Privacy Policy
(Information on data protection regarding our data processing in accordance with Articles 12, 13, 14 and 21 of the General Data Protection Regulation)
We, rho data GmbH (hereinafter "rho data" or "we"), are pleased about your visit to our website https://www.gyde.io (hereinafter "Website") and your use of our Gyde platform via the mobile application (hereinafter "App" or "App Application") or web application (hereinafter "Web App" or "App Application") at app.gyde.io (hereinafter, if website-related content is included, also "Website") and your interest in our company. The protection of your personal data is important to us. Below, we inform you in accordance with Art. 12, 13, 14 and 21 of the General Data Protection Regulation (GDPR) about how we handle your personal data when using our website and app applications and when providing the services offered on the website and app applications.
Personal data is information about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, information such as name, address, telephone number and date of birth, but also the IP address.
A. General Information
I) Controller
rho data GmbH
Friedrichstraße 9
70174 Stuttgart
Phone: (+49) 01575 5525175
E-mail: info@gyde.io
We are not legally obliged to appoint a data protection officer.
B. Use of our Website: Purposes and Legal Bases of Data Processing
I) Informational Use of the Website
You can visit our website without providing any personal information. If you only use our website for informational purposes, i.e., if you do not register via the provided Google Docs form, write an email or otherwise transmit information about yourself to us, we do not process any personal data, except for the data that your browser transmits to enable you to visit the website and information transmitted to us in the context of cookies used.
1. Technical Provision of the Website
a) Log files/Website Provision
For the purpose of technically providing the website, our system (i.e., the web server) automatically records information from your browser with each call to the website. The temporary storage of your IP address by our system is necessary to enable delivery of the website to your computer. For this, the user's IP address must necessarily be stored for the duration of the session.
The storage of the IP address in the log files is done to ensure the functionality of our website. In addition, this data serves us to optimize the website and to ensure the security of our information technology systems (e.g., attack detection).
The following information is collected:
- IP address and port;
- Browser type/version (e.g.: Firefox 59.0.2 (64 Bit));
- Browser language (e.g.: German);
- Operating system used (e.g.: Windows 10);
- Inner resolution of the browser window;
- Screen resolution;
- JavaScript activation;
- Cookies On / Off;
- Stored cookie contents;
- Time of access;
- The previous website from which you came to us.
Furthermore, we use cookies to provide you with certain technical functions of our website for use. Some functions of our website cannot be offered without the use of cookies. You can find more detailed information about the cookies in the consent management.
We process your personal data for the technical provision of our website to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, in order to be able to provide you with the website technically. Our legitimate interest in this is to be able to provide you with an attractive, technically functioning and user-friendly website as well as to take measures to protect our website against cyber risks and to prevent cyber risks from our website for third parties.
b) Consent Management
We use a Consent Manager on our website. With the help of the Consent Manager, we obtain your consent for certain data processing that requires consent (e.g. analysis, tracking, etc.). Through the use of the Consent Manager, we can inform you about the individual cookies and tools we use. You can use the Consent Manager to choose which cookies and tools you want to allow or reject categorically. In addition, the Consent Manager also provides an overview of the cookies used and the possibility to change or revoke your consents. This enables you to make an informed decision about sharing your data and allows us to use cookies and tools in a privacy-compliant, transparent and documented manner.
The Consent Manager processes your personal data to record your decision about the approval of cookies and tools and to store it for a renewed visit to our website. This includes, among other things, the corresponding cookie with your (consent) decision as well as other usage data, e.g. IP address, domain name, time of request, server data (including data transfer types, server status, etc.), country, browser and operating system.
We process your personal data for the technical provision of the Consent Manager on the basis of the following legal grounds:
- for the use of cookie management to fulfill a legal obligation to which we as the controller are subject pursuant to Art. 6 para. 1 c) GDPR. The legal obligation lies in informing you about the cookies we use and obtaining and documenting your consent to data processing; and
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, in order to be able to provide you with the cookie management technically. Our legitimate interest in this is to be able to provide you with an attractive, technically functioning and user-friendly cookie management, as well as to take measures to protect the cookie management against cyber risks and to prevent cyber risks from the cookie management for third parties.
