Privacy Policy

This privacy policy serves to explain the type, scope and purpose of the processing of personal data (hereinafter referred to as 'data') within the framework of our online service, www.holoride.com, and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter jointly referred to as 'online service').

We are responsible in the sense of Art. 4 General Data Protection Regulation (GDPR). The terms used in this data protection declaration correspond to Art. 4 GDPR.

Name and address of the person responsible for the processing under the GDPR

holoride GmbH
Schellingstrasse 45
80799 Munich

E-Mail: info@holoride.com

(hereinafter also referred to as "we" or "us”)

Types of data processed

  • Personal master data (e.g. name, address)

  • Contact data (e.g. e-mail, telephone numbers)

  • Content data (e.g. text input, photographs, videos)

  • Usage data (e.g. websites visited, interest in content, access times)

  • Meta/communication data (e.g. device information, IP addresses, userID)

  • Vehicle data (vehicle model, vehicle identification number, vehicle position, sensor data)

  • Payment information (e.g. bank details, credit card details)

Purpose of processing

  • Provision of the online service, its functions and contents

  • Answer contact requests and communicate with users

  • Technical security measures

  • Reach measurement/Marketing

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock symbol in the browser line.

Deletion of data

The data processed by us will be deleted in accordance with the statutory provisions or their processing restricted. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for the intended purpose and there are no legal retention obligations.

If the data is not deleted because it is needed for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for economic or tax reasons.

Collection of access data and log files (server log files)

We store data based on our legitimate interests within the sense of Art. 6 Para. 1 S. 1 lit. f. GDPR for the purpose of ensuring trouble-free operation as well as the improvement of our offer, i.e. the improvement, stability, functionality and security of our online service, about every access to the server on which this service is located so-called server log files. The access data includes the

  • name of the accessed website, file,

  • date and time of access,

  • volume of data transferred,

  • message about successful access,

  • browser type and version,

  • operating system of the user,

  • referrer URL (the previously visited page),

  • IP address and the requesting provider.

This serves to protect our legitimate interests in the correct presentation of our offer which outweighs your interest in such data. Logfile information is stored for a maximum of seven (7) days for security reasons (e.g. to clarify abuse or fraud actions) and then deleted. Data, the further storage of which is necessary for evidence purposes, will not be deleted until the respective incident has been finally clarified. The data shall not be merged with other data sources.

Sign up and log in with Auth0

Using single sign-on (SSO), you can register with Auth0. The provider of this service is Auth0, Inc, 10800 NE 8th St, Suite 700 Bellevue, WA 98004, USA ("Auth0").

If you choose to register with Auth0 and click on the register button, your data required for registration will be transferred to Auth0's servers, which may also be operated in the USA.

This data is mainly: e-mail addresses, hashed passwords, phone numbers and IP addresses.

This data is used to set up, provide and personalize your account as part of the provision of a contractual service. The legal basis for this is your consent (Art. 6 para. 1 p. 1 lit. a. GDPR). Your access data to the SSO service, on the other hand, will never be stored by us. The registration and use of Auth0 is subject to the Auth0 Privacy Policy and Terms of Use.

We have concluded a so-called "Data Processing Agreement" with Auth0, in which we oblige Auth0 to protect the data of our customers, not to pass it on to third parties and, in the event of a transfer of personal data to the USA, to comply with the regulations of the standard data protection clauses in accordance with Art. 46 GDPR.

Webshop & App

Data processing for contract management

For the purpose of contract processing (incl. inquiries about and processing of any existing warranty and performance claims as well as any statutory update obligations) in accordance with Art. 6 para. 1 p. 1 lit. b GDPR, we collect personal data if you provide it to us voluntarily in the context of your order. Mandatory fields are marked as such, because in these cases we need the data to process the contract and we cannot send the order without that information. Which data is collected can be seen from the respective input forms. Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of the retention periods under tax and commercial law in accordance with Art. 6 para. 1 p. 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

User account

Insofar as you have given your consent to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR by deciding to open a customer account (see above), we will use your data for the purpose of opening the customer account as well as for storing your data for further future orders on our website or app. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

Shipping processing

For the purpose of shipping, we will pass on your name and address to our respective shipping partner for the purpose of sending you the goods you ordered. The legal basis for this is the fulfillment of a contractual obligation pursuant to Art. 6 para. 1 lit. b GDPR.

