Data Protection
Part 1 Data Protection Information dataglobal Group
The dataglobal Group GmbH is a corporate group comprising the following companies:
- dataglobal Heilbronn GmbH, Heilbronn
- dataglobal Bochum GmbH, Bochum
- dataglobal München GmbH & Co. KG, Grünwald
- eleven cyber security GmbH, Berlin
1. Controller for Data Processing and Contact Details
dataglobalgroup.com
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
+49 (0)7131 1226 500
datenschutz@dataglobal.com
windream.com
dataglobal Bochum GmbH
Wasserstraße 219
44799 Bochum
+49 (0) 234 9734 0
info@windream.com
dataglobal.com
dataglobal Heilbronn GmbH
Im Zukunftspark 10
74076 Heilbronn
+49 (0)7131 1226 500
info@dataglobal.com
vysoft.eu
dataglobal München GmbH & Co. KG
Bavariafilmplatz 7
82031 Grünwald
+49 (0) 89 700 744 070
info@vysoft.eu
eleven.de
eleven cyber security GmbH
Friedrichstrasse 171
10117 Berlin
+49 (0)30 520056 0
info@eleven.de
Contact details of our Data Protection Officer:
For questions regarding data protection, the processing of your data, and your rights, please contact:
Data Protection Officer of dataglobal Group GmbH
HEC Harald Eul Consulting GmbH
Data Protection + Data Security
Auf der Höhe 34
50321 Brühl
Email: datenschutz@dataglobal.com
Contact details of our Information Security Officer:
Email: isb@dataglobal.com
2. Purposes and Legal Basis for Processing Your Data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other applicable data protection regulations (details below).
Which data, if applicable, is processed individually, also with the use of Artificial Intelligence (AI), and how it is used, depends significantly on the services requested or agreed upon. Further details or additions regarding the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent, and/or other information provided to you (e.g., within the scope of using our website or our terms and conditions).
Furthermore, this data protection information may be updated from time to time, as you can see on our website www.dataglobalgroup.com.
2.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)
The processing of personal data takes place for the execution of our contracts with you and the fulfillment of your orders, as well as for the implementation of measures and activities within the scope of pre-contractual relationships, e.g., with prospective customers. In particular, the processing serves to provide services according to your orders and wishes and includes the necessary services, measures, and activities for this purpose. These essentially include contract-related communication with you, the corresponding billing and associated payment transactions, credit checks, the verifiability of transactions, orders, and other agreements, as well as quality control through appropriate documentation, goodwill procedures, measures for controlling and optimizing business processes, and for fulfilling general due diligence obligations, management and control by affiliated companies (e.g., parent company); statistical evaluations for corporate management, cost accounting and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant security, ensuring and exercising domiciliary rights (e.g., through access controls); ensuring the integrity, authenticity, and availability of data, prevention and investigation of criminal offenses; control by supervisory bodies or control instances (e.g., auditing).
2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)
Beyond the actual fulfillment of the contract or pre-contract, we may process your data if it is necessary to protect legitimate interests of us or third parties, particularly for the purposes of:
• advertising or market and opinion research, provided you have not objected to the use of your data;
• obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk;
• the examination and optimization of procedures for needs analysis;
• the further development of services and products as well as existing systems and processes;
the training and (further) development of AI applications
• the disclosure of personal data within the scope of due diligence in company sale negotiations;
• for comparison with European and international anti-terror lists, insofar as this goes beyond legal obligations;
• the enrichment of our data, including through the use or research of publicly available data;
statistical evaluations or market analysis;
• benchmarking;
• the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship;
• the restricted storage of data if deletion is not possible or only possible with disproportionately high effort due to the particular nature of the storage;
• the development of scoring systems or automated decision-making processes;
• the prevention and investigation of criminal offenses, insofar as not exclusively for the fulfillment of legal requirements;
• the anonymization of personal data;
• building and plant security (e.g., through access controls and video surveillance), insofar as this goes beyond general due diligence obligations;
• internal and external investigations, security audits;
• internal fraud or abuse prevention in connection with the fulfillment of a contract and pre-contractual measures, insofar as not exclusively for the fulfillment of legal requirements;
• the possible eavesdropping on or recording of telephone calls for quality control and training purposes;
• the obtaining and maintenance of private or official certifications;
• the safeguarding and exercise of domiciliary rights through appropriate measures, as well as through video surveillance to protect our customers and employees and to secure evidence in criminal offenses and their prevention.