2. Analysis and Tracking
For the purpose of analyzing and tracking the use of our website, we or the service providers working for us use cookies that enable an evaluation of your surfing behavior. This allows us to improve the quality of our website and its content. We learn how the website is used and can thus continuously optimize our offer. More detailed information about the cookies and tools we use, their purposes and functions, the data processed in each case, the data recipients, the location of processing or transfer to so-called third countries (outside the EU/EEA), as well as the storage periods can be obtained via the Consent Manager.
In particular, we use the following tools from third-party providers:
- Hubspot
- Google Forms
- Youtube (for videos)
- Calendly
b) Legal Basis for Processing
We process your personal data on the basis of the following legal basis:
- Your consent according to Art. 6 para. 1 a) GDPR.
II) Active Use of the Website
1. Contact Requests
If you have questions about our website, the services we offer, or otherwise want to contact us, you can contact us directly using the contact details provided in Section A. I).
In order to process and answer your inquiries to us, we process the personal data you provide in this context. This includes, in any case, your name and email address to send you a response, as well as any other information you send us as part of your message.
We process your personal data to respond to contact requests according to the following legal basis:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR; our legitimate interest is in the proper response to customer inquiries;
- if the inquiry is aimed at the conclusion of a contract, the additional legal basis is Art. 6 para. 1 b) GDPR;
- if the inquiry is aimed at asserting your data subject rights, the additional legal basis is Art. 6 para. 1 c) GDPR, as the processing of your data is necessary for the fulfillment of legal obligations.
In addition to the above-mentioned contact options, there is also the possibility to contact us via the chat functions of Youtube and LinkedIn, HubSpot, Google Forms and Calendly. For more information about data collection regarding Youtube, LinkedIn, Google Forms and Calendly, please refer to Section J. "Data Processing in Social Media Use" of this Privacy Policy.
2. Registration for gyde Courses
You can register on our website to sign up for our training courses. In these cases, you must enter personal data into an input mask and transmit it to us.
You must provide the following data:
- First and last name
- Email address
- Position in and name of the company for which the registration is made or indication that you are registering yourself
- If the registration is for a company: Number of people to be registered
- Course title for which the registration should be made
At the time of sending the registration, the following data is also stored:
- The IP address of the user
- Mobile device yes/no
- Date and time of registration
We process your data for registration to a course for the performance of a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 b) GDPR.
3. Business Analysis and Market Research
In order to operate our business economically, recognize market trends, wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include contractual partners, interested parties, customers, visitors and users of our services and website.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information, e.g. on the services they have used. The analyses serve us to increase user-friendliness, to optimize our offer and to ensure economic efficiency. The analysis data serve only us and are not passed on to third parties. A transfer of analysis results takes place at most under complete anonymization by aggregation of the data.
We process your personal data for this purpose on the basis of the following legal basis:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR;
- if provided for in individual cases, based on your consent pursuant to Art. 6 para. 1 a) GDPR.
4. Newsletter and Promotional Emails
With your consent, we use your data for advertising purposes, such as sending our newsletter, promotional surveys, transmitting product information, inviting you to events and training courses of interest to you, follow-ups, status messages, birthday mailings, market research and other marketing and promotional activities. We collect mandatory information such as your email address, but also information that you voluntarily provide to us. We use the voluntary information to continuously improve our customer relationship.
If we receive your email address in connection with the conclusion of a contract and the provision of our services and you have not objected to this, we reserve the right to regularly send you offers for similar services from our range by email. You can object to this use of your email address at any time by sending a message to the contact details provided under Section A. I) or via a link provided for this purpose in the promotional email or other unsubscribe or objection options described in the respective email, without incurring any costs other than the transmission costs according to the basic rates.
