Data protection information

to our website, to other online presences, as well as for customers, suppliers, and participants of our events

I. General

1. Controller

We, the d.velop AG, take the protection of your personal data and the legal obligations that serve to ensure this protection very seriously. The legal provisions require comprehensive transparency in all issues regarding the processing of personal data. Only if the processing is traceable for you as the person concerned (data subject), you can be deemed to be sufficiently informed about the intention, purpose, and scope of the processing. Our data protection declaration therefore explains to you in detail which so-called personal data is processed by us when you use the www.d-velop.com website or any other web pages that refer referring to it (see definitions below, 2.).

Controller in terms of the General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz – German Federal Data Protection Act (BDSG) as well as other data protection regulations is
d.velop AG
Schildarpstraße 6-8, 48712 Gescher, Germany
+49 (0) 2542 9307-0
info@d-velop.com
www.d-velop.de
referred to hereinafter as or „controller“ oder „we“.

The responsible data protection officer is:

Nils Möllers
Keyed GmbH
Siemensstraße 12
48341 Altenberge

Telephone +49 2505-639797
Email: info@keyed.de

Please note that links on our website may lead you to other webpages which are not operated by us but by third parties. Such links are either clearly identified by us or can be identified by a change in the address line of your browser. We are not responsible for compliance with the applicable data protection regulations and safe handling of your personal data on these third-party websites.

2. Definitions

2.1 From the GDPR

This data protection declaration uses the terms defined in the legal text of the GDPR. These definitions (Art. 4 GDPR) can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.

2.2 Cookies

Cookies are text files that are stored or read by a website on your end device. They contain combinations of letters and numbers and are used to recognize the user and their settings when they reconnect to the website that set the cookie, to enable the user to remain logged in to a customer account, or to statistically analyze a specific user behavior.

2.3 Categories of data

When we specify in this privacy policy which categories of data we process, we are referring in particular to the following data: Master data (e.g. names, addresses, dates of birth), contact details (e.g. e-mail addresses, telephone numbers, messenger services), content data (e.g. text entries, photographs, videos, contents of documents/files), contract data (e.g. subject of the agreement, terms, customer category), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain content, access times) and connection data. (e.g. device information, IP addresses, URL referrer).

3. Information about data processing

We process personal data only to the extent permitted by law. Personal data will be passed on to third parties only in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).

Unless we are legally obliged to store or pass on personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process, how long we process it for and the extent to which we disclose it to others depends on which functions of the website you use in each individual case.

4. Duration of storage

Personal data shall be deleted as soon as the purpose for which it was processed no longer exits or a prescribed retention period expires, unless we need to continue storing the personal data in order to conclude or fulfill a contract. If we use cookies that are not absolutely necessary to provide the service you requested, we inform you about the functional duration of these cookies at the end of this privacy policy.

5. Automated individual decision-making including profiling

We do not use automated individual decision-making including profiling to reach decisions pursuant to Art. 22 Para. 1, 4 GDPR.

6. Rights of the data subject

As the data subject, you have the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restrict processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions from Sections 34, 35 BDSG apply to the right of access and the right to erasure. You have the right to lodge a complaint with a supervisory authority for data protection matters (Article 77 GDPR in conjunction with Section 19 BDSG). The supervisory authority to which we are subject is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestrasse 2-4, 40213 Düsseldorf, Germany. However, you are free to lodge a complaint with any supervisory authority for data protection matters of your choosing

7. Notification obligations of the controller

We will notify all recipients to whom your personal data has been disclosed of any rectification or deletion of your personal data or any restriction of processing pursuant to Art. 16, Art. 17 Para. 1 and Art. 18 of the GDPR, unless such notification is impossible or involves disproportionate effort. Upon your request, we will inform you of who received this notification.

8. Obligation to provide information

Unless otherwise explained below in the legal bases under II or III, you are not obliged to provide personal data. However, in the cases described in Art. 6 Para. 1 Lit. b) of the GDPR, the personal data is necessary for the performance or conclusion of a contract. If you do not provide this personal data, it is not possible to fulfill or conclude the contract. If you do not provide personal data in the cases described in Art. 6 Para. 1 Lit. a) and f) of the GDPR, it is not possible to use the parts of our website in question.

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 Para. 1 Lit. f) of the GDPR. Where personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.