2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)
The processing of your personal data for certain purposes (e.g., using your email address for marketing purposes) may also take place based on your consent. As a rule, you can revoke this at any time. This also applies to the revocation of declarations of consent that were granted to us before the GDPR came into force, i.e., before May 25, 2018. You will be separately informed about the purposes and consequences of a revocation or non-granting of consent in the corresponding text of the consent.
In principle, the revocation of consent only takes effect for the future. Processing that took place before the revocation is not affected by this and remains lawful.
2.4 Purposes for the fulfillment of legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
Like anyone involved in economic activity, we are subject to a variety of legal obligations. Primarily, these are legal requirements (e.g., commercial and tax laws), but also, if applicable, supervisory or other official regulations. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating, and investigation of terrorist financing and crimes endangering assets, comparisons with European and international anti-terror lists, the fulfillment of tax control and reporting obligations, as well as the archiving of data for data protection and data security purposes and for inspection by tax and other authorities. Furthermore, the disclosure of personal data may be necessary within the scope of official/judicial measures for the purposes of evidence collection, criminal prosecution, or enforcement of civil law claims.
This website uses cookies. When you visit our website, we use cookies and similar technologies to access or store information in your system’s browser. In addition to strictly necessary technologies, these also include optional technologies – including from third-party providers – to analyze access to our website and the success of our advertising measures, to create individual user profiles, including the processing of sociodemographic characteristics (such as age, gender, or interests), and for cross-device profiling. This allows us to present more individualized advertising to you on our websites and third-party sites and to use it for our own third-party purposes. You help us if you click on (Accept) and thereby agree to these optional processing and data transfers. You can revoke or change your consent at any time with effect for the future by clicking on the black bracket icon. Further details on data processing – including by third-party providers – can be found in our Privacy Policy. Here you can find our Imprint.
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent at any time from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy. Please state your consent ID and the date when you contact us regarding your consent.
Your consent applies to the following domains: www.vysoft.eu
Your Consent ID: GiHq9J7vXKhtHNcrV0XWU7drrWsegPqsPy/L6tlD0kYKqM89Q6ny0A==Consent Date: Friday, September 26, 2025 at 1:06:32 PM CEST
The Cookie Declaration was last updated on 2025-11-12 by Cookiebot:
Necessary (10)
Necessary cookies help to make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
| Name | Provider | Purpose | Maximum storage duration | Type |
|---|---|---|---|---|
| _cfuvid | HubSpot | This cookie is part of Cloudflare’s services – including load balancing, website content delivery, and providing a DNS connection for website operators. | Session | HTTP Cookie |
| _GRECAPTCHA | This cookie is used to distinguish between humans and bots. This is beneficial for the website to create valid reports on its usage. | 180 days | HTTP Cookie | |
| CookieConsent | www.vysoft.eu | Stores the user’s cookie consent status for the current domain. | 1 year | HTTP Cookie |
| cookietest | fast-static.smarketer.de | This cookie is used to determine if the visitor has accepted the cookie consent box. | Session | HTTP Cookie |
| hex (32) | www.vysoft.eu | Used to manage server requests to the website backend. | Session | HTTP Cookie |
| rc::a | HubSpot | This cookie is used to distinguish between humans and bots. This is beneficial for the website to create valid reports on its usage. | Persistent | HTML Local Storage |
| rc::b | HubSpot | This cookie is used to distinguish between humans and bots. | Session | HTML Local Storage |
| rc::c | HubSpot | This cookie is used to distinguish between humans and bots. | Session | HTML Local Storage |
| rc::f | HubSpot | This cookie is used to distinguish between humans and bots. | Persistent | HTML Local Storage |
| test_cookie | Used to check if the user’s browser supports cookies. | 1 day | HTTP Cookie |
Marketing (9)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user, and therefore more valuable for publishers and third-party advertisers.
