info.link logo
Privacy

Privacy Policy

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as 'data') we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as 'online offering'). The terms used are not gender-specific.

Table of Contents

Controller

House of Change GmbH
Contor Center, KatharinenstraĂźe 30a
20457 Hamburg
Germany

Email Address:

info@houseofchange.net

Imprint

Relevant Legal Bases

Relevant Legal Bases under the GDPR: Below, you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a Contract and Pre-Contractual Inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation (Art. 6(1)(c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Application Process as a Pre-Contractual or Contractual Relationship (Art. 6(1)(b) GDPR) - To the extent that special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data, such as severely disabled status or ethnic origin) are requested from applicants during the application process so that the controller or the data subject can exercise rights arising from labor law and social security and social protection law and fulfill their related obligations, their processing is carried out in accordance with Art. 9(2)(b) GDPR, in the case of protecting vital interests of applicants or other persons pursuant to Art. 9(2)(c) GDPR, or for purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, for medical diagnosis, care, or treatment in the health or social sector, or for the management of systems and services in the health or social sector pursuant to Art. 9(2)(h) GDPR. In the case of voluntary consent-based disclosure of special categories of data, their processing is based on Art. 9(2)(a) GDPR.
  • Processing of Special Categories of Personal Data Relating to Healthcare, Employment, and Social Security (Art. 9(2)(h) GDPR).
  • Consent to Processing of Special Categories of Personal Data (Art. 9(2)(a) GDPR).
  • Processing of Special Categories of Personal Data to Protect Vital Interests (Art. 9(2)(c) GDPR).

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Act on Protection Against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains specific provisions, particularly regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Relevant Legal Bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (referred to as the 'Swiss DPA'). This also applies if our processing of your data otherwise affects you in Switzerland and you are impacted by the processing. Unlike the GDPR, for example, the Swiss DPA does not generally require that a legal basis for processing personal data be specified. We only process personal data if the processing is lawful, conducted in good faith, and proportionate (Art. 6(1) and (2) of the Swiss DPA). Furthermore, we only collect personal data for specific purposes recognizable to the data subject and process it only in a manner compatible with those purposes (Art. 6(3) of the Swiss DPA).

Note on the Applicability of GDPR and Swiss DPA: These privacy notices serve to provide information under both the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, please note that, due to broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms 'processing' of 'personal data,' 'overriding interest,' and 'particularly sensitive personal data' used in the Swiss DPA, the terms 'processing' of 'personal data,' 'legitimate interest,' and 'special categories of data' from the GDPR are used. However, the legal meaning of the terms continues to be determined by the Swiss DPA within the scope of its applicability.

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Applicant data.

Categories of Data Subjects

  • Customers.
  • Employees.
  • Prospects.
  • Communication partners.
  • Users.
  • Applicants.
  • Business and contractual partners.
  • Depicted persons.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact requests and communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Office and organizational procedures.
  • Management and response to inquiries.
  • Application process.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Assessment of creditworthiness and credit rating.
  • Information technology infrastructure.

Automated Individual Decision-Making

  • Credit report.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and processes in accordance with the principle of data protection by design and by default.

TLS Encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address bar.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT functions or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only occur if the data protection level is otherwise ensured, in particular through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49(1) GDPR). Furthermore, we will inform you of the basis for third-country transfers with the respective providers from the third country, with adequacy decisions taking precedence. Information on third-country transfers and existing adequacy decisions can be obtained from the EU Commission’s information offering: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called 'Data Privacy Framework' (DPF), the EU Commission has also recognized the data protection level for certain companies in the USA as secure under the adequacy decision of July 10, 2023. The list of certified companies and further information about the DPF can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). We will inform you within the privacy notices about which service providers we use that are certified under the Data Privacy Framework.

Disclosure of Personal Data Abroad: In accordance with the Swiss Data Protection Act (DPA), we only disclose personal data abroad if an adequate level of protection for the affected persons is ensured (Art. 16 Swiss DPA). If the Federal Council has not determined an adequate level of protection (list: https://www.bj.admin.ch/bj/en/home/state/data-protection/international-recognition-of-states.html), we implement alternative security measures. These may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC), or company-specific data protection regulations pre-approved by the FDPIC or a competent data protection authority in another country.

