Privacy Policy

April 2023

‍

‍

We (Empion GmbH) are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We therefore would like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes such data is used.

Personal data means any information relating to an identified or identifiable natural person (data subject) such as name address email addresses or user behavior. This therefore includes data that can be used to identify you.

In addition this privacy policy also contains individual information regarding data processing activities outside of this website such as video conferences or newsletters.

‍

‍

‍

‍A. Controller responsible for data processing

‍

The controller responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

‍

Empion GmbH

Dircksenstraße 47

10178 Berlin

E-Mail: info@empion.de

‍

Data protection officer

‍heyData GmbH

Schützenstr. 5

10627 Berlin

E-Mail: datenschutz@empion.de

‍

‍

‍B. General information

‍

‍This privacy policy complies with the statutory requirements for transparency regarding the processing of personal data. Personal data includes all information relating to an identified or identifiable natural person. This includes for example information such as your name your age your address your telephone number your date of birth your email address your IP address or user behavior when visiting a website.

Information for which we cannot establish a reference to your person or only with disproportionate effort for example through anonymization does not constitute personal data.

The processing of personal data such as collection inquiry use storage or disclosure always requires a legal basis and a defined purpose.
‍

Stored personal data is deleted as soon as the purpose of the processing has been fulfilled and there are no lawful grounds for further retention of the data. We inform you about the specific retention periods or the criteria used to determine the retention period in the individual processing activities.

Irrespective of this we may retain your personal data in individual cases for the assertion exercise or defense of legal claims and where statutory retention obligations apply.

‍

‍

‍

‍C. Information pursuant to Article 13 GDPR

‍

‍This information is addressed to customers prospective customers suppliers and employees. We process your personal data for the following purposes:

‍

●   To fulfill our contractual obligations owed to you (Article 6(1)(b) GDPR).

‍

●   To carry out precontractual measures (Article 6(1)(b) GDPR).

‍

●   If you have given us your consent to process your personal data for specific purposes for example to receive our newsletter the data processing is carried out on the basis of your consent (Article 6(1)(a) GDPR).
‍

●   To comply with legal obligations to which our company is subject (Article 6(1)(c) GDPR).

‍

●  Where necessary we also process your data to safeguard our legitimate interests in particular for the assertion of legal claims and the defense against legal disputes or to ensure IT security for consultation with and data exchange with credit agencies for the assessment of creditworthiness and default risks for direct marketing and market research provided that you have not objected to the use of your data for this purpose for measures of business management and the further development of services and products for product and sales optimization measures for risk management and for the prevention or investigation of criminal offenses (Article 6(1)(f) GDPR).

‍

‍

‍D. Categories of recipients of personal data

‍

Within our company only those employees have access to the data who require it to fulfill their duties in accordance with the need to know principle.

Certain processes and services are carried out by carefully selected service providers that have been contractually engaged in compliance with data protection law and that are located within the European Economic Area (EEA).

If service providers engaged by us receive access to personal data in the course of performing their services data processing agreements pursuant to Article 28(3) GDPR have been concluded with such service providers.

‍

‍

‍E. Duration of data storage

‍

‍The data processed by us is stored for the duration of the existence and performance of the contractual relationship and in compliance with statutory retention obligations. These include in particular commercial and tax law retention requirements under the German Commercial Code (HGB) and the German Fiscal Code (AO).

The regular retention and documentation periods amount to up to ten years.

If no contractual relationship is established we process the data only for as long as required for the specific purpose.

‍

‍

‍F.  Your rights as a data subject‍

‍

As a data subject you have the following rights with regard to your personal data processed by us which you may exercise by sending an email to datenschutz@empion.de .
‍

●   If you have given us your explicit consent to the processing of your personal data you may withdraw this consent at any time free of charge with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out up to that point or the lawfulness of processing based on another legal basis.

