Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as „data“) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as „online offering“).

The terms used are not gender-specific.

As of: January 8, 2025

Legal text from Dr. Schwenke - please click for more information.

Table of Contents

Responsible person

Rainbow-Day LLC
Adelheid Street 37
65185 Wiesbaden

Authorized Representatives: Sebastian Krug

Email Address: info@rainbow-day.de

Phone: 49 (0)611 – 5806 – 7625

Legal Notice: https://rainbow-career.de/impressum/

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, referring to the persons concerned.

Types of processed data

  • File data.
  • Employment data.
  • Payment details.
  • Contact information.
  • Content data.
  • Contract data.
  • Usage Data.
  • Meta-, communication, and process data.
  • Applicant Data.
  • Log data.

Categories of affected persons

  • Beneficiaries and clients.
  • Employees.
  • Interested parties.
  • Communication partner.
  • User.
  • Applicant.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Safety measures.
  • Office and organizational procedures.
  • Organizational and administrative procedures.
  • Application process.
  • Feedback.
  • Provision of our online services and user-friendliness.
  • Information Technology Infrastructure.
  • Business processes and business procedures.

Applicable legal bases

Key Legal Bases under the GDPR: The following provides an overview of the GDPR legal bases on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection provisions may apply in your or our country of residence or registered office. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Article 6(1)(c) GDPR) The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Application procedure as a pre-contractual or contractual relationship (Art. 6 Para. 1 Sentence 1 Letter b) GDPR) – To the extent that special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g., health data, such as severe disability status or ethnic origin) are requested from applicants within the scope of the application process, so that the controller or the data subject can exercise the rights arising for him or her from labor law and the law on social security and social protection and comply with his or her obligations in this regard, their processing takes place according to Art. 9 (2) lit. b. GDPR, in the case of protection of vital interests of the applicant or another person pursuant to Art. 9 (2) lit. c. GDPR, or for purposes of occupational medicine, for the assessment of the working capacity of the employee, for medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector pursuant to Art. 9 (2) lit. h. GDPR. In the case of disclosure of special categories of data based on voluntary consent, their processing takes place on the basis of Art. 9 (2) lit. a. GDPR.

National Data Protection Regulations in Germany: In addition to the GDPR's data protection regulations, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which governs the protection against misuse of personal data in data processing. The BDSG contains specific provisions, in particular, concerning the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer, as well as automated individual decision-making, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Safety measures

We implement appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons to ensure a level of security commensurate with the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation related to it. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data security incidents. We also consider the protection of personal data from the outset during the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technical design, and through data protection-friendly default settings.

Securing Online Connections with TLS/SSL Encryption Technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we utilize TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information exchanged between the website or app and the user's browser (or between two servers), thereby safeguarding data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of personal data

As part of our processing of personal data, it may be transmitted or disclosed to other parties, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if data processing occurs in connection with the use of services from third parties, or if data is disclosed or transferred to other persons, bodies, or companies, this will only be done in compliance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this will serve as the basis for data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfer (Art. 49(1) GDPR). Furthermore, we will inform you of the basis for third-country transfers for each provider from a third country, with adequacy decisions taking precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. Within the framework of the so-called „Data Privacy Framework“ (DPF), the EU Commission has also recognized the data protection level as safe for certain companies from the USA as part of the adequacy decision of July 10, 2023. The list of certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English) may be extracted. Within the scope of our data privacy notices, we will inform you which service providers used by us are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are withdrawn or there are no further legal grounds for processing. This applies to cases where the original purpose of processing ceases to exist or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy policy contains additional information on data retention and deletion that applies specifically to certain processing activities.

If there are multiple specifications for the retention period or deletion deadlines for data, the longest period shall always apply.

If a deadline does not explicitly begin on a specific date and has a duration of at least one year, it automatically commences at the end of the calendar year in which the event triggering the deadline occurred. In the case of ongoing contractual relationships involving data storage, the event triggering the deadline is the date on which the termination or other dissolution of the legal relationship becomes effective.

We process data that is no longer needed for its original purpose but is retained due to legal requirements or other reasons, solely for the purposes that justify its retention.

