Information on data protection
With this data protection information, we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). Responsible for data processing is Helpling GmbH & Co. KG (hereinafter referred to as “we” or “us”).
I. General information
1. Contact
If you have any questions or suggestions regarding this information or would like to contact us about asserting your rights, please direct your inquiry to:
Helpling GmbH & Co. KG
Keyword Data Protection
Jägerstraße 67, 10117 Berlin, Germany
E-mail: datenschutz@helpling.de
2. Legal basis
The term “personal data” under data protection law refers to all information relating to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“DSGVO”), the Federal Data Protection Act (“BDSG”) and the Telemedia Act (“TMG”). Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Section 15 (3) of the German Telemedia Act – Telemediengesetz (“TMG”) or Art. 6 (1) a DSGVO), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) b DSGVO), for the performance of a legal obligation (Art. 6(1)(c) DSGVO) or if processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6(1)(f) DSGVO).
If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).
3. Duration of storage
Unless otherwise stated in the following notes, we only store data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. Categories of recipients of the data
We use order processors in the context of processing your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, insurance brokers, insurers, house bank, tax advisors/auditors or the tax authorities.
5. Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards are in place in accordance with Article 46 of the GDPR or if one of the conditions of Article 49 of the GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087
If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49(1)(a) DSGVO.
6. Processing when you exercise your rights
If you exercise your rights under Articles 15 to 22 DSGVO, we process the personal data transferred for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and Section 34 (2) BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
In accordance with Article 15 DSGVO and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
You have the right, in accordance with Art. 17 DSGVO and § 35 BDSG, to demand that we delete your personal data.
You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Article 7 (3) DSGVO. Such a revocation will not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Art. 21(1) DSGVO, you have the right to object to processing based on the legal basis of Art. 6(1)(e) or (f) DSGVO on grounds relating to your particular situation. If personal data about you is processed by us for the purpose of direct marketing, you may object to such processing pursuant to Article 21 (2) and (3) DSGVO.
9. data protection officer
You can reach our data protection officer at the following contact details:
E-mail: datenschutzbeauftragter@helpling.de
Herting Oberbeck Data Protection GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. processing of server log files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f DSGVO. This processing serves the technical administration and security of the website. The stored data will be deleted after two months unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.
2. special information for users
In the following, we describe what data processing may occur when you book household-related services or building cleaning via our portal and commission service providers.
- Booking of household-related services
In order to use our service (for mediation), you must register and create a user profile. This profile is necessary in order to identify service providers who, among other things, can be considered as providers of household-related services to you based on their spatial proximity to the place where the service is to be provided and their other information.In doing so, we collect the following required information:
– First name, last name, e-mail address, telephone number, street, house number, address suffix, postal code, city, information for the purpose of your identification in case of need, preferred method of payment, (hereinafter collectively “user profile data”); type of service booked and additional services as well as date, time and the temporal scope of the service booked in hours; information on whether the service is to be provided once or repeatedly (hereinafter collectively “booking data”); time of creation and updating of a user profile.
You also have the option to voluntarily provide the following information:– Presence of pets in your apartment, disposal location for garbage, presence of parking spaces, your information on special requirements (such as areas with special priority or rooms and areas to be omitted in the course of the service provision), your requirements, if any, on cleaning agents to be used, your information on how the partner gets into the apartment (key is deposited or you are at home).
– We transmit the user profile data, booking data and any other additional information voluntarily provided by you for the purpose of arranging household-related services to the service providers selected by you during the booking process. If no service provider is selected or none of the service providers selected by you confirm the booking to provide the service at the requested location and time, we will forward your User Profile Data, Booking Data and any other additional information voluntarily provided by you to other service providers not selected by you for the purpose of arranging the household-related services, who may accept your request.
– If, as a result of the referral by us, a contract for household-related services is concluded between you and a service provider, we will also process your user profile data for booking support, fulfillment, processing, billing and follow-up of the respective booked service as well as contracts including further related actions such as invoicing, crediting, complaints, cancellations etc..
