Skip to content
Empion logo

Data Protection


We (Empion GmbH) are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, e-mail addresses, user behavior. This is data with which we can identify you. In addition, you will occasionally find information on data processing procedures outside this website (e.g. video conferences or newsletters).

A. Responsibility for data processing

The responsible party for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

Empion GmbH

Am Kupfergraben 6A

10117 Berlin

E-mail: info@empion.de

Data Protection Officer

heyData GmbH

Schützenstr. 5

10627 Berlin

telephone: 02452 / 99 33 11

E-mail: datenschutz@empion.de

  

B. General

This privacy policy complies with the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behavior when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and if there are statutory retention obligations.

  

C. Information according to Art. 13 DS-GVO

This information is intended for customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:

●   	To fulfill our contractual obligations to you (Art. 6 para. 1 lit. b DSGVO).

●   	To perform pre-contractual obligations (Art. 6 para. 1 lit. b DSGVO).

●   	To respond to inquiries (Art. 6 para. 1 lit. b DSGVO).

●   	If you have given us your consent to process your personal data for certain purposes (for example, to receive our newsletter), the data processing will be based on your consent (Art. 6 para. 1 lit. a DSGVO).

●   	To fulfill legal obligations to which our company is subject (Art. 6 para. 1 lit. c DSGVO).

●   	To the extent necessary, we also process your data to protect our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research insofar as you have not objected to the use of your data for this purpose, for measures to manage business and further develop services and products, for measures to optimize products and sales, for measures to manage risk, to prevent or investigate criminal offences (Art. 6 para. 1 lit. f DSGVO).

D. Categories of recipients of personal data

Within our company, only those employees have access to the data who absolutely need it to perform their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who have their registered office within the EEA and are commissioned in accordance with data protection requirements. Insofar as service providers commissioned by us receive access to personal data when performing your services, order processing agreements have been concluded with them in accordance with Art. 28 (3) DSGVO.

E. Duration of data storage

The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are, in particular, retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we process the data only for as long as the specific purpose requires.

F. Your data subject rights

●   	As a data subject, you have the following rights with regard to the personal data concerning you vis-à-vis us, which you can assert by sending an e-mail to datenschutz@empion.de.

If you have given us your express consent to the processing of your personal data, you may revoke this consent at any time free of charge with effect for the future. Your revocation will have no effect on the lawfulness of the processing of your personal data that has taken place up to that point and on the lawfulness of such processing for which another legal basis exists.

●   	You may request information about your personal data processed by us in accordance with Art. 15 DS-GVO. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details. You may also request that we provide you with a copy of the data we hold about you;

●   	You may, in accordance with Art. 16 DS-GVO, immediately request the correction of incorrect or completion of your personal data stored by us;

●   	You may, in accordance with Art. 17 DS-GVO, request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;

●   	You may request the restriction of the processing of your personal data in accordance with Art. 18 DS-GVO, insofar as the accuracy of the data is disputed by you, insofar as the processing

Right of objection

If we process your personal data on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DS-GVO, you have the right to object to the processing of your personal data pursuant to Article 21 DS-GVO, provided that there are grounds for doing so that arise from your particular situation, or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

G. Cookies

Cookies are small text files that are sent by us to the browser of your terminal device during your visit to our Internet pages and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing procedures. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website

H. Data processing in detail

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling does not take place.

1. Provision of the website - log files

When calling up and using our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

●   	IP address of the requesting computer

●   	Date and time of access

●   	Name and URL of the retrieved file

●   	Website from which the access is made (referrer URL)

●   	Browser used and, if applicable, the operating system of your computer and its interface, as well as the name of your access provider

●   	Language and version of the browser software

●   	Time zone difference from Greenwich Mean Time (GMT).

●   	Content of the request (specific page)

●   	Access status/HTTP status code

●   	Amount of data transferred in each case

●   	Web page from which the request came

The storage of the IP address for the duration of the session is necessary to be able to display our web pages to you. The processing of the other data serves in particular to ensure the permanent functionality and security of our websites and information technology systems.

The legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interest in data processing is to achieve the aforementioned purposes.

The log files are stored for a period of 30 days and deleted thereafter, unless they need to be kept longer by way of exception to follow up on an identified attack. Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 DSGVO for the purpose of providing the website.

2. Contact form

Type and scope of processing

If you send us inquiries (e.g. via contact form, e-mail or telephone), we store all data resulting from this (e.g. name, e-mail address, subject of the inquiry, etc.). We need this data to process your inquiry and to be able to answer follow-up questions. We do not pass on this data without your consent.

Purpose and legal basis

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if you have previously given it.

Storage period

We delete your data after the end of its purpose. We store certain data until the expiry of statutory periods of limitation (regularly three years) and/or statutory retention periods, for example from the German Fiscal Code and the German Commercial Code (regularly up to ten years).