Further information on processing methods, procedures, and services:

  • Data storage and deletion: The following general deadlines apply to retention and archiving under German law:
    • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the operating instructions and other organizational documents required for their understanding (§ 147 (1) No. 1 in conjunction with (3) AO, § 14b (1) UStG, § 257 (1) No. 1 in conjunction with (4) HGB).
    • 8 years – booking documents, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
    • 6 years – Other business records: received commercial or business letters, reproductions of outgoing commercial or business letters, other records that are relevant for taxation, e.g., hourly wage slips, operating statements, calculation documents, price tags, as well as payroll records that are not already booking documents, and cash register tapes (§ 147 Abs. 1 Nr. 2, 3, 5 in conjunction with Abs. 3 AO, § 257 Abs. 1 Nr. 2 and 3 in conjunction with Abs. 4 HGB).
    • 3 years - Data required to consider potential warranty and damages claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of the data subjects

Data Subject Rights under the GDPR: As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw your consent at any time.
  • Right to information You have the right to request confirmation as to whether personal data concerning you is being processed, and to access that data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request the immediate deletion of data concerning you, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
  • Right to data portability You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common, and machine-readable format, or to request its transfer to another controller, in accordance with the legal requirements.
  • Complaint to regulatory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as „contractual partners“), within the scope of contractual and comparable legal relationships as well as associated measures and in the context of communication with contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed-upon services, any update obligations, and remedies for warranty claims and other performance disruptions. Furthermore, we use the data to protect our rights and for the purposes of associated administrative tasks and business organization. We also process the data based on our legitimate interests in both proper and business management, as well as security measures to protect our contractual partners and our business operations from misuse, jeopardizing their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the scope of applicable law, we will only disclose contractual partners' data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, such as for marketing purposes, within this privacy policy.

We inform our contractual partners before or during data collection, for example, in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or in person about which data is required for the aforementioned purposes.

We delete the data after the expiration of statutory warranty and comparable obligations, meaning generally after four years, unless the data are stored in a customer account, for example, for as long as they must be retained for legal archiving purposes (e.g., for tax purposes, generally ten years). Data disclosed to us by the contractual partner in the course of an order will be deleted according to the specifications and generally after the end of the order.

  • Processed data types File data (e.g., full name, home address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., postal and email addresses or phone numbers); Contract data (e.g., subject of contract, term, customer category); Applicant data (e.g., personal details, postal and contact addresses, documents belonging to the application and the information contained therein, such as cover letter, CV, certificates, as well as further information about the person or qualifications provided voluntarily by applicants with regard to a specific position). Employee data (information about employees and other persons in an employment relationship).
  • Affected persons Beneficiaries and clients; interested parties; business and contractual partners; applicants. Employees (e.g., employees, applicants, temporary workers, and other staff).
  • Purpose of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures; Organizational and administrative procedures. Business processes and business management procedures.
  • Storage and deletion: Deletion according to the information in the „General information on data storage and deletion“ section.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing methods, procedures, and services:

  • Personnel Services We process the data of our clients and candidates (collectively referred to as „clients“) to provide personnel services, including recruitment, personnel development, and payroll. The required information is marked as such when placing an order and includes the information needed for service provision and billing, as well as contact information for any necessary consultations. To the extent that we gain access to information from end clients, employees, or other individuals, we process this information in accordance with legal and contractual requirements. Processes required as part of personnel services include the recruitment of specialists, the development of training and further education measures, the administration of personnel files and payroll, as well as the provision of HR consulting and support. Furthermore, they include the execution of application processes and interviews, the coordination of requirements between clients and candidates, the selection of suitable candidates for open positions, and the monitoring of working hours and performance records.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
  • Recruiting Services As part of our services, which specifically include searching for potential job candidates, contacting them, and placing them, we process the data of job candidates as well as the personal data of potential employers or their employees. We process the information and contact details provided by job candidates for the purpose of establishing, executing, and, if necessary, terminating a job placement contract. Furthermore, in accordance with legal requirements, we may later contact interested parties to inquire about the success of our placement services. We process the data of both job candidates and employers to fulfill our contractual obligations, enabling us to handle the job placement requests entrusted to us to the satisfaction of all parties involved.

    We can log the mediation processes in order to prove the existence of the contractual relationship and the consent of the interested parties in accordance with legal accountability obligations (Art. 5 para. 2 GDPR). These details will be stored for a period of three to four years in case we need to prove the original request (e.g., to demonstrate the eligibility for contacting job candidates).; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).