– In addition, we use the user profile data, in particular the telephone number, to send an automatic message for notification and reminder about the upcoming service.
– Furthermore, we use your booking data to the extent necessary for the invoicing of the services provided by the partner and any subsequent support that may be required (e.g. in the event of insufficient service provision by the service provider) as well as for the invoicing of our commission to the service provider.
– In addition, depending on the payment method you have chosen, we transmit your credit card data (card number, expiry date, security number) or your bank details (hereinafter also referred to as “payment data”), which we collect in connection with the booking, to the licensed payment service provider Stripe Payments Europe Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (hereinafter referred to as “payment service provider”), which cooperates with us for the purposes of payment processing or collection of the debt from your account. Collection of the debt from your account processed and used. We do not store this payment data any further.
– As part of our service provision, we store the services booked by you as well as services provided to you by a service provider, including any invoice issued, in your user profile in order to enable you to access this information at a later date.
– The described data processing is based on the legal basis of Art. 6 para. 1 p. 1 b DSGVO.
– In the event that no service provider has been selected or none of the service providers selected by you has confirmed the booking, we will forward the data provided for the purpose of arranging the household-related services to other service providers not selected by you who can accept your request. This is done on the legal basis of Art. 6 para. 1 p. 1 f DSGVO. The forwarding takes place in the interest of the other service providers in order to offer you the desired household-related services.
- Advertising consent for your user profile data
If you have given your consent to be contacted by us for advertising purposes, we will process and use your user profile data, booking data and additional information as well as your access times to your user profile in order to better understand your user habits and to send you information about other services that may be of interest to you. You can revoke your consent to the use of your data for promotional purposes (e.g. newsletter) at any time via the unsubscribe link in our email and by sending an email to datenschutz@helpling.de. The legal basis for this processing is Art. 6 para. 1 p. 1 a DSGVO. - Change of your profile data / deletion
Furthermore, you can change your additional information and user profile data at any time in your user profile. We will use and transmit your data as you have changed it. If you delete your user profile on the platform, we will block and subsequently delete your data. - Booking of cleaning services
In the following, we describe the data processing that may occur if you wish to receive an offer for building cleaning via our portal. The service is provided by BAT Business Services GmbH, to whom your request from our form is forwarded. We transmit your provided contact data to BAT Business Services GmbH for the purpose of arranging building cleaning services. Afterwards, you can book the desired building cleaning service on https://www.tigerfacilityservices.com/de-de, the website of BAT Business Services GmbH. The described data processing is based on the legal basis of Art. 6 para. 1 p. 1 b DSGVO. - Change of your profile data / deletion
You can also change your additional information and user profile data at any time in your user profile. We will use and transmit your data as you have changed it. If you delete your user profile on the platform, we will block and then delete your data. - Booking of cleaning services
In the following, we describe the data processing that may occur if you wish to receive an offer for building cleaning via our portal. The service is provided by BAT Business Services GmbH, to whom your request from our form is forwarded. We transmit your provided contact data to BAT Business Services GmbH for the purpose of arranging building cleaning services. Afterwards, you can book the desired building cleaning service on https://www.tigerfacilityservices.com/de-de, the website of BAT Business Services GmbH. The described data processing is based on the legal basis of Art. 6 para. 1 p. 1 b DSGVO.
3. special notes for service providers
- Registration and mediation
If you register as a service provider on the platform, we process the following data from you in order to initiate and, if necessary, conclude a contract with you for the mediation of your household-related services:– First name, last name, e-mail address, street, house number, postal code, city, nationality, date of birth, telephone number and information for the purpose of your identification in case of need, (hereinafter collectively “Partner Profile Data”), information on whether you have a trade license and whether or in what way and to what extent you have experience in the services offered by you, information about means of transport available to you, about your bank account and about your language skills, information about the possible geographical area of operation and the possible temporal scope of the activity and the possible contact with you (cell phone, Internet-capable cell phone, access to the Internet). In addition, you can also insert / upload a photo and a brief description about yourself.
