Privacy Notice

Updated April 2020

Table of contents

I. Controller’s name and address
II. Data Protection Officer’s contact details
III. General information on data processing
IV. Data subject’s rights
V. Provision of the platform and creation of log files
VI. Use of cookies
VII. Newsletter
VIII. Email contact
IX. Corporate presences
X. Use of corporate presences in career-oriented networks
XI. Hosting
XII. Used plugins
XIII. Online Training
XIV. Hotline

I. Controller’s name and address

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other provisions of data protection law is:

GET.ON Institut fuer Online Gesundheitstrainings GmbH
Rothenbaumchaussee 209
20149 Hamburg
Germany
+49 (0)40 / 532 528 67
kontakt@hellobetter.de
www.hellobetter.de

II. Data protection officer’s contact details

The controller’s Data Protection Officer is:

DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de

III. General information on data processing

1. Scope of the personal data processing

As a rule, we only process our users’ personal data to the extent necessary to provide a functioning website, our content and our services. The personal data of our users is normally processed only with user consent. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is required by statutory provisions.

2. Legal basis for the processing of personal data

If we obtain the data subject’s consent for processing personal data, Art. 6(1)(1)(a) EU General Data Protection Regulation (GDPR) is the legal basis.

For the processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(1)(b) GDPR is the legal basis. The same applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6(1) (1)(b) GDPR is the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6(1)(1)(d) GDPR.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the first-mentioned interests, then Art. 6(1)(1)(f) GDPR is the legal basis for processing.

3. Data deletion and storage period

The data subject’s personal data shall be erased or blocked once the purpose for storage no longer exists. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data is also blocked or erased when a storage period specified by the aforementioned laws expires, unless it is necessary to continue to store the data for conclusion or performance of a contract.

IV. Data subject’s rights

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you are entitled to the following rights with regard to the controller:

1. Right to information

You may obtain confirmation from the controller as to whether or not it is processing your personal data.
In the event of such processing, you may request the following information from the controller:

• the purposes for which personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipient to whom your personal data has been or will be disclosed;
• the planned storage duration of your personal data, if it is not possible to give specific details, criteria for determining the storage duration;
• the existence of a right to rectification or deletion of the data subject’s personal data, a right to restriction of processing by the controller or to of a right to objection to such processing;
• the existence of the right to appeal to a supervisory authority;
• where the personal data is not collected from the data subject, any available information as to their source;
• the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful data about the involved logic, scope and intended impact of such processing with regard to the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this relation, you may request to be informed of the appropriate guarantees in connection with the transfer pursuant to Art. 46 GDPR.

This right to information may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

2. Right to rectification

If your processed personal data is incorrect or incomplete, you have the right to ask the controller to correct and/or complete the data. The controller must make the correction without delay.

Your right to rectification may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

3. Right to restriction of processing

Under the following conditions, you may request that processing of your personal data is restricted:

• if you dispute the accuracy of your personal data for a period of time that allows the controller to verify the accuracy of the personal data;
• the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need this to assert, exercise or defend legal claims, or
• if you have lodged an objection against the processing pursuant to Art. 21(1) GDPR, and it has not yet been established whether the controller’s legitimate reasons outweigh yours.

Where – with the exception of its storage – the processing of your personal data has been restricted, such data may not be processed without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If the processing was restricted in accordance with the above conditions, the controller will inform you before the restriction is lifted.

Your right to restriction of processing may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

4. Right to deletion

a) Duty to delete

You may obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:

• Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• You revoke your consent to which the processing is subject pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR and no other legal basis for the processing exists.
• You object to the processing pursuant to Art. 21(1) GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
• Your personal data was processed unlawfully.
The deletion of your personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject.
Your personal data concerning was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested these controllers to delete any links to, or any copy or replication of, this personal data.

(c) Exceptions

The right to deletion does not exist if the processing is necessary

• for the exercise of freedom of expression and information;
• to fulfil a legal obligation which requires the processing under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the assertion, exercise or defence of legal claims.

