I.     Introduction

With the following information we would like to give you as a “data subject” an overview of the processing of your personal data by us as well as your rights from the data protection laws.

Your personal data will always be processed in accordance with the Generell Data Protection Regulation (GDPR) and all applicable country-specific data protection regulations. We have implemented numerous technical and organizational measures to ensure the highest possible protection when processing your personal data.

II.   Scope

The following data protection regulations apply to the following websites: https://zero360.de and all our other online presences (e.g. our social media pages).

III. Controller

Controller within the GDPR is:

zero360 GmbH

Neue Grünstraße 18

10179 Berlin

Germany

mail@zero360.de

Telefon: +49 30 58 58 314 0

IV.  Data Protection Officer

If you have any questions or suggestions regarding data protection issues, you can contact our data protection officer at any time:

E-Mail: dsb@secjur.comNiklas Hanitsch
c/o secjur GmbH
Steinhöft 9
20459 Hamburg
Telefon: +49 40 228 599 520,
E-Mail: dsb@secjur.com

V.  Technology

1.    SSL/ TLS encryption

To ensure the security of data processing and to protect the transmission of confidential content, we use SSL or TLS encryption. You can recognize the existence of an encrypted connection by the fact that the address line of your browser displays “https://” instead of “http://” and by the lock symbol in your browser line.

2.    Data collection when visiting the website / storage of log files

When using our website for purely informational purposes, we only collect personal data that your browser sends to our server (server log files). Every time you access our website, a number of general data and information are collected, which we store in the server log files.

Purpose of processing

  • Correct delivery of the contents of our website
  • Optimization of the contents of our website
  • Guarantee of a permanent operability of our IT systems and the technology of our website
  • Static evaluation to improve the level of data protection and data security
  • Provision of information to law enforcement agencies in the event of a cyber attack


Processed data

  • Usage and metadata (e.g. browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer), the sub-websites which are accessed via an accessing system on our website, the date and time of an access to the website, an abbreviated internet protocol address (anonymised IP address), the internet service provider of the accessing system)

Security measures

The server log files are anonymous data that are stored separately from all other of your personal

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

VI. Cookies

We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site.

Information is stored in the cookie, which in each case arises in connection with the specifically used terminal device. This does not mean, however, that we obtain direct knowledge of your identity.

3.    Technicaly necessary cookies

We use technically necessary cookies. These are cookies that are necessary for the operation and functions of our website.



Purpose of processing

  • Offering our services
  • Enabling the use of our website functions

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

4.    Technicaly not necessary cookies

We use technically not necessary cookies. These are cookies that are not technically essential for the operation of the website or the provision of specific page functions. As a rule, these are third-party cookies that can be used to analyze and trace the surfing behavior of users.

Purpose of processing

  • Range measurement and tracking
  • Evaluation of visitor behavior and profiling
  • Optimization of our offer

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR).

Right of withdrawal

You can revoke your consent to the use of cookies at any time.

VII.       Transmission and disclosure of personal data

Within the scope of our activities, we transmit personal data to external parties (e.g. persons, companies or legally independent organizational units). You can find details on this below under “Services used” with the respective service providers.

VIII.     Data processing in third countries

We process personal data in a third country. These are countries outside the European Union (EU) and the European Economic Area (EEA).

We only process data in third countries where an adequate level of data protection exists in accordance with Art. 44-49 GDPR. Details of the specific level of data protection in the respective third country can be found below under “Services used” with the respective service providers.

IX. Contact

1.    Generell information

We offer you different ways to contact us (e.g. by e-mail, chat or telephone).

