Skip to content
Close
en
de
Book a demo
en
de
Book a demo
About us
Certifications
Career
Newsroom
Events
Whitepaper

Data protection

Any collection, use, storage, deletion or other utilization (hereinafter referred to as “processing”) of data is solely for the purpose of providing our services. Our services are designed with the aim of using as little personal data as possible. "Personal data" (hereinafter also referred to as “data”) refers to any information relating to an identified or identifiable natural person (so-called “data subject”). The following information on data protection describes what types of personal data are processed when accessing our website, what happens with this personal data, and how you can, if applicable, object to the processing of your data.
TABLE OF CONTENTS
loading...

1. General Information on Data Processing on this Website

1.1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
CSP Intelligence GmbH
Address: Herrenäckerstraße 11, 94431 Pilsting/Großköllnbach
Phone: +49 9953 3006-0
Email: info@csp-sw.de
Website: https://www.csp-sw.de/

1.2. Data Protection Officer
The Data Protection Officer is:
Kemal Webersohn from WS Datenschutz GmbH
For questions regarding data protection, you can contact WS Datenschutz GmbH at the following email address: csp@ws-datenschutz.de
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
https://webersohnundscholtz.de

1.3. Protection of Your Data
We have taken technical and organizational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers working on our behalf.
When we work with other companies to provide our services, such as email or server providers, this only occurs after a thorough selection process. During this process, each service provider is carefully evaluated for its suitability in terms of technical and organizational data protection capabilities. This selection process is documented in writing, and a contract for data processing on behalf (processing agreement) pursuant to Art. 28(3) GDPR is only concluded if it meets the requirements of Art. 28 GDPR.
Your data is stored on specially protected servers. Access is only possible for a few specially authorized persons.
Our website is SSL/TLS encrypted, which you can recognize by the “https://” at the beginning of the URL.

1.4. Deletion of Personal Data
We process personal data only for as long as necessary. Once the purpose of data processing has been fulfilled, blocking and deletion will take place in accordance with our local deletion policy, unless legal regulations prevent deletion.

2. Data Processing on This Website and Creation of Log Files

2.1. Description and Scope of Data Processing
When you visit our website, our web servers temporarily store each access in a log file. The following personal data is collected and stored until automated deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Message whether the retrieval was successful
  • Identification data of the browser and operating system used
  • Website from which the access originated
  • Name of your internet service provider

In addition to this personal data, further personal data may be collected by us and our partners, as described below.

2.2. Legal Basis for Data Processing
The processing of this data is based on Article 6(1) sentence 1 lit. f) GDPR. Our legitimate interest lies in providing you with access to our website.

2.3. Purpose of Data Processing
The purpose of data processing is to enable the use of the website (connection setup). It serves system security, technical administration of the network infrastructure, and optimization of the web offering. The IP address is only evaluated in the event of attacks on our network infrastructure or that of our internet provider.

2.4. Duration of Data Storage
The data is deleted as soon as the purpose of processing has been fulfilled and no legal or contractual provisions oppose deletion.

2.5. Possibility of Objection by the Data Subject
In addition to the right of access, you also have the right to correction, deletion, blocking, and data portability regarding the personal data stored about you.
Furthermore, you can object to this processing at any time either with us or with the Data Protection Officer of 1&1.
If you wish to exercise any of these rights, you can contact the Data Protection Officer of 1&1 at the address mentioned above or send an email to: datenschutz@ionos.de

2.6. Hosting Provider
Our web offering uses the services of the hosting provider 1&1. Data processing is carried out by:
1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
For more information, please refer to the 1&1 privacy policy: https://www.ionos.de/terms-gtc/terms-privacy/

3. Use of Cookies

3.1. Description and Scope of Data Processing
Our website uses cookies. These are stored on your device when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using. They allow certain information to be transmitted to us or to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer.
We use cookies to analyze the use of our website in an anonymized or pseudonymized form and to present you with relevant offers on this website. Various data can be transmitted in this way:

  • Your anonymized IP address
  • Browser user agent
  • URL of the consent page
  • Date and time of consent
  • Unique, encrypted key

When accessing the website, a cookie banner informs users about the use of cookies and refers to this privacy policy.

