We
flora&faunavisions Gesellschaft mbH
Ehrenbergstrasse 2
10245 Berlin
Phone: +49 (0) 30 440 102 80
E-mail: info@florafaunavisions.de
are responsible within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations.
You can reach our data protection officer at:
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the collection and temporary storage of data is Art. 6 para. 1 lit. f GDPR.
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. In addition, we use the data for the technical optimization of the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to ensure that our website functions properly. Some elements of our website require that the accessing browser can be identified even after a page change.
When accessing our website, the user is informed about the use of cookies and, in the case of cookies that are not technically necessary, his or her consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this data protection information.
The use of technically necessary cookies and similar technologies in the “technically necessary” category is based on Section 25 (2) No. 2 TTDSG. Subsequent data processing is carried out on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.
The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
We also use third-party cookies on our website. The legal basis for the use of cookies and the subsequent data processing is your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. In detail, the following cookie-based tools are used:
a) Google Analytics
If you have given your consent, the web analysis service Google Analytics 4 is used on this website. The controller is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.
We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behavior is recorded in the form of “events”. Events can be
Also recorded:
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data may be
The data sent by us and linked to cookies is automatically deleted after 2 months. Data that has reached the end of its retention period is automatically deleted once a month.
b) Vimeo
We use videos on our website that are made available on the Vimeo platform and operate a company page on the platform on which we upload our own videos for retrieval. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can show you interesting video material directly on our website. Certain data may be transferred from you to Vimeo.
Vimeo gives us the opportunity to present you with high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video directly on our site. This expands our service and makes it easier for you to access interesting content. In addition to our texts and images, we also offer video content.
When you visit a page on our website that has a Vimeo video embedded, your browser connects to the Vimeo servers. This results in a data transfer. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system or very basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with built-in Vimeo function. Vimeo can track and store these actions with the help of cookies and similar technologies.
If you are logged in to Vimeo as a registered member, more data can usually be collected, as more cookies may already have been set in your browser. In addition, your actions on our website will be directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” on our website.
We would like to point out that you use Vimeo and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. liking, commenting).
When you use the Vimeo platform, Vimeo processes your voluntarily entered data such as your name and user name, email address or telephone number when you upload or synchronize it. On the other hand, Vimeo also analyzes the content you share to determine which topics you are interested in and to place advertisements on third-party sites.
Vimeo may use analysis tools for evaluation purposes. We have no influence on the use of such tools by Vimeo and have not been informed of such potential use. If tools of this kind are used by Vimeo for our account, we have neither commissioned nor approved this nor supported it in any other way. The data obtained during the analysis is also not made available to us. Only certain non-personal information about the post activity, such as the number of profile or media clicks and the viewing time for a specific video, can be viewed by us via our account. Furthermore, we have no way of preventing or disabling the use of such tools on our Vimeo account.
Finally, Vimeo also receives information when you view content, for example, even if you have not created an account. This so-called “log data” includes your IP address, technical information about your device (e.g. browser type, operating system, basic device information), the website you visited or the search query you entered before arriving at the Vimeo website, and your activities. These can be tracked using cookies and similar technologies. For more information on the use of cookies on the Vimeo platform, see the cookie policy at https://vimeo.com/cookie_policy.
You have the option of managing cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. Please note that various functions may no longer be fully available after deactivating/deleting cookies.
If you have consented to your data being processed and stored by integrated Vimeo elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated Vimeo elements if you have given your consent. Vimeo also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.
As a rule, Vimeo stores the data for a maximum of 12 months and otherwise until the company no longer has an economic reason for storing it. The data is then deleted or anonymized at the latest.
You have the option of restricting the processing of your data on the Vimeo platform in the general settings of your Vimeo account. Further information on data protection options can be found under this point in Vimeo’s privacy policy. In addition, on mobile devices (smartphones, tablet computers) you can restrict Vimeo’s access to photos, location data and so on in the settings options there. However, this depends on the operating system you are using.
You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy, information on data protection at Vimeo can be found at https://vimeo.com/privacy.
c) YouTube
On our website, we embed videos in a YouTube frame for playback.
and operate a company page on the YouTube platform. The provider of the corresponding plugins is Google Ireland Limited, Gordon
House, Barrow Street, Dublin 4, Ireland (hereinafter “YouTube”).
