Data protection

You can find our contact details in the imprint. You are welcome to contact [email protected] for information and deletion requests.

The privacy policy applies to all websites of Eturnity AG. We do not guarantee compliance with the data protection provisions for websites outside Eturnity AG to which there is a link from the Eturnity AG websites. In the following, we would like to give you an overview of where data is collected and how it is handled.

1. Introduction

Below we provide information about the processing of personal data

on our website https://eturnity.com/
in our social media profiles
in the context of application procedures
outside the website (e.g. when forwarding data to recipients).

Personal data is any information relating to an identified or identifiable natural person, e.g. their name or e-mail address.

1.1. Contact details

The controller pursuant to Art. 5 lit. j of the Federal Act on Data Protection (Data Protection Act, DPA) is Eturnity AG, Reichsgasse 3, 7000 Chur, Switzerland, e-mail: [email protected]. We are legally represented by Pol Budmiger, Matthias Wiget, Manuel Alamillo Frias, Kurt Lüscher, Arnold Marty, Vincent Gregoir.

Our data protection advisor can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, e-mail: [email protected].

1.2. Disclosure abroad

Insofar as we transfer personal data to service providers or other third parties outside Switzerland, decisions of the Federal Council in accordance with Art. 16 para. 1 FADP usually guarantee the security of the data during transfer. According to these decisions, the legislation there guarantees adequate protection. The Federal Council has determined such adequacy for the states, territories, specific sectors in a state and international bodies listed in Art. 8 para. 1 of the Ordinance on Data Protection (DPO) in conjunction with Annex 1. These can be found at https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.htmlabrufbar.

This is the case for the following countries:

Germany
Andorra
Argentina
Austria
Belgium
Bulgaria
Canada (Adequate data protection is deemed to be guaranteed if the Canadian federal law "Loi sur la protection des renseignements personnels et les documents électroniques" of April 13, 2000 is applied in the private sector or the law of a Canadian province that largely corresponds to this federal law. The federal law applies to personal data that is obtained, processed or disclosed in the course of commercial activities, regardless of whether it concerns organizations such as associations, partnerships, individuals or trade unions or federally regulated enterprises such as plants, works, companies or business activities that fall within the legislative competence of the Canadian Parliament. The provinces of Québec, British Columbia and Alberta have enacted legislation that largely corresponds to the federal law; the provinces of Ontario, New Brunswick, Newfoundland and Labrador and Nova Scotia have enacted legislation that largely corresponds to this law in the area of health data. In all Canadian provinces, the Federal Act applies to all personal information obtained, processed or disclosed by federally regulated entities, including information about employees of those entities. The Federal Act also applies to personal information that is transferred to another province or country in the course of commercial activities).
Cyprus
Croatia
Denmark
Spain
Estonia
Finland
France
Gibraltar
Greece
Guernsey
Isle of Man
Faroe Islands
Ireland
Iceland
Israel
Italy
Jersey
Latvia
Liechtenstein
Lithuania
Luxembourg
Malta
Monaco
Norway
New Zealand
Netherlands
Poland
Portugal
Czech Republic
Romania
United Kingdom
Slovakia
Slovenia
Sweden
Hungary
Uruguay

In other cases (e.g. if there is no decision on appropriateness), the legal basis for data transfer is usually standard data protection clauses, i.e. unless we indicate otherwise. These are a set of rules adopted by the Federal Data Protection and Information Commissioner (FDPIC) and form part of the contract with the respective third party. According to Art. 16 para. 2 lit. d FADP, they guarantee the security of data transfer. Many of the providers have issued contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding the obligation of the third party to inform the data subject if law enforcement agencies wish to access data.

1.3. Rights of the data subjects

Data subjects generally have the following rights vis-à-vis us with regard to their personal data:

Right to information as to whether personal data concerning them is being processed.
Right to disclosure of the personal data they have disclosed to us,
Right to rectification,
Right to object to processing.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods about our offers from time to time by e-mail or other means if they have not objected to this. The processing is carried out for the purpose of direct marketing. Recipients of the communication can object to the use of their e-mail address or other communication data for advertising purposes at any time at no additional cost, for example via the link at the end of each e-mail or by sending an e-mail to our e-mail address stated above. Interested parties have the option of subscribing to a free newsletter. We process the data provided during registration to send the newsletter. Registration takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document or by another clear action, whereby interested parties declare their consent to the processing of their data. We process the data for the purpose of direct marketing. The consent of the interested party can be revoked at any time, e.g. by clicking on the corresponding link in the newsletter or by sending a message to our e-mail address given above.

