In order to comply with our obligations pursuant to Art. 13 DSGVO, you are informed by means of this data protection declaration about the type and scope as well as the purpose of the processing of personal data (hereinafter referred to as "data"), which is incurred in the provision of our services and within our online offer. This online offer includes, in particular, the websites required for this purpose and associated functions and content as well as external online presences, such as profiles of social networks and media. With regard to the terms used, reference is made to the definitions of Article 4 of the General Data Protection Regulation (GDPR).
You can reach our data protection officer at data protection @ globalchanger.com
According to Art. 13 I c) DSGVO, we are obliged to inform you of the legal basis for our data processing.
For users from the area of application of the Basic Data Protection Regulation (DSGVO), which extends to the European Union (EU) and the European Economic Community (EEC), the following applies with the proviso that no other legal basis in the data protection declaration:
Art. 6 (1) lit. a and Art. 7 DSGVO is the legal basis for the processing of data covered by consent.
Art. 6 para. 1 lit. b DSGVO is the legal basis for the processing of data for the fulfilment of our owed services, the implementation of pre-contractual measures as well as answering enquiries.
Art. 6 para. 1 lit. c DSGVO is the legal basis for the processing for the fulfilment of our legal obligations.
Art. 6 (1) (d) DSGVO is the legal basis for processing personal data that is necessary due to vital interests of the data subject or another natural person.
Art. 6 (1) (e) DSGVO is the legal basis for processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller to the extent necessary for that purpose.
Art. 6 para. 1 lit. f DSGVO is the legal basis for processing to protect our legitimate interests.
Art. 6 (4) DSGVO concerns the processing of data for purposes other than those for which they were collected. Such processing is only possible under the conditions stated here.
Art. 9 (2) DSGVO sets out special requirements for the processing of special categories of data (corresponding to Art. 9 (1) DSGVO).
Disclosure, transfer or other making available of the data to a person (this also includes a company) in a third country (i.e. outside the EU, EEA or the Swiss Confederation) takes place if the legal requirements are met. This is particularly the case when processing is carried out to fulfil our contractual or pre-contractual obligations. Otherwise, the processing must be based on your consent, a legal obligation or our legitimate interests. We are also obliged to ensure the necessary minimum standards in this constellation. This includes, for example, that the respective third country has been officially granted a level of data protection that corresponds to that of the EU or that officially recognised special contractual obligations are observed.
You have the right to request information on whether data concerning you is being processed. In addition, you have the right to receive further information and a copy of the data in accordance with the legal requirements.
You have the right to have the data concerning you completed and to have the inaccurate data concerning you corrected.
You have a right to the immediate deletion of the data concerning you in accordance with the legal requirements. Alternatively, you have the right to restrict the processing of the data within the framework of the legal requirements.
In accordance with the legal requirements, you have a right to be provided with the data relating to you that you have made available to us and can also request that it be transferred to other responsible parties.
You have the right to lodge a complaint with the competent supervisory authority.
You can revoke the consent you have given at any time with effect for the future
You have the right to object to the future processing of data concerning you in accordance with the legal requirements. The objection may in particular also be directed against processing for the purpose of direct advertising.
In accordance with the legal requirements, we delete the data we have collected or restrict its processing. We delete the data stored by us as soon as the purpose on which the storage is based has ceased to exist and there are no legal storage obligations to the contrary and no deviating regulations have been made in this data protection declaration.
If the data is not deleted due to its necessity for other, legally permissible purposes (e.g. storage for reasons of commercial or tax law), its processing will be restricted. In this case, the data is processed exclusively for this purpose and is otherwise blocked.
To process payment transactions, we use external payment service providers who have their own platform.
Please note the data protection declarations of the respective providers available at:
American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
The use of payment service providers within the framework of the fulfilment of contracts is based on Art. 6 para. 1 lit. b. DSGVO. Furthermore, external payment service providers are used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO in order to be able to offer our users effective and secure payment options.
In the process, the payment service provider primarily collects inventory data (such as the name and address), bank data (such as account numbers or credit card numbers), passwords, TANs and checksums as well as the contract, totals and recipient-related information. These details are necessary for the execution of transactions. However, the data entered is processed exclusively by the payment service providers and stored with them. This means that we do not receive any account or credit card-related information, but only information about whether the payment was successfully completed. For the purpose of checking identity and creditworthiness, the data may be transmitted by the payment service provider to credit agencies. In this regard, we refer to the terms and conditions and data protection information of the respective payment service provider.