Pursuant to Art. 7 Para. 3 Clause 4 of the GDPR, you also have the right to revoke your consent to future processing at any time. Such a revocation does not affect the lawfulness of processing carried out before the revocation. You can revoke your consent by mail or e-mail without the need for a specific form. If you object, we will cease to process your personal data unless another (legal) basis permits the processing. If, however, you revoke your consent and there is no other basis that permits the processing, the personal data must be deleted immediately pursuant to Art. 17 Para. 2 Lit. b) of the GDPR.

No specific form is required to lodge an objection or revoke consent. Such communications should be addressed to:

d.velop AG
Schildarpstrasse 6-8, 48712 Gescher, Germany
+49 (0) 2542 9307-0
info@d-velop.de

II. Data processing in connection with use of the website

Using the website for informational purposes

Purpose of processing: If you access our website and use it purely for informational purposes, i.e. without using additional functions such as contact forms or social media plugins, we automatically collect personal data for the purpose of optimizing and ensuring the proper functioning of our website, as well as to ensure the security of our information technology systems.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Categories of data: Usage data, connection data

Recipient of the data: IT service providers

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Google Maps

Purpose of processing: Integrating interactive maps and map functions of Google Maps.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Categories of data: Usage data, connection data, location data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device? No

Facebook Custom Audiences (“Facebook Pixel”)

Purpose of processing: Displaying personalized advertisements in the Facebook advertising network (Facebook Ads) based on your pseudonymously recorded surfing behavior.

Legal bases: Art. 6, Para. 1, Lit. a) GDPR

Categories of data: Usage data, connection data

Recipient of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controller, Art. 26 GDPR

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.

We use the “Custom Audiences” remarketing function of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). Custom Audiences allows us to target users of our website with advertising by displaying personalized and interest-based Facebook ads (https://de-de.facebook.com/business/products/ads) when they visit the Facebook social network.

We use the “Facebook Custom Audiences from Website” version of Facebook Custom Audiences (Facebook Pixel). This involves integrating an invisible pixel on our website. When a potential customer looks at certain products on our website, places them in the shopping cart and perhaps cancels the order, this invisible pixel forwards the data to Facebook. The next time this potential customer logs in to Facebook, the integrated pixel means that he or she will receive targeted advertising for the product he or she previously viewed but may not have purchased.

This personal data is processed for the purpose of optimizing our products and services and offering individualized advertising. This constitutes a legitimate interest that permits the processing of your data according to Art. 6 Para. 1 Lit. f) of the GDPR. The transfer of data to the USA is carried out in accordance with Commission Implementing Decision (EU) 2016/1250 (EU-US Privacy Shield). If you do not want Facebook to associate the collected information directly with your Facebook user account, you can disable the “Custom Audiences” remarketing feature in your Facebook user account settings. You must be logged in to Facebook to do this.

More information about how Facebook collects and uses your data and about your rights and options for protecting your privacy can be found in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

Google Analytics

Purpose of processing: Statistical evaluation of how you use the website. We collect your IP address before it is anonymized by Google through truncation before being permanently stored on their servers.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR

Categories of data: Usage data, connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read information on your device? Yes, see the list at the end of this privacy policy.

Google Ads Conversion Tracking

Purpose of processing: Measuring the success of our Google Ads campaigns.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR

Categories of data: Usage data, connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.

Microsoft Ads

Description and Purpose: On the Website, we use Microsoft Ads (bingads.microsoft.com) technology provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft will place a cookie on your device if you have come to our site through a Microsoft Bing ad. Microsoft Bing and we can thus recognize that someone has clicked on an ad, been redirected to our site, and reached a predetermined destination page (conversion page). We only know the total number of users who clicked on an ad and were redirected to a conversion page. Microsoft collects, processes and uses information via the cookie from which user profiles are created using pseudonyms (Microsoft Conversion Tracking). These usage profiles are used to analyze visitor behavior and are used to serve ads. No personal information on the identity of the user is processed.

Legal basis: The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient: The recipient of your personal data is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”), where applicable.

Transfers to third countries: The personal data is transferred to the United States. The transfer is subject to appropriate safeguards according to Art. 46 of the GDPR. Where necessary, we have agreed appropriate safeguards within the meaning of Article 46 (2) of the GDPR with the data importer. In addition, we are aware of our responsibilities and, to the extent necessary to protect the rights and freedoms of natural persons, we take further measures to ensure the protection of personal data.

