Privacy Policy
In this privacy policy, we inform you about the processing of personal data when using our website. Personal data is information that relates to an identified or identifiable person. This includes, in particular, details that allow conclusions to be drawn about your identity, such as your name, your telephone number, your address, or email address. Statistical data that we collect, for example, during a visit to our website and that cannot be linked to you, do not fall under the definition of personal data.
1. Person responsible and contact
Contact person and so-called responsible party for the processing of your personal data when visiting this website in the sense of the General Data Protection Regulation (GDPR) is the
Bridgemaker GmbH
Linienstraße 86
10119 Berlin
Email: privacy@bridgemaker.com
For all questions regarding data protection in connection with our products and services or the use of our website, you can also contact our data protection officer at any time. He/She can be reached at the above postal address as well as at the email address provided earlier (Keyword: “to the attention of the data protection officer”). We expressly point out that when using this email address, the contents are not exclusively noticed by our data protection officer. If you wish to exchange confidential information, please initially request direct contact via this email address.
2. Data processing on our website
2.1 Accessing our website / Connection data
When you use our website (which is displayed via Framer), we process connection data that your browser automatically transmits to enable your visit to the website. This connection data includes the so-called HTTP header information, including the user agent, and particularly includes:
IP address of the requesting device;
Method (e.g., GET, POST), date and time of the request;
Address of the requested website and path of the requested file;
if applicable, the previously requested website/file (HTTP referrer);
Information about the browser and operating system used;
Version of the HTTP protocol, HTTP status code, size of the delivered file;
Request information such as language, type of content, content encoding, character sets;
Cookies stored on the device for the requested domain.
Processing this connection data is necessary to enable the visit to the website, ensure the continuous functionality and security of our systems, and to generally maintain our website administratively. The connection data is also temporarily stored in internal log files for the aforementioned purposes, restricted to the absolute minimum content needed, to identify and address the cause in the event of repeated accesses or accesses with criminal intent that threaten the stability and security of our website. The legal basis for this processing is Article 6(1)(b) GDPR, provided that the page view occurs in the context of the initiation or execution of a contract, and otherwise Article 6(1)(f) GDPR due to our legitimate interest in enabling the website access as well as ensuring the continuous functionality and security of our systems. However, the automatic transmission of connection data and the resulting log files does not constitute access to the information on the device in the sense of the implementation laws of the ePrivacy Directive of EU member states, in Germany § 25 TTDSG. Moreover, it would be absolutely necessary anyway. The log files are stored and subsequently anonymized. Exceptionally, individual log files and IP addresses are retained for a longer period to prevent further attacks from this IP address in the event of cyber-attacks and/or to pursue legal action against the attackers.
3. Datenverarbeitung auf unserer Website
2.2 Contact
Every time you use our website (which is displayed via Framer), we process connection data that your browser automatically transmits in order to enable your visit to the website. This connection data includes so-called HTTP header information, including the user agent, and specifically includes:
IP address of the requesting device;
Method (e.g., GET, POST), date and time of the request;
Address of the requested website and path of the requested file;
possibly the previously accessed website/file (HTTP referer);
Information about the browser and operating system used;
Version of the HTTP protocol, HTTP status code, size of the delivered file;
Request information such as language, type of content, encoding of content, character sets;
cookies stored on the device for the requested domain.
Processing this connection data is necessary to allow the visit to the website, to ensure the long-term functionality and security of our systems, and to generally maintain our website administratively. The connection data is also temporarily and content-wise limited to the essentials in internal log files for the purposes described above, to find the cause and take action in the event of repeated calls or calls with criminal intent, which jeopardize the stability and security of our website. The legal basis for this processing is Art. 6 Para. 1 lit. b GDPR, provided that the page view occurs in the context of establishing or executing a contract, and otherwise Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in enabling the website access and the long-term functionality and security of our systems. However, the automatic transmission of the connection data and the resulting log files do not constitute access to information on the end device as understood by the implementation laws of the ePrivacy directive of EU member states, in Germany § 25 TTDSG. Nevertheless, it would be absolutely necessary in any case. The log files are stored and subsequently anonymized. Exceptionally, individual log files and IP addresses are retained for longer to prevent further attacks from this IP address in the case of cyber attacks and/or to take action against the attackers through criminal prosecution.
2.3 Use of ChatGPT in the provision of the Business Model – AI service
If you want to use our artificial intelligence offer to find answers to your business problem, your data, as described in 2.2.2, will be processed in the ChatGPT Business tool. For this purpose, data is forwarded to the service provider OpenAI, which is offered to individuals from the European Economic Area and Switzerland by OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, and to all other individuals by OpenAI, L.L.C., 3180 18th Street, San Francisco, California 94110, USA. For more information about the ChatGPT Business tool used, please find it here: https://openai.com/de/policies/eu-terms-of-use and https://openai.com/enterprise-privacy. Please note that the ChatGPT tool provided by the service provider OpenAI is an artificial intelligence. However, with the Business version of the tool that we use, any training of the tool with your data is prohibited. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, as far as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR, to facilitate the provision of the service. We will only contact you for advertising purposes if you have given your consent for this. The data will be stored by ChatGPT until the purposes are achieved and no (legal) retention periods stand in the way.
2.4 Applications
You can apply for open positions through our applicant management system provided by our processor Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany), which you can access via our careers page. The purpose of data collection is to select applicants for a possible establishment of an employment relationship. For the acceptance and processing of your application, we collect the following data in particular:
First and last name;
Email address;
Phone number;
Application documents (e.g. certificates, CV);
Date of earliest possible job entry;
Salary expectations.
Mandatory fields are marked with an asterisk (*). The legal basis for processing your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. We store your personal data upon receipt of your application. If we accept your application and it leads to an employment relationship, we will store your application data for as long as it is necessary for the employment relationship and as long as legal regulations require storage. If we reject your application, we will store your application data for a maximum of six months after the rejection of your application, unless you provide us with your consent for longer storage. If you have separately given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will store your data transmitted as part of the application in our pool of applicants for another twelve months after the recruitment process has ended, in order to identify any further interesting positions for you and to possibly contact you again. After the expiration of the deadline, the data will be deleted. You can revoke this consent at any time with effect for the future.
2.4 Applications
You can apply for open positions through our applicant management system provided by our processor Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany), which you can access via our careers page. The purpose of data collection is to select applicants for a possible establishment of an employment relationship. For the acceptance and processing of your application, we collect the following data in particular:
First and last name;
Email address;
Phone number;
Application documents (e.g. certificates, CV);
Date of earliest possible job entry;
Salary expectations.