3.2. Legal Basis for Data Processing
The legal basis for the processing of data by cookies that do not serve solely the functionality of our website is Article 6(1) sentence 1 lit. a) GDPR.
The legal basis for the processing of data by cookies that are solely necessary for the functionality of this website is Article 6(1) sentence 1 lit. f) GDPR.

3.3. Purpose of Data Processing
Our legitimate interest arises from ensuring a smooth connection setup, a user-friendly website experience, and for reasons of system security and stability analysis. Data processing is also carried out to enable statistical analysis of website usage.

3.4. Duration of Data Storage
There are two types of cookies used on this website:

  • Transient cookies (see a)
  • Persistent cookies (see b)

a) Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. Session cookies store a so-called session ID, which allows different requests from your browser to be assigned to the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.

3.5. Possibility of Objection by the Data Subject
You may withdraw your consent to the processing of data by cookies that do not serve solely the functionality of the website at any time.
In addition, we only set such cookies after you have agreed to their use when accessing the site. In this way, you can prevent data processing via cookies on our website.

You can also delete cookies at any time in your browser’s security settings. Please note that you may not be able to use all functions of this website. You can also prevent cookies from being set by adjusting the settings in your internet browser accordingly.

4. Contact

4.1. Description and Scope of Data Processing
It is possible to contact us via email through our website (info@csp-sw.de, support.ipm@csp-sw.de, support.ipmp@csp-sw.de, support.qs-torque@csp-sw.de, support.chronos@csp-sw.de). Various data is required to respond to your inquiry, which will be automatically stored for processing purposes.
Your data will not be passed on to third parties.

4.2. Legal Basis for Data Processing
The legal basis used here is Article 6(1) sentence 1 lit. b) GDPR.

4.3. Purpose of Data Processing
We process your data solely to handle your contact request.

4.4. Duration of Data Storage
Your data will be deleted as soon as the purpose of data processing has been fulfilled, usually immediately after the inquiry has been answered. In rare cases, we may retain your data for a longer period, which may result from legal, regulatory, or contractual obligations.

4.5. Possibility of Objection by the Data Subject
You may contact us at any time and object to the further processing of your data. In this case, we will no longer be able to continue communication with you. All personal data processed by us in the course of contacting you will be deleted unless legal retention obligations prevent such deletion.

5. CSP Service Desk

5.1. Description and Scope of Data Processing
On our website, under the Support & Service section, it is possible to create a ticket in our Service Management system as part of contacting us. We use the services of Atlassian for this purpose.
Data processing is carried out by: Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia.
A link is provided that redirects you to a different page operated by Atlassian. On this page, you can log in to the CSP Service Desk and submit your support request.
The following data is necessarily collected:

  • Email address

For more information on data protection at Atlassian, please see:
https://www.atlassian.com/de/legal/privacy-policy

5.2. Legal Basis for Data Processing
The legal basis used here is Article 6(1) sentence 1 lit. b) GDPR.

5.3. Purpose of Data Processing
The data is processed to enable contact and to handle your inquiry.

5.4. Duration of Data Storage
Your data will be deleted as soon as the purpose of data processing has been fulfilled, usually immediately after the inquiry has been answered. In rare cases, we may retain your data for a longer period due to legal, regulatory, or contractual obligations.

5.5. Possibility of Objection by the Data Subject
You may contact us at any time and object to the further processing of your data. All personal data processed during the course of contact will be deleted unless legal retention obligations prevent deletion.
You also have the option to contact us via the email addresses listed on our website if you prefer not to use our Service Desk.

6. Data Processing in the Context of Applications

6.1. Description and Scope of Data Processing
It is possible to apply for a position with us via an application form on our website. For this purpose, personal data is processed and stored for further use in the respective application process. If the application form is used, we process the following data:

  • First name
  • Last name
  • Gender
  • Email address
  • Telephone number
  • Salary expectations
  • Application documents (CV)

You may also voluntarily provide the following information:

  • Xing, LinkedIn, GitHub account
  • Additional documents (cover letter, references, certificates, others)

6.2. Legal Basis for Data Processing
The legal bases for data processing are Article 88 GDPR and § 26 BDSG (Federal Data Protection Act, Germany).