For payment transactions, the terms and conditions and data protection information of the respective payment service providers apply, which can be accessed on the respective websites or transaction applications. Further information, in particular on the assertion of revocation, information and other data subject rights, can also be found there.
We process data within the framework of the performance of administrative tasks and the organisation of our operations, financial accounting, processing of contracts for work and services and compliance with legal obligations, such as archiving. This data is the same data that is processed within the framework of contractual service provision. This processing is carried out in accordance with Art. 6 Para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO.
Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lie in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax authorities, advisors such as tax advisors or auditors as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Contracts for work are managed on the basis of Art. 6 para. 1 lit. b DSGVO. The deletion of the data here takes place three years after the termination of the contract.
We analyse the data available to us, in particular those relating to business transactions, contracts and enquiries, in order to be able to operate our business economically. In doing so, we also try to identify market trends and the wishes of our contractual partners and users (marketing, market research). For these purposes, in particular inventory data, communication data, contract data, payment data, usage data and metadata are processed by us on the basis of Art. 6 para. 1 lit. f. DSGVO processed by us. As part of the processing, we can, for example, compare the information provided by registered users within their profiles with the services they have used.
The analyses carried out are designed to increase user-friendliness and business efficiency and to optimise our offers. The analyses are carried out exclusively for our own purposes and are not disclosed externally unless they are anonymous analyses with aggregated values. The persons affected by these measures include our contractual partners, interested parties, customers, visitors and users of our online offer.
Insofar as such analyses or profiles are personal, they will be deleted or anonymised upon termination by the user. Otherwise, this happens after two years from the conclusion of the contract. Furthermore, the macroeconomic analyses and general tendency determinations are created anonymously if possible.
According to Art. 4 No. 1 GDPR, "personal data" means "any information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".
According to Art. 4 No. 2 GDPR, "processing" means "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
According to Art. 4 No. 4 of the GDPR, "profiling" means "any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location".
According to Art. 4 No. 5 GDPR, "pseudonymisation" means "the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person".
A "filing system" is, according to Art. 4 No. 6 GDPR, "any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally or on a functional or geographical basis".
A "controller" is, according to Article 4(7) of the GDPR, "the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law".
According to Art. 4 No. 8, a "processor" is "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".
A "recipient" is, according to Art. 4 No. 9 GDPR, "a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party". However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing".
The IP address is a combination of numbers assigned to a device by an Internet Service Provider to allow the device access to the Internet.
Visitors and users of our online offer are affected by the data processing carried out by us.
On the basis of the exercise of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, we or our hosting provider collect data about every access to the server on which this service is located (so-called server log files).
This data includes
- Name of the accessed website and, if applicable, specific files,
- date and time of the retrieval,
- amount of data transferred,
- notification of successful retrieval,
- browser type and version, the user's operating system,
- referrer URL (the previously visited page),
- IP address and
- the requesting provider.
For security reasons, log file information is stored for up to seven days and then deleted. This serves in particular to clarify acts of abuse or fraud. If data is suitable as evidence to clarify a matter, it will be exempted from deletion until the respective incident is finally clarified.
The processing of the data takes place
- to provide the online offer including its functions and contents,
- to answer contact requests and communicate with users,
- to guarantee security measures,
- for range measurement and
- for marketing purposes.
If you send us enquiries via the contact form, the information you provide in the form, including the contact details you enter there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
We therefore only process the data you enter in the contact form with your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time. An informal e-mail with this request is sufficient. The data processed until receipt of your request may continue to be processed lawfully.
The data you provide in the contact form will be stored by us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after the request has been dealt with). Mandatory legal provisions, in particular regarding statutory retention periods, remain unaffected by this regulation.
We offer the use of temporary and permanent cookies. If you do not agree with this use, please deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Cookies are small files that are stored on your computer. These files contain different information. First and foremost, cookies are used to store information about a user of an online offer. In particular, login data, the contents of a shopping basket, articles called up in an online shop or websites called up in general are saved.
First of all, a distinction must be made between temporary and permanent cookies.
Temporary cookies are also called "session cookies" or "transient cookies". These are cookies that are deleted after leaving the online offer. This usually happens when the browser is closed. Permanent cookies (or "persistent cookies") are files that remain stored even after the browser is closed. In this way, the above-mentioned information can persist beyond the respective browser session. This is particularly relevant for cookies that contain information about users' interests. This data is often used for reach measurement or marketing purposes.
