We are responsible in the sense of Art. 4 General Data Protection Regulation (GDPR). The terms used in this data protection declaration correspond to Art. 4 GDPR.
Name and address of the person responsible for the processing under the GDPR
(hereinafter also referred to as "we" or "us”)
Types of data processed
Personal master data (e.g. name, address)
Contact data (e.g. e-mail, telephone numbers)
Content data (e.g. text input, photographs, videos)
Usage data (e.g. websites visited, interest in content, access times, duration of content usage)
Meta/communication data (e.g. device information, IP addresses, userID)
Vehicle data (vehicle model, vehicle brand, vehicle identification number, vehicle position, sensor data)
Authentication Keys for secure data transmission between devices
Payment information (e.g. bank details, credit card details)
Anonymous Log data (e.g. Error and Crash Logs)
Purpose of processing
Provision of the online service, its functions and contents
Answer contact requests and communicate with users
Technical security measures
Fulfill contractual obligation towards our partners (e.g. revenue share)
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock symbol in the browser line.
Deletion of data
The data processed by us will be deleted in accordance with the statutory provisions or their processing restricted. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer required for the intended purpose and there are no legal retention obligations.
If the data is not deleted because it is needed for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for economic or tax reasons.
Collection of access data and log files (server log files)
We store data based on our legitimate interests within the sense of Art. 6 Para. 1 S. 1 lit. f. GDPR for the purpose of ensuring trouble-free operation as well as the improvement of our offer, i.e. the improvement, stability, functionality and security of our online service, about every access to the server on which this service is located, so-called server logs. The access data includes the
name of the accessed website, file,
date and time of access,
volume of data transferred,
message about successful access,
browser type and version,
operating system of the user,
referrer URL (the previously visited page),
IP address and the requesting provider,
anonymized error and crash logs (e.g. stack traces).
This serves to protect our legitimate interests in the correct presentation of our offer which outweighs your interest in such data. Log information is stored for a maximum of seven (7) days for security reasons (e.g. to clarify abuse or fraud actions) and then deleted. Data, the further storage of which is necessary for evidence purposes, will not be deleted until the respective incident has been finally clarified. The data shall not be merged with other data sources.
Signup and log in with Auth0
Using single sign-on (SSO), you can register with Auth0. The provider of this service is Auth0, Inc, 10800 NE 8th St, Suite 700 Bellevue, WA 98004, USA ("Auth0").
If you choose to register with Auth0 and click on the register button, your data required for registration will be transferred to Auth0's servers, which may also be operated in the USA.
This data is mainly: e-mail addresses, hashed passwords, phone numbers and IP addresses.
We have concluded a so-called "Data Processing Agreement" with Auth0, in which we oblige Auth0 to protect the data of our customers, not to pass it on to third parties and, in the event of a transfer of personal data to the USA, to comply with the regulations of the standard data protection clauses in accordance with Art. 46 GDPR.
Webshop & App
Data processing for contract management
For the purpose of shipping, we will pass on your name and address to our respective shipping partner for the purpose of sending you the goods you ordered. The legal basis for this is the fulfillment of a contractual obligation pursuant to Art. 6 para. 1 lit. b GDPR.
When you download our app, certain personal data required for this purpose will be transmitted to the corresponding app store (e.g. Apple App Store,Google Play Store or Viveport). In particular, the email address, username, customer number of the downloading account, the individual device identification number, payment information and the time of the download will be transmitted to the App Store. We have no influence on the collection and processing of this data; rather, it is carried out exclusively by the App Store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store.
When you use our app, we also process your data in order to offer you a special experience using our VR glasses. For this purpose, we process your vehicle data, such as vehicle model, vehicle identification number, software authentication key and the live data of your vehicle. The live data includes the vehicle position and sensor data (acceleration, turning rates, speed of the vehicle) while you are using the application. In addition, we process your user behavior in the app.
The legal basis for the processing of the vehicle data is the usage contract concluded with you pursuant to Art. 6 (1) lit. b GDPR , as we would otherwise not be able to adapt the game experience to your specific vehicle. We base the processing of your position data on the consent you have given us pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time. In that case, we may unfortunately no longer be able to offer you our service.
We delete the data about your vehicle as well as data from vehicle-side requests for map data (requested map tile) after 90 days after deleting your customer account. We do not collect or store exact location data.
We also process device information to technically enable the operation of the app. Access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of the retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, crash of the app, browser type and operating system. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The data will be deleted at the latest after 90 days after deletion of your customer account.