  • Event Management We process the data of participants in the events, activities, and similar offerings we provide or organize (hereinafter collectively referred to as „Participants“ and „Events“) to enable them to attend the events and utilize the services or promotions associated with participation. If, within this framework, we process health-related data, religious, political, or other special categories of data, this is done in the context of public disclosure (e.g., for thematically focused events) or serves health precautions, safety, or is done with the consent of the data subjects. The required information is marked as such within the scope of the order, booking, or comparable contract conclusion and includes the details necessary for service provision and billing, as well as contact information for any necessary consultations. To the extent that we gain access to information of end customers, employees, or other individuals, we process this in accordance with statutory and contractual requirements.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).

Providing online services and web hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and features of our online services to the user's browser or terminal device.

  • Processed data types Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Log data (e.g., log files relating to logins or data retrieval or access times).
  • Affected persons User (e.g., website visitor, online service user).
  • Purpose of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Security measures. Provision of contractual services and fulfillment of contractual obligations.
  • Storage and deletion: Deletion according to the information in the „General information on data storage and deletion“ section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing methods, procedures, and services:

  • Providing online offerings on rented storage space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called a „web host“); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of access data and log files: Access to our online services is logged in the form of so-called „server log files.“ Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server utilization and stability.; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Data Deletion Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is excluded from deletion until the respective incident is finally clarified.
  • 1&1 IONOS: Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacities); Service provider 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate Interests (Article 6(1)(f) GDPR); Website https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy. Order Processing Agreement https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Use of Cookies

The term „cookies“ refers to functions that store and retrieve information on users' end devices. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online services, as well as for creating analyses of visitor traffic. We use cookies in accordance with legal regulations. To do so, we obtain users' consent in advance when necessary. If consent is not required, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide explicitly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent can be revoked at any time. We clearly inform about their scope and which cookies are used.

Notes on data protection legal grounds: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Persistent Cookies Persistent cookies remain stored even after the end device is closed. For example, this allows the login status to be saved and preferred content to be displayed directly when the user visits a website again. Likewise, user data collected using cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these are permanent and can be stored for up to two years.

General Information on Revocation and Objection (Opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements, including through their browser's privacy settings.

  • Processed data types Metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected persons User (e.g., website visitor, online service user).
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Registration, Login, and User Account

Users can create a user account. As part of the registration process, users are informed of the required mandatory information and this information is processed for the purpose of providing the user account based on fulfilling contractual obligations. The processed data includes, in particular, login information (username, password, and an email address).

As part of using our registration and login features, as well as your user account, we store the IP address and the time of each user action. This data is stored based on our legitimate interests, as well as the users' interests in protection against abuse and other unauthorized use. This data is generally not shared with third parties, unless it is necessary for the pursuit of our claims or if there is a legal obligation to do so.

Users can be informed via email about events relevant to their user account, such as technical changes.

  • Processed data types File data (e.g., full name, home address, contact information, customer number, etc.); Contact details (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts, as well as information relating to them, such as authorship or creation time); Usage data (e.g., page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Log data (e.g., log files concerning logins or data retrieval or access times).
  • Affected persons User (e.g., website visitor, online service user).
  • Purpose of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures. Provision of our online services and user-friendliness.
  • Storage and deletion: Deletion according to information in the „General Information on Data Storage and Deletion“ section. Deletion after termination.
  • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing methods, procedures, and services:

  • Real name registration: Due to the nature of our community, we ask that users only use their real names when using our service. This means that the use of pseudonyms is not permitted.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).
  • Profile visibility settings Users can determine through settings to what extent their profiles are visible or accessible to the public or only to specific groups of people.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).
  • Two-factor authentication: Two-factor authentication provides an extra layer of security for your user account, ensuring that only you can access your account, even if someone else knows your password. For this purpose, you will need to perform an additional authentication measure in addition to your password (e.g., entering a code sent to a mobile device). We will inform you about the procedure we use.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).
  • Data deletion after termination: If users have terminated their user accounts, their data in relation to the user account will be deleted, subject to legal permission, obligation, or consent from the users.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).
  • No data retention obligation: It is the user's responsibility to back up their data before the end of the contract upon termination. We are entitled to irrevocably delete all user data stored during the contract term.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).
  • Authentication In the course of using the plugin, we process various personal data such as your username, email address, IP address, and if applicable, your phone number when you use SMS verification. This processing serves for user authentication, access control, ensuring website security, and improving user experience. When using two-factor authentication via SMS, your phone number is used to deliver the One-Time Password (OTP). Your data will be forwarded to miniOrange as the provider of the plugin. When using SMS verification, data will also be transmitted to the SMS service provider commissioned by miniOrange. Please note that miniOrange is based in the USA, and therefore, the processing of your data may also take place outside the EU. We have put appropriate agreements in place to ensure an adequate level of protection for your data. We store your data for the duration of your use of our website and subsequently in accordance with legal retention periods. You have the right to access, rectification, erasure, restriction of processing, data portability, and objection to the processing of your data. Furthermore, you have the right to lodge a complaint with a supervisory authority.