App

When you download our app, certain personal data required for this purpose will be transmitted to the corresponding app store (e.g. Apple App Store or Google Play). In particular, the email address, username, customer number of the downloading account, the individual device identification number, payment information and the time of the download will be transmitted to the App Store. We have no influence on the collection and processing of this data; rather, it is carried out exclusively by the App Store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store.

When you use our app, we also process your data in order to offer you a special gaming experience using our VR glasses. For this purpose, we process your vehicle data, such as vehicle model, vehicle identification number, software authentication key and the live data of your vehicle. The live data includes the vehicle position and sensor data (acceleration, turning rates, speed of the vehicle) while you are using the application. In addtion, we process your user behavior in the app.

The legal basis for the processing of the vehicle data is the usage contract concluded with you pursuant to Art. 6 (1) lit. b GDPR , as we would otherwise not be able to adapt the game experience to your specific vehicle. We base the processing of your position data on the consent you have given us pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time. In that case, we may unfortunately no longer be able to offer you our service.

We delete the data about your vehicle as well as data from vehicle-side requests for map data (requested map tile) after 90 days after deleting your customer account. We do not collect or store exact location data.

We also process device information to technically enable the operation of the app. Access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of the retrieval, time zone the amount of data transferred and the message whether the data exchange was complete, crash of the app, browser type and operating system. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The data will be deleted at the latest after 90 days after deletion of your customer account.

In-App Purchases

When using our app, you can make purchases from various game providers. The processing of your data required for this is carried out by the respective provider. For more information, please read the respective provider's privacy policy.

In the case of in-app purchases, we receive the information about the purchase made in pseudonymized form for the purpose of improving our offer. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR, which outweighs your interest in the context of the balancing of interests.

HubSpot

As part of our app, we use the service HubSpot. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.

Our sign-up service allows visitors of our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors of our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.

More information about HubSpot's privacy policy can be found here: https://legal.hubspot.com/privacy-policy

As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:

  • Geographical position

  • Browser type

  • Navigation information

  • Reference URL

  • Performance data

  • Information about how often the application is used

  • Mobile apps data

  • HubSpot subscription service credentials

  • Files displayed on site

  • Domain names

  • Pages viewed

  • Aggregated usage

  • Operating system version

  • Internet service provider

  • IP address

  • Device identifier

  • Duration of the visit

  • Where the application was downloaded from

  • Operating system

  • Events that occur within the application

  • Access times

  • Clickstream data

  • Device model and version

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the stated data, you can refuse your consent or revoke it at any time with effect for the future.

The personal data are kept for as long as they are necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to meet the purpose.

In the course of processing via HubSpot, data may be transferred to the USA. Therefore, we have concluded standard data protection clauses for the transfer of data.

Data processing for payment processing

When processing payments in our online store, we work with these partners: technical service providers, credit institutions, payment service providers.

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves the fulfillment of the contract according to Art. 6 para. 1 p. 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies. If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.

If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our order processors for the purpose of fraud prevention and optimization of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) p. 1 lit. f GDPR, this serves to protect our legitimate interests in our protection against fraud or inefficient payment management, which outweigh our interests in the context of a balancing of interests.

Contact

In the context of customer communication, we collect personal data for the processing of your inquiries pursuant to Art. 6 para. 1 p. 1 lit. b GDPR if your inquiry relates to an existing contract with us or pursuant to Art. 6 para. 1 p. 1 lit. f GDPR with regard to all other inquiries if you voluntarily provide us with this data when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, since in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After complete processing of your request, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this notice.

Newsletter and advertising

With the following information we inform you about the processing of your personal data for our newsletter, the registration, dispatch and statistical evaluation procedures as well as the processing of your personal data for other electronic or telephonic marketing activities (i.e. to receive our demo version) and your respective rights of objection. By subscribing to our newsletter and/or other electronic or telephonic marketing activities, you consent to the receiving communication and to the procedures described.

Content of the newsletter

We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletters") and make marketing related phone calls only with the consent of the recipient or other legal permission.