In the case of in-app purchases, we receive the information about the purchase made in pseudonymized form for the purpose of improving our offer. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR, which outweighs your interest in the context of the balancing of interests.
As part of our app, we use the service HubSpot. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others:
Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:
Information about how often the application is used
Mobile apps data
HubSpot subscription service credentials
Files displayed on site
Operating system version
Internet service provider
Duration of the visit
Where the application was downloaded from
Events that occur within the application
Device model and version
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the stated data, you can refuse your consent or revoke it at any time with effect for the future.
The personal data are kept for as long as they are necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to meet the purpose.
In the course of processing via HubSpot, data may be transferred to the USA. Therefore, we have concluded standard data protection clauses for the transfer of data.
Data processing for payment processing
When processing payments in our online store, we work with these partners:
technical service providers,
payment service providers.
If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our order processors for the purpose of fraud prevention and optimization of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) p. 1 lit. f GDPR, this serves to protect our legitimate interests in our protection against fraud or inefficient payment management, which outweigh our interests in the context of a balancing of interests.
In the context of customer communication, we collect personal data for the processing of your inquiries pursuant to Art. 6 para. 1 p. 1 lit. b GDPR if your inquiry relates to an existing contract with us or pursuant to Art. 6 para. 1 p. 1 lit. f GDPR with regard to all other inquiries if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, since in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After complete processing of your request, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this notice.
Newsletter and advertising
With the following information we inform you about the processing of your personal data for our newsletter, the registration, dispatch and statistical evaluation procedures as well as the processing of your personal data for other electronic or telephonic marketing activities (i.e. to receive our demo version) and your respective rights of objection. By subscribing to our newsletter and/or other electronic or telephonic marketing activities, you consent to the receiving communication and to the procedures described.
Content of the newsletter
We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletters") and make marketing related phone calls only with the consent of the recipient or other legal permission.
Insofar as the contents of the newsletter and other electronic or telephonic marketing activities are expressly described during registration, they are decisive for the user's consent. In addition, our newsletters and other electronic or telephonic marketing activities contain information about our services and ourselves.
Double-Opt-In and Log-In
The registration to our newsletter takes place in a so-called double-opt-in procedure. To do this, you must first enter your e-mail address on our online service. After registration you will receive an e-mail asking you to confirm your registration (verification). This confirmation is necessary so that nobody can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Likewise, the changes of your data stored with the dispatch service provider are logged.
To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name in the newsletter in order to address you personally. However, this information is voluntary.
If you want to be contacted to receive more information on our demo version, we ask you to enter your name and last name, your e-mail address as well as your company, your company’s industry and your phone number.
The data provided will be processed exclusively on the basis of your consent (Art. 6 para. 1 p. 1 lit. a GDPR). The same applies to the dispatch of the newsletter and the associated performance measurement.
Revocation and objection
You can unsubscribe from our newsletter and any other electronic or telephonic marketing activities at any time, i.e. revoke your consent. At the end of each newsletter you will find a link to unsubscribe. You can also withdraw your consent by sending us an informal e-mail or by informing our employees. Due to our legitimate interests, we may store unsubscribed e-mail addresses for up to three years before deleting them in order to prove prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the earlier existence of consent is confirmed at the same time.
You may object to the receipt of direct mail and data processing for this purpose at any time without stating reasons (Art. 21 para. 2 GDPR).
Hosting and e-mailing
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services that we use to operate this online service.
The hosting providers we use process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online service on our behalf. We have concluded an order processing agreement with the providers who act on our instructions. If we use service providers from a third country for which no adequacy decision exists, we conclude standard data protection clauses with them for the transfer and processing of your data.
The processing of the data is mandatory for the provision of our online service. You may object to the processing for reasons arising from your particular situation pursuant to Art. 21 para. 1 GDPR.
Collection of other data on our website
We use Segment, a product by Twilio Ireland Limited, a company registered in the Republic of Ireland, whose registered address is 25-28 North Wall Quay, Dublin 1 (“Twilio”), to manage our customer data in one safe place. Segment allows us to manage our data flow and forward personal data on our behalf to other data processors. In detail, we use two application programming interfaces (API’s), the page API and the identify API by Segment. Page API helps us understand which page of our website you are on. Identify API helps us to store the data you have entered in our contact form.
The implementation of the Segment Page API does not require any transfer of personal data to Twilio since any data transferred has been anonymized by us beforehand.