Furthermore, a distinction must also be made between so-called "third-party cookies", which are offered by providers other than the responsible party operating the online offer, and so-called "first-party cookies", which are present in all other cases.
In addition, the storage of cookies can also be prevented by deactivating them in the browser settings. However, this option may not allow the use of all functions of this online offer.
We use so-called social plugins of the social network facebook.com ("Facebook") on the basis of our legitimate interests, which lie in particular in the analysis, optimisation and economic operation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO. DSGVO, we use so-called social plugins of the social network facebook.com ("Facebook"), which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These social plugins basically consist of content such as images, videos or texts and buttons with which users can share content of this online offer within Facebook. Furthermore, it is also possible to integrate content from Facebook into our online offer through these plugins. The list and appearance of the social plugins from facebook.com can be viewed here:
If a user calls up a function of this online offer that contains a social plugin, a direct connection is established with the Facebook servers, via which the content of the social plugin is transmitted directly from Facebook to the user's device and integrated into the online offer by the latter. The data processed in this way can be used to create user profiles. The scope of the data that Facebook collects with the help of this social plugin is beyond our control. The data concerned includes, in particular, the IP address and cookies, which contain information about the user's surfing behaviour.
By integrating the social plugins, Facebook receives this information. From this, Facebook can determine that a user has accessed the corresponding page of the online offer. If the user is also logged in to Facebook, Facebook can assign the visit to his or her Facebook account. As soon as a user interacts with the social plugins, the corresponding information is transmitted directly from their device to Facebook and documented there. This is the case, for example, when the Like button is pressed or a comment is posted. If the user is not currently logged in to Facebook, it can be assumed that Facebook will nevertheless store his or her IP address. According to Facebook, only an anonymised IP address is stored in Germany, although there is certainly the possibility of a comparison with the IP address usually used by Facebook members, which theoretically allows the assignment to a specific member.
If a user is a Facebook member, but rejects the collection of data regarding his or her use of this online offer by Facebook and its linking with his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer.
Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings:
or via the US-American site http://www.aboutads.info/choices/
or the EU site http://www.youronlinechoices.com/.
The settings are platform-independent. They are therefore adopted for all devices used.
The Google Tag Manager is used to manage so-called website tags via a single interface, via which e.g. Google Analytics as well as other Google marketing services can be integrated into our online offer. The Tag Manager only implements the respective tags, i.e. it does not process any personal data of the users. Regarding the processing of such related data, please refer to the following usage guidelines for Google services:
This website uses Google Analytics, a web analytics service. This is operated by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. a DSGVO.
We have activated IP anonymisation on this website. Your IP address will be shortened by Google within the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
This website uses Google AdSense, a service for integrating advertisements of Google Inc ("Google"). This is operated by Google Inc. with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic on these pages can be analysed.
The information generated by cookies and web beacons about your use of this website (including your IP address) and delivery of advertising formats will be transmitted to and stored by Google on servers in the United States. This information may be passed on by Google to Google's contractual partners. However, Google will not merge your IP address with other data stored by you.
The storage of AdSense cookies is based on Art. 6 para. 1 lit. a DSGVO.
By subscribing to our newsletter, you also agree to receive it and to the procedures explained.
We only send newsletters in the form of e-mails and other electronic notifications with advertising information with the prior consent of the recipient or with a legal permit.
If the contents of the newsletter are specifically described in the course of registration, they are decisive for the user's consent. Apart from that, our newsletters contain information about our services and us.
Registration for our newsletter takes place in a so-called double opt-in process. This means that a message is sent to the e-mail address you have provided, requesting confirmation of the registration by clicking on a specific link. This confirmation is necessary so that users can only register with e-mail addresses that they can access themselves and do not misuse third-party e-mail addresses. In order to be able to prove the registration process in accordance with the legal requirements, every registration for the newsletter is logged. For this purpose, the time of registration and confirmation as well as the user's IP address are recorded. In addition, changes to your data stored with the dispatch service provider are recorded.
To register for our newsletter, simply enter your e-mail address. In order to be able to address you personally in the newsletter, we ask that you also provide a name.
The legal permissibility of sending newsletters results from the above-mentioned consent by the respective recipient in accordance with Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with. § 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. DSGVO in conjunction with. § 7 para. 3 UWG. The logging of the registration process is based on the exercise of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. These interests consist of establishing and maintaining a user-friendly and secure newsletter system for business purposes, which also enables us to prove consent.
