the accessed website, file, date and time of the access, data volume transferred, notification of successful access, browser type and version, operating system of the user, referrer URL (the website visited before), IP address, and the requesting provider.

For security reasons (e.g., to solve cases of abuse or fraud), logfile information will be stored for the duration of a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes are excluded from deletion up to the final clarification of the respective incident.

 

20. ONLINE PRESENCES IN SOCIAL MEDIA

  1. We have online presences in social networks and platforms to communicate with the customers, prospects, and users active there and to be able to inform them there about our services. When you access the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
  2. Unless otherwise specified in our Privacy Statement, we will process the data of users if they communicate with us within social networks and platforms, e.g., make posts on our online presences or send us messages.
 

21. COOKIES & REACH MEASUREMENT

  1. Cookies are pieces of information that our web server or third-party web servers transmit to the web browser of the users and store there for later retrieval. Cookies can be small files or other types of information storage.
  2. We use "session cookies", which are stored only for the duration of the current visit to our online presence (e.g., in order to be able to even allow the use of our website). A session cookie stores a randomly generated unique identification number, a so-called session ID. A cookie also contains information about its origin and storage period. These cookies cannot store any other data. Session cookies will be deleted after you have finished using our website and, e.g., log out or close your browser.
  3. This Privacy Statement will inform users about the use of cookies in the context of pseudonymous reach measurement.
  4. If users do not want cookies to be stored on their computer, we ask them to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this website.

You can object to the use of cookies used for reach measurement and advertising purposes at the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website(http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

22. HUBSPOT

  1. We use HubSpot for marketing activities on our website. HubSpot is a software company from the USA with a branch HubSpot Ireland Limited in 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
  2. We use this integrated software solution for our own marketing, lead generation and customer service purposes. This includes email marketing which governs the sending of newsletters as well as automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms.
  3. HubSpot uses cookies, which are small text files that are stored locally in the cache of your web browser on your end device and allow us to analyse your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages viewed) on our behalf so that we can generate reports on the visit and the pages visited.
  4. Information collected by HubSpot and the content of our website is stored on servers of HubSpot's service providers. Insofar as you have given your consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO, the processing on this website is carried out for the purpose of website analysis.
  5. Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.
  6. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
  7. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies accordingly through your browser settings. You can object to the processing of your personal data at any time with future effect. 
 

23. FACEBOOK, CUSTOM AUDIENCES, AND FACEBOOK MARKETING SERVICES

  1. We use "Facebook Custom Audiences" on our website, a remarketing tool of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland (hereinafter referred to as "Facebook").
  2. Facebook Custom Audiences enables us to display interest-based advertisements, so-called "Facebook Ads", to visitors to our website as part of a visit to the social network Facebook or as part of a visit to other websites that also use Facebook Custom Audiences.
  3. By using "Facebook Custom Audiences" your web browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of Facebook Custom Audiences. To the best of our knowledge, Facebook receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will find out and store your IP address and, if necessary, other identifying features.
  4. We use Facebook Custom Audiences for marketing and optimization purposes, in particular to display ads that are relevant and interesting for you and thus improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (consent).
  5. We have concluded a Data Processing Agreement with our service provider Facebook in which we commit Facebook to protect our customers' data and not to pass it on to third parties.
  6. Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR . These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
  7. For more information about Facebook’s privacy practices, please visit the following Facebook website: https://www.facebook.com/about/privacy
  8. The deactivation of Facebook Custom Audiences is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#_.
  9. Please note that this setting is also deleted when you delete your cookies.
 

24. Facebook Pixel

  1. We use "Facebook Pixel" on our website, a service of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: "Facebook").
  2. Provided you have given us your consent in accordance with Art. 6 (1) lit. a GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting advertisements on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements.
  3. Facebook Pixel enables Facebook to display our ads on Facebook, so-called "Facebook Ads" only to those Facebook users who were visitors to our website, in particular those who showed interest in our online offer. In this case, Facebook Pixel also enables us to check whether a user was redirected to our website after clicking on our Facebook Ads. Among other things, Facebook Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into Facebook with your user account, the visit to our online offer will be noted in your user account. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, this data can be linked by Facebook with your user account there. If you have a user account on Facebook and are registered, Facebook can assign the visit to your user account.
  4. Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
  5. Further information on data protection from the third party provider can be found on the following Facebook website: https://www.facebook.com/about/privacy.
  6. Information on Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616
  7. You can make the relevant settings for which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads.
  8. We would like to point out that this setting is deleted when you delete your cookies. In addition, you can deactivate cookies that are used to measure reach and advertising purposes via the following websites: http://optout.networkadvertising.org/
    http://www.aboutads.info/choices
    http://www.youronlinechoices.com/uk/your-ad-choices/
  9. Please note that this setting is also deleted when you delete your cookies.
 

25. NEWSLETTER & E-MAIL MARKETING AUTOMATION

  1. The distribution of the newsletter and performance measurement are made based on the consent of the recipients according to Art. 6 (1) lit. a, (7) GDPR in conjunction with Section 7 (2) No. 3 UWG (Law Against Unfair Competition) and/or based on legal permission according to Section 7 (3) UWG.
  2. Logging of the registration procedure takes place based on our legitimate interests according to Art. 6 (1) lit. f GDPR and is intended to verify consent to the receipt of the newsletter.

Unsubscribe/revocation – You can unsubscribe from our newsletter at any time, i.e., revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and have unsubscribed, their personal data will be deleted.