6.3. Purpose of Data Processing
We process your data exclusively for the purpose of conducting the application process.

6.4. Duration of Data Storage
If the application leads to the establishment of an employment relationship, the personal data will be stored in accordance with legal regulations.
If the application is not considered in the selection process, it will be deleted according to our internal deletion policy, taking into account the provisions of the General Equal Treatment Act (AGG), in particular the burden of proof under § 22 AGG.
This does not apply if legal regulations prevent deletion or you have consented to longer storage. In that case, continued storage of your personal data is based on Article 6(1) sentence 1 lit. c) or lit. a) GDPR.

6.5. Possibility of Objection by the Data Subject
You may contact us at any time and object to the further processing of your data. All personal data processed by us in the course of the application process will then be deleted, unless legal obligations to retain the data prevent deletion.

6.6. Personio
6.6.1. Description and Scope of Data Processing
Our careers page is operated using the HR and applicant management software Personio, provided by:
Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

The data you submit as part of your application is transmitted via TLS encryption and stored in a database. We, as the controller conducting the online application process, are solely responsible for this data. Personio acts only as the software provider and operator of the recruiting site and, in this context, as a data processor in accordance with Article 28 GDPR.
A data processing agreement has been concluded with Personio. Additionally, Personio GmbH processes further data necessary to provide its services, especially for operating this recruiting site, which may include personal data. The following data is processed by Personio:

  • Access logs (server logs)
  • Error logs
  • Cookies

If you fill out the application form, we additionally process the following data:

  • First and last name
  • Email address
  • Telephone number
  • Salary expectations
  • Gender
  • CV
  • Personal cover letter
  • Additional personal documents

For more information about data protection at Personio, please visit: https://www.personio.de/datenschutzerklaerung.
If you have questions about data protection at Personio, you may contact them at: datenschutz@personio.de

6.6.2. Legal Basis for Data Processing
The legal bases for data processing are Article 88 GDPR and § 26 BDSG.
The legal basis for using Personio is our legitimate interest in providing an online application process, pursuant to Article 6(1) sentence 1 lit. f) GDPR.

6.6.3. Purpose of Data Processing
We process your data solely for the purpose of conducting the application process.
Personio processes the data to provide the online application process and to optimize recruitment procedures.

6.6.4. Duration of Data Storage
If the application leads to the establishment of an employment relationship, the personal data will be stored in accordance with legal regulations.
If the application is not considered in the selection process, it will be deleted according to our internal deletion policy, taking into account the provisions of the AGG, especially the burden of proof under § 22 AGG.
This does not apply if legal regulations prevent deletion or you have consented to longer storage. In that case, continued storage of your personal data is based on Article 6(1) sentence 1 lit. c) or lit. a) GDPR.

6.6.5. Possibility of Objection by the Data Subject
You may contact us at any time and object to the further processing of your data. All personal data processed by us in the course of the application process will then be deleted, unless legal retention obligations prevent deletion.

7. Newsletter

7.1. Description and Scope of Data Processing
We offer the option to subscribe to our newsletter via our website. When ordering the newsletter, the entry of personal data is required. This includes the data requested in the newsletter subscription form. Fields marked with an asterisk (“*”) are mandatory:

  • Salutation
  • Last name
  • Email address
  • Area of interest

These mandatory fields are necessary to send you the newsletter.
You may also voluntarily provide the following information:

  • Company

The newsletter is sent via email and only after you have successfully registered. To comply with the GDPR, we use the so-called Double Opt-In (DOI) procedure.
If you sign up for our newsletter, you will receive a confirmation email at the email address you provided. This email contains a confirmation link, which you must click to complete your registration. After this procedure, your newsletter subscription is successfully activated.
To implement this process, we store the IP address, date, and time of registration to prevent abuse. Data is generally not shared with third parties.

7.2. Legal Basis for Data Processing
The legal basis for processing the data is your consent in accordance with Article 6(1) sentence 1 lit. a) GDPR.
Existing customers may receive newsletters from us even without explicit consent. This is done strictly within the narrow boundaries of § 7(3) of the German Unfair Competition Act (UWG), interpreted in light of Article 95 GDPR and reflective of Article 6(1) sentence 1 lit. f) GDPR. Our legitimate interest lies in informing existing customers about our products via marketing emails and maintaining customer relationships.

7.3. Purpose of Data Processing
The purpose of the newsletter is to regularly inform you about our offers and news.

7.4. Duration of Data Storage
We process your data only as long as it is necessary for fulfilling the intended purpose and no legal or regulatory retention obligations prevent deletion.