– We store your profile data and such information in a profile accessible to you for service providers that we incur in the course of billing for mediated services. Some of the stored profile data will also be published on the platform and in particular your first name, photo and short description.
– The profile data for service providers is used by us for the fulfillment, processing and billing of the respective booked service as well as contracts, including further related actions such as invoicing, crediting, complaints, cancellations, etc. and stored in the respective profile.
– In addition, we use the profile data of the cleaners, in particular the telephone number, to send an automatic message for notification and reminder about the upcoming cleaning.
The data processing is based on the legal basis of Art. 6 para. 1 p. 1 b DSGVO.
- Change of your profile data / deletion
Furthermore, you can change your partner profile data at any time in your user profile. We will use and transmit your data as you have changed it. If you delete your profile on the platform, we will first block and then delete your data.
4. Ratings on our platform
As a registered user or service provider, you have the opportunity to submit ratings on our platform. As a user, you can rate service providers with regard to household-related services rendered. As a service provider, you can rate the customer relationship with users for whom you have provided household-related services.
The rating is done by awarding 1-5 stars. In addition, a comment can be made. The ratings are displayed in the respective profile of the user or service provider.
The legal basis for the submission and publication of ratings associated processing of personal data is Art. 6 para. 1 p. 1 f DSGVO. The processing serves our legitimate interest in creating the greatest possible transparency for users and service providers.
The ratings are basically processed until the profile used is deleted on the platform.
5. Communication via our platform
We offer users and contracted service providers the opportunity to communicate directly with each other via our platform. In order to offer this service, it is necessary for us to store and process the communication content. The service is part of our provided platform. The legal basis for the data processing is therefore Art. 6 para. 1 letter b DSGVO. The use of this service is voluntary.
We treat this communication data confidentially. As a matter of principle, we do not take note of the contents. However, we reserve the right to manually check the communication content in individual cases if there are grounds to suspect that the service is being used to circumvent our platform or otherwise engage in fraudulent behavior, or if the use otherwise violates our GTC or legal regulations. In this case, the processing of the data by us is based on the legal basis of Art. 6 (1) f DSGVO and serves our legitimate interest in preventing misuse of our platform.
The communication content is stored until the profile used is deleted from the platform.
6. Contact
If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry.
If your request is directed towards the conclusion or performance of a contract with us, Art. 6 para. 1 letter b DSGVO is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is then Art. 6 para. 1 letter f DSGVO.
7. Newsletter
- Subscription and unsubscription
We offer the possibility on our website to register for our newsletter. A valid e-mail address and your name are required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in).We send you our newsletter based on your consent (Art. 6 para. 1 p. 1 a DSGVO). You have the option to unsubscribe from the newsletter at any time or to revoke your consent with effect for the future. To do so, simply use the unsubscribe link contained in every e-mail or one of the contact channels mentioned above (e.g. datenschutz@helpling.de).
When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 c DSGVO in conjunction with Art. 7 para. 1 DSGVO).
- Analysis
We also analyze the reading behavior and opening rates of our newsletter. For this purpose, we collect and process pseudonymized usage data that we do not merge with your e-mail address or your IP address.The legal basis for the analysis of our newsletter is Art. 6 para. 1 p. 1 f DSGVO and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels mentioned above.
- Newsletter service
We use the newsletter service MailChimp of The Rocket Science Group, LLC 675 Ponce de, Leon Avenue NE, Suite 5000, Atlanta, GA 30308, USA (“MailChimp”). Mailchimp acts as a processor for us, is strictly bound by instructions and is contractually obligated to ensure sufficient technical and organizational measures for data protection.
8. Blog
On our website, we offer a blog in which we publish articles on various topics. Our blog has a comment function, for the use of which the provision of personal information is required. If you submit a comment, it will be published with the username you provide assigned to the respective post. We therefore recommend that you use a pseudonym instead of your real name when choosing a username. In order to use the comment function, it is mandatory to enter the username you have chosen and your e-mail address. All other information you provide is voluntary. The legal basis for data processing in this regard is Art. 6 para. 1 sentence. 1 b) DSGVO.