Under Art. 16 of the Swiss DPA, exceptions for the disclosure of data abroad may be permitted if certain conditions are met, including the consent of the data subject, contract execution, public interest, protection of life or physical integrity, data made public, or data from a register provided by law. Such disclosures are always made in compliance with legal requirements.

Deletion of Data

The data we process will be deleted in accordance with legal requirements as soon as the consents permitting processing are revoked or other permissions lapse (e.g., if the purpose of processing this data no longer applies or it is not necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person. Within our privacy notices, we may provide users with additional information about the deletion and retention of data specific to the respective processing activities.

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Access: You have the right to request confirmation as to whether data concerning you is being processed and to access this data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request that data concerning you be erased without undue delay or, alternatively, to request a restriction of the processing of the data in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Rights of Data Subjects under the Swiss DPA:

As a data subject, you have the following rights under the provisions of the Swiss DPA:

  • Right to Access: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to exercise your rights under this Act and ensure transparent data processing.
  • Right to Data Release or Transfer: You have the right to request the release of your personal data, which you have provided to us, in a commonly used electronic format.
  • Right to Rectification: You have the right to request the correction of inaccurate personal data concerning you.
  • Right to Object, Erasure, and Destruction: You have the right to object to the processing of your data and to request that personal data concerning you be erased or destroyed.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, they can store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or functions used in an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings and creating analyses of visitor flows.

Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except where this is not legally required. Consent is not necessary, in particular, if the storage and retrieval of information, including cookies, are strictly necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. Essential cookies typically include cookies with functions related to the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to providing the main and ancillary functions of the online offering requested by users. The revocable consent is clearly communicated to users and includes information about the respective use of cookies.

Notes on Data Protection Legal Bases: The data protection legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation of our online offering and improving its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which we process cookies throughout this privacy policy or as part of our consent and processing procedures.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. Likewise, data collected using cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Notes on Revocation and Objection (so-called 'Opt-Out'): Users can revoke their consent at any time and object to processing in accordance with legal requirements. Users can, among other things, restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Processing of Cookie Data Based on Consent: We use a cookie consent management procedure in which users’ consents to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove consent in accordance with legal obligations. Storage can occur server-side and/or in a cookie (so-called opt-in cookie or using comparable technologies) to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following applies: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details of the scope of consent (e.g., which categories of cookies and/or service providers), and the browser, system, and end device used; Legal Bases: Consent (Art. 6(1)(a) GDPR).

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as 'contractual partners'), in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the case of warranty and other performance issues. Additionally, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations and company organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management as well as security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within this privacy policy.

We inform contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, by special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons. The statutory retention period for tax-relevant documents as well as commercial books, inventories, opening balances, annual financial statements, the work instructions required to understand these documents, and other organizational documents and accounting records is ten years, and for received commercial and business letters and reproductions of sent commercial and business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance, annual financial statement, or management report was prepared, the commercial or business letter was received or sent, or the accounting record was created, and the record was made or the other documents were created.

To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers; Prospects. Business and contractual partners.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact requests and communication; Office and organizational procedures. Management and response to inquiries.
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Customer Account: Customers can create an account within our online offering (e.g., customer or user account, referred to as 'customer account'). If the registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we store the IP addresses of the customers along with the access times to verify registration and prevent any misuse of the customer account. If the customer account is terminated, the data of the customer account will be deleted after the termination date, unless it is retained for purposes other than provision in the customer account or must be retained for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the responsibility of customers to secure their data upon termination of the customer account; Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Consulting: We process the data of our clients, principals, prospects, and other contracting parties or contractual partners (uniformly referred to as 'clients') to provide them with our consulting services. The data processed, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship.

    If it is necessary for our performance of the contract, to protect vital interests, or required by law, or if the client’s consent is obtained, we disclose or transfer the client’s data to third parties or agents, such as authorities, subcontractors, or in the field of IT, office, or similar services, in compliance with professional regulations;
    Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Provision of Software and Platform Services: We process the data of our users, registered users, and any test users (hereinafter uniformly referred to as 'users') to provide them with our contractual services and based on legitimate interests to ensure the security of our offering and to further develop it. The required information is identified as such in the context of concluding an order, purchase, or comparable contract and includes the information necessary for service provision and billing as well as contact information to enable any consultations; Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Providers and Services Used in the Course of Business Activities