We also process the opening and click rate of our newsletters by interested parties in order to understand which content is relevant for our recipients. This serves to improve our direct marketing. We use a service from the provider Mailjet GmbH, Friedrichstraße 68, 10117 Berlin (privacy policy: https://www.mailjet.de/privacy-policy/) for email marketing. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3. Data processing on our website https://eturnity.com/

3.1. Informational use of the website

When the website is used for informational purposes, i.e. when visitors to the site do not transmit information to us separately, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This serves to ensure the IT security of the website.

These data are e.g:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

This data is also stored in log files.

3.2. Data on third-party devices

Via our website, we process data on third-party devices by means of telecommunication transmission within the framework described in the previous and following sections.

Visitors can refuse the processing, e.g. by making the appropriate settings in their browser and thus blocking or deleting cookies.

3.3. Web hosting and provision of the website

Our website is hosted by Infomaniak. The provider is Infomaniak Network AG, Rue Eugène Marziano 25, 1227 Les Acacias, Geneva, Switzerland. The provider processes the personal data transmitted via the website, some of which is also mentioned in other sections of this privacy policy, e.g. content data, usage data, meta/communication data or contact data. The provider is therefore the recipient of the data. Further information can be found in the provider's privacy policy at https://www.infomaniak.com/de/agb/regelung-allgemeine-schutz-daten. Processing is a prerequisite for us to be able to offer a website and thus present ourselves to the outside world.

We use the Cloudflare content delivery network for our website. The provider is Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA. The provider processes the personal data transmitted via the website, some of which is also mentioned in other sections of this privacy policy, e.g. content, usage, meta/communication or contact data, in the USA. The provider is therefore the recipient of the data. Further information can be found in the provider's privacy policy at https://www.cloudflare.com/de-de/privacypolicy/. The processing is a prerequisite for us to be able to offer an easily accessible website and thus present ourselves to the outside world.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

We use the content delivery network jsDelivr for our website. The provider is Prospect One SP. Z O.O. SP. K., Ul. Karmelicka 5 5, 31-133 Krakow, Poland. The provider processes the personal data transmitted via the website, some of which are also mentioned in other sections of this privacy policy, e.g. content, usage, meta/communication or contact data, in the USA. The provider is therefore the recipient of the data. Further information can be found in the provider's privacy policy at https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net. The processing is a prerequisite for us to be able to offer an easily accessible website and thus present ourselves to the outside world.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.4. Contact form

When you contact us via the contact form on our website, we process the data requested there and the content of the message in order to process the request. To the extent permitted by law, we may also process the data for direct marketing purposes.

3.5. Booking appointments

Site visitors can book appointments with us on our website. We process the data collected in order to plan and carry out the appointments and to offer interested parties a user-friendly way of making appointments via the website.

3.6. Customer account

Visitors to the website can open a customer account on our website. We process the data requested in this context in order to make the account and its functions available. To the extent permitted by law, we may process the account data for direct marketing purposes.

3.7. Technically necessary cookies

Our website uses cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the website more user-friendly, effective and secure. Insofar as data is processed, this is done for the purpose of providing customers and other site visitors with a functional website. Specifically, we use technically necessary cookies for the following purpose or purposes:

Cookies that store log-in data and
Cookies that adopt language settings

3.8. Third-party providers on the website

3.8.1. Phrase

We use a service provided by Phrase a.s. (formerly Memsource a.s.), Václavské náměstí 2132/47, 110 00 Prague 1, Czech Republic (privacy policy: https://phrase.com/privacy/) for translations, marketing automation and tracking. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.2. Facebook Like Button

the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.3. Brevo Analytics

We use a service of the provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (privacy policy: https://de.sendinblue.com/legal/privacypolicy/) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.4. LinkedIn Ads

We use a service of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (privacy policy: https://www.linkedin.com/legal/privacy-policy?) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.5. BetterStack

We use a service from the provider Better Stack, Inc., Prague, Hlavni mesto Praha, Czech Republic (privacy policy: https://betterstack.com/privacy) to monitor applications and track errors in applications or on websites. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.6. Adobe fonts

We use a service of the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart Dublin 24, Saggart, Dublin, Ireland (privacy policy: https://www.adobe.com/de/privacy.html) for fonts on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.7. Google Ads