Duration of data storage: Data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure pursuant to Art. 17 (1) of the GDPR.

Revocation: You have the right to revoke your granted consent at any time, see. Art. 7 (3) sent. 1 of the GDPR. This can be done informally and without giving reasons and is effective for future activities. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation was communicated. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation: There is no contractual or legal obligation to provide the data.

Further information on data protection: Here you will find further information on processing of your personal data: https://privacy.microsoft.com/en-US/privacystatement

LinkedIn Conversion Tracking

Purpose of processing: Measuring the effectiveness of our advertisements and displaying interest-based advertising.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR.

Categories of data: Usage data, connection data (this data is deleted within seven days).

Recipient of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.

Hotjar

Purpose of processing: Analyzing your surfing and clicking behavior on our website, creating “heat maps” based on this analysis, and optimizing and designing our website according to your needs.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR

Categories of data: Usage data, connection data

Recipient of the data: Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta

Intended transfer to third countries: None

Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.

HubSpot

Purpose of processing: E-mail marketing, in particular newsletters, and evaluating click and usage behavior for optimizing and improving the design of our website and for advertising purposes.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR

Categories of data: Master data, contact details, content data, usage data, connection data

Recipient of the data: HubSpot European Office, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland / HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device?  Yes, see the list at the end of this privacy policy.

SurveyMonkey

Purpose of processing: Integrating the SurveyMonkey survey service on our website.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR

Data categories: master data (if applicable), contact details (if applicable), usage data, connection data

Recipient of the data: SurveyMonkey Europe UC 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.

YouTube

Purpose of processing: Integrating videos with the YouTube video plugin to personalize our website.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Categories of data: Usage data, connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”)

Does providing your consent mean that we store or read information on your device? No.

Contacting us (e-mail, telephone, contact form)

Purpose of processing: Replying to your inquiry in the contact form on our website, your e-mail or your callback request.

Legal basis: Art. 6 Para. 1 Lit. f) GDPR; Art. 6 Para. 1 Lit. b) GDPR (if your inquiry concerns the conclusion of a contract or an existing contract); Art. 88 Para. 1 GDPR in conjunction with Section 26 Para. 1 BDSG (if you send us documents in connection with an application)

Categories of data: Master data, contact details, content data, usage data (if applicable), connection data, contract data (if applicable)

Recipient of the data: Affiliated companies within the d.velop group in individual cases.

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Customer account

Purpose of processing: Use of a customer account (also a prerequisite for orders in our online shop), ensuring the security of our information technology systems.

Legal basis: Art. 6, Para. 1, Lit. a), b) and f) GDPR

Categories of data: Master data, contact details, usage data, connection data, contract data, payment data

Recipient of the data: None

Intended transfer to third countries: None

Does providing your consent mean that we store or read personal information on your device? No

Online shop

Purpose of processing: Processing and delivering your orders, ensuring the security of our information technology systems.

Legal basis: Art. 6, Para. 1, Lit. b) and f) GDPR

Categories of data: Master data, contact details, usage data, connection data, contract data, payment data

Recipient of the data: None

Intended transfer to third countries: None

Does providing your consent mean that we store or read personal information on your device?: No

Career portal, applications by mail

Purpose of processing: Processing your application and carrying out the application procedure, considering your application for future positions with us or our subsidiaries (at your request), ensuring the security of our information technology systems. Applications received by mail are forwarded to the HR department, where they are digitized.

Legal basis: Art. 88 Para. 1 GDPR in conjunction with Section 26, Para. 1 Clause 1 BDSG, for applications to subsidiaries and storage for future positions Art. 6 Para. 1 Lit. a) GDPR in conjunction with Art. 7 GDPR, Section 26, Para. 2 BDSG; Art. 6 Para. 1 Lit. f) GDPR

Categories of data: Master data, contact details, content data, usage data (not for applications received by mail), connection data (not for applications received by mail), contract data

Recipient of the data: Our subsidiaries (only with your express consent)

Intended transfer to third countries: None

Does providing your consent mean that we store or read personal information on your device? No

Registering for training courses/seminars/webinars and other events

Purpose of processing: Registering for training courses, seminars, webinars or other events via our website, documenting your registration, ensuring the security of our information technology systems.