If you submit a comment, we store your IP address in addition to the aforementioned data. The legal basis for storing your e-mail address and IP address is Art. 6 para. 1 sentence. 1 f DSGVO. We only use your e-mail in the event that a third party reports a comment to us as unlawful and we may need to investigate the incident. We store your IP address for the purpose of defending ourselves against third-party claims in the event that you publish illegal content. We store your e-mail address as long as your comment is publicly visible. We delete your IP address one week after you have published the comment.
As a matter of principle, we do not check submitted comments before publication. However, we expressly reserve the right to delete your comments if they are objected to by third parties as being illegal. You can object to this storage of the above data at any time. In this case, however, we would have to remove your comments from our website.
9. Jobs with Helpling
You have the opportunity to apply for open positions in our company via our website. For this purpose, we collect personal data from you, which includes in particular your name, CV, letter of application and other content provided by you. For the selection of our applications, we use Personio GmbH from Munich, Germany, as our software partner, which is solely bound by instructions for us in accordance with the legal requirements for order processing. Please note the additional data protection provisions on the career pages.
Your personal application data will be collected, stored, processed and used exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your online application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.
If we are unable to offer you employment, we will retain the data you provide for up to six months after completion of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.
The legal basis for the collection of data is Section 26 (1) sentence 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Article 7 (3) DSGVO. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
10. Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.
The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special features and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 15 (3) TMG or Article 6 (1) a DSGVO. Further information on the storage period of individual cookies can be found in the settings of our Consent Management Tool.
11. Consent Management Tool
This website uses a Consent Management Banner to control cookies. The Consent banner enables users of our website to give consent to certain data processing processes or to revoke a given consent. By confirming the “OK” button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 (1) a DSGVO.
In addition, the banner supports us in being able to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).
You can revoke your consent for cookies here.
12. Google analytics
We use the Google Analytics service of the provider Google Ireland Limited (“Google Ireland”) on our website.
Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website are processed in the process.
In part, this data is information stored in the terminal device you are using. In addition, further information is also stored on your used end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your end device will only take place with your consent.
Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by the users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 (1) a DSGVO. You can revoke this consent at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google’s Ireland sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 para. 2 lit. c DSGVO.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data.
We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyze long-term relationships.
Data on user actions is stored for a period of 14 months and then automatically deleted. In this context, the deletion of data whose storage period has expired takes place automatically once a month.
You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
13. Hotjar
We use on our website the service Hotjar of the provider Hotjar Ltd. (Malta/EU).
Using Hotjar, we can perform an analysis of movements on our website using so-called “heat maps”. This makes it possible, for example, to see how far users scroll and which buttons users click on and how often. Furthermore, with the help of the tool it is also possible to obtain feedback directly from the users of the website. In this way, we obtain valuable information to make our website even faster and more user-friendly.
With Hotjar, we can only track which buttons are clicked, mouse history, how far scrolled, device screen size, device type and browser information. In addition, we receive information about your geographic location (country) and preferred language for displaying our website. Areas of the websites in which personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable by the tool at any time.
Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices, in particular the IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Hotjar service is therefore Art. 6 (1) a DSGVO. You may revoke this consent at any time with effect for the future.
You can find more information about the Hotjar service and Hotjar’s data protection on Hotjar’s help page.
14. A/B Testing
We use the Visual Website Optimizer (VWO) service on our website for optimization and personalization (primarily for performing A/B tests). VWO is provided by Wingify Software Pvt Limited (Wingify/India).
VWO works with cookies and other technologies to collect data about the behavior of our users and about their end devices, in particular click paths, (anonymized) IP addresses, duration of website visit, browser information, location, date and time of visit, device operating system.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the VWO service is therefore Art. 6 para. 1 letter a DSGVO. You may revoke this consent at any time with effect for the future.
