Privacy Policy

domeba takes the protection of your personal data very seriously and strictly adheres to the rules of data protection laws.

The use of our online offering is generally possible without providing personal data, but different rules may apply for the use of individual services. The following data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter also referred to as “data”) within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offering”).

We would like to point out that internet-based data transmission has security gaps, meaning that complete protection against access by third parties is impossible.

Definitions

To define the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Responsible

domeba GmbH
Bornaer Str. 205
D – 09114 Chemnitz
Phone: +49 (0)371 4002080
E-Mail: info@domeba.de

Contact the data protection officer

The data protection officer for domeba is:

Mr. Matthias Voh
domeba GmbH
E-Mail: datenschutz@domeba.de

Cookies

We use cookies and similar technologies (e.g. local storage) on our website to provide certain functions, analyze the use of our website, and enable marketing activities. Cookies are small text files that are stored on your device. They do not cause any damage and do not contain viruses.

We distinguish between the following categories of cookies and technologies:

Essential
Essential services enable basic functions and are required for the proper functioning of the website.
Legal basis is Art. 6(1)(f) GDPR.
Statistics
Statistical cookies collect usage data that tells us how our visitors interact with our website.
Legal basis is your consent in accordance with Art. 6(1)(a) GDPR as well as Section 25(1) TTDSG.
Marketing
Marketing services are used by third parties or publishers to display personalized advertising. They do this by tracking visitors across websites.
Legal basis is your consent in accordance with Art. 6(1)(a) GDPR as well as Section 25(1) TTDSG.
External Media
Content from video platforms and social media platforms is blocked by default. If external services are accepted, manual consent is no longer required to access this content.
Legal basis is your consent in accordance with Art. 6(1)(a) GDPR as well as Section 25(1) TTDSG.

Cookies are either deleted after you close your browser (session cookies) or remain stored on your device until you delete them or a predefined storage period expires.

When you first visit our website, you will be informed about the use of cookies via a consent banner (consent management tool) and can decide which categories you want to allow.

Your consent is stored so that it can be taken into account during future visits. You can withdraw or adjust your consent at any time with effect for the future by accessing the settings in our consent management tool.

Server data

For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is recorded (so-called server log files):

Browser type and version
operating system used
Website from which you visit us (referrer URL)
Website you visit
Date and time of your access
Your Internet Protocol (IP) address

This anonymous data is stored separately from any personal data you may have provided and therefore does not allow any conclusions to be drawn about a specific person.

This storage is carried out on the legal basis of Art. 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

Compliance Letter (Newsletter)

If you would like to receive the compliance letter offered on the website, we require your name and title, a valid email address and information that allows us to verify that you are the owner of the email address provided or that the owner agrees to receive the newsletter. No further data is collected. You can revoke your consent to the storage of the data, the email address and their use to send the newsletter at any time.

Registration for our Compliance Letter is carried out using a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else’s email address. Registrations for the Compliance Letter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Contact option

On our website we offer you the opportunity to contact us by email or via a contact form. In this case, the information you provide will be stored for the purpose of processing your contact request. It will not be passed on to third parties. The data collected in this way will also not be compared with data that may be collected by other components of our website.

Your data may be stored in a customer relationship management system (“CRM system”) or similar systems. Your data will be deleted from these systems if they are no longer required.

Service Desk

On our website we offer you the opportunity to contact our service desk directly with your request. If you want to use this option, we will collect your name and contact details, your company and information about the type, reproducibility and priority of your described problem. This data is collected and processed for the purpose of establishing contact in the context of problem processing as well as for the associated internal documentation and, if applicable, billing.

Your data may be stored in a customer relationship management system (“CRM system”) or similar systems. Your data will be deleted from these systems if they are no longer required.

When making a Service Desk request, please ensure that the personal data transferred is kept to a necessary minimum. It is your responsibility to ensure that you are authorized to transfer this personal data.