You have the right to cancel our newsletter service at any time. By doing so, you revoke your consent at the same time. You will find a link to unsubscribe from our newsletter at the end of each newsletter. In order to be able to prove a given but later revoked consent, we are entitled to store the unsubscribed email addresses for up to three years after the revocation on the basis of our legitimate interests. This data is processed exclusively for the purpose of a possible defence against claims. Provided that you confirm the former existence of consent, you have the option of submitting an individual deletion request at any time.
We use external hosting services to operate our online services. This concerns:
- Infrastructure and platform services
- storage and database services,
- email delivery services, and
- Security services and technical maintenance services.
Within the scope of exercising our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract processing agreement), the following data in particular will be processed by us or our hosting provider. Art. 28 DSGVO (conclusion of order processing contract), the following data in particular is processed by us or our hosting provider.
- Inventory and contact data,
- content data and contract data as well as
- usage, meta and communication data.
This data processing concerns our customers as well as interested parties and visitors to our online offer.
Within the scope of our online offer, we use content or service offers from third party providers to integrate their content and services on the basis of the exercise of our legitimate interests, which in this case primarily consist of the interest in the analysis, optimisation and economic operation of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO. DSGVO, we use content or services offered by third-party providers in order to integrate their content and services. This concerns, for example, the integration of videos or fonts.
In order to integrate the content and services of third-party providers, the IP address of the user must be known to them, otherwise no transmission to their browser can take place. The IP address is therefore indispensable for the display of this content and integration of services.
We endeavour to only include content and services whose respective providers use the IP address exclusively to make the content and services available. Third-party providers may also use so-called pixel tags for statistical or marketing purposes. A pixel tag, also known as a "web beacon", is an invisible pixel-sized graphic. They can be used to determine the visitor traffic on the individual websites of an online offer. The pseudonymised information can also be stored on the user's device in the form of so-called cookies. These contain, in particular, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offer. In addition, this information can also be linked to such information from other sources. This is particularly the case if the users are logged in to the respective platforms on different devices as members of these platforms.
We use Google Fonts. These are fonts which are downloaded by Google Ireland Limited when the website is called up. This is technically necessary, as otherwise no fonts could be displayed. During this process, data such as IP address is forwarded to Google. The use of Google Fonts is based on our legitimate interests in a technically secure and maintenance-free use of fonts pursuant to Art. 6 (1) lit. f DSGVO.
For the live chat function we use the service Tawk.to. Provider is. tawk.to ltd, 187 E Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA.
When you use the live chat function, we process the following data:
- Chat history,
- IP address at the time of the chat,
- Country of origin.
The use of the live chat function is based on Art. 6 para. 1 lit. f DSGVO. 6 para. 1 lit. a DSGVO.
If you use the live chat function, your data will be processed by the service provider Tawk.to in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.tawk.to/privacy-policy/ and www.tawk.to/data-protection/gdpr/.
On our website we offer you the possibility to book your participation in events. For this purpose, we use the technical solution "Eventbrite", which is operated by Eventbrite, 155 5th Street, Floor 7, San Francisco, CA 94103, USA.
Eventbrite has a representative for European data protection law. This representative is Eventbrite NL BV, Silodam 402, 1013AW, Amsterdam, the Netherlands.
When you register for an event, you will be redirected to the Eventbrite website.
Eventbrite collects personal data. Eventbrite then transfers this data to us as the event organiser. In order to register with Eventbrite for an event, you will need to submit the following information to Eventbrite:
- Last name, first name
- E-mail address
- Payment information
- Ticket type
- Event ID
- IP address
- Access device and/or browser characteristics
As organisers, we receive data from Eventbrite about the participants of the above-mentioned booking events. We use this data for the preparation and follow-up of the corresponding booked events. In addition, registered participants receive information about the booked event and our contact details by email before and after the event.
The processing of this data is based on Art. 6 para. 1 lit. b DSGVO.
Eventbrite stores personal data on servers in the United States. To ensure that personal data from the European Union can be lawfully transferred to servers in the United States, Eventbrite has committed to comply with the standard contractual terms and conditions for the transfer of personal data.
Eventbrite is committed to protecting personal data. To this end, Eventbrite has adopted a number of security measures and constantly monitors the implementation of these measures. For more information about Eventbrite's comprehensive security and privacy measures, please see Eventbrite's Security Policy at www.eventbrite.de/security.
