Privacy Policy Platform (13-Dec-2024)

1. Data protection overview

General information

The following information will provide you with an overview of what will happen with your personal data when you use this platform. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Privacy Policy, which we have included below this overview.

Data processing on this platform

Who is responsible for data processing?

The data on this platform is processed by the operator of the platform, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we collect your data?

We process your data when you provide it to us (e.g. when you submit data in a form) and when technical data is collected automatically by our platform when you use our platform or after your consent (e.g. your internet browser, operating system, the time of page views).

What do we use your data for?

We process your data in order to help you find a job or talent through our platform. The data processing takes place in order to carry out a pre-contractual measure in response to your request (e.g. your request to use the platform), to fulfill a contract with you (e.g. the placement of a job or talent), to communicate with you (e.g. Notification of interview requests), to bill for a paid service, to ensure error-free provision of the Platform (e.g., displaying the correct content), to better understand the use of the Platform (e.g., analyzing user behavior), and to continuously improve the Platform (e.g., developing features and content).

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can revoke this consent at any time for the future. The legality of the data processing operations already carried out remains unaffected by the revocation. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.

External services

We also use external services to operate our platform (e.g., hosting), statistically evaluate usage behavior (e.g., through a web analytics service), and facilitate your communication with us (e.g., through audio and video conferencing, an appointment scheduling service).

Detailed information on these services can be found in the following privacy policy.

2. General information and mandatory information

Data protection

The operators of this platform and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The controller is the natural person or legal entity that alone or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.). The data processing controller on this platform is:

Incremaze UG (haftungsbeschränkt)
Rheinpromenade 9-13, 40789 Monheim am Rhein
Telefon: 02173-9936272
Email: hello@incremaze.de

Data protection officer

The appointment of a data protection officer according to GDPR is not required at the controller.

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for the data processing on this platform

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) li. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 (1) lit. c GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 (1) lit. f GDPR.

Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of personal data

In the course of our business activities, we work with various external bodies. This also requires the transfer of personal data to these external bodies. We only disclose personal data to external bodies if this is necessary in accordance with Art. 6 (1) lit. b GDPR to carry out a pre-contractual measure in response to your request or to fulfill a contract with you, if we are legally obliged to do so in accordance with Art. 6 (1) lit. c GDPR, if we have a legitimate interest in the disclosure in accordance with Art. 6 (1) lit. f GDPR or if another legal basis permits the disclosure of data.

When using processors, we only disclose your personal data on the basis of a valid data processing agreement (DPA). In case of joint processing, a contract on joint processing will be concluded.
We explain details about recipients of personal data in the section "Data processing by processors".

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENSE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to lodge a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal resources.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the platform operator, this platform uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this platform

If you are under an obligation to share your payment information (e.g. account number if you give us the authority to debit your bank account) with us after you have entered into a fee-based contract with us, this information is required to process payments.

Payment transactions using common modes of paying (Visa/MasterCard, debit to your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the communication with us is encrypted, third parties will not be able to read the payment information you share with us.

Rejection of unsolicited emails

WE HEREWITH OBJECT TO THE USE OF CONTACT INFORMATION PUBLISHED IN CONJUNCTION WITH THE MANDATORY INFORMATION TO BE PROVIDED IN OUR SITE NOTICE TO SEND US PROMOTIONAL AND INFORMATION MATERIAL THAT WE HAVE NOT EXPRESSLY REQUESTED. THE OPERATORS OF THIS PLATFORM AND ITS PAGES RESERVE THE EXPRESS RIGHT TO TAKE LEGAL ACTION IN THE EVENT OF THE UNSOLICITED SENDING OF PROMOTIONAL INFORMATION, FOR INSTANCE VIA SPAM MESSAGES.

3. Data processing by the platform operator

Our platform supports talents in their job search and employers in their search for talents. For this purpose, we process personal data of registered talents and employers and their staff.