Webinar registration

On our website we offer you the opportunity to register for various webinars on the topic of compliance management. If you want to use this option, we will collect your name and contact details, your company and information about which webinars you want to register for. This data is collected for the purpose of contacting you during the webinar and for the associated reminder functions (e.g. reminder email two days before the start of the event).

Registration for our webinars is done using a so-called double opt-in process. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else’s email address. Registrations for the webinars are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Test systems

On our website we offer you the opportunity to register for an iManSys test system. If you want to use this option, we will collect your name and contact details, your region for the allocation of sales areas, your company including the number of employees and your position in the company in order to be able to offer you consulting services optimized for your industry and your application, and possibly a message from you to us. We use your data to activate your test access and to set up your associated user, as well as to contact you in order to be able to advise you as part of the test process.

Your data may be stored in a customer relationship management system (“CRM system”) or similar systems. Your data will be deleted from these systems if they are no longer required.

When using the test systems, please note that it is up to you whether and which personal data you enter into these systems. When using real data, please ensure that you are authorized to use this data. Please also note that domeba employees have access to your test system to ensure optimal advice. For more information on data security and data protection for test systems, please contact us.

Registration for our test systems is carried out using a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else’s email address. Registrations for the webinars are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Quiz/survey/test

You may be offered the opportunity to take part in a quiz/survey/test (e.g. “compliance test”) on some of our pages. These serve to check your own level of knowledge on the respective topic. You will therefore receive feedback immediately upon completion. Your data will not be stored or passed on to third parties.

Usage Analysis with Matomo

We use the web analytics service Matomo on our website.

With the help of Matomo, we are able to analyze the behavior of visitors to our website and optimize our offering. Cookies are used and data such as IP address, page views, and interactions are processed. The IP address is anonymized immediately after processing and before being stored. The data is deleted as soon as it is no longer required for our analysis purposes. No data is shared with third parties. Matomo is operated on our own servers.

The legal basis for processing is your consent in accordance with Art. 6(1)(a) GDPR as well as Section 25(1) TTDSG. Processing only takes place after you have given your consent via our consent management tool. You can withdraw your consent at any time with effect for the future via our consent management tool.

Use of Google Ads

We use the online advertising service Google Ads provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website.

As part of Google Ads, we use so-called conversion tracking. If you access our website via a Google ad, a cookie may be stored on your device. Cookies are small text files stored by your browser. These cookies expire after a defined period (usually 30 days) and are not used for personal identification.

The information collected using the conversion cookie enables us to compile statistics on the use of our website, in particular the total number of users who clicked on one of our ads and the pages subsequently accessed. However, we do not receive any information that personally identifies users.

The collected information may be transferred to Google servers, including in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection according to the European Commission’s decision. Nevertheless, it cannot be ruled out that U.S. authorities may access the transferred data. Therefore, there is a residual risk that your data may not be protected to the same extent as within the EU.

The legal basis for processing is your consent in accordance with Art. 6(1)(a) GDPR as well as Section 25(1) TTDSG. You can withdraw your consent at any time with effect for the future via our consent management tool.

Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tag management system that allows us to integrate and manage various tracking and analytics tools on our website. The Tag Manager itself does not process personal data in the strict sense but enables the triggering of other tags that may process personal data.

The legal basis for processing is your consent in accordance with Art. 6(1)(a) GDPR as well as Section 25(1) TTDSG. Google Tag Manager and the services integrated via it are only activated after you have given your consent via our consent management tool. You can withdraw your consent at any time with effect for the future via our consent management tool.

Google reCAPTCHA

We use the service “Google reCAPTCHA” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether data entered on our website (e.g. in forms) is provided by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the visitor accesses a page with embedded reCAPTCHA (provided that consent has been given).

When using reCAPTCHA, personal data is transmitted to Google. This may include, in particular, the IP address, information about the device used, browser data, as well as mouse movements and interactions with the website.