We process your data for sending newsletters and promotional emails on the following legal bases:
- if you have given us your consent pursuant to Art. 6 para. 1 a) GDPR;
- if you have provided us with your email address in connection with the purchase of goods or services, to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR in conjunction with § 7 para. 3 UWG; our legitimate interest is based on our economic interests in carrying out promotional measures and targeted advertising.
5. Analysis of Reaction to Promotional Emails
With your consent, we also analyze, with the help of our service provider HubSpot, when and how you open and react to our newsletters and promotional emails. The following data is usually stored:
- Email address of the user
- Send status of the receiving mail server
- Delivery status of the email
- Time at which the email was opened
- Clicks on links in the email and their time
The evaluation and analysis of this data help us to not send you random advertising. Rather, we send you advertising that corresponds to your areas of interest. In this respect, for example, we also compare which of our newsletters and promotional emails you open in order to avoid sending unnecessary emails to you. In addition, we want to provide you with information that is suitable for you. By tracking open and click rates, we can better recognize which content is interesting for you. You can view HubSpot's privacy policy here: https://legal.hubspot.com/de/privacy-policy.
The processing of data for the analysis of reactions to newsletters and promotional emails is carried out if you have given us your consent pursuant to Art. 6 para. 1 a) GDPR.
6. Legal Enforcement
We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offenses.
We process your personal data for this purpose on the basis of the following legal basis:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses.
7. Compliance with Legal Regulations
We also process your personal data to fulfill other legal obligations. These may affect us, among other things, in connection with the processing of registrations or business communication. This includes in particular retention periods under commercial, trade or tax law.
We process your personal data on the basis of the following legal basis:
- to fulfill a legal obligation to which we are subject pursuant to Art. 6 para. 1 c) GDPR in conjunction with commercial, trade or tax law, insofar as we are obliged to record and retain your data.
C. Use of Our Training Services: Purposes and Legal Bases of Data Processing
We process your personal data as part of our training services. We receive the data we process from you either from your employer, if they have registered you for one of our courses, or directly from you, if you have registered yourself or provided the corresponding data in our app applications and group coaching sessions.
1. App Applications/Gyde Platform
In the app applications, learning content on leadership topics is provided via the Gyde platform in the form of microlearning units. In addition to simple text content, the app applications offer small quizzes and reflection tasks that can be answered through multiple-choice or text inputs. The aim of the app applications is to convey the relevant learning content in a short time, to consolidate what has been learned through tasks, and to transfer it into everyday life through reflection tasks. The data we collect from you is necessary to achieve the intended goal of coaching and to continuously improve rho data's services.
For this purpose, we process the following data in particular in the app applications:
- Email address of the user
- If login via third-party provider: Token from Google, Apple, etc.
- Master data of the user
- First and last name of the user
- Company in which the user is employed
- Role in the company
- Number of employees in the company or the respective work area of the user
- Time spent in the app application
- Number and time of completed units
- Times of use
- Approximate location (when using the app)
- Diagnostic data
- Multiple choice answers or free text entries (possibly also special categories of personal data according to Art. 9 para. 1 GDPR, if voluntarily provided)
2. Virtual Group Coaching
Group coaching sessions are offered at regular intervals (e.g., every 2 weeks) as part of the program. Here, the user participates in a video conference together with executives from other companies and a coach commissioned by rho data. During these group coaching sessions, the content learned in the app application is discussed and concrete situations from the users' everyday life are reflected upon. The aim of the group coaching is to consolidate the content learned in the app application and transfer it to one's own everyday life, as well as to find solutions to specific challenging situations through joint exchange and consultation with the coaches.
During the group coaching sessions, the coach may take notes on the user's situation. These can be used by the coach to improve the quality of the coaching sessions and by rho data to improve the overall quality of the services offered.
