Valid from: June 2021
This data protection notice is designed to inform you about our handling of your personal data and about your rights according to the European General Data Protection Regulation (hereinafter referred to as “GDPR”) and the Data Protection Act 1998 (the “Act”). The data controller responsible for data processing is Teddle Limited (hereinafter referred to as “we” or “us”) and we are registered on the Information Commissioner’s Register of Data Controllers under registration number Z3229504.
I. General information
1. Contact us
If you have any questions or suggestions regarding this notice, or if you would like to contact us about asserting your rights, please direct your inquiry to: Teddle Limited, 86-90 Paul Street, London, EC2A 4NE, UK; E-Mail: dataprotection@helpling.co.uk
2. Legal basis
The term “personal data” under data protection law refers to all information relating to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, the GDPR and the Act. Data processing by us only takes place lawfully. We process personal data only when you have given your consent (Art. 6.1.a GDPR), to perform a contract to which you are a party, or at your request to take steps prior to entering into a contract (Art. 6.1.b GDPR), to comply with our legal obligation (Art. 6.1.c GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override (Art. 6.1.f GDPR).
If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding whether to establish an employment relationship.
3. Duration of storage
Unless otherwise stated in the following notes, we store data only for as long as is necessary to achieve the purpose of processing or to comply with our contractual or legal obligations. Such legal retention obligations may arise, among others, from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. Categories of recipients of the data
We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing activities or file and data carrier destruction. A processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors/auditors or the tax authorities.
5. Transfer of data to third countries
Visiting our website may involve the transfer of personal data to third countries, i.e., countries where the GDPR is not applicable. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards are in place in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met. Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: found here.
6. Processing of data when exercising your rights
If you exercise your rights set out in Art. 15 to 22 GDPR, we will process the transmitted personal data to make sure you can exercise your rights and we can provide evidence thereof. We will only process your data to provide information and have it ready for this purpose in case a control of data protection takes place, also to restrict processing in accordance with Art. 18 GDPR.
These processing operations are based on Art. 6.1.c GDPR in conjunction with Art. 15 to 22 GDPR.
7. Your rights
Where personal data relates to you, you have the following rights towards us as the controller:
- Right of access (Art. 15 GDPR): you have the right to ask us if we process personal data about you and, if so, information on the extent of the processing.
- Right to rectification (Art. 16 GDPR): you have the right to have your personal data corrected.
- Right to be forgotten (Art. 17 GDPR): you have the right to have your personal data erased.
- Right to restriction of processing (Art. 18 GDPR): you have the right to obtain the restriction of the processing of your personal data.
- Right to data portability (Art. 20 GDPR): you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly-used and machine-readable format and to transfer that data to another controller.
- Withdrawal of consent (Art. 7.3. GDPR): if you have given us your consent to process personal data about you, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): if you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority.
8. Right to object
In accordance with Art. 21.1 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing based on points e) or f) of Art. 6.1 GDPR. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Art. 21.2 and 21.3 of the GDPR.
II. Data processing on our website
When using our website, we collect all information you give us. In addition, during your visit on our website, we automatically collect certain information about your use of the website. Under data protection laws, the IP address is generally considered to be personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Processing of server log files
When using our website for informational purposes only, general data is initially stored automatically (i.e., not via registration) and transmitted to our server by your browser. By default, this includes: the browser type/version, the operating system used, the page accessed, the page previously visited (referrer URL), the IP address, the date and time of the server request and the HTTP status code.
The processing is carried out for the purposes of our legitimate interests, in accordance with Art. 6.1.f GDPR. This processing is used for technical administration and website security. Stored data will be deleted after two months unless there are concrete reference points for potential unlawful use that require further examination and processing of this data. We are not able to identify you as a data subject based on the stored information. Pursuant to Art. 11.2 GDPR, the provisions of Art. 15 to 22 GDPR do not apply unless you provide additional information that enables us to identify you to exercise your rights set out in these articles.
2. Special notes for Users
In the following we will describe how we process data when you book household services via our platform and request the service of a provider.
a. Booking of household services
To book household services via our website you are required to register with us and create your own Helpling account. This profile is necessary to identify potential service providers that offer their services in the area requested and based on additional criteria you put forward.