Ads Defender Click Fraud Technology

We use the service Ads Defender provided by Hurra Communications GmbH, Lautenschlagerstraße 23a, 70173 Stuttgart, Germany, on our website.

The service is used to analyze and prevent click fraud on our advertisements. Click fraud occurs when clicks on ads are generated by automated tools or when multiple clicks are made that are unlikely to result from genuine user interest.

As part of the analysis, the following personal data may be collected and stored when ads are clicked: IP address, information about the browser used, operating system, location data, referrer URL, additional online identifiers such as click and cookie IDs, duration of use, time of access, and information about interactions with advertisements and our website.

If suspicious behavior is detected and click fraud is suspected, these IP addresses may be transmitted to Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When using Google services, data may also be transferred to the USA.

Further information on data protection at hurra.com can be found at: https://privacy.hurra.com

Microsoft Advertising

We use Microsoft Advertising on our website for remarketing and conversion tracking. Microsoft Advertising is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, which uses so-called Universal Event Tracking (UET). A transfer of data to Microsoft Corporation in the USA cannot be excluded. Microsoft is certified under the EU-U.S. Data Privacy Framework. Nevertheless, it cannot be ruled out that U.S. authorities may access the transmitted data. Therefore, there is a residual risk that your data may not be protected to the same extent as within the EU.

If you click on an advertisement placed by us on the “Bing” search engine, Microsoft stores a cookie on your device via your browser for tracking purposes. This tracking cookie expires after 180 days and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, both Microsoft and we can recognize that you clicked on one of our advertisements on Bing and were redirected to our website.

Microsoft uses the information collected via the tracking cookie to generate visit statistics for us. This provides us with information about the number of accesses to our advertisements on Bing as well as the pages of our website that were subsequently accessed. However, we do not receive any information that would allow us to personally identify you.

In addition, Microsoft may track your user behavior across multiple devices via so-called cross-device tracking. This enables Microsoft to display personalized advertising across devices.

If you have a Microsoft account, you can change your settings for personalized advertising at http://choice.microsoft.com/de-de/opt-out.

Microsoft also provides further information about Bing Ads as well as the collection and use of data and your rights and options for protecting your privacy at https://help.bingads.microsoft.com/#apex/3/de/53056/2 and https://privacy.microsoft.com/de-de/privacystatement.

HubSpot

We use HubSpot on our website, a software provided by HubSpot Inc., USA.

HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include email marketing, contact forms, marketing automation, and the analysis of user behavior on our website. HubSpot uses cookies and similar technologies to recognize users and analyze user behavior.

Further information on the terms of use and data protection policies of HubSpot Inc. can be found at http://www.hubspot.com/terms-of-service and http://www.hubspot.com/privacy-policy. All information collected by us is subject to this privacy policy and is used exclusively to optimize our marketing activities.

When using HubSpot, personal data may be processed, in particular contact data (e.g. name, email address), usage data (e.g. pages visited, interactions), and technical information (e.g. IP address, browser data).

The data collected by us via HubSpot will be deleted as soon as it is no longer required for the respective purposes and no statutory retention obligations apply.

A transfer of data to the USA cannot be excluded. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. Nevertheless, it cannot be ruled out that U.S. authorities may access the transmitted data. Therefore, there is a residual risk that your data may not be protected to the same extent as within the EU.

We also use an interface between HubSpot and Google Ads to transfer data in both directions. The purpose of this processing is to enable personalized advertising, to re-target users based on their previous interactions with our website in subsequent sessions or on other online platforms, and to measure and continuously optimize the effectiveness of our advertising activities.

The legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR as well as your consent to the use of Google Ads and HubSpot pursuant to Art. 6(1)(a) GDPR.

Use of Leadinfo

We use the Leadinfo service provided by Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands, on our website. Leadinfo identifies which companies visit our website based on the IP address and may provide us with publicly available company data (e.g. company name, address, industry, size).

The legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR.

Further information on data processing by Leadinfo can be found in the provider’s privacy policy at https://www.leadinfo.com/en/legal/privacy/.