Data processing for talents

If you use our platform as a talent, we process your personal data as follows:

Purpose and scope

Legal basis

The basis for the aforementioned data processing is Art. 6 (1) lit. b GDPR, as we carry out pre-contractual measures in response to your registration and fulfill our contract with you after confirmed registration and - if you have given your consent - Art. 6 (1) lit. a GDPR. The consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Purpose and scope

In addition, we process personal data from you as follows:

Legal basis

The basis for the aforementioned data processing is Art. 6 (1) lit. f GDPR, as we have a legitimate interest in offering you a useful platform that we are constantly improving and - if you have given your consent - Art. 6 (1) lit. a GDPR. The consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Data processing for employers

If you use our platform as an employer, we process your personal data as follows:

Purpose and scope

Legal basis

The basis for the aforementioned data processing is Art. 6 (1) lit. b GDPR, as we carry out pre-contractual measures in response to your registration and fulfill our contract with you after confirmed registration and - if you have given your consent - Art. 6 (1) lit. a GDPR. The consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Purpose and scope

In addition, we process personal data from you as follows:

Legal basis

The basis for the aforementioned data processing is Art. 6 (1) lit. f GDPR, as we have a legitimate interest in offering you a useful platform that we are constantly improving and - if you have given your consent - Art. 6 (1) lit. a GDPR. The consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

We store your personal data as a talent or employer as long as you are registered on our platform. Afterwards, we will delete your data. Your right to delete your personal data remains unaffected. Mandatory legal provisions - in particular retention periods - remain unaffected.

Contact form

Purpose and scope

If you send us inquiries via the contact form, your data from the contact form, including the contact data you provide through the form, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

Legal basis

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the implementation of pre-contractual measures or a contract with you. In all other cases, the data processing is based on Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the effective processing of requests addressed to us, or on Art. 6 (1) lit. a GDPR, if you have given us your consent. The consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

Request by email, telephone or fax

Purpose and scope

If you contact us by email, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

Legal basis

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the implementation of pre-contractual measures or a contract with you. In all other cases, the data processing is based on Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the effective processing of requests addressed to us, or on Art. 6 (1) lit. a GDPR, if you have given us your consent. The consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

 

4. Cookies

Our platform uses so-called "cookies". Cookies are small data packets and do not cause any damage to your terminal device. Cookies have various functions. Some cookies may be technically necessary, as certain functions do not give or are limited without them (technically required cookies). Other cookies can be used to evaluate user behavior (analytical cookies).

Cookies can be stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted once you close your browser. Permanent cookies remain on your device until you delete them, or they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookie) or from third parties (third-party cookie). Third-party cookies enable the integration of certain third-party services within our platform (e.g. cookies for making appointments).

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our platform may be limited.

Purpose, scope and storage period

Here you will find an overview of the cookies of our platform:

sm_auth / kirby_session

Legal basis

If consent to the storage of cookies and comparable recognition technologies has been requested and given, the processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG). Consent can be revoked at any time with effect for the future. Consent is not required for technically necessary cookies. The basis for the use of cookies is also Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the technically error-free and secure provision of our platform and your data (e.g. the creation, management and protection of your profile). As your use of our platform is voluntary and you yourself can decide on the use of the login service and your public data there, no conflicting overriding data subject rights are apparent.

5. Data processing by external parties

Platform hosting (Azure)

We use Microsoft Azure to operate our platform. The provider is Microsoft Corporation, One Microsoft Way, Redmond WA, United States of America (hereinafter referred to as the "service").

Purpose and Scope

We use the services provided by the Service as follows:

A combination of the aforementioned data with each other or with other data is not made.

The data is processed at the "Germany West Central" and "West Europe" service locations within the European Union; however, we cannot rule out the possibility that the service may nevertheless transmit data to the United States of America.

Legal basis

On July 10, 2023, the European Commission issued the new adequacy decision on the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF agrees to comply with these data privacy standards. The Service is DPF certified: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active

This is based on Art. 6 (1) lit. f GDPR, as we have a legitimate interest in providing our platform as reliably, efficiently and securely as possible. Since your use of our platform is voluntary and you can decide yourself about the data you provide, no conflicting overriding data subject rights are apparent. If you have given us a corresponding consent, the processing is carried out exclusively on the basis of Art. 6 (1) a GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TDDDG. Consent may be revoked at any time with effect for the future.

Data processing agreement

We have entered into a data processing agreement (DPA) with the service. This is a contract required by data protection law, which ensures that the service only processes the personal data in accordance with our instructions and in compliance with the GDPR.

Platform hosting (IONOS

We are hosting the content of our platform at IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter referred to as: IONOS). Whenever you visit our website, IONOS records various log files along with your IP addresses. For details, please consult the data privacy policy of IONOS: https://www.ionos.de/terms-gtc/terms-privacy.

Purpose and Scope

We use the services provided by the Service as follows:

A combination of the aforementioned data with each other or with other data is not made.