7.5. Possibility of Objection by the Data Subject
You may revoke your consent to the processing of personal data in connection with the newsletter subscription at any time. You can do this by clicking the unsubscribe link provided in every newsletter or by informing us of your revocation through another method.

7.6. Email Delivery Service Provider CleverReach
7.6.1. Description and Scope of Data Processing
We use the email delivery service provider CleverReach.
Data processing is carried out by:
CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.

The email addresses of our newsletter recipients and the additional data described in this policy are stored on CleverReach’s servers. CleverReach uses this information to send and analyze newsletters on our behalf.
The newsletters contain a so-called “web beacon,” a tiny invisible graphic that is retrieved from CleverReach’s server when the newsletter is opened. During this retrieval, information such as your system data, IP address, and the time of retrieval is collected.
Statistical data includes whether newsletters are opened, how often, and which links are clicked. Technically, this information can be linked to individual newsletter recipients, but it is neither our intention nor CleverReach’s to monitor individual users.

You can find more information in CleverReach’s privacy policy:
https://www.cleverreach.com/de/datenschutz/

7.6.2. Legal Basis for Data Processing
The data processing by CleverReach is based on your consent in accordance with Article 6(1) sentence 1 lit. a) GDPR.

7.6.3. Purpose of Data Processing
We use CleverReach as our email delivery service to ensure efficient email distribution.

7.6.4. Duration of Data Storage
The data is deleted once the purpose of the data processing has been fulfilled and no administrative, contractual, or legal retention obligations prevent deletion.

7.6.5. Possibility of Objection by the Data Subject
You may withdraw your consent to receive the newsletter at any time. Please contact our Data Protection Officer for this purpose. You can also use the “opt-out” link at the bottom of each email, which will result in the deletion of your email address from our mailing list and cessation of further processing of your personal data by CleverReach.

7.7. HubSpot
7.7.1. Description and Scope of Data Processing
We use HubSpot, a service provided by HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA, for newsletter registration and distribution via our website.
When using a HubSpot form, the following personal data is processed:

  • Your IP address
  • Browser user agent
  • URL of the webpage where the form is used
  • Date and time of form usage
  • The data you enter in the form (e.g., name, email address, message)
  • A unique, encrypted identification key
  • Area of interest (IPM, PG, CHRONOS, QS-TORQUE, Consulting)
  • Company name (if provided)

The data is stored on HubSpot servers, which are usually located in the EU (e.g., Frankfurt). However, it cannot be ruled out that data may also be transferred to the USA.
HubSpot is certified under the EU-U.S. Data Privacy Framework.

Further information about data processing by HubSpot can be found at:
https://legal.hubspot.com/de/privacy-policy

7.7.2. Legal Basis for Data Processing
The data is processed either on the basis of Article 6(1) sentence 1 lit. a) GDPR (consent), for example, if you have explicitly agreed to receive our newsletter,
or on the basis of Article 6(1) sentence 1 lit. f) GDPR (legitimate interest), when using our contact form.
Our legitimate interest lies in efficient and user-friendly communication and registration processes.

7.7.3. Purpose of Data Processing
We use HubSpot as our email delivery service provider to ensure effective distribution of emails.

7.7.4. Duration of Data Storage
Data is stored only as long as necessary to achieve the intended purpose or as long as legal retention obligations require.

7.7.5. Possibility of Objection by the Data Subject
You may withdraw your consent to the processing of your personal data in the context of newsletter subscription at any time.
To do so, you can click the unsubscribe link included in every newsletter or inform us of your withdrawal through another method.

8. Social Media Links

We have integrated links to social media platforms into our services, which may result in the respective social media providers receiving data from you. If you click on a social media link, the website of the respective social media provider will be accessed. When this happens, the respective provider receives information that you visited our website through the reference data transmitted during the request.

Notice on Data Processing in the USA:
If you click on a social media link, your data may be processed in the United States by the respective provider. According to the European Court of Justice, the level of data protection in the U.S. is inadequate, and there is a risk that your data may be processed by U.S. authorities for surveillance purposes, possibly without the possibility of legal recourse. If you do not click on the social media links, no data will be transferred.

Further information on data processing by the social media providers can be found here:

9. Social Media Plugins

We have integrated social media platforms on our website using so-called “social plugins,” which may result in these platforms receiving your data. The details are explained below.