Insofar as the contents of the newsletter and other electronic or telephonic marketing activities are expressly described during registration, they are decisive for the user's consent. In addition, our newsletters and other electronic or telephonic marketing activities contain information about our services and ourselves.

Double-Opt-In and Log-In

The registration to our newsletter takes place in a so-called double-opt-in procedure. To do this, you must first enter your e-mail address on our online service. After registration you will receive an e-mail asking you to confirm your registration (verification). This confirmation is necessary so that nobody can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Likewise, the changes of your data stored with the dispatch service provider are logged.

Registration data

To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name in the newsletter in order to address you personally. However, this information is voluntary.

If you want to be contacted to receive more information on our demo version, we ask you to enter your name and last name, your e-mail address as well as your company, your company’s industry and your phone number.

The data provided will be processed exclusively on the basis of your consent (Art. 6 para. 1 p. 1 lit. a GDPR). The same applies to the dispatch of the newsletter and the associated performance measurement.

Revocation and objection

You can unsubscribe from our newsletter and any other electronic or telephonic marketing activities at any time, i.e. revoke your consent. At the end of each newsletter you will find a link to unsubscribe. You can also withdraw your consent by sending us an informal e-mail or by informing our employees. Due to our legitimate interests, we may store unsubscribed e-mail addresses for up to three years before deleting them in order to prove prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the earlier existence of consent is confirmed at the same time.

You may object to the receipt of direct mail and data processing for this purpose at any time without stating reasons (Art. 21 para. 2 GDPR).

ActiveCampaign

The personal data processed for our electronic marketing activities is processed by the service "ActiveCampaign", a marketing and CRM platform of the US service provider ActiveCampaign LLC with its seat in Chicago, IL, USA. ActiveCampaign's privacy policy can be viewed here: https://www.activecampaign.com/legal/privacy-policy.

ActiveCampaign processes the data transmitted by you, i.e. your e-mail address and eventually your name and last name, your company, your company’s industry and your phone number, to send you our newsletter or to help us to manage your data via their CRM platform. In addition, the date and time of your registration will be stored. The storage of the data takes place with the registration to the newsletter receipt or other marketing activities on the servers of ActiveCampaign in the USA. Basis for the passing on of the data is the data processing agreement with ActiveCampaign according to art. 28 Para. 3 GDPR including standard contractual clauses by the European Commission to ensure a safe data transfer to the USA that you can find here: https://www.activecampaign.com/legal/dpa.

The newsletter sent by ActiveCampaign contains a so-called pixel-code, on the basis of which we can evaluate whether and when you have read our newsletter and whether you have followed any links available in the newsletter. This serves the evaluation and technical improvement of our newsletter service. The legal basis for this processing is Art. 6 Para. 1 s. 1 lit. f. GDPR. ActiveCampaign can use the recipient's data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for technical optimization of the dispatch and presentation of the newsletter or for statistical purposes. However, ActiveCampaign does not use the data of our newsletter recipients to write to them itself. ActiveCampaign deletes all data of our newsletter recipients upon our written request or when our agreement with ActiveCampain has ended unless a longer mandatory storage obligation applies to ActiveCampaign under the applicable law.

Hosting and e-mailing

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services that we use to operate this online service.

The hosting providers we use process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online service on our behalf. We have concluded an order processing agreement with the providers who act on our instructions. If we use service providers from a third country for which no adequacy decision exists, we conclude standard data protection clauses with them for the transfer and processing of your data.

The processing of the data is mandatory for the provision of our online service. You may object to the processing for reasons arising from your particular situation pursuant to Art. 21 para. 1 GDPR.

Collection of other data on our website

Segment

We use Segment, a product by Twilio Ireland Limited, a company registered in the Republic of Ireland, whose registered address is 25-28 North Wall Quay, Dublin 1 (“Twilio”), to manage our customer data in one safe place. Segment allows us to manage our data flow and forward personal data on our behalf to other data processors. In detail, we use two application programming interfaces (API’s), the page API and the identify API by Segment. Page API helps us understand which page of our website you are on. Identify API helps us to store the data you have entered in our contact form.

The implementation of the page API does not require any transfer of personal data to Twilio since any data transferred has been anonymized by us beforehand.