| Name | Provider | Purpose | Maximum storage duration | Type |
|---|---|---|---|---|
| _ga | Used to send data to Google Analytics about the device and behavior of the visitor. Captures the visitor across devices and marketing channels. | 2 years | HTTP Cookie | |
| _ga_# | Used to send data to Google Analytics about the device and behavior of the visitor. Captures the visitor across devices and marketing channels. | 2 years | HTTP Cookie | |
| _gat | Used to send data to Google Analytics about the device and behavior of the visitor. Captures the visitor across devices and marketing channels. | 1 day | HTTP Cookie | |
| _gcl_au | Used by Google AdSense for experimenting with ad effectiveness on websites that use its services. | 3 months | HTTP Cookie | |
| _gcl_ls | Tracks the conversion rate between the user and the advertising banners on the website – This serves to optimize the relevance of advertising on the website. | Persistent | HTML Local Storage | |
| _gid | Used to send data to Google Analytics about the device and behavior of the visitor. Captures the visitor across devices and marketing channels. | 1 day | HTTP Cookie | |
| IDE | Used by Google DoubleClick to register and report user actions on the website after viewing or clicking on one of the provider’s ads, for the purpose of measuring the effectiveness of an advertisement and displaying targeted advertising to the user. | 400 days | HTTP cookie | |
| pagead/1p-conversion/#/ | Tracks the conversion rate between the user and the advertising banners on the website – This serves to optimize the relevance of advertising on the website. | Session | Pixel tracker | |
| pagead/1p-user-list/# | Used to track whether the visitor has shown interest in certain products or events on multiple websites and how the visitor navigates between websites – This is used to measure advertising effort and facilitates the payment of referral fees between websites. | Session | Pixel tracker |
3. Categories of data processed by us, insofar as we do not receive data directly from you, and their origin
Insofar as this is necessary for the provision of our services, we lawfully process personal data received from other companies or other third parties (e.g., credit agencies, address publishers). In addition, we process personal data that we have lawfully obtained, received, or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, registration registers, debtor registers, land registers, press, internet, and other media) and are permitted to process.
Relevant categories of personal data may include, in particular:
Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry, and comparable data)
Contact data (address, email address, telephone number, and comparable data)
Address data (registration data and comparable data)
Customer history
Data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, pages/links clicked by us or entries and comparable data)
Video data
4. Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units that require your data to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interest will receive your data. Your data will only be transferred to external parties:
• in connection with contract execution;
• for the purpose of fulfilling legal requirements according to which we are obliged to provide information, report, or transfer data, or if the data transfer is in the public interest (cf. Section 2.4);
• insofar as external service providers process data on our behalf as processors or functional transferees (e.g., external data centers, support/maintenance of EDP/IT applications, archiving,
• document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, purchasing/procurement, customer management, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics);
• based on our legitimate interest or the legitimate interest of the third party for the purposes mentioned under Section 2.2 (e.g., to authorities, credit agencies, debt collection, lawyers, courts, experts, affiliated companies and bodies and control instances);
• if you have given us consent to transfer data to third parties.
We will not transfer your data to other third parties beyond this. Insofar as we commission service providers within the framework of order processing, your data will be subject to the same security standards there as with us. In other cases, recipients may only use the data for the purposes for which they were transmitted to them.
5. Duration of storage of your data
6. Processing of your data in a third country or by an international organization
Data transfer to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) occurs if it should be necessary for the execution of an order/contract from or with you, if it is legally required (e.g., tax reporting obligations), if it is within the scope of a legitimate interest of ours or a third party, or if you have given us consent.