We use the Segment identify call for our contact forms and therefore transfer the information that you provided to Twilio (i.e. email, first name, last name and optionally your phone number).
While we use Segment, we process personal data of customers on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 p. 1 lit. f GDPR in conjunction with Art. 28 Para. 3 GDPR (data processing). This means that Twilio processes our customers’ data only on our behalf and on our instruction and in accordance with the data processing agreement that we have concluded with Twilio. It is possible that your data will be transferred to a Twilio entity in the USA. In this case, we have concluded Standard Contractual Clauses by the European Commission with Twilio.
Cookies are small files that are stored on the user's computer. Various data can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted after a user has left an online service and closed his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. Cookies are referred to as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. In such a cookie, the interests of the user can also be stored, which are used for range measurement or marketing purposes. "Third party cookies" are cookies offered by providers other than the responsible person who operates the online service (otherwise, only their cookies are referred to as "first party cookies").
If the user does not wish cookies to be stored on his computer, he is asked to deactivate the corresponding option in his browser settings. Stored cookies can be deleted in the browser settings. The exclusion of cookies can lead to functional restrictions of this online service.
Our legitimate interest in processing this data is to improve the functionality of our online offer (Art. 6 para. 1 p. 1 lit. f GDPR).
The legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) No. 2 TTDSG.
We use the consent management service Usercentrics, of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This enables us to obtain and manage the consent of website users for data processing. The processing is necessary to comply with a legal obligation (Art. 7 para. 1 GDPR) to which we are subject (Art. 6 para. 1 p. 1 lit. c GDPR). The following data is processed for this purpose:
Date and time of access
URL of the visited page
The functionality of the website is not guaranteed without the processing.
Usercentrics is a recipient of your personal data and acts as a processor for us.
The processing takes place in the European Union. For more information on how to object to and remove your data from Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.
The data will be deleted after 3 years.
Please refer to our general explanations about deleting and deactivating cookies.
Google Tag Manager
On this website, we use the service "Google Tag Manager". The Tag Manager is a tool for managing so-called tags, which are used for tracking in online marketing. The Tag Manager itself does not process any personal data, as it is purely for the administration of other services, e.g. Google Analytics, etc. You can find more information about the Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html
If you consent to its use (Art. 6 para. 1 lit. (a) GDPR), we use functions of the web analysis service Google Analytics of Google LLC ("Google"). If you do not consent, we will not allow Google Analytics cookies. You can prevent Google Analytics from collecting your data by not consenting to the use of Google Analytics cookies in the banner shown upon first accessing our website.
Google uses "cookies", which are small text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about the use of the online service by the user is usually transferred to a Google server in the USA and stored there.
Google will use this information on our behalf for the purpose of evaluating users' use of our online services, compiling reports on activities within the online service and providing other services relating to the use of the online service and the internet. From the processed data, pseudonymized user profiles of the users can be created.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google in the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there.
The personal data of the users will be deleted or anonymized after 14 months, as far as there is no storage obligation.
Our online service uses the "demographic features" function of Google Analytics. It can be used to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from visitor data from third parties. It is not possible to assign the data to a specific person. You can deactivate this function at any time. This is possible via the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics.
If you consent to its use (§ 25 para. 1 TTDSG, Art. 6 para. 1 lit. a GDPR), we use functions of Meta pixel by Meta Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you do not consent, we will not allow Meta pixel cookies. You can prevent Meta pixel from collecting your data by not agreeing to the use of Meta pixel cookies in the banner that is displayed when you first access our website. You can withdraw your consent to the use of Meta Pixel at any time.
The functions of Meta pixel allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad (“Conversion-Tracking”). This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The following data may be collected:
Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
Specific pixel information such as the pixel ID and the Meta cookie
Information about buttons clicked by visitors to the website
Information on the status of disabling/restricting ad tracking
Information present in the HTTP header such as IP-addresses, web browser information, page location and referrer
advertising IDs from devices.
The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta Ireland so that a connection to the respective user profile on Facebook is possible and Meta can use the data for its own advertising purposes in accordance with the Meta data usage policy. This enables Meta to display advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Meta server in the USA and stored there. There is no comparable data protection law in the USA as in the EU.
This collection and transfer of event data is carried out by us and Meta Ireland as joint controllers. We have entered into a joint controller agreement with Meta Ireland which sets out the allocation of data protection obligations between us and Meta Ireland. In this agreement, we and Meta Ireland have agreed, among other things, that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data and that Meta Ireland is responsible for enabling data subjects' rights under Articles 15 to 20 GDPR in respect of personal data held by Meta Ireland following the joint processing.
