PLEASE NOTE: This is a non-binding translation of the legally binding German version of this Privacy Policy.
1. CONTROLLER
The website is owned and operated by:
Org OS GmbH
Urbanstraße 71
10967 Berlin
Germany
This Privacy Policy describes the collection and use of your personal data in the context of your usage of our website according to the legal requirements according to the EU General Data Protection Regulation (GDPR).
Please note that the usage of particular web content on our websites may involve further processing activities which will be described in complementary Privacy Notices that have to be considered in addition.
2. DATA PROTECTION OFFICER
We have designated an external Data Protection Officer with Simpliant (for more information visit www.simpliant.eu).
You can reach our Data Protection Officer
a) via E-Mail at:
b) via postal Mail at:
Org OS GmbH
– Data Protection Officer –
Urbanstraße 71
10967 Berlin
Germany
3. YOUR RIGHTS AS A DATA SUBJECT
You can exercise the following rights at any time:
-----------------------------------------------------------------
Objection to the processing of your data by us (Art. 21 GDPR)
-----------------------------------------------------------------
If you have given us your consent, you can revoke it at any time with effect for the future.
You may at any time file a complaint with a supervisory authority, e.g.the competent supervisory authority of the federal state in which you reside or the authority responsible for us. You can reach the responsible data protection authority here:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Maja Smoltczyk
Friedrichstr. 219
10969 Berlin
Tel.: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
E-Mail: mailbox@datenschutz-berlin.de
4. PROCESSING ACTIVITIES: WEBSITE
4.1. SERVER LOG FILES
Legal Basis:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the security, stability and functionality of our website.
Type and Purpose:
When you access our website, information of a general nature is automatically collected. This information (server log files) includes:
The processing occurs for following purposes:
Retention Period:
The server log files are deleted after 1 month.
Statutory or Contractual Requirement to provide Data:
The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed.
Recipients:
Recipients of the data may be technical service providers who are responsible for the operation and maintenance of our website. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions.
4.2. E-MAIL CONTACT
Legal Basis:
The processing of data transmitted by e-mail is based on a legitimate interest (Art. 6 para. 1 lit. fGDPR) in efficient and simple communication with you.
Depending on the nature of your request, the processing of data transmitted by e-mail may serve to carryout pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
Type and Purpose:
We offer you the possibility to get in contact with us directly via e-mail. The data entered and transmitted by you will be processed exclusively for the purpose of individual communication with you. We will process your e-mail address as well as any information you share with us within communications.
Retention Period:
If no user relationship is established after contact, your data will be deleted at the latest 6 months after the last contact.
If a contractual relationship is concluded, your contact data will be stored as long as the user relationship lasts. If we are subject to legal retention periods, we will comply with these and delete your data after the expiry of these periods.
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary. Without transmission of data we cannot answer your inquiry, however.
Recipients:
The recipients of the data are processors on our behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
4.3. NEWSLETTER
Legal Basis:
The data is processed on the basis of the user's consent (Art. 6 Para. 1 lit. aGDPR).
Type and Purpose:
We offer you the possibility to get subscribed to our newsletter. The data entered and transmitted by you will be processed exclusively for providing the newsletter to you. We will process your e-mail address as well as the date of your sign-up.
Retention Period:
The data is stored until you withdraw your consent.
Right to Withdraw:
You can withdraw you consent at any time e.g. by clicking the unsubscribe link contained in every newsletter e-mail.
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary. Without transmission of data we cannot answer your inquiry, however.
Recipients:
The recipients of the data are processors on our behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
4.4. APPLICATIONS
Legal Basis:
The data is processed on the basis of pre-contractual measures (Art. 6 Para. 1 lit. b GDPR).
Type and Purpose:
On our website you have the possibility to apply for open positions. In order to accept and evaluate your application we will need to process the following personal information:
Retention Period:
The server log files are deleted after 6 months.
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary. You can choose to send us your data in physical form via mail. Without transmission of data we cannot accept your application.
Recipients:
The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
4.5. GOOGLE ANALYTICS
Legal Basis:
The data is processed on the basis of the user's consent (Art. 6 Para. 1 lit. a GDPR).
Type and Purpose:
Our website uses Google Analytics (‚GA‘),a web analysis service of Google IrelandLtd, Gordon House, Barrow Street, Dublin 4. Ireland („Google“).
