Privacy Policy


1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website and the learndataengineering school operated by us on the teachable.com platform (hereinafter jointly referred to as the "website"). Personal data is all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation of the EU (GDPR) is Andreas Kretz, Schleifweg 3, 97834 Birkenfeld, Germany, tel: +49 151 64860660, E-Mail: [email protected]. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line.

 

2) Hosting

Hosting by the teachable.com platform

We use the website building system of Teachable, Inc, 470 Park Avenue South, 6th Floor, New York, New York 10016, USA ("Teachable") for the purpose of hosting and displaying the website on the basis of processing on our behalf. All data collected on our website is processed on Teachable's servers. 

We have concluded a data processing agreement with Teachable (Data Processing Addendum, available at https://teachable.com/dpa), which obliges Teachable to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Teachable refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. 

Further information on Teachable's data protection can be found on the following website: https://teachable.com/privacy-policy.

The scope of the processing of personal data is outlined below.

 

3) Data recording when visiting our website

During the mere informative use of our website, i.e. if you do not register or otherwise transmit information to us, Teachable collects data that your browser transmits to Teachable's server (so-called "server log files"). For more information on the collection and processing of data when you visit our website, please refer to Teachable's Privacy Policy.

 

4) Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we or Teachable use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to be recognised on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.

In some cases, cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out either in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

For more information on cookies at Teachable, please visit: https://teachable.com/cookies-policy

Please note that you can configure your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/en/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/en-US/kb/third-party-cookies-firefox-tracking-protection

Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data- sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

 

5) Contact

5.1 Calendly

We use the software "Calendly" of the provider Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA to provide an online appointment booking function.

For the purpose of making an appointment, first name, surname and email address (and telephone number if a telephone appointment is requested) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to Calendly in accordance with Art. 6 para. 1 lit. f GPDR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the purpose of organising the appointment. After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by Calendly. We have concluded a data processing agreement with Calendly ("Data Processing Addendum", available at https://calendly.com/dpa), in which Calendly undertakes to protect the data of our customers in accordance with the legal requirements. Calendly generally transfers collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

Details of Calendly's data protection provisions can be found here: https://calendly.com/privacy

5.2 When contacting us (e.g. by e-mail), personal data may be collected depending on the content. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If the aim of making contact is to conclude a contract, the additional legal basis for processing will be Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

 

6) Data processing when opening a user account and for contract processing

Pursuant to Art. 6 para. 1 lit. b GDPR, further personal data will be collected and processed if you provide it to us for the performance of a contract or when opening a user account. Which data is collected can be seen from the respective input forms. Deletion of your user account is possible at any time and can be done by sending a message to the above address of the controller. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your user account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have explicitly consented to further use of your data or a legally permitted further use of data has been reserved on our part.

 

7) Comment functions

Within the scope of the comment functions on this website, in addition to your comment, information on the time of the creation of the comment and the commentator name selected by you will be stored and published on this website. Furthermore, Teachable may log and store additional data. For further information, please refer to Teachable's Privacy Policy. The legal bases for the storage of your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are declared as unlawful by third parties.

 

8) Use of customer data for direct advertising

Newsletter dispatch via ConvertKit

Our e-mail newsletters are sent via the technical service provider ConvertKit LLC, PO Box 761, Boise, ID 83701, USA (https://www.convertkit.com), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly. Please note that your data is generally transmitted to a ConvertKit server in the USA and stored there.

ConvertKit uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For example, it can be determined whether a newsletter message was opened and which links, if any, were clicked. With the help of the web beacons, ConvertKit automatically creates general, non-personal statistics about the response behaviour to newsletter campaigns. On the basis of our legitimate interest in the statistical evaluation of the newsletter campaigns for the optimisation of the advertising communication and the better targeting of recipient interests, however, data of the respective newsletter recipient (mail address, time of retrieval, IP address, browser type and operating system) are also collected and utilised by the web beacons in accordance with Art. 6 para. 1 lit. f GDPR. This data allows an individual conclusion to be drawn about the newsletter recipient and is processed by ConvertKit for the automated creation of statistics that show whether a specific recipient has opened a newsletter message.