 

26. Personio

  1. We use the Personio software (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, "Personio") to process applicant data as part of the online application process. This also includes an application form embedded in our website.
  2. If you apply to us by e-mail or via our application form, we process your personal data for the purpose of carrying out the application procedure and pre-contractual measures. This processing of your personal data is carried out on the basis of Section 26 (1) FDPA in conjunction with. Art. 88 GDPR. Your personal data will be deleted by us no later than 6 months after completion of the application process. 
  3. If you also give us permission to include you in our talent pool, your personal data will be processed on the basis of Art. 6 Para. 1 Sentence 1 lit. a GDPR. You have the right to revoke your consent at any time with effect for the future. If personal data is stored for the purpose of the talent pool, it will be deleted after one year.
  4. The data provided by you or collected from you will also be used by Personio in anonymised form for statistical purposes.
  5. Personio processes all categories of personal data that you provide in connection with the application process. In particular, this includes your name, e-mail address, telephone number, salary expectations and desired starting date as well as all documents provided by you for this purpose such as cover letters, CVs or certificates as well as photos.
  6. Furthermore, your personal data will be processed by Personio with regard to so-called server log files. This includes data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address as well as the timestamp of the access to the software, whereby the scope of this logging does not exceed that of other common websites. In the event of technical errors, data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the timestamp are also processed when the corresponding error message/specification occurs. 
  7. We have concluded an data processing agreement with the service provider, in which we oblige them to protect our customers' data and not to pass it on to third parties.
  8. As a transfer of personal data to the United States may take place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the United States to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the United States. 
  9. You can find more information on data protection at Personio at:
    https://personio.personio.de/data-privacy-statement
    https://www.personio.de/wp-content/uploads/2021/04/20201207_Personio_Auditierung_Produkt-Organisation_Zusammenfassung-VERTRAULICH.pdf.
 

27. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT

  1. Within our website, we use content or service offerings by third parties to integrate their content and services, e.g., videos (hereinafter uniformly referred to as "content"), based on our legitimate interests (i.e., interest in the analysis, optimization, and efficient operation of our website within the meaning of Art. 6 (1) lit. f GDPR). This always assumes that the third parties providing this content know the IP address of the users as otherwise they could not transmit the content to their browsers. The IP address is hence required for the presentation of that content. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers can also use so-called web beacons (invisible graphics, also known as web bugs) for statistical and marketing purposes. The web beacons allow information, e.g., visitor traffic on the pages of this website, to be evaluated. The pseudonymized information may also be stored in cookies on the device of the user and, among other things, may be associated with technical information about the browser and operating system used, referring websites, visit time and contain information about the use of our website as well as with such information from other sources.
  2. The following provides an overview of third-party providers and their content, along with links to their respective privacy statements, more information on data processing and, in some cases already mentioned here, means of objection (so-called opt-out):
    1. Videos of the platform "YouTube" by the third-party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Privacy statement: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
    2. The functions of the online service Instagram are integrated into our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can click on the Instagram button to link the content of our websites with your Instagram profile. This allows Instagram to associate your visit to our website with your account. We would like to point out that we as providers of the websites have no knowledge about the content of the transmitted data and their use by Instagram. Privacy statement: http://instagram.com/about/legal/privacy/.
    3. We use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network within our website. This service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When accessing one of our websites including LinkedIn functions, a connection with LinkedIn’s servers will be established. LinkedIn will be informed that you have visited our websites with your IP address. Using the LinkedIn Insight Tag, we can analyze in particular the success of our campaigns within LinkedIn or determine target groups for these based on user interaction with our website. If you are registered with LinkedIn, LinkedIn can associate your interaction with our website with your user account. When you click on the "Recommend" button while being logged in to your LinkedIn account, LinkedIn can associate your access to our website with you and your user account. Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.. Privacy statement: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
    4. Features of the Twitter service/platform (hereinafter referred to as "Twitter") may be integrated within our website. Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The features include the display of our Twitter posts within our website, the link to our profile on Twitter as well as the opportunity to interact with the posts and functions of Twitter, and also measure whether or not users are referred to our website from our advertisements with Twitter (so-called conversion measurement). Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.. Privacy statement: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.
    5. We use functions of the XING network, operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When accessing one of our websites including Xing functions, a connection with Xing’s servers will be established. As far as we know, Xing does not currently store any personal data. In particular, Xing does not store any IP addresses or analyze use behavior. Privacy statement: https://www.xing.com/app/share?op=data_protection.
    6. Web analysis and optimization using the Hotjar service by the third-party provider Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Using Hotjar, movements on the websites where Hotjar is being used can be traced (so-called heat maps). For example, it can be seen how far users scroll down and which buttons users click how often. In addition, technical data such as language, system, screen resolution, and browser type are collected. This may, at least temporarily during your visit to our website, lead to the creation of user profiles. In addition, using Hotjar also allows obtaining feedback directly from the users of the website. In this way, we gain valuable information in order to make our websites faster and more customer-friendly. Privacy statement: https://www.hotjar.com/privacy. Opt-out: https://www.hotjar.com/opt-out.

External code of the JavaScript framework "jQuery" provided by the third-party provider jQuery Foundation, https://jquery.org

 

28. DATA PROTECTION OFFICER

PROLIANCE GmbH

www.datenschutzexperte.de

Leopoldstr. 21

80802 München

datenschutzbeauftragter@datenschutzexperte.de

 

Do you have any questions regarding our privacy statement?

Write email now!