9.1. Instagram
9.1.1. Description and Scope of Data Processing
We have integrated Instagram services into this website. Jointly responsible for data processing with us is:
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA, as a product of Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.

If you click the Instagram button, the Instagram website is opened. When you access Instagram via our website, reference data is transmitted from us to Instagram. This informs Instagram that you visited our website.
If you are logged into your Instagram account while visiting our site, Instagram may receive additional information, such as which pages you visited. This theoretically allows the information to be associated with your Instagram account.
For more information, please refer to Instagram’s privacy policy:
https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/

9.1.2. Legal Basis for Data Processing
The data processing is based on your consent in accordance with Article 6(1) sentence 1 lit. a) GDPR.

9.1.3. Purpose of Data Processing
We use social media to increase awareness of our company and to allow you to interact with our social media channels via our website.

9.1.4. Duration of Data Storage
According to Meta, data processed through plugins is deleted after 90 days. After this period, the data is anonymized so that it can no longer be associated with you. This also applies, to the best of our knowledge, to data processed through Instagram plugins.

9.1.5. Possibility of Objection by the Data Subject
You may revoke your consent to data processing at any time. Please contact our Data Protection Officer for this purpose.
To prevent Instagram from processing your data, you can log out of Instagram before visiting our website and delete all cookies from your browser history.
You can also adjust your preferences and opt out of data use for advertising within your Instagram profile settings or via Instagram’s U.S. or EU pages. These settings are platform-independent and apply across all your devices.

9.2. Juicer
9.2.1. Description and Scope of Data Processing
Juicer is used to embed and aggregate social media content on our website. When a page with a Juicer feed is accessed, a connection is established with the servers of Juicer Inc., 1515 7th Street, #424, Santa Monica, CA 90403, USA. The following data is processed:

  • Your IP address
  • Browser user agent
  • URL of the accessed website
  • Date and time of access
  • Referrer information (if applicable)

Juicer processes this data on our behalf to display publicly available content from our social media channels.
For more information on data processing, see: https://www.juicer.io/privacy

9.2.2. Legal Basis for Data Processing
The data processing is based on Article 6(1) sentence 1 lit. a) GDPR.

9.2.3. Purpose of Data Processing
The purpose aligns with our legitimate interest in a user-friendly, centralized presentation of our social media content on our website and improved communication with our users.

9.2.4. Duration of Data Storage
Data is stored only as long as necessary for displaying the content and maintaining system stability, unless legal requirements mandate longer retention.

9.2.5. Possibility of Objection by the Data Subject
You may withdraw your consent to the use of Juicer at any time via Cookiebot by deleting the relevant cookie (“CookieConsent” or “CookieConsentBulkTicket”) or changing your consent preferences via the cookie banner.
You may also contact us directly to request deletion of your transmitted data.

10. Trackers and Analytics Tools

To continuously improve our website offering, we use the following analytics tools. Below, you will find information about which data is processed and how you can contact the respective service providers:

10.1. Google Analytics
10.1.1. Description and Scope of Data Processing
Our website uses Google Analytics, a service provided by Google LLC (“Google”) that analyzes website access and helps us improve our web offering. Data processing for the European Economic Area and Switzerland is carried out by:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies allow us to analyze how you use our website. The information collected via these cookies includes:

  • IP address
  • Time of access
  • Duration of access

This data is transferred to a Google server in the USA and stored there. The evaluation of your activities on our website is provided to us in the form of reports. Google may transmit the collected information to third parties if required by law or if third parties process the data on Google's behalf.

The Google tracking codes on our website use the function _anonymizeIp(), which ensures that IP addresses are processed in truncated form only. This prevents direct personal reference.
For more information on the terms of use and data protection of Google Analytics, please visit:

10.1.2. Legal Basis for Data Processing
The legal basis for processing personal data is your consent pursuant to Article 6(1) sentence 1 lit. a) GDPR.

10.1.3. Purpose of Data Processing
The processing of your personal data allows us to analyze your browsing behavior. The evaluation helps us to better understand how individual components of our website are used, which in turn enables us to continuously improve the website and its user-friendliness.