We collect the following information:
First name, last name, email address, telephone number, street, house number, additional address information, postcode, city, information to identify you in case of need, preferred method of payment (hereinafter combined referred to as “user profile data”), type of service requested and additional services as well as the date, time and duration of the requested service, information if service is one-off or recurring (hereinafter combined referred to as “booking data”, time of user profile creation and update.
In addition, you can also specify the following information: Presence of domestic animals, disposal site for waste, availability of parking spots, specification of special needs (e.g., certain priorities or rooms, which should not be included in the service requested), possible requirements regarding cleaning materials, information on how the service provider can access your apartment (e.g., keys are with neighbor, or you are at home).
We transfer the user profile data, booking data and possible additional information provided by you on a voluntary basis for the purpose of arranging household services to service providers you selected during the booking process plus potentially other service providers that fit your booking criteria. If you do not select any service provider, or if none of the service providers you select confirm the booking to provide the service at the requested location and time, we will forward your user profile data, booking data and any other information you voluntarily provide to other service providers for the purpose of arranging the household services, who may accept your request.
If a booking request is accepted and a contract between you and a provider is confirmed, we also processe your user profile data for the purpose of booking support, fulfilment, completion, accounting and follow-up assistance of the respective booked services as well as contracts including additional related actions such as invoices, credit, claims, cancellations etc.
On top of that we use user profile data, especially your telephone number, to send out automated messages to notify and remind you of upcoming cleaning events and services.
We also use the booking data to the required extent to generate invoices for the delivered services of the provider and any following necessary assistance (e.g., in case of inadequate service delivery of your provider) as well as for the settlement of our commission vis-à-vis the service provider.
In addition we transfer, depending on the chosen method of payment, your credit card data (card number, expiry date, security code) or your bank account details (hereinafter also referred to as “payment data”), that we collect in connection to the booking, to the licensed payment provider Stripe Payments Europe Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland, cooperating with us for the purpose of handling of payments (hereinafter referred to as “payment provider”). The payment provider is collecting, processing, and using the payment data for the purpose of handling of payments respectively collecting the receivables from your bank account. There is no additional storage of your payment data.
As part of our service provision, we store the services booked by you and provided to you by a service provider, including any invoice issued, in your user profile so that you can access this information at a later date.
The legal basis for the described data processing is Art. 6.1.b GDPR.
If you do not select a service provider, or none of the service providers selected by you has confirmed the booking, we will forward the data provided for the purpose of arranging the household services to other service providers who can accept your request. This is done in accordance with Art. 6.1.f GPDR. The forwarding takes place in the interest of the other service providers to offer you the desired household services.
b. Consent to advertising
If you have given your consent to be contacted by us for advertising purposes, we process and use your user profile data, booking data and additional information as well as your access times to your user profile, to better understand your user habits and to send you information about other services that may be of your interest. Once you have given your consent to the use of your data for promotional purposes (e.g. newsletter), you can withdraw this consent at any time via the unsubscribe link in our email as well as by sending an email to datenschutz@helpling.de. The legal basis for this processing is Art. 6.1.a GDPR.
c. Update/Deletion of profile data
You can update your information and user data at any time in your account. If you want to delete your user profile, we will block your data first and then delete it.
3. Special notes for service providers
a. Registration and mediation
If you are creating an account as a service provider on our platform, we process the following data to initiate and potentially close a contract with you regarding the intermediation of household services: First name, last name, email address, street, house number, postcode, city, nationality, date of birth and telephone number and information to identify you in case of need (hereinafter combined referred to as “provider profile data”), information on whether you are allowed to work as self-employed , your previous cleaning experience, information on your access to means of transportation, your bank details, your language skills, information on the work area and the potential timeframe of your availability and your access to different means of communication (mobile phone, smartphone, internet access). In addition, you can provide / upload a picture of yourself as well as short description of yourself.
We store the provider profile data and such information in an account accessible to you as service provider who receives our invoices for intermediation services. Some of the provider profile data will also be published on the platform, such as your first name, photo and short description.
We use the data of service providers to fulfil, complete and do the accounting of booked services as well as contracts and to deal with any additional related matters such as invoices, credit, claims, cancellations etc. The data of service providers is stored in the respective account/profile.
In addition, we use provider profile data, especially your telephone number, to send out automatic messages to notify and remind of upcoming cleaning events.
The legal basis for this data processing is Art. 6.1.b GDPR.
c. Update/Deletion of profile data
You can update your information and provider data at any time in your account. If you want to delete your provider profile, we will block your data first and then delete it.