If you call up a page on our website in which a YouTube video is embedded, Google may receive certain data from you, depending on whether you are logged in via a Google account.
The data you enter on our YouTube channel, in particular your user name and the content published under your account, may be processed by us to the extent that we respond to your posts.
If you have given your consent, Art. 6 para. 1 lit. a GDPR, and play a YouTube video on our site, YouTube sets cookies. Your IP address will be stored by Google. If you are logged into your Google account, Google stores information, including the videos and content and advertisements that you watch and interact with. Google may also store device information, location data and browser information. If you are not logged in with a Google or YouTube account, Google may store your IP address and, under certain circumstances, your device-specific data (browser, device, app).
When you use the YouTube platform, YouTube processes both the data you voluntarily enter – such as your name, user name, email address or telephone number – and data from the content you share. YouTube can analyze which topics you are interested in, store and process confidential messages that you send directly to other users, and determine your location based on geolocation data, wireless network information or your IP address in order to provide you with advertising or other content.
YouTube uses various tools for analysis, including Google Analytics. We have no influence on the use of such tools by YouTube and have not been informed of their potential use. If YouTube uses such tools in connection with our account, this is done without our involvement or consent. We also do not receive any personal data obtained through these tools. Only certain non-personal information about the activities on our posts, such as the number of profile or media clicks or the viewing time of a video, can be viewed by us. We have no way of preventing or deactivating the use of these tools on our Google account.
YouTube also receives information about you when you view content – even if you do not have your own Google account. This so-called “log data” may include your IP address, browser type, operating system, information about the previously visited website, the pages you have visited, your location, your mobile phone provider, the device you are using (including device ID and application ID), search terms used and cookie information.
Through Google tools (e.g. analytics) or widgets integrated into websites and the use of cookies, YouTube can record your visits to these websites and assign them to your Google profile. Based on this data, YouTube can show you personalized content or advertising.
The legal basis for processing on the YouTube platform for the purpose of responding to inquiries that serve to conclude a future contract is Art. 6 para. 1 lit. b GDPR, in other cases our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
The purpose of integrating YouTube videos on our website is to provide you with useful information.
We would like to point out that you use the Google service offered here and its functions on your own responsibility. This applies in particular to the use of interactive functions such as liking or commenting. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this context.
You can what data is processed by YouTube and for what purposes it is used in Google’s privacy policy at https://policies.google.com/privacy?hl=de.
Recipients of the data may be
Google stores the data it collects for different periods of time, depending on what data it is, how Google uses it and how you configure your settings. You can delete some data via your Google account; other data, such as advertising data, is deleted automatically by Google.
You have the option of restricting the processing of your data when using the YouTube platform in the general settings of your Google account, in the privacy check or under the data protection settings. In addition, you can restrict Google’s access to contact and calendar data, photos, location data and other information in the settings for mobile devices. However, the specific options depend on the operating system you are using.
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites.
You can also prevent the collection of the data generated by the cookie and related to your use of the website to the respective provider and the processing of this data by not giving your consent to the setting of the cookie or by declaring your objection under the following links:
Further information on data protection and the cookies used by the respective provider can be found on the website at
The provision of the data is not required by law or contract or necessary for the conclusion of a contract. You are under no obligation to provide the data.
Where the aforementioned tracking services process data outside the EU or the EEA and there is no level of data protection corresponding to the European standard, our service providers have concluded EU standard contractual clauses with their service provider to establish an appropriate level of data protection. If our service provider is based in a third country, we have concluded EU standard contractual clauses for the protection of personal data directly with the service provider. An adequacy decision has been issued by the EU Commission for the USA and applies to companies that are certified under the Data Privacy Framework. A level of data protection comparable to that in the EU applies to the transfer of data. These include the providers Vimeo.com, Inc. and Google LLC.
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. All you need to do is enter your e-mail address.
The legal basis for the processing is the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR.
The purpose of collecting the user’s e-mail address is to deliver the newsletter.
We use the other personal data voluntarily provided by the user for a personalized approach.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user’s e-mail address will therefore be stored until you unsubscribe from the newsletter. To do so, you can contact the e-mail address provided above or use the unsubscribe link provided in the newsletter
We use Mailchimp as a service provider for sending our newsletter. Mailchimp is operated by The Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (“Mailchimp”), based in the USA. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), it will be stored on Mailchimp’s servers in the USA.