Processed data

  • inventory data (e.g. first and last name, address)
  • Contact information (e.g. e-mail address, phone number)
  • Meta and communication data (e.g. IP address)
  • Content data (e.g. entered text content, photographs, videos)

Processed data when using the contact form

When you use our contact form, we process the following personal data:

  • Name
  • E-Mail-adress
  • Phone number
  • Subject
  • Message
  • Meta and communication data (e.g. IP address)

Purpose of processing

  • Answering contact requests
  • Communication

Legal basis

  • Performance of a contract or implementation of pre-contractual measures (Art. 6 Para. 1 Cl. 1 letter b. GDPR) if your request is based on pre-contractual measures or on an existing contract with us.
  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR) If your inquiry is independent of contractual or pre-contractual measures, our legitimate interests constitute the legal basis. The legitimate interest corresponds to the above-mentioned purposes.

2.    Calendry

Provider

Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA (Calendry).

You have the option of making an appointment with us via our online service.

If you do not wish to send us the data required to make an appointment via “Calendly”, you can also contact us via the known communication channels and, for example, make an appointment. If you request an appointment via “Calendly”, you will automatically be connected to our appointment account at “Calendly”. Please note that this privacy policy is not valid there. The privacy policy of the linked website may differ significantly from this one.

After choosing your appointment, confirming it and entering your contact details and requests, you will receive an email from “Calendly” confirming your appointment.

Data protection outside the EU and EEA

We have concluded standard data protection clauses with Calendry

Privacy policy

For more information on data processing, see the Calendry privacy policy: https://calendly.com/pages/privacy

X.  Newsletter

1.    Generell information

We offer you the opportunity to subscribe to our company’s newsletter. With our newsletter we inform customers and business partners about our offers at regular intervals. Basically we only need your email address to register for our newsletter. In addition, it is possible that we may ask you to enter your name or other information during the registration process in order to personalize the newsletter.

Double-Opt-In Procedure

After registering for the newsletter, we will send a confirmation e-mail using the double opt-in procedure to the email address you first entered for the newsletter dispatch. This confirmation mail is used to check whether you as the owner of the e-mail address have authorized the receipt of the newsletter. The registration for the newsletter will be logged so that we can meet our legal obligations to provide evidence.

Newsletter dispatch to existing customers

If you have provided us with your email address when purchasing goods or services, we also reserve the right to send you regular offers on similar goods or services from our product range by e-mail. In accordance with § 7 Para. 3 UWG, we do not need to obtain your separate consent for this. The legal basis for sending the newsletter is our legitimate interest.

Newslettertracking

Our newsletters contain so-called tracking pixels. This is a miniature graphic that is embedded in emails. In this way, we can, for example, track whether and when an email was opened by you and which links in the email were called up by you. This enables us to statistically evaluate the success or failure of online marketing campaigns. The personal data collected by the tracking pixels is stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. Such evaluation is based on our legitimate interests.

Processed data

  • inventory data (e.g. first and last name, address, gender)
  • E-mail address)
  • Metadata (e.g. device information, IP address, date and time of login)

Purpose of the processing

  • direct marketing

As far as newsletter tracking takes place additionally:

  • Insertion of personalized advertising
  • Market research
  • Performance measurement of online marketing
  • Profiling

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter f GDPR)
  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

Right of revocation and objection

You can cancel your subscription to our newsletter at any time and revoke your consent to data processing for the purposes of sending the newsletter at any time. If the data processing is based on our legitimate interest, you have the possibility to object at any time. There is therefore a corresponding opt-out link in every newsletter. In addition, it is also possible to unsubscribe from the newsletter at any time on our website or to inform us of this in another way. A cancellation of the receipt of the newsletter is automatically interpreted as a revocation or objection.

2.    HubSpot

Provider

HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefon: +353 1 5187500, parent company: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA (HubSpot).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Hubspot: https://legal.hubspot.com/dpa

Privacy Policy

For further information, please refer to the Hubspot privacy policy: https://legal.hubspot.com/de/privacy-policy

XI.  Application

We offer you the opportunity to apply for jobs and send us your application online or by post.

Processed data

  • inventory data (e.g. first and last name, address)
  • Contact information (e.g. e-mail address, phone number)
  • Application data (e.g. cover letter, curriculum vitae, certificates and other evidence)
  • Special categories of personal data (e.g. health data, severely disabled persons, data on racial and ethnic origin).