The data processed here cannot be generally defined. The resulting data depends individually on the answers given by users in the app application, the statements of users in the coaching sessions, and the respective evaluation or notes of the coach. This may also include special categories of personal data within the meaning of Art. 9 para. 1 GDPR.
The virtual group coaching sessions are conducted via Google Meet. rho data has no influence on the data processing by Google Meet. Each user enters into an independent usage relationship with Google when using Zoom. For more information on Google's data processing, please visit https://support.google.com/meet/answer/9852160, https://cloud.google.com/privacy and https://cloud.google.com/privacy/gdpr.
3. Legal Basis for Processing
We process your personal data on the basis of the following legal basis:
- Insofar as we have received your data from your employer for the purpose of setting up pre-registration, we process the data provided, such as name and email address, based on your consent given to your employer pursuant to Art. 6 para. 1 a) GDPR. Insofar as you have registered yourself for our course and are our contractual partner, we process the data you have provided for the fulfillment or initiation of a contract with you pursuant to Art. 6 para. 1 b) GDPR.
- With regard to the information you have provided in the app application and in the coaching sessions, we process your data based on your consent pursuant to Art. 6 para. 1 a) GDPR or Art. 9 para. 2 a) GDPR.
D. Links
Some sections of our websites contain links to third-party websites. These websites are subject to their own privacy policies. We are not responsible for their operation, including data handling. If you send information to or through such third-party pages, you should review the privacy policies of these pages before providing them with information that can be associated with you.
E. Categories of Recipients
Initially, only our employees gain knowledge of your personal data. Your data will only be passed on to third parties if this is legally permitted or prescribed or if you have given your consent. We also share your data to the extent necessary with the service providers we use to provide our services. We limit the sharing of data to what is necessary to provide our services to you. In some cases, our service providers receive your data as processors and are then strictly bound by our instructions when handling your data. In some cases, the recipients act independently with your data that we transmit to them.
Below we list the categories of recipients of your data:
- Debt collection companies and legal advisors when asserting our claims,
- Public authorities and institutions, insofar as we are legally obliged to do so,
- Payment service providers and banks to collect outstanding payments from accounts or pay out refund amounts,
- Agencies, printing companies and lettershops that support us in carrying out training courses, promotional measures, competitions, etc.,
- IT service providers for the administration and hosting of our websites and services.
F. Third Country Transfer
As part of the use of cookies and similar applications, we transfer your IP address or your shortened IP address as well as possibly other data to countries outside the European Union. The transfer of data is based on the standard contractual clauses drafted and made available by the European Commission, which we have agreed upon with the respective providers.
If service providers in third countries are used and we can influence this, they are also obliged to comply with the European level of data protection through the agreement of the EU standard contractual clauses in addition to written instructions. Alternatively, we transfer the data on the basis of an adequacy decision by the EU Commission.
Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations.
Data processing within the scope of service provision by rho data takes place via a Google Firebase Cloud Server in Europe as well as other cloud servers in Europe. According to the contract, Google only processes the data in the EU. Therefore, no third country transfer takes place.
G. Duration of Storage
I) Informational Use of the Website
When using our website purely for informational purposes, we store your personal data on our servers exclusively for the duration of your visit to our website. After you have left our website, your personal data will be deleted within 7 days. Cookies installed by us are usually also deleted after leaving our website.
However, some cookies are stored for longer; more detailed information about the storage periods of the cookies and tools we use can be obtained via the Consent Manager. You also have the option to delete installed cookies yourself at any time.
II) Active Use of the Website
In the case of active use of our website, we initially store your personal data for the duration of answering your inquiry or for the duration of our business relationship. This also includes the potential future and actual initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
We process your data for the duration of your subscription to our promotional emails until you object to the sending or revoke your consent.
In addition, we then store your personal data until the statute of limitations for any legal claims arising from the relationship with you expires, in order to use them as evidence if necessary. The limitation period is usually between 1 and 3 years, but can also be up to 30 years.