You can access the agreement concluded between us and Meta Ireland here.
Meta Ireland also uses Event Data to report on the impact of our advertising campaigns and other online content and to provide analysis and insights about users and their use of our website, products and services. We transfer personal data contained in the Event Data to Meta Ireland for this purpose. The personal data transferred is processed by Facebook Ireland as our processor.
Personal data will only be processed to create reports and analyses if you have given your prior consent. The legal basis for this processing of personal data is therefore Art. 6 (1) a GDPR.
A transfer of data to Meta Inc. in the USA is possible. There is no equivalent level of data protection in the USA as in the EU. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries.
For the integration and display of video content, our online service uses plugins from YouTube. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When a page with an integrated YouTube plug-in is opened, the iFrame 2-Click-Solution will allow you to consent to the establishment of a connection to the YouTube servers before the video is played. In case you give your consent, the connection to the YouTube servers will tell YouTube which of our pages you have accessed. If you do not consent, no connection will be established, however, the video can also not be played.
YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.
YouTube is used in the interest of an appealing presentation of our online services and for marketing purposes. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 s. 1 lit. f GDPR.
Details on the handling of user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.
Within our online service functions and contents of the service GitHub can be integrated (provider: GitHub, Inc. 88 Colin P Kelly Jr St, San Francisco, CA 94107, United States).
Our website is hosted by Vercel Inc. ("Vercel"). The personal data collected and provided by you when you visit our website (see above) is processed by Vercel as a hosting provider. Vercel will only share your personal data with third parties that provide a particular service on Vercel’s behalf, for business transfers / transactions or to comply with the law or a valid and binding order of a government.
Your personal data will be used by Vercel to provide services to you and to continuously improve the quality of the website and services, to improve website and service usage, to evaluate service levels, to monitor traffic patterns and to measure the popularity of different service options.
We use a content management system (CMS) by Storyblok GmbH to manage and publish web content. Thereby, Storyblok processes personal data on our behalf and with our authorization, such as your IP address. We therefore concluded a data processing agreement according to article 28 GDPR with Storyblok in which Storyblok undertakes to implement adequate technical and organizational measures in order to protect your data.
We use HR software services by Personio GmbH (“Personio”) to simplify our recruiting process. Thereby, Personio processes personal data of applicants on our behalf and with our authorization. We therefore concluded a data processing agreement according to article 28 GDPR with Personio in which Personio undertakes to implement adequate technical and organizational measures in order to protect applicant data. In addition, according to its own information, Personio meets all requirements of the GDPR and not only its software but its entire organization is compliant with GDPR.
In addition, your data is also processed for us with the help of other third-party providers of various online services. However, this is governed exclusively by data processing on behalf and the processing is carried out in accordance with instructions, so that we always retain responsibility for the processing. Processors from a third country outside the European Economic Area are only granted access to personal data if these third countries offer an adequate level of protection in connection with an adequacy decision of the EU Commission or if we have agreed with these service providers on suitable guarantees (so-called standard contractual clauses pursuant to Art. 46 GDPR) or recognized binding internal data protection rules pursuant to Art. 47 GDPR.
Insofar as we pass on, transmit or otherwise make available data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR).
Online presences in social media
We maintain online presences in social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.
We would like to point out that user data may be processed outside the European Union. This can entail risks for users, e.g. by making it more difficult to enforce user rights.
In addition, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms which are assumed to correspond to the interests of the users. For this purpose, cookies are usually stored on the user's computer in which the user's usage behavior and interests are stored. In addition, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged on to them).
The plug-ins integrated in our online service are identified by lettering and/or small symbols of the respective providers. By default the buttons are disabled, so that no contact with the servers of the providers is established. Only once you agree to communicate with the platform providers by clicking on the button a first time will such a connection be established. By clicking on the corresponding button a second time, you can then communicate directly with the provider of the plug-in. The provider will be informed that you have accessed his website via our online service. In addition, the data displayed under "Server Logs" are transmitted.
By clicking on the button the second time, your personal data is transmitted to the respective plug-in provider and processed on its servers. We would like to point out that we have no influence on the collected data and processing procedures and also have no knowledge of the concrete processing purposes, the scope of data processing and the storage periods. If you have a user account with the plug-in provider and are logged into this account, the data collected will be assigned to your account. The processing of the personal data of the users is carried out by the plug-in provider for the purposes of advertising, market research and/or optimization of the corresponding online services.