15. Google Ads
We use the online advertising program Google Ads of Google Ireland Limited (“Google Ireland”), through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your terminal device (“conversion cookie”). In the process, a different conversion cookie is assigned to each Google Ads customer, so that the cookies are not tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. Thus, we learn the total number of users who clicked on one of our Google ads. However, we do not receive any information with which users can be personally identified.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our Consent Management Tool. Processing is only carried out with your consent pursuant to Art. 6 (1) a DSGVO. You can revoke your consent via our Consent Management Tool.
16. Facebook Pixel
We use the Facebook Pixel on our website, a business tool provided by Meta Platforms Ireland Ltd. (Ireland, EU, “Meta”). For information on Meta’s contact details and the contact details of Meta’s data protection officer, please see Meta’s data policy at https://www.facebook.com/about/privacy.
The Facebook pixel is a snippet of JavaScript code that allows us to track visitors’ activity on our website. This tracking is called conversion tracking. For this purpose, the Facebook pixel collects and processes the following information (so-called event data):
- Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- Specific pixel information such as the pixel ID and the Facebook cookie;
- Information about buttons clicked by visitors to the website;
- Information present in HTTP headers, such as IP addresses, web browser information, page location, and referrer;
- Information about the status of disabling/restricting ad tracking.
- In part, this event data is information stored in the device you are using. In addition, cookies are also used via the Facebook pixel, through which information is stored on your end device used.
- Such storage of information by the Facebook pixel or access to information already stored in your end device will only occur with your consent.
Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, set Custom Audiences for ad targeting, Dynamic Ads campaigns, and analyze the effectiveness of our website’s conversion funnels. The features we use through the Facebook Pixel are described in more detail below.
a. Processing of Event Data for Advertising Purposes
Event data collected through the Facebook Pixel is used for targeting our ads and improving ad delivery, personalizing features and content, and improving and securing Facebook products.
For this purpose, event data is collected on our website by means of the Facebook pixel and transmitted to Meta. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Meta is therefore Art. 6 (1) a DSGVO.
This collection and transmission of event data is carried out by us and Meta as jointly responsible parties. We have entered into a processing agreement with Meta as joint controllers, which sets out the distribution of data protection obligations between us and Meta. In this agreement, we and Meta have agreed, among other things,
That we are responsible for providing you with all information pursuant to Art. 13, 14 DSGVO regarding the joint processing of personal data;
that Meta is responsible for enabling the rights of data subjects under Art. 15 to 20 of the GDPR with respect to personal data stored by Meta after the joint processing.
You can access the agreement concluded between us and Meta at https://www.facebook.com/legal/controller_addendum.
Meta is the sole controller for the subsequent processing of the transmitted event data. For more information about how Meta processes personal data, including the legal basis on which Meta relies and how you can exercise your rights against Facebook, please see Meta’s Data Policy at https://www.facebook.com/about/privacy.
b. Processing of Event Data for Analytics Purposes.
We have also engaged Meta to prepare reports on the impact of our advertising campaigns and other online content based on the Event Data collected through the Facebook Pixel (Campaign Reports) and to provide analytics and insights about users and their use of our website, products and services (Analytics). We transmit personal data contained in the Event Data to Meta for this purpose. The submitted Personal Data is processed by Meta as our processor to provide us with the campaign reports and analytics.
Personal data will only be processed to create analyses and campaign reports if you have given your prior consent to this. The legal basis for this processing of personal data is therefore Art. 6 (1) a DSGVO.
A transfer of data to Meta Platforms Inc. in the USA cannot be excluded. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please refer to the information in the section “Data transfer to third countries”.
17. Microsoft Advertising
We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about device and browser settings are processed.
Microsoft Advertising collects data via UET that allows us to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when visiting our website. Microsoft Advertising can thus recognize that our website has been visited and play an ad when Microsoft Bing or Yahoo is used at a later time. The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an advertisement. We thereby learn the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that personally identifies users.
Microsoft Advertising is used for the purpose of optimizing the placement of advertisements.
The processing only takes place with your consent in accordance with Section 15 (3) TMG or Article 6 (1) a DSGVO. You can revoke your consent via our Consent Management Tool.