The processing of your data in a third country may also take place in connection with the involvement of service providers as part of order processing. If there is no decision by the EU Commission regarding an adequate level of data protection in the country concerned or for specific sectors in a third country, there is a risk of governmental access without adequate legal remedies. In this context, corresponding contracts (such as EU standard contractual clauses) and additional measures can be used as a basis for the transfer. Information on the appropriate or adequate safeguards and the possibility of obtaining a copy from you can be requested from the company’s data protection officer.
7. Your data protection rights
Under certain conditions, you can assert your data protection rights against us.
• For example, you have the right to obtain information from us about your data stored with us according to the rules of Art. 15 GDPR (possibly with restrictions according to § 34 BDSG).
• Upon your request, we will rectify the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
• If you wish, we will delete your data according to the principles of Art. 17 GDPR, provided that other legal regulations (e.g., statutory retention obligations or the restrictions according to § 35 BDSG) or an overriding interest on our part (e.g., to defend our rights and claims) do not prevent this.
• Taking into account the conditions of Art. 18 GDPR, you can request us to restrict the processing of your data.
• Furthermore, you can object to the processing of your data according to Art. 21 GDPR, on the basis of which we must cease processing your data. However, this right to object only applies in the presence of very specific circumstances of your personal situation, whereby the rights of our company may, if applicable, conflict with your right to object.
• You also have the right to receive your data in a structured, common, and machine-readable format under the conditions of Art. 20 GDPR or to transmit it to a third party.
• In addition, you have the right to revoke any consent given for the processing of personal data at any time with effect for the future (cf. Section 2.3).
• Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.
• Your requests regarding the exercise of your rights should, if possible, be addressed in writing to the address given above or directly to our data protection officer.
8. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for establishing and conducting a business relationship or for a pre-contractual relationship with us, or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be separately informed about the voluntary nature of the information.
Information on your right to object Art. 21 GDPR
1. You have the right to object at any time to the processing of your data, which is carried out on the basis of Art. 6 para. 1 f GDPR (data processing based on a balancing of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest), if there are reasons arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
2. We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling insofar as it is related to such direct marketing. We will respect this objection for the future.
We will no longer process your data for direct marketing purposes if you object to the processing for these purposes.
The objection can be made informally and should preferably be addressed to
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
marketing@dataglobal.com
Part 2 Supplementary Data Protection Information on the Use of Website and Online Services
We generally collect and use personal data of our users only to the extent necessary for providing a functional website and our content and services. The collection and use of personal data of our users usually only takes place after the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by legal regulations.
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. For detailed information on general data protection, please refer to Part 1 above.
Data Collection on this Website
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This may include, for example, data that you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. These are primarily technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.
For this and other questions on data protection, you can contact us at any time.
Analysis Tools and Third-Party Tools
When visiting this website, your surfing behavior can be statistically evaluated. This is primarily done with so-called analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.
General Information on the Legal Basis for Data Processing on this Website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, provided that special categories of data according to Art. 9 para. 1 GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing also takes place on the basis of § 25 para. 1 TDDDG. Consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary for the fulfillment of a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing can also take place on the basis of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information on the respective legal bases applicable in individual cases will be provided in the following paragraphs of this privacy policy.
Data Collection
Cookies
Our websites use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your end device until you delete them yourself or until an automatic deletion by your web browser occurs.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
Cookies that are necessary for carrying out the electronic communication process, for providing certain functions desired by you (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing takes place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this privacy policy.
2. Use of Third-Party Tools
To offer you an optimal website, we use third-party providers. We use the following services, through which personal data may also be processed:
2.1 Google
The operator of all Google services mentioned here is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
2.1.1 Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It merely serves to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail
Further information on Tag Manager can be found at: www.google.com/intl/de/tagmanager/use-policy.html
2.1.2 Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and user origin. This data is aggregated into a user ID and assigned to the respective end device of the website visitor.
Furthermore, with Google Analytics, we can record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies for data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the US and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail
On our website, the Google Analytics service is used exclusively pseudonymously. The collected IP addresses are recorded in truncated form and thus anonymized.