    The provision of your data is required for the use of our website and its associated functions. Without this data, we cannot provide you with certain services, particularly two-factor authentication.; Service provider miniOrange
    228 Park Ave S #87831
    New York, NY 10003-1502; Website https://www.miniorange.com. Privacy Policy: https://www.miniorange.com/terms-and-policies/security-practices.

Community Features

The community features we provide allow users to engage in conversations or other exchanges with each other. Please note that the use of the community features is only permitted in compliance with the applicable legal situation, our terms and conditions, policies, and the rights of other users and third parties.

  • Processed data types File data (e.g., full name, residential address, contact information, customer number, etc.). Usage data (e.g., page views and duration, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and features).
  • Affected persons User (e.g., website visitor, online service user).
  • Purpose of processing: Provision of contractual services and fulfillment of contractual obligations; security measures. Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion according to the information in the „General information on data storage and deletion“ section.
  • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing methods, procedures, and services:

  • Setting post visibility Users can determine via settings to what extent their created posts and content are visible or accessible to the public or only to specific individuals or groups.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).
  • Data Protection Users decide for themselves what data they disclose about themselves within our online service. For example, when users provide personal information or participate in conversations. We ask users to protect their data and to only publish personal data with discretion and only to the extent necessary. In particular, we ask users to note that they must protect their access credentials with great care and use secure passwords (i.e., above all, long and random combinations of characters whenever possible).; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 letter b) GDPR).

Contact and inquiry management

When you contact us (e.g., by mail, contact form, email, phone, or via social media), and in the context of existing user and business relationships, the information of the inquiring persons will be processed to the extent necessary to answer the contact requests and any requested actions.

  • Processed data types File data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts, and information pertaining to them, such as authorship or creation date); Usage data (e.g., page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
  • Affected persons Communication partner.
  • Purpose of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online service and user-friendliness.
  • Storage and deletion: Deletion according to the information in the „General information on data storage and deletion“ section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Fulfillment of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing methods, procedures, and services:

  • Contact Form When you contact us via our contact form, email, or other communication channels, we process the personal data transmitted to us to respond to and process your respective inquiry. This typically includes information such as name, contact details, and any other information you provide that is necessary for proper processing. We use this data exclusively for the stated purpose of contact and communication.; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Application process

The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the details provided there.

Basically, the required information includes personal details such as name, address, contact information, and proof of the qualifications necessary for a position. We are also happy to provide information on what details are needed upon request.

If available, applicants are welcome to submit their applications via our online form, which is encrypted using the latest technology. Alternatively, it is also possible to send applications to us by email. However, we would like to point out that emails are generally not sent encrypted over the internet. Although emails are usually encrypted during transport, this does not happen on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the security of the application during its transmission between the sender and our server.

For the purposes of candidate search, application submission, and candidate selection, we may use third-party candidate management or recruitment software and platforms, as well as services, in compliance with legal requirements.

Applicants are welcome to contact us regarding the submission method for their application or to send their application by mail.

Processing of special categories of data: To the extent that special categories of personal data (Art. 9 para. 1 GDPR, e.g., health data, such as severe disability status or ethnic origin) are requested from applicants or disclosed by them within the scope of the application process, their processing will enable the controller or the data subject to exercise rights and fulfill obligations arising from labor law and social security law, for the protection of vital interests of the applicants or other persons, or for purposes of preventive medicine or occupational medicine, for the assessment of the employee's working capacity, for medical diagnosis, for care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector.

