Overview of Data Processing
The following overview summarizes the types of processed data, the purposes of their processing, and refers to the affected individuals.
Types of Processed Data:
1. Master Data.
2. Payment Data.
3. Contact Data.
4. Content Data.
5. Contract Data.
6. Usage Data.
7. Meta-/Communication Data.
8. Applicant Data.
9. Contact Information (Facebook).
10. Event Data (Facebook).
Categories of Affected Individuals:
1. Customers.
2. Prospects.
3. Communication Partners.
4. Users.
5. Applicants.
6. Business and Contract Partners.
Purposes of Processing:
1. Provision of contractual services and customer service.
2. Contact inquiries and communication.
3. Security measures.
4. Direct marketing.
5. Reach measurement.
6. Office and organizational procedures.
7. Remarketing.
8. Conversion measurement.
9. Click tracking.
10. Audience targeting.
11. A/B tests.
12. Management and response to inquiries.
13. Feedback.
14. Heatmaps.
15. Surveys and questionnaires.
16. Marketing.
17. User profile creation.
18. Target audience formation.
19. Provision of our online services and user-friendliness.
Significant Legal Bases:
1. Consent (Art. 6(1)(a) GDPR).
2. Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
3. Legal obligation (Art. 6(1)(c) GDPR).
4. Legitimate interests (Art. 6(1)(f) GDPR).
Security Measures:
We implement appropriate technical and organizational measures to ensure an adequate level of protection for data.
Transmission of Personal Data:
We may transmit personal data to other entities within our organization or to third parties in accordance with legal requirements.
Data Processing in Third Countries:
Any data processing in third countries complies with legal requirements and standards.
Data Deletion:
Data is deleted according to legal requirements or when no longer necessary for processing purposes.
Use of Cookies:
We use cookies in compliance with legal regulations and obtain prior consent from users unless exempted by law.
Cookie Settings/Opt-Out:
Users can revoke consent and object to processing as per legal requirements.
Additional Information:
Further details on processing procedures, methods, and services are available upon request.
Please note that this translation is provided for convenience, and the original German text remains legally binding.
Business Services
We process data of our contractual and business partners, such as customers and prospects (collectively referred to as „contractual partners“), within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractually), for example, to respond to inquiries.
We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies for warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as corporate organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management as well as security measures to protect our contractual partners and our business operations from misuse, jeopardization of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the scope of applicable law, we only disclose data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further processing, e.g., for marketing purposes, within the scope of this privacy policy.
We inform contractual partners which data is required for the aforementioned purposes before or within the scope of data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks), or personally.
We delete the data after the expiration of statutory warranty and comparable obligations, i.e., in principle after the expiration of 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes usually 10 years). Data disclosed to us within the scope of an order by the contractual partner will be deleted in accordance with the requirements of the order, generally after the end of the order.
If we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.
Shop and E-Commerce
We process the data of our customers to enable them to select, purchase, or order the selected products, goods, and related services, as well as their payment and delivery, or execution. If necessary for the execution of an order, we use service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required details are marked as such within the framework of the ordering or comparable acquisition process and include the information required for delivery, provision, and billing as well as contact information to be able to make inquiries if necessary.
Agency Services
We process the data of our customers within the scope of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services.
Consulting
We process the data of our clients, clients, as well as prospects and other clients or contractual partners (collectively referred to as „clients“) in order to be able to provide them with our consulting services. The processed data, the type, scope, purpose, and necessity of their processing, are determined by the underlying contractual and client relationship.
If necessary for our performance, to protect vital interests, or legally required, or if there is consent from the clients, we disclose or transmit the data of the clients while observing professional regulations to third parties or agents, such as authorities, subcontractors, or in the IT, office, or comparable services sector.
Project and Development Services
We process the data of our customers and clients (hereinafter uniformly referred to as „customers“) in order to enable them to select, purchase, or commission the selected services or works as well as related activities as well as their payment and provision or execution.
The required details are marked as such within the framework of the order, purchase, or comparable conclusion of a contract and include the information required for the provision of services and invoicing as well as contact information to be able to make inquiries if necessary. As far as we have access to information from end customers, employees, or other persons, we process this information in accordance with legal and contractual requirements.
Recruiting Services
We process the data of applicants and the personal data of potential employers or their employees as part of our services, which include, in particular, the search for potential job candidates, contacting them, and placing them.
We process the information provided by the job candidates and contact details for the purpose of establishing, carrying out, and possibly terminating a contract for job placement. In addition, we may, in accordance with legal requirements, ask interested parties at a later date about the success of our placement service.