Google Analytics collects the following data:
- IP address (anonymized)
- Usage data
- Click path
- Browser information
- Device information
- JavaScript support
- Pages visited
- Referrer URL
- Downloads
- Location information
- Date and time of visit
Personal data will be retained for as long as necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer required for the achievement of the purpose.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data Processing Agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
2.1.3 Google Audiences
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign individuals who interact with our online offering to specific target groups, in order to subsequently display interest-based advertising to them within the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages, which have been adapted to your previous usage and browsing behavior on one end device (e.g., mobile phone), can also be displayed on another of your end devices (e.g., tablet or PC).
If you have a Google account, you can object to personalized advertising via the following link: www.google.com/settings/ads/onweb/.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Further information and the privacy policy can be found in Google’s privacy policy at: policies.google.com/technologies/ads.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Audience Creation with Customer Match
For audience creation, we use, among other things, Google Ads Remarketing’s Customer Match. In this process, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the customers concerned are Google users and logged into their Google account, relevant advertising messages will be displayed to them within the Google network (e.g., on YouTube, Gmail, or in the search engine).
2.1.4 Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
You can adjust your Google Ads settings here https://myadcenter.google.com/controls
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate how often certain buttons on our website were clicked and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
More information on Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail
2.1.5 Google Signals
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used with the help of Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.
2.1.6 YouTube
We use the service “YouTube” to embed videos on the page. The operator of the necessary software is Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you click on the video, your IP address is transmitted to YouTube, informing YouTube that you have watched the video. If you are logged into YouTube, this information will also be associated with your user account. This can be prevented by logging out of YouTube before watching the video.
Accordingly, the following data may be collected and processed via YouTube:
- IP address
- Referrer URL
- Device information
- Videos watched
The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want YouTube to collect and process the data shown, you can refuse your consent in the cookie banner or revoke it at any time with future effect.
Personal data will be retained for as long as necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer required for the achievement of the purpose.
Further information on data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail
2.1.7. Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is intended to verify whether data entry on this website (e.g., in a contact form) is performed by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the website visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated espionage and SPAM. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Further information on Google reCAPTCHA can be found in Google’s privacy policy and Google’s terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which aims to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
2.2. HubSpot
On this website, we use the HubSpot service for various purposes. HubSpot is a software company from the US with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
HubSpot is an integrated software solution that allows us to cover various aspects of our online marketing. These include, among others:
Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages, and contact forms.
Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information as well as other demographic information. This information, along with the content of our website, is stored on the servers of our software partner HubSpot. We may use it to get in touch with visitors to our website and to determine which of our company’s services are of interest to them. All information collected by us is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.
More information on HubSpot’s privacy policy https://legal.hubspot.com/privacy-policy?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
More information from HubSpot regarding EU data protection regulations https://legal.hubspot.com/security?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
More information about the cookies used by HubSpot can be found here https://knowledge.hubspot.com/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
and here https://knowledge.hubspot.com/privacy-and-consent/hubspot-cookie-security-and-privacy?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
As part of the optimization of our marketing measures, the following data can be collected and processed via Hubspot:
• Geographic location
• Browser type
• Navigation information
• Referring URL
• Performance data
• Information on how often the application is used
• Mobile apps data
• Login information for the HubSpot subscription service
• Files that are viewed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of the visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version
In addition, we also use Hubspot to provide contact forms. Further information on this can be found in point 2.4 of this privacy policy.
The legal basis for processing the data is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. If you do not want HubSpot to collect and process the data shown, you can refuse your consent in the cookie banner or revoke it at any time with effect for the future. To do this, please use the top button under “Cookies”.