In the course of our business activities, we use additional services, platforms, interfaces, or plugins from third-party providers (referred to as 'services') in compliance with legal requirements. Their use is based on our interests in the proper, lawful, and efficient management of our business operations and internal organization.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Further Information on Processing Procedures, Methods, and Services:

Provision of the Online Offering and Web Hosting

We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services). Business and contractual partners.
  • Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Provision of Online Offering on Rented Storage Space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as 'web hoster'); Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called 'server log files.' Server log files may include the address and name of the accessed websites and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure server utilization and stability; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Data Deletion: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
  • Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as additional information regarding the email dispatch (e.g., the involved providers) and the contents of the respective emails, are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that emails on the internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Content Delivery Network: We use a 'Content Delivery Network' (CDN). A CDN is a service that helps deliver content from an online offering, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the internet; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Amazon Web Services (AWS): Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://aws.amazon.com/de/; Privacy Policy: https://aws.amazon.com/de/privacy/; Data Processing Agreement: https://aws.amazon.com/de/compliance/gdpr-center/. Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://aws.amazon.com/service-terms/).
  • United Domains: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: united-domains AG, Gautinger StraĂźe 10, 82319 Starnberg, Germany; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.united-domains.de; Privacy Policy: https://www.united-domains.de/unternehmen/datenschutz/. Data Processing Agreement: https://www.united-domains.de/help/faq-article/wie-erhalte-ich-den-auftragsverarbeitungs-vertrag-avv-nach-dsgvo.

Special Notes on Applications (Apps)

We process the data of the users of our application to the extent necessary to provide the users with the application and its functionalities, monitor its security, and further develop it. We may also contact users in compliance with legal requirements if the communication is necessary for administrative or usage purposes of the application. Otherwise, we refer to the data processing information in this privacy policy regarding the processing of users’ data.

Legal Bases: The processing of data necessary for providing the application’s functionalities serves the performance of contractual obligations. This also applies if the provision of the functions requires user authorization (e.g., permissions for device functions). If the processing of data is not necessary for providing the application’s functionalities but serves the security of the application or our business interests (e.g., collecting data for optimization or security purposes), it is based on our legitimate interests. If users are explicitly asked for consent to process their data, the processing of the data covered by the consent is based on that consent.

  • Processed Data Types: Inventory data (e.g., names, addresses); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Payment data (e.g., bank details, invoices, payment history). Contract data (e.g., subject matter of the contract, term, customer category).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Commercial Use: We process the data of the users of our application, registered users, and any test users (hereinafter uniformly referred to as 'users') to provide them with our contractual services and based on legitimate interests to ensure the security of our application and to further develop it. The required information is identified as such in the context of concluding a usage, order, purchase, or comparable contract and may include the information necessary for service provision and any billing as well as contact information to enable consultations; Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter 'publication medium'). Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within this privacy policy.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures. Management and response to inquiries.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Comments and Posts: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In such cases, we may be held liable for the comment or post and are therefore interested in the identity of the author.

    Furthermore, we reserve the right, based on our legitimate interests, to process users’ information for the purpose of spam detection.

    On the same legal basis, in the case of surveys, we reserve the right to store users’ IP addresses for their duration and use cookies to prevent multiple voting.

    The personal information provided in the context of comments and posts, any contact and website information, as well as the content details, will be permanently stored by us until the user objects;
    Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within existing user and business relationships, the details of the inquiring persons are processed to the extent necessary to respond to the contact inquiries and any requested actions.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact requests and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • HubSpot: Customer management as well as process and sales support with personalized customer care via multi-channel communication, i.e., management of customer inquiries from various channels, and with analysis and feedback functions; Service Provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa. Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa).

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as 'conference platforms') for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as 'conference'). When selecting conference platforms and their services, we comply with legal requirements.

Data Processed by Conference Platforms: In the course of participating in a conference, the conference platforms process the personal data of participants listed below. The scope of processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g., provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants’ data may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal details (first name, last name), contact information (email address, phone number), access data (access codes or passwords), profile pictures, information about professional position/function, the IP address of the internet access, information about the participants’ devices, their operating system, the browser and its technical and language settings, information about the content of communication processes, i.e., entries in chats as well as audio and video data, and the use of other available functions (e.g., surveys). The contents of communications are encrypted to the extent technically provided by the conference providers. If participants are registered as users with the conference platforms, additional data may be processed in accordance with the agreement with the respective conference provider.