The use of the plug-ins on our online service is based on our legitimate interest in providing comprehensive information to users, communicating with users and for marketing purposes pursuant to Art. 6 Para. 1 s. 1 lit. f. GDPR. If the users are requested by the respective providers of the platforms to give their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 s. 1 lit. a., Art. 7 GDPR.
For a detailed description of the respective processing and the opt-out options, please refer to the following linked information of the providers. They are entitled to object to data processing for reasons arising from their particular situation pursuant to Art. 21 (1) GDPR.
We would also like to point out that the most effective way of asserting this right is to contact the provider in the case of requests for information and the assertion of rights of use. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.
The following plugins of social networks are included in our online service:
Facebook, Pages, Groups (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of a Joint Processing Agreement - Privacy Statement: https://www.facebook.com/about/privacy/, specifically for Pages: https://www.facebook.com/legal/terms/information_about_page_insights_data, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy Statement: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Statement / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
Data protection information in the application process
We process the applicant data only for the purpose and within the framework of the application procedure in accordance with the statutory provisions. The processing of the applicant data is carried out to fulfill our (pre-)contractual obligations within the framework of the application procedure in accordance with Art. 6 Para. 1 S. 1 lit. b. GDPR or pursuant to Art. 6 Para. 1 S. 1 lit. f. GDPR, if data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG additionally applies).
The application procedure requires that the applicants provide us with the applicant data. If we offer an online form, the necessary applicant data is marked, otherwise it results from the job descriptions and essentially includes personal data, postal and contact addresses as well as the documents belonging to the application such as covering letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.
By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope of this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed in the application process, they are also processed in accordance with Art. 9 (2) (b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).
Where available, applicants can submit their applications via an online form on our online site. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that applicants themselves must ensure that they are encrypted. Therefore, we cannot assume any responsibility for the transmission path of the application between sender and recipient on our server and therefore recommend the use of an online form or postal dispatch. Instead of applying via the online form and e-mail, applicants still have the option of sending their application by post.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, the applicant's data will be deleted if the application for a job offer is not successful. The applicant's data will also be deleted if an application to which the applicant is entitled at any time is withdrawn.
Subject to justified revocation by the applicant, the data will be deleted after six months so that we can answer all follow-up questions on the application and comply with our obligation to provide evidence under the Equal Treatment Act. Invoices for the reimbursement of travel expenses are archived in accordance with tax regulations.
No automated decision making (including profiling)
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
Rights of data subjects
Right of access
You have the right to request from us free confirmation of the processing of the data in question and to be informed of such data and to receive further information and a copy of the data in accordance with the provisions of the law. The subject of the information is the stored personal data themselves, the origin of the data, their recipients and the purpose of the data processing (cf. Art. 15 GDPR).
Right of rectification
You have the right, in accordance with the law, to ask us, the data controller, to complete the data concerning you or to rectify the false data concerning you (cf. art. 16 DSGVO).
Right to deletion or blocking
In accordance with the statutory provisions, you have the right to demand from us as the responsible party the immediate deletion of the data concerned or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions (cf. Art. 17, 18 DSGVO).
Right to data transfer
You have the right to demand from us that we hand over to you or pass on to third parties the data concerning you which you have made available to us in accordance with the statutory provisions (cf. Art. 20 GDPR). Direct transfer to another responsible party is subject to technical feasibility.
Right to complain to the competent supervisory authority
You also have the right to file a complaint with the competent supervisory authority in accordance with the statutory provisions (cf. Art. 77 GDPR). You can find the contact details of the supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right of withdrawal
You have the right to revoke your consent with effect for the future (cf. Art. 7 GDPR). Some data processing operations are only permitted with your express consent. You can object to the future processing of the data concerning you at any time within the framework of the statutory provisions. An informal e-mail notification sent to us is sufficient for this purpose. The revocation only applies to the future, and therefore does not affect the legality based on the prior consent of data processing already carried out.
Right of objection
Pursuant to Art. 21 Para. 1 GDPR, you are generally entitled to object at any time for reasons arising from your particular situation. The objection must be addressed to us.
The objection may also be raised pursuant to Art. 21 Para. 2 GDPR, in particular against processing for the purpose of direct marketing. After your objection, the data will no longer be processed for the purpose of direct marketing.
Changes and Updates to the Privacy Statement
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
holoride GmbH, edited: 02/28/2023