Mandatory fields are marked with an asterisk (*). The legal basis for processing your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. We store your personal data upon receipt of your application. If we accept your application and it leads to an employment relationship, we will store your application data for as long as it is necessary for the employment relationship and as long as legal regulations require storage. If we reject your application, we will store your application data for a maximum of six months after the rejection of your application, unless you provide us with your consent for longer storage. If you have separately given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will store your data transmitted as part of the application in our pool of applicants for another twelve months after the recruitment process has ended, in order to identify any further interesting positions for you and to possibly contact you again. After the expiration of the deadline, the data will be deleted. You can revoke this consent at any time with effect for the future.
3. Use of tools on the website
3.1 Technologies used
This website uses various services and applications (collectively referred to as "tools"), which are either provided by us or by third parties. These include, in particular, tools that use technologies to store or access information on the end device:
Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain, and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the set expiration date. Cookies can also be removed manually.
Web Storage (Local Storage / Session Storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, whereas information in local storage has no expiration date and remains stored as a rule, unless a deletion mechanism has been established (e.g. storage of local storage with a time entry). Information in local and session storage can also be removed manually.
JavaScript: programming codes (scripts) embedded in or called by the website, which, for example, set cookies and web storage or actively collect information from the end device or the behaviour of the visitors. JavaScript can be used for "active fingerprinting" and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, but then most services may not function properly.
Pixels: tiny graphics automatically loaded by a service, which can enable the recognition of visitors through the automatic transmission of the usual connection data (in particular IP address, information about browser, operating system, language, address accessed, and time of access) and, for example, determine the opening of an email or the visit of a website. Using pixels allows for "passive fingerprinting" and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images, such as in emails, although this will greatly limit the display.
Using these technologies and also through the simple connection established on a page, so-called "fingerprints" can be created, i.e. usage profiles that can recognize visitors even without the use of cookies or web storage. Fingerprints based on the connection cannot be completely prevented manually. Most browsers are set by default to accept cookies, to execute scripts, and to display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics, and the execution of scripts, our services will likely not function or not function smoothly. Below we list the tools we use, categorized, while informing you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage, as well as the transfer of data to third parties. It will also be explained when we obtain your voluntary consent for the use of the tools and how you can revoke this consent. Should – even with the greatest care – the information in the consent banner contradict those in this privacy policy, the information in this privacy policy shall take precedence.
3.1 Technologies used
3.1 Technologies used
This website uses various services and applications (collectively referred to as "tools"), which are either provided by us or by third parties. These include, in particular, tools that use technologies to store or access information on the end device:
Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain, and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the set expiration date. Cookies can also be removed manually.
Web Storage (Local Storage / Session Storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, whereas information in local storage has no expiration date and remains stored as a rule, unless a deletion mechanism has been established (e.g. storage of local storage with a time entry). Information in local and session storage can also be removed manually.
JavaScript: programming codes (scripts) embedded in or called by the website, which, for example, set cookies and web storage or actively collect information from the end device or the behaviour of the visitors. JavaScript can be used for "active fingerprinting" and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, but then most services may not function properly.
Pixels: tiny graphics automatically loaded by a service, which can enable the recognition of visitors through the automatic transmission of the usual connection data (in particular IP address, information about browser, operating system, language, address accessed, and time of access) and, for example, determine the opening of an email or the visit of a website. Using pixels allows for "passive fingerprinting" and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images, such as in emails, although this will greatly limit the display.
Using these technologies and also through the simple connection established on a page, so-called "fingerprints" can be created, i.e. usage profiles that can recognize visitors even without the use of cookies or web storage. Fingerprints based on the connection cannot be completely prevented manually. Most browsers are set by default to accept cookies, to execute scripts, and to display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics, and the execution of scripts, our services will likely not function or not function smoothly. Below we list the tools we use, categorized, while informing you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage, as well as the transfer of data to third parties. It will also be explained when we obtain your voluntary consent for the use of the tools and how you can revoke this consent. Should – even with the greatest care – the information in the consent banner contradict those in this privacy policy, the information in this privacy policy shall take precedence.
3.2 Legal basis and withdrawal
3.2.1 Legal Basis
3.2.2 Obtaining Your Consent
3.2.3 Withdrawal of Your Consent or Change of Your Selection
You can withdraw your consent for certain tools, that is, for the storage and access to information on the device, the processing of your personal data, and the transfer of your data to third countries, at any time with effect for the future. To do this, click the button on the right side at the end of the website. There you can also change the selection of the tools for which you wish to give consent, as well as obtain additional information about the tools used. Alternatively, you can assert your withdrawal directly with the provider of certain tools.
3.2 Legal basis and withdrawal
3.2.1 Legal Basis
We use tools necessary for the operation of the website based on our legitimate interest in accordance with Art. 6(1)(f) GDPR to provide the basic functions of our website. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6(1)(b) GDPR. Access to and storage of information on the device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the EU ePrivacy Directive of the EU member states, in Germany according to § 25(2) TTDSG. All other non-necessary (optional) tools that provide additional functions are used based on your consent in accordance with Art. 6(1)(a) GDPR. Access to and storage of information on the device then takes place on the basis of the implementation laws of the EU ePrivacy Directive of the EU member states, in Germany according to § 25(1) TTDSG. Data processing using these tools only occurs if we have previously obtained your consent for this purpose. If a transfer of personal data to third countries (such as the USA) takes place, we refer, also regarding the risks that may be involved, to section 6 ("Transfer of Data to Third Countries"). We will inform you if there is an adequacy decision for the respective third country or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the accompanying transfer of your personal data to third countries, we will transmit the data processed during the use of the tools (also) on the basis of this consent according to Art. 49(1)(a) GDPR to third countries.
3.2.2 Obtaining Your Consent
To obtain and manage your consents, we use the Cookiebot tool from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cookiebot"). This generates a banner that informs you about data processing on our website and gives you the option to consent to all, individual, or no data processing by optional tools. This banner appears on your first visit to our website and whenever you revisit your settings to change them or withdraw consents. The banner also appears on further visits to our website if you have disabled the storage of cookies or if cookies or information in the Local Storage of Cookiebot has been deleted or expired. Cookiebot receives your consents or withdrawals, your IP address, information about your browser, your device, and the time of your visit as part of your website visit. Furthermore, Cookiebot stores necessary information on your device to document your granted consents and withdrawals. The following cookies are set in this context: "CookieConsent" (1 year). The data processing by Cookiebot is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for using Cookiebot is Art. 6(1)(f) GDPR, justified by our interest in meeting the legal requirements for consent management. Access to and storage of information on the device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the EU ePrivacy Directive of the EU member states, in Germany according to § 25(2) TTDSG.3.2.3 Withdrawal of Your Consent or Change of Your Selection
You can withdraw your consent for certain tools, that is, for the storage and access to information on the device, the processing of your personal data, and the transfer of your data to third countries, at any time with effect for the future. To do this, click the button on the right side at the end of the website. There you can also change the selection of the tools for which you wish to give consent, as well as obtain additional information about the tools used. Alternatively, you can assert your withdrawal directly with the provider of certain tools.
