Privacy Policy
We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used. Personal data refers to specific details regarding the personal or factual circumstances of an identified or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This therefore refers to data that enables us to identify you. In addition, you will also find some information here regarding data processing activities outside this website (e.g. video conferences or newsletters).
Responsible for data processing
Data controller
For the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
Finance for Expats GmbH
Aronstabweg 2
30559 Hannover
Phone: +49 (511) 5151 2950
Email: info@financeforexpats.de
Data Protection Officer
exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Phone: 02452 / 99 33 11
General Information
In addition to the data you actively provide to us on this site (e.g. via our contact form), we collect certain technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you visit our website (including browser, operating system or timestamp). We use this data to ensure our website is displayed correctly. In addition, we may collect data via integrated third-party providers (e.g. for external media such as map services or analytics tools). We will explain the specific purposes and legal bases in the course of this privacy policy.
Retention period
Unless a specific retention period is stated within this privacy policy, we will retain your personal data for as long as the purpose of the data processing remains valid. If you submit a valid request for erasure or withdraw your consent, we will delete your data. Statutory retention obligations remain unaffected.
Legal basis for data processing
If you have consented to data processing, the processing of your personal data is based on Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, if special categories of data are processed in accordance with Article 9(1) of the GDPR. Where you have given your express consent to the transfer of personal data to third countries, the data is also processed in accordance with Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. through device fingerprinting), data processing also takes place on the basis of Section 25(1) of the TDDDG. Your consent may be withdrawn at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data in accordance with Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation, on the basis of Article 6(1)(c) of the GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The following sections of this privacy policy provide information on the respective legal bases in individual cases.
Note on data transfers to third countries and US companies without DPF certification
Please note that we use tools from companies based in third countries with insufficient data protection standards or in the USA, which are not covered by the EU-US Data Protection Framework (DPF). When using these tools, your personal data may be transferred to and processed in these countries. Please note that in these third countries, a level of data protection comparable to that of the EU cannot be guaranteed.
We would like to clarify that the US generally offers a level of data protection comparable to that of the EU. The transfer of data to the US is permitted if the recipient holds DPF certification or provides appropriate additional safeguards. Information on data transfers to third countries, including data recipients, can be found in our privacy policy.
Automated decision-making
Your personal data is not processed for the purposes of automated decision-making.
Your rights
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: You have the right to request confirmation from us as to whether your personal data is being processed and, if so, to receive further information about the processing and copies of the data being processed (Art. 15 GDPR).
- Right to rectification: You have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
- Right to erasure: You have the right to request the immediate erasure of personal data concerning you where the legal conditions are met, in particular where the data is no longer necessary for the purposes for which it was collected and the processing is unlawful (Art. 17 GDPR).
- Right to restriction of processing: You have the right to request that we restrict the processing of your personal data where the legal conditions are met, in particular where you contest the accuracy of the data, the processing is unlawful and you oppose erasure (Art. 18 GDPR).
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided this is technically feasible (Art. 20 GDPR).
- Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, where the processing is based on Article 6(1)(e) or (f) of the GDPR (Article 21 of the GDPR).
- Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. Withdrawal of your consent does not affect the lawfulness of processing carried out on the basis of your consent prior to withdrawal (Art. 7(3) GDPR).
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the GDPR (Article 77 GDPR).
Further data processing operations
General information obligations
This information is intended for customers, prospective customers, suppliers and employees. We process your personal data for the following purposes:
- To fulfil our contractual obligations to you (Art. 6(1)(b) GDPR).
- To carry out pre-contractual obligations (Art. 6(1)(b) GDPR).
- To respond to enquiries (Art. 6(1)(b) GDPR).
- Where you have given us your consent to process your personal data for specific purposes (such as to receive our newsletter), data processing takes place on the basis of your consent (Art. 6(1)(a) GDPR).
- To comply with legal obligations to which our company is subject (Art. 6(1)(c) GDPR).
- Where necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes, or to ensure IT security; to consult and exchange data with credit reference agencies to assess creditworthiness and default risks; for direct marketing and market research, provided you have not objected to the use of your data for this purpose; in connection with measures for business management and the further development of services and products, in connection with measures for product and sales optimisation, in connection with risk management measures, and for the prevention or investigation of criminal offences (Art. 6(1)(f) GDPR).