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.8. Adobe fonts

We use a service of the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart Dublin 24th, Saggart, Dublin, D24dcw0, Ireland (privacy policy: https://www.adobe.com/de/privacy/policy.html) for fonts on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.9. Jira Service Management

We use a service of the provider Atlassian B.V., c/o Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, USA (privacy policy: https://www.atlassian.com/de/legal/privacy-policy) for error tracking in applications or on websites. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.10. Mautic

We use a service from the provider Mautic, 50 Princes Street, Ipswich, Suffolk, IP1 1RJ, United Kingdom (privacy policy: https://www.mautic.org/privacy-policy). The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in Great Britain. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.11. Microsoft Clarity

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement) to identify business opportunities and for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.12. Microsoft Dynamics 365

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) to manage customer relationships. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.13. Cloudflare Analytics

We use a service of the provider Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA (privacy policy: https://www.cloudflare.com/de-de/privacypolicy/) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.14. Google Webfonts

We use a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, the processing only takes place on our servers (privacy policy: https://policies.google.com/privacy?hl=de) for fonts on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.15. Microsoft Bookings

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) to plan appointments. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.16. Google Webfonts

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for fonts on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.17. Google Conversion Tag

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de https://support.google.com/tagmanager/answer/9323295?hl=de&ref_topic=3441532) for conversion tracking. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.18. OpenStreetMap

We use a service of the provider OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge CB4 0WS, UK (privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy) for maps on our website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.19. Salesforce Marketing Cloud Personalization (formerly Salesforce Interaction Studio)

We use a service of the provider salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich, Germany (privacy policy: https://www.salesforce.com/company/privacy/) for analysis and personalization. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.20. Microsoft Advertising (Bing Ads)

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement) for analysis and conversion tracking. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.21. Meta Pixel

We use a service of the provider Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (privacy policy: https://www.facebook.com/policy.php) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.22. Zapier

We use a service of the provider Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA (privacy policy: https://zapier.com/privacy) for automation between applications. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.23. Google Analytics

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.24. Real Cookie Banner

We use a service from the provider devowl.io GmbH, Tannet 12, 94539 Grafling (privacy policy: https://devowl.io/privacy-policy/) to manage consents. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.25. Google Maps

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy) for maps on our website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.26. YouTube Videos

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy) for videos on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.27. Sentry

We use a service from the provider Functional Software, Inc., 132 Hawthorne Street San Francisco, CA 94107, USA (privacy policy: https://sentry.io/privacy/) to monitor applications and track errors in applications or on websites. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.28. Facebook Conversion API

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.29. Font Awesome

We use a service of the provider Fonticons, Inc, 307 S Main St, Bentonville, Arkansas, 72712, USA (privacy policy: https://fontawesome.com/privacy) for fonts on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.30. Google Marketing Platform

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for analysis and advertising. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.31. Google Tag Manager

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.32. Cloudflare

We use a service from the provider Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA (privacy policy: https://www.cloudflare.com/de-de/privacypolicy) for the security of our applications. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.33. LinkedIn Share button

We use a service of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (privacy policy: https://www.linkedin.com/legal/privacy-policy?) to share interests in social media. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.34. Wordpress.com

We use a service of the provider Aut O'Mattic A8C Ireland Ltd, 25 Herbert Pl, Dublin, D02 AY86, Ireland (privacy policy: https://automattic.com/de/privacy/) to create websites. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.35. Hotjar

We use a service of the provider Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta (privacy policy: https://www.hotjar.com/legal/policies/privacy/) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.8.36. Facebook Custom Audiences

We use a service of the provider Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (privacy policy: https://www.facebook.com/policy.php) for advertising. The provider is the recipient of personal data within the scope of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

4. Payment service provider

To process payments, we use payment processors, most of whom are themselves data controllers under data protection law. When they are used, they process payment data. The purpose of the processing is to execute the payments. These payment service providers are:

Stripe Payments Europe, Ltd, Ireland

5. Data processing on social media platforms

We are represented on social media networks in order to present our organization and our services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. For this purpose, the network operators store information on user behavior in cookies on the user's computer. It is also possible that the operators may combine this information with other data. For more information and information on how users can object to processing by the site operators, please refer to the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located abroad, meaning that they process data there. This may result in risks for users, e.g. because the enforcement of their rights is made more difficult or government agencies gain access to the data.

When users of the networks contact us via our profiles, we process the data provided to us in order to respond to the inquiries.