GA enables us to analyse the usage of our website by cookie storage. On our behalf, GA creates reports concerning the activities on our website and provides us with the respective information for statistical purposes and in order to optimise our website.
Anonymised data only (e.g. anonymised IP addresses, the date and time the page was viewed, the length of your stay or the page from which you came to our website) is stored and used on our server using Google Analytics technology. This information does not enable the identification of visitors to this website. IP addresses are anonymised before they are stored. This means that Google will anonymise your IP address while the data is still within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and anonymised there. The IP address which is transmitted by your browser will not be brought into contact with other data stored by Google.
Retention Period:
The server log files are deleted after 14 months.
Right to Withdraw:
You can withdraw your consent at any time by clicking http://tools.google.com/dlpage/gaoptout?hl=en
An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.
Recipients:
The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
4.6 HOTJAR
Legal Basis:
The data is processed on the basis of the user's consent (Art. 6 Para. 1 lit. a GDPR).
Type and Purpose:
Our website uses Hotjar a web analysis service of Hotjar Ltd, Level 2, St. Julains Business Centre, 3 Elia Tammit Street, St. Julians STJ 1000, Malta.
Hotjar analyses the user behaviour of website visitors (such as clicks, movements and keyboard inputs, in-/outgoing links, device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website) to optimise our website in order to analyse which the time spent on each section. The data is saved in pseudonymised user profiles which will not be connected to further information of website visitors (such as names and e-mail addresses).
Retention Period:
The server log files are deleted after 12 months.
Right to Withdraw:
You can withdraw your consent at any time by clicking https://www.hotjar.com/legal/compliance/opt-out/
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.
Recipients:
The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
4.7. HUBSPOT
Legal Basis:
The data is processed on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Type and Purpose:
Our website uses Hubspot a web service of HubSpot, Inc. 25 First Street, Cambridge, MA 02141 USA.
Hubspot analyses website visitor’s behaviour in order to optimise our website performance and to administrate our customer database. If you provide us with information via our web forms (e.g. Name and e-mail address) this data is saved at the Hubspot server and is connected with your user profile. This enables us to track your user behaviour (e.g. clicks on the website, sites visited, e-mails received and clicks in e-mails).
You can demand your rights with regard to these tracking activities (e.g. object to data processing or deletion of personal data collected by Hubspot). You can prevent the described website tracking in your browser settings.
Retention Period:
The respective cookie data is deleted after 13 months.
Right of appeal:
You may exercise your rights in relation to these tracking activities (e.g., object to data processing or request deletion of personal data collected by Hubspot). You can disable the described site tracking in your browser settings.
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.
Recipients:
The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
4.8. GOOGLE ADS / REMARKETING / DOUBLECLICK
Legal Basis:
The data is processed on the basis of the user's consent (Art. 6 Para. 1 lit. a GDPR).
Type and Purpose:
The tracking functions target groups created with Google Analytics. Remarketing is to be linked with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising messages that were adapted to you depending on your previous usage and surfing behaviour on one device (e.g.mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
Once you give your permission, Google will link your web and app browsing history to your GoogleAccount for that purpose. This way, the same personalised advertising messages can be delivered to every device you sign in to with your Google Account.
To support this feature, Google Analytics collects Google authenticated user IDs that are temporarily linked to our Google Analytics data to define and create cross-device ad targeting.
Retention Period:
The server log files are deleted after 12 months.
Right to Withdraw:
You can withdraw your consent at any time by installing a signed-out Ads Setting plugin https://support.google.com/ads/answer/7395996.
An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.
Using ad preferences from Google, you can choose which Google ads you see. You can also disable personalisation of ads. Even if you opt out of personalising ads, you may still see ads based on factors such as your approximate location derived from your IP address, browser type, and recent search terms.
Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary, solely on the basis of your consent.
Recipients:
The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
5. DATA SECURITY
Personal data processed by us are protected against loss, falsification and unauthorised third-party access by adequate technical and organisational measures. In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. In general, our data is stored and processed by ISO 27001 certified service providers.
6. THIRD PARTY ACCESS
To provide our services we use subprocessors that process your data on our behalf and within the instruction of the respective Data Protection Agreement. We use these service providers for the following services:
7. CHANGES TO THE PRIVACY NOTICE
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The current data protection declaration applies to every visit.
Org OS GmbH, April 2020