Legal Basis

We use IONOS on the basis of Art. 6 (1)(f) GDPR. Our company has a legitimate interest in presenting a website that is as dependable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our platform uses only based on our instructions and in compliance with the GDPR.

Login services

Our platform uses login services. The specific services we use are listed below.

Purpose and scope

We use login services as follows:

Legal basis

If you have given us a corresponding consent, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time with effect for the future. Furthermore, the legal basis for the use of this service is Art. 6 (1) lit. f GDPR, as we have a legitimate interest in providing you with the most secure and simple registration and login process possible. Since your use of our platform is voluntary and you yourself can decide on the data release of your registration service, no conflicting overriding data subject rights are apparent.

Google

You can register and log in to this platform using Google. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as the "service").

Purpose and Scope

When you register or log in to our platform with your service user account, you give us access to the following information on your service user account: name, email address, locale, profile picture, and Google ID. We only store your email address and Google ID. You can find further information on this in the security settings of the service, which you can find here: https://myaccount.google.com/security and https://myaccount.google.com/permissions.

If you register or login with this service, it is possible for the service to associate your use of our platform with your service user account. We would like to point out that we, as the operator of the platform, have no knowledge of the content of the transmitted data or its use by the service.

Legal Basis

The data processing associated with Google’s registration is based on our legitimate interest in making the registration process as simple as possible for our users (Art. 6(1)(f) GDPR). Since the use of the registration function is voluntary and the users themselves can decide on the respective access options, no conflicting predominant rights of the data subjects are apparent.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Data processing agreement

We have entered into a data processing agreement (DPA) with the service. This is a contract required by data protection law, which ensures that the service only processes personal data according to our instructions and in compliance with the GDPR.

LinkedIn

You can register and log in to this platform with your LinkedIn user account. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as the "Service").

Purpose and scope

When you register or sign in with your service user account, we use the following information from your service user account to give you access to our platform: LinkedIn-ID, primary email address. You can find further information on this in the security settings of the service, which you can find here: https://www.linkedin.com/mypreferences/d/data-sharing-for-permitted-services
If you register or login with this service, it is possible for the service to associate your use of our platform with your service user account. We would like to point out that we, as the operator of the platform, have no knowledge of the content of the transmitted data or its use by the service.

Legal Basis

Data transfer to the USA is based on the standard contractual clauses (SCC) of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en
For more information on this subject, please see the privacy policy of the service: https://www.linkedin.com/legal/privacy-policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448

Artificial Intelligence (AI)

We use AI to anonymize parts of your profile data. The provider is OpenAI, 3180 18th St, San Francisco, CA 94110, USA, https://openai.com.

Purpose and scope

When you save a talent profile on our platform, we create an anonymized version of it to protect your personal information when we share it with potential employers. In order to preserve your original profile, we create a copy of it, from which we remove names of people, companies and products. We use AI from OpenAI to automate this process. Your data is transferred to the OpenAI servers where it is processed.

We have configured OpenAI in such a way that the personal data entered is not used to train OpenAI’s algorithms.

Legal basis

The use of ChatGPT is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in the most efficient customer communication possible using modern technical solutions. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. The consent can be revoked at any time.

Data processing agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Online Meeting Scheduling with Google Calendar

On our website, you have the option to set up appointments with our company. For planning purposes, we use Google Calendar. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

Purpose and Scope

To make reservations for an appointment, you will enter the requested data and your preferred meeting date into the dedicated screen. The data you enter will be used to plan, conduct, and possibly also follow up on the appointment. The appointment information will be stored on the servers of Google Calendar on our behalf. You may review the company’s data protection policy here: https://policies.google.com/privacy.

Legal basis

The legal basis for the processing of the data is Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in ensuring that appointments with customers and prospective customers can be scheduled as easily as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://workspace.google.com/terms/dpa_terms.html and https://cloud.google.com/terms/sccs.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our platform users only based on our instructions and in compliance with the GDPR.

Storage period

The data recorded in this manner will be stored until you ask us to delete them, revoke your consent to the archiving of your data or until the purpose of archiving the data no longer exists. This does not affect mandatory statutory provisions – in particular those governing retention periods.

Online conference

We use Google Meet for online conferencing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as the "service").

Purpose and scope

We use online conferencing, among other things, to communicate with you. If you communicate with us by video or audio conference via the Internet, your personal data will be processed by us and the Service.