Purpose of the processing

  • Implementation of the application procedure and finding suitable applicants.

Legal basis

  • Performance of a contract or implementation of pre-contractual measures (Art. 6 Para. 1 Cl. 1 letter b. GDPR, Art. 88 Para. 1 GDPR and Sec. 26 Para. 1 BDSG).
  • Consent (Art. 6 Para. 1 Sen.1 letter a DS-GV). If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing.

If special categories of personal data are processed, the processing is based on the following principles:

  • Consent (Art. 9 Para. 2 letter a GDPR)
  • Health care or occupational medicine, assessment of the employee’s ability to work, medical diagnosis, care or treatment in the health or social sector or management of systems and services in the health or social sector (Art. 9 Para. 2 letter h GDPR)
  • Exercise of the rights deriving from labor law and social security and social protection law and fulfilment of the obligations relating thereto by the person responsible or the person concerned (Art. 9 Para. 2 letter c GDPR)

Duration of storage

If an employment relationship is established after completion of the application process, the personal data provided may be processed further. Otherwise, we generally retain the data for six months. Afterwards, the data will be deleted or disposed of in accordance with data protection regulations. Longer storage is possible if we include you in our pool of applicants after obtaining your consent.

XII.        Marketing

1.    Generell information

We process personal data for online marketing purposes. In particular, we provide advertising content and market advertising space. These are based on potential user interests. User profiles are created for this purpose. These are regularly stored in cookies.

Processed data

  • Usage data (e.g. websites visited, interest in content, time of access).
  • Meta and communication data (e.g. IP address).
  • Location data

Purpose of processing

  • Reach measurement and tracking
  • Evaluation of visitor behavior and profiling

2.    Google Ad Manager (formerly DoubleClick)

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

By using the service, we are able to place ads on Google’s advertising network to present to users who have a potential interest in the ads.

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google: https://privacy.google.com/businesses/processorterms/mccs/

Privacy Policy

For further information, please refer to the Google privacy policy: https://policies.google.com/privacy?hl=de

3.    Google Ads Conversion Tracking

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Google Ads enables us to place ads in Google’s advertising network in order to present them to users who have a potential interest in the ads. The ads are based primarily on the search results when using Google services.

In addition, the conversion of the ads is measured. We only learn the total number of users who clicked on the ad and were redirected to a web page that is tagged with a “conversion tracking tag”. We do not receive any information that allows us to identify users.

Purpose of the processing

  • Promoting our website by displaying relevant advertisements on third-party sites.

Data processed

  • Usage data (e.g. web pages visited, time of access)
  • Meta and communication data (e.g. IP address)

Legal basis

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google: https://policies.google.com/privacy/frameworks?hl=de  

Google advertising settings

You have the option to object to interest-based advertising from Google at any time: www.google.de/settings/ads  

Privacy policy

For more information on data processing, please see Google’s privacy policy: https://policies.google.com/privacy

4.    Google Ads Remarketing

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Through Google Ads Remarketing, we are able to target users who have already interacted with our website. This allows us to present ads to users when they visit a Google website or website in the Google advertising network.

Legal basis

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google: https://policies.google.com/privacy/frameworks?hl=de  

Privacy policy

For more information on data processing, please see Google’s privacy policy: https://policies.google.com/privacy

5.    Facebook Pixel and Facebook Custom Audiences

Provider

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook).

The Facebook pixel is an analytics tool that helps us measure the effectiveness of our advertising efforts by analyzing the actions of website visitors. The pixel is always triggered when a certain action is performed (so-called event) and subsequently records this action. 

We use the Facebook pixel in the standard version. Only the usage behavior of the respective web addressee is evaluated and only related usage data is processed.

Within the framework of Facebook Custome Audiences, we can then create target groups of specific users in order to carry out target group-oriented marketing measures based on this. 