Upon expiration of the limitation period, we delete your personal data unless there is a legal obligation to retain it, for example from the German Commercial Code (§§ 238, 257 para. 4 HGB) or from the German Fiscal Code (§ 147 para. 3, 4 AO). These retention obligations can last from two to ten years. For this period, the data will be processed again solely in the event of an audit by the tax authorities.
III) Use of App Applications and Data Processing in Virtual Group Coaching
If you use our app applications or participate in virtual group coaching, we store your personal data collected in this context for the purpose of conducting the training courses in any case for the duration of the respective training program and are visible to the user until the user requests deletion or the contractual relationship is terminated. As soon as users no longer have access to the platform, the data will be deleted unless there are compelling reasons against it (e.g. legal retention obligations, law enforcement, etc.).
Your data may be aggregated by us so that it is no longer possible to assign it to you personally. These aggregated data can then be continuously evaluated and permanently used to optimize our services. If at all, data is only passed on to third parties in anonymized aggregated form.
H. Scope of Your Obligations to Provide Data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we may not be able to make the website or app applications available to you with all technical functionalities, may not be able to answer your inquiries to us, and may not be able to enter into a contract with you or provide the training services.
I. Profiling / Automated Decision-Making
As part of the analysis and evaluation of your reaction to our promotional emails, your data is partially processed automatically with the aim of evaluating certain personal aspects (profiling). This is done in order to be able to inform and advise you in a targeted manner about products and services. This enables communication and advertising tailored to your needs, including market and opinion research.
Otherwise, we do not carry out profiling and do not use purely automated decision-making procedures in accordance with Article 22 GDPR. If we should use further procedures in individual cases in the future, we will inform you separately about this.
J. Data Processing in Social Media Use
To present our company and for direct communication with you, we use social media platforms from providers such as LinkedIn, Youtube, HubSpot, Calendly and Co. ("Providers"), through which we maintain our presence (e.g. in the context of company and employee profiles) and process your data.
I) Joint Responsibility
If data is collected on our website that both the provider and we process and use for joint purposes (e.g. in the context of analysis or advertising), there is joint responsibility between the operator and us. Often this function cannot be deactivated by us. You can therefore address your concern to both the respective provider and us. We currently use the following providers:
- LinkedIn (including LinkedIn Sales Navigator) of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (Address of the German branch: LinkedIn Germany GmbH, Sendlinger Str. 12, 80333 Munich)
- Youtube of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (Address of the German branch: Google Germany GmbH, ABC-Straße 19, 20354 Hamburg),
- HubSpot of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA
- Calendly of Calendly LLC, 271 17th St NW Ste 1000, Atlanta, GA 30363, USA
Below you will find the links to the privacy policies and information of the respective providers:
- LinkedIn: https://de.linkedin.com/legal/privacy-policy
- Google (YouTube): https://policies.google.com/privacy
- HubSpot: https://legal.hubspot.com/de/privacy-policy
- Calendly: https://calendly.com/privacy
II) Data Protection Officers of the Providers
In addition to us, you can also contact the following data protection officers of the respective providers:
- LinkedIn: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
- Google (YouTube): https://support.google.com/policies/contact/general_privacy_form
- HubSpot: privacy@hustle.co
- Calendly: privacy@calendly.com
III) Purposes and Legal Bases of Data Processing
1. Informational Use of Our Presence
a) Provision of the Presence
For the purpose of technically providing our social media presence, the web server automatically records information from your browser with each call to the website. You can visit our presence without providing any personal information. If you only use our presence for informational purposes, i.e. if you do not register or otherwise transmit information about yourself to us, we do not process any personal data, with the exception of the data that the operator collects in the context of its platform and the cookies it uses and may transmit to us.