‍

●   Pursuant to Article 15 GDPR you may request information about your personal data processed by us. In particular you may request information about the purposes of processing the categories of personal data the categories of recipients to whom your data has been or will be disclosed the planned storage period the existence of a right to rectification erasure restriction of processing or objection the existence of a right to lodge a complaint the origin of your data if it was not collected from you and the existence of automated decision making including profiling and where applicable meaningful information about the details involved. You may also request that we provide you with a copy of the data stored about you.

‍

●   Pursuant to Article 16 GDPR you may request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us.

‍

●   Pursuant to Article 17 GDPR you may request the erasure of your personal data stored by us unless the processing is necessary for the exercise of the right to freedom of expression and information for compliance with a legal obligation for reasons of public interest or for the assertion exercise or defense of legal claims.

‍

‍

●   Pursuant to Article 18 GDPR you may request the restriction of the processing of your personal data where you contest the accuracy of the data where the processing is unlawful but you oppose the erasure of the data where we no longer need the data but you require it for the assertion exercise or defense of legal claims or where you have objected to the processing pursuant to Article 21 GDPR.
‍

●   Pursuant to Article 20 GDPR you may receive the personal data concerning you which you have provided to us and which we process on the basis of your consent or for the performance of a contract in a structured commonly used and machine readable format or where technically feasible request the transmission of such data to another controller (right to data portability).

‍

●   Pursuant to Article 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule you may contact the supervisory authority of your habitual residence your place of work or our place of business.

‍

‍Right to object

‍

If we process your personal data on the basis of legitimate interests pursuant to Article 6(1) sentence 1 lit. f GDPR you have the right to object to the processing of your personal data pursuant to Article 21 GDPR provided that there are grounds relating to your particular situation or where the objection is directed against direct marketing.

In the latter case you have a general right to object which will be implemented by us without the need to state a particular situation.

‍

‍

G. Cookies

‍

‍Cookies are small text files that are sent by us to the browser of your device during your visit to our websites and are stored there. As an alternative to using cookies information may also be stored in the local storage of your browser.

Some functions of our website cannot be provided without the use of cookies or local storage (technically necessary cookies). Other cookies allow us to perform various analyses, enabling us for example to recognize the browser you are using when you revisit our website and to transmit certain information to us (non necessary cookies).

With the help of cookies we can among other things make our website more user friendly and efficient by tracking your use of our website and identifying your preferred settings, such as country and language settings.

If third parties process information via cookies, they collect this information directly through your browser. Cookies do not cause any harm to your device. They cannot execute programs and do not contain viruses.
‍

We provide information about the respective services for which we use cookies in the individual processing activities. Detailed information about the cookies used can be found in the cookie settings or in the consent manager of this website.

‍

Some functions of our website cannot be provided without the use of cookies or local storage (technically necessary cookies). Other cookies allow us to perform various analyses, enabling us for example to recognize the browser you are using when you revisit our website and to transmit certain information to us (non necessary cookies).

With the help of cookies we can among other things make our website more user friendly and efficient by tracking your use of our website and identifying your preferred settings, such as country and language settings.

If third parties process information via cookies, they collect this information directly through your browser. Cookies do not cause any harm to your device. They cannot execute programs and do not contain viruses.
‍

We provide information about the respective services for which we use cookies in the individual processing activities. Detailed information about the cookies used can be found in the cookie settings or in the consent manager of this website.

‍

‍

‍

‍H. Data processing in detail

‍

‍Below, we provide information about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.

‍

‍

‍1. Provision of the website – log files

‍

‍When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so called log file:
‍

●   IP address of the requesting device

‍

●   Date and time of access
‍

●   Name and URL of the retrieved file

‍

●   Website from which the access originated (referrer URL)

‍

●   Browser used and, if applicable, the operating system of your device and its interface, as well as the name of your access provider

‍

●   Language and version of the browser software

‍

●   Time zone difference to Greenwich Mean Time (GMT)

‍

●   Content of the request (specific page)

‍

The IP address must be stored for the duration of the session in order to display our web pages to you. The processing of the remaining data serves in particular to ensure the long-term functionality and security of our web pages and IT systems.

