Privacy Policy


We take your privacy very seriously and want to explain how we process your personal data when you use HUMANOO services.

Last updated: 04.08.2023

I. General Information

1. Contact

If you have any questions or suggestions regarding this information or would like to contact us to exercise your rights, please direct your request to:

eTherapists GmbH
Invalidenstraße 117, 10115 Berlin, Germany
Email: dataprivacy.support@humanoo.com

The responsible supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, which can be reached via email: mailbox@datenschutz-berlin.de .

2. Scope

This data protection statement describes how we process personal data for the provision of our HUMANOO services. It relates in particular to data processing on our websites (humanoo.com or humanoo.de), our social media channels, and with respect to our B2B customers and interested parties.

The data protection statement for end users and the HUMANOO app can be found here.

The data protection statement for the HUMANOO portal can be found here.

We have designed the data protection statement to be as clear, transparent, and simple as possible. Even without legal and technical knowledge, you should be able to understand the content easily. If, contrary to expectations, you do not understand this statement, you can contact us at datenschutz@humanoo.com.

3. Legal Basis

The data protection term “personal data” refers to any information that relates to a specific or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us is based on legal permission only. We only process personal data with your consent (§ 25 para. 1 TTDSG oder Art. 6 para. 1 letter a GDPR), for the performance of a contract with you or for carrying out pre-contractual measures at your request (Art. 6 para. 1 letter b GDPR), for compliance with a legal obligation (Art. 6 para. 1 letter c GDPR), or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where your interests or fundamental rights and freedoms that require the protection of personal data outweigh those interests (Art. 6 para. 1 letter f GDPR).

If you apply for an open position in our company, we will also process your personal data to decide whether to establish an employment relationship (§ 26 para. 1 S. 1 BDSG).

4. Duration of storage

Unless otherwise stated in the following information, we will only store the data for as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will keep such personal data that is contained in our accounting data for ten years and keep personal data contained in business letters and contracts for six years. In other cases, we will keep data related to proof of consent and claims for the duration of the statutory limitation periods. We will delete data that we process on the basis of your consent if you object to the processing for this purpose.

5. Categories of data recipients

In the context of processing your data, we use processors. Processing operations carried out by such processors include, for example, hosting, email dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures, or file and data destruction. A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out the data processing exclusively for us as the data controller and are contractually obliged to ensure appropriate technical and organizational measures for data protection. In addition, we may transmit your personal data to entities such as postal and delivery services, banks, tax consulting/auditing companies, or the tax authorities. Further recipients may result from the following information.

6. Data transfer to third countries

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If such an adequacy decision by the European Commission is not available, transfer of personal data to a third country will only take place if appropriate safeguards are provided in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met. An adequacy decision applies to the following countries: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. For data transfers to the U.S., the adequacy decision applies to companies certified under the Privacy Framework and listed on this list (https://www.dataprivacyframework.gov/s/participant-search). Unless otherwise indicated below, we use the EU Standard Contractual Clauses as appropriate guarantees for the transfer of personal data to third countries. You have the option of obtaining or viewing copies of these EU Standard Contractual Clauses. Please contact the address provided under Contact.

If you consent to the transfer of personal data to third countries, the transfer will be based on the legal basis of Art. 49 para. 1 letter a GDPR.

7. Processing in the exercise of your rights

When you exercise your rights under Art. 15 bis 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide evidence thereof. Data stored for the purpose of providing information and its preparation will only be processed for this purpose and for the purposes of data protection control, and otherwise processing will be restricted in accordance with Art. 18 GDPR.

These processing activities are based on the legal basis of Art. 6 para. 1 letter c GDPR i.V.m. Art. 15 bis 22 GDPR and § 34 para. 2 BDSG.

8. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • You have the right, in accordance with Art. 15 GDPR and § 34 BDSG, to request information as to whether and to what extent we process personal data about you.
  • You have the right, in accordance with Art. 16 GDPR, to request us to rectify your data.
  • You have the right, in accordance with Art. 17 GDPR and § 35 BDSG, to request us to delete your personal data.
  • You have the right, in accordance with Art. 18 GDPR, to request us to restrict the processing of your personal data.
  • You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller.
  • If you have given us separate consent to process your data, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such revocation does not affect the lawfulness of the processing that has taken place prior to the revocation based on the consent.
  • If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

9. Right to object

According to Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 letter e or f GDPR, for reasons arising from your particular situation. If we process your personal data for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.

10. Data protection officer

You can reach our data protection officer with the following contact details:

Email: datenschutz@humanoo.com

Herting Oberbeck Datenschutz GmbH

Hallerstr. 76, 20146 Hamburg

https://www.datenschutzkanzlei.de/

II. Data processing on our website

II. Data processing on our website

When using the website, we collect information that you provide to us yourself. In addition, certain information about your use of the website is automatically collected by us during your visit to the website. In data protection law, the IP address is generally considered to be personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.

1. Processing of server log files

When you use our website in an informative manner (i.e. not by registering), general information that your browser transmits to our server is first stored automatically. This includes, as standard: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after seven days, unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not able to identify you as the data subject based on the stored information. Therefore, Art. 15 bis 22 GDPR do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information to exercise your rights laid down in these articles, which enables us to identify you.

2. Cookies

We use cookies and similar technologies (“cookies”) on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can generally or specifically object to the use of cookies through your browser settings.

The use of cookies is partly technically necessary for the operation of our website and is therefore permissible without the consent of the user. We may also use cookies to provide special features and content, as well as for analysis and marketing purposes. These may include third-party cookies. We only use such technically unnecessary cookies with your consent in accordance with § 25 para. 1 TTDSG. Information on the purposes, providers, technologies used, data stored and storage periods of individual cookies can be found in the cookie settings of our consent management tool.

3. Consent Management Tool

This website uses the Usercentrics Consent Management Tool from Usercentrics GmbH (Germany, EU) to control cookies and the processing of personal data. The consent banner allows you to give your consent to certain data processing processes or to revoke consent already given. By confirming the “Accept All” button or by saving individual cookie settings, you agree to the use of the associated cookies. The data protection legal basis is your consent in accordance with Art. 6 para. 1 letter a GDPR. In addition, the banner helps us to provide evidence of your consent. To do this, we process information about your consent and other protocol data regarding this declaration. Cookies are also used to collect this data. The processing of this data is necessary to provide evidence of your given consent. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c i.V.m. Art. 7 para. 1 GDPR).

You can revoke or adjust your consent for cookies by clicking on the symbol on the right side of the screen.

4. Contact options, inquiries and appointment bookings

Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information means we cannot process your request. Providing additional information is voluntary. You can also send us a message via the contact email address. We process the data for the purpose of answering your request. If your request is related to the conclusion or implementation of a contract with us, Art. 6 para. 1 letter b GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting requesting persons. The legal basis for the data processing is then Art. 6 para. 1 letter f GDPR. The contact forms are provided by HubSpotForms, a service of HubSpot Germany GmbH (Germany, EU). HubSpot processes the data as a processor solely on our instructions. Transfer of data to the USA cannot be ruled out. Further information can be found under “Transfer of data to third countries”.

5. B2B Login

You can access our B2B login through our website. You can find all further information on data protection on our HUMANOO platform here:

6. Newsletter

We offer the option to subscribe to our newsletter on our website. After subscribing, we will regularly inform you about the latest news on our offers. A valid email address is required to subscribe to the newsletter. To verify the email address, you will first receive a confirmation email that you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we will process personal data such as your email address and name based on the consent you provided. The processing is based on the legal basis of Art. 6 para. 1 letter a GDPR.