Mailchimp places web beacons in every newsletter email. These are tiny graphic files that contain unique identifiers that allow us and Mailchimp to recognize when an email is opened or when certain links are clicked. These technologies store each contact’s email address, IP address, date and the time a campaign was opened or clicked. We use this data to obtain reports that show the performance of an email campaign and the actions taken by contacts.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: mailchimp.com/eu-us-data-transfer-statement/ and mailchimp.com/legal/data-processing-addendum/ . We and Mailchimp have taken further measures to protect your data from government access.
There is a contact form on our website which can be used to contact us electronically. The data you enter in the contact form will be transmitted to us and stored. It is mandatory to provide the contact option (e-mail address) and your name. If you contact us by e-mail, we will process all the data you provide in your e-mail.
The legal basis for processing the contact request is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR or, in the case of a request based on a contractual relationship, Art. 6 para. 1 lit. b GDPR. In the case of legitimate interest, our interest outweighs the interest of the user, as we assume that the user is interested in processing their request
We process your contact data solely to process the contact request
Collected usage data is deleted or anonymized after seven days at the latest. Content data (e.g. data transmitted via a contact form) is stored for a period of one year. At the end of the year, the need for further storage is reviewed and a new review is scheduled at the end of each calendar year. If content data is to be classified as business correspondence, the retention obligations under commercial law apply.
We use Netlify as a service provider for the provision of our contact form. Netlify is operated by Netlify, Inc. 2325 3rd Street, Suite 29, San Francisco, CA 94104 (“Netlify”), based in the USA. If you enter data for inquiries via our contact form (name, e-mail address and content of your message), these are stored on Netlify’s servers in the USA.
Netlify is certified under the Data Privacy Framework, which means that a level of data protection comparable to that in the EU applies to the transfer of data in accordance with the EU Commission’s adequacy decision. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Netlify uses so-called standard contractual clauses in accordance with Art. 46 (2) and (3) GDPR.
Netlify has a contract for order processing in accordance with Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Netlify. The content of this contract refers to the EU standard contractual clauses. You can find it here: https://www.netlify.com/pdf/netlify-dpa.pdf
You can find out more about the data that is processed through the use of Netlify in the privacy policy at https://www.netlify.com/privacy/?tid=331738346412.
If you would like to apply for a job with us, you can do so directly via our website. You can also become part of our talent pool.
We provide a form for applications for advertised vacancies under the “Apply for this job” button on our website. The data you enter in the form will be transmitted to us and stored. You are required to provide your e-mail address, your first name and surname, your salary expectations and availability as well as your CV and a cover letter, while all other information is voluntary.
The legal basis for the processing of data in the context of applications is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in responding to your inquiry or, in the case of an inquiry based on or to initiate a contractual relationship, Art. 6 para. 1 lit. b GDPR. In the case of legitimate interest, our interest outweighs your interest, as we assume that you are interested in processing your request.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession).
We process your contact details solely for the purpose of processing your application.
We use the service provider Personio SE & Co KG, Seidlstraße 3, 80335 Munich (“Personio”), which processes your application data on our behalf, to receive and manage applications. The basis for this is an order processing contract in accordance with Art. 28 GDPR. Processing by Personio is carried out exclusively on the basis of our instructions for carrying out the application process. Your data will be stored within the EU and deleted after six months at the latest.
The transfer of data to Personio is based on our legitimate interest in collecting and managing applicant data, Art. 6 para. 1 lit. f GDPR.
Further information can be found in Personio’s privacy policy at https://www.personio.de/datenschutzerklaerung/.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the information in your application, this is the case in particular after completion of the application process, at the latest six months after the respective advertised position has been awarded, unless there is a statutory retention obligation or you have consented to longer storage.
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of two years. The prerequisite for this is the granting of consent to data storage within the meaning of Art. 6 para. 1 lit. a GDPR.
The application documents in the talent pool are processed solely in the context of future job advertisements and the search for employees After the aforementioned retention period of two years has expired, it will be checked whether there is a need for further storage. If not, the data will be deleted. The data will also be deleted as soon as the applicant has withdrawn their consent to storage as part of their inclusion in the talent pool.
Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that consent can be revoked at any time for the future.
We use the service provider Personio, which processes your application data on our behalf, to obtain consent for data storage in connection with the inclusion in the talent pool and management of applications. In this respect, we refer to our explanations above under IV. 1.
Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare an objection within the meaning of Art. 21 GDPR.