5. Right to rectification

If you have exercised your right to rectify, delete or limit the processing of your personal data vis-à-vis the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, deletion or limitation, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed of such recipients.

6. Right to data portability

You have the right to receive your personal data that you provided to the controller in a common and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance by the controller to whom you provided the data, provided that

• the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(a) GDPR and
• the processing is carried out using automated procedures.

By exercising this right, you also have the right to ensure that your personal data is transmitted directly from one controller to another, if this is technically feasible. In doing so, the freedoms and rights of other persons may not be impaired.

The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6(1)(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller will no longer process your personal data unless it can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purposes of asserting, exercising or defending legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; this also includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the controller will no longer process your personal data for such purposes.

Notwithstanding Directive 2002/58/EC, you can also exercise your right of objection relating to the use of data society services by means of automated procedures that use technical specifications.

You also have the right to object, for reasons emanating from your particular situation, to the processing of your personal data for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89(1) GDPR. This right to object may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This shall not apply if the decision

• is necessary for the conclusion or fulfilment of a contract between you and the controller,
• is authorised by Union or national legislation to which the controller is subject, and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
• is made with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9(2) (a) or (b) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3) above, the controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, which include at least the right to obtain the intervention of any person from the side of the controller, to express your point of view and to challenge the decision.

10. Right to complain to a supervisory authority.

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, where your place of work is based or where the alleged infringement took place, if you consider that the processing of your personal data is in infringement of the GDPR.

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.

V. Provision of the platform and creation of log files

1. Description and scope of the data processing

Whenever our website is requested, our system automatically collects data and information from the computer system of the requesting computer.

The following data is collected in this regard:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites that are requested by the user’s system via our website

This data is not stored in our system’s log files. This data is not stored together with the user’s other personal data.

2. Purpose of the data processing

Temporary storage of the IP address in the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.

The storage of data in log files serves to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6(1)(1)(f) GDPR.

3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(1)(f) GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. If data is collected to aid provision of the website, this is the carried out when the relevant session has ended.

If the data is stored in log files, this is carried out after seven days at the latest. It is possible that data may be stored beyond this time. In this case, the users’ IP addresses are deleted or distorted to ensure that assignment to the calling client is no longer possible.

5. Objection and removal option

The collection of data to provide the website and the storage of data in log files are essential for operation of the website. Accordingly, the user has no option to object.

VI. Use of cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are small text files that are stored in an internet browser or that an internet browser stores on the user’s computer. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser can also be identified after changing the page.

The following data is stored and transmitted in the cookies:

  • Log-in information


We also use cookies on our website, which enable us to analyse the surfing behaviour of our users.

The following data can be transmitted in this way:

  • Frequency of page views
  • Use of website functions


The user data collected in this way is pseudonymised by technical means. Therefore, it is no longer possible to assign the data to the visiting user. The data is not stored together with other personal data of users.

2. Purpose of the data processing

Technically necessary cookies are used to help simplify the use of websites for users. It may not be possible to offer some features of our website without the use of cookies. It is necessary for these that the browser is recognised even after a page change.

We require cookies for the following applications:

  • Transfer of language settings
  • Security


The user data collected via technically necessary cookies is not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its contents. Analysis cookies help us to learn how the website is used, which enables us to consistently improve our offers.

To optimise user-friendliness and improve the range of services (statistical and marketing purposes)

3. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6(1)(1)(f) GDPR.

The legal basis for the processing of personal data using these technically necessary cookies is Art. 6(1)(1)(f) GDPR.

4. Duration of storage, option to object and possibility of removal

Cookies are stored on the user’s computer and are transmitted to our site by the user. Therefore, as a user you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may be the case that some website features will no longer be usable to the full extent.

If you use version 12.1 or later of the Safari browser, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

VII. Newsletter

I agree that HelloBetter – GET.ON Institut für Online-Gesundheitstrainings GmbH, Rothenbaumchaussee 209, 20149 Hamburg, Germany, will send me company information and offers regularly by e-mail. I agree to the processing of my data as described in more detail in the Privacy Policy and have read and understood the Terms of Use and Privacy Policy. You can unsubscribe at any time by simply clicking on the unsubscribe link contained in every e-mail. Until you cancel, we may use your data lawfully.