10.1.4. Duration of Data Storage
The data will be deleted 14 months after your last visit to our website.

10.1.5. Possibility of Objection by the Data Subject
You may revoke your consent to data processing at any time with future effect. Please contact our Data Protection Officer for this purpose.
You can also prevent the installation of Google Analytics cookies through your browser settings. However, this may result in limited functionality of our website.
Additionally, Google Analytics can be deactivated and controlled via browser extensions, such as:
http://tools.google.com/dlpage/gaoptout?hl=de

 

11. Other Third-Party Tools

We also use third-party providers that help us display the site and ensure its functionality. These providers are listed below:

11.1. Self-Hosted Google Web Fonts
11.1.1. Description and Scope of Data Processing
We use web fonts on our website to ensure consistent font display. When you access a page, your browser loads the required web fonts into its cache to correctly display texts and fonts.
We have embedded these web fonts locally on our server, so Google does not receive information about your IP address or that you visited our website.
If your browser does not support web fonts, a default font from your computer will be used instead.

11.1.2. Legal Basis for Data Processing
The legal basis is our legitimate interest according to Article 6(1) sentence 1 lit. f) GDPR.

11.1.3. Purpose of Data Processing
The purpose is to provide a visually appealing and user-friendly website by ensuring consistent font rendering across all devices.

11.1.4. Duration of Data Storage
No data is stored.

11.1.5. Possibility of Objection by the Data Subject
You can configure your browser to disable web fonts. In that case, your device will use a default system font instead.

12. Data Transfer to a Third Country

To provide our services, we rely on the support of service providers located both within the European Economic Area (EEA) and in third countries. To ensure the protection of your personal data in the event of data transfer to a third country, we conclude specific data processing agreements with each carefully selected service provider.

All service providers we use have sufficient evidence that they guarantee data security through appropriate technical and organizational measures. Our service providers based in third countries are either:

  • located in countries with an adequate level of data protection recognized by the European Commission (Article 45 GDPR), or
  • have implemented appropriate safeguards (Article 46 GDPR).

Adequate level of protection: The provider is based in a country whose data protection level has been officially recognized by the EU Commission. More information can be found here:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

EU Standard Contractual Clauses: The provider has adopted the EU Standard Contractual Clauses to ensure secure data transfers. For more information, see:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: Article 47 GDPR allows for data protection to be ensured through binding internal corporate rules when transferring data to a third country. These are reviewed and approved by the competent supervisory authorities under the consistency mechanism outlined in Article 63 GDPR.

Consent: A data transfer to a third country without an adequate level of protection will only take place if you have given your explicit consent under Article 49(1)(a) GDPR, or if another exception under Article 49 GDPR applies.

12.1. Kununu
12.1.1. Description and Scope of Data Processing
We have integrated Kununu ratings (a service provided by New Work SE, Am Strandkai 1, 20457 Hamburg) into our website in order to display employer reviews directly on our site.
When you visit a page with an embedded Kununu widget or link, the following data may be transmitted to Kununu:

  • Your IP address
  • Browser user agent
  • URL of the webpage on which the widget is embedded
  • Date and time of access
  • Referrer URL (if applicable)

The integration may also allow Kununu to set cookies or access existing ones. This processing is carried out directly by Kununu and is their sole responsibility.
For more information on data processing, visit:
https://privacy.xing.com/de/datenschutzerklaerung

12.1.2. Legal Basis for Data Processing
The legal basis for data processing is your consent under Article 6(1) sentence 1 lit. a) GDPR.

12.1.3. Purpose of Data Processing
The purpose aligns with our legitimate interest in the transparent presentation of employer ratings provided by our employees or applicants, as well as improving the user experience on our website.

12.1.4. Duration of Data Storage
Data is stored only as long as necessary to display Kununu content.
For more information on the duration of data storage, please refer to Kununu/New Work SE’s privacy policy:
https://privacy.xing.com/de/datenschutzerklaerung

12.1.5. Possibility of Objection by the Data Subject
You can withdraw your consent given via Cookiebot to display Kununu content at any time by deleting the relevant cookies or adjusting your preferences via the consent banner.
Additionally, you may contact us directly to request deletion of any data you have submitted.

13. Your Rights

You have the following rights with regard to your personal data:

13.1. Right to Withdraw Consent (cf. Art. 7 GDPR)
If you have given your consent to the processing of your data, you may withdraw it at any time. Such withdrawal affects the lawfulness of processing your personal data for the future, from the moment you notify us.
You may withdraw your consent orally (including by phone) or in writing via mail or email.