The legal basis for the processing of this data is Art. 6 (1) (f) GDPR. Our legitimate interest in data processing is to achieve the aforementioned purposes.

The log files are stored for a period of 30 days and then deleted, unless they must be retained for a longer period in exceptional cases to track an identified attack. Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of providing the website in accordance with Art. 28 GDPR.

‍

‍

‍2. Contact form

‍

Type and scope of processing

When you send us inquiries (e.g., via the contact form, by email, or by phone), we store all data provided in this context (e.g., name, email address, subject of the inquiry, etc.). We need this data to process your inquiry and respond to follow-up questions. This data will not be passed on without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for pre-contractual measures. Otherwise, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), provided you have given such consent in advance.

Storage period‍

‍If an employment relationship is established with you, we will continue to process your data for the purposes of the employment relationship in accordance with a separate privacy policy, which you will then receive from us. If no employment relationship is established with you, we will generally store your data for a period of six months from the date of receipt of the rejection notice. Your application documents will then be deleted. Internally, only those persons who need your data for the purposes mentioned above will have access to it. These are primarily the responsible partners, responsible HR employees, and all persons who are necessarily involved in the applicant selection process.
‍

Inclusion in the applicant pool

‍

‍As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 12 months on the basis of consent within the meaning of Art. 6 (1) (a) GDPR.

The application documents in the talent pool will only be processed in the context of future job advertisements and employee searches and will be destroyed at the latest after the expiry of the period. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process, and that they can revoke this consent at any time in the future.

If you receive an offer of employment from us as part of the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.

‍

‍

‍4. 4. Processing of personal data within the framework of the Empion SaaS recruiting platform

‍

Nature and scope of processing

‍

‍Our Empion SaaS recruiting platform (“Platform”) is a platform for connecting potential employees with companies registered with us (“Customers”). Users can register on our platform and create their own applicant profile. Our platform identifies and suggests potential employers to users. In their profile settings, users can decide whether their application documents should be automatically sent to each suggested employer or whether confirmation from the user should be obtained before each transmission.

‍

Purpose and legal basis

‍

‍When you register with us as a user, we process your personal data for the following purposes, among others:
●       Creation of a user profile on our platform
●       Forwarding to customers who are potential employers
●       Selection of job offers that are suitable for usersFor this purpose, the following categories of data are processed:
●   Private contact and identification data: e.g., last name, first name, academic degree, gender, email address, postal address, and telephone number
●       Data about your professional qualifications, such as school and educational qualifications, language skills, as well as your place of study or training, certificates
●       If available: photo
●   Responses to the questionnaire
●       Data about professional preferences: e.g., salary expectations, desired job profileWhen you register on our platform, you enter into a user agreement with us. Your personal data is therefore processed to fulfill a contractual obligation; the legal basis for this is Art. 6 (1) (b) GDPR.

‍

Source of data; registration

‍

Your personal data either comes directly from you because you have provided or uploaded it to us via the platform, or alternatively, we may receive your data from LinkedIn. You can use your LinkedIn account to register. The provider of this platform is LinkedIn Ireland Unlimited Company ("LinkedIn"), Wilton Place, Dublin 2, Ireland.
‍

To register using LinkedIn, you must enter your account information (LinkedIn username and password). LinkedIn will identify you and confirm your identity to our website. Additionally, you must accept our terms of use.

If you log in with LinkedIn, we may use certain information from your LinkedIn account to complete your profile on our platform. You control this through your LinkedIn privacy settings.
‍

Registration via LinkedIn is voluntary, and the associated processing of your data is based on our legitimate interest in providing users with a convenient registration process (Article 6(1)(f) GDPR).

The processing of your data by LinkedIn is independent of our processing. You can learn more about LinkedIn’s data processing at their privacy policy.
‍

For the integration of LinkedIn, we use an interface (API) provided by the third-party provider Proxycurl LLC, 1603 Capitol Ave, Ste. 310 A144, Cheyenne, WY 82001, USA. We have concluded a data processing agreement with Proxycurl in accordance with Article 28 GDPR, including the EU standard contractual clauses.