You can revoke the consent at any time with effect for the future, for example, via the “Unsubscribe” link in the newsletter or by contacting us through the channels mentioned above. The lawfulness of the data processing already carried out remains unaffected by the revocation.

When subscribing to the newsletter, we also store the IP address as well as the date and time of the registration. The processing of this data is necessary to be able to prove your consent. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c i.V.m. Art. 7 para. 1 GDPR).

We also analyze the reading behavior and opening rates of our newsletter. For this purpose, pseudonymized usage data is collected and processed by us, which we do not merge with your email address or IP address. The legal basis for the analysis of our newsletter is Art. 6 para. 1 letter f GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels mentioned above.

For the management of subscriptions, the dispatch of the newsletter and the analysis, we use HubSpot, a service of HubSpot Germany GmbH (Germany, EU). HubSpot processes the data exclusively on our behalf as a processor. Transfer of data to the USA cannot be ruled out. Further information can be found under “Data transfer to third countries”.

7. Customer Satisfaction Survey

We use your email address and possibly other information you have provided to us about yourself for the purpose of conducting a customer satisfaction survey. We will send you a separate request for this as part of a confirmation email. The email will be sent only after your prior consent in accordance with Art. 6 para. 1 letter a GDPR.

The subsequent answering of the questions is voluntary. Ratings will be generated and moderated by a service provider, marketing services (including SEO optimization) will be provided, and the data collected as part of the service will be analyzed and evaluated. We process the data you provide on the basis of our legitimate interest under Art. 6 para. 1 letter f GDPR.

For sending and collecting the data, we use HubSpot, a service of HubSpot Germany GmbH (Germany, EU). HubSpot processes the data exclusively on our behalf as a processor. Transfer of data to the USA cannot be ruled out. Further information can be found under “Data transfer to third countries”.

8. Google Tag Manager

We use the Google Tag Manager from the provider Google Ireland Limited (Ireland, EU) on our website. The Google Tag Manager is used to manage our website tags via an interface. The Google Tag Manager is a cookie-less domain to which, for technical reasons, the IP address is transmitted. The Google Tag Manager only triggers other tags that may collect data without accessing that data themselves. If deactivation has been carried out at domain or cookie level, it remains valid for all tracking tags implemented with the Google Tag Manager. The legal basis for the transfer of the IP address is Art. 6 para. 1 letter f GDPR. Our legitimate interest is in the management of our website services and the triggering of other tags. For further information on data processing, please refer to: https://support.google.com/tagmanager/answer/7157428

9. Analysis of our website

a. HubSpot Analytics

We use the service HubSpot on our website, which is provided by HubSpot Germany GmbH (Germany, EU). HubSpot uses cookies and similar technologies to analyze your use of our website. This involves processing personal data in the form of online identifiers, IP addresses, and device identifiers. HubSpot will use this information on our behalf to evaluate the use of our online offerings and to compile reports on activities within our website. Usage profiles can be created from the processed data. The processing of your data is based on your consent under Art. 6 para. 1 letter a GDPR. To integrate the service, cookies are set on your device. The setting of cookies is done with your consent, which you can revoke at any time with effect for the future using the consent management tool. When using the service, the transfer of your data to the USA cannot be excluded. Please refer to the information in the “Data Transfer to Third Countries” section for more information.

b. Google Analytics

We use the Google Analytics service provided by Google Ireland Limited (Ireland, EU) on our website. Google Analytics is a web analytics service that allows us to collect and analyze data on the behavior of visitors to our website. To do this, Google Analytics uses cookies that enable an analysis of the use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interactions with our website are processed.

Some of this data may be information stored on your device. In addition, further information is stored on your device through the cookies used. Such storage of information by Google Analytics or access to information already stored on your device is only done with your consent.

Google Ireland will process the data collected on our behalf by Google Analytics, a service provided by Google Ireland Limited (Ireland, EU), in order to evaluate the use of our website, to compile reports on the activities within our website and to provide us with additional services related to the use of our website and internet usage. Pseudonymous usage profiles can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 para. 1 letter a GDPR. You can revoke this consent at any time with effect for the future via our consent management tool.