Zweck der Verarbeitung

  • Evaluation of the effectiveness of Facebook ads
  • Delivery of ads to the right person

Processed data

  • Usage data (e.g. web pages visited, time of access)
  • Meta and communication data (e.g. IP address)

Legal basis

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Facebook: https://www.facebook.com/legal/EU_data_transfer_addendum 

Privacy policy

For more information on data processing, please see Facebook´s privacy policy: https://www.facebook.com/about/privacy

Possibility of objection (Opt-Out)

You have the option to revoke your consent to data processing at any time: https://www.facebook.com/settings?tab=ads  

6.    Twitter Analytics

Provider

musical.ly Inc, 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA (Twitter).

Through Twitter Analytics, we are able to analyze the interaction with our tweets as well as the interests, locations and origin of our Twitter followers.

Legal basis

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Data protection outside the EU and EEA

We have agreed to standard data protection clauses with Twitter: https://gdpr.twitter.com/en/controller-to-controller-transfers.html   

Privacy policy

For more information on data processing, please see Twitter’s privacy policy: https://twitter.com/settings/your_twitter_data  

Option to object (opt-out)

You have the option to object to data processing by Twitter: https://twitter.com/settings/account/personalization  

7.    LinkedIn Analytics and LinkedIn Ads

Provider

LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043; LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, (LinkedIn).

Through LinkedIn’s services, we are able to serve personalized advertisements to visitors of our website and generate anonymous reports regarding the performance of our advertisements and interaction with our website.

Legal basis

Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR)

Data protection outside the EU and EEA

We have agreed to standard data protection clauses with LinkedIn.

Privacy policy

Further information on data processing can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy   

Further information on LinkedIn plugins

Further information on plugins from LinkedIn can be found here: https://developer.linkedin.com/plugins   

Unsubscribe from and manage email messages, SMS messages as well as targeted ads: https://www.linkedin.com/psettings/guest-controls  

Information on cookies and opt-out option

Further information on cookies as well as an opt-out option can be found here: https://www.linkedin.com/legal/cookie-policy  

8.    Twitter Advertising

Provider

musical.ly Inc, 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA (Twitter).

Legal basis

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Data protection outside the EU and EEA

We have agreed to standard data protection clauses with Twitter: https://gdpr.twitter.com/en/controller-to-controller-transfers.html   

Privacy policy

For more information on data processing, please see Twitter’s privacy policy: https://twitter.com/settings/your_twitter_data  

Option to object (opt-out)

You have the option to object to data processing by Twitter: https://twitter.com/settings/account/personalization  

9.    Hubspot and Hubspot Forms

Provider

HubSpot, Inc, 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA (HubSpot).

Hubspot offers a range of massaging tools including live chat, team emails and chatbots. This enables us to communicate with our customers and prospects.

Through Hubspot Forms, we are able to create online forms.

Legal basis

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Data protection outside the EU and EEA

We have agreed standard data protection clauses with HubSpot: https://legal.hubspot.com/dpa  

Privacy policy

For more information on data processing, please see Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy

XIII.     Web Analysis and Optimization Services

1.    Generell information

We carry out web analyses to evaluate the visit of our online presences. In doing so, we are able to process your interests, certain types of behaviour or demographic data. This enables us to analyze how you use our online offer and its contents and functions. User profiles can be created as part of the web analysis. Cookies are often used for this purpose.

Processed data

  • Usage data (e.g. websites visited, interest in content, time of access)
  • Meta and communication data (e.g. IP address).
  • Location data

Purpose of the processing

  • Range measurement and tracking
  • Evaluation of visitor behavior and profiling
  • Improving our offer and offering customer-friendly services

2.    Google Tag Manager

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

The Google Tag Manager gives us the possibility to manage website tags and integrate services into our online offer. The Google Tag Manager itself does not enable the creation of user profiles.