If you wish to deactivate the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

ConvertKit may also use this data itself in accordance with Art. 6 para. 1 lit. f GDPR on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine which countries the recipients come from. However, ConvertKit does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

To protect your data in the USA, we have concluded a data processing agreement ("Data Processing Agreement") with ConvertKit based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to ConvertKit. 

You can view ConvertKit's privacy policy here:

https://convertkit.com/privacy

 

9) Data processing for order processing

9.1 In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data collected by us or your payment data will be passed on to Teachable and/or other companies within the framework of the contract and payment processing, insofar as this is necessary for the provision of the services and for the payment processing. If payment service providers are used by us, we will explicitly inform you about this below. Information on data protection in the event of payment processing by Teachable is available at https://teachable.com/privacy-policy

The legal basis for the forwarding of the data is Art. 6 para. 1 lit. b) GDPR.

9.2 Use of payment service providers

- Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "payment by instalments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "payment by instalments" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's privacy statement: https://www.paypal.com/ad/webapps/mpp/ua/legalhub-full?locale.x=en_AD.

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

- Stripe

If you choose a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank identifier code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. You can find more information on Stripe's data protection at the URL https://stripe.com/de/privacy.

Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard the legitimate interest in determining the user's ability to pay. The personal data necessary for a credit check and obtained in the course of payment processing may be transmitted by Stripe to selected credit agencies, which Stripe discloses to users upon request. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Stripe uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding on the authorisation to use the selected payment method.

You can object to this processing of your data at any time by sending a message to Stripe or the appointed credit agencies.

However, Stripe may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

 

10) Online marketing

Use of Affiliate programs

- Own affiliate programme

In connection with the product presentations on our website, we maintain our own affiliate programme, within the context of which we provide interested third-party operators with partner links for placement on their websites that lead to our offers. Cookies are used for the affiliate programme, which are generally set on the partner page after clicking a corresponding partner link and for which we are not responsible in this respect under data protection law. Cookies are small text files that are stored on your end device in order to be able to trace the origin of transactions (e.g. "sales leads") generated via such links. In doing so, we can recognise, among other things, that you have clicked the partner link and have been redirected to our website. This information is required for payment processing between us and the affiliate partners. Insofar as the information also contains personal data, the described processing is carried out on the basis of our legitimate financial interest in the processing of commission payments in accordance with Art. 6 para. 1 lit. f GDPR.

If you wish to block the evaluation of user behaviour via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

- Amazon affiliate programme (AmazonPartnerNet)

We participate in the affiliate programme "AmazonPartnerNet" of Amazon EU S.a.r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg (hereinafter "Amazon"). Within this context, we have placed advertisements on our website as links that lead to offers on various Amazon websites. Amazon uses cookies. These are small text files that are stored on your end device in order to track the origin of orders generated via such links. Among other things, Amazon can recognise that you have clicked on the partner link on our website. This information is required for payment processing between us and Amazon. Insofar as the information also contains personal data, the described processing is carried out on the basis of our legitimate financial interest in the processing of commission payments with Amazon pursuant to Art. 6 para. 1 lit. f GDPR.

You can find further information on data use by Amazon in the Amazon.de privacy policy at https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&language=en_GB&nodeId=3312401.

If you wish to block the evaluation of user behaviour via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. You can also deactivate Amazon's interest-based ads via the link https://www.amazon.de/gp/dra/info.

 

11) Web analytics services

Google (Universal) Analytics with Google Signals

This website uses Google (Universal) Analytics, which is a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses "cookies" – text files that are stored on your end device and enable analysis of your use of the website. The information generated by the cookie about your use of the website (including your shortened IP address) will be transmitted to a Google server and saved there; it may also be transmitted to the servers of Google LLC. in the United States.