Wenn du willst, kann ich den ganzen Abschnitt über externe Plattformen und Bewerberdaten zusammenhängend in ein einheitliches Business English übersetzen, sodass er direkt auf der Website verwendbar ist. Willst du, dass ich das mache?

‍

‍

Data transfers to customers; Joint responsibility

‍

‍We transfer your data to potential employers who have registered as customers on our platform. This data transfer only takes place if you have consented to the transfer to the respective customer. In the event of a data transfer, our customers are themselves responsible for data processing from a data protection perspective. For these purposes, we conclude an agreement with our customers on the joint processing of personal data in accordance with Art. 26 GDPR. The contents of this data protection agreement can be found in the “Data Protection” section of our General Terms and Conditions (https://www.empion.io/agb). Essentially, we have agreed with our customers that you can contact both us and the customer at any time with data protection inquiries.
‍

Storage period

‍

‍We store your data on the platform for as long as you are registered with us. You can delete your account at any time – in this case, your personal data will also be deleted. However, in order to comply with statutory retention periods and in the event of a legal dispute, we may retain your data even after your account has been deleted for the duration of the relevant retention periods and statutory limitation periods.

Under no circumstances will data be passed on to customers or processed by us in any other way after the account has been deleted. Our customers can view your application documents on the platform for a period of six months after completion of the respective application process. After this period, customers no longer have access to your application documents.

‍

‍

‍5. Cultural analysis
‍

‍If you register as a corporate customer for your company, we create an analysis of the overall corporate culture ("Culture Analysis"). The Culture Analysis is conducted using a digital questionnaire, which is provided to the employees of the customer company via a link and completed by the employees anonymously.
‍

In essence, the following data are processed as part of the Culture Analysis: gender, age group, workplace location, department, work arrangement (hybrid, remote, office), language, and leadership. Since we do not collect names, this generally does not constitute personal data of the employees. However, in individual cases, identification of employees based on this information may theoretically be possible, and therefore we treat the data as personal data under GDPR.
‍

Additionally, the provision of the link to the questionnaire technically results in the processing of employees’ IP addresses. We process IP addresses solely for the purpose of providing the questionnaire and delete them after 14 days.
‍

The legal basis for processing personal data within the Culture Analysis is our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is to provide our customers with the best possible results on our platform through the Culture Analysis. The interests of employees are adequately considered, particularly by ensuring that the questionnaires are completed anonymously and that no measures are taken to determine the identity of the employees.

‍

‍

‍6. Use of Google Analytics
‍

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
‍

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on pages, operating systems used, and the origin of the user. These data may be compiled by Google into a profile associated with the respective user or their device.
‍

In addition, we may use Google Analytics to record mouse movements, scrolling behavior, and clicks. Google Analytics also applies various modeling techniques to supplement the collected datasets and uses machine learning technologies for data analysis.
‍

Google Analytics uses technologies that allow the user to be recognized for the purpose of analyzing user behavior (for example, cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the United States and stored there.
‍

The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and advertising. If consent has been requested (for example, consent to the storage of cookies), processing is carried out solely on the basis of Section 25(1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) and Article 6(1)(a) GDPR. Consent can be withdrawn at any time.
‍

Data transfers to the United States are based on the standard contractual clauses of the European Commission. Details can be found at privacy.google.com/businesses/controllerterms/mccs.