3.1 Technologies used
3.2.1 Legal Basis
3.2.2 Obtaining Your Consent
3.2.3 Withdrawal of Your Consent or Change of Your Selection
You can withdraw your consent for certain tools, that is, for the storage and access to information on the device, the processing of your personal data, and the transfer of your data to third countries, at any time with effect for the future. To do this, click the button on the right side at the end of the website. There you can also change the selection of the tools for which you wish to give consent, as well as obtain additional information about the tools used. Alternatively, you can assert your withdrawal directly with the provider of certain tools.
3.2 Legal basis and withdrawal
Unsere Website verwendet den Dienst Google reCAPTCHA, der für Personen aus dem Europäischen Wirtschaftsraum und der Schweiz von der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland und für alle übrigen Personen von der Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (zusammen „Google") angeboten wird.
reCAPTCHA verhindert, dass automatisierte Software (sog. Bots) missbräuchliche Aktivitäten auf der Website ausführt, d. h. es wird geprüft, ob die vorgenommenen Eingaben tatsächlich von einem Menschen stammen. Hierfür setzt reCAPTCHA JavaScript ein und speichert Cookies und Informationen im Local Storage auf Ihrem Endgerät. Es werden insbesondere folgende Daten verarbeitet:
Referrer-URL (Adresse der Seite, von welcher der Besucher kam);
IP-Adresse;
von Google gesetzte Cookies;
Momentaufnahme vom Browserfenster;
Eingabeverhalten des Nutzers (z. B. Beantwortung der reCAPTCHA-Frage, Eingabegeschwindigkeit in Formularfelder, Reihenfolge der Auswahl der Eingabefelder durch den Nutzer, Anzahl der Mausklicks);
Technische Informationen: Browser-Typ, Browser-Plug-ins, Browsergröße und -auflösung, Datum, Spracheinstellung, Darstellungsanweisungen (CSS) und Skripte (JavaScript).
Hierfür können folgende Cookies von reCAPTCHA eingesetzt und ausgelesen werden:
„_GRECAPTCHA“ (6 Monate).
Darüber hinaus werden außerdem folgende Cookies eingebunden und im Local Storage gespeichert, um zwischen Menschen und Robotern zu unterscheiden:
„rc::d-15#“, „rc::a“ (permanent),
„rc::b“ (für die Dauer der Sitzung),
„rc::c“ (für die Dauer der Sitzung),
„rc::f“ (permanent).
Weiterhin liest Google die Cookies von anderen Google-Diensten wie Gmail, Search und Analytics aus. Wenn Sie diese Zuordnung zu Ihrem Google-Konto nicht wünschen, ist es erforderlich, dass Sie sich vor dem Aufruf einer Seite, bei der wir Google reCAPTCHA eingebunden haben, bei Google ausloggen.
Die genannten Daten werden verschlüsselt an Google gesendet. Googles Auswertung entscheidet darüber, in welcher Form das Captcha auf der Seite angezeigt wird. Die Verwendung von reCAPTCHA wird statistisch ausgewertet. Ihre Daten werden laut Google nicht für personalisierte Werbung verwendet.
Rechtsgrundlage ist die Erforderlichkeit zur Erfüllung eines Vertrags oder zur Durchführung vorvertraglicher Maßnahmen nach Art. 6 Abs. 1 lit. b DSGVO, etwa im Rahmen der Registrierung eines Benutzerkontos, der Nutzung eines Kontaktformulars oder des Abonnements eines Newsletters.
Im Übrigen ist die Rechtsgrundlage unser berechtigtes Interesse nach Art. 6 Abs. 1 lit. f DSGVO, wobei Google reCAPTCHA dem Schutz der IT-Sicherheit, der Gewährleistung der Stabilität unserer Website und der Verhinderung von Missbrauch dient.
Wir haben mit Google Ireland Limited einen Auftragsverarbeitungsvertrag abgeschlossen. Ihre personenbezogenen Daten können von Google Ireland Limited auch an Google LLC in den USA übertragen werden. Google LLC ist dem EU-US Data Privacy Framework beigetreten, weshalb die Übermittlung in diesem Fall auf Basis des Angemessenheitsbeschlusses für die USA gemäß Art. 45 DSGVO erfolgt. Darüber hinaus haben Google Ireland Limited und Google LLC Standardvertragsklauseln (Durchführungsbeschluss (EU) 2021/914, Modul 3) gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen.
Weitere Informationen finden Sie:
in der Datenschutzerklärung von Google: https://policies.google.com/privacy;
in den Nutzungsbedingungen von Google: https://policies.google.com/terms.
4.3.2 Google Tag Manager
Unsere Website verwendet den Dienst Google Tag Manager, der für Personen aus dem Europäischen Wirtschaftsraum und der Schweiz von der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland und für alle übrigen Personen von Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (zusammen „Google“) angeboten wird.
Der Google Tag Manager dient ausschließlich der Verwaltung von Website-Tools durch Einbindung sogenannter Website-Tags. Ein Tag ist ein Element, das im Quelltext unserer Website hinterlegt wird, um ein Tool auszuführen, etwa durch Skripte. Sofern es sich dabei um optionale Tools handelt, werden diese vom Google Tag Manager nur mit Ihrer Einwilligung eingebunden. Der Google-Tag-Manger setzt JavaScript ein und kommt grundsätzlich ohne den Einsatz von Cookies aus.
Rechtsgrundlage ist Art. 6 Abs. 1 lit. f DSGVO, beruhend auf unserem berechtigten Interesse, mehrere Tags auf unkomplizierte Art und Weise auf unserer Website einzubinden und zu verwalten.
Google erhebt zu Zwecken der Gewährleistung der Stabilität und Funktionalität im Rahmen der Verwendung des Google Tag Manager Informationen darüber, welche Tags durch unsere Website eingebunden werden. Der Google Tag Manager speichert jedoch grundsätzlich keine über den reinen Verbindungsaufbau hinausgehenden personenbezogenen Daten, insbesondere keine Daten über das Nutzungsverhalten oder die besuchten Seiten.