In the case of Microsoft services, a transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Microsoft, please refer to Microsoft’s privacy notices at https://privacy.microsoft.com/de-de/privacystatement.
18. LinkedIn Insight tag
We use the LinkedIn Insight tag on our website, a marketing service of LinkedIn Ireland Unlimited Company (Ireland/EU). The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using.
We can perform various functions via the LinkedIn Insight tag, which we describe in detail below.
LinkedIn conversion tracking is an analytics function supported by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with personally identifiable information, but only provides reports (in which you are not identified) on site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days.
We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences. Through LinkedIn Matched Audiences and related data integrations, we can target advertising to specific audiences based on data we provide to LinkedIn (e.g., company lists, hashed contact information, device identifiers, or event data such as websites visited). This processing is done for the purpose of marketing our offers via the targeted playout of advertising.
Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. LinkedIn services are only used with your consent pursuant to Art. 6 (1) a DSGVO.
In the case of LinkedIn services, a transmission of data to LinkedIn Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information on data protection at LinkedIn, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
19. Third-party services and content
We use services, services and content provided by third parties (hereinafter collectively referred to as “content”) on our website. For such integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. This data processing is carried out in each case to protect our legitimate interests in the optimization and economic operation of our website and is based on the legal basis of Art. 6 (1) f DSGVO. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is, for example, the Matrix-based firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may result in functional restrictions on the website.
We have integrated content from the following services provided by third-party providers into our website:
Google Ireland Limited (Ireland/EU) services:
“Google Maps” for the display of maps;
“Google Web Fonts” for the display of fonts;
“YouTube” for the display of videos
“Personio” of Personio GmbH (Germany/EU) for the integration of job advertisements;
“Amazon Cloudfront” of the third-party provider Amazon Web Services, Inc. (USA) for the provision of content;
“Cloudflare” of Cloudflare Inc (USA) for the display of content.
20. Data processing for the purpose of claiming liability or theft insurance.
If you send us a message via the contact email provided to make use of the liability or theft insurance policies, we will process the data provided for the purpose of responding to your request and forwarding your personal data to the insurer HDI or the insurer Wakam and the insurance broker Indeez, respectively.
If your request is directed towards the conclusion or performance of a contract with us, Article 6 (1) b DSGVO is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 letter f DSGVO.
III. Data processing on our social media sites.
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, processing of personal data about you may occur. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
1. visit a social media page
- Facebook and Instagram page
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Meta Platforms Ireland Ltd. (Ireland/EU – “Meta”). For more information about the processing of personal data by Meta, please visit https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
Meta provides us with anonymized statistics and insights for our Facebook and Instagram page, which help us gain insights into the types of actions people take on our page (so-called “page insights”). These Page Insights are created based on certain information about individuals who have visited our Page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Article 6 (1) (f) DSGVO. We cannot associate the information obtained via Page Insights with individual user profiles interacting with our Facebook and Instagram page. We have entered into a joint controller agreement with Meta, which sets out the distribution of data protection obligations between us and Meta. For details about the processing of personal data to create Page Insights and the agreement entered into between us and Meta, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you have the possibility to exercise your data subject rights (see “Your rights”) also against Metageltend. Further information on this can be found in Metaunter’s privacy policy https://www.facebook.com/privacy/explanation.Please note that according to the Meta Privacy Policy, user data is also processed in the USA or other third countries. Meta only transfers User Data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.
- LinkedIn company page
For the processing of personal data when visiting our LinkedIn page, LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is basically the sole controller. For more information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Article 6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details about exercising your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see dataprotection.ie) or any other supervisory authority.Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the US or other third countries. In doing so, LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.
- Twitter
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy. - YouTube
Google Ireland Limited (“Google Ireland”) is the sole responsible party for the processing of personal data when visiting our YouTube channel. Further information about the processing of personal data by YouTube or Google Ireland can be found at https://policies.google.com/privacy.
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 (1) (a) DSGVO) or if this is necessary to comply with a legal obligation (Art. 6 (1) (c) DSGVO).
Status:
February 2022