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

In this respect, we would like to point out that it is possible that user data may be processed outside the European Union, particularly in the USA. This may result in increased risks for users, as it may, for example, make it more difficult to access user data at a later date. We also have no access to this user data. Access is only possible through LinkedIn.

LinkedIn’s privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy

Use of LinkedIn Insight

We use the LinkedIn Insight tool for conversion tracking of campaigns run on our LinkedIn presence.

The LinkedIn Insight Tag (or the analogous action-specific image pixel) enables the collection of data on website visits including URL, referrer URL, IP address, user agent and timestamp. The IP addresses are shortened or (if used to reach members across devices) hashed. The direct identifiers of the members are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.

LinkedIn does not share any personal data with us, but only provides reports (in which you are not identified) about website audience and ad performance. You can control the use of your personal data for advertising purposes in your account settings.

Facebook

We maintain an online presence on XING to present our company and our services and to communicate with customers/prospects. XING is a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

You can find XING’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung/druckversion

YouTube

We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

You can find YouTube’s privacy policy at https://policies.google.com/privacy

X (formerly Twitter)

We maintain an online presence on Twitter to present our company and our services and to communicate with customers/prospects. Twitter is a service of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, IRELAND.

Twitter’s privacy policy can be found at https://twitter.com/de/privacy

Facebook

To promote our products and services and to communicate with interested parties or customers, we maintain a company presence on the
Facebook platform.

On this social media platform we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Facebook’s data protection officer can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations arise, can be accessed under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the resulting processing of personal data as reproduced below is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication, sale and promotion of our products and services.

The legal basis can also be the user’s consent to the platform operator in accordance with Art. 6 (1) (a) GDPR. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) GDPR.

When you access our online presence on the Facebook platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g. personal information, IP address, etc.).

This user data is used to provide statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise to users within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of the visit, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the request. The user’s data will be deleted by us if the user’s request has been answered conclusively and there are no statutory retention periods, such as in the case of subsequent contract processing, that prevent this.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by setting the Flash player accordingly. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

Further information on the processing activities, their prevention and the deletion of data processed by Facebook can be found in Facebook’s data policy: https://www.facebook.com/privacy/explanation

It cannot be ruled out that processing by Meta Platforms Ireland Limited may also be carried out via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Instagram

To promote our products and services and to communicate with interested parties or customers, we maintain a company presence on the
Instagram platform.

On this social media platform we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Instagram’s data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This
agreement, from which the mutual obligations arise, can be accessed under the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis can also be the user’s consent to the platform operator in accordance with Art. 6 (1) (a) GDPR. The user can revoke this consent
for the future at any time by notifying the platform operator in accordance with Art. 7 (3) GDPR .

When you access our online presence on the Instagram platform, Facebook Ireland Ltd., as the operator of the platform in the EU,
processes user data (e.g. personal information, IP address, etc.).

This user data is used to provide statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise to users within and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of the visit, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Instagram, the personal data entered by the user on this occasion will be
used to process the request. The user’s data will be deleted by us if the user’s request has been conclusively answered and there are no statutory retention periods, such as in the case of subsequent contract processing, that prevent this.

Facebook Ireland Ltd. may also set cookies to process the data.

Further information on the processing activities, their prevention and the deletion of data processed by Instagram can be found in
Instagram’s data policy:

https://help.instagram.com/519522125107875

It cannot be ruled out that processing by Facebook Ireland Ltd. may also be carried out via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Social media linking via graphic or text link

We also advertise presences on the social networks listed below on our website. The integration is done via a linked graphic of the respective network. Using this linked graphic prevents a connection to the respective server of the social network from being automatically established when a website that has a social media advertisement is accessed in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.