Legal basis: Art. 6, Para. 1, Lit. b) and f) GDPR.

Categories of data: Master data, contact details, usage data, connection data, contract data, payment data (if applicable)

Recipient of the data: Partners (e.g. conference hotels, IT service providers such as HubSpot)

Intended transfer to third countries: None

Does providing your consent mean that we store or read personal information on your device? No

Requesting advertising materials or quotations

Purpose of processing: Sending advertising materials you requested and generating and sending quotations you requested.

Legal basis: Art. 6 Para. 1 Lit. f) GDPR; Art. 6 Para. 1 Lit. b) GDPR (if your inquiry concerns the conclusion of a contract or an existing contract)

Categories of data: Master data, contact details, connection data, contract data (if applicable)

Recipient of the data: Affiliated companies within the d.velop group in individual cases; postal service providers.

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Email newsletter

Purpose of processing: Managing our distribution list and sending the newsletter you requested, personalizing our newsletter based on your usage behavior and documenting your consent to receive the newsletter.

Legal basis: Art. 6, Para. 1, Lit. a) GDPR

Categories of data: Contact details, master data, usage data, connection data

Recipient of the data: HubSpot European Office, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland / HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA

Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).

Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.

BeyondWords

Description and purpose: To be able to have blog posts read aloud on our website, we use the BeyondWords service. This serves to provide a better and more varied way of understanding our blog offer. When using the service, the playback duration and playback length, as well as playback clicks are stored anonymously.

Legal basis: The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient: The recipient of your personal data is Lstn Ltd, 16 Berkeley Street, London, England, W1J 8DZ.

Transfer to third countries: The personal data will be transferred to the United Kingdom. There is an adequacy decision with the third country pursuant to Art. 45 (1) GDPR, whereby a comparable and thus adequate level of protection is certified. In addition, in the event of a change in the legal situation, we take further measures as quickly as possible to ensure the protection of personal data.

Duration of data storage: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation: You have the right to revoke your consent at any time, cf. Art. 7 (3) p. 1 GDPR. This can be done informally and without giving reasons and is effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation: There is no contractual or legal obligation for the provision of the data.

Further information on data protection: Further information on the processing of your personal data can be found here: https://beyondwords.io/privacy/.

Algolia

Description and purpose: We use the search engine of Algolia Inc, 3790 El Camino Real, Unit #518, Palo Alto, CA 94306, United States, in our service portal. Algolia is an AI-driven search engine that displays suitable search suggestions just by entering a few letters. This should enable users of the service portal to find their way around even more easily and thus navigate through the portal more efficiently and purposefully.

Legal basis: The legal basis for the processing of your personal data is Art. 6 (1) lit. a) GDPR. 

Recipient: The recipient of your personal data is the service Algolia Inc, 3790 El Camino Real, Unit #518, Palo Alto, CA 94306, United States.

Transfer to third countries: Personal data is transferred to the USA. There is an adequacy decision with the USA pursuant to Art. 45 (1) GDPR, which certifies a comparable and thus adequate level of protection. In addition, in the event of a change in the legal situation, we take further measures as quickly as possible to ensure the protection of personal data. For example, the conclusion of standard data protection clauses.

Duration of data storage: The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation: You have the right to withdraw your consent at any time, see Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligations: There is no contractual or legal obligation to provide the data.

Further data protection information: Further information on the processing of your personal data can be found here: https://www.algolia.com/de/policies/privacy/

Hygraph

Description and purpose: The controller uses the Hygraph service provided by Hygraph GmbH, Dircksenstraße 47, 10178 Berlin, Germany, to host the website. Hygraph serves to ensure fast and location-independent availability of the website and to offer more security. For this purpose, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website are processed.

Legal basis: The legal basis for the processing of your personal data is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the rapid availability of the website, regardless of the location of the website visitor, protection against data loss and the reliability of the website. In addition, the processing for the fulfilment of the contract with you or an impending contract based on the completion of a contact form is also in our legitimate interest.

Recipient: In addition to the controller, the recipient of your personal data is Hygraph GmbH, Dircksenstraße 47, 10178 Berlin, Germany. 