Wir haben mit Google Ireland Limited einen Auftragsverarbeitungsvertrag abgeschlossen. Ihre personenbezogenen Daten können von Google Ireland Limited auch an Google LLC in den USA übertragen werden. Google LLC ist dem EU-US Data Privacy Framework beigetreten, weshalb die Übermittlung in diesem Fall auf Basis des Angemessenheitsbeschlusses für die USA gemäß Art. 45 DSGVO erfolgt. Darüber hinaus haben Google Ireland Limited und Google LLC Standardvertragsklauseln (Durchführungsbeschluss (EU) 2021/914, Modul 3) gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen.
Weitere Informationen finden Sie in der Datenschutzerklärung von Google: https://support.google.com/analytics/answer/6004245.
3.3 Necessary Tools
We use certain tools to enable the basic functions of our website (“necessary tools”). This includes, for example, tools for preparing and displaying website content, for managing and integrating tools, for providing payment processing services, for fraud detection and prevention, and for ensuring the security of our website. Without these tools, we could not provide our service. Therefore, necessary tools are used without consent. The legal basis for necessary tools is the necessity to fulfill our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in providing the respective basic functions and operating our website. In cases where providing the respective website functions is necessary to fulfill a contract or to carry out pre-contractual measures, the legal basis for data processing is Art. 6 (1) lit. b GDPR. Access to and storage of information on the end device is absolutely necessary in these cases and is based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 (2) TTDSG. In case personal data is transferred to third countries (such as the USA), we refer, in addition to the information provided below, to Section 6 (“Data transfer to third countries”).
3.3.1 Google reCAPTCHA
Our website uses the Google reCAPTCHA service, which is offered for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively “Google”).
reCAPTCHA prevents automated software (so-called bots) from performing abusive activities on the website, i.e., it checks whether the inputs made actually come from a human. To do this, reCAPTCHA uses JavaScript and stores cookies and information in Local Storage on your device. Specifically, the following data is processed:
Referrer URL (address of the page from which the visitor came);
IP address;
Cookies set by Google;
Snapshot of the browser window;
User input behaviour (e.g., answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user, number of mouse clicks);
Technical information: browser type, browser plugins, browser size and resolution, date, language setting, rendering instructions (CSS), and scripts (JavaScript).
For this purpose, the following cookies may be set and read by reCAPTCHA: “_GRECAPTCHA” (6 months). In addition, the following cookies are also embedded and stored in Local Storage to distinguish between humans and robots: “rc::d-15#”, “rc::a” (permanent), “rc::b” (for the duration of the session), “rc::c” (for the duration of the session), “rc::f” (permanent). Furthermore, Google reads the cookies of other Google services like Gmail, Search, and Analytics. If you do not wish this association with your Google account, it is necessary for you to log out of Google before accessing a page where we have integrated Google reCAPTCHA. The data mentioned is transmitted to Google in encrypted form. Google’s evaluation determines how the Captcha is displayed on the site. The use of reCAPTCHA is statistically evaluated. According to Google, your data is not used for personalized advertising. The legal basis is the necessity to fulfill a contract or to carry out pre-contractual measures according to Art. 6 (1) lit. b GDPR, for example, in the context of registering a user account, using a contact form, or subscribing to a newsletter. Google reCAPTCHA serves to protect IT security, ensure the stability of our website, and prevent abuse. Part of the data may also be processed on servers in the USA. In case personal data is transferred to the USA or other third countries, this occurs based on Art. 49 (1) sentence 1 lit. b GDPR, to enable the fulfillment of a contract with you or to carry out pre-contractual measures. For more information, please refer to Section 6 (“Data transfer to third countries”).
Further information can be found:
in Google’s privacy policy: https://policies.google.com/privacy;
in Google’s terms of service: https://policies.google.com/terms
3.4 Analysis Tools
To improve our website, we use optional tools to recognize visitors as well as for the statistical collection and analysis of general usage behavior based on access data ("analytics tools"). We also use analytics services to evaluate the usage of our various marketing channels. The collected usage information is aggregated and enables us to understand the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more pleasant. The legal basis for the analytics tools is – unless otherwise specified – your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent, see 3.2.3: "Revocation of your consent or change of your selection". In the event that personal data is transferred to third countries (such as the USA), your consent explicitly also covers the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
3.4.1 Google Analytics 4
Our website then uses the service Google Analytics 4 ("Google Analytics"), which is offered for individuals from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). Google Analytics uses JavaScript and pixels to read information on your end device, as well as cookies to store information on your end device. This serves to analyze your usage behavior and improve our website. We will process the obtained information to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred to and stored on a server in the USA by Google for evaluation. In its evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of data. This is particularly for predictive metrics on future behavior of visitors based on structured event data, such as predicted revenue, purchase probability and churn probability. The predictive metrics can also be used for predictive target groups. You can learn more about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions where there is not enough data available to optimize evaluation and reports. Information on this can be found at: https://support.google.com/analytics/answer/10710245. Data evaluations are carried out automatically using artificial intelligence or based on specific individually defined criteria. More information can be found at: https://support.google.com/analytics/answer/9443595.
The following privacy settings have been made in Google Analytics:
IP anonymization (truncation of the IP address before evaluation);
Automatic deletion of old visit logs by limiting the retention period to 2 months;
No reset of the retention period with new activity;
Deactivation of the collection of exact location and position data;
Deactivation of the collection of exact device data;
Deactivated advertising function (including audience remarketing through GA Audience);
Deactivated remarketing;
Deactivated cross-device and cross-site tracking (Google Signals);
Deactivated data sharing with other Google products and services, benchmarking, technical support, account manager.
The following data is processed by Google Analytics:
IP address;
User-ID, Google-ID (Google Signals) and/or device ID;
Referrer URL (previously visited page);
Pages visited (date, time, URL, title, duration of visit);
Events and activities (e.g., scroll activity, downloaded files, clicked links to other websites, interaction with videos and forms, search queries);
if applicable, achievement of certain goals (conversions);
Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and possibly city, based on anonymized IP address).
Google Analytics sets the following cookies for the indicated purpose with the respective retention period:
"_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors through a User-ID;
"_ga_[GA-ID]" (2 years): Retention of the information of the current session;
"_gac_gb_[GA-ID]" (90 days): Storage of campaign-related information and possibly linking with Google Ads conversion tracking;
if applicable, "IDE" (390 days): Recognition and differentiation of visitors through a User-ID, capturing interactions with ads, displaying personalized ads.
For more information about cookies from Google Analytics 4, see: https://support.google.com/analytics/answer/11397207?hl=en.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementation Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. More information can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245.