We use identify API for our contact forms and therefor transfer the information that you provided to Twilio (i.e. email, first name, last name and optionally your phone number).

While we use Segment, we process personal data of customers on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 p. 1 lit. f GDPR in conjunction with Art. 28 Para. 3 GDPR (data processing). This means that Twilio processes our customers’ data only on our behalf and on our instruction and in accordance with the data processing agreement that we have concluded with Twilio. It is possible that your data will be transferred to a Twilio entity in the USA. In this case, we have concluded Standard Contractual Clauses by the European Commission with Twilio.

Cookies

Cookies are small files that are stored on the user's computer. Various data can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted after a user has left an online service and closed his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. Cookies are referred to as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. In such a cookie, the interests of the user can also be stored, which are used for range measurement or marketing purposes. "Third party cookies" are cookies offered by providers other than the responsible person who operates the online service (otherwise, only their cookies are referred to as "first party cookies").

We may use temporary and permanent cookies and explain this in our Privacy Policy.

If the user does not wish cookies to be stored on his computer, he is asked to deactivate the corresponding option in his browser settings. Stored cookies can be deleted in the browser settings. The exclusion of cookies can lead to functional restrictions of this online service.

Our legitimate interest in processing this data lies in improving the functionality of our website (Art. 6 Para. 1 S. 1 lit. f GDPR).

The legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) No. 2 TTDSG.

Incidentally, we base the use of cookies on your express consent pursuant to Section 25 (1) TTDSG in conjunction with Article 6 (1) sentence 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies.

A general objection to the use of cookies for online marketing purposes can be made for a variety of services, in particular in the case of tracking, via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. In addition, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.

Usercentrics

We use the consent management service Usercentrics, of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This enables us to obtain and manage the consent of website users for data processing. The processing is necessary to comply with a legal obligation (Art. 7 para. 1GDPR) to which we are subject (Art. 6 para. 1 p. 1 lit. c GDPR). The following data is processed for this purpose:

Date and time of access Browser information Device information Geographic location Cookie preferences URL of the visited page

The functionality of the website is not guaranteed without the processing.

Usercentrics is a recipient of your personal data and acts as a processor for us.

The processing takes place in the European Union. For more information on how to object to and remove your data from Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.

The data will be deleted after 3 years.

Please refer to our general explanations about deleting and deactivating cookies.

Google Tag Manager

On this website we use the service "Google Tag Manager". The Tag Manager is a tool for managing so-called tags, which are used for tracking in online marketing. The Tag Manager itself does not process any personal data, as it is purely for the administration of other services, e.g. Google Analytics, etc. You can find more information about the Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html

Google Analytics

If you consent to its use (Art. 6 para. 1 lit. (a) GDPR), we use functions of the web analysis service Google Analytics of Google LLC ("Google"). If you do not consent, we will not allow Google Analytics cookies. You can prevent Google Analytics from collecting your data by not consenting to the use of Google Analytics cookies in the banner shown upon first accessing our website.

Google uses "cookies", which are small text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about the use of the online service by the user is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf for the purpose of evaluating users' use of our online services, compiling reports on activities within the online service and providing other services relating to the use of the online service and the internet. From the processed data, pseudonymized user profiles of the users can be created.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google in the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings in their browsers, they may refuse the collection of information by Google about the use of cookies and the processing of such information by Google by selecting the appropriate settings in their browsers, and they may refuse the use of cookies by selecting the appropriate settings in their browsers and downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information on Google's use of data and on setting and objection options, please refer to Google's privacy statement and Google's advertising preferences.

The personal data of the users will be deleted or anonymized after 14 months, as far as there is no storage obligation.

Our online service uses the "demographic features" function of Google Analytics. It can be used to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from visitor data from third parties. It is not possible to assign the data to a specific person. You can deactivate this function at any time. This is possible via the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics.

YouTube

For the integration and display of video content, our online service uses plugins from YouTube. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When a page with an integrated YouTube plug-in is opened, the iFrame 2-Click-Solution will allow you to consent to the establishment of a connection to the YouTube servers before the video is played. In case you give your consent, the connection to the YouTube servers will tell YouTube which of our pages you have accessed. If you do not consent, no connection will be established, however, the video can also not be played.

YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.

YouTube is used in the interest of an appealing presentation of our online services and for marketing purposes. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 s. 1 lit. f GDPR.

Details on the handling of user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.

GitHub

Within our online service functions and contents of the service GitHub can be integrated (provider: GitHub, Inc. 88 Colin P Kelly Jr St, San Francisco, CA 94107, United States).

GitHub's privacy policy can be found at https://help.github.com/articles/github-privacy-statement/.

Vercel

Our website is hosted by Vercel Inc. ("Vercel"). The personal data collected and provided by you when you visit our website (see above) is processed by Vercel as a hosting provider. Vercel will only share your personal data with third parties that provide a particular service on Vercel’s behalf, for business transfers / transactions or to comply with the law or a valid and binding order of a government.

Your personal data will be used by Vercel to provide services to you and to continuously improve the quality of the website and services, to improve website and service usage, to evaluate service levels, to monitor traffic patterns and to measure the popularity of different service options.

Vercel uses cookies to improve its service offerings and measure the popularity of service offerings.

Further information on Vercel's privacy policy can be found at https://vercel.com/legal/privacy-policy, https://vercel.com/legal/cookie-policy and https://vercel.com/legal/Vercel_Inc_-_Data_Processing_Addendum.pdf. A data processing agreement has been concluded with Vercel using the standard data protection clauses (Art. 46 para. 2 lit. c), para. 5 GDPR).

Storyblok

We use a content management system (CMS) by Storyblok GmbH to manage and publish web content. Thereby, Storyblok processes personal data on our behalf and with our authorization, such as your IP address. We therefore concluded a data processing agreement according to article 28 GDPR with Storyblok in which Storyblok undertakes to implement adequate technical and organizational measures in order to protect your data.

Further information on Storybloks’s privacy policy can be found at www.storyblok.com/privacy-policy and https://www.storyblok.com/legal/dpa.

Personio

We use HR software services by Personio GmbH (“Personio”) to simplify our recruiting process. Thereby, Personio processes personal data of applicants on our behalf and with our authorization. We therefore concluded a data processing agreement according to article 28 GDPR with Personio in which Personio undertakes to implement adequate technical and organizational measures in order to protect applicant data. In addition, according to its own information, Personio meets all requirements of the GDPR and not only its software but its entire organization is compliant with GDPR.

Further information on Personio’s privacy policy can be found at https://www.personio.de/datenschutz/.

Other receivers

In addition, your data is also processed for us with the help of other third-party providers of various online services. However, this is governed exclusively by data processing on behalf and the processing is carried out in accordance with instructions, so that we always retain responsibility for the processing. Processors from a third country outside the European Economic Area are only granted access to personal data if these third countries offer an adequate level of protection in connection with an adequacy decision of the EU Commission or if we have agreed with these service providers on suitable guarantees (so-called standard contractual clauses pursuant to Art. 46 GDPR) or recognized binding internal data protection rules pursuant to Art. 47 GDPR.

Insofar as we pass on, transmit or otherwise make available data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR).

Online presences in social media

We maintain online presences in social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.

We would like to point out that user data may be processed outside the European Union. This can entail risks for users, e.g. by making it more difficult to enforce user rights.

In addition, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms which are assumed to correspond to the interests of the users. For this purpose, cookies are usually stored on the user's computer in which the user's usage behavior and interests are stored. In addition, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged on to them).

The plug-ins integrated in our online service are identified by lettering and/or small symbols of the respective providers. By default the buttons are disabled, so that no contact with the servers of the providers is established. Only once you agree to communicate with the platform providers by clicking on the button a first time will such a connection be established. By clicking on the corresponding button a second time, you can then communicate directly with the provider of the plug-in. The provider will be informed that you have accessed his website via our online service. In addition, the data displayed under "Server Logfiles" are transmitted.

By clicking on the button the second time, your personal data is transmitted to the respective plug-in provider and processed on its servers. We would like to point out that we have no influence on the collected data and processing procedures and also have no knowledge of the concrete processing purposes, the scope of data processing and the storage periods. If you have a user account with the plug-in provider and are logged into this account, the data collected will be assigned to your account. The processing of the personal data of the users is carried out by the plug-in provider for the purposes of advertising, market research and/or optimization of the corresponding online services.

