This data protection declaration describes how we process personal data when using our website and its functionalities.
WHAT IS PERSONAL DATA?
Personal data is all information relating to an identified or identifiable natural person. This may involve data that can be personally related to you, for example name, address, email addresses or user behaviour.
RESPONSIBLE BODY AND DATA PROTECTION OFFICER
The responsible body under Article 4 No. 7 of the General Data Protection Regulation (GDPR) is Door2Door GmbH, Torstraße 109, 10119 Berlin, email@example.com.
We have designated a data protection officer. You may contact our data protection officer under the postal address above – to the attention of the “Data Protection Officer” – and via the email address firstname.lastname@example.org.
WHAT PERSONAL DATA DO WE COLLECT?
Our website is primarily for information. Interested users can inform themselves about our company and our products and services. The data and information we collect can be divided into the following categories:
Automatically collected data: When you access and use our website, we automatically collect information, including personal data, about the technology you use and how you use this and our website.
a) Log files and device information: Log files contain data that your browser automatically transmits to our web server. These log files contain information about
- your IP address
- the date and time of the request
- the requested URL (specific page)
- access status/HTTP status code
- the amount of data transferred in each case
- the website from which the request comes (referrer URL)
- the browser type and the browser language setting
b) Cookies/web beacons: Cookies are used on our website pages. Cookies are small pieces of information that your browser automatically stores in your computer’s memory. Cookies contain a range of data, such as information about the pages you have visited, the frequency of page visits and the actions you have taken on our website. Through technical precautions, this data is pseudonymized so that it is no longer possible to assign the data to a specific user. You can find more information about which cookies we use and how we apply technologies in our cookies policy.
Web beacons are pixel-sized files that are retrieved from the provider’s server when a website or newsletter is opened. Web beacons function similarly to cookies. When you access the web beacon, technical information, such as information about your browser and system, as well as your IP address and time of access are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their usage behaviour based on their retrieval locations (which can be determined using the IP address) or access times.
Data and information provided by you (contact requests and job applications): If you contact us with general questions about our company and our products, register for a webinar or event, write to us with technical problems concerning products, or make a job application to us, we will store and process the personal data you have provided with the request/application. To contact us, we provide you with a contact form under the heading “Contact” and request the personal data marked * (first and last name, email). To simplify and standardize the job application process, we provide you with an electronic application form in which we ask you to provide your full name, your email address and your CV. You decide which other information and data you provide to us. We reserve the right, however, not to fulfil your contact request or to consider your application without certain information which is required in individual cases. If necessary, we will contact you and request further data and information.
HOW DO WE USE THE DATA WE COLLECT FROM YOU? ON WHAT LEGAL PRINCIPLE IS THE USE BASED?
We use, store and process information, including personal data, about you for the following purposes and on the basis of the following legal bases:
Provision, improvement, development and security of the website: We use the log files which are automatically generated to provide you with the website’s full functionalities. We also use this information and data to optimize our website and to ensure the security of our IT systems. For this purpose, your IP address must remain stored for the duration of the session.
We use log files as part of our legitimate interest in the availability and continuous development of our website. The legal basis for the use of the protocol files is Article 6 para. 1 (f) GDPR.
Analysis: We use the information and data generated by cookies to analyze the use of our website. This enables us to find out more about the number of visits to a page, user behaviour or the length of time spent on the site, and to draw conclusions as to which content on our website is of particular interest to visitors and which is of less interest. We may take this into account in future updates and redesigns of our website.
Marketing and advertising: We also use the data from cookies for advertising purposes, for example to display advertising on our website or on third-party websites. The data can provide information about how you navigate the Internet and which advertising you were particularly interested in because you clicked on it. This allows our advertising partners to use their advertising much more specifically and make recommendations based on your interests and preferences.
Communication/newsletter/event/job application: We use the data that we request from you or that you provide us in connection with your request/registration/application when you contact us in order to answer and process your request/application as quickly and efficiently as possible.
The use of your data in the context of communication with you corresponds to our legitimate interest pursuant to Article 6 para. 1 (f) GDPR. As far as it concerns a concrete enquiry regarding our products or a job application, the use of your data takes place for the purposes of contract implementation and/or for the execution of pre-contractual measures at your request in accordance with Article 6 para 1 (b) GDPR.
If you have subscribed to our newsletter or are already a customer, we will use your data to send you our newsletter. Subscription to our newsletter is subject to the so-called double opt-in procedure. This means that after entering your email address in the corresponding field you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that you have entered the correct email address and that it will not be misused by unauthorized third parties. The registration for the newsletter is recorded in order to be able to prove your registration. For this we store the time of your registration as well as the IP address.
The legal basis for sending the newsletter or processing your data in relation to a webinar registration is Article 6 para. 1 (a) GDPR in conjunction with Section 7 para. 2 (3) of the German Law on Unfair Competition (UWG) or on the basis of the legal permission pursuant to Section 7 para. 3 UWG.
WILL THE DATA AND INFORMATION ABOUT ME BE SHARED WITH OTHERS?
To achieve the purposes described here, we work with various service providers, namely the following products which we have integrated into our websites and about which we inform you to the best of our knowledge:
Google Analytics: We use the analysis service of Google, LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA, Google Analytics to analyze website usage. Google Analytics is an analysis tool that provides us with information on the use of the website. We use a very limited scope of this service to improve our website. The cookies collect anonymous data, e.g. the number of visitors to the website.