Categories of recipients of personal data
Within our company, only those employees who absolutely need the data to perform their duties have access to it (need-to-know principle). Individual processes and services are carried out by carefully selected service providers, commissioned in accordance with data protection regulations, who are based within the EEA. Where service providers commissioned by us gain access to personal data whilst performing their services, data processing agreements have been concluded with them in accordance with Article 28(3) of the GDPR.
Duration of data storage
The data we process is stored for the duration of the contractual relationship and its fulfilment, and in compliance with statutory retention periods. These include, in particular, commercial and tax law retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The standard retention and documentation periods amount to up to ten years. If no contractual relationship is established, we process the data only for as long as the specific purpose requires.
Cookies
Cookies are small text files that are stored by your browser on your device to save certain information whilst you are using the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.
There are various types of cookies, each serving different purposes. Temporary cookies, also known as session cookies, are stored only for the duration of your use of the website and are automatically deleted when you close your browser. Persistent cookies, on the other hand, remain stored on your device for a longer period and enable us to recognise you and your preferences on subsequent visits to the website.
Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, whilst third-party cookies are set by other websites or service providers whose content is integrated into our website, such as plugins or analytics tools.
Cookies are used for various purposes, such as ensuring the website functions properly, storing user settings, compiling anonymous statistics on user behaviour, or displaying personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest pursuant to Article 6(1)(f) of the GDPR, in order to make our website functional and user-friendly. As the website operator, we have a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of our services. Where we seek your consent for the use of cookies, processing is carried out on the basis of Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. Your consent may be withdrawn at any time.
Data processing in detail
Below, we provide information on the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. No automated decision-making, including profiling, takes place in individual cases.
Provision of the website
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which the access originated (referrer URL)
- Browser used and, where applicable, your computer’s operating system, as well as the name of your internet service provider
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of providing the website, in accordance with Article 28 of the GDPR.
The use of the hosting provider is for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of ensuring the secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) GDPR).
We use the following hosting providers:
Firebase (website hosting)
Firebase Google Inc.
Google Ireland Limited
Gordon House
Barrow Street Dublin 4
Ireland
Hetzner (content management system / CMS)
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Our website content is managed via a CMS hosted by Hetzner (cms.webstra.de). Hetzner processes personal data on our behalf in accordance with Article 28 of the GDPR. For details, please view Hetzner’s privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.
We use Hetzner on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in the reliable operation of our content management infrastructure. We have concluded a data processing agreement (DPA) with Hetzner for the use of this service.
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have also entered into a data processing agreement (DPA) with our Firebase hosting provider.
Contact form
Nature and scope of processing
When you send us enquiries (e.g. via the contact form, email or telephone), we store all data resulting from this (e.g. name, email address, subject of the enquiry, etc.). We require this data to process your enquiry and to be able to answer any follow-up questions. We will not pass on this data without your consent.
Purpose and legal basis
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if you have previously given it.
Retention period
The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact form for applicants
Nature and scope of processing
We collect and process the personal data of applicants. Such data processing may also take place electronically, for example, when applicants submit application documents to us by email or via a web form on our website. On our website, we offer you the option of submitting applications for advertised vacancies to us by email.
Purpose and legal basis
We process the personal data of applicants in accordance with legal requirements for the purpose of establishing an employment relationship (Art. 6(1)(b) GDPR). You are not obliged to provide us with this data. However, without this data, we cannot carry out an application process with you.
If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Article 6(1)(b) of the GDPR and, insofar as you provide us with special categories of personal data such as health information, on the basis of Article 9(2)(b) for the purpose of carrying out the employment relationship.
We also use the professional networking services LinkedIn and XING to contact potential applicants. In this regard, the operators of these networks act as data processors on our behalf in accordance with our instructions. The legal basis for data processing when contacting potential applicants on our behalf is Article 6(1)(f) of the GDPR (our legitimate interests). If, following such contact, you send us your application, we process your data for the purpose of establishing an employment relationship as described above on the basis of Article 6(1)(b) of the GDPR.
Retention period
If your application is unsuccessful, your data will be retained for a period of 6 months following the conclusion of the recruitment process. This is done to safeguard our legitimate interests, in order to assess whether we may need the data to defend against any potential claims arising from the recruitment process. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without any direct personal reference for statistical analysis (for example, the proportion of female and male applicants, the number of applications per period, etc.).