Purpose of processing

  • Installation and updating of web page tags

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google: https://privacy.google.com/businesses/processorterms/mccs/

Privacy policy

For further information, please refer to the Google privacy policy: https://policies.google.com/privacy

3.    Google Analytics

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR).

Security measure

We have anonymized your IP address.

Opt-Out-Cookie

You can prevent the collection of your personal data by Google by clicking on the following link: Disable Google Analytics. This sets an opt-out cookie that prevents the future collection of your data when you visit our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. You can prevent the installation of cookies by setting the browser software accordingly; however, we would like to point out that in this case, not all functions of this website may be used to their full extent.

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google: https://privacy.google.com/businesses/processorterms/mccs/

Privacy policy

For further information, please refer to the Google privacy policy: https://policies.google.com/privacy

Further information on data protection

You can find more information about data protection here: https://support.google.com/analytics/answer/6004245?hl=de

4.    Google Optimize

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

With Google Optimize, we are able to use data from Google Analytics to improve our online offering as well as to align our marketing efforts with potential user interests.

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google: https://privacy.google.com/businesses/processorterms/mccs/ 

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR)

Privacy policy

Further information on data processing can be found in Google’s privacy policy: https://policies.google.com/privacy

Option to object (opt-out): https://tools.google.com/dlpage/gaoptout?hl=de

Settings for the display of advertisements: https://adssettings.google.com/authenticated  

5.    Hotjar

Provider

Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (Hotjar).

By using Hotjar, we are able to analyze the behavior of website visitors.

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR)

Privacy policy

For more information on data processing, please see Hotjar’s privacy policy. https://www.hotjar.com/legal/policies/privacy   

Cookie policy: https://www.hotjar.com/legal/policies/cookie-information

XIV.    Audio-visual conferences and messanger services

1.    Generell information

We use messaging services and conduct video and audio conferences, webinars, and other audiovisual communications using third-party platforms. In doing so, we and the third-party providers process your personal data. In the process, data may be stored on the servers of the respective third-party providers.

Processed data

  • Inventory data (e.g. first and last name, address),
  • Contact data (e.g. e-mail address, telephone number),
  • Content data (e.g. photographs, videos, screen contents, text contents).
  • Usage data (e.g. websites visited, interest in content, time of access),
  • Meta and communication data (e.g. IP address).

Purpose of processing

  • Communication
  • Answering contact requests
  • Offering services and contracts
  • Direct advertising

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR). If we obtain your consent, this constitutes our legal basis for data processing.
  • Performance of a contract or implementation of pre-contractual measures (Art. 6 Para. 1 Cl. 1 letter b. GDPR)

2.    Slack

Provider

Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105, USA (Slack).

Description of processing

For communication we use the service Slack. Slack is a web-based instant messaging service that allows us to communicate online in groups or between individuals via messaging or (video) telephony.

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Slack:

Privacy policy

For further information, please refer to the MyFonts privacy policy: https://slack.com/intl/de-de/legal

3.    Zoom

Provider

55 Almaden Boulevard, 6th Floor, San Jose, CA 95113

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Zoom.

Privacy policy

For more information on data processing, please see Zoom´s privacy policy. : https://zoom.us/de-de/privacy.html 

Zoom for G-Suite
We also use the Zoom for G-Suite add-on. This enables us to schedule, attend or manage Zoom meetings directly from Gmail or Google Calendar. Further notes on the Zoom G-Suite add on:https://support.zoom.us/hc/en-us/articles/360020187492-Zoom-for-GSuite-add-on

4.    Microsoft Teams

Provider

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (Microsoft).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Microsoft: https://www.microsoft.com/en-us/licensing/product-licensing/products#OST 

Privacy policy

For more information on data processing, please see Microsoft´s privacy policy. https://privacy.microsoft.com/de-de/privacystatement 

5.    Google Hangouts

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google

Privay Policy

For more information on data processing, please see Google´s privacy policy. https://policies.google.com/privacy

XV.      Project management software (Asana)

Provider

Asana, Inc., 1550 Bryant Street, 8th Floor, San Francisco, Californien 94103, USA (Asana).