After the user has been redirected, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network, the network operator may be able to assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button on the respective network, this information may be saved in the user’s personal user account and may be published. If the user wants to prevent the information collected from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site by links:

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Facebook

New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung/druckversion

X (formerly Twitter)

Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, IRELAND
Privacy Policy: https://twitter.com/privacy

Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Privacy Policy: https://policies.google.com/privacy

Application

You can apply for our available job vacancies or submit a speculative application under the section “Jobs & Application Process”. It is also possible to apply via external platforms such as “Chemnitz zieht an” or StepStone, which will then forward your data to us accordingly.

In these cases, we process personal data about you for the purpose of handling your application for an employment relationship, insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Art. 6 (1) (b) GDPR, as the application process generally serves to initiate an employment relationship and thus constitutes a pre-contractual measure.
Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us from the application process. The legal basis for this is Art. 6 (1) (f) GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).

If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG (German Federal Data Protection Act), if this is necessary for carrying out or terminating the employment relationship or for exercising or fulfilling the rights and obligations arising from a law or a collective agreement, a works or service agreement (collective agreement) in respect of the representation of employees’ interests.

We process data that is connected with your application. In particular, the following data is collected:

Name (first name and surname)
Address
Email address
Telephone number
Channel through which you became aware of us

You also have the option of uploading meaningful documents such as a cover letter, your CV and references/certificates.
These may contain further personal data such as date of birth, address, etc. In addition, we may process job-related information that you have made publicly available, such as a profile on professional social media networks.

Only authorized employees from the HR department or employees involved in the application process have access to your data.

Your data will be stored for a period of six months after the end of the application process. This is generally done to fulfill legal obligations and/or to defend against possible claims under statutory provisions. Afterwards, we are obliged to delete or anonymize your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of female and male applicants, number of applications per period, etc.).

In addition, we reserve the right to store your data in our “talent pool” after the application process has ended in order to identify any further suitable positions for you. This also applies, for example, to applications for apprenticeships or internships.
For inclusion in the “talent pool”, we may separately obtain your explicit consent. Without such consent, we will not store your data in the “talent pool”.

If, in the course of the application process, you receive an offer of employment from us and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship. The provision of personal data is neither legally nor contractually required, nor are you obliged to provide personal data. However, the provision of personal data is necessary for the conclusion of an employment contract with us. This means that if you do not provide us with personal data when applying, we will not enter into an employment relationship with you.

Personio

The data you submit via the online application form is transmitted using TLS encryption and stored in a database. This database is operated by Personio GmbH, which provides HR management and applicant tracking software (https://www.personio.de/impressum/). In this context, Personio is our processor pursuant to Art. 28 GDPR. The basis for the processing is a data processing agreement between us, as the controller, and Personio.
This also applies if, prior to your application, you playfully test your interest in and suitability for a particular position on external pages managed by us. This means that personal data collected there is transmitted directly to Personio and further processed there. In this case, no personal data other than that required for an application is collected, in particular no performance data or test results.

In particular within the application process, you can also contact us via the WhatsApp messenger service. This facilitates communication, not least due to the wide spread use of this messenger service.

When using WhatsApp, personal data is processed, including your telephone number, chat messages, transmitted files such as photos or videos, and, where applicable, data from your address book. This data is also processed by WhatsApp in the USA, among other places, a country that may not provide the same level of data protection as the EU. WhatsApp participates in the EU-US Data Privacy Framework, which, however, does not exclude the possibility that US authorities may access the data.

The transmission of data when using WhatsApp is end-to-end encrypted. Nevertheless, you should be aware of the risks associated with its use.

The legal basis for the use of WhatsApp is your implied consent pursuant to Art. 6 (1) (a) GDPR, as the use of WhatsApp is always initiated by the potential applicant and never by domeba. You can withdraw your consent at any time by informing us that you no longer wish to communicate via WhatsApp.

WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy: https://www.whatsapp.com/privacy

StepStone

If we process your application via StepStone, StepStone Deutschland GmbH and its sub-processors, which you can find at https://www.stepstone.de/ueber-stepstone/rechtliche-hinweise/allgemeine-geschaeftsbedingungen/#processors, are recipients acting on our behalf. As part of our processing of your application via StepStone on our behalf, security services of Akamai Technologies, Inc. are used, which may result in a transfer of data to the USA.