3. Contacting for applicants

Type and scope of processing

On our website, you have the option of applying to us (e.g. by e-mail, post or via online application form).

Purpose and legal basis

●   	During the application process, we process the following categories of data:

●   	Private contact and identification data: e.g. surname, first name, academic degree, gender, e-mail address, address and telephone number.

●   	Data about your professional qualifications, e.g. school-leaving and educational qualifications, language skills, as well as your place of study or training, references

●   	If you send us your resume, we will process the data provided in it, such as photos of you or possibly the existence of a driver's license

●   	If applicable, other data provided by you as part of the application.

Your application documents will be sent to the contact person named in the job advertisement and will be forwarded internally to other partners and employees responsible for the application process.

Your data will be processed by us in order to check whether you are eligible for employment with us as part of the applicant selection process.

The legal basis for data processing is Section 26 (1) BDSG and Article 6 (1) b DSGVO (contract initiation). Information that you provide voluntarily and that goes beyond what is required is processed on the basis of our legitimate interest (Art. 6 (1) (f) DSGVO) in being able to respond to your application in the best possible way. If you provide information in individual cases for which we have no legal basis for processing, we will not process it.

Storage period

If an employment relationship is established with you, we will continue to process your data for the purposes of the employment relationship in accordance with a separate data protection statement, which you will then receive from us.

In the event that no employment relationship is established with you, we will generally store your data for a period of six months from the time you receive the rejection. Your application documents will then be deleted.

Internally, only those persons have access to your data who need it for the above-mentioned purposes. These are primarily the responsible partners, responsible HR employees and all persons who are necessarily involved in the applicant selection process.

Inclusion in the applicant pool

As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of 12 months on the basis of consent within the meaning of Art. 6 (1) lit. a. DS-GVO to be included.

The application documents in the talent pool will be processed solely in the context of future job postings and employee searches and will be destroyed no later than the expiration of the period. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future.

If you receive an offer of employment with us as part of the application process and accept this offer, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.

4. Processing of personal data in the context of personnel placement

The core activity of our company is the placement of employees. Applications that we receive for the purpose of recruitment are used exclusively for this purpose. If you commission us with headhunting, personnel consulting, or other recruiting services, we process your personal data for the purpose of carrying out your order or pre-contractual measures that take place at your request. The legal basis is Art. 6 para.1 lit. b DSGVO.

We store your data as long as they are required for the purposes envisaged by the contract. fulfillment of the contract are required.

5. Use of Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Furthermore, Google Analytics may record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Section 25 (1) TTDSG, Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage period

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

6. Presences on social media platforms

Data processing by social networks

We operate publicly accessible profiles on social networks. The social networks used by us in detail can be found below.

Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively. By visiting our social media presences, the following data protection-relevant processing operations are triggered:

If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit. Independently of this, the operator may also process your data (e.g. IP address) under certain circumstances even if you are not logged into your account or you do not have an account at all.

The operator summarizes this data in user profiles, in which your preferences and interests are stored. These profiles are used for the placement of personalized advertising within and outside the respective social media presence. If you have an account with the respective social network, the personalized advertising may be displayed on all devices on which you are or were logged in.

Depending on the platform, further processing operations may be carried out by the operators of the social media portals, over which we have no control. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet within the meaning of Art. 6 Para. 1 lit. f DSGVO. In addition, we are pursuing our legitimate interests in a diverse external presentation of our company and the use of an effective information option to improve our external presentation and communication with you. The analysis processes carried out by the operators of the social networks may be based on different legal bases, which are to be specified by the respective providers. If you have given a platform operator your consent to data processing, Art. 6 (1) lit. a DS-GVO is the legal basis.

Responsibility and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Despite the joint responsibility with the social media portal operators, we have no full influence on the data processing operations of the portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of the data collected by the social networks. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook page

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data collected is also transferred to the USA and other third countries.

We have entered into a Joint Processing Agreement (Controller Addendum) with Facebook, which specifies which data processing operations we or Facebook are responsible for. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

More information on data processing by Facebook can be found at https://www.facebook.com/about/privacy/.

Instagram page

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum,

https://help.instagram.com/519522125107875

and https://de-de.facebook.com/help/566994660333381.

For details on their handling of your personal data, please see Instagram's privacy policy: https://help.instagram.com/519522125107875.

LinkedIn page

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa

and https://www.linkedin.com/legal/l/eu-sccs.

For details on their handling of your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

7. Registration on this website

You have the option to register an account on our website. We process the user data you enter exclusively for the provision of the service for which you have registered.

For important changes, for example, in the scope of the offer or for technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

8. Registration with Google

For registration on this website, you can use your Google account. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you only need to enter your account information (Google name and password). Google will identify you and confirm your identity to our website.