Transfer to third countries: There is no transfer to a third country.

Duration of data storage: The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 para. 1 GDPR.

Objection: In accordance with Art. 21 (1) GDPR, you have the right to object to the processing of your personal data at any time. If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation: There is no contractual or legal obligation to provide the data.

Further data protection information: Further information on the processing of your personal data can be found here: https://hygraph.com/privacy

III. Notes on d.velop’s external pages

Facebook page / Page Insights data

Purpose of processing: We operate a page about our company (“Facebook page”) at https://de-de.facebook.com/d.velop.ag/. When you visit and use our Facebook page, Facebook may evaluate your usage behavior and provide us with information obtained from this (“Insights”). These Page Insights are used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Data categories: master data (if applicable), contact details (if applicable), content data, usage data, connection data

Recipient of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controller – the most important information about the agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum)

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Rights of data subjects: Facebook is responsible for observing your rights as a data subject. Facebook informs you about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights to us, in which case we will immediately forward your request to Facebook.

Instagram page

Purpose of processing: We operate a page about our company (“Instagram page”) at https://www.instagram.com/dvelopag. When you visit and use our Instagram page, Facebook may evaluate your usage behavior and provide us with information obtained from this (“Insights”). These Page Insights are used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Data categories: master data (if applicable), contact details (if applicable), content data, usage data, connection data

Recipient of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controller – the most important information about the agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum)

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Rights of data subjects: Facebook is responsible for observing your rights as a data subject. Facebook informs you about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights to us, in which case we will immediately forward your request to Facebook.

LinkedIn page

Purpose of processing: We operate a page about our company (“LinkedIn page”) at https://www.linkedin.com/company/d.velop-ag. When you visit and use our LinkedIn page, LinkedIn may evaluate your usage behavior and provide us with information obtained from this. This information is used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Data categories: master data (if applicable), contact details (if applicable), content data, usage data, connection data

Recipient of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Kununu profile

Purpose of processing: We operate a page about our company (“Kununu profile”) at https://www.kununu.com/de/dvelop. When you visit and use our Kununu profile, Kununu may evaluate your usage behavior and provide us with information obtained from this. This information is used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Data categories: master data (if applicable), contact details (if applicable), content data, usage data, connection data

Recipient of the data: kununu GmbH, Neutorgasse 4-8, Top 3.02, A-1010 Vienna, Austria

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Twitter account

Purpose of processing: We operate a page about our company (“Twitter account”) at https://twitter.com/d_velop. When you visit and use our Twitter account, Twitter may evaluate your usage behavior and provide us with information obtained from this. This information is used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Data categories: master data (if applicable), contact details (if applicable), content data, usage data, connection data

Recipient of the data: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Xing page

Purpose of processing: We operate a page about our company (“Xing page”) at https://www.xing.com/companies/d.velopag. When you visit and use our Xing page, New Work SE (“Xing”) may evaluate your usage behavior and provide us with information obtained from this. This information is used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Categories of data: Master data, contact details, content data, usage data, connection data

Recipient of the data: New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany (as joint controller)

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

YouTube channel

Purpose of processing: We operate a page about our company (“YouTube channel”) at https://www.youtube.com/channel/UCQCNrrvjzZUYwfkNayoKtmA. When you visit and use our YouTube channel, Google may evaluate your usage behavior and provide us with information obtained from this. This information is used to help us optimize our website from a business standpoint and refine its design to meet our customers’ needs.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Data categories: master data (if applicable), contact details (if applicable), content data (if applicable), usage data, connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland

Intended transfer to third countries: None

Does providing your consent mean that we store or read information on your device? No

Foleon

Description and purpose: On our website we use the services of Foleon B.V., John M. Keynesplein 12, NL-1066 EP Amsterdam. Through the services of Foleon B.V., content can be made available on the website in an appealing and easily accessible manner. This improves the user experience of website visitors. For this purpose, cookies are placed on our website by Foleon B.V.. However, these cookies do not collect any personal data that could be used to identify website visitors. In addition, no personal data is transmitted to the service provider.

Legal basis: The legal basis for the use is the standard of Art. 6 para. 1 lit. a) GDPR.

Recipients: No personal data is transferred to third parties.

Transfer to third countries: There is no transfer of data to a third country, i.e. a country outside the European Economic Area.