If it becomes apparent that further storage of the data is necessary after the expiry of the 6-month period to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), deletion will only take place once the purpose for the continued storage no longer applies. The legal basis for this further data storage is our legitimate interests in the assertion, exercise or defence of civil law claims (Art. 6(1)(f) GDPR in conjunction with Section 24(1)(2) BDSG or, where special categories of personal data are stored, Art. 9(2)(f) GDPR in conjunction with Section 24(2) BDSG).
Inclusion in the applicant pool
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 24 months on the basis of consent within the meaning of Article 6(1)(a) and Article 9(2)(a) of the GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, without this data, we cannot consider you for future vacancies unless you submit a new application.
Consent to the inclusion of application data in the talent pool is voluntary and may be withdrawn at any time with future effect. Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal.
Your application documents will be deleted from the talent pool at the latest upon expiry of the retention period, or in the event of a withdrawal of consent, or upon acceptance of a job offer from one of the companies responsible for the talent pool.
If, as part of the application process, you receive an offer of employment from us and accept it, we or that company will store the personal data collected during the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Article 6(1)(b) of the GDPR or, insofar as you provide us with special categories of personal data such as health information, Article 9(2)(b).
Newsletter
We offer our newsletter on this website. If you wish to subscribe to it, we require your email address and further data to verify that the email address belongs to you and that you consent to receiving the newsletter. No other personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.).
When processing the data you provide when registering for the newsletter, we rely exclusively on your consent in accordance with Article 6(1)(a) of the GDPR as the legal basis. You may withdraw your consent to the processing and storage of your personal data at any time (e.g. via the ‘Unsubscribe’ link in the newsletter) with effect for the future.
We store the personal data you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter via us or the mailing service provider. This does not apply to data we have stored about you for other purposes.
If you unsubscribe from the newsletter mailing list, your email address will be stored by us or the mailing service provider on a blacklist for an indefinite period. This is done to prevent future mailings from being sent to you. The data from the blacklist is used exclusively for this purpose and is not combined with other data. This is not only in your interest, but also in our legitimate interest under Article 6(1)(f) of the GDPR to fulfil our legal obligations regarding the sending of newsletters. You may object to the storage of your data if your personal interests override our legitimate interest.
Brevo
This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is a service for organising and analysing newsletter distribution. The data you provide to subscribe to the newsletter is stored on Brevo’s servers in Germany.
Brevo enables us to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked. This allows us to determine which links have been clicked most frequently.
Brevo also allows us to group newsletter recipients into different categories (‘clustering’). For example, newsletter recipients can be grouped by age, gender or place of residence. This enables us to tailor the newsletters more effectively to the respective target groups.
If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
Further information on Brevo’s features can be found here: https://www.brevo.com/de/newsletter-software/.
Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.
The data stored by us for the purpose of receiving the newsletter will be retained by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the distribution list once you have unsubscribed. Data stored by us for other reasons remains unaffected by this.
After you unsubscribe from the newsletter list, your email address may be stored by us or the newsletter service provider in a block list to prevent future mailings. The data from the block list is used solely for this purpose and is not merged with other data. This serves both your and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). Storage on the block list is not time-limited. You may object to this storage provided that your interests override our legitimate interest.
Further information on data protection at Brevo can be found here: https://www.brevo.com/de/legal/privacypolicy/.
To ensure that personal data is processed in accordance with our guidelines and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Presence on social media platforms
We maintain public profiles on various social networks via our website. You can find more detailed information about the social networks we use in the relevant sections of our privacy policy.
Social networks such as Facebook, Twitter and others can comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. ‘Like’ buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can link this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the relevant social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media platforms can create user profiles containing your preferences and interests. This enables interest-based advertising to be displayed to you both within and outside the respective social media platform. If you have an account with the relevant social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.
Please note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.
Legal basis for data processing
Our social media presence serves to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) of the GDPR).
Data controller and exercising of rights
When you visit our social media pages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by that visit. You may generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability and the right to lodge a complaint) both against us and against the operator of the relevant social media portal (e.g. against Facebook).
Although we share responsibility with the social media platform operators, we do not have full control over the data processing activities carried out by these platforms. Our options are largely determined by the corporate policies of the respective provider.