In order to fulfil our contractual and pre-contractual services, we process the data of our "contractual partners", which in particular shall also include interested parties as well as other clients, customers, clients or customers, in accordance with Art. 6 Para. 1 lit. b. DSGVO.
The data processed is determined by the underlying contractual relationship. This also applies to the type, scope and purpose as well as the necessity of their processing.
The data processed are primarily:
- Inventory and master data of the contractual partners (e.g., name, address, etc.),
- contact data (e.g., e-mail address, telephone, etc.),
- Contract data (e.g., services used, products purchased, costs, names of contact persons) and
- Payment data (e.g., bank details, payment history, etc.).
As a matter of principle, we do not process any special categories of personal data, unless these are components of a commissioned or contractual processing.
Furthermore, we process data that is required for the justification and fulfilment of the contractual services. In doing so, we point out the necessity of providing the data if this is not evident to the contractual partners.
We only disclose the processed data to external persons or companies if this is necessary on the occasion of a contract. When processing data provided to us on the basis of an order, we act strictly in accordance with the instructions of the client and the legal requirements.
We store the IP address used by you during registration and subsequent logins as well as the IP address used when using our online services and the time of the respective user action. This storage is based on the perception of our legitimate interests, as to protect users from misuse and other unauthorised use. As a matter of principle, this data will not be passed on to third parties. This does not apply if this is necessary for the pursuit of our legal claims as a legitimate interest or if there is a legal obligation to do so.
When using our online services, the IP address and the time of the respective user action are stored by us. The storage is based on our legitimate interests, as well as the interests of users in protection against misuse and other unauthorised use. This data will not be passed on to third parties unless this is necessary to pursue our claims in accordance with Art. 6 Para. 1 lit. f. DSGVO or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO.
We delete the data when it is no longer required for the fulfilment of contractual or legal duties of care and for dealing with any warranty and comparable obligations. We review the necessity of retaining the data every three years. Otherwise, the statutory retention obligations apply.
Users have the option of creating a user account. During the registration process, the required mandatory information is provided to the user. This data is processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. In particular, login information (name, password and e-mail address) is collected and processed. All data entered during registration is used for the use of the user account and the related purposes.
Our users may receive information relevant to the user account by email. This may concern technical changes, for example.
In the event of termination of a user account by the user, the user's data relating to the user account will be deleted, subject to a legal obligation to retain data. It is the responsibility of the users to save their data before the end of the contract in the event of termination. We are entitled to permanently delete all data of the user that was stored during the term of the contract.
In addition, we store the IP address and the time of the respective user action within the scope of the registration and login function. This is done on the basis of both our legitimate interests and those of the users, as this is intended to ensure protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c. DSGVO exists. The IP addresses are anonymised or deleted after 7 days at the latest.
Instead of registering directly on our website, you can also register via Facebook Connect. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register with Facebook Connect and click on the buttons "Log in with Facebook" or "Connect with Facebook", you will automatically be redirected to the Facebook platform. There you can log in with your Facebook user name and password. This will link your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. This includes in particular your:
- Facebook name
- Facebook profile picture
- Facebook cover picture
- Email address on file with Facebook
- Facebook ID
- Facebook friends
- Facebook likes
- gender and sex
This information is used to set up, provide and personalise your account.
We only process applicant data for the purpose of and within the application procedure within the framework of the legal requirements. Applicant data is processed to fulfil our contractual or pre-contractual obligations within the scope of the application procedure pursuant to Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO, insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures, whereby § 26 BDSG must also be observed here.
The application process is only opened when the applicant provides us with all the necessary applicant data. If we offer an online form, this is expressly indicated. Otherwise, they result from our job descriptions, whereby personal details, postal and contact addresses as well as the documents belonging to the application, such as cover letter, CV and certificates are recorded. Furthermore, applicants can voluntarily provide us with additional information.
If special categories of personal data are voluntarily disclosed during the application process pursuant to Art. 9 (1) of the GDPR, they will also be processed pursuant to Art. 9 (2) a of the GDPR. This applies in particular to health data or information on ethnic origin.
Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b DSGVO. This is particularly the case with health data, insofar as this is necessary for the exercise of the profession.
If available, applicants can submit their applications to us using an online form on our website. This transmission is encrypted in accordance with the state of the art.
Applicants can also send their applications to us by e-mail. Please note, however, that e-mails are generally not encrypted and applicants are responsible for encryption. For this reason, we recommend using an online form or sending the application by post, which is probably the most secure method in terms of data protection.