Description of processing

Asana helps us as a company to organize and manage our work and projects.

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Asana

Privacy Policy

For more information on data processing, please see Asana´s´s privacy policy. https://asana.com/de/terms#privacy-policy

XVI.    Social Networks

1.    Generell information

We maintain presences in social networks to communicate with you and inform you about our services.

If you visit one of our social media pages, we are joint controllers with the provider of the respective social media platform for the processing of personal data triggered by this in accordance with Art. 26 GDPR.

We point out that your data may be processed outside the EU or the EEA Area. This may result in risks such as a more difficult enforcement of user rights. User data is often processed in social networks for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this.

In addition, the providers often create user profiles, on the basis of which user-based advertising can then be placed inside and outside the social network. For this purpose, cookies are often used or the user behavior is directly assigned to your own member profile of the social networks (if you are logged in here).

Since we do not have access to the data stocks of the respective providers, we would like to point out that it is best to apply your rights directly to the respective provider. However, if you need help, please feel free to contact us. Further information on the processing of your data in social networks and the possibility to make use of your right of objection or revocation (opt-out) is listed below.

Processed data

  • inventory data (e.g. first and last name, address, age, gender)
  • Content data (e.g. texts, photos, videos)
  • Usage data (e.g. visit of websites, interests)
  • Metadata (e.g. device information, IP address)

Purpose of processing

  • Modern way of user communication
  • Provision of information about own services
  • tracking, remarketing, affiliate tracking

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.
  • Consent (Art. 6 Para. 1 Cl. 1 lettera GDPR). If you, as a user of the respective social media, have to agree to the data processing, the legal basis is your consent.

2.    Facebook Fanpage

Provider

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook).

Opt-Out and advertising settings 

Joint Controller

Facebook provides us with so-called “Facebook Insights”. These are various statistics that give us information about how our Facebook fan page is used. In order to create these statistics, data provided by you (including personal data) is processed by Facebook and us as joint responsible parties within the meaning of Art. 26 Para. 1 GDPR. Together with Facebook, we have concluded an agreement in accordance with Art. 26 GDPR, the content of which you can read here: https://www.facebook.com/legal/terms/page_controller_addendum

Data protection outside the EU/ EEA

We have concluded standard data protection clauses with Facebook

Legal basis and purposes of Facebook’s processing

https://www.facebook.com/about/privacy/legal_bases and https://dede.facebook.com/policy.php 

Privacy policy

Further information on data processing can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy

3.    Instagram

Provider

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, Mutterunternehmen: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook).

Privacy Policy

Opt-Out and advertising settings

4.    Twitter

Provider

musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA (Twitter).

Data protection outside the EU/ EEA

We have concluded standard data protection clauses with Twitter

Privacy Policy

Possibility of objection (Opt-Out)

5.    LinkedIn

Provider

LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043; LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, (LinkedIn).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with LinkedIn

Privacy policy

For further information, please refer to the MyFonts privacy policy: https://www.linkedin.com/legal/privacy-policy

Cookie Policy

6.    Xing

Provider

XING SE, Dammtorstraße 30, 20354 Hamburg (XING).

Privacy policy and possibility of objection (opt-out)

7.    Youtube

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Privacy policy

Opt-Out and advertising settings

8.    Vimeo

Provider

Vimeo Inc, 555 West 18th Street New York, 10011, USA (Vimeo).

Privacy policy

XVII.  Social Media Plugins

1.    Generell information

We integrate elements of social network providers or comparable services into our online offer. These are, for example, videos, social media buttons or graphics. This content is loaded from the servers of the respective third-party providers. The third-party providers are thereby able to use so-called pixel tags for statistical purposes or for marketing measures. This makes it possible, for example, to evaluate visitor traffic on the respective website. If you are logged in to the respective third-party provider at the same time, it is possible that this provider recognizes which subpage of our website you are visiting each time you call up our website and for the entire duration of your respective stay on our website.  