This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymisation of the IP address by shortening it and excludes direct personal reference. Due to the extension, your IP address will be previously abbreviated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The full IP address will only in exceptional cases be transmitted to a server of Google LLC. in the USA and abbreviated there.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website and internet usage. Here, the IP address transmitted by your browser within the scope of Google (Universal) Analytics will not be aggregated with other data of Google.

Google Analytics also enables the creation of statistics with statements about the age, gender and interests of site visitors on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called "demographic characteristics". This allows the definition and differentiation of user groups of the website for the purpose of the target group-optimised orientation of marketing measures. However, data records collected via the "demographic characteristics" cannot be assigned to a specific person.

Details on the processing triggered by Google Analytics and on Google's handling of website data can be found here: https://policies.google.com/technologies/partner-sites?hl=en.

All of the processing described above, in particular the setting of Google Analytics cookies for reading out information on the end device used, will only be carried out if you have given us your explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Google Analytics will not be used during your visit to the website.

You can revoke your issued consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the cookie consent tool provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=en&gl=de

This website also uses the Google Signals service as an extension of Google Analytics. With Google Signals, we can have Google create cross-device reports (so-called "cross-device tracking"). If you have activated "personalised ads" in your Google account settings and you have linked your internet-enabled devices to your Google account, Google can analyse user behaviour across devices and create database models based on this, provided you have given your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR (see above). The logins and device types of all page visitors who were logged into a Google account and performed a conversion are taken into account. The data shows, among other things, on which device you first clicked on an ad and on which device the associated conversion took place. We do not receive any personal data from Google in this regard, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the "personalised ads" function in the settings of your Google account and thus switching off the cross-device analysis. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en

Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=en.

 

12) Site functionalities

12.1 Use of Youtube videos

This website uses the Youtube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider Youtube uses cookies to collect information about user behaviour. According to information from Youtube, this is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google, your data will be assigned directly to your account if you click a video. If you do not want your profile to be associated with Youtube, you must log out before activating the button. You have the right to object to the creation of these user profiles. Contact Youtube in order to exercise this right. The use of Youtube may also result in the transmission of personal data to the servers of Google LLC. in the USA.

Independently of a playback of the embedded videos, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence.

All processing described above, in particular the reading of information on the end device used via cookies, will only be carried out if you have given us your explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Youtube videos will not be used during your visit to the site.

You can revoke your issued consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the cookie consent tool provided on the website via alternative options communicated to you on the website.

Further information on data protection at Youtube can be found in the Youtube terms of use at https://www.youtube.com/static?gl=US&template=terms and in Google's privacy policy at https://www.google.de/intl/en/policies/privacy.

12.2 – Zoom

We use the service "Zoom" of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter "Zoom") to conduct online meetings, video conferences and/or webinars.

In the case of the use of Zoom, different data is processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. In the course of using Zoom, data of the communication participants is processed and stored on Zoom servers. This data may include, in particular, your login data (name, email address, telephone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of the participants as well as voice inputs in chats may be processed.

We have concluded a data processing agreement with Zoom ("Data Processing Addendum", available at https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf), which obliges Zoom to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Zoom refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. 

When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future.

Otherwise, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the effective conduct of the online meeting, webinar or video conference. For more information on Zoom's use of data, please see Zoom's privacy policy at https://explore.zoom.us/docs/en-us/privacy.html.

12.3 Online applications via a form

On our website, we offer prospective job applicants the opportunity to apply online via a corresponding form. In order to be included in the application process, applicants must provide us via the form with all personal data required for an informed assessment and selection.

The information required includes general personal information (name, address, telephone or electronic contact details) and performance-related evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labour and social law in the interest of social protection in the applicant's person.

In the course of submitting the form, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application.

The legal basis for this processing is generally Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG (German Federal Data Protection Act)), in the sense of which the application process is considered to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b. GDPR, so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services.