When using the service, it is not excluded that your data will be transferred to the USA. Please note the information in the section “Transfer of data to third countries” regarding this.

We only use Google Analytics with activated IP anonymization. This means that your IP address will be shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by your browser will not be merged with other data. Further information on the use of data for advertising purposes can be found in Google’s privacy policy at www.google.com/policies/technologies/ads/.

We use the Google Universal Analytics version, which allows us to assign interaction data from different devices and sessions to a unique user ID. This enables us to put individual user actions into context and analyze long-term relationships. The data on user actions is stored for a period of 14 months and is then automatically deleted. The deletion of data whose storage period has expired occurs automatically once a month.

We also use Google Analytics 4, which allows us to track interaction data from different devices and sessions. This enables us to put individual user actions into context and analyze long-term relationships. The data on user actions is stored for a period of 14 months and is then automatically deleted. All other event data is stored for 2 months and then automatically deleted. The deletion of data whose storage period has expired occurs automatically once a month.

We also use the Google Analytics advertising features (remarketing). This feature allows us to display advertisements more targeted and present interest-based advertisements in connection with Google’s cross-device functions. Through remarketing, you may see ads and products for which interest has been determined on other websites in the Google network. Through this feature, we can link the advertising target groups created through Google Analytics remarketing with Google Ads’ cross-device functions. In this way, interest-based personalized advertising messages, which have been adapted based on previous usage and browsing behavior on one device (e.g. mobile phone), can also be displayed on another device (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. This allows the same personalized advertising messages to be displayed on any device where you log in with your Google account. The compilation of the data collected in your Google account is based solely on your consent, which you can give or revoke at Google. Data for advertising purposes is then collected via Google Analytics for these linked services. To support the remarketing feature, Google Analytics collects Google-authenticated IDs that are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device advertising.

c. Mouseflow

We use the Mouseflow service from the provider Mouseflow ApS (Denmark, EU) on our website. Mouseflow is a web analytics tool that allows us to collect and analyze information about the use of our website. For this purpose, Mouseflow processes data such as mouse movements, clicks, scroll events, and keystrokes (excluding password or credit card fields) that arise when using our website. Mouseflow also collects the assigned IP address and other technical data that accrue when visiting our website in an anonymized form. Based on the data, we can use Mouseflow to analyze the use of our website and derive possible improvements for the website. The data is processed on our behalf by Mouseflow ApS. The processing of your data is based on your consent under Art. 6 para. 1 letter a GDPR.

To integrate the service, cookies are set on your device. The setting of cookies and access to information stored on your device requires your consent, which you can revoke at any time for the future using our consent management tool. For more information on data protection at Mouseflow, please see the privacy policy at: https://mouseflow.com/gdpr/ .

d. Hotjar

We use the service Hotjar provided by Hotjar Ltd. (Malta, EU) on our website to analyze user movements through so-called “heatmaps”. This allows us, for example, to see how far users scroll and which buttons they click how often. Additionally, it is also possible to obtain feedback directly from users of the website using the tool. This way, we gain valuable information to make our website even faster and more user-friendly. With Hotjar, we can only track which buttons are clicked, mouse movements, how far the page is scrolled, the screen size of the device, device type, and browser information. In addition, we receive information about your geographic location (country) and preferred language for displaying our website. Areas of the website where personal data of you or third parties are displayed are automatically obscured by Hotjar and are thus not traceable by the tool at any time.

The processing of your data is based on your consent according to Art. 6 para. 1 letter a GDPR.

To integrate the service, cookies are set on your device. The setting of cookies as well as access to information stored on your device is done with your consent, which you can revoke at any time with effect for the future through our consent management tool. Further information on data protection at Hotjar can be found in Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy/.