3.Special notes for service providers
a. Registration and mediation
If you are creating an account as a service provider on our platform, we process the following data to initiate and potentially close a contract with you regarding the intermediation of household services: First name, last name, email address, street, house number, postcode, city, nationality, date of birth and telephone number and information to identify you in case of need (hereinafter combined referred to as “provider profile data”), information on whether you are allowed to work as self-employed , your previous cleaning experience, information on your access to means of transportation, your bank details, your language skills, information on the work area and the potential timeframe of your availability and your access to different means of communication (mobile phone, smartphone, internet access). In addition, you can provide / upload a picture of yourself as well as short description of yourself.
We store the provider profile data and such information in an account accessible to you as service provider who receives our invoices for intermediation services. Some of the provider profile data will also be published on the platform, such as your first name, photo and short description.
We use the data of service providers to fulfil, complete and do the accounting of booked services as well as contracts and to deal with any additional related matters such as invoices, credit, claims, cancellations etc. The data of service providers is stored in the respective account/profile.
In addition, we use provider profile data, especially your telephone number, to send out automatic messages to notify and remind of upcoming cleaning events.
The legal basis for this data processing is Art. 6.1.b GDPR.
b. Update/Deletion of profile data
You can update your information and provider data at any time in your account. If you want to delete your provider profile, we will block your data first and then delete it.
4. Ratings on our platform
As a registered user or service provider, you can submit ratings on our platform. As a user, you can rate service providers with regard to the household services they have provided. As a service provider, you can rate the customer relationship with users for whom you have provided household services.
As a registered user or service provider, you can submit ratings on our platform. As a user, you can rate service providers with regard to the household services they have provided. As a service provider, you can rate the customer relationship with users for whom you have provided household services.
The legal basis for the submission and publication of ratings associated with the processing of personal data is Art. 6.1.f GDPR. The processing serves our legitimate interest in creating the greatest possible transparency for users and service providers.
The ratings are generally processed until the account used on the platform is deleted.
5. Communications via our platform
We offer users and service providers the opportunity to communicate directly with each other via our platform. To be able to offer this service, we must store and process the communication contents. The service is part of our platform. The legal basis for this type of data processing is Art. 6.1.b GDPR. The use of this service is voluntary.
We treat this communication data confidentially. As a matter of principle, we do not take note of the contents. However, we reserve the right to manually check the communication content in individual cases if there are grounds to suspect that the service is being used to circumvent our platform or otherwise to engage in fraudulent conduct or that the use otherwise violates our Terms of Use or legal regulations. In this case, the processing of data by us is based on Art. 6.1.f GDPR and serves our legitimate interest in preventing misuse of our platform.
The communication content is stored until the account used is deleted from the platform.
6. Contact
If you send us an email, for instance to the contact email given in this notice, we will process the transmitted data for the purpose of responding to your inquiry.
If you send us an email, for instance to the contact email given in this notice, we will process the transmitted data for the purpose of responding to your inquiry.
7. Newsletter
a. Subcription and cancellation
You can subscribe to our newsletter on our website. To receive our newsletter, you will need to send us a valid email address and your name. To verify your email address, you will first receive a subscription email, which you need to confirm (double opt-in).
We send you our newsletter because you have given us your consent for this purpose (Art. 6.1.a GDPR). You can stop receiving our newsletter at any time in the future. You can do so easily by using the unsubscribe link available in any of our email or contact us via one of our mentioned communications channels (e.g. at dataprotection@helpling.co.uk).
When you subscribe to our newsletter, we also store your IP address and the date and time of subscription. The processing of this data is necessary to prove that you have given your consent. The legal basis is our legal obligation to document your consent (Art. 6.1.c GDPR in conjunction with Art. 7.1 GDPR).
b. Analysis
We also analyze the reading behavior and opening rates of our newsletter. For this purpose, we collect and process pseudonymized usage data, which we do not combine with your e-mail address or your IP address.
The legal basis for the analysis of our newsletter is Art. 6.1.f GDPR, this processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the above-mentioned contact channels.
c. Newsletter service
We use the newsletter service MailChimp, a service provided by The Rocket Science Group, LLC 675 Ponce de, Leon Avenue NE, Suite 5000, Atlanta, GA 30308, USA, hereinafter referred to as “Mailchimp”. Mailchimp acts as a processor for us, is strictly bound by instructions and is contractually obligated to ensure sufficient technical and organizational measures for data protection.