If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws its application prematurely, its data submitted on the form will be deleted at the latest after 6 months following notification. This period is calculated on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.

12.4 Applications to job advertisements via e-mail

We advertise current vacancies on our website in a separate section, for which interested parties can apply via e-mail to the contact address provided.

In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection together with their application via e-mail.

The required information includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labour and social law in the interest of social protection in the applicant's person.

The components that an application must contain in order to be considered in each individual case and the form in which these components must be submitted via e-mail can be found in the respective job advertisement.

After receipt of the application sent using the specified e-mail contact address, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For queries arising in the course of processing, we use, at our discretion, either the e-mail address provided by the applicant with its application or a telephone number provided.

The legal basis for this processing, including contacting the applicant for queries, is generally Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG), in the sense of which the application process is considered to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b. GDPR, so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services.

If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws its application prematurely, its data transmitted via e-mail and all electronic correspondence, including the original application e-mail, will be deleted at the latest after 6 months following notification. This period is calculated on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.

12.5 – Google Forms

We use the service "Google Forms" of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") as part of our business Google Workspace to conduct surveys or online forms. Google Forms enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to Google and stored on Google servers. The information you enter in the forms is stored in a password-protected manner to ensure that third party access is excluded and that only we can evaluate the information for the purpose specified in the form.

When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future.

We have concluded a data processing agreement ("Data Processing Amendment") with Google for the use of Google Forms, which obliges Google to protect the data of our site visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out.

For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Google Forms and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en.

12.6 – Zapier

Our website uses the integration service "Zapier" of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA (hereinafter "Zapier"). We use Zapier for the integration of different databases and webtools. Zapier is a web service that automatically connects actions of different webtools and synchronises their applications so that they execute the desired processes. Zapier automates our processing operations and ensures different workflows in order to efficiently design operating procedures in our processing system. The processing described above is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in the efficient design of our operating procedures.

We have concluded a data processing agreement ("Data Processing Addendum") with Zapier, which obliges Zapier to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Zapier refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Zapier's use of data can be found in Zapier's privacy policy at https://zapier.com/privacy.

 

13) Tools and other

- DATEV

We use the cloud-based accounting software of DATEV eG, Paumgartnerstr. 6-14, 90429 Nürnberg, Germany ("DATEV").

DATEV processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process.

If also personal data is processed in this process, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient organisation and documentation of our business transactions.

For more information on DATEV, the automated processing of data and data protection regulations, please visit https://www.datev.de/web/de/m/ueber-datev/datenschutz/.

 

14) Rights of the data subject

14.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:

- Right of access in accordance with Art. 15 GDPR: In particular, you have the right to obtain information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing or complaint to a supervisory authority, the source of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing for you, as well as your right to be informed about the safeguards pursuant to Art. 46 of the GDPR in case of onward transfer of your data to third countries;

- Right to rectification according to Art. 16 GDPR: You have the right to have any inaccurate data relating to you corrected without delay and/or to have any incomplete data held by us completed;

- Right to erasure according to Art. 17 GDPR: You have the right to demand the deletion of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right shall not apply in particular where the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is being verified; if you oppose the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you require your data for the establishment, exercise or defence of legal claims after we no longer need this data for the purposes of the processing; or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate reasons prevail;

- Right to notification in accordance with Art. 19 GDPR: If you have asserted your right to rectification, erasure or the restriction of processing against us, as the controller, we will be obliged to inform all recipients of your personal data about the rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to request to be informed about these recipients.

- Right to data portability in accordance with Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;

- Right to withdraw consents granted pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal;

- Right of complaint according to Art. 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

14.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

 

15) Duration of the storage of personal data

The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and – if relevant – also on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject revokes its consent.

If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no justified interest on our part in continuing to store it.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, such data shall be stored until the data subject exercises its right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para.1 lit. f GDPR, such data shall be stored until the data subject exercises its right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this policy on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.