Duration of data storage
Data collected directly by us via our social media presence will be deleted from our systems as soon as you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence over the duration of storage of your data that is stored by the operators of social networks for their own purposes. For further details, please contact the operators of the social networks directly (e.g. via their privacy policy, see below).
Facebook page
Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter ‘Meta’). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement sets out which data processing operations we and Meta are responsible for when you visit our Facebook page. You can view the agreement via the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For further information, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
Instagram page
Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to adhere to these data protection standards.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For further information on how your personal data is handled, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.
LinkedIn page
Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Data transfers to the US are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For further information on how your personal data is handled, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
Communication via WhatsApp
To communicate with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp Business, provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When you communicate with us via WhatsApp, the chats are end-to-end encrypted. This is intended to prevent WhatsApp or third parties from accessing the content of the chat. However, WhatsApp does have access to metadata generated during the communication process (e.g. sender, recipient and time). WhatsApp shares the personal data collected with its parent company, Meta, which is based in the USA. Further details on data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.
The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, prospective customers and other business and contractual partners (Art. 6(1)(f) GDPR). If you have previously given your consent to data processing, the processing of your data takes place solely on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.
The content of communications exchanged between us and on WhatsApp remains with us until you request its deletion, withdraw your consent to its storage, or the purpose for data storage ceases to apply (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to observe these data protection standards.
We have configured our WhatsApp accounts so that there is no automatic data synchronisation with the address book on the smartphones in use.
To ensure that personal data is processed in accordance with our guidelines and in compliance with the GDPR, we have entered into a Data Processing Agreement (DPA) with the provider.
ProvenExpert
We have included evaluation seals and links from ProvenExpert on this website. The provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com.
The ProvenExpert seal enables us to display on our website customer reviews that have been submitted to ProvenExpert about our company. When you visit our website, a connection to ProvenExpert may be established so that ProvenExpert can determine that you have visited our website. Furthermore, ProvenExpert may record your language settings to display the seal in the chosen language.
The use of ProvenExpert is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the comprehensible presentation of customer reviews. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent includes the storage of cookies or the access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Video Conferencing
Data processing
We use online conferencing tools to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference, your personal data is collected and processed by us and the provider of the relevant tool.
The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you joined the conference, the number of participants and other metadata.
In addition, the tool provider processes all technical data necessary for the conference to take place. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
When you share content via this service, it is stored on the providers’ servers. This includes cloud recordings, chat messages, voice messages, as well as photos and videos that you have shared whilst using this service.
Please note that we do not have full control over the data processing operations of the tools used. For further details on data processing by the conference tools, please refer to the privacy policies of the respective tools used.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Article 6(1)(b) of the GDPR). Furthermore, the use of these tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). If you have previously given your consent to data processing, the processing of your data takes place solely on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.
Retention period
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request us to do so, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence over the storage period of your data that is stored by the operators of the conference tools for their own purposes. For further details, please contact the operators of the conference tools directly.
Services and tools used
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us to analyse the behaviour patterns of website visitors. To that end, we receive data such as pages accessed, time spent on the page, the operating system used and the visitor’s origin. This data may be summarised under a user ID and assigned to the respective end device of the website visitor.
Google Analytics uses technologies such as cookies or device fingerprinting to recognise users for the purpose of analysing user behaviour. Information recorded by Google is, as a rule, transferred to a Google server in the United States, where it is stored.
Google Analytics is only activated after you have given your consent via our cookie banner. The use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s privacy policy at: https://support.google.com/analytics/answer/6004245?hl=en.
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection authorities when using Google Analytics.
Ahrefs Analytics
This website uses Ahrefs Analytics, a web analytics service provided by Ahrefs Pte. Ltd. (16 Raffles Quay, #33-03 Hong Leong Building, Singapore 048581).
Ahrefs Analytics helps us understand how visitors use our website, for example which pages are accessed and from which sources visitors arrive. When you visit our website, data such as your IP address, browser information, pages visited and referrer URL may be processed by Ahrefs.
We use Ahrefs Analytics on the basis of our legitimate interest in analysing and optimising our online offering pursuant to Article 6(1)(f) of the GDPR.
Further information on data processing by Ahrefs can be found in Ahrefs’ privacy policy: https://ahrefs.com/legal/privacy-policy.