We or the provider process your personal data for the technical provision of our website on the basis of the following legal grounds:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, in order to be able to make the presence technically available to you. Our legitimate interest in this is to be able to provide you with an appealing, technically functioning and user-friendly presence as well as to take measures to protect our presence from cyber risks and to prevent cyber risks from our presence for third parties.
b) Analysis and Tracking
For the purpose of analyzing and tracking the use of its social media platform and our presence, the provider uses cookies that enable an evaluation of your surfing behavior. This allows the quality of the platform and presence and their contents to be improved. We learn how the platform and the presence are used and can thus continuously optimize our offer.
However, we have neither influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the exact purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by the operator of the platform.
Web analysis is the collection, gathering and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came from to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. Web analysis is regularly used to optimize a website and for cost-benefit analysis of internet advertising. It may also happen that the information obtained in the context of the analysis and tracking of our presence is combined with your other data collected in the context of the use of the presence and the platform. If you register on the platform, the operator could link data regarding your platform activities with your personal information (including name/email address) on the basis of given consent, thus collect it in a personalized manner and inform you individually and in a targeted manner about, among other things, your preferred subject areas.
With regard to statistics that the operator of the platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
We process your personal data on the basis of the following legal basis:
- Your consent according to Art. 6 para. 1 a) GDPR, which you have given to the provider when registering for the respective social media platform.
2. Active Use of the Presence
In addition to the purely informational use of our presence, you can also actively use our presence to contact us. In addition to the processing of your personal data described above for purely informational use, we then also process further personal data from you that we need, for example, to process your request. This also applies if we actively use the presence on our part, e.g. for initiative contact or the initiation of business contacts with you.
a) Sharing and Publishing of and Interacting with Posts, Reviews, Photos, etc.
You can comment on, share, or otherwise interact with (like, recommend, review, etc.) posts, photos, videos, etc. created by us on the provider's platform and on our presence. We may share your content on our presence if this is a function of the operator's platform and communicate with you via the platform. Public messages, etc. may be published by the operator, but will not be used or processed by us for other purposes at any time.
In the case of reviews, we reserve the right to publish a statement (e.g. to clarify a problem, goodwill actions, etc.) on your message and to request further contact. In doing so, processing of the personal data you voluntarily published in the review may take place.
We also reserve the right to delete content if this should be necessary. We process your personal data on the following legal basis:
- To protect our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f) GDPR. The data processing takes place in the interest of our public relations and communication.
b) User Inquiries
In order to process your inquiries to us, e.g. via contact forms, a chat or our email address, to answer them specifically and to provide you with the desired information, we process the personal data you provide in this context. This includes your contact details to send you a response or to ask necessary follow-up questions, as well as other information you provide to us in this context.
If you make an inquiry to us via the platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential inquiries to our addresses specified in the imprint or in this privacy policy. We may contact you electronically, by telephone or by post, depending on the subject of the inquiry, the availability of your contact details and appropriateness.
We process your personal data to respond to user inquiries, requests for materials, etc. on the basis of the following legal grounds:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR; our legitimate interest lies in the proper response to or execution of (customer) inquiries;
- if the inquiry is aimed at the conclusion of a contract or the services to be provided or otherwise relates to a contractual and/or business relationship between us and you, the additional legal basis is Art. 6 para. 1 b) GDPR;
- with your consent in the context of using the chat, Art. 6 para. 1 a) GDPR.
c) Legal Enforcement
We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offenses.
We process your personal data for this purpose on the basis of the following legal basis:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses.
d) Compliance with Legal Regulations
We also process your personal data on our social media presence to fulfill other legal obligations. These may affect us, among other things, in connection with the processing of registrations or business communication. This includes in particular retention periods under commercial, trade or tax law. We process your personal data on the basis of the following legal basis:
- to fulfill a legal obligation to which we are subject pursuant to Art. 6 para. 1 c) GDPR in conjunction with commercial, trade or tax law, insofar as we are obliged to record and retain your data.
e) Third Country Transfer
As part of the use of social media, your data may be transferred to countries outside the European Union, including the USA. We have no influence on this. You can find further information in the linked privacy policies of the platform operators.
f) Storage Duration
When using our social media presence, the operator stores your personal data on its servers. Personal data and installed cookies are usually deleted by the operator. However, we are unfortunately not aware of the exact storage and deletion periods, but they may be found in the respective linked privacy policies.
g) Profiling / Automated Decision
There is a possibility that the operator of a social media platform processes your data partly automatically with the aim of evaluating certain personal aspects (profiling). This may be done to be able to inform and advise you in a targeted manner about products and services. This enables communication and advertising tailored to your needs, including market and opinion research.