8. Blog
On our website we offer a blog where we publish articles on various topics. Our blog has a comment function, for the use of which the provision of personal information is required. If you submit a comment, it will be published with the username you provide assigned to the respective post. We therefore recommend that you use a pseudonym instead of your real name when choosing a username. To use the comment function, you must enter the username you have chosen and your e-mail address. All other information you provide is voluntary. The legal basis for data processing in this regard is Art. 6.1.b GDPR.
If you submit a comment, we also store your IP address. The legal basis for storing your e-mail address and IP address is Art. 6.1.f GDPR. We only use your e-mail if a third party reports a comment to us as unlawful and we may need to investigate the incident. We store your IP address to defend ourselves against third-party claims if you publish illegal content. We store your e-mail address as long as your comment is publicly visible. We delete your IP address one week after you have published the comment.
As a matter of principle, we do not check submitted comments before publication. However, we expressly reserve the right to delete your comments if they are objected to by third parties as being illegal. You can object to this storage of the above data at any time. In this case, however, we would have to remove your comments from our website.
9. Job applications
You can apply for an open position with us through our website. To this end, we collect personal data from you, which specifically includes your name, CV, cover letter and other content provided by you. For the selection of our applicants, we use Personio GmbH from Munich, Germany, as our software partner, which is bound by our instructions in accordance with the legal requirements. Please note the additional data protection provisions on the career pages of our website.
Your personal application data will only be collected, stored, processed and used for purposes in connection with your interest in current or future employment with us and the actual processing of your application. Your online application will only be processed and handled by the relevant contact people in our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.
If we are unable to offer you any employment, we will keep the data provided by you for up to six months after the end of the application process for the purpose of answering questions in relation to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.
If we retain your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7.3. GDPR. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
10. Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.
The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special features and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Art. 6.1.a GDPR. Further information on the storage period of individual cookies can be found in the settings of our Consent Management Tool.
11. Consent management tool
This website uses a consent management tool to control cookies. The consent management tool enables users of our website to give consent to certain data processing procedures or to withdraw given consent. By confirming the “I accept” button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law for this processing is your consent within the meaning of Art. 6.1.a GDPR.
In addition, the consent management tool allows us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary to prove that we have received your consent. The legal basis arises from our legal obligation to document your consent (Art. 6.1.c in conjunction with Art. 7.1 GDPR).
12. Google Analytics
Our website uses Google Analytics, a service provided by Google Ireland Limited (Google Ireland/EU).
Google Analytics is a web analysis service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website are processed.
Part of this data is information stored in the terminal device you are using. In addition, further information is also stored on your used end device via the cookies. Such storage of information by Google Analytics or access to information already stored in your end device will only take place with your consent.
Google Ireland will process the data thus collected on our behalf to evaluate the use of our website by the users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the Internet. The user profile of our user is pseudonymized based on the processed data.
Google Ireland will process the data thus collected on our behalf to evaluate the use of our website by the users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the Internet. The user profile of our user is pseudonymized based on the processed data.
The personal data processed on our behalf by provide Google Analytics may be transferred to any country in which Google Ireland or Google’s Ireland sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46.2.c GDPR.
We only use Google Analytics with anonymized IPs. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not combined with any other data.
We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyze long-term relationships.
Data on user actions is stored for a period of 14 months and then automatically deleted. When the storage period has expired, the deletion of this data takes place automatically once a month.
You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: here.
13. Hotjar
Our website uses the service Hotjar of the provider Hotjar Ltd. (Malta/EU).
Using Hotjar, we can perform an analysis of movements on our website using so-called “heat maps”. This makes it possible, for example, to see how far users scroll and which buttons users click on and how often. Furthermore, it is possible to gather feedback directly from users of the website. By using this tool, we receive valuable information to create a better performing and more user-friendly website.
Using Hotjar allows us to track clicks, mouse movements, scrolling height, screen size of your device, device type and browser information. In addition, we receive information about geographical location (country only) and your preferred language for viewing our website. In case your personal data or that of a third party is displayed on the website, this will be automatically hidden by Hotjar and cannot be retraced by the tool at any point in time.
Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices, in particular the IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Hotjar service is therefore Art. 6.1.a GDPR. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can find more information about the Hotjar service and Hotjar’s data protection on Hotjar’s help page.