The data provided by applicants within their application may, in the event of a successful application, be further processed by us for the purposes of the employment relationship. If, on the other hand, the application for a job offer was unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, deletion takes place after the expiry of a period of six months so that we can answer any follow-up questions about the application and fulfil our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of two years on the basis of consent pursuant to Art. 6 Para. 1 lit. a. and Art. 7 DSGVO.
The application documents in the talent pool are processed exclusively within the framework of future job advertisements and the employee search. The documents will be destroyed at the latest after the deadline.
Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare their objection within the meaning of Art. 21 DSGVO.
We have company pages on several social media platforms. In this way, we want to provide more information about our company and opportunities for communication. There are company pages on the following social media platforms.
Personal data about you may be processed when you visit or interact with a profile on a social media platform. Information about the social media profiles used also often constitutes personal data. This includes messages and statements made in connection with the use of a profile. In addition, when you access a social media profile, certain information about that profile is usually collected automatically, which may also constitute personal data.
We also process information that you provide to us via our company pages on the respective social media platforms. This information may be in the form of a username used, contact information or information provided to us. We only process this personal data on a regular basis if we have specifically asked you to provide it to us beforehand. We carry out these processing operations as the sole data controller. The processing of this data is based on our legitimate interest in contacting the enquirer. The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO.
In addition, we may process this data for evaluation and marketing purposes. The legal basis for this processing is Art. 6 para. 1 lit. f DSGVO and is in our interest to further develop our services and to inform you specifically about our services. Further processing of the data is possible if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or to fulfil a legal obligation (Art. 6 para. 1 lit. c DSGVO).
When you visit our Facebook or Instagram page, where we present our company or individual products from our range, certain information about you is processed. The sole controller of this personal data is Meta Platforms Ireland Limited (Ireland/EU - "Meta"). For more information about Meta's processing of personal data, please visit https://www.facebook.com/privacy/explanation.
Meta offers the possibility to object to certain data processing; information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
Meta provides our Facebook and Instagram pages with statistics and insights in anonymous form that we use to understand what kind of actions people take on our pages (called "page insights"). These page insights are created based on certain information about the people who have visited our pages. This processing of personal data is carried out by Meta and us as joint controllers. The processing is carried out on the basis of our legitimate interest in evaluating the nature of the actions carried out on our website and improving our website on the basis of these insights. The legal basis for this processing is Art. 6 (1) lit. f DSGVO. We cannot link the information obtained via Page Insights to the Facebook profiles of people who interact with our Facebook page. We have entered into a joint control agreement with Meta which sets out the sharing of data protection obligations between us and Meta. Details of the personal data processing that gave rise to Page Insights and the agreement we have with Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.
Twitter Inc. (USA) is exclusively responsible for the processing of personal data when accessing our Twitter profile. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy.
When you visit our LinkedIn page, LinkedIn Ireland Unlimited (Ireland/EU - "LinkedIn") is the only party responsible for processing personal data. For more information about LinkedIn's processing of personal data, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
LinkedIn processes personal data to provide us with anonymous statistics and insights when you visit, follow or participate in our LinkedIn company page. This gives us insights into the type of actions you take on our website (so-called page insights). For this purpose, LinkedIn processes such data that you have already provided to LinkedIn via information in your profile, for example, on function, country, industry, length of service, company size and employment status. In addition, LinkedIn processes information about your interaction with our LinkedIn company page, for example, whether you are a follower of our LinkedIn company page. We do not receive any personal data about you from LinkedIn through the page insights. We can only access aggregated Page Insights. It is also not possible for us to draw conclusions about individual members from the information in Page Insights. The processing of personal data in Page Insights is carried out by LinkedIn and us as joint controllers. This processing is in our legitimate interest to evaluate the nature of the actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Art. 6 (1) lit. f DSGVO. We have entered into a joint control agreement with LinkedIn which sets out the sharing of data protection obligations between us and LinkedIn. The agreement is available at https://legal.linkedin.com/pages-joint-controller-addendum. Accordingly, the following applies.
- LinkedIn and we have agreed that the Irish Data Protection Commission is the primary supervisory authority for Page Insights processing. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority at any time.
New Work SE (Germany/EU) is the sole controller of personal data when you visit our XING profile. For more information about the processing of personal data by New Work SE, please visit https://privacy.xing.com/de/datenschutzerklaerung.