Logging and Recordings: If text entries, participation results (e.g., from surveys), or video or audio recordings are logged, this will be transparently communicated to participants in advance and, where necessary, their consent will be requested.

Data Protection Measures for Participants: Please refer to the privacy notices of the conference platforms for details on the processing of your data by them and select the optimal security and data protection settings within the settings of the conference platforms. Furthermore, during a video conference, ensure data and privacy protection in the background of your recording (e.g., by notifying roommates, locking doors, and using the background blur function where technically possible). Links to conference rooms and access data must not be shared with unauthorized third parties.

Notes on Legal Bases: If, in addition to the conference platforms, we also process users’ data and ask users for their consent to use the conference platforms or certain functions (e.g., consent to recording conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing conversation outcomes, etc.). Otherwise, users’ data is processed based on our legitimate interests in efficient and secure communication with our communication partners.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Communication partners; Users (e.g., website visitors, users of online services). Depicted persons.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Contact requests and communication. Office and organizational procedures.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Application Process

The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required is specified in the job description or, in the case of online forms, in the details provided there.

In general, the required information includes personal details such as name, address, a contact option, and evidence of the qualifications required for a position. Upon request, we will gladly provide additional information about which details are needed.

If provided, applicants can submit their applications to us using an online form. The data is transmitted to us encrypted according to the state of the art. Applicants can also send us their applications via email. However, please note that emails are generally not sent encrypted on the internet. As a rule, emails are encrypted during transport, but not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server.

For the purposes of applicant search, submission of applications, and selection of applicants, we may use applicant management or recruitment software and platforms and services from third-party providers in compliance with legal requirements.

Applicants are welcome to contact us regarding the method of application submission or send us the application by mail.

Processing of Special Categories of Data: To the extent that special categories of personal data (Art. 9(1) GDPR, e.g., health data such as severely disabled status or ethnic origin) are requested from applicants during the application process, their processing is carried out so that the controller or the data subject can exercise rights arising from labor law and social security and social protection law and fulfill their related obligations, in the case of protecting vital interests of applicants or other persons, or for purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, for medical diagnosis, care, or treatment in the health or social sector, or for the management of systems and services in the health or social sector.

Data Deletion: The data provided by applicants may be further processed by us for the purposes of the employment relationship in the case of a successful application. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion occurs, subject to a justified withdrawal by the applicants, no later than after a period of six months, so that we can answer any follow-up questions about the application and comply with our obligations to provide evidence under the regulations on equal treatment of applicants. Invoices for any travel expense reimbursements are archived in accordance with tax law requirements.

Inclusion in an Applicant Pool: Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process, and that they can revoke their consent at any time for the future.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms). Applicant data (e.g., personal details, postal and contact addresses, the documents pertaining to the application and the information contained therein, such as cover letter, resume, certificates, as well as additional information about their person or qualifications provided voluntarily or in relation to a specific position by applicants).
  • Data Subjects: Applicants.
  • Purposes of Processing: Application process (establishment and possible subsequent implementation as well as possible later termination of the employment relationship).
  • Legal Bases: Application process as a pre-contractual or contractual relationship (Art. 6(1)(b) GDPR); Processing of special categories of personal data relating to healthcare, employment, and social security (Art. 9(2)(h) GDPR); Consent to processing of special categories of personal data (Art. 9(2)(a) GDPR); Processing of special categories of personal data to protect vital interests (Art. 9(2)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Cloud Services

We use software services accessible via the internet and executed on the servers of their providers (so-called 'cloud services,' also referred to as 'Software as a Service') for storing and managing content (e.g., document storage and management, exchange of documents, content, and information with specific recipients, or publication of content and information).

Within this framework, personal data may be processed and stored on the providers’ servers to the extent that it forms part of communication processes with us or is otherwise processed by us as outlined in this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes, and their contents. The providers of cloud services also process usage data and metadata, which they use for security purposes and service optimization.

If we use cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on users’ devices for web analytics purposes or to remember users’ settings (e.g., in the case of media control).

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers; Employees (e.g., staff, applicants, former employees); Prospects. Communication partners.
  • Purposes of Processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)).
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter 'newsletters') only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described during the registration process, they are decisive for the users’ consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or additional information if required for the purposes of the newsletter.