3.4 Analysis Tools
To improve our website, we use optional tools to recognize visitors as well as for the statistical collection and analysis of general usage behavior based on access data ("analytics tools"). We also use analytics services to evaluate the usage of our various marketing channels. The collected usage information is aggregated and enables us to understand the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more pleasant. The legal basis for the analytics tools is – unless otherwise specified – your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent, see 3.2.3: "Revocation of your consent or change of your selection". In the event that personal data is transferred to third countries (such as the USA), your consent explicitly also covers the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
3.4.1 Google Analytics 4
Our website then uses the service Google Analytics 4 ("Google Analytics"), which is offered for individuals from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). Google Analytics uses JavaScript and pixels to read information on your end device, as well as cookies to store information on your end device. This serves to analyze your usage behavior and improve our website. We will process the obtained information to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred to and stored on a server in the USA by Google for evaluation. In its evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of data. This is particularly for predictive metrics on future behavior of visitors based on structured event data, such as predicted revenue, purchase probability and churn probability. The predictive metrics can also be used for predictive target groups. You can learn more about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions where there is not enough data available to optimize evaluation and reports. Information on this can be found at: https://support.google.com/analytics/answer/10710245. Data evaluations are carried out automatically using artificial intelligence or based on specific individually defined criteria. More information can be found at: https://support.google.com/analytics/answer/9443595.
The following privacy settings have been made in Google Analytics:
IP anonymization (truncation of the IP address before evaluation);
Automatic deletion of old visit logs by limiting the retention period to 2 months;
No reset of the retention period with new activity;
Deactivation of the collection of exact location and position data;
Deactivation of the collection of exact device data;
Deactivated advertising function (including audience remarketing through GA Audience);
Deactivated remarketing;
Deactivated cross-device and cross-site tracking (Google Signals);
Deactivated data sharing with other Google products and services, benchmarking, technical support, account manager.
The following data is processed by Google Analytics:
IP address;
User-ID, Google-ID (Google Signals) and/or device ID;
Referrer URL (previously visited page);
Pages visited (date, time, URL, title, duration of visit);
Events and activities (e.g., scroll activity, downloaded files, clicked links to other websites, interaction with videos and forms, search queries);
if applicable, achievement of certain goals (conversions);
Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and possibly city, based on anonymized IP address).
Google Analytics sets the following cookies for the indicated purpose with the respective retention period:
"_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors through a User-ID;
"_ga_[GA-ID]" (2 years): Retention of the information of the current session;
"_gac_gb_[GA-ID]" (90 days): Storage of campaign-related information and possibly linking with Google Ads conversion tracking;
if applicable, "IDE" (390 days): Recognition and differentiation of visitors through a User-ID, capturing interactions with ads, displaying personalized ads.
For more information about cookies from Google Analytics 4, see: https://support.google.com/analytics/answer/11397207?hl=en.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementation Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. More information can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245.
3.5 Marketing Tools
We also use optional tools for advertising purposes ("marketing tools"). Some of the access data generated while using our website is used to create usage profiles, which particularly store your usage behavior, the ads you viewed or clicked on, and the classification into advertising categories, interests and preferences that arise from this. By analyzing and evaluating this access data, we can present you with personalized advertising, meaning advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. In doing so, we also analyze your usage behavior to recognize you again on other pages and address you personally based on your use of our site (so-called retargeting). Furthermore, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads). Marketing tools also include optional tools from social networks that serve to share posts and content across these networks ("social media plugins"). The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you provide via the consent banner or when using the respective tool by allowing its use via an overlay banner. Access to and storage of information on the end device then occurs on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For the withdrawal of your consent, see 3.2.3: "Withdrawal of your consent or change of your selection." In the event that personal data is transferred to third countries (such as the USA), your consent expressly also extends to the data transfer (Art. 49 para. 1 lit. a GDPR). Please find the associated risks in section 6 ("Data transfer to third countries").
In the following section, we would like to explain these technologies and the providers involved in more detail. The collected data may include in particular:
the IP address of the device;
the information of a cookie and in local or session storage;
the device ID of mobile devices (e.g. device ID, advertising ID);
Referrer URL (previously visited page);
Accessed pages (date, time, URL, title, duration of stay);
Downloaded files;
Clicked links to other websites;
if applicable, achievement of specific goals (conversions);
Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and possibly city).
The collected data is, however, stored exclusively in a pseudonymous form, so that no direct conclusions can be drawn about individuals.
3.5.1 HubSpot
Our website uses services from HubSpot Ireland Limited at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("Hubspot") to incorporate cookies via "gstatic" or Google reCAPTCHA.
The following cookies are stored in local storage to distinguish between humans and robots:
"rc::d-15#" (permanent): distinction between human and robot;
"rc::a" (permanent): distinction between human and robot;
"rc::b" (for the duration of the session): distinction between human and robot;
"rc::c" (for the duration of the session): distinction between human and robot;
"rc::f" (permanent): distinction between human and robot.
Furthermore, for more information about cookies, please refer to HubSpot's website: https://knowledge.hubspot.com/de/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser and to Cloudfare's website: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device then occurs on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have entered into a data processing agreement with HubSpot. The data collected in this regard may be transferred by HubSpot to a server in the USA and stored there. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with HubSpot (Implementing Decision (EU) 2021/914, Module 2) in accordance with Art. 46 para. 2 lit. c GDPR. Additionally, we also obtain your express consent in accordance with Art. 49 para. 1 lit. a GDPR for the transfer of your data to third countries. For more information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy.
3.5.2 Typeform
Our website uses the Typeform service from Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain ("Typeform"). Typeform is used to provide engaging forms and surveys through which we collect information about you, realize email notification sign-ups, or conduct surveys on specific topics. Mandatory fields have been marked accordingly. Once you press the submit button, your data will be transmitted to us and Typeform. Typeform uses scripts that access information on your end device, as well as cookies that are stored on your end device. Your data is stored on servers in the USA.
The following data is processed by Typeform:
IP address;
Your data entered in the form;
Technical information about your device, your browser, your operating system, and your selected language;
Access information about the accessed page, the previously visited page, and the time of the visit;
Usage data through the evaluation of information, particularly from cookies and scripts.
Typeform sets and reads the following cookies:
"AWSALBTG" (7 days) and "AWSALBTGCORS" (7 days): registers which server cluster serves the visitor. This is used in conjunction with load balancing to optimize user experience;
"ld:#:$diagnostics" (permanent): Monitoring website performance for statistical purposes;
"visitorId" (2 years): maintains user status across page requests.