14. A/B-Testing
Our website uses the Visual Website Optimizer (VWO) service for optimization and personalization (primarily for performing A/B tests). VWO is provided by Wingify Software Pvt Limited (Wingify/India).
VWO works with cookies and other technologies to collect data about the behavior of our users and about their end devices, in particular click paths, (anonymized) IP addresses, duration of website visit, browser information, location, date and time of visit, device operating system.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the VWO service is therefore Art. 6.1.a GDPR. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
15. Google Ads
We use the online advertising program Google Ads of Google Ireland Limited (Ireland/EU), through which we place advertisements on the Google search engine. When you access our website via a Google ad, Google sets a cookie on your terminal device (“conversion cookie”). In the process, a different conversion cookie is assigned to each Google Ads customer, so that the cookies are not tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. This way, we learn the total number of users who clicked on one of our Google ads. However, we do not receive any information with which users can be personally identified.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our Consent Management Tool. Processing is only carried out with your consent pursuant to Art. 6.1.a GDPR. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
16. Facebook Pixel
Our website uses the Facebook Pixel, a Facebook business tool from Facebook Ireland Limited (Ireland, EU). For information on Facebook Ireland’s contact details and the contact details of Facebook Ireland’s data protection officer, please see Facebook Ireland’s data policy here.
The Facebook pixel is a lightweight JavaScript code that allows us to track visitors’ activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:
- Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- Specific pixel information such as the pixel ID and the Facebook cookie;
- Information about buttons clicked by visitors to the website;
- Information present in HTTP headers, such as IP addresses, web browser information, page location, and referrer;
- Information about the status of disabling/restricting ad tracking.
In part, this event data is information stored in the terminal device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to information already stored in your end device will only occur with your consent.
Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, set Custom Audiences for Ad targeting, Dynamic Ads campaigns, and analyze the effectiveness of our website’s conversion funnels. The features we use through the Facebook Pixel are described in more detail below.
a. Processing of event data for advertising purposes
Event data collected through the Facebook Pixel is used to target our ads and improve ad delivery, personalize features and content, and improve and secure Facebook products.
For this purpose, event data is collected on our website by means of the Facebook pixel and transmitted to Facebook Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Art. 6.1.a GDPR.
This collection and transmission of event data is carried out by us and Facebook Ireland as joint controllers. We have entered into a joint controller processing agreement with Facebook Ireland, which sets out the distribution of data protection obligations between us and Facebook Ireland. In this agreement, we and Facebook Ireland have agreed, among other things:
- that we are responsible for providing you with all information pursuant to Art. 13 and 14 GDPR about the joint processing of personal data;
- that Facebook Ireland is responsible for enabling data subjects’ rights under Art. 15 to 20 GDPR with respect to personal data stored by Facebook Ireland after the joint processing of personal data.
You can access the agreement concluded between us and Facebook Ireland here.
Facebook Ireland is the sole controller for the subsequent processing of the transmitted event data. For more information about how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights against Facebook Ireland, please see Facebook Ireland’s Data Policy here.
b. Processing of event data for analysis purposes
We have also commissioned Facebook Ireland to prepare reports on the impact of our advertising campaigns and other online content based on the Event Data collected via the Facebook Pixel (Campaign Reports) and to create analyses and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Facebook Ireland for this purpose. The submitted personal data is processed by Facebook Ireland as our processor to provide us with the campaign reports and analytics.
Personal data will only be processed to provide analytics and campaign reports if you have given your prior consent to do so. The legal basis for this processing of personal data is therefore Art. 6.1.a GDPR.
A transfer of data to Facebook Inc. in the USA cannot be excluded. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section “Data transfer to third countries”.
17. Microsoft Advertising
Our website uses the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads). Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about device and browser settings.
Microsoft Advertising collects data via UET that allows us to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when visiting our website. This way, Microsoft Advertising can recognize that our website has been visited and play an ad when Microsoft Bing or Yahoo is used again later. The information is also used to create conversion statistics, i.e., to record how many users have reached our website after clicking on an advertisement. We thereby learn the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that personally identifies users.
Microsoft Advertising is used for the purpose of optimizing the placement of advertisements.
The processing only takes place with your consent in accordance with Art. 6.1.a GDPR. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
In the case of Microsoft services, a transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Microsoft, please refer to Microsoft’s privacy policy here.
18. LinkedIn Insight-Tag
Our website uses the LinkedIn Insight tag, a marketing service provided by LinkedIn Ireland Unlimited Company (Ireland/EU). The LinkedIn Insight tag is a lightweight JavaScript code that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using.