13.2. Right of Access (cf. Art. 15 GDPR)
In the case of an access request, you must provide sufficient proof of your identity and demonstrate that the data concerns you. The information provided will include:

  • The purposes of the data processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom your personal data has been or will be disclosed
  • The intended duration of storage or, if not determinable, the criteria for setting that duration
  • The existence of rights to rectification or erasure, to restriction of processing by the controller, or to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • All available information about the origin of the data if the personal data was not collected from the data subject
  • The existence of automated decision-making, including profiling, under Art. 22(1) and (4) GDPR, and—at least in those cases—meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

13.3. Right to Rectification or Erasure (cf. Art. 16, 17 GDPR)
You have the right to request the rectification and/or completion of your personal data if it is inaccurate or incomplete. We will carry out such rectification without undue delay.
You may also request the erasure of your personal data if one of the following grounds applies:

  • The data is no longer necessary for the purposes for which it was collected or otherwise processed
  • You withdraw your consent on which the processing was based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for processing
  • You object to processing under Art. 21(1) GDPR and there are no overriding legitimate grounds, or you object under Art. 21(2) GDPR
  • The data has been unlawfully processed
  • The erasure is required to fulfill a legal obligation under Union or Member State law to which the controller is subject
  • The data was collected in relation to services offered by the information society pursuant to Art. 8(1) GDPR

If we have made the data public and are obliged to delete it under Art. 17(1) GDPR, we will take reasonable steps to inform other controllers processing the personal data that you have requested deletion of all links, copies, or replications of the data.

The right to erasure does not apply if the processing is necessary:

  • For exercising the right of freedom of expression and information
  • For compliance with a legal obligation or the performance of a task carried out in the public interest or in the exercise of official authority
  • For reasons of public interest in the area of public health under Art. 9(2)(h) and (i) and Art. 9(3) GDPR
  • For archiving purposes in the public interest, scientific or historical research, or statistical purposes under Art. 89(1) GDPR, if the right would seriously impair those objectives
  • For the establishment, exercise, or defense of legal claims

13.4. Right to Restriction of Processing (cf. Art. 18 GDPR)
You have the right to request the restriction of processing of your personal data if:

  • You contest the accuracy of the data for a period enabling us to verify it
  • The processing is unlawful and you oppose the erasure and request restriction instead
  • We no longer need the data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims
  • You have objected under Art. 21(1) GDPR and a decision is pending on whether our legitimate grounds override yours

If processing has been restricted, your data may only be processed—aside from storage—with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another person, or for important public interest reasons of the Union or a Member State.

We will inform you before lifting any restriction on processing.

13.5. Right to Notification (cf. Art. 19 GDPR)
If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients of your data of these actions, unless this proves impossible or involves disproportionate effort.
You also have the right to be informed about these recipients.

13.6. Right to Data Portability (cf. Art. 20 GDPR)
You have the right to receive your personal data in a commonly used, machine-readable format and transmit it to another controller, provided that:

  • The processing is based on your consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR, or on a contract under Art. 6(1)(b) GDPR, and
  • The processing is carried out by automated means

You may also request that we transfer the data directly to another controller, where technically feasible.
This right does not apply where processing is necessary for performing a task carried out in the public interest or in the exercise of official authority.

13.7. Right to Object to Processing (cf. Art. 21 GDPR)
If we process your personal data on the basis of a legitimate interest under Art. 6(1)(f) GDPR—or under Art. 6(1)(e) GDPR—you have the right to object to such processing.
When exercising your objection, please state your reasons why we should not process your data as described. If your objection is justified, we will review the situation and either cease or adjust processing, or demonstrate compelling legitimate grounds for continuing it.

13.8. Right to Lodge a Complaint with a Supervisory Authority (cf. Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority—particularly in the Member State of your residence, workplace, or the place of the alleged infringement—if you believe that the processing of your personal data violates the GDPR.
The supervisory authority will inform you of the progress and outcome of the complaint, including the possibility of judicial remedy under Art. 78 GDPR.

14. How to Exercise These Rights

To exercise these rights, please contact our Data Protection Officer:

Kemal Webersohn
WS Datenschutz GmbH
Email: csp@ws-datenschutz.de
or by mail:
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
Germany

15. Right to Amend

We reserve the right to amend this Privacy Policy in compliance with applicable legal regulations.