"cookie_support" (for the duration of the session): saves your selection of whether you accept or reject analytical cookies.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device then occurs on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have entered into a data processing agreement with Typeform. To the extent that Typeform engages processors with their registered office outside the EU or transfers or stores the data in third countries (such as the USA), Typeform has established adequate guarantees such as standard contractual clauses. Additionally, we also obtain your express consent in accordance with Art. 49 para. 1 lit. a GDPR for the transfer of your data to third countries. For more information, please refer to Typeform's privacy policy: https://admin.typeform.com/to/dwk6gt/.
4.5.1 HubSpot
Unsere Website verwendet Dienste des Anbieters HubSpot Ireland Limited in 2nd Floor 30 North Wall Quay, Dublin 1, Ireland („Hubspot“), um Cookies über "gstatic“ bzw. Google reCAPTCHA einzubinden.
Folgende Cookies werden im Local Storage gespeichert, um zwischen Menschen und Robotern zu unterscheiden:
„rc::d-15#” (permanent): Unterscheidung zwischen Mensch und Roboter;
„rc::a“ (permanent): Unterscheidung zwischen Mensch und Roboter;
„rc::b“ (für die Dauer der Sitzung): Unterscheidung zwischen Mensch und Roboter;
„rc::c“ (für die Dauer der Sitzung): Unterscheidung zwischen Mensch und Roboter;
„rc::f“ (permanent): Unterscheidung zwischen Mensch und Roboter.
Im Übrigen wird für weitergehende Informationen über Cookies auf die Website von HubSpot: https://knowledge.hubspot.com/de/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser sowie auf die von Cloudfare: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies verwiesen.
Rechtsgrundlage für diese Datenverarbeitung ist Ihre Einwilligung gemäß Art. 6 Abs. 1 lit. a DSGVO. Der Zugriff auf und die Speicherung von Informationen im Endgerät erfolgt dann auf Grundlage der Umsetzungsgesetze der ePrivacy-Richtlinie der EU-Mitgliedsländer, in Deutschland nach § 25 Abs. 1 TDDDG.
Wir haben mit HubSpot einen Auftragsverarbeitungsvertrag abgeschlossen. Ihre personenbezogenen Daten können von HubSpot Ireland Limited auch an HubSpot Inc Two Canal Park, Cambridge, MA 02141 in den USA übertragen werden. HubSpot Inc. ist dem EU-US Data Privacy Framework beigetreten, weshalb die Übermittlung in diesem Fall auf Basis des Angemessenheitsbeschlusses für die USA gemäß Art. 45 DSGVO erfolgt. Darüber hinaus haben wir mit HubSpot Inc. Standardvertragsklauseln (Durchführungsbeschluss (EU) 2021/914, Modul 2) gemäß Art. 46 Abs. 2 lit. c DSGVO abgeschlossen.
Für weitere Informationen verweisen wir auf die Datenschutzerklärung von HubSpot: https://legal.hubspot.com/privacy-policy.
4.5.2 Typeform
Unsere Website verwendet den Dienst Typeform der Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spanien („Typeform“). Typeform wird dazu genutzt, ansprechende Formulare und Umfragen bereitzustellen, über die wir beispielsweise Informationen über Sie einholen, die Anmeldung zur E-Mail-Benachrichtigung realisieren oder Umfragen zu bestimmten Themen durchführen. Pflichtfelder wurden von uns entsprechend markiert. Sobald Sie auf den Absenden-Button drücken, werden Ihre Daten an uns und Typeform übermittelt. Durch Typeform werden insbesondere Skripte, die auf Informationen in Ihrem Endgerät zugreifen, sowie Cookies, die auf Ihrem Endgerät gespeichert werden, eingesetzt. Ihre Daten werden auf Servern in den USA gespeichert.
Folgende Daten werden von Typeform verarbeitet:
IP-Adresse;
Ihre im Formular eingegebenen Daten;
Technische Informationen über Ihr Gerät, Ihren Browser, Ihr Betriebssystem und Ihre ausgewählte Sprache;
Zugriffsinformationen über die aufgerufene Seite, die zuvor besuchte Seite und den Zeitpunkt des Besuches;
Nutzungsdaten durch Auswertung der Informationen insbesondere aus Cookies und Skripten.
Durch Typeform werden folgende Cookies gesetzt und ausgelesen:
„AWSALBTG“ (7 Tage) und „AWSALBTGCORS“ (7 Tage): Registriert, welcher Server-Cluster den Besucher bedient. Dies wird im Zusammenhang mit dem Lastausgleich verwendet, um die Benutzererfahrung zu optimieren;
„ld:#:$diagnostics“ (permanent): Überwachung der Website-Leistung zu statistischen Zwecken;
„ visitorId“ (2 Jahre): Beibehaltung des Nutzerstatus‘ über Seitenanfragen hinweg.
„cookie_support“ (für die Dauer der Sitzung): Speicherung Ihrer Auswahl, ob Sie Analyse-Cookies akzeptieren oder ablehnen.
Rechtsgrundlage für diese Datenverarbeitung ist Ihre Einwilligung gemäß Art. 6 Abs. 1 lit. a DSGVO. Der Zugriff auf und die Speicherung von Informationen im Endgerät erfolgt dann auf Grundlage der Umsetzungsgesetze der ePrivacy-Richtlinie der EU-Mitgliedsländer, in Deutschland nach § 25 Abs. 1 TDDDG.
Wir haben mit Typeform einen Auftragsverarbeitungsvertrag abgeschlossen.
Weitere Informationen finden Sie in der Datenschutzerklärung von Typeform: https://admin.typeform.com/to/dwk6gt/.
4. Online presences on social networks
Wir unterhalten Onlinepräsenzen in sozialen Netzwerken, um dort unter anderem mit Kunden und Interessenten zu kommunizieren und über Neuigkeiten von Bridgemaker zu informieren.
5.1 Verarbeitung zu Werbezwecken durch die Anbieter der sozialen Netzwerke
Die Daten der Nutzer werden von den betreffenden sozialen Netzwerken in der Regel für Marktforschungs- und Werbezwecke verarbeitet. So können Nutzungsprofile anhand der Interessen der Nutzer erstellt werden. Zu diesem Zweck werden Cookies und andere Identifier auf den Rechnern der Nutzer gespeichert. Auf Basis dieser Nutzungsprofile werden dann z. B. Werbeanzeigen innerhalb der sozialen Netzwerke aber auch auf Websites Dritter geschaltet.
