- Personal data means any information relating to a living person who can be directly or indirectly identified, in particular by assignment to an identifier, such as a name, an identification number, location data or an online identifier.
- Processing means any operation performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, disclosure or any other type of use.
II. Use of the website for informational purposes
If you use our website for informational purposes without logging in to the website or providing us with personal data in any other way, we may automatically collect supplementary information about you that will only contain personal data in limited cases and which is automatically collected by our server, such as:
- The user’s IP address (anonymised, only the first 3 bytes)
- The name of the website and/or file accessed
- Date and time of access
- The volume of data transmitted
- A notification of successful access
- Browser type and version
- The user’s operating system
- The user’s end device, including the MAC address
- The referrer URL (previously visited site)
We only use this information to provide our services to you more effectively (e.g. by adjusting our website based on the requirements of your end device or allowing you to log in to our website), and we use comprehensive demographic data to create anonymised statistics regarding the usage of our website.
The data is not combined with other personal data that was actively entered into our website. The server log files with the above-mentioned data are automatically deleted after seven days. We reserve the right to store the server log files for longer if there is evidence to suggest unauthorised access (such as a hacking attempt or so-called DoS attack).
We require the automatically collected personal data for the provision of our website, Article 6(1)(1)(b) of the GDPR, as well as for our legitimate interest in ensuring that the website is stable and secure, Section 6(1)(1)(f) of the GDPR.
III. Applying for membership online
If you apply to become a member of our network online, we will process your personal data for the purpose of your membership in our network.
We will store your data in this context. The contact data for the public point of contact for member companies is also published on this website.
The legal basis for this processing is Article 6(1)(1)(b) of the GDPR.
You can enter your e-mail address to subscribe to our newsletter. Should you agree to receive our newsletter, you will be sent the latest news from the network and information about our events. The legal basis for this processing is Article 6(1)(1)(a) of the GDPR. We will save your e-mail address for as long as you are subscribed to our newsletter.
To subscribe to the newsletter, you must go through a double opt-in process. As part of this process, you will receive an e-mail with a link to confirm that you are the owner of the e-mail address and would like to receive our e-mail newsletter service. If you do not confirm your subscription within 96 hours of requesting the confirmation e-mail, your personal data will not be processed and will instead be automatically deleted.
To carry out the newsletter dispatch, we use the software of Sendinblue GmbH (address: Köpenicker Straße 126, 10179 Berlin), with whom we have concluded an order processing agreement. You can find out more about data protection at Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht/
V. Job portal
Our website features a job portal on which member companies can post job vacancies. We publish job postings when we receive a corresponding e-mail from you. The information that you provide us with when you contact us (e.g. your name or e-mail address) is only processed for the purpose of processing your request. We will only publish personal contact information (such as e-mail addresses or names) of contacts in the job descriptions if you wish us to do so. We store job vacancies for a duration of up to three months or until you ask us to delete your job posting.
Furthermore, we also offer a jobs newsletter where you can get information on the latest job vacancies. You can subscribe by sending us an e-mail and asking us to include your e-mail address in our mailing list. The legal basis for this processing is Article 6(1)(1)(a) of the GDPR. We will store your e-mail address as long as you are subscribed to our newsletter. You can unsubscribe from the newsletter by clicking the link in every newsletter.
1. Google Analytics
We use Google Analytics, a web analytics service from Google Inc. (‘Google’), for our statistical analyses. Google Analytics collects data on the usage of our website.
The tool collects information such as the IP address used to visit the website, the content accessed, etc. We only use the information provided to us by Google to determine which information is the most useful for you and to improve and optimise this website. The information collected with the help of Google Analytics is not linked to personal data.
The data generated regarding your use of this website is transmitted to Google and stored there on servers in the US. Google Analytics only collects the IP address that is assigned to you when you visit this website, but does not collect your name or any other identifiers. The provider uses this information to evaluate your use of the website, create reports about the use of the website, and offer us other services pertaining to the use of the website and the Internet.
We have activated IP anonymisation for Google Analytics. Your IP address is thus first truncated in a member state of the European Union or other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the US and truncated there in exceptional cases. The IP address transmitted from your browser as part of Google Analytics is not combined with any other data in Google’s possession.
This processing is based on our legitimate interest in evaluating the data traffic on our website to improve your user experience and to generally optimise the website. The legal basis for this processing is Article 6(1)(1)(f) of the GDPR.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data that Google collects through the use of this tool, and we therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google is informed that you accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can link your visit to your account. Even if you are not registered with Google or are not logged in, there is a possibility that the provider will detect and store your IP address.