The use of the plug-ins on our online service is based on our legitimate interest in providing comprehensive information to users, communicating with users and for marketing purposes pursuant to Art. 6 Para. 1 s. 1 lit. f. GDPR. If the users are requested by the respective providers of the platforms to give their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 s. 1 lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the opt-out options, please refer to the following linked information of the providers. They are entitled to object to data processing for reasons arising from their particular situation pursuant to Art. 21 (1) GDPR.

We would also like to point out that the most effective way of asserting this right is to contact the provider in the case of requests for information and the assertion of rights of use. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

The following plugins of social networks are included in our online service:

Data protection information in the application process

We process the applicant data only for the purpose and within the framework of the application procedure in accordance with the statutory provisions. The processing of the applicant data is carried out to fulfill our (pre-)contractual obligations within the framework of the application procedure in accordance with Art. 6 Para. 1 S. 1 lit. b. GDPR or pursuant to Art. 6 Para. 1 S. 1 lit. f. GDPR, if data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG additionally applies).

The application procedure requires that the applicants provide us with the applicant data. If we offer an online form, the necessary applicant data is marked, otherwise it results from the job descriptions and essentially includes personal data, postal and contact addresses as well as the documents belonging to the application such as covering letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope of this data protection declaration.

Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed in the application process, they are also processed in accordance with Art. 9 (2) (b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).

Where available, applicants can submit their applications via an online form on our online site. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that applicants themselves must ensure that they are encrypted. Therefore, we cannot assume any responsibility for the transmission path of the application between sender and recipient on our server and therefore recommend the use of an online form or postal dispatch. Instead of applying via the online form and e-mail, applicants still have the option of sending their application by post.

In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, the applicant's data will be deleted if the application for a job offer is not successful. The applicant's data will also be deleted if an application to which the applicant is entitled at any time is withdrawn.

Subject to justified revocation by the applicant, the data will be deleted after six months so that we can answer all follow-up questions on the application and comply with our obligation to provide evidence under the Equal Treatment Act. Invoices for the reimbursement of travel expenses are archived in accordance with tax regulations.

No automated decision making (including profiling)

We do not intend to use any personal data collected from you for any automated decision making process (including profiling).

Rights of data subjects

Right of access

You have the right to request from us free confirmation of the processing of the data in question and to be informed of such data and to receive further information and a copy of the data in accordance with the provisions of the law. The subject of the information is the stored personal data themselves, the origin of the data, their recipients and the purpose of the data processing (cf. Art. 15 GDPR).

Right of rectification

You have the right, in accordance with the law, to ask us, the data controller, to complete the data concerning you or to rectify the false data concerning you (cf. art. 16 DSGVO).

Right to deletion or blocking

In accordance with the statutory provisions, you have the right to demand from us as the responsible party the immediate deletion of the data concerned or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions (cf. Art. 17, 18 DSGVO).

Right to data transfer

You have the right to demand from us that we hand over to you or pass on to third parties the data concerning you which you have made available to us in accordance with the statutory provisions (cf. Art. 20 GDPR). Direct transfer to another responsible party is subject to technical feasibility.

Right to complain to the competent supervisory authority

You also have the right to file a complaint with the competent supervisory authority in accordance with the statutory provisions (cf. Art. 77 GDPR). You can find the contact details of the supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Right of withdrawal

You have the right to revoke your consent with effect for the future (cf. Art. 7 GDPR). Some data processing operations are only permitted with your express consent. You can object to the future processing of the data concerning you at any time within the framework of the statutory provisions. An informal e-mail notification send to us is sufficient for this purpose. The revocation only applies to the future, and therefore does not affect the legality based on the prior consent of data processing already carried out.

Right of objection

Pursuant to Art. 21 Para. 1 GDPR, you are generally entitled to object at any time for reasons arising from your particular situation. The objection must be addressed to us.

The objection may also be raised pursuant to Art. 21 Para. 2 GDPR, in particular against processing for the purpose of direct marketing. After your objection, the data will no longer be processed for the purpose of direct marketing.

Changes and Updates to the Privacy Statement

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

________

holoride GmbH, edited: 02.11.2022