Die Rechtsgrundlage der durch die sozialen Netzwerke in eigener Verantwortung erfolgten Datenverarbeitung entnehmen Sie bitte den Datenschutzhinweisen des jeweiligen sozialen Netzwerks. Unter den nachstehenden Links erhalten Sie zudem weitere Informationen zu den jeweiligen Datenverarbeitungen sowie den Widerspruchsmöglichkeiten.
5.2 Verarbeitung zu statistischen Zwecken
Im Rahmen des Betriebs unserer Onlinepräsenzen besteht die Möglichkeit, dass wir auf Informationen wie Statistiken zur Nutzung unserer Onlinepräsenzen zugreifen können, die von den sozialen Netzwerken bereitgestellt werden. Diese Statistiken sind aggregiert und können insbesondere demografische Informationen (z.B. Alter, Geschlecht, Region, Land) und Daten zur Interaktion mit unseren Onlinepräsenzen (z.B. Likes, Abonnement, Teilen, Anschauen von Bildern und Videos) und den darüber verbreiteten Beiträgen und Inhalten enthalten. Diese können auch Auskunft über die Interessen der Nutzerinnen und Nutzer geben und welche Inhalte und Themen für diese besonders relevant sind. Diese Informationen können von uns auch dazu verwendet werden, die Gestaltung und unsere Aktivitäten und Inhalte auf der Onlinepräsenz anzupassen und für unser Publikum zu optimieren. Details und Links zu den Daten der sozialen Netzwerke, auf die wir als Betreiber der Onlinepräsenzen zugreifen können, entnehmen Sie bitte der unteren Liste. Die Erhebung und Verwendung dieser Statistiken unterliegen in der Regel einer gemeinsamen Verantwortlichkeit. Soweit dies zutrifft, ist der entsprechende Vertrag unten aufgeführt.
Rechtsgrundlage für die Datenverarbeitung ist Art. 6 Abs. 1 lit. f DSGVO, beruhend auf unserem berechtigten Interesse an einer effektiven Information der Nutzer und Kommunikation mit den Nutzern, bzw. Art. 6 Abs. 1 lit. b DSGVO, um mit unseren Kunden in Kontakt zu bleiben und sie zu informieren sowie zur Durchführung vorvertraglicher Maßnahmen mit künftigen Kunden und Interessenten.
5.3 Einsicht in öffentlich verfügbare Informationen
Sofern Sie ein Konto bei dem sozialen Netzwerk haben, ist es möglich, dass wir Ihre öffentlich verfügbar gemachten Informationen (z.B. Ihren Nutzernamen) und Medien (z.B. Bilder und Videos) sehen können, wenn wir Ihr Profil aufrufen. Darüber hinaus ermöglicht uns das soziale Netzwerk unter Umständen, mit Ihnen in Kontakt zu treten. Dies kann beispielsweise über Direktnachrichten oder über gepostete Beiträge erfolgen. Die inhaltliche Kommunikation über das soziale Netzwerk und die Verarbeitung der Inhaltsdaten unterliegt dabei der Verantwortlichkeit des sozialen Netzwerks als Messenger- und Plattformdienst. Für diese Verarbeitung verweisen wir auf die Datenschutzhinweise des jeweiligen sozialen Netzwerks.
5.4 Verarbeitung von öffentlich verfügbaren Informationen
Sobald wir personenbezogene Daten von Ihnen in eigene Systeme übernehmen oder weiterverarbeiten, sind wir dafür eigenständig verantwortlich. Die Verarbeitung erfolgt dann zur Durchführung vorvertraglicher Maßnahmen und zur Erfüllung eines Vertrags gemäß Art. 6 Abs. 1 lit. b DSGVO oder zur Wahrung unserer berechtigten Interessen gemäß Art. 6 Abs. 1 lit. f DSGVO, um mit Kunden in Kontakt zu treten.
5.5 Datenschutzrechte
Wir weisen darauf hin, dass Datenschutzanfragen am effizientesten bei dem jeweiligen Anbieter des sozialen Netzwerks geltend gemacht werden können, da nur diese Anbieter Zugriff auf die Daten haben und direkt entsprechende Maßnahmen ergreifen können.
5.6 Genutzte Onlinepräsenzen
Nachfolgend eine Liste mit Informationen zu den sozialen Netzwerken, auf denen wir Onlinepräsenzen betreiben:
Facebook (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Irland)
Betrieb der Facebook-Fanpage in gemeinsamer Verantwortlichkeit auf Grundlage einer Vereinbarung über gemeinsame Verarbeitung personenbezogener Daten (sog. Seiten-Insights-Ergänzung bezüglich des Verantwortlichen): https://www.facebook.com/legal/terms/page_controller_addendum
Informationen zu den verarbeiteten Seiten-Insights-Daten und zur Kontaktmöglichkeit im Falle von Datenschutzanfragen: https://www.facebook.com/legal/terms/information_about_page_insights_data
Datenschutzerklärung: https://www.facebook.com/privacy/policy/
Instagram (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Irland)
Instagram Business-Konto auf Grundlage einer Vereinbarung über gemeinsame Verarbeitung personenbezogener Daten (sog. Seiten-Insights-Ergänzung bezüglich des Verantwortlichen): https://www.facebook.com/legal/terms/page_controller_addendum
Informationen zu den verarbeiteten Seiten-Insights-Daten und zur Kontaktmöglichkeit im Falle von Datenschutzanfragen: https://www.facebook.com/legal/terms/information_about_page_insights_data
Datenschutzerklärung: https://privacycenter.instagram.com/policy/
Opt-Out (Erklärung): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE
Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland)
Datenschutzerklärung: https://policies.google.com/privacy
Opt-Out (Erklärung): https://www.google.com/settings/ads.
X (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland)
Datenschutzerklärung: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization.
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
Betrieb der LinkedIn-Unternehmensseite in gemeinsamer Verantwortlichkeit auf Grundlage einer Vereinbarung über die gemeinsame Verarbeitung personenbezogener Daten (sog. Page Insights Joint Controller Addendum): https://legal.linkedin.com/pages-joint-controller-addendum
Informationen zu den verarbeiteten Seiten-Insights-Daten und zur Kontaktmöglichkeit im Falle von Datenschutzanfragen: https://legal.linkedin.com/pages-joint-controller-addendum
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Xing/Kununu (New Work SE, Am Strandkai 1, 20457 Hamburg)
Datenschutzerklärung/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
5. Sharing of data
Data that we collect will generally only be shared if:
You have given your explicit consent in accordance with Article 6(1)(a) of the GDPR,
the sharing is necessary for the assertion, exercise or defence of legal claims in accordance with Article 6(1)(f) of the GDPR and there is no reason to assume that you have an overriding legitimate interest in not sharing your data,
we are legally obliged to share under Article 6(1)(c) of the GDPR, particularly if this is required due to official requests, court orders and legal proceedings for enforcement, or
it is legally permissible and necessary for the performance of contractual relationships with you or for the execution of pre-contractual measures that are carried out at your request in accordance with Article 6(1)(b) of the GDPR.
Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that host our website and databases, software providers, IT service providers that maintain our systems, agencies, market research firms, group companies, and consulting firms. If we share data with our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and contracted by us. They are contractually bound to our instructions, have appropriate technical and organisational measures to protect the rights of the data subjects, and are regularly monitored by us. A current list of the service providers we use includes Slicemedia and Magic Design. Furthermore, data may be shared in connection with official requests, court orders, and legal proceedings when it is necessary for enforcement purposes.
6. Data transmission to third countries
As explained in this privacy policy, we use services whose providers are partially located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, meaning countries whose level of data protection does not match that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. This includes, among other things, the standard contractual clauses of the European Union or binding internal data protection regulations. Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, particularly your explicit consent or the necessity of the transfer for the performance of a contract or for conducting pre-contractual measures. If a transfer to a third country is planned and no adequacy decision or suitable guarantees are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transmitted data in order to collect and analyze it, and that enforcement of your rights as a data subject cannot be guaranteed. When obtaining your consent through the cookie banner, you will also be informed about this. If your personal data is transferred to a company in the USA that is currently certified under the EU-U.S. Data Privacy Framework of June 10, 2023, the transfer will take place in this case based on the adequacy decision for the USA according to Art. 45 GDPR.
7. Retention period
In principle, we only store personal data for as long as is necessary to fulfil the purposes for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidential purposes for civil claims or due to legal retention obligations. For evidential purposes, we will retain contract data for three years from the end of the year in which our business relationship with you ends. Any claims become time-barred after the statutory limitation period at the earliest at this point. Even after that, we may still have to keep your data for accounting reasons. We are obliged to do so due to statutory documentation requirements, which may arise from the Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act, and the Securities Trading Act. The stipulated retention periods for documents range from two to ten years.
8. Your rights, in particular the right of withdrawal and objection
9.1 Übersicht Ihrer Rechte
Ihnen stehen jederzeit bei Vorliegen der jeweiligen gesetzlichen Voraussetzungen die in den Art. 7 Abs. 3, Art. 15 – 21, Art. 77 DSGVO formulierten Betroffenenrechte zu:
Recht auf Widerruf Ihrer Einwilligung (Art. 7 Abs. 3 DSGVO);
Recht auf Widerspruch gegen die Verarbeitung Ihrer personenbezogenen Daten (Art. 21 DSGVO);
Recht auf Auskunft über Ihre bei uns verarbeiteten personenbezogenen Daten (Art. 15 DSGVO);
Recht auf Berichtigung Ihrer bei uns unrichtig gespeicherten personenbezogenen Daten (Art. 16 DSGVO);
Recht auf Löschung Ihrer personenbezogenen Daten (Art. 17 DSGVO);
Recht auf Beschränkung der Verarbeitung Ihrer personenbezogenen Daten (Art. 18 DSGVO);
Recht auf Unterrichtung über die Empfänger auf Verlangen (Art. 19 S. 2 DSGVO);
Recht auf Datenübertragbarkeit Ihrer personenbezogenen Daten (Art. 20 DSGVO);
Recht auf Beschwerde bei einer Aufsichtsbehörde (Art. 77 DSGVO).
Um Ihre hier beschriebenen Rechte geltend zu machen, können Sie sich jederzeit an die oben genannten Kontaktdaten wenden. Dies gilt auch, sofern Sie Kopien von Garantien zum Nachweis eines angemessenen Datenschutzniveaus erhalten möchten. Sofern die jeweiligen rechtlichen Voraussetzungen vorliegen, werden wir Ihrem Datenschutzbegehren entsprechen.
Ihre Anfragen zur Geltendmachung von Datenschutzrechten und unsere Antworten darauf werden zu Dokumentationszwecken für die Dauer von bis zu drei Jahren und im Einzelfall zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen auch darüber hinaus aufbewahrt. Rechtsgrundlage ist Art. 6 Abs. 1 lit. f DSGVO, beruhend auf unserem Interesse an der Verteidigung gegen etwaige zivilrechtliche Ansprüche nach Art. 82 DSGVO, der Vermeidung von Bußgeldern nach Art. 83 DSGVO sowie der Erfüllung unserer Rechenschaftspflicht aus Art. 5 Abs. 2 DSGVO.
9.2 Recht auf Widerruf und Widerspruch
Widerrufsrecht (Art. 7 Abs. 3 DSGVO)
Sie haben das Recht, eine einmal erteilte Einwilligung gemäß Art. 6 Abs. 1 lit. a DSGVO jederzeit uns gegenüber zu widerrufen. Dies hat zur Folge, dass wir die Datenverarbeitung, die auf dieser Einwilligung beruhte, für die Zukunft nicht mehr fortführen. Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.
Widerspruchsrecht (Art. 21 DSGVO)
Allgemeiner Widerspruch: Soweit wir Ihre Daten auf Grundlage von Art. 6 Abs. 1 lit. f DSGVO (berechtigte Interessen) oder Art. 6 Abs. 1 lit. e DSGVO verarbeiten, können Sie jederzeit der Verarbeitung aus Gründen widersprechen, die sich aus Ihrer besonderen Situation ergeben.
Widerspruch bei Direktwerbung: Soweit wir Ihre Daten zu Zwecken der Direktwerbung verarbeiten, können Sie der Verarbeitung jederzeit ohne Angabe von Gründen widersprechen.
Geltendmachung Ihrer Rechte
Möchten Sie von Ihrem Widerrufs- oder Widerspruchsrecht Gebrauch machen, genügt eine formlose Mitteilung an die oben genannten Kontaktdaten.
9.3 Beschwerderecht
Sie haben schließlich das Recht, sich bei einer Datenschutzaufsichtsbehörde zu beschweren (Art. 77 DSGVO). Sie können dieses Recht beispielsweise bei einer Aufsichtsbehörde in dem Mitgliedstaat Ihres Aufenthaltsorts, Ihres Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes geltend machen. In Berlin, unserem Sitz, ist die zuständige Aufsichtsbehörde: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin.
10. Änderungen der Datenschutzerklärung
Gelegentlich aktualisieren wir diese Datenschutzerklärung, beispielsweise wenn wir unsere Website anpassen oder sich die gesetzlichen oder behördlichen Vorgaben ändern.
Version: 3.0 / Stand: Februar 2025