10. Tracking & Retargeting

a. Google Ads

We use the online advertising program Google Ads from Google Ireland Limited (Ireland, EU) on our website to display advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your device (“conversion cookie”). Each Google Ads customer is assigned a different conversion cookie, so the cookies cannot be tracked across the websites of different Ads customers. The information obtained through the cookie is used to create conversion statistics. This allows us to learn the total number of users who clicked on one of our Google ads. However, we do not receive any information that can personally identify users. The processing of your data is based on your consent under Art. 6 para. 1 letter a GDPR.

The setting of cookies is done with your consent, which you can revoke at any time for the future via the consent management tool. When using the service, transfer of your data to the USA cannot be excluded. Please note the information in the section “Transfer of data to third countries”. For more information on data protection at Google, please refer to Google’s privacy policy at https://policies.google.com/privacy#infocollect .

b. LinkedIn-Insight Tag

We use the LinkedIn Insight Tag, a marketing product of LinkedIn Ireland Unlimited Company (Ireland, EU) on our website. You can find information about the contact details of LinkedIn Ireland and the contact details of LinkedIn Ireland’s data protection officer in LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy .

The LinkedIn Insight Tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and stores a cookie on your device. Such storage of information by the LinkedIn Insight Tag or access to information already stored on your device, as well as any further processing of personal data in connection with the LinkedIn Insight Tag, is only done with your consent. The legal basis for the collection and transfer of personal data by us to LinkedIn Ireland is therefore Art. 6 para. 1 letter a GDPR. With the LinkedIn Insight Tag, we can perform various functions, which we describe in detail below.

LinkedIn Conversion Tracking is an analysis function supported by the LinkedIn Insight Tag. The LinkedIn Insight Tag enables us to collect data on visits to our website, including URL, referrer URL, IP address, device and browser properties (User Agent), and timestamps. IP addresses are truncated or hashed (if used to reach members across devices). LinkedIn does not provide us with personal data, but only reports (in which you are not identified) on the website audience and ad performance. In this way, we can capture the effectiveness of LinkedIn ads for statistical and market research purposes.

LinkedIn removes direct member identifiers within seven days to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days. This processing is intended to obtain information about our website audience and a report on the effectiveness of LinkedIn campaigns.

We also use the “Matched Audiences” service to target our ad campaigns to specific audiences. Through LinkedIn Matched Audiences and associated data integrations, we can advertise to specific audiences based on data we provide to LinkedIn (e.g., company lists, hashed contact information, device IDs, or event data such as visited websites). This processing is for the purpose of marketing our offerings through targeted advertising.

We have entered into an agreement with LinkedIn on joint data processing, which sets out the distribution of data protection responsibilities between us and LinkedIn. You can view this agreement here: https://legal.linkedin.com/pages-joint-controller-addendum .

Please note that, according to LinkedIn’s privacy policy, personal data may also be processed by LinkedIn in the United States or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision by the European Commission pursuant to Art. 45 GDPR exists, or based on appropriate safeguards pursuant to Art. 46 GDPR.

c. Meta pixel

We use Meta Pixel, a business tool of Meta Platforms Ireland Limited (Ireland, EU), on our website. You can find information on how to contact Meta Platforms Ireland Ltd. and its data protection officer in Meta Platforms Ireland Ltd.’s privacy policy at https://www.facebook.com/about/privacy.

The Meta Pixel is a JavaScript code snippet that allows us to track activities on our website, which is called conversion tracking. To do this, the Meta Pixel collects and processes the following information (so-called event data):

  • Information about the actions and activities of visitors to our website, such as searching for and viewing a product, or purchasing a product;
  • Specific Pixel information such as the Pixel ID and the Facebook cookie;
  • Information about buttons clicked by visitors to the website;
  • Information present in HTTP headers, such as IP addresses, information about the web browser, the location of the page, and the referrer;
  • Information on the status of deactivation/restriction of ad tracking.