K. Company Sale/Mergers, etc.
We may process your personal data in order to carry out a (partial) company sale or a merger (or similar transactions such as takeover in the context of liquidation, insolvency, dissolution, etc.) with another company. In the event that another company acquires or intends to acquire the assets, which may include your personal data, from us or we carry out or aim for a merger with another company, we may need to grant this company access to your personal data stored with us or transfer it for the purpose of examining and carrying out the company sale/merger (e.g. to determine the company value or business risks, to transfer the data/assets, or similar).
We process your personal data on the basis of the following legal basis:
- to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, in order to be able to organize and carry out a planned company sale or planned merger.
L. Data Subject Rights
If personal data about you is processed, you are a "data subject" within the meaning of the GDPR. You are entitled to the following rights as a data subject under the legal requirements, which you can assert against us or, in the context of using a social media service, also against the operator. Please note that we do not have full influence on the data processing operations of the operator. Our possibilities are largely determined by the company policy of the respective operator. Your data subject rights are as follows:
- Right to information: You are entitled at any time, within the framework of Art. 15 GDPR, to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you are further entitled under Art. 15 GDPR to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and in the case of third country transfer the appropriate safeguards) and a copy of your data.
- Right to rectification: If personal data about you is not (or no longer) accurate or incomplete, you can request a correction and, if necessary, completion of this data (Art. 16 GDPR).
- Right to erasure or restriction of processing: If the legal requirements are met, you can request the erasure of your personal data (Art. 17 GDPR) or the restriction of processing of this data (Art. 18 GDPR). However, the right to erasure under Art. 17 para. 1 and 2 GDPR does not exist, among other things, if the processing of personal data is necessary to fulfill a legal obligation (Art. 17 para. 3 lit. b GDPR).
- Right to object: For reasons arising from your particular situation, you can object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
- Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to request that we provide you with the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
- Right to revoke the data protection consent: You have the right to revoke your consent at any time. The revocation only takes effect for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, a data subject (you) has the right to lodge a complaint with a supervisory authority - in particular in the Member State of your place of residence - if you consider that the processing of personal data relating to you by us infringes the GDPR.
The supervisory authority responsible for us is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Lautenschlagerstraße 20 70173 Stuttgart Phone: 0711/61 55 41 – 0 Fax: 0711/61 55 41 – 15 E-mail: poststelle@lfdi.bwl.de
The social media platform operators and thus also the responsible supervisory authority are based abroad within the EU. This is usually the Irish Data Protection Commission (Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02RD28, Ireland). However, you can also address your complaints to the following German supervisory authorities. This is basically:
- LinkedIn: The Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach;
- Google (incl. YouTube): The Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str 22, 7th floor, 20459 Hamburg;
Your requests for the exercise of your rights should, if possible, be addressed in writing to the above-mentioned address of the supervisory authorities or directly to us at the contact details given under Section A. I).
M. Right to Object Art. 21 GDPR
You have the right to object at any time to the processing of your data which is carried out on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) if there are grounds for doing so arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
In individual cases, your personal data may also be processed to conduct direct marketing. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling insofar as it is associated with such direct advertising. This objection will be observed for the future. Your data will no longer be processed for direct marketing purposes if you object to processing for these purposes.
The objection can be made without any formalities and should be addressed to us at the contact details given under Section A. I) or to the contact details of the respective platform operator.
N. Changes
This privacy policy is a transparency document. We are obliged to update it if our data processing changes.
Last updated in February 2023