The personal data will be stored for as long as it is necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer required to achieve the purpose.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
2.3 LinkedIn Insight Tag
This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag
With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the professional key data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better align our site with the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our website make a purchase or other action (conversion measurement). Conversion measurement can also take place across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, with the help of which we can display targeted advertising to visitors to our website outside of the website, whereby, according to LinkedIn, the advertising addressee is not identified.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as website operators. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it as part of its own advertising measures. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
Insofar as consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6 Para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Art. 6 Para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures including social media.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
You can object to the analysis of usage behavior and targeted advertising by LinkedIn under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. In order to prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
2.4 Forms
We use the HubSpot service to provide the following online forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively on our behalf. See the privacy policy on “HubSpot”.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
2.5 Newsletter
If you subscribe to our newsletter, we will save your email address and use it to send the newsletter. Your email address will not be published or passed on to third parties.
We use HubSpot to provide the newsletter. After successful transmission of your contact details via the forms mentioned in point 2.4 and your express consent to receive the newsletter, a profile of you will be created in HubSpot. In addition to your contact details, this profile also contains your consent to the newsletter subscription.
- Data collected: Email address, first name, last name, salutation, job title
• Purpose: Sending the requested newsletter.
• Storage period: The data is generally only stored for as long as it is necessary to achieve the purpose. For the newsletter, the data will be stored for as long as a newsletter is to be sent and you have not objected to the use of your data.
• Legal basis: Art. 6 I a GDPR — Consent
Revocation: You can unsubscribe from our newsletter at any time via a link contained in every issue. We will then delete your email address from our distribution list. Alternatively, you can also unsubscribe from the newsletter at any time by sending an email to groupmarketing@dataglobal.com.
3. Social media
3.1 Facebook
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 Para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been recorded in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a data protection-compliant manner. Facebook is responsible for the data security of Facebook products. You can assert the rights of data subjects (e.g. requests for information) with regard to the data processed by Facebook directly with Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
3.2 Instagram
Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram.
Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 Para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. The processing by Facebook or Instagram after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been recorded in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a data protection-compliant manner. Facebook is responsible for the data security of Facebook or Instagram products. You can assert the rights of data subjects (e.g. requests for information) with regard to the data processed by Facebook or Instagram directly with Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Further information on this can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
3.3 LinkedIn
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time a page of this website that contains elements of LinkedIn is accessed, a connection to LinkedIn’s servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn “Recommend button” and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn.
Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 Para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de
Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.
3.4 Xing
This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of our pages that contains elements of XING is accessed, a connection to XING’s servers is established. To our knowledge, personal data is not stored in the process. In particular, no IP addresses are stored or user behavior is evaluated.
Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 Para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Further information on data protection and the XING Share button can be found in XING’s privacy policy at: https://www.xing.com/app/share?op=data_protection
4. Audio and video conferences
Data processing
We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/use to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this will also be stored on the servers of the tool providers. Such content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared during the use of the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed under this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
Zoom
We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zoom.us/de-de/privacy.html.
Part 3 Information to applicants according to articles 13 and 14 GDPR
1. Data controller and contact details
Data controller within the meaning of data protection law
Data controller within the meaning of the GDPR
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
Telephone: 07131 1226 500
datenschutz@dataglobal.com
Group of companies
dataglobal Group GmbH consists of a group of companies consisting of the following companies:
- dataglobal Bochum GmbH, Bochum
- dataglobal Heilbronn GmbH, Heilbronn
- dataglobal München GmbH & Co. KG, Grünwald
- eleven cyber security GmbH, Berlin
Contact details of our data protection officer:
Data protection officer of dataglobal Group GmbH
HEC Harald Eul Consulting GmbH
Data protection + Data security
Auf der Höhe 34
50321 Brühl
E-mail: datenschutz@dataglobal.com
2. Purposes and legal basis on which we process your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations. Details in the following. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and other information provided to you.