1. Description and scope of the data processing

Our website offers the possibility to subscribe to free newsletters. When registering for the newsletter, the data from the input mask is transmitted to us.

  • Email address
    • Date and time of the registration

The data is not transferred to third parties in connection with the data processing for the dispatch of newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of the data processing

The user’s email address is collected in order to deliver the newsletter.

The collection of other personal data within the registration process serves to prevent misuse of the services or the used email address.

3. Legal basis for data processing

If the user has given their consent, the legal basis for the processing of data after the user’s registration for the newsletter is Art. 6(1)(1)(a) GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. The user’s email address is therefore stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

5. Objection and removal option

The subscription to the newsletter can be cancelled by the user in question at any time. There is a corresponding link in every newsletter for this purpose.

This also enables revocation of the consent to store personal data collected during the registration process.

VIII. Email contact

1. Description and scope of the data processing

On our website, it is possible to contact us via the provided email address. In this case, the user’s personal data that is transmitted with the email is stored.
The data is used solely for processing the conversation.

2. Purpose of the data processing

When contacting us by email, this is also the necessary legitimate interest in processing the data.

3. Legal basis for data processing

If the user has given their consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.
The legal basis for the processing of data that is transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If you contact us via email with the intention of concluding a contract with the company, the additional legal basis for the processing is Art. 6 (1) lit. f GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. For personal data that was sent via email, this is then the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been successfully resolved.

Personal data additionally collected during the sending operation is erased after not more than seven days.

5. Objection and removal option

The user may at any time revoke their consent to the processing of personal data. If the user contacts us by email, they may at any time object to the storage of their personal data. In such a case, the conversation may not be continued.
Users can send an email to support@hellobetter.de

In such a case, all personal data that was stored in the course of making contact is deleted.
Users can send an email to support@hellobetter.de

IX. Corporate presences

Use of corporate presences in career-oriented networks

Instagram:

Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

Our corporate presence provides information and offers Instagram users the possibility to communicate- If you carry out an action on our corporate presence on Instagram (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal by Instagram as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.

Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

providing information about HelloBetter offers, exchange with potential users and employer branding

Publications on the corporate presences may contain the following content:

  • Information about products
  • Information about services
  • Advertising
  • Customer contact
  • Job advertisements


Every user is free to publish personal data via activities.

The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

Instagram has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Instagram undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence on Instagram and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to support@hellobetter.de. For more information on how Instagram processes your personal data and how to opt-out, please click here:

Instagram: https://help.instagram.com/519522125107875

Pinterest:

Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

On our company website, we provide information and offer Pinterest users the possibility to communicate with us. If you carry out an action on our corporate presence on Pinterest (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal by Pinterest as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.

Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

providing information about HelloBetter offers, exchange with potential users and employer branding

Publications on the corporate presences may contain the following content:

  • Information about products
  • Information about services
  • Advertising
  • Customer contact
  • Job advertisements


Every user is free to publish personal data via activities.

The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

Pinterest has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Pinterest undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

You can at any time object to the processing of your personal data that we collect in the course of your use of our corporate presence on Pinterest and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to support@hellobetter.de. For more information on how your personal data is processed by Pinterest and how to opt-out, please click here:

Pinterest https://policy.pinterest.com/en/privacy-policy

Twitter

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

On our company website, we provide information and offer Twitter users the possibility to communicate with us. If you carry out an action on our corporate presence on Twitter (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal data by Twitter as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.

Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

providing information about HelloBetter offers, exchange with potential users and employer branding

Publications on the corporate presences may contain the following content:

  • Information about products
  • Information about services
  • Advertising
  • Customer contact
  • Job advertisements


Every user is free to publish personal data via activities.