Duration of data storage: The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data.

Revocation and objection options: You have the option to revoke your consent to the processing of personal data at any time. Your data will then be deleted for this purpose. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Contractual or legal obligation: The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide this data may mean that you will not be able to use this function of our website or will not be able to use it to its full extent.

Further data protection information via link: Further information on data protection at Foleon can be found at: https://www.foleon.com/privacy-policy.

Vimeo

Description and purpose: We use for the integration of videos among others the provider Vimeo. Vimeo is operated by Vimeo LLC with headquarters at 555 West 18th Street, New York, New York 10011. On some of our websites we use plugins from the provider Vimeo. When you access the web pages of our website that are equipped with such a plug-in – for example our media library or e-learning – a connection to the Vimeo servers is established and the plug-in is displayed. This tells the Vimeo server which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When you use the plugin, such as when you click on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo account before using our website and deleting the corresponding cookies from Vimeo. 

Legal basis: The legal basis for the processing of personal data is your consent in accordance with art. 6 para. 1 lit. a) GDPR. 

Receiver: The recipient is Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011. 

Transfer to third countries: The personal data will be transferred to the USA. The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. In addition, we are aware of our responsibility and take further measures as necessary to protect the rights and freedoms of natural persons to ensure the protection of personal data. 

Duration of data storage: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the storage period is based on the statutory retention periods. In addition, the data will be deleted if you request the deletion of personal data, provided that there are no legal retention periods to the contrary.  

Revocation or objection: You have the right to revoke your consent at any time, cf. Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects”. 

Contractual or legal obligation: There is no contractual or legal obligation to provide the data. 

Further information on data processing via link: Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy. 

Wistia

Description and purpose: Our websites use the Wistia service provided by Wistia Inc. Wistia hosts videos for us so that we can make them available on our websites. In addition, with the help of Wistia, forms can be placed behind the videos, giving website visitors the opportunity to interact directly with us and, for example, to register for events. We use the so-called “Privacy Mode” of Wistia, so that no personal data is processed that can be used to identify a natural person. The following data is processed when using Wisita: Provider, location (country), device type, anonymized IP address, URL of the page from which the video was accessed and the playback time. Data entered in the form is not sent to Wistia, but directly to us. 

Legal basis: The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR. 

Recipient: We store the data from the forms in the HubSpot software for central administration. 

Transfer to third countries: The personal data will be transferred to the US. The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. In addition, we are aware of our responsibility and, where necessary to protect the rights and freedoms of natural persons, take further measures to ensure the protection of personal data. 

Duration of data storage: The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Article 17 (1) of the GDPR. 

Revocation or objection: You have the right to revoke your consent at any time, cf. Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects”. 

Contractual and legal obligation: There is no contractual or legal obligation for the provision of the data. 

Further data protection information: Further information on the processing of your personal data can be found here: https://wistia.com/privacy & https://wistia.com/support/account-and-billing/privacy-and-data-protection 

Perspective Funnels

Description and purpose: We use on our website the services and marketing funnels of Perspective Software GmbH, Müggelstraße 22, 10247 Berlin. Perspective Funnels is a software for the acquisition of new employees, appointments & leads. With so-called mobile funnels, new customers can be targeted via advertisements and leads can be generated. With the tool, for example, recruiting funnels for the acquisition of new talent or appointment funnels for the generation of appointments can be built. This offers us the possibility of efficient applicant management, which means that applications can be processed more quickly. By using Perspective Funnels we aim for a simple, fair and efficient application process.

Legal basis: The legal basis for processing the processing of your personal data in connection with the application results from Art. 88 GDPR and § 26 BDSG. If you also voluntarily provide special category personal data, Art. 9 (2) lit. a) GDPR is the relevant legal basis. If a contract is initiated via an inquiry form, the legal basis is also Art. 6 (1) lit. b) GDPR.

Recipients: The recipient of your personal data is Perspective Software GmbH, Müggelstraße 22, 10247 Berlin, Germany, where applicable.

Transfers to third countries: There is no transfer of your personal data to a third country. However, we are aware of our responsibility and regularly review the framework conditions and legal changes. Should a transfer to a third country occur, we will update this information as soon as possible.