Partly, these event data are information stored on the device you are using. In addition, cookies are also used via the Meta Pixel, which store information on your device. Such storage of information by the Facebook Pixel or access to information that is already stored on your device only occurs with your consent in accordance with § 25 para. 1 TTDSG.

The event data collected via the Meta Pixel are used for targeting our advertisements and improving ad delivery on Meta products such as the social media platforms Facebook and Instagram, personalizing features and content, as well as improving and securing Meta products. To this end, the event data collected on our website via the Meta Pixel are transmitted to Meta Platforms Ireland Ltd. This collection and transfer of event data is carried out by us and Meta Platforms Ireland Ltd. as joint controllers. We have entered into an agreement with Meta Platforms Ireland Ltd. on the processing as joint controllers, in which the distribution of data protection obligations between us and Meta Platforms Ireland Ltd. is determined. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things,

  • that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR regarding the joint processing of personal data;
  • that Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects pursuant to Art. 15 bis 20 GDPR with regard to the personal data stored by Meta Platforms Ireland Ltd. after the joint processing.

You can access the agreement between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum .

After the transfer, Meta Platforms Ireland Ltd. is the sole controller for processing the transferred event data. For more information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which it relies and the options available to exercise your rights against Meta Platforms Ireland Ltd., please refer to the privacy policy of Meta Platforms Ireland Ltd. at https://www.facebook.com/about/privacy .

We have also engaged Meta Platforms Ireland Ltd. to create reports on the effectiveness of our advertising campaigns and other online content (campaign reports) and to create analyses and insights on users and their use of our website, products, and services (analyses) based on the event data collected through the Meta Pixel. To do so, we transmit personal data contained in the event data to Meta Platforms Ireland Ltd. The transmitted personal data is processed by Meta Platforms Ireland Ltd. as our processor to provide us with the campaign reports and analyses.

The collection and transfer of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the purpose of creating analyses and campaign reports only takes place if you have previously given your consent to this. The legal basis for the processing of personal data is therefore Art. 6 para. 1 letter a GDPR.

The data processed on our behalf is transferred by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. based on data processor-to-data processor standard contractual clauses, but reserves the right to use an alternative transfer method that is recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom, and Switzerland.

11. External media and third-party services

a. Vimeo

We use the Vimeo service of Vimeo, Inc. (USA) on our website to embed videos. For such embedding, the processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Vimeo. The processing of your data is based on your consent according to Art. 6 para. 1 letter a GDPR.

To embed the service, cookies are set on your device. The setting of cookies and access to information stored on your device is done with your consent, which you can revoke at any time for the future through our consent management tool. When using the service, the transfer of your data to the USA cannot be ruled out. Please refer to the information in the section “Transfer of data to third countries”. For further information on data protection at Vimeo, please refer to Vimeo’s privacy policy at https://vimeo.com/privacy .

b. reCAPTCHA

We use the reCAPTCHA service provided by Google Ireland Limited (Ireland, EU) to prevent automated access attempts and attacks and to verify whether form entries are made by a natural person. For such integration, the processing of your IP address is technically necessary to send the content to your browser. Therefore, your IP address is transmitted to Google Ireland. In addition, Google Ireland collects further data, such as your browser and click behavior. We are legally obliged to take technically and economically appropriate measures to ensure the security of the portal.

The processing of your data is based on Art. 6 para. 1 letter c GDPR in conjunction with Art 6 para. 1 letter c GDPR i.V.m. Art. 32 GDPR and § 19 para. 4 TTDSG.

When using the service, the transfer of your data to the USA cannot be ruled out. Please refer to the section “Data transfer to third countries” for more information. For more information on data protection at Google, please refer to Google’s privacy policy at https://www.google.com/policies/privacy .