The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

Twitter has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Twitter undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence on Twitter and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to support@hellobetter.de. For more information on how your personal data is processed by Twitter and how to opt-out, please click here:

Twitter: https://twitter.com/en/privacy

YouTube:

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

On our company website, we provide information and offer YouTube users the possibility to communicate with us. If you carry out an action on our corporate presence on YouTube (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal by YouTube as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.

Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

providing information about HelloBetter offers, exchange with potential users and employer branding

Publications on the corporate presences may contain the following content:

  • Information about products
  • Information about services
  • Advertising
  • Customer contact
  • Job advertisements


Every user is free to publish personal data via activities.

The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

YouTube has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, YouTube undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence on YouTube and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to support@hellobetter.de. For more information on how your personal data is processed by YouTube and how to opt-out, please click here:

YouTube: https://policies.google.com/privacy?gl=DE&hl=de

X. Use of corporate presences in career-oriented networks

1. Scope of the data processing

We use the possibility to host corporate presences on job-oriented networks. We maintain a corporate presence on the following job-oriented networks:
LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
XING:
XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland

On our website, we provide information and offer users the possibility to communicate with us.
The corporate presence is used for applications, information/PR and active sourcing.
We do not hold any information on the processing of your personal data by the companies jointly responsible for the corporate presence. You can find further information on this in the Privacy Policy of:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XING:
https://privacy.xing.com/en

If you carry out an action on our corporate presence (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public.

2. Legal basis for data processing

The legal basis for processing your data in connection with the use of our corporate presence is Art.6(1)(1)(f) GDPR.

3. Purpose of the data processing

Our corporate presence serves to inform users about our services. When doing so, every user is free to publish personal data via activities.

4. Duration of storage

We will store your activities and personal data published via our corporate presence until you revoke your consent. In addition, we comply with the statutory retention periods.

5. Objection and removal option

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence and assert your rights as a data subject as set out in IV. of this Privacy Policy. To do so, please send us an informal email to the email address stated in this data protection declaration.

In addition, LinkedIn has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, LinkedIn undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

You can find further information on objection and removal options here:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XING:
https://privacy.xing.com/en

XI. Hosting

The platform is hosted on servers by a service provider we have commissioned.
Our service provider is:

Telekom Cloud

The servers automatically collect and store information in server log files, which your browser automatically transmits when you visit the platform. The stored information comprises:

• Browser type and browser version
• Operating system in use
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not combined with other data sources. This data is collected based on Art. 6(1)(f) GDPR. The platform operator has a legitimate interest in the technically error-free display and optimisation of its platform: the server log files must be recorded for this purpose.

The platform’s server is geographically located in Germany.

XII. Used plugins

We use plugins for various purposes. The plugins used are listed below:

Use of Facebook Pixel

1. Scope of the personal data processing

On our online presence, we use the Facebook Pixel from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA and its representatives in the Union Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal H, D2 Dublin, Ireland (hereinafter referred to as Facebook). It allows us to track users’ actions after they have seen or clicked a Facebook ad. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). This allows us to track the effectiveness of Facebook advertising for statistical and market research purposes.

This can involve transferring data to Facebook’s servers in the USA. Facebook has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Facebook undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

The data collected in this way is anonymous for us: in other words, we do not see individual users’ personal data. However, this data is stored and processed by Facebook. According to Facebook’s data usage policy, Facebook can associate this data with your Facebook account and also use it for its own advertising purposes.

Further information about Facebook’s data processing can be found here:
https://www.facebook.com/policy.php

2. Purpose of the data processing

The Facebook Pixel is used to analyse and optimise advertising measures.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Facebook from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

Information on objection and removal options vis-à-vis Facebook can be found at:
https://www.facebook.com/policy.php

Use of Google Analytics

1. Scope of the personal data processing

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Among other things, Google Analytics examines the origin of visitors, their length of stay on individual pages and the use of search engines, which enables the success of advertising campaigns to be better monitored. Google saves a cookie on your computer for this purpose. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). The information generated by the cookie about your use of this online presence is generally transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this online presence, your IP address will be abridged in advance by Google within the Member States of the European Union or in other states parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and abridged there.

Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

IP anonymisation is active on this online presence. On behalf of the operator of this website, Google will use this information to evaluate your use of the online presence, to compile reports on online presence activity and to provide other services relating to online presence activity and internet usage to the online presence operator. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to fully utilise all the functions of our online presence.

Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of the data processing

The purpose of the personal data processing is addressing a target group that has already expressed an initial interest by visiting the site.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. According to its own information, Google anonymises advertising data in server logs by deleting parts of the IP address and cookie information after 9 and 18 months respectively.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

In addition, you may prevent Google from tracking the data (including your IP address) generated by the cookie and your use of the online presence (including your IP address) as well as the processing of this data by Google, by clicking on the link below and downloading and installing the available browser plugin.

https://tools.google.com/dlpage/gaoptout?hl=en

You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com

Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de

Use of Google Tag Manager

1. Scope of the personal data processing

We use Google Tag Manager (https://tagmanager.google.com) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). The Google Tag Manager allows you to manage and bundle tags from Google and third-party services into a single online presence. Tags are small pieces of code on an online presence that are used to measure traffic and behaviour, measure the impact of online advertising and social channels, use remarketing and targeting and test and optimise your online presence. When a user visits your online presence, the current tag configuration is sent to the user’s browser. It contains instructions on the tags that should be triggered. Google Tag Manager will trigger other tags that may collect data. You will find information on this in the paragraphs regarding the use of the corresponding services in this Privacy Policy Google Tag Manager does not access this data.

This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

For more information about Google Tag Manager, see https://support.google.com/tagmanager/answer/6102821?hl=en and Google’s Privacy Policy https://policies.google.com/privacy?hl=en

2. Purpose of the data processing

The purpose of the personal data processing is the collected and clear management and efficient integration of third-party services.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. According to its own information, Google anonymises advertising data in server logs by deleting parts of the IP address and cookie information after 9 and 18 months respectively.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

In addition, you may prevent Google from tracking the data (including your IP address) generated by the cookie and your use of the online presence (including your IP address) as well as the processing of this data by Google, by clicking on the link below and downloading and installing the available browser plugin.

https://tools.google.com/dlpage/gaoptout?hl=en

You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com

Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de

Use of Bing Ads

1. Scope of the personal data processing

We use the conversion tracking tool Bing Ads from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as Microsoft). When doing so, Bing Ads stores a cookie on your computer if you have accessed our online presence via a Bing Ads ad. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). We only know the total number of users who clicked on a Bing ad and were then redirected to the conversion page.

The data is transferred to Microsoft servers in the USA.

Microsoft has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Microsoft undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active

Further information about Microsoft’s data processing can be found here:
https://privacy.microsoft.com/en-us/privacystatement

2. Purpose of the data processing

This allows Microsoft Bing and us to see that someone clicked on an ad, was redirected to our online presence and then reached a predetermined target page (conversion page).

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Microsoft from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can deactivate Microsoft’s use of your personal data via the following link:
https://account.microsoft.com/privacy/ad-settings/

Information on objection and removal options vis-à-vis Microsoft can be found at:
https://privacy.microsoft.com/en-us/privacystatement.

Use of Google AdWords

1. Scope of the personal data processing

We use Google Adwords from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). We use this service to place advertisements. Google saves a cookie on your computer for this purpose. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).

This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of the data processing

We are only informed about the total number of users who have reacted to our advert. No information is passed on which we could use to identify you. It is not used for tracing purposes.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com

Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de

Use of Google Ads Remarketing

1. Scope of the personal data processing

We use Google Ads remarketing from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Remarketing is used to re-target visitors to the online presence for advertising purposes via Google Ads. With the help of Google Ads Remarketing, target groups (“similar target groups”) can be created, who, for example, have requested certain pages. This makes it possible to identify a user on other online presences and display targeted advertising. To do this, Google save a cookie on the computer. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).