‍

‍

IP anonymization

‍

‍We have enabled IP anonymization on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

‍

‍Browser plugin

‍

‍You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

‍

‍Auftragsverarbeitung

‍

We have entered into a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

‍

Storage period

‍

‍Data stored by Google at user and event level that is linked to cookies, user IDs (e.g., user ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de
‍

‍7. Presence on social media platforms

‍

Data processing by social networks

‍

‍We operate publicly accessible profiles on social media networks. The specific social media networks we use are listed below.
‍

Social media networks such as Facebook and Twitter can generally analyze your user behavior extensively. By visiting our social media profiles, the following data processing activities relevant to privacy may occur:
‍

If you are logged into your social media account and visit our profile, the operator of that social media platform may track this visit. Regardless of this, the operator may also process your data (e.g., IP address) even if you are not logged into your account or do not have an account at all.
‍

The operator compiles these data into user profiles that record your preferences and interests. These profiles are used to display personalized advertising on and outside the respective social media presence. If you have an account with the respective social media network, personalized advertising may be displayed on all devices where you are or have been logged in.
‍

Depending on the platform, additional data processing activities may be carried out by the operators of the social media portals, over which we have no influence. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

‍

‍

Legal basis

‍

‍Our social media profiles are intended to ensure a comprehensive online presence in accordance with Art. 6 para. 1 lit. f GDPR. In addition, they serve our legitimate interests in presenting our company in a diverse manner and in using an effective communication channel to improve our external representation and interaction with you. The analysis processes carried out by the operators of the social media networks may be based on different legal grounds, which are to be specified by the respective providers. If you have given a platform operator consent to process your data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

‍
Responsible party and assertion of rights

‍

‍When you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing activities triggered by that visit. You can generally exercise your rights (access, correction, deletion, restriction of processing, data portability and complaint) both with us and with the operator of the respective social media platform (e.g., Facebook).
‍

Despite this joint responsibility with the social media platform operators, we do not have full control over the data processing activities of the platforms. Our options are primarily determined by the corporate policies of the respective provider.

‍

Storage period

‍

‍The data directly collected by us through our social media presence will be deleted from our systems as soon as you request its deletion, withdraw your consent for storage, or the purpose for data storage no longer applies. Mandatory legal provisions, in particular retention periods, remain unaffected.
‍

We have no influence over the storage duration of data collected by the social media platforms. For details, please refer directly to the operators of the respective social media platforms (e.g., in their privacy policies, see below).

‍

Facebook page

‍

‍We maintain a profile on Facebook. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data collected may also be transferred to the USA and other third countries.
‍

We have concluded a joint controller agreement (Controller Addendum) with Facebook that specifies which data processing activities we and Facebook are each responsible for. You can review this agreement directly with Facebook.
‍

You can manage your advertising settings independently in your user account. To do so, log in to your account and adjust your preferences in the ads settings section.
‍

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details are available from Facebook regarding these clauses and data transfers.
‍

For more information on how Facebook processes data, please refer to Facebook’s privacy information.

‍

‍

Instagram page

‍

‍We maintain a profile on Instagram. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
‍

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further information on these clauses and data transfers is available from Instagram.
‍

For details on how Instagram handles your personal data, please refer to Instagram’s privacy policy.

‍

‍

‍LinkedIn page

‍

‍We maintain a profile on LinkedIn. The service provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
‍

If you wish to disable LinkedIn advertising cookies, please use the following link: LinkedIn guest controls for retargeting opt-out.
‍

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further information on these clauses and data transfers is available from LinkedIn.
‍

For details on how LinkedIn handles your personal data, please refer to LinkedIn’s privacy policy.

‍

‍

‍8. E-Mail newsletter

‍

You can subscribe to an email newsletter (“Newsletter”) on our website. To sign up for our newsletter, you must provide us with your email address. To verify your email address, we use a double opt-in process. This means that after you provide your email address, we will send a confirmation email to the address you provided asking you to confirm that you wish to receive the newsletter. Once you confirm, we will store your data as long as you remain subscribed to the newsletter. The storage is solely for the purpose of sending you the newsletter.
‍

The legal basis for this processing is your explicit consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.
‍

You can withdraw your consent at any time and unsubscribe from the newsletter. You can do so by clicking the link provided in every newsletter email, by sending an email to the address listed above, or by contacting us via the contact details provided in the imprint.
‍

The data you provide for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe, after which your data will be removed from the newsletter distribution list. Data stored for other purposes will not be affected.
‍

After unsubscribing from the newsletter, your email address may be stored in a blacklist to prevent future mailings. The data in the blacklist is used exclusively for this purpose and is not merged with other data. This serves both your interests and our legitimate interest in complying with legal requirements for sending newsletters (legitimate interest pursuant to Art. 6 (1) lit. f GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests override our legitimate interest.