We have activated the IP anonymization of Google Analytics. Prior to transmission to the Google servers in the USA, your IP address will be redacted by Google in the Member States of the European Union or in other EEA contracting states. That makes it undetectable. Only in exceptional cases will the complete IP address be transmitted to a Google server in the USA and redacted there.
For more information about Google Analytics, please visit https://policies.google.com/privacy?hl=en&gl=ZZ.
MailChimp: We use “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA for sending out our newsletter.
The email addresses of our newsletter recipients, as well as their additional data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp claims that it can use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for business purposes to determine the countries where the recipients originate. However, MailChimp does not use the data of our newsletter recipients in order to contact them themselves and does not pass the data on to third parties.
The newsletters contain a web beacon (see general information on web beacons above). In addition to the technical information, the statistical survey also determines whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention, nor that of MailChimp, to observe individual users. The evaluations serve rather to help us recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Workable: We use the services of Workable Software Limited, 21a Kingly Street, Second Floor, London, W1B 5QA to manage applications. Your job application will first be sent to servers operated by Workable and electronically processed by Workable in order to be able to display and process it visually on an Internet-based overview page (“dashboard”).
GoToWebinar: We use the GoToWebinar services of LogMeIn, whose primary controller in the European Union is LogMeIn Ireland Limited, an Irish company headquartered at The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Republic of Ireland. If you register for a webinar, your name and email address may be stored on LogMeIn’s servers.
Social networks: Our websites contain links to several social networks. Currently, there are links to Facebook, Twitter, Instagram, LinkedIn, Xing, Medium and YouTube. These links are not social plug-ins, but rather deep links to our profile pages within those social networks.
We use analytics services so that we can improve the user experience for our customers. We may also use analysis services to analyze our profile pages and our contributions to social networks. In this case, data that you make publicly available over this social network may be included in the analysis.
By clicking the link to Facebook, you will be forwarded to the service of Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. For further information about which data is stored and how that data is used, please note the Facebook privacy notice: https://www.facebook.com/policy.php
By clicking the link to Twitter, you will be forwarded to the service of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For further information about which data is stored and how that data is used, please note the Twitter privacy notice: https://twitter.com/en/privacy
By clicking the link to Instagram, you will be forwarded to the service of Instagram, a subsidiary of Facebook at Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. For further information about which data is stored and how that data is used, please note the Instagram privacy notice: https://help.instagram.com/519522125107875
By clicking the link to LinkedIn, you will be forwarded to the service of LinkedIn Corporation, 029 Stierlin Court, Mountain View, CA 94043, United States. For further information about which data is stored and how that data is used, please note the LinkedIn privacy notice: https://www.linkedin.com/legal/privacy-policy#other_information
By clicking the link to Xing, you will be forwarded to the service of Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany. For further information about which data is stored and how that data is used, please note the Xing privacy notice: https://privacy.xing.com/en/privacy-policy
By clicking the link to Medium, you will be forwarded to the service of A Medium Corporation, 799 Market Street, 5th Floor, San Francisco, CA 94103, USA. For further information about which data is stored and how that data is used, please note the Medium privacy notice: https://medium.com/policy/medium-privacy-policy-f03bf92035c9
By clicking the link to YouTube, you will be forwarded to the service of YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For further information about which data is stored and how that data is used, please note the YouTube privacy notice: https://www.google.com/intl/en/policies/privacy/
FOR HOW LONG WILL MY DATA BE STORED?
We only store the data for as long as is necessary for the fulfilment of the purpose for which you have transmitted your data to us or for compliance with legal regulations.
Automatically collected data: Log files that we use to make our websites available are automatically deleted as soon as the respective session ends. Log files for security purposes and as a precaution against attacks on our websites are automatically deleted after 7 days at the latest. The storage time of cookies varies according to the type of cookie and depends on your browser settings. Usage data collected and processed by Google Analytics are automatically deleted after 14 months.
Data and information provided by you in the context of your job application: If we are unable to offer you employment, we will keep the data provided by you for up to six months for the purpose of answering questions in connection with your application and rejection. If we are not currently able to offer you a position, but could, in principle, imagine working with you at a later date, we will ask you in a separate letter for your consent to a long-term storage of your application documents.
In the event that you have given us your consent to data processing (e.g. in the context of sending the newsletter or registering for a webinar), we will store your data until your consent is revoked, unless there is no other legal basis for processing.
ARE DATA ALSO TRANSMITTED TO RECIPIENTS OUTSIDE THE EUROPEAN UNION OR OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)?
We share personal information with contractors located in non-EEA countries. In this case, we ensure that the recipient offers an adequate level of data protection (e.g. according to an EU Commission decision on suitability for the respective country, self-certification by the recipient for the EU-US Privacy Shield or agreement of the EU with the recipient of so-called EU Standard Contract Clauses) or sufficient consent has been obtained.
We can provide you with an overview of the recipients in third countries and a copy of the specifically-agreed regulations to ensure the appropriate level of data protection. Please use the information in the Contact section.
WHAT RIGHTS DO I HAVE?
In accordance with the GDPR, you have the right to information, correction, transferability and deletion of your data.
If data processing is justified by our legitimate interests, you have the right to object to data processing in the future, unless the data is absolutely necessary for the operation of the websites (in particular, for log files).
Your right of appeal to a supervisory authority: Without prejudice to the rights set out above, you have the right of appeal to a supervisory authority, in particular in the Member State where you are resident, working or where the suspected infringement took place, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
For information and suggestions relating to data protection, please contact our data protection officer at email@example.com and we will be happy to help you.
10119 Berlin, Germany