We process the data of our customers and business partners as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services, as well as for the purpose of ensuring communication within the scope of the business relationship. Furthermore, we process the data in the context of administrative tasks and the organization of our operations, financial accounting and compliance with legal obligations, such as archiving.
This includes inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., as part of the evaluation and performance measurement of marketing measures). In principle, we do not process special categories of personal data unless these are part of commissioned processing.
The legal basis for data processing and its purposes are
The purposes of data processing arise from the implementation of pre-contractual measures that precede a contractually regulated business relationship and in the fulfillment of obligations arising from the concluded contract;
The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, for example in the context of requirements for the prevention of money laundering, tax control and reporting obligations and data processing in the context of inquiries from authorities;
It may be necessary to process the personal data provided by you beyond the actual fulfillment of the contract. The legitimate interests here are, in particular, the selection of suitable business partners, conducting surveys to evaluate companies, storing and using contact details of contact persons, digitizing files, avoiding economic disadvantages, assigning work results to individual business partners, posting business transactions, negotiating with contact persons who are not or will not be direct business partners, invitations to events, assertion of legal claims and avoidance of legal disadvantages (e.g. in the event of insolvency), legitimacy checks (e.g. money lenders and disposers), defense against dangers and liability claims and avoidance of legal risks, detection and processing of potentially damaging e-mails, access or access controls, clarification of possible compliance violations, prevention of criminal offenses, settlement of damages resulting from the business relationship and other internal administrative purposes.
When a contract is concluded, we collect data on your creditworthiness via credit agencies in order to fulfill the above-mentioned legitimate interests. We use the credit rating data from the credit agencies to check your creditworthiness. The credit agencies store data that they receive from banks or companies, for example. This data includes, in particular, surname, first name, date of birth, address and information on payment history. You can obtain information about the data stored about you directly from the credit agencies.
If you participate in the conclusion of a contract offered by us by means of a digital signature, we process your data, such as in particular your email address, IP address and the times at which you have processed the respective contract document, e.g. released, displayed or digitally signed, in each case with the time and date. Our legitimate interest lies in the efficient and fast digital processing of the contract signature and the corresponding logging of the signature procedure for verification purposes.
We regularly delete the data after the end of the business relationship or the respective project, but at the latest after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (in particular § 257 para. 1 HGB, § 147 para. 1 AO). In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order, generally after the end of the order unless other agreements have been made.
Disclosure to external parties only takes place if it is necessary as part of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements of order processing in accordance with Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.
We use the following processors in this context:
a) Moco
We use the “Moco” service from the service provider hundertzehn GmbH, In der Weid 15, 8122 Binz, Switzerland (hereinafter “Moco”) for the planning, management and control of all areas of the company as well as order processing and invoicing.
When using the service, first name, last name, company name, address (business), billing address, e-mail address, telephone number, fax number, position, industry, customer number, customer type, contact data, contact history, bank details, VAT identification number, appointment data, contract data, inventory data, usage data, sales data may be transmitted to Moco.
The legal basis for the transfer is our legitimate interest in the simplified processing of controlling and orders, Art. 6 para. 1 lit. f GDPR.
Data that is processed for controlling purposes is generally stored for a period of 10 years. After this period has expired, a check is carried out at the end of the respective calendar year to determine whether further storage is necessary. If it is not necessary, the data will be deleted.
Financial accounting data is stored for at least 10 years in accordance with the provisions of the German Fiscal Code (AO). Section 147 (4) AO applies to the start of this period.
b) Navitas
We use the service provider NAVITAS Solutions GmbH, Berliner Allee 261, 13088 Berlin (hereinafter “Navitas”) for the provision, maintenance and servicing of IT systems.
As part of the use of the service, it may occasionally happen that in particular first name, surname, e-mail address, telephone number, contact history, usage data, traffic data, communication data are transmitted to Navitas.
The legal basis for the transfer is our legitimate interest in the secure operation and maintenance of our IT systems, Art. 6 para. 1 lit. f GDPR.
There are many different retention periods for personal data processed in the IT sector. These depend on the respective application or IT system and vary.
If data is transferred from business partners to Navatis, this data is only stored for as long as is necessary for the provision, maintenance and servicing of IT systems. As a rule, the data is immediately anonymized or deleted.
c) Asana
We use the service provider Asana, Inc. 633 Folsom Street, San Francisco, CA, United States (hereinafter “Asana”) to manage projects within the company and internal resource planning.