‍

‍9. ‍Video conferences

For conducting video and audio conferences, webinars, and other types of video and audio meetings, we use video conferencing tools provided by third-party providers. The following categories of data are processed in this context:

- Master data (e.g., names, addresses)

- Contact data (e.g., email addresses, phone numbers)

- Content data (e.g., text entries, photographs, videos)
- Meta/communication data (e.g., device information, IP addresses)
‍

The processing of this data is necessary to set up and conduct online meetings and video conferences. The legal basis for processing is Art. 6 (1) lit. b GDPR or, alternatively, Art. 6 (1) lit. f GDPR based on our legitimate interest in efficient and secure communication with our communication partners. If you have previously given consent for data processing, your data will be processed solely on the basis of Art. 6 (1) lit. a GDPR; consent can be withdrawn at any time.

We use the following video conferencing tools:

- Google Meet: For the European region, the responsible entity is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
‍

To provide adequate safeguards for any potential data transfers to the USA or other third countries, the EU Standard Contractual Clauses are applied.

‍

If you share content using this service, it will be stored on the servers of the respective providers. This includes cloud recordings, chat messages, voice messages, as well as photos and videos that you share while using this service. We have no influence over the processing carried out by the provider of the video conferencing tool.
‍

For detailed information about data processing by the conference tools, please refer to the privacy policies of the respective tools used.
‍

Any data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request deletion, withdraw your consent for storage, or the purpose for storing the data ceases to exist. Stored cookies will remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
‍

We have no control over the retention period of your data that is stored by the conference tool providers for their own purposes. For details, please contact the providers of the conference tools directly.

‍

‍

‍10. Adobe Typekit

‍

Type and scope of processing

‍

‍This website uses web fonts from Adobe to ensure consistent display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit this website, your browser downloads the required fonts directly from Adobe so that they can be displayed correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This allows Adobe to know that this website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.

‍

Purpose and legal basis

‍

‍The storage and analysis of data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in ensuring a consistent presentation of the typography on its website. If consent has been obtained (for example, consent for the storage of cookies), processing is carried out solely on the basis of Art. 6 (1) lit. a GDPR. Consent can be revoked at any time.
‍

Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found at: https://www.adobe.com/de/privacy/eudatatransfers.html.
‍

For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
‍

Adobe’s privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.

‍

‍

‍11. Google fonts

‍

Type and extent of processing

‍

‍This website uses web fonts to ensure a consistent display of typography. These fonts are provided by Google. When you access the website, your browser loads the required web fonts into your browser cache so that texts and fonts are displayed correctly. To do this, your browser establishes a connection to Google’s servers. Google therefore becomes aware of your IP address.
‍

If your browser does not support web fonts, a standard font from your computer will be used.
‍

For more information on Google Web Fonts, please see: https://developers.google.com/fonts/faq.
‍

Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=de.

‍

‍

Purpose and legal basis

‍

‍The use of Google Web Fonts is based on our legitimate interest in maintaining a consistent appearance of typography on our website (Art. 6(1)(f) GDPR). If a corresponding consent has been obtained (e.g., consent for storing cookies), the processing of data is carried out solely on the basis of your consent under Art. 6(1)(a) GDPR. This consent can be withdrawn at any time.

‍

‍12. Vercel und StrapiCMS

‍

Type and scope of processing

‍

‍We use Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA ("Vercel") and Strapi, Inc., 3500 S Dupont Hwy, Dover, DE 19901, USA ("StrapiCMS") for web hosting and the presentation of our website. In addition, Vercel and StrapiCMS collect statistical data about visits to our website.
‍

The following data is typically transmitted: accessed website, date and time of access, amount of data transferred, status of the request (successful or not), browser type and version, user’s operating system, previously visited website (referrer), and IP address.
‍

These log data are processed solely for the purposes mentioned above, as well as to maintain security, functionality, and to optimize the services provided by Vercel and StrapiCMS.