You can prevent participation in this tracking process in a number of ways: a) by changing the appropriate settings in your browser software; in particular, suppressing third-party cookies will ensure that you do not receive any ads from third-party providers; b) by deactivating cookies for conversion tracking – this is done by configuring your browser to block cookies from the domain ‘www.googleadservices.com’, https://www.google.de/settings/ads, whereby these settings will be deleted when you delete your cookies; c) by deactivating the interest-based ads from providers that take part in the ‘About Ads’ self-regulation campaign using the link http://www.aboutads.info/choices, whereby these settings will be deleted when you delete your cookies; d) through permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser using the link http://www.google.com/settings/ads/plugin. However, you are made aware that you might not be able to use all the functions of the website to their full extent if you do so.
Alternatively, you can visit the Network Advertising Initiative website (NAI) at http://www.networkadvertising.org. Google is compliant with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
VII. Third-party content
We have embedded YouTube videos on our website that are saved at http://www.youtube.com and can be played directly on our website. These videos are all embedded in ‘enhanced data protection mode’, which means that no data about you as the user is transferred to YouTube if you do not play the video. The data specified below is only transferred when you play the videos. We have no control over this data transfer.
The legal basis for this processing is Article 6(1)(1)(f) of the GDPR. Our embedding of YouTube videos is based on our legitimate interest to improve the user experience on our website and optimise our services.
2. Links to third-party websites
The website may contain links to third-party websites. We are not responsible for the content and data processing on these respective third-party website. You can find information on data processing on the corresponding websites in the privacy policies of the websites in question.
VIII. Transfer of personal data to third parties
Your personal data may be disclosed to the following contractors that assist us in the provision of our services [HQ Labs, headquartered in Hamburg, Germany; Mailjet, headquartered in (to be added); Potsdamer Letterschop, headquartered in Potsdam, Germany].
If we are legally authorised or obliged to do so (on the basis of applicable laws or a court order), we may disclose your personal data.
IX. Transfer of personal data to third countries
Within the scope specified above, we may transmit your personal data to other countries (including countries outside of the EU) that may have data protection standards that differ from those of your place of residence. Please note that data processed in other countries may be subject to foreign laws and be accessible to the governments, courts, law enforcement agencies and supervisory authorities of said countries. If we transmit your personal data to such countries, however, we will implement suitable measures to protect your data appropriately.
We implement suitable, state-of-the-art security measures to protect your data against loss, misuse and alteration. Accordingly, our security guidelines and privacy policies are reviewed regularly and improved where necessary. Furthermore, only authorised employees have access to personal data. Even though we cannot ensure or guarantee that data will never be lost, misused or altered, we do everything in our power to prevent this from happening.
Please be aware that data transfer via the Internet is never completely secure. We cannot guarantee the security of the data entered on our website during transfer via the Internet. This is done at your own risk.
XI. Storage periods
XII. Your rights
Depending on the circumstances of the specific case in question, you have the following data protection rights:
- The right to request access to your personal data and or copies of this data. This includes information on the purpose of use, the category of the data used, the recipient and the persons authorised to access the data, as well as, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining the duration thereof.
- The right to request the rectification, erasure or restriction of the processing of your personal data insofar as the use of this data is inadmissible under data protection law, in particular because (i) the data is incomplete or incorrect, (ii) the data is no longer required for the purposes for which it was collected, (iii) the consent on which the processing was based has been withdrawn, or (iv) you have successfully exercised your right to object to data processing; in cases in which the data is processed by third parties, we will pass on your requests for rectification, erasure or restriction of processing to these third parties, unless this proves to be impossible or involves disproportionate effort.
- The right to deny or withdraw your consent – without altering the legality of the processing carried out on the basis of the consent before revocation – to the processing of your personal data at any time.
- The right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
- The right to receive the personal data that you have provided us with in a structured, commonly used and machine-readable format and to transmit that data to another controller without hindrance by us; you also have the right to request that we transmit your personal data directly to another controller should this be technically possible.
- The right to take legal action or call the responsible supervisory authorities if you are of the opinion that your rights have been violated as the result of processing of your personal data that does not comply with the legal data protection requirements.
(i) exercise the rights specified above or
(ii) ask questions or
(iii) lodge a complaint against the processing of your personal data carried out by us by contacting us as specified below.
In addition, you also have the right to object to the processing of your personal data at any time:
- if we process your personal data for the purpose of direct marketing; or
- if we process your personal data in order to pursue our legitimate interests and there are reasons for you to object arising
The information that you provide us with when you contact us (e.g., your name or e-mail address) is only processed for the purpose of dealing with your request. This information will then be deleted immediately. Alternatively, we may limit the processing of your personal data on the basis of the legal provisions regarding retention obligations.