When using the service, first name, surname, company name, address (business), e-mail address, telephone number, fax number, appointment data, contract data and communication data may be transmitted to Asana.
The legal basis for the transfer is our legitimate interest in the efficient management and processing of projects, Art. 6 para. 1 lit. f GDPR.
In the case of personal project management data, a check is carried out after four years at the end of the respective calendar year to determine whether further storage is necessary. If it is not necessary, the data will be deleted.
This does not apply to data that is classified as business correspondence within the meaning of the German Commercial Code (HGB) or as accounting-related data. The respective statutory retention obligations apply here.
As part of the use of Asana, your data may also be transferred to the USA and processed there. Asana is certified under the Data Privacy Framework, which means that a level of data protection comparable to that in the EU applies to the transfer of data. We have also concluded EU standard contractual clauses directly with the service provider for the protection of personal data.
For more information, please refer to Asana’s privacy policy at https://asana.com/de/privacy.
a) Easybell
We use the service provider easybell GmbH, Brückenstraße 5a, 10179 Berlin (hereinafter referred to as “Easybell”) for telephone communication.
When using the service, the first name, surname and business telephone number may be transmitted to Easybell.
The legal basis for the transmission is our legitimate interest in ensuring secure and functional telephone communication, Art. 6 para. 1 lit. f GDPR.
Data transmitted to Easybell is regularly deleted 7 days after the end of the respective telephone communication. However, automatic deletion takes place after six months at the latest.
For further information, please refer to Easybell’s privacy policy at https://www.easybell.de/datenschutz/.
b) Microsoft Teams
In the case of video communication, we use the “Microsoft Teams” service of the service provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States (hereinafter “Microsoft”). The European branch of Microsoft, Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is our processor for the provision of the Teams application.
The following personal data is processed:
The legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
Insofar as the processing of personal data should be an elementary component of the use of Microsoft Teams, Art. 6 para. 1 lit. f GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings”.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f GDPR. Our interest here is in the effective conduct of “online meetings”.
Data traffic is primarily routed via European data centers; only in the event of outages or capacity bottlenecks is transport via servers in third countries, in particular the USA, reserved. In this case, Microsoft is certified under the Data Privacy Framework, which means that a level of data protection comparable to that in the EU applies to the transfer of data. We have also concluded EU standard contractual clauses directly with Microsoft for the protection of personal data.
For more information, please refer to Microsoft’s privacy policy at https://learn.microsoft.com/de-de/microsoftteams/privacy/teams-privacy-feedback.
We use the platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). We would like to point out that you use our LinkedIn page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
We are only jointly responsible with LinkedIn for the processing of so-called “Insights data” insofar as this data is used for the creation of so-called “Page Insights”. We have concluded an agreement with LinkedIn in the context of joint responsibility (https://legal.linkedin.com/pages-joint-controller-addendum). The agreement relates to data processing that is collected in connection with a visit to or interaction with our LinkedIn profile, but only insofar as this data is also (subsequently) processed for “Page Insights”. “Page Insights” include analysis services that help the operator of a LinkedIn profile to better understand interactions with your pages. The purpose of data processing is to create aggregated statistics for LinkedIn profile operators. LinkedIn provides more information on this here: https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=en. The information available to data subjects on data for “Page Insights” indicates how and when “Insights data” is collected and used to create “Page Insights”:
When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the LinkedIn page, with statistical information about the use of the LinkedIn page. We do not receive any personal data from LinkedIn in this context.
The data collected about you in this context will be processed by LinkedIn and may be transferred to countries outside the European Union. LinkedIn describes what information LinkedIn receives and how it is used in its user agreement and privacy policy. Further information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. If you wish to exercise a data subject right to which you are entitled under the GDPR, we would like to point out that we cannot fully comply with these rights without LinkedIn. With regard to the processing of LinkedIn, we ask you to contact LinkedIn directly. The respective responsibilities, in particular with regard to safeguarding the rights of data subjects, can be found in the Page Insights Addendum. LinkedIn assumes primary responsibility for fulfilling the GDPR obligations for the joint processing of “Insights data”. This includes the fulfillment of the following data subject rights. LinkedIn provides further details on the exercise of these rights in its privacy policy under point 4.