Google API
On our website, we use the services and functions of Google APIs, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Nature and scope of data processing
Google APIs allow us to access additional services and data from Google. When using these services, your IP address is transmitted to Google Ireland Limited. Please note that we provide specific information in our privacy policy for each additional Google service that we use. Further information on Google APIs and data protection can be found in Google’s privacy policy: https://policies.google.com/privacy.
Legal basis
We use Google APIs based on our legitimate interests (i.e. the interest in optimising our online offering), in accordance with Article 6(1)(f) of the GDPR. Where we obtain consent (e.g. consent to the storage of cookies), data processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; you may withdraw this consent at any time.
Data processing
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Google Fonts
This website uses so-called Google Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure the uniform display of fonts.
The fonts are loaded from Google servers (fonts.googleapis.com and fonts.gstatic.com). When you access our website, your browser establishes a connection to Google’s servers. In the process, your IP address and technical browser information may be transmitted to Google.
We use Google Fonts on the basis of our legitimate interest in a uniform and appealing presentation of our website pursuant to Article 6(1)(f) of the GDPR.
For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s privacy policy at: https://policies.google.com/privacy?hl=en.
Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. When you access Google Maps, your browser may load required web fonts into your browser cache to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Article 6(1)(f) of the GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent includes the storage of cookies or the access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s privacy policy at: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Gstatic
On this website, we use functions provided by Gstatic, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Nature and scope of data processing
Gstatic is a service provided by Google to speed up the loading of web pages. Gstatic stores website resources such as images, CSS and JavaScript files on its servers in order to deliver them to the user more quickly when the page is visited again. During this data processing, technical information, such as your IP address and technical details of your browser, is transmitted to Gstatic.
The user profiles created by Gstatic are pseudonymised and cannot be traced directly back to you as an individual.
Further information on this can be found in Google’s privacy policy: https://policies.google.com/privacy.
Legal basis
The use of Gstatic on this website is based on your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG. You have the right to withdraw your consent at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Data processing
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Brevo
This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is a service for organising and analysing newsletter distribution. The data you provide to subscribe to the newsletter is stored on Brevo’s servers in Germany.
Brevo enables us to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked. This allows us to determine which links have been clicked most frequently.
Brevo also allows us to group newsletter recipients into different categories (‘clustering’). For example, newsletter recipients can be grouped by age, gender or place of residence. This enables us to tailor the newsletters more effectively to the respective target groups.
If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
Further information on Brevo’s features can be found here: https://www.brevo.com/de/newsletter-software/.
Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.
The data stored by us for the purpose of receiving the newsletter will be retained by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the distribution list once you have unsubscribed. Data stored by us for other reasons remains unaffected by this.
After you unsubscribe from the newsletter list, your email address may be stored by us or the newsletter service provider in a block list to prevent future mailings. The data from the block list is used solely for this purpose and is not merged with other data. This serves both your and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). Storage on the block list is not time-limited. You may object to this storage provided that your interests override our legitimate interest.
Further information on data protection at Brevo can be found here: https://www.brevo.com/de/legal/privacypolicy/.
To ensure that personal data is processed in accordance with our guidelines and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Unpkg CDN
On this website, we use services and features provided by Unpkg CDN, a content delivery network (CDN) operated by Cloudflare, Inc.
Nature and scope of data processing
The CDN serves to deliver content from our online offering, such as graphics or scripts, quickly and efficiently. The content is stored on servers distributed regionally or globally so that it can be made available to users more quickly. Each time this content is accessed, a connection is established with Cloudflare’s servers, during which your IP address and, where applicable, further browser data such as your user agent are collected and processed. This data processing serves exclusively to optimise and ensure the functionality of the service. Further information on this can be found in the privacy policy for Unpkg CDN at: https://www.cloudflare.com/privacypolicy/.
Legal basis
The use of Unpkg CDN is based on our legitimate interest in the secure and efficient provision of our online services in accordance with Article 6(1)(f) of the GDPR.
Data processing
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Cloudflare CDN
We use a so-called "Content Delivery Network" (CDN) provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
A CDN enables us to deliver certain content quickly, particularly large media files. This is achieved via a network of regionally distributed servers connected via the internet. In this way, the provider can analyse the data transmission between your browser and our servers and filter out potentially malicious traffic. The processing of user data is carried out solely for the aforementioned purposes and serves to maintain the security and functionality of the CDN.
The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6(1)(f) GDPR).