This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of the data processing

The purpose of the personal data processing is to address a target group. The cookies stored on the user’s end device recognise the user when they visit an online presence and can therefore display advertising that is in line with the user’s interests.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

In addition, you may prevent Google from tracking the data (including your IP address) generated by the cookie and your use of the online presence (including your IP address) as well as the processing of this data by Google, by clicking on the link below and downloading and installing the available browser plugin.

https://tools.google.com/dlpage/gaoptout?hl=en

You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com

Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de

Use of cookies:

1. Scope of the personal data processing

We use functions of Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin, Germany (hereinafter: Taboola). The Taboola Plugin allows user-specific recommendations for content and ads based on surfing behaviour and customer interests that help improve the user-friendliness of our website. To do this, Taboola saves a cookie on the computer. Consequently, personal data can be stored and evaluated: in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the shown advertisements (in particular which advertisements were shown and whether the user clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).

Further information about Taboola’s data processing can be found here:
https://www.taboola.com/de/privacy-policy

2. Purpose of the data processing

The use of the Taboola Plug-in serves to improve the user-friendliness of our online presence and services.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

Your personal information will be stored for 18 months and then anonymised. Subsequently, the anonymised data is stored for as long as is legally required, e.g. for tax and accounting purposes.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Taboola from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

Information on objection and removal options vis-à-vis Taboola can be found at:
https://www.taboola.com/de/privacy-policy

Use of Adobe Fonts

1. Scope of the personal data processing

We use Adobe Fonts from Adobe Systems Software Ireland Limited, 6 Riverwalk, Naas Road 24, Dublin, Ireland (hereinafter referred to as Adobe). When the page is retrieved, the fonts are transferred to the browser cache so it can use them to visually improve the display of various information. If the browser does not support Adobe fonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is requested. Data that is transmitted in connection with the page request is transferred to resource-specific domains such as use.typekit.net or use.typekit.com. When doing so, the following data will be processed:

  • Provided fonts
  • ID of the WEB PROJECT
  • JavaScript version of the WEB PROJECT (string)
  • Type of WEB PROJECT (string “configurable” or “dynamic”)
  • Embedding type (whether you use the JavaScript or CSS embed code)
  • Account ID (identifies the customer from whom the WEB PROJECT originates)
  • Service that provides the fonts (for example, Adobe Fonts or Edge Web Fonts)
  • Application that requests the fonts (e.g. Adobe Muse)
  • Server that provides the fonts (for example, Adobe Fonts or corporate CDN)
  • Host name of the page on which the fonts are loaded
  • The time it takes the web browser to download the fonts
  • The time from downloading the fonts with the web browser to applying the fonts
  • Whether an ad blocker is installed, to determine if the ad blocker is interfering with the proper tracking of page views
  • IP address of the website visitor, operating system and browser version


This can involve transferring data to Adobe’s servers in the USA. Adobe has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Adobe undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active

Further information about Adobe’s data processing can be found here:
https://www.adobe.com/de/privacy/policies/adobe-fonts.html and
https://www.adobe.com/uk/privacy/policy.html

2. Purpose of the data processing

The use of Adobe fonts serves to ensure that our texts are presented in an appealing way. If your browser does not support this function, your computer uses a standard font is used for the display.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can prevent Adobe from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can deactivate Adobe’s use of your personal data via the following link:
https://www.adobe.com/de/privacy/opt-out.html

Information on objection and removal options vis-à-vis Adobe can be found at:
https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/uk/privacy/policy.html

Use of Google Webfonts

1. Scope of the personal data processing

We use Google Web Fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). When the page is retrieved, the Webfonts are transferred to the browser cache so it can use them to visually improve the display of various information. If the browser does not support Google Webfonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is requested. Data that is transmitted in connection with the page request is transferred to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com. Consequently, personal data can be stored and evaluated: in particular, the activity of the user (in particular which pages have been visited and which elements were clicked) and device and browser information (in particular the IP address and operating system).

This can involve transferring data to Google’s servers in the USA. Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

Further information about Google’s data processing can be found here:
https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of the data processing

The use of Google Webfonts serves to ensure that our texts are presented in an appealing way. If your browser does not support this function, your computer uses a standard font is used for the display.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, for example for tax or bookkeeping purposes.