We are also solely responsible for certain data processing. We process the following data for communication with LinkedIn users in order to offer our information service:
The processing is carried out for the purpose of answering your inquiries or communicating with you and to publish information about events and services from us.
The legal basis for processing for the purpose of responding to inquiries that serve to conclude a future contract is Art. 6 para. 1 lit. b GDPR, in other cases our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
The legitimate interest consists in the effective provision of information for users, customers and interested parties and communication with these persons as well as our external presentation
Insofar as personal data is transferred to LinkedIn servers in the USA and stored and processed there, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland has concluded the standard data protection clauses of the EU Commission with the LinkedIn companies based in the USA, which permit the transfer of personal data to the USA in individual cases.
Once your request has been dealt with, the personal data you have provided will be deleted from our systems. If you interact with us publicly, for example by leaving a comment or “liking” a post, this data will remain publicly accessible on the site until you or we delete it. If statutory retention obligations require longer storage, your data will only be stored for this purpose and blocked for other purposes.
We would like to point out that you use our Instagram and Facebook pages and their functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
We and Meta Platforms Ireland Limited, 4 Grad Canal Square, Dublin 2, Ireland (hereinafter “Meta”) as the provider of Instagram and Facebook are jointly responsible for the processing of personal data via our profile (“Insights data”). The joint controllership agreement is available at: https://www.facebook.com/legal/terms/page_controller_addendum.
According to the agreement, Meta is responsible for informing the data subjects about the processing. Instagram’s and Facebook’s privacy policies are available at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect and https://de-de.facebook.com/privacy/policy/. Data subjects may assert their rights against any of the data controllers, us and/or Meta.
We are also solely responsible for certain data processing. We process the following data for communication with users in order to offer our information service:
The processing is carried out for the purpose of answering your inquiries or communicating with you and to publish information about events and services from us.
The legal basis for processing for the purpose of responding to inquiries that serve to conclude a future contract is Art. 6 para. 1 lit. b GDPR, in other cases our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
The legitimate interest consists in the effective provision of information for users, customers and interested parties and communication with these persons as well as our external presentation.
Meta sometimes transfers personal data to Meta servers in the USA. This data is stored and processed there. An adequacy decision has been issued by the EU Commission for the USA and applies to companies that are certified under the Data Privacy Framework. Meta has been certified. A level of data protection comparable to that in the EU applies to the transfer of data.
Once your request has been dealt with, the personal data you have provided will be deleted from our systems. If you interact with us publicly, for example by leaving a comment or “liking” a post, this data will remain publicly accessible on the site until you or we delete it. If statutory retention obligations require longer storage, your data will only be stored for this purpose and blocked for other purposes.
We use the “Pinterest” platform of Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA. Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”) is responsible under data protection law for users within the EU. We would like to point out that you use the platform offered and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, commenting).
In the course of data processing by Pinterest, data may be transferred to a Pinterest server in the USA and stored there. The EU Commission has issued an adequacy decision for the USA. We have concluded standard contractual clauses with Pinterest in accordance with Art. 46 (2) and (3) GDPR to ensure a level of data protection appropriate to the GDPR, which you can access at https://business.pinterest.com/de/pinterest-advertising-services-agreement/rest-of-apac/.
This collection and transfer of conversion data is carried out by us and Pinterest as joint controllers. We have entered into an agreement with Pinterest as joint controllers that governs the allocation of data protection obligations between us and Pinterest. The agreement is available at:
https://business.pinterest.com/de/pinterest-advertising-services-agreement/rest-of-apac/.
You can find Pinterest’s privacy policy at the following link:
https://policy.pinterest.com/de/privacy-policy; https://policy.pinterest.com/de/ad-data-terms.
Within our company, access to your data is granted to those departments that absolutely need it to achieve the purpose. Service providers used by us (e.g. technical service providers, transport companies, waste disposal companies, payment service providers) may also receive data. Categories of recipients in this case are
In accordance with Art. 15 (1) GDPR, you have the right to request information free of charge about the personal data we have stored about you. In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR) of your personal data.
If the data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject’s interest in objecting. If the data processing is based on consent in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.
In the aforementioned cases, please contact us in writing or by e-mail using the contact details given above.
You also have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the controller has its registered office is responsible.
We do not carry out automated decision-making or profiling (an automated analysis of your personal circumstances).
As a result of the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary for us to change this data protection information. The version available on our website is valid at any given time.