5.1. Facebook

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. You can object to data processing via the settings for advertisements: https://www.facebook.com/settings?tab=ads. We are jointly responsible for processing the data of visitors to our profile on the basis of an agreement with Facebook. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive faster feedback if they contact Facebook directly.

5.2. YouTube

We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.

5.3. Twitter

We maintain a profile on Twitter. The operator is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here: https://twitter.com/de/privacy. You can object to data processing via the settings for advertisements: https://twitter.com/personalization.

5.4. LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. You can object to data processing via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

6. Data processing of applicants

When people apply to us for open positions (which we have advertised ourselves or which we advertise on third-party websites) or submit unsolicited applications, we process their data for the purposes of the application process.

We may also contact interesting applicants directly for a position. In this case, we process your master data (e.g. name), contact data (e.g. e-mail address) and other data that may be of interest for the specific position.

Recipients of the data are service providers used as part of the application process (e.g. contract processors as part of the recruitment process) and providers of cloud software that we use. We have listed the recipients that we can currently identify in the "Recipients of data" section below.

We ask applicants to refrain from providing information on political opinions, religious beliefs and similar sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent it from being processed.

If applicants have given us their consent to use their data for further application procedures, we will also process their data for further application procedures.

7. data processing outside the website

7.1. Processing purposes

We process personal data for the purposes stated below or elsewhere in this document (e.g. under "Recipients of data"):

Provision of contractual services and fulfillment of contractual obligations
Contact us (e.g. by e-mail or telephone)
Communication
Answering inquiries
IT security measures
Direct marketing
Request and consideration of feedback
Security measures in our office

7.2. Recipients of data

Recipients of data are service providers used by us (e.g. contract processors), providers of cloud software that we use and other external bodies. We list the names of recipients that we can currently identify below. However, the list is not exhaustive.

7.2.1. Microsoft 365

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) for collaboration at work, for writing documents and for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, third parties, users and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.2. Cloudflare

We use a service of the provider Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA (privacy policy: https://www.cloudflare.com/en-gb/privacypolicy/) for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.3. OneDrive for Business

We use a service from the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) for storage in the cloud and for collaboration at work. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, users, third parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.4. Hetzner

We use a service from the provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (data protection declaration: https://www.hetzner.com/de/rechts/datenschutz) for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.5. Microsoft Teams

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) for video conferencing. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.6. Microsoft Teams

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) for communication. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.7. Microsoft Exchange

We use a service from the provider Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (data protection declaration: https://privacy.microsoft.com/de-de/privacystatement? culture=de-de&country=DE) for planning appointments, project management and sending emails. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and employees.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.8. Confluence

We use a service of the provider Atlassian B.V., c/o Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, USA (privacy policy: https://www.atlassian.com/de/legal/privacy-policy) for project management. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees, users, third parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.9. 2getHR

We use a service from the provider 2BIT AG, Hochbordstrasse 9, 8600 Dübendorf, Switzerland (privacy policy: https://2gethr.ch/funktionen/sicherheit/) for employee management and time recording. The provider is the recipient of personal data in the context of the aforementioned processing. The data subjects are employees.

7.2.10. Make

We use a service from the provider Celonis, Inc, One World Trade Center, 87th Floor, New York, NY, 10007, USA (privacy policy: https://www.make.com/en/privacy-notice) for automation between applications. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.11. Adobe Sign

We use a service of the provider Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, Citywest Business Park 0000 Dublin 24, Ireland (privacy policy: https://www.adobe.com/de/privacy/policy.html) for electronic signatures. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and employees.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.12. Brevo

We use a service from the provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (privacy policy: https://de.sendinblue.com/legal/privacypolicy/) for email marketing and customer relationship management. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.13. YouSign

We use a service from the provider YouSign, 8 Allée Henri Pigis, F-14000 Caen, France (privacy policy: https://yousign.com/de-de/datenschutz) for electronic signatures. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.14. Microsoft Advertising (Bing Ads)

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement) for advertising and analysis. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.15. Ahrefs

We use a service of the provider Ahrefs Pte. Ltd, 16 Raffles Quay, #33-03 Hong Leong Building, Singapore 048581 (privacy policy: https://ahrefs.com/privacy-policy) for SEO optimization and analysis. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, users and third parties.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.16. Google Ads

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.17. Wistia

We use a service of the provider Wistia, Inc., 120 Brookline Street, Cambridge, Massachusetts, 02139, USA (privacy policy: https://wistia.com/privacy) for video marketing. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, users and customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.18. Pipedrive

We use a service from the provider Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (privacy policy: https://www.pipedrive.com/en/privacy) for lead management. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.19. Salesforce

We use a service of the provider Salesforce, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (privacy policy: https://www.salesforce.com/company/privacy/) for email marketing. The provider is the recipient of personal data in the context of the aforementioned processing. The data subjects are interested parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.20. Apollo

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.21. Mautic

We use a service from the provider Mautic, 50 Princes Street, Ipswich, Suffolk, IP1 1RJ, United Kingdom (privacy policy: https://www.mautic.org/privacy-policy) to automate marketing. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and customers.