2.1 Purposes for the performance of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)
Your personal data is processed to process your application for a specific job advertisement or as an unsolicited application, and in this context in particular for the following purposes: Examination and assessment of your suitability for the position to be filled, performance and behavior assessment to the extent permitted by law, if applicable for registration and authentication for the application via our website, if applicable for the creation of the employment contract, traceability of transactions, orders and other agreements as well as for quality control through appropriate documentation, measures to fulfill the general duty of care, statistical evaluations for corporate management, travel and event management, travel booking and travel expense accounting, authorization and ID card management, cost recording and controlling, reporting, internal and external communication, accounting and tax assessment of company benefits (e.g. canteen meals), billing via company credit card, occupational safety and health protection, contract-related communication (including scheduling) with you, assertion of legal claims and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and system security, ensuring and exercising domiciliary rights through appropriate measures, such as video surveillance to protect third parties and our employees, and to prevent and secure evidence in the event of criminal offenses; ensuring the integrity, prevention and investigation of criminal offenses; authenticity and availability of data, control by supervisory bodies or control instances (e.g. audit).
2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)
In addition to the actual fulfillment of the (pre-)contract, we may process your data if it is necessary to protect legitimate interests of us or third parties. Your data will only be processed if and to the extent that there are no overriding interests on your part against such processing, in particular for the following purposes: Measures for the further development of existing systems, processes and services; comparisons with European and international anti-terror lists as well as other fraud or abuse prevention measures, insofar as they go beyond the legal obligations; enrichment of our data, including through the use of or research of publicly available data where necessary; benchmarking; development of scoring systems or automated decision-making processes; building and system security (e.g. through access controls and video surveillance), insofar as it goes beyond the general duty of care; internal and external investigations, security audits)
2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)
In addition to the actual fulfillment of the (pre-)contract, we may process your data if it is necessary to protect legitimate interests of us or third parties. Your data will only be processed if and to the extent that there are no overriding interests on your part against such processing, in particular for the following purposes: Measures for the further development of existing systems, processes and services; comparisons with European and international anti-terror lists as well as other fraud or abuse prevention measures, insofar as they go beyond the legal obligations; enrichment of our data, including through the use of or research of publicly available data where necessary; benchmarking; development of scoring systems or automated decision-making processes; building and system security (e.g. through access controls and video surveillance), insofar as it goes beyond the general duty of care; internal and external investigations, security audits)
2.4 Purposes for the fulfillment of legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
Like anyone who participates in economic activity, we are also subject to a large number of legal obligations. Primarily, these are legal requirements (e.g. Works Constitution Act, Social Security Code, commercial and tax laws), but also, if applicable, supervisory or other official requirements (e.g. employers’ liability insurance association). The purposes of processing may include identity and age verification, fraud and money laundering prevention (e.g. comparisons with European and international anti-terror lists), company health management, ensuring occupational safety, fulfilling tax control and reporting obligations, and archiving data for data protection and data security purposes, as well as for the purposes of auditing by tax advisors/auditors, tax and other authorities. In addition, the disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of gathering evidence, prosecuting criminal offenses or enforcing civil law claims.
3. The data categories processed by us, insofar as we do not receive data directly from you
If this is necessary for the contractual relationship with you and the application you have made, we may process data legitimately received from other sources or from other third parties. In addition, we process personal data that we have legitimately obtained, received or acquired from publicly accessible sources (such as commercial and association registers, registration registers, the press, the Internet and other media), insofar as this is necessary and we are permitted to process this data in accordance with the statutory provisions.
Relevant personal data categories may include in particular:
• Address and contact details (registration and comparable data, such as e-mail address and telephone number)
• Information about you on the Internet or in social networks
• Video data
4. Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that need it to fulfill our contractual and legal obligations (such as managers and specialists who are looking for a new employee or are involved in the decision on filling the position, accounting, company doctor, occupational safety, if applicable employee representation, etc.) or in the context of processing and implementing our legitimate interest. Your data will only be passed on to external bodies
- for processing your application for a specific job advertisement or as an unsolicited application to employees of affiliated companies, insofar as they are involved in or support the decision on filling the position (see section 2.1).
- for purposes for which we are obliged (e.g. financial authorities) or entitled to provide information, report or pass on data in order to fulfill legal requirements or the data transfer is in the public interest (see section 2.4);
- insofar as external service companies process data on our behalf as processors or function providers (e.g. credit institutions, external data centers, travel agency/travel management, printing companies or companies for data disposal, courier services, post, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned under section 2.2 (e.g. to authorities, credit agencies, lawyers, courts, experts, affiliated companies and committees and control instances);
- if you have given us your consent to the transfer to third parties.