When you register with Google, we may use certain information on your account to complete your profile with us. You decide this as part of your Google security settings, which can be found here: https://myaccount.google.com/security and https://myaccount.google.com/permissions.

The option to register with Google is voluntary, and the associated data processing is based on our legitimate interest in providing our users with the simplest possible registration process (Art. 6(1)(f) DSGVO).

Independent of our processing is the data processing by Google, about which you can learn more at https://policies.google.com/privacy?hl=de.

9. E-mail newsletter

You can subscribe to an email newsletter ("Newsletter") on our website. To subscribe to our newsletter, you must provide us with your email address. To verify your e-mail address, we use the so-called double opt-in procedure. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you confirm this, we will store your data until you unsubscribe from the newsletter. The storage serves the sole purpose of being able to send you the newsletter.

The legal basis is your express consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO.

You can revoke your consent and unsubscribe from the newsletter at any time. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to the above address or by sending a message to the contact details provided in the imprint.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, we may store your e-mail address in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

10. Video conferencing

To conduct video and audio conferences, webinars and other types of video and audio meetings, we use third-party video conferencing tools. In doing so, the following categories of data are processed:

●   	Inventory data (e.g., names, addresses),

●   	Contact data (e.g. e-mail, telephone numbers),

●   	Content data (e.g. text entries, photographs, videos),

●   	Meta/communication data (e.g. device information, IP addresses).

The purpose of processing the data is to set up and conduct online meetings / video conferences. The processing is carried out on the legal basis of Art. 6 (1) lit. b DSGVO or according to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interests in efficient and secure communication with our communication partners. If you have previously given your consent to data processing, the processing of your data will take place solely on the basis of Art. 6 (1) lit. a DS-GVO; consent can be revoked at any time.

We use the following video conferencing tools:

Google Meet: For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dubil 4, Ireland) is responsible.

In order to provide a sufficient guarantee for any data transfers to the USA or other third countries, the EU standard contractual clauses apply.

When you share content in this service, it is stored on the servers of the providers. This includes cloud recordings, chat messages, voice messages, and photos and videos you have shared while using this service. We have no influence on the processing by the provider of the video conferencing tool.

For more information on data processing by the conferencing tools, please refer to the privacy statements of the respective tool used.

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

11. Adobe Typekit

Nature and extent of processing

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access this website, your browser loads the required fonts directly from Adobe so that they can be displayed correctly on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.

Purpose and legal basis

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information on Adobe Fonts, please visit:

https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.


12. Google Fonts

Type and scope of processing

This website uses web fonts for the uniform display of fonts. These are provided by Google. Your browser loads the required web fonts into your browser cache when you call up the page so that texts and fonts are displayed correctly. For this purpose, the browser you are using establishes a connection to Google's servers. Google thereby obtains knowledge of your IP address.

If your browser does not support web fonts, a standard font will be used by your computer.

You can find more information about Google Web Fonts here: https://developers.google.com/fonts/faq.

Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de.

Purpose and legal basis

The use of Google Web Fonts is based on our legitimate interest in a uniform presentation of the typeface of our website (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing of the data is based exclusively on your consent in accordance with Art. 6 (1) lit. a DS-GVO. This can be revoked at any time.

13. Squarespace

Type and scope of processing

Our website was created using the Squarespace website building system. Squarespace is a service of Squarespace Ireland Ltd,Le Pole House Ship Street Great Dublin 8 Ireland . and provides web development technology, web design and layout tools, domain hosting and other marketing and workflow management applications.

We use Squarespace for, among other things, web hosting and the display of our website. In addition, Squarespace collects statistical data about visits to our website.

The following data is usually transmitted: website accessed, date and time of access, amount of data transferred, notification of whether an access was successful, browser type and version, the user's operating system, the previously visited website (referrer) and the IP address.

This log data is processed exclusively for the above-mentioned purposes, as well as to maintain the security, functionality and optimization of the Squarespace offer.

Purpose and legal basis

The use of the service is based on our legitimate interests, i.e. interest in a secure and efficient provision, as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Squarespace Ireland Ltd. Further information can be found in the privacy policy for Squarespace: https://de.squarespace.com/privacy/.

 14. Bubble.io

 Nature and scope of processing

We use Bubble.io Bubble Group, Inc, 55 Hudson Yards, 44th Floor New York, NY 10001 to provide our webapps ("Bubble.io").
We use Bubble.io for, among other things, web hosting and displaying our webapps. In addition, Bubble.io collects statistical data about visits to our website.

The following data is usually transmitted: website accessed, date and time of access, amount of data transferred, notification of whether an access was successful, browser type and version, the user's operating system, the website previously visited (referrer) and the IP address.