‍

‍

Purpose and legal basis

‍

‍The use of the service is based on our legitimate interests, i.e., our interest in providing a secure and efficient service as well as optimizing our online offerings, in accordance with Art. 6 (1) (f) GDPR.

‍

‍13.Amazon Web Services and SentryArt and scope of processing
‍

For the provision of our web apps, we use Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109 United States (“AWS”). We use AWS for web hosting and the delivery of our web apps. In addition, AWS collects statistical data about visits to our website.
‍

All data is stored with AWS and processed there in accordance with their terms of use, which can be viewed by copying and pasting the following URL into your browser: d1.awsstatic.com/legal/AWS_Site_Terms/AWS_Site_Terms_German_2022-09-30.pdf. All data is stored in Europe. This provider has access to user email addresses when we send transactional or product-related emails.
‍

The following data is generally transmitted: the website accessed, date and time of access, amount of data transmitted, indication of whether a retrieval was successful, browser type and version, user operating system, previously visited website (referrer), and IP address. These log data are used exclusively for the purposes described above and for maintaining the security, functionality, and optimization of our web pages.
‍

In addition, we use Functional Software, Inc., doing business as Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105-2250, USA (“Sentry”). In the event of an unexpected system error, this provider may have access to user-related information. The transmitted information is used to allow our technical team to resolve the system error. The privacy policy of Sentry can be viewed by copying and pasting the following URL into your browser: sentry.io/privacy/?original_referrer=https%3A%2F%2Fwww.google.com%2F.

‍

‍

Purpose and legal basis

‍

The use of the hosting provider is for the purpose of fulfilling our contractual obligations to our prospective and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6 (1) lit. f GDPR).

‍

‍

‍14. Facebook pixel

‍

‍We use the remarketing feature “Custom Audiences,” the audience function “Lookalike Audiences,” and the Conversions API of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, “Facebook”) on our website.
‍

The “Custom Audiences” feature is used to target website visitors with interest-based advertising (“Facebook Ads” or “Instagram Ads”) on the social networks Facebook and Instagram, as well as on Facebook partner sites. For this purpose, the Facebook remarketing tag (also called Facebook Pixel) has been implemented on the website. Facebook Pixel uses cookies, which are small text files stored locally in your web browser cache on your device. The remarketing tag establishes a direct connection to Facebook servers when the website is visited. This transmits information to the Facebook server about which of our pages you have visited and which interactions you have performed. Facebook Pixel also allows verification of whether you were redirected to our website after clicking on our Facebook or Instagram ads. Facebook associates this information with your personal Facebook or Instagram account. Personalized, interest-based “Facebook Ads” or “Instagram Ads” will then be displayed to you when you visit these social networks. The data collected about you is pseudonymized for us, meaning that it does not allow us to identify you. However, Facebook may link this data to your Facebook or Instagram user account.
‍

The “Lookalike Audiences” feature of Meta Platforms Ireland Limited (“Facebook”) uses the same tracking pixel and is used by Facebook to calculate similarities with other Facebook or Instagram users and to identify new potential customers based on website visits and interactions. Statistical lookalike audiences are created in this way to display interest-based ads to these users as well.
‍

With the Facebook Conversions API, data is still collected on the client side and further processed on our web server. The API enables data collection even if the Facebook Pixel is blocked on the client. On the server, a tracking code is executed that sends the collected events to the Facebook API on Facebook’s servers. There, the data from the API and the Facebook Pixel are combined. The Conversions API therefore complements tracking via the Facebook Pixel.
‍

Further information can be found by visiting Facebook’s business help pages (search for “Facebook Conversions API and Custom Audiences” for detailed guidance).