5. Objection and removal option

You can prevent Google from collecting and processing your personal information by stopping third-party cookies from being stored on your computer. You can do this by using the “Do Not Track” feature of a browser that supports this, by disabling the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can deactivate Google’s use of your personal data via the following link:
https://adssettings.google.com

Information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de

Use of MailChimp

1. Scope of the personal data processing

To send our newsletter, we use the service provider MailChimp from The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA (hereinafter referred to as MailChimp) MailChimp is an email marketing provider and enables us to communicate directly with potential customers via email newsletters. If you register for the newsletter, the data you entered during the newsletter registration is transferred to MailChimp and stored there. Consequently, additional personal data can be stored and evaluated: in particular, the activity of the user (in particular which pages have been visited and which elements were clicked) and device and browser information (in particular the IP address and operating system).

This can involve transferring data to Mailchimp’s servers in the USA. MailChimp has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, MailChimp undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

MailChimp also stores your data. Your data will not be passed on to third parties in connection with receiving the newsletter and MailChimp does not acquire the right to pass on your data. After registration, MailChimp will send you an email to confirm this. Furthermore, MailChimp offers different analysis options with regard to how the sent newsletters are opened and used, e.g. how many users have received an email, if emails have been rejected and if users have unsubscribed from the list after receiving an email.
Further information about MailChimp’s data processing can be found here:
https://MailChimp.com/legal/privacy/

2. Purpose of the data processing

The personal data collected during registration for the newsletter is used exclusively for sending our newsletter, possibly for invitations to events and, if you are already our customer, for our customer email. Subscribers to the newsletter may also be notified by email if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes.

3. Legal basis for the processing of personal data

In principle, the legal basis for the processing of users’ personal data is the user’s consent in accordance with Art 6(1)(1)(a) GDPR.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. Additionally, you can contact MailChimp and request deletion of your data.

5. Revocation and removal option

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.
You can revoke your consent to the storage of your data and its use for sending the newsletter by MailChimp at any time. You can exercise your right of revocation at any time by sending an email to MailChimp or by clicking on the link provided in each newsletter.
Information on objection and removal options vis-à-vis MailChimp can be found at:
https://MailChimp.com/legal/privacy/

XIII. Online Training

You can find the Privacy Policy for the HelloBetter Online Training at https://hellobetter.de/privacy-policy-training.

XIV. Hotline

1. Description and scope of the data processing

On our website, we provide a telephone number with which you can contact psychologists and psychotherapists free of charge

In this event, the user’s personal data transmitted during the call setup is processed.

To provide the hotline, we use Amazon Connect from Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon Connect). Amazon Connect is a contact-centre service provided via the Amazon Web Services (AWS) cloud.

Personal data is consequently stored and evaluated in server log files, in particular the telephone number and the beginning and end time of the telephone call.

Other information voluntarily shared during the telephone call is only recorded and forwarded to the relevant police department if the caller exhibits a suicidal behaviour.

Data is transferred to AWS servers in the USA. AWS has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, AWS undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active

For more information about AWS’ collection and storage of data, please visit: https://aws.amazon.com/privacy/

2. Purpose of the data processing

The purpose of the data processing is the provision of free telephone advice from psychologists and psychotherapists to people who are experiencing difficulties in coping with the coronavirus crisis.

3. Legal basis for data processing

The legal basis for the processing of data from the telephone call is the caller’s consent, Art. 6(1)(1)(f) GDPR.

The legal basis for the processing of the special category of personal data within the meaning of Art. 9(1) GDPR is consent pursuant to Art. 6(1)(1)(a) GDPR in conjunction with Art. 9(2)(a).

The legal basis for the processing of data transmitted during the technically necessary call set-up is Art. 6(1)(f) GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. The personal data collected during the call setup is deleted after 24 months at the latest.

5. Objection and removal option

The user may at any time revoke their consent to the processing of personal data. If the user contacts us, they may at any time object to the storage of their personal data. In such a case, all personal data that was stored in the course of making contact is erased.


This Privacy Policy was created with the support of DataGuard.