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.cloudflare.com/privacypolicy/.
Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to adhere to these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active
Data processing
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Calendly
You can book appointments with us on our website. For this purpose, we use the “Calendly” tool provided by Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.
When you use our appointment booking form, we process the data you enter for the planning, execution and, where applicable, follow-up of the appointment. This data is stored on the provider’s servers. The data you enter remains with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions remain unaffected.
Purpose & Legal Basis
Data processing is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in facilitating a simple appointment booking process for prospective clients and customers. If you have previously consented to data processing, the processing is carried out on the basis of Article 6( (1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of information or access to information on your device within the meaning of the TDDDG. Consent may be withdrawn at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://calendly.com/pages/dpa.
Further information on data processing can be found here: https://calendly.com/de/pages/privacy
Data processing
To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.
Meta Pixel
We use the Meta Pixel on this website, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
With the help of the Meta Pixel, we can analyse the behaviour of our website visitors when they are redirected to our website by clicking on a Facebook advertisement. We use the user data to measure the success of our advertisements on Facebook and to optimise the ads. As the website operator, we only receive anonymised data for this purpose, meaning we cannot identify you as a user.
Meta, on the other hand, processes the data in such a way that it is attributed to a specific user and used for its own advertising purposes. This enables Meta to display personalised advertisements on Meta and other websites. We, as the website operator, have no influence over this. Further information on data processing can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy/.
Legal basis
When using Meta Pixel, we rely on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
The transfer of your personal data to the USA is based on the EU Commission’s Standard Contractual Clauses. Further information on this can be found at https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
If personal data is collected on this website via this service and passed on to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, share joint responsibility for the processing of your personal data (Art. 26 GDPR). However, we are only responsible for the collection of your data and its transmission to Meta, whilst Meta is responsible for what happens to the data thereafter. The obligations we impose on each other within the framework of joint responsibility are set out in a joint data processing agreement. You can find the exact text of the agreement at the following link: https://www.facebook.com/legal/controller_addendum. Accordingly, when using the Meta tool, we must provide you with information on data protection and ensure that the tool is implemented on our website in compliance with data protection regulations.
Meta itself is responsible for the security of its own products. If you wish to exercise your data subject rights and, for example, request information about your data processed by Meta, you can contact Meta directly. If you exercise your rights as a data subject with us, we are obliged to forward your request to Meta.
JSDelivr CDN
Nature and scope of processing
We use JSDelivr CDN to ensure the proper delivery of our website's content. JSDelivr CDN is a service provided by Prospect One, which acts as a Content Delivery Network (CDN) on our website.
A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts, more quickly with the aid of servers distributed regionally or internationally. When you access this content, you establish a connection to servers operated by Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and, where applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of JSDelivr CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. our interest in the secure and efficient provision and optimisation of our online offering in accordance with Article 6(1)(f) of the GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data transfers to the USA are carried out in accordance with Article 45(1) of the GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US sub-processors are certified under the EU-US Data Privacy Framework (EU-US DPF).
In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-US DPF), we have agreed on other suitable safeguards with the recipients of the data in accordance with Articles 44 et seq. of the GDPR. Unless otherwise stated, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a transfer to a third country, we will obtain your consent in accordance with Article 49(1)(a) of the GDPR, which you provide via our cookie banner (or other forms, registrations, etc.). We would like to draw your attention to the fact that transfers to third countries may involve risks of which the details are unknown (e.g. data processing by the security authorities of the third country, the exact scope of which and the consequences for you we do not know, over which we have no influence and of which you may not become aware).
Retention period
We have no influence over the specific retention period of the processed data; this is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.
CookieConsent (orestbida)
We use the open-source cookie consent solution CookieConsent (version 3, developed by orestbida) to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document your choices in accordance with data protection regulations. The library is loaded on our website via JSDelivr CDN; it is operated locally in your browser and does not transmit personal data to the developer of the software.
When you visit our website, a cookie banner is displayed. You can accept all cookies, reject non-essential cookies, or manage your preferences by category (e.g. essential and analytics cookies). Your consent choices are stored locally in your browser (e.g. via cookies or local storage) so that your preferences can be remembered on subsequent visits.
CookieConsent is used to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) of the GDPR.
Further information about CookieConsent can be found in the project documentation: https://cookieconsent.orestbida.com/.