Duration of storage: Personal data is stored for the duration of the respective legal retention period. If you have agreed to be included in the applicant pool, reduced data records may be stored for up to 24 months after the decision has been made.

Revocation: You have the right to revoke your granted consent at any time, cf. Art. 7 (3) sent. 1 of the GDPR. This can be done informally and without giving reasons and is effective for future activities. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation was communicated. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation: There is no contractual or legal obligation to provide the data.

Further information on data protection: Here you will find further information on processing of your personal data: https://perspective.co/datenschutzerklaerung/

IV. Information about the cookies we use

Below is a list of the names and functional durations of the cookies used by the above mentioned plugins and services – provided you consent to their use – with the following pattern: [name of the service]: [name of the cookie] ([functional duration]).
A cookie can only be accessed from the Internet address at which the cookie was set. This means that we have no access to the cookies used by the providers (above). They also have no access to our cookies. Third parties have access neither to our cookies nor to those of the providers. Third parties can only access these cookies by means of technical attacks, which we cannot control and for which we are not responsible.

Google Analytics:  (2 years)
Hotjar:  (1 year)
HubSpot (13 months)
SurveyMonkey: (1 year)
YouTube: (6 months)
LinkedIn: (2 years)

V. Processing of customer and supplier data

Purpose of processing: Identification as contact person, making professional contact, especially when executing contracts with your company; if necessary, use as test data for software development (in this case, exclusively in a specially secured IT environment and only for the duration of the software test).

Legal basis: Art. 6, Para. 1, Lit. b) and f) GDPR

Categories of data: Master data, contact details, content data, contract data, payment data

Recipient of the data: Our subsidiaries (if applicable), IT service providers

Intended transfer to third countries: None

VI. Processing the data of participants at our events

Purpose of processing: Carrying out our events, taking photos during the events (if applicable), using the photos for internal reporting and for presenting the event for informational purposes, as well as for documentation and public relations purposes.

Legal basis: Art. 6, Para. 1, Lit. f) GDPR

Categories of data: Master data, contact details, content data (in particular still images, videos and audio recordings)

Recipient of the data: Our subsidiaries, operators of our social media sites, contractual partners in individual cases

Intended transfer to third countries: None

Rami.io / pretix

Description and purpose: We offer (online) events using the “Pretix” ticketing system from rami.io GmbH, 69126 Heidelberg, Germany (“Rami.io”). Data processing takes place exclusively in the European Union. The registration button takes you to the corresponding Pretix website, where you can select the event and the number of participants and place them in a shopping cart. Before registering for the event, you must enter your e-mail address and the name, e-mail address, company and postal address of each participant. Once you and any other participants have registered for the online event, you and each other participant will receive a confirmation email and any reminder and follow-up emails via the Pretix service. The confirmation email contains the link to participate in the online event, which is carried out via the Venueless platform.
When using the Venueless platform, rami.io collects the following data from you: Browser type and version used, internet service provider, IP address, date and time of access, duration of your access and the times at which you switched between different parts of the event. In addition, the content you have entered, such as the display name you have chosen and, if applicable, a selected image for communication with other users, chat messages you have sent or content from video calls, is processed. A web token is stored in the local memory of your browser when you start using the platform. This is used to check whether you are authorized to participate in the event.

Legal basis: We process your personal data collected in connection with the registration for the online event and during the execution of the online event for the purpose of fulfilling the contract you have concluded with us for participation in the event. The legal basis is Art. (1) lit. b) GDPR.
Rami.io processes your data for the purpose of providing and operating its services used by us in relation to the event. Insofar as the processing is directly related to the registration for the online event and the implementation of the online event, the legal basis is Art. 6 (1) lit. b) GDPR. The legal basis for processing to ensure error-free operation and to improve the platform is Art. 6 para. 1 lit. f) GDPR.

Recipient: The recipient of your personal data is rami.io GmbH, Berthold-Mogel-Str. 1, 69126 Heidelberg, Germany.

Transfer to third countries: There is no transfer to third countries.

Duration of data storage: The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Right to object: In accordance with Art. 21 (1) GDPR, you have the right to object to the processing of your personal data at any time. If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation: There is no contractual or legal obligation to provide the data.

Further data protection information: Further information on the processing of your personal data can be found here: https://pretix.eu/about/de/privacy and https://pretix.eu/about/de/security