In doing so, the service collects all data that you provide/enter (e-mail address and/or your telephone number). Furthermore, the Service processes the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata).

Furthermore, the service processes all technical data required for handling the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

Insofar as content is exchanged, uploaded or otherwise made available, this is also stored on the servers of the service. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the Service.

Please note that we do not have full control over the data processing operations of the Service. Our options are largely based on the policy of the respective service. For further information on data processing by the online conference service, please refer to the privacy policy of the service: https://policies.google.com/privacy?hl=de.

Legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Data processing agreement

We have entered into a data processing agreement (DPA) with the service. This is a contract required by data protection law, which ensures that the service only processes the personal data in accordance with our instructions and in compliance with the GDPR.

Storage period

The data collected directly by us via the service will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them or they are deleted by your browser. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data that is stored by the service for its own purposes. For details, please contact the service directly.

Google Forms

We use Google Forms. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as „Google”).

Purpose and Scope

Google Forms enables us to generate online forms to survey user feedback and record their response. All entries you make will be processed on Google’s servers. Google Forms stores a cookie in your browser that contains a unique ID (NID cookie). This cookie stores a wide range of information, including, for example your language settings.

Legal basis

We use Google Forms on the basis of our legitimate interest in determining your needs as effectively as possible (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

The data you enter into the form will remain in our possession until you ask us to delete them, revoke your consent to the archiving of your data or until the purpose of archiving the data no longer exists (e.g., upon completion of the processing of your inquiry). This does not affect mandatory statutory provisions – in particular those governing retention periods.

For more information, please consult Google’s Data Privacy Policy at https://policies.google.com/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Storage period

The data recorded in this manner will be stored until you ask us to delete them, revoke your consent to the archiving of your data or until the purpose of archiving the data no longer exists. This does not affect mandatory statutory provisions – in particular those governing retention periods.

Newsletter

This platform uses Rapidmail to send newsletters. Provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany (hereinafter referred to as "service").
We use the service to send, organize and analyze newsletters. The data you enter for the purpose of receiving newsletters is stored on the Service's servers in Germany.

Purpose and scope

We use the service as follows:

Legal basis

The data processing is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to the data security notes of the service at: https://www.rapidmail.de/datensicherheit

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this processes the personal data of our platform users only according to our instructions and in compliance with the GDPR.

Payment processing for services and digital content

Purpose and scope

We integrate third-party payment services on our platform. We only transfer personal data to third parties if this is necessary for payment processing.

Legal basis

The payment service providers are used on the basis of Art. 6 (1) lit. b GDPR (contract processing) and in the interest of an efficient, convenient and secure payment process, Art. 6 (1) lit. f GDPR. Insofar as your consent is requested for certain actions, Art. 6 (1) lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.

Services

We use the following service providers on this platform:

Stripe

If you pay for a service or digital content directly via our platform. The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as the "Service").

The respective contractual and data protection provisions of the Service apply to these transactions.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

Details can be found in the privacy policy of the service at the following link: https://stripe.com/de/privacy.

Zistemo

If you pay for a service or digital content by invoice. The provider is DAYquiri GmbH, Freier Platz 10, CH-8200 Schaffhausen (hereinafter referred to as the "Service").

The data transfer to Switzerland is based on the adequacy decision of the European Commission pursuant to Art. 45 para. 1, para. 3 GDPR, which confirms that Switzerland has an adequate level of data protection. Switzerland is therefore considered a safe third country in accordance with the GDPR. The transfer of data does not require any special authorization.

Our company has concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our platform users only in accordance with our instructions and in compliance with the GDPR.

Storage period

The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Analysis of User Behavior

Plausible Analytics

We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

Plausible Analytics allows us to analyze the behavior of our website visitors. For this purpose, the following data is collected: Page URL, HTTP request, HTTP referrer, browser, operating system, device type and IP address. The HTTP request and IP address are stored in a hash for 24 hours; within this period, a user can be recognized if he or she returns to the website. An identification of the person is not possible.

Legal basis

If consent has been obtained, the service is used exclusively on the basis of Art. 6(1)(a) GDPR and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6(1)(f) GDPR; the website operator has a legitimate interest in analyzing the user behavior of our website visitors as effectively as possible.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

6. Our social media appearances

This privacy policy applies to the following social media presence

https://twitter.com/scrummatch
https://www.linkedin.com/company/scrummatch/

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as LinkedIn, Mastodon, etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Your rights

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.

Individual social networks

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448