III. Data processing on our social media pages

III. Data processing on our social media pages

We have a corporate page on several social media platforms in order to provide additional opportunities for information about our company and for exchange. Our company has corporate pages on the following social media platforms:

  • Facebook
  • Instagram
  • LinkedIn

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used by you also typically constitutes personal data, including messages and statements made using the profile. Additionally, certain information about your visit to a social media profile is often automatically collected, which may also constitute personal data.

1. Visiting a social media page

a. Facebook and Instagram

When you visit our Facebook or Instagram page, on which we present our company or individual products from our offer, certain information about you is processed. The sole controller for this processing of personal data is Meta Platforms Ireland Limited (Ireland, EU). Further information about the processing of personal data by Meta can be found at https://www.facebook.com/privacy/explanation . Meta provides the option to object to certain data processing; instructions on this and opt-out options can be found at https://www.facebook.com/settings?tab=ads .

In anonymized form, Meta provides us with statistics and insights for our Facebook and Instagram page, which help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created based on certain information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Art. 6 para. 1 letter f GDPR.

We cannot attribute the information obtained through Page Insights to individual user profiles that interact with our Facebook and Instagram page. We have entered into an agreement with Meta on joint processing, which sets out the distribution of data protection responsibilities between us and Meta. Details on the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data . With regard to this data processing, you also have the option of exercising your data subject rights (see “Your rights”) against Meta. Further information on this can be found in Meta’s privacy policy at https://www.facebook.com/privacy/explanation .

Please note that according to Meta’s privacy policy, user data is also processed in the US or other third countries. Meta only transfers user data to countries for which an adequacy decision of the European Commission under Art. 45 GDPR exists or on the basis of appropriate guarantees under Art. 46 GDPR.

b. LinkedIn

For the processing of personal data when visiting our LinkedIn page, LinkedIn Ireland Unlimited Company (Ireland, EU) is generally the sole controller. For further information on the processing of personal data by LinkedIn, please refer to https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy .

When you visit our LinkedIn company page, follow or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in an anonymized form. This allows us to gain insights into the types of actions that people take on our page (so-called page insights). LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, length of service, company size, and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With page insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized page insights. It is also not possible for us to draw conclusions about individual members from the information in the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Art. 6 para. 1 letter f GDPR.

We have entered into an agreement with LinkedIn as joint controllers, which sets out the distribution of data protection responsibilities between us and LinkedIn. The agreement can be accessed at: https://legal.linkedin.com/pages-joint-controller-addendum . The following applies:

  • LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de ) or contact LinkedIn via the contact details in the privacy policy. You can contact the data protection officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO . You can also contact us at the contact details provided for exercising your rights in connection with the processing of personal data in the context of page insights. In such a case, we will forward your request to LinkedIn.
  • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority responsible for monitoring the processing of page insights. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie ) or with any other supervisory authority.

Please note that, according to LinkedIn’s privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists or based on appropriate safeguards pursuant to Art. 46 GDPR.

2. Comments and direct messages

We also process information that you have provided to us on our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. We process this data as the sole controller. We process this data based on our legitimate interest in contacting requesting individuals. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. Further data processing may occur if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

IV. Further data processing

1. Contact by email

If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your request. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 para. 1 letter f GDPR.

2. Initiation and processing of business relationships (B2B)

If you, as a corporate customer, prospective customer, service provider or business partner, contact our company, we will process your data to establish or carry out the contractual relationship to the necessary extent. This regularly includes the processing of the contact and communication data provided to us by our contact persons at commercial customers and business partners. The legal basis for these processing activities is Art. 6 para. 1 letter f GDPR.

In addition, we process customer and prospective customer data for evaluation and marketing purposes. These processing activities are based on Art. 6 para. 1 letter f GDPR and serve our interest in further developing our offering and informing you specifically about our products and services.

Further data processing may occur if you have given your consent (Art. 6 Abs 1 letter a GDPR) or if this is necessary to fulfil a legal obligation (Art. 6 para. 1 letter c GDPR).