Double-Opt-In Procedure: Registration for our newsletter generally takes place in a so-called double-opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s email address. Subscriptions to the newsletter are logged to demonstrate the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove prior consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided the prior existence of consent is confirmed simultaneously. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration procedure is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider with sending emails, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents:

Information about us, our services and platforms, knowledge about Green Claims.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Usage data (e.g., visited websites, interest in content, access times).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., by email or post).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).
  • Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or can otherwise use one of the contact options provided above, preferably email, for this purpose.

Further Information on Processing Procedures, Methods, and Services:

  • Measurement of Opening and Click Rates: The newsletters contain a so-called 'web beacon,' i.e., a pixel-sized file that is retrieved from our server or, if we use a dispatch service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as details about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

    This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users.

    The measurement of opening rates and click rates as well as the storage of the measurement results in the users’ profiles and their further processing are based on the users’ consent.

    A separate revocation of the performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted;
    Legal Bases: Consent (Art. 6(1)(a) GDPR).
  • HubSpot: Email dispatch and automation services; Service Provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa. Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa).

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as 'reach measurement') is used to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content are most frequently used or invite reuse. Likewise, we can understand which areas require optimization.

In addition to web analytics, we may also use testing procedures, e.g., to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data aggregated for a usage process, may be created for these purposes, and information may be stored in a browser or end device and read from it. The information collected includes, in particular, visited websites and elements used there, as well as technical details such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) is stored in the context of web analytics, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors). Profiles with user-related information (creation of user profiles).
  • Security Measures: IP masking (pseudonymization of the IP address).

Further Information on Processing Procedures, Methods, and Services:

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as 'third-party providers'). These may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as 'content').

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the presentation of this content or functions. We strive to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as 'web beacons') for statistical or marketing purposes. The 'pixel tags' can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering, and may also be linked to such information from other sources.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers). Content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Google Fonts (Obtained from Google Server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free, and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user’s IP address so that the fonts can be provided in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA - When visiting our online offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and subsequently the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referral URL (i.e., the webpage where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referral URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must adapt the font generated for the respective browser type. The user agent is primarily logged for debugging purposes and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the 'Analytics' page of Google Fonts. Finally, the referral URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations based on the number of font requests can be generated. According to its own statements, Google does not use any of the information collected by Google Fonts to create profiles of end users or to serve targeted advertisements; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=en.
  • YouTube Videos: Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF). Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated.

Management, Organization, and Tools

We use services, platforms, and software from other providers (hereinafter referred to as 'third-party providers') for the purposes of organization, administration, planning, and the provision of our services. When selecting third-party providers and their services, we comply with legal requirements.

Within this context, personal data may be processed and stored on the servers of third-party providers. This may involve various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes, and their contents.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to review the privacy notices of the respective third-party providers.

  • Processed Data Types: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Contact data (e.g., email, phone numbers).
  • Data Subjects: Communication partners. Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures; Reach measurement (e.g., access statistics, recognition of returning visitors). Profiles with user-related information (creation of user profiles).
  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Changes and Updates to the Privacy Policy

We ask you to regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to the data processing activities we perform make it necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to verify the information before contacting them.

Definition of Terms

This section provides an overview of the terms used in this privacy policy. Where the terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

  • Credit Report: Automated decisions are based on automatic data processing without human intervention (e.g., in the case of an automatic rejection of a purchase on account, an online credit application, or an online application process without any human involvement). Such automated decisions are permissible under Art. 22 GDPR only if data subjects consent, if they are necessary for the performance of a contract, or if national laws allow these decisions.
  • Personal Data: 'Personal data' means any information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of 'profiles with user-related information,' or simply 'profiles,' includes any form of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.) (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
  • Reach Measurement: Reach measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, recognize at what times visitors access their website and which content they are interested in. This allows them to better tailor the website’s content to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes to recognize returning visitors and thus obtain more precise analyses of the use of an online offering.
  • Controller: 'Controller' means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: 'Processing' means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data, including collection, evaluation, storage, transmission, or deletion.

Interested?

After over 100 webinars, articles, and studies, we are the leading experts in the Digital Label: EU regulations like Green Claims, 2D Migration, Digital Product Passport, and more. Book your free consultation and demo of info.link now.

Book a Free Demo
Digital Label Preview
Digital Label Preview
Digital Label Preview