We process the data of job candidates as well as employers to fulfill our contractual obligations in order to process the requests for the placement of positions to the satisfaction of the parties involved.
We may log the placement processes in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with legal accountability obligations (Art. 5 para. 2 GDPR). This data is stored for a period of three to four years if we need to prove the original request (e.g., to demonstrate the authorization to contact the job candidates).
Business Consulting
We process the data of our customers, clients, as well as prospects and other clients or contractual partners (collectively referred to as „customers“) in order to be able to provide them with our contractual or pre-contractual services, especially consulting services. The processed data, the type, scope, purpose, and necessity of their processing, are determined by the underlying contractual and business relationship.
If necessary for our performance or legally required, or if there is consent from the customers, we disclose or transmit the data of the customers while observing professional regulations to third parties or agents, such as authorities, courts, or in the IT, office, or comparable services sector.
Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Applicant data (e.g., personal information, postal and contact addresses, documents belonging to the application and the information contained therein, such as cover letters, resumes, certificates, as well as further information voluntarily provided by applicants regarding their person or qualification).
Affected persons: Customers; Prospects; Business and contractual partners; Applicants.
Purposes of processing: Provision of contractual services and customer service; Security measures; Contact inquiries and communication; Office and organizational procedures; Administration and response to inquiries.
Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR); Legal obligation (Art. 6 para. 1 p. 1 lit. c GDPR).
Management, Organization, and Tools
We utilize services, platforms, and software provided by third-party providers (hereinafter referred to as „third-party providers“) for the purposes of organization, administration, planning, and provision of our services. When selecting third-party providers and their services, we comply with legal requirements.
Within this framework, personal data may be processed and stored on the servers of third-party providers. Various data may be affected by this, which we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes, and their contents.
If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. Therefore, we kindly ask you to review the privacy policies of the respective third-party providers.
Legal basis information: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Furthermore, their use may be part of our (pre) contractual services if the use of third-party providers has been agreed within this framework. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.
Types of processed data: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Master data (e.g., names, addresses); Contact data (e.g., email, telephone numbers).
Affected individuals: Communication partners; Users (e.g., website visitors, users of online services).
Purposes of processing: Contact inquiries and communication.
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR); Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Further information on processing procedures, procedures, and services:
Trello: Project management tool; Service provider: Trello Inc., 55 Broadway New York, NY 10006, USA, Parent company: Atlassian Inc. (San Francisco, Harrison Street Location), 1098 Harrison Street, San Francisco, California 94103, USA; Website: https://trello.com/; Privacy policy: https://trello.com/privacy; Standard contractual clauses (ensuring level of data protection when processing in third countries): Inclusion in the data processing agreement; Further information: Data transfer impact assessment: https://www.atlassian.com/legal/data-transfer-impact-assessment.
WeTransfer: File transfer over the internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; Website: https://wetransfer.com; Privacy policy: https://wetransfer.com/legal/privacy.
Meetovo: Appointment scheduling; Service provider: Lukas & Christof Bludau GbR Kasernenstraße 12 21073 Hamburg +49 40 898 077 29 service@meetovo.de; Website: https://www.meetovo.de/impressum; Privacy policy: https://www.meetovo.de/datenschutz.
Modification and updating of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that the addresses may change over time and ask you to check the information before contacting us.
Rights of data subjects
As data subjects, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw consent at any time.
Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and further information and a copy of the data according to legal requirements.
Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with legal requirements.
Right to erasure and restriction of processing: You have the right, subject to legal requirements, to request the erasure of data concerning you without delay or, alternatively, to request the restriction of processing of the data.
Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Supervisory authority responsible for us:
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Postal address:
PO Box 1349, 91504 Ansbach
Definitions
In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Art. 4 GDPR. The legal definitions are binding. The following explanations are intended primarily to aid understanding. The terms are sorted alphabetically.
A/B tests: A/B tests are used to improve the user-friendliness and performance of online offerings. For example, users are shown different versions of a website or its elements, such as input forms, on which the placement of content or the labels of navigation elements may differ. Subsequently, based on user behavior, such as longer stays on the website or more frequent interaction with the elements, it can be determined which of these websites or elements better meet the needs of users.
Heatmaps: „Heatmaps“ are mouse movements of users, which are summarized to create an overall picture, with the help of which, for example, it can be recognized which website elements are preferred and which website elements users prefer less.
Click tracking: Click tracking allows tracking the movements of users within an entire online offering. Since the results of these tests are more accurate when user interaction can be tracked over a certain period (e.g., so that we can determine