OpenStreetMap

For directions we use OpenStreetMap, a service of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB 4 0 WS, United Kingdom, hereinafter referred to as “OpenStreetMap”.

When you visit one of our websites in which the OpenStreetMap service is integrated, OpenStreetMap stores a cookie on your device via your internet browser. This means that your user settings and user data are processed for the purpose of displaying the page or to ensure the functionality of the OpenStreetMap service. Through this processing, OpenStreetMap can recognize which website your request was sent from and to which IP address the route description should be sent.

If you have given your consent for this processing, the legal basis is Art. 6 (1) (a) GDPR. The legal basis can also be Art. 6 (1) (f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser.

OpenStreetMap offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://wiki.osmfoundation.org/wiki/Privacy_Policy .

Polylang

Our website uses the “Polylang” plugin to provide content in several languages. Polylang sets a cookie to save the language selected by the user and to adapt the display accordingly.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the error-free provision of the website in various languages.

Microsoft Teams

For online meetings, conference calls and webinars, we use the “Microsoft Teams” service, which is provided by Microsoft Corporation and its European subsidiary Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”).

When using Microsoft Teams, the following data in particular is processed – depending on the type of event:

Master data (e.g. display name, email address, profile picture, company)
Meeting metadata (e.g. date, time, meeting ID, participants, duration)
Communication data (e.g. chat messages, shared content, audio and video data)

The legal basis for processing is Art. 6 (1) lit. b GDPR (performance of pre‑contractual measures and fulfilment of a contract), insofar as participation in online meetings is required for performance of the contract, and Art. 6 (1) lit. f GDPR (our legitimate interest in the efficient conduct of online meetings).

Microsoft processes the data on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. In this context, the transfer of personal data to companies of the Microsoft Group in third countries (in particular the USA) cannot be ruled out. In such cases, the transfer is based on the EU standard contractual clauses pursuant to Art. 46 (2) lit. c GDPR.

Privacy statement: https://www.microsoft.com/en-us/privacy/privacystatement

Rights of the data subject

a. Information

You have the right to obtain information about your personal data processed by us and to request access to your personal data and/or copies of this data. This includes information about the purpose of use, the category of data used, its recipients and those authorized to access it and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.

b. Correction

You have the right to request that we immediately correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed – also by means of a supplementary statement.

c. Right to object

To the extent that the processing of personal data concerning you is based on Art. 6 (1) (f) GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

d. Right of withdrawal

If the processing is based on consent, you have the right to withdraw your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the withdrawal. To do so, you can contact us or our data protection officer at any time using the details provided above.

e. Right to erasure

You have the right to request that we erase personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following reasons applies:

The personal data are no longer necessary for the purposes for which they were collected or otherwise processed
You object to the processing and there are no overriding legitimate grounds for the processing.
The personal data were processed unlawfully.
The erasure of personal data is necessary to fulfill a legal obligation under Union or Member State law to which we are subject.

This does not apply if the processing is necessary

to fulfill a legal obligation which requires processing by Union or Member State law to which we are subject.
to assert, exercise or defend legal claims

f. Right to restriction of processing

You have the right to request that we restrict processing if one of the following conditions applies:

the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead
we no longer need the personal data for the purposes of processing, but you require it to assert, exercise or defend legal claims, or you have objected to processing pending the verification whether our legitimate grounds outweigh yours.

If processing has been restricted, these personal data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If you have obtained a restriction on processing, we will inform you before the restriction is lifted.

g. Right to complain

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

Changes to the privacy policy

We reserve the right to change this privacy policy in compliance with data protection regulations. You can find the current version here.

This declaration uses excerpts from the model data protection declaration of the law firm Weiß & Partner and the model data protection declaration of StepStone.