Processed data

  • Usage data (e.g. websites visited, access times).
  • Meta – and communication data (e.g. IP addresses).

Purpose of processing

  • Provision and optimization of our online offer

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR).

2.    Facebook Plugin

Provider

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Facebook:

Privacy policy

Further information on data processing and an opt-out option can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy

Opt-out and advertising settings

You can find an opt-out and advertising settings here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

XVIII.  Google Maps

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Type and scope of data processing

Personal data is transferred to Google in the USA. The data transfer takes place regardless of whether you have a user account with Google or not or whether you are logged into your Google user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want this, you must log out of your Google user account. Google stores your data as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Processed data

  • Usage data (e.g. websites visited, interest in content, time of access)
  • Meta and communication data (e.g. IP address)
  • Location data

Purpose of processing

Visual presentation of geographical information in the form of interactive maps, facilitation of your journey

Legal basis

  • Consent: (Art. 6 para. 1 p. 1 lit. a GDPR)

Privacy policy

Further information on data processing can be found in Google’s data protection declaration: https://policies.google.com/privacy.

Opt-out option

Here you can find an opt-out option: https://tools.google.com/dlpage/gaoptout?hl=de  

Settings for the display of advertisements

You have the possibility to adjust the display of advertisements: https://adssettings.google.com/authenticated  

XIX.    Cookie-Banner

1.    Generell information

We use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of technically unnecessary cookies.

Processed data

  • Usage data (e.g. web pages visited, time of access)
  • Meta and communication data (e.g. IP address)

Purpose oft he processing

  • Informing the user about the cookies we use.
  • Enabling to consent to cookies that are not technically necessary

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

2.    Usercentrics

Specifically, we use a cookie banner from Usercentrics.

Provider

Usercentrics GmbH, Rosental 4, 80331 Munich, Deutschland (Usercentrics).

Privacy Policy

Further information on data processing and an opt-out option can be found in the privacy policy of Usercentrics: https://usercentrics.com/privacy-policy/

XX.      Rights of the data subject

1.    Confirmation

You have the right to ask us to confirm whether personal data concerning you is being processed

2.    Right of access by the data subject (Art. 15 GDPR)

You have the right to receive from us at any time and free of charge information about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

3.    Right to retrification (Art. 16 GDPR)

You have the right to request the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

4.    Right to erase (Art. 17 GDPR)

You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons provided by law applies and if the processing or storage is not necessary.

5.    Right to restriction of processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the legal requirements is met.

6.    Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided us in a structured, common and machine-readable format. Furthermore, you have the right to have this data communicated to another person in charge, without hindrance from us, to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 Para. 2 letter a GDPR or on a contract pursuant to Art. 6 Para. 1 letter b GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us. In addition, when exercising your right to data transfer in accordance with Art. 20 Para. 1 GDPR, you have the right to request that personal data be transferred directly from one responsible party to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

7.    Right to object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6 para. 1 letter e (data processing in the public interest) or f (data processing based on a balancing of interests) of the DPA. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. In individual cases we process personal data for the purpose of direct marketing. You may at any time object to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your personal data for the purposes of direct marketing, we will no longer process the personal data for these purposes.

In addition, you have the right to object, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. You are free to exercise your right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving the use of technical specifications.

8.    withdrawal of a data protection consent

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

9.    complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

XXI.    Storage period of personal data

We process and store your personal data only as long as the purpose of storage requires it or as long as it is required by law. If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements. The criterion for the duration of storage of personal data is the respective legal retention period. After the period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfillment or initiation of a contract.

XXII.   Actuality and changes of the privacy policy

This data protection declaration is currently valid and has the following status: March 2021. If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection declaration. You can view the current data protection declaration at any time on the website under […][DL1] 

 

 [DL1]Bitte einfügen