Data Deletion The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicant's data will be deleted. The applicant's data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The data will be deleted, subject to a legitimate withdrawal by the applicants, at the latest after a period of six months, so that we can answer any follow-up questions regarding the application and fulfill our documentation obligations arising from the regulations on equal treatment of applicants. Invoices for any travel expense reimbursement will be archived in accordance with tax regulations.

Admission to a pool of applicants Admission to an applicant pool, where offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no impact on the ongoing application process, and that they may withdraw their consent at any time for the future.

  • Processed data types File data (e.g., full name, home address, contact information, customer number, etc.); Contact details (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or pictorial messages and posts, as well as information relating to them, such as authorship or creation date). Applicant data (e.g., personal details, postal and contact addresses, documents related to the application and the information contained therein, such as cover letters, resumes, certificates, as well as further information about the applicant or their qualifications provided voluntarily or in relation to a specific position).
  • Affected persons Applicant.
  • Purpose of processing: Application process (justification and any subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Storage and deletion: Deletion according to the information in the „General information on data storage and deletion“ section.
  • Legal basis: Application procedure as a pre-contractual or contractual relationship (Art. 6 (1) sentence 1 lit. b) GDPR).

Change and update

We ask you to regularly inform yourself about the content of our Data Protection Declaration. We adapt the Data Protection Declaration as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require any action on your part (e.g., consent) or any other individual notification is required.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that addresses may change over time, and we request that you verify the information before making contact.

Definitions

In this section, you will receive an overview of the terms used in this privacy policy. Where terms are legally defined, their legal definitions apply. The explanations below are primarily intended for understanding.

  • Employees Employees are individuals who are in an employment relationship, whether as staff, salaried individuals, or in similar positions. An employment relationship is a legal connection between an employer and an employee, established by an employment contract or agreement. It entails the employer's obligation to pay the employee remuneration, while the employee provides their labor. The employment relationship comprises various stages, including its establishment, where the employment contract is concluded; its execution, where the employee performs their work; and its termination, when the employment relationship ends, whether by dismissal, mutual agreement, or otherwise. Employee data refers to all information pertaining to these individuals within the context of their employment. This includes aspects such as personal identification data, identification numbers, salary and bank details, working hours, vacation entitlements, health data, and performance reviews.
  • File data: Master data include essential information necessary for the identification and management of contracting partners, user accounts, profiles, and similar associations. This data may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs), among others. Master data forms the basis for any formal interaction between individuals and services, facilities, or systems by enabling unique identification and communication.
  • Content data: Content data includes information generated during the creation, editing, and publication of all types of content. This category of data can include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
  • Contact Information: Contact details are essential information that enable communication with individuals or organizations. They include, among other things, phone numbers, postal addresses, and email addresses, as well as communication methods such as social media handles and instant messaging identifiers.
  • Meta-, communication, and processing data: Meta-, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. It can include details about file size, creation date, document author, and revision history. Communication data captures the exchange of information between users via various channels, such as email traffic, call logs, social media messages, and chat histories, including the individuals involved, timestamps, and transmission paths. Procedural data describes processes and workflows within systems or organizations, including workflow documentation, transaction and activity logs, as well as audit logs used for tracking and reviewing operations.
  • Usage Data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information that shows how users utilize applications, which features they prefer, how long they spend on certain pages, and the paths they navigate through an application. Usage data can also include frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
  • Personal data „Personal data“ means any information relating to an identified or identifiable natural person („data subject“); a natural person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Log data: Log data is information about events or activities that have been recorded in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the usage or operation of a system. Log data is often used for analyzing system problems, security monitoring, or generating performance reports.
  • Person in charge: „Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing „Processing“ means any operation or series of operations carried out, with or without the help of automated procedures, in connection with personal data. The term is broad and includes practically any handling of data, be it collection, evaluation, storage, transmission, or deletion.
  • Contract Data Contract data is specific information that relates to the formalization of an agreement between two or more parties. It documents the terms and conditions under which services or products are provided, exchanged, or sold. This data category is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include contract start and end dates, the type of services or products agreed upon, pricing agreements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims, and resolving disputes.
  • Payment details: Payment data includes all information required to process payment transactions between buyers and sellers. This data is crucial for e-commerce, online banking, and any other form of financial transaction. It includes details such as credit card numbers, bank details, payment amounts, transaction dates, verification numbers, and billing information. Payment data may also include information about payment status, chargebacks, authorizations, and fees.