We can perform various functions via the LinkedIn Insight tag, which we describe in detail below.
LinkedIn conversion tracking is an analytics function supported by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with personally identifiable information, but only provides reports (in which you are not identified) on site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days.
We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences. Through LinkedIn Matched Audiences and related data integrations, we can target advertising to specific audiences based on data we provide to LinkedIn (e.g., company lists, hashed contact information, device identifiers, or event data such as websites visited). This processing is done for the purpose of marketing our offers via the targeted playout of advertising.
Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. LinkedIn services are only used with your consent pursuant to Art. 6.1.a GDPR.
In the case of LinkedIn services, a transmission of data to LinkedIn Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information on data protection at LinkedIn can be found in LinkedIn’s privacy policy here.
19. Integrated services and third-party content
Our website uses integrated services, services and content (hereinafter collectively referred to as “content”) provided by third-party providers. For such integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. This data processing is carried out in each case to protect our legitimate interests in the optimization and economic operation of our website and is based on Art. 6.1.f GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is, for example, the Matrix-based firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may result in functional restrictions on our website.
We have integrated content from the following services provided by third-party providers into our website:
Google Ireland Limited (Ireland/EU) services:
- “Google Maps” for the display of maps;
- “Google Web Fonts” for the display of fonts;
- “YouTube” for the display of videos
- “Personio” of Personio GmbH (Germany/EU) for the integration of job advertisements;
- “Amazon Cloudfront” of the third-party provider Amazon Web Services, Inc. (USA) for the provision of content;
- “Cloudflare” of Cloudflare Inc (USA) for displaying content.
III. Data processing on our social media pages
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information and exchange about our company. Our company has company pages on the following social media platforms:
- Youtube
When you visit or interact with a profile on a social media platform, processing of personal data related to you may occur. Information associated with the use of a social media profile regularly constitutes personal data. This also includes messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also constitute personal data.
1. Visit our company page on a social media
a) Facebook and Instagram
When you visit our company page on Facebook or Instagram, through which we present our company or some of our products, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU – “Facebook”). For more information about the processing of personal data by Facebook, please visit here. Facebook offers the possibility to object to certain data processing; related information and opt-out options can be found here.
Facebook provides us with statistics and insights in anonymized form for our Facebook and Instagram page, which we use to gain insights into the types of actions that people take on our page (so-called “page insights”). These page insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these insights. The legal basis for this processing is Art. 6.1.f. GDPR. We cannot associate the information obtained via Page Insights with individual user profiles interacting with our Facebook and Instagram page. We have entered into a joint controller agreement with Facebook, which sets out the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement between us and Facebook, please visit Facebook provides us with statistics and insights in anonymized form for our Facebook and Instagram page, which we use to gain insights into the types of actions that people take on our page (so-called “page insights”). These page insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these insights. The legal basis for this processing is Art. 6.1.f. GDPR. We cannot associate the information obtained via Page Insights with individual user profiles interacting with our Facebook and Instagram page. We have entered into a joint controller agreement with Facebook, which sets out the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement between us and Facebook, please visit here.In relation to these data processing operations, you have the option of asserting your data subject rights (see “Your rights” in this regard) against Facebook as well. Further information on this can be found in Facebook’s privacy policy here.
Please note that according to Facebook’s privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or based on appropriate guarantees in accordance with Art. 46 GDPR.
b) Linkedin company page
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole responsible party for the processing of personal data when you visit our LinkedIn page. For more information about the processing of personal data by LinkedIn, please visit here.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Art. 6.1.f GDPR. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available here.
On the basis the following applies:
- We have agreed with LinkedIn that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn to do so online via the following link or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link. You may also contact us at our provided contact details about exercising your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
- We have agreed with LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission, see here
Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the US or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission according to Art. 45 GDPR or based on appropriate safeguards according to Art. 46 GDPR.
c) Twitter
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found here.
d) YouTube
Google Ireland Limited (Ireland/EU) is the sole responsible party for the processing of personal data when visiting our YouTube channel. Further information about the processing of personal data by YouTube and Google Ireland Limited can be found at here.
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6.1.f GDPR. Further data processing may take place if you have consented (Art. 6.1.a GDPR) or if this is necessary to comply with our legal obligation (Art. 6.1.c GDPR).
June 2021