We will not pass on your data to third parties beyond this, unless we inform you separately. If we commission service providers within the scope of order processing, your data there is subject to the security standards specified by us in order to adequately protect your data. In the remaining cases, the recipients may only use the data for the purposes for which it was transmitted to them.
5. Duration of storage of your data
In principle, we process and store your data for the duration of your application. This also includes the initiation of a contract (pre-contractual legal relationship).
In addition, we are subject to various retention and documentation obligations, which arise, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The retention or documentation periods specified there are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship. Electronic data will be deleted accordingly after six months. Should we want to store your data for longer for later vacancies or you have placed your data in an applicant pool, the data will be deleted at later points in time; details on this will be communicated to you in connection with the respective process.
If the data is no longer required for the fulfillment of contractual or legal obligations and rights, it will be deleted regularly, unless its – temporary – further processing is necessary for the fulfillment of the purposes listed under section 2.2 due to an overriding legitimate interest of our company. Such an overriding legitimate interest exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special nature of the storage. In these cases, we may also store your data after the end of our contractual relationship for a period agreed with the purposes and, if necessary, use it to a limited extent. In principle, in these cases, a restriction of processing takes the place of deletion. In other words, the data is blocked against the otherwise usual use by appropriate measures.
6. Processing of your data in a third country or by an international organization
A data transfer to bodies in countries outside the European Economic Area EU/EEA (so-called third countries) takes place when it should be necessary for the execution of a contractual obligation to you (e.g. application for a position abroad), or it is in the context of a legitimate interest of us or a third party or you have given us your consent.
The processing of your data in a third country may also take place in connection with the involvement of service providers within the scope of order processing. If there should be no decision by the EU Commission on an adequate level of data protection existing there for the country concerned or for specific sectors in a third country, corresponding contracts (such as EU standard contracts) and additional measures can be used as a basis for the transfer. Information on the suitable or appropriate guarantees and on the possibility of obtaining a copy from you can be requested from the company data protection officer.
7. Your data protection rights
Under certain conditions, you can assert your data protection rights against us.
Every data subject has the right to information according to Art. 15 DS-GVO, the right to rectification according to Art. 16 DS-GVO, the right to erasure according to Art. 17 DS-GVO, the right to restriction of processing according to Art. 18 DS-GVO and the right to data portability from Art. 20 DS-GVO. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DS-GVO i.V.m. § 19 BDSG).
Your requests regarding the exercise of your rights should, if possible, be addressed in writing to the address given above or directly to our data protection officer.
8. Extent of your obligations to provide us with your data
You only need to provide the data that is required for the processing of your application or for a pre-contractual relationship with us or for the collection of which we are legally obliged. Without this data, we will generally not be able to continue the application and selection process. If we ask you for data beyond this, you will be informed separately about the voluntary nature of the information.
9. Existence of automated individual decision-making (including profiling)
We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. Should we nevertheless use such a procedure in individual cases in the future, we will inform you about this separately, provided that this is required by law.
Information about your right to object Art. 21 GDPR
- You have the right to object at any time to the processing of your data, which takes place on the basis of Art. 6 Para. 1 f GDPR (data processing on the basis of a balance of interests) or Art. 6 Para. 1 e GDPR (data processing in the public interest). However, this requires that there are reasons for your objection that arise from your particular personal situation. This also applies to profiling within the meaning of Art. 4 No. 4 GDPR based on this provision.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You can of course withdraw your application at any time.
- There are no plans to use your personal data for direct marketing purposes. Nevertheless, we must inform you that you have the right to object to advertising at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will respect this objection for the future.
The objection can be made informally and should be addressed to
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
Phone: 07131 1226 500
datenschutz@dataglobal.com
Our information on data protection regarding our data processing in accordance with Articles (Art.) 13, 14 and 21 GDPR may change from time to time.