The provider processes personal data in Great Britain. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.22. Facebook Ads

We use a service of the provider Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (privacy policy: https://www.facebook.com/policy.php) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.23. Yoast

We use a service of the provider Yoast B.V., Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands (privacy policy: https://yoast.com/privacy-policy/) for SEO optimization. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.24. Salesforce Account Engagement

We use a service from the provider salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich, Germany (privacy policy: https://www.salesforce.com/company/privacy/) to automate marketing. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.25. LinkedIn Sales Navigator

We use a service of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (privacy policy: https://www.linkedin.com/legal/privacy-policy?) to identify business opportunities. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.26. Zapier

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.27. DocuSign

We use a service from the provider DocuSign Germany GmbH, Neue Rothofstrasse 13-19, 60313 Frankfurt (privacy policy: https://www.docusign.de/unternehmen/datenschutz) for electronic signatures. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, third parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.28. Google Adsense

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.29. Aircall

We use a service from the provider Aircall SAS, 11 Rue Saint-Georges, 75009 Paris, France (privacy policy: https://aircall.io/privacy/) for telephone calls. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are third parties and customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.30. LinkedIn Ads

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.31. Pipedrive

We use a service from the provider Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (privacy policy: https://www.pipedrive.com/en/privacy) to manage customer relationships. The provider is the recipient of personal data in the context of the aforementioned processing. The data subjects are customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.32. Salesforce

We use a service from the provider salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich, Germany (privacy policy: https://www.salesforce.com/company/privacy/) to manage customer relationships. The provider is the recipient of personal data in the context of the aforementioned processing. The data subjects are customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.33. Zammad

We use a service from the provider Zammad GmbH, Marienstraße 18, 10117 Berlin (privacy policy: https://zammad.com/de/unternehmen/datenschutz) as a ticketing system and for customer support. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.34. Mailgun

We use a service of the provider Mailgun Technologies, Inc, 112 E Pecan St Ste 1135, San Antonio, TX, 78205-1509, USA (privacy policy: https://www.mailgun.com/privacy-policy/) for email marketing. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.35. pdfcrowd

We use a service from the provider Pdfcrowd s.r.o., Kostelní náměstí 506/1, 288 02 Nymburk, Czech Republic (privacy policy: https://pdfcrowd.com/privacy/) to process documents. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.36. DigitalOcean

We use a service from the provider Digitalocean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013, USA (privacy policy: https://www.digitalocean.com/legal/privacy-policy) for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, users, third parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.37. Phrase

We use a service from the provider Phrase a.s. (formerly Memsource a.s.), Václavské náměstí 2132/47, 110 00 Prague 1, Czech Republic (privacy policy: https://phrase.com/privacy/) for translations, location tracking and marketing automation. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties and users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.38. bexio AG

We use a service from the provider bexio AG, Alte Jonastrasse 24, 8640 Rapperswil, Switzerland (privacy policy: https://www.bexio.com/de-CH/richtlinien/datenschutz) for accounting purposes. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees and customers.

The provider processes personal data in Switzerland. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.39. Chargebee

We use a service from the provider Chargebee, Inc, 340 S. Lemon Avenue, Suite #1537, Walnut, California 91789, USA (Privacy Policy: https://www.chargebee.com/privacy/) to manage subscriptions and invoices. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.40. GitHub

We use a service of the provider GitHub B.V., Vijzelstraat 68-72, 1017 HL Amsterdam, Netherlands (privacy policy: https://docs.github.com/en/github/site-policy/github-privacy-statement) for collaboration at work, version management for software development and code provision. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.41. Visual studio code

We use a service of the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (privacy policy: https://privacy.microsoft.com/de-DE/privacystatement) for source code management. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

8. Changes to this privacy policy

We reserve the right to amend this privacy policy with effect for the future. A current version is always available here.

9. Questions and comments

If you have any questions or comments regarding this privacy policy, please do not hesitate to contact us using the contact details above.