‍

Meta Platforms Ireland Limited and we are joint controllers for the collection of your data and its transmission to Facebook when this service is integrated. This is based on an agreement between us and Meta Platforms Ireland Limited regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed by searching for “Facebook Controller Addendum.” According to this agreement, we are specifically responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements under Article 32 GDPR in terms of correct technical implementation and configuration of the service, and for fulfilling obligations under Articles 33 and 34 GDPR to the extent that a personal data breach affects our responsibilities under the joint processing agreement. Meta Platforms Ireland Limited is responsible for enabling data subject rights under Articles 15 to 20 GDPR, ensuring compliance with Article 32 GDPR regarding the security of the service, and fulfilling obligations under Articles 33 and 34 GDPR to the extent that a personal data breach affects Meta Platforms Ireland Limited’s responsibilities under the joint processing agreement.
‍

Since personal data is transferred to the United States, additional safeguards are required to ensure a level of data protection equivalent to that of the GDPR. There is no adequacy decision by the European Commission for the United States. The data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, which can be accessed by searching for “Facebook EU Data Transfer Addendum.” As an additional measure beyond the standard contractual clauses, Facebook has implemented technical and organizational measures to protect your data, searchable as “Facebook Data Security Terms.”
‍

The use of cookies or comparable technologies is based on your consent under Section 25 (1) sentence 1 of the German TTDSG in conjunction with Article 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent under Article 6 (1) (a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
‍

Further information about the collection and use of data by Facebook, your rights regarding this data, and options for protecting your privacy can be found by searching for “Facebook Privacy Policy.” The deactivation of the “Facebook Custom Audiences” feature is possible for logged-in users through the relevant Facebook settings and your browser’s privacy settings.

‍

‍

‍15. Google tag manager

‍

Type and scope of processing

‍

‍We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through a user interface and allows us to control the precise integration of services on our website.
‍

This enables us to flexibly integrate additional services to analyze user access to our website.

‍

Purpose and legal basis

‍

‍The use of Google Tag Manager is based on our legitimate interests, namely the interest in optimizing our services in accordance with Article 6 (1) (f) GDPR.

‍

Data retention period

‍

The exact retention period of the processed data is not controlled by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager, which can be accessed by searching for “Google Tag Manager Privacy Policy.”

‍

‍

‍16. Hubspot

‍

‍We use the services of HubSpot. HubSpot is a provider from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).
‍

HubSpot is digital marketing software that allows us to send emails and manage other aspects of our online marketing. In this context, the following personal data may be collected: email address, first and last name of platform users, and information about who receives which emails and when, as well as interactions with links in these emails.
‍

The data is deleted when users remove themselves from the platform. Data processing is based on consent in accordance with Article 6 (1) (a) GDPR. Transfers to a third country are based on Article 49 (1) (a) GDPR.
‍
17. Hotjar

Our website also uses Hotjar, an analytics tool provided by Hotjar Ltd. (Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe). Hotjar helps us understand user behavior on our website by collecting and analyzing anonymized usage data, including mouse movements, clicks, scrolling behavior, and interactions with page content.
‍

Hotjar stores this information in a pseudonymized form, keeping the user’s identity anonymous. The data collected by Hotjar is typically stored on servers in the EU and is used solely for internal purposes. This information enables us to continuously improve the usability and functionality of our website by addressing user feedback and identifying bottlenecks in the user experience.

‍

‍

‍18. PostHog

Our website uses PostHog, an analytics tool provided by PostHog Inc. (965 Mission Street, San Francisco, CA 94103, USA). PostHog helps us better understand user behavior on our website by collecting and analyzing anonymized usage data. This includes, for example, mouse movements, clicks, scrolling behavior, and interactions with page content.

PostHog stores this information in a pseudonymized form, keeping the user’s identity anonymous. The data collected by PostHog is typically processed on servers in the EU or other regions, depending on the configuration of our application. We use PostHog solely for internal analytics purposes to continuously improve the usability and functionality of our website.

Data processing is based on your consent in accordance with Article 6 (1) (a) GDPR. You can withdraw your consent at any time by disabling the PostHog tracking function in the cookie settings.

‍