These log data are processed exclusively for the above-mentioned purposes, as well as to maintain the security, functionality and optimization of our

Chat System
We use the service provider Bubble.io to provide the chat system. The messages in our chat system are currently not encrypted end-to-end for technical reasons. When using our applicant portal, your personal data is also transferred to the USA.

Purpose and legal basis

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

15. Facebook Pixel

We use the remarketing function "Custom Audiences", the targeting function "Lookalike Audiences" and the Conversions API of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland "Facebook") on our website.

The purpose of the "Custom Audiences" application is to target visitors to the website with interest-based advertising ("Facebook Ads" or "Instagram Ads") on the social networks Facebook and Instagram, as well as on partner sites of Facebook. For this purpose, the remarketing tag of Facebook has been implemented on the Website (also called Facebook Pixel). Facebook Pixel uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. Via the remarketing tag, a direct connection to the Facebook servers is established when you visit the website. This transmits to the Facebook server which of our pages you have visited and which interactions have been carried out. In this case, Facebook Pixel also enables a check whether you were redirected to our website after clicking on our Facebook or Instagram ads. Facebook assigns this information to your personal Facebook/Instagram user account. When you visit the Facebook or Instagram social network, you will then be shown personalized, interest-related "Facebook ads" or "Instagram ads". The data collected about you is pseudonymized for us, so it does not offer us any conclusions about your identity. However, this data can be linked by Facebook to your Facebook/Instagram user account.

The "Lookalike Audiences" function of Meta Platforms Ireland Limited ("Facebook") uses the same tracking pixel and is used by Facebook to calculate similarities with other Facebook/Instagram users* and to identify new customers based on website visits as well as interactions. Based on this, statistical twins/lookalikes target groups are formed in order to display interest-based ads to these users as well.

With Facebook Conversions API, the data is still collected in the client and processed on our web server - however, the data collection with the API also works if the Facebook Pixel should be blocked in the client. A tracking code is then executed on the server, which sends the collected events to the actual Facebook API on Facebook's servers. There, the data from the API and the data from the Facebook Pixel are merged - so the Conversion API complements the tracking using Facebook Pixel. For more information, please visit: https://www.facebook.com/business/help/2041148702652965?id=818859032317965

Meta Platforms Ireland Limited and we are jointly responsible for the collection of your data and transmission of this data to Facebook when the service is integrated. This is based on an agreement between us and Meta Platforms Ireland Limited on the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible in particular for fulfilling the information obligations pursuant to Articles 13, 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations pursuant to Articles 33, 34 of the GDPR to the extent that a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland Limited has the responsibility to enable data subject rights under Art. 15 - 20 GDPR, to comply with the security requirements of Art. 32 GDPR with respect to the security of the Service, and to comply with the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Meta Platforms Ireland Limited's obligations under the Joint Processing Agreement.

As there is a transfer of personal data to the USA, further safeguards are required to ensure the level of data protection of the GDPR. No adequacy decision of the EU Commission is available for the USA. The data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, viewable at: https://www.facebook.com/legal/eu_data_transfer_addendum. As an additional measure to the standard contractual clauses, Facebook has implemented the following technical and organizational measures to protect your data:

https://www.facebook.com/legal/terms/data_security_terms

The use of cookies or similar technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a DSGVO. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.

For more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at https://www.facebook.com/about/privacy.
Deactivation of the "Facebook Custom Audiences" function is possible for logged-in users under this link and via the privacy settings in your browser.

16. Google Tag Manager

Type and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services on our website

This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis

Google Tag Manager is used on the basis of our legitimate interests, i.e. interest in optimizing our services pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://www.google.com/analytics/terms/tag-manager/

17. Hubspot

We use the services of the provider HubSpot. HubSpot is a provider from the USA with a branch office in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).HubSpot is digital marketing software that allows us to send emails and cover other aspects of our online marketing. In the process, the following personal data may be collected, for example: Email address, first name and last name of platform users; information about who receives which mails and when and interacts with which links.

The data is deleted when applicants delete themselves from the platform. The data processing takes place on the basis of consent pursuant to Art. 6 para. 1 lit. a DS-GVO. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a DS-GVO.

18. Hotjar

We use Hotjar of the company Hotjar Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) on our website to statistically analyze visitor data. Hotjar is a service that analyzes the behavior and feedback of you, the user, on our website through a combination of analytics and feedback tools. We receive reports and visuals from Hotjar that show us where and how you "move" on our site. Personal data is automatically anonymized and never reaches Hotjar's servers. This means that you are not personally identified as a site user and we still learn a lot about your user behavior. For the use of Hotjar we use cookies (see section G). The use of Hotjar requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur when collected by web analytics tools.

In addition to consent, there is a legitimate interest on our part in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of Hotjar, we detect website errors, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Hotjar if you have given your consent.