Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data and how it is processed when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Information on the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include, for example, data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. Furthermore, information provided through, for example, contact or application forms is used for correspondence purposes.

What rights do you have regarding your data?

You have the right at any time to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. Further information on this can be found below.

You can contact us at any time regarding this and other questions on the subject of data protection.

Commissioned Data Processing

When we cooperate with other companies, such as email and server providers, to provide our services, this only occurs after a comprehensive selection process. In this selection process, each individual service provider is carefully evaluated for their suitability in relation to technical and organisational capabilities in data protection. This selection process is documented in writing, and a contract pursuant to Art. 28(3) GDPR on the processing of personal data on behalf of the controller (data processing agreement) is only concluded if it meets the requirements of Art. 28 GDPR.

Analytics Tools and Third-Party Tools

When visiting this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analytics programmes.

Detailed information on these analytics programmes can be found in the following privacy policy.

How is your data protected?

We have taken technical and organisational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers working for us. Further information can be found in the following privacy policy.

2. Hosting

We do not host our website ourselves but have commissioned appropriate service providers for this purpose. The use of hosting service providers is based on Art. 6(1)(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website possible. We host the content of our website with the following providers:

Hetzner

Our website and products are hosted on the servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter Hetzner). We also use this service as an email server for our services. A sophisticated security and redundancy concept has been implemented that guarantees the highest availability of your data, i.e., the service provider is, among other things, DIN ISO/IEC 27001 certified.

You can view the data processing agreement provided by Hetzner here:
https://www.hetzner.com/AV/DPA_de.pdf

For details, please refer to Hetzner's privacy policy:
https://www.hetzner.com/de/rechtliches/datenschutz

Information on the scope of possible data processing within the framework of web hosting can be found at https://www.hetzner.de/rechtliches/webhosting

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object. If you wish to exercise your legal rights or have general questions, please contact Hetzner's data protection officer by email at data-protection@hetzner.com.

3. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Responsible Party

The responsible party for data processing on this website is:

e3 GmbH hr software+consulting
Zepernicker Chaussee 43/45/47
16321 Bernau bei Berlin

Telefon: +49 (0)30 / 43 73 135-0
E-Mail: info@ehochdrei-hr.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration and Deletion of Personal Data

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.

General Information on the Legal Bases of Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR, insofar as special categories of data pursuant to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your terminal device (e.g., via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TTDSG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(1)(b) GDPR. Furthermore, we process your data if this is required to fulfil a legal obligation on the basis of Art. 6(1)(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR. The relevant legal bases applicable in each individual case are explained in the following paragraphs of this privacy policy.

4. CRM System

HubSpot

Description and Scope of Data Processing

To provide our internet offering, for sending our newsletter, for contact via chat, and for analysing the use of our website, we use "HubSpot", a platform for marketing, sales, customer management, and customer service. Data processing is carried out by: HubSpot, Inc., 25 First Street Cambridge, MA 02141, USA.

Note on Data Processing in the USA:

It is possible that your data may be processed by our service provider HubSpot in the USA. The data protection standard in the USA is, in the opinion of the ECJ, inadequate, and there is a risk that your data may be processed by US authorities for control and surveillance purposes, possibly without legal remedies being available.

HubSpot does not use the data and does not share it with third parties. We trust in the reliability and IT and data security of HubSpot. Further information on data protection at HubSpot can be found at https://legal.hubspot.com/de/terms-of-service.

Legal Basis for Data Processing

The processing of your data in connection with the provision of the internet offering is based on Art. 6(1)(1)(f) GDPR. Our legitimate interest is based on making our website accessible to you.

The legal basis for data processing in connection with sending the newsletter, use of the chat, or analysis of usage is based on your consent pursuant to Art. 6(1)(1)(a) GDPR.

Purpose of Data Processing

We use this service provider to make our website and related offerings available to you and to cooperate with as few commissioned data processors as possible for this purpose.

Duration of Data Storage

According to HubSpot, HubSpot stores your personal data only as long as we use your personal data. HubSpot deletes your data when we delete our account with HubSpot after a period of 30 days.

Right of Removal by the Data Subject

You have the option at any time to revoke your consent to the respective data processing.

You also have the option at any time to object to data processing within the framework of hosting. For this purpose, please contact our data protection officer.

Data Protection Officer

We have appointed a data protection officer.

https://webersohnundscholtz.de

WS Datenschutz GmbH, Herr Christian Scholtz

Dircksenstraße 51
10178 Berlin
E-Mail: ehochdrei-skillware@ws-datenschutz.de

Note on Data Transfer to the USA and Other Third Countries

In order to provide our services, we rely on the support of service providers from the European area as well as from third countries. To ensure the protection of your personal data in the event of data transfer to a third country, we conclude special data processing agreements with each of the carefully selected service providers. All service providers we use have sufficient evidence that they ensure data security through appropriate technical and organisational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognised by the EU Commission (Art. 45 GDPR) or have provided appropriate safeguards (Art. 46 GDPR).

Adequate level of protection: The provider comes from a country whose adequate level of data protection has been recognised by the EU Commission. Further information can be found at: Adequacy decisions (europa.eu)

EU Standard Contractual Clauses: Our provider has agreed to the EU Standard Contractual Clauses to ensure a secure data transfer. Further information can be found at:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: The GDPR provides, in Art. 47, for the possibility of ensuring data protection during data transfer to a third country through binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR.

Consent: Furthermore, a data transfer to a third country without an adequate level of protection only takes place if you have given us your consent pursuant to Art. 49(1)(a) GDPR or another exception under Art. 49 GDPR is applicable for the data transfer.

Rights of Data Subjects

Revocation of Your Consent to Data Processing (cf. Art. 7 GDPR)

Many data processing operations are only possible with your express consent. You can revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. It can be made (remotely) orally or in writing by post or email to us.

Right of Access (cf. Art. 15 GDPR)

In the event of a request for access, you must provide sufficient information about your identity and proof that the information pertains to you. The access relates to the following information:

the purposes for which the personal data is processed;
the categories of personal data being processed;
the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data, if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to Erasure or Rectification (cf. Art. 16, 17 GDPR)

You have the right to rectification and/or completion vis-à-vis us as the controller, insofar as the processed personal data concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

You may also request the erasure of personal data concerning you, provided that one of the following reasons applies to you:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6(1)(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
The personal data concerning you has been processed unlawfully.
The erasure of the personal data concerning you is required for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

If we have made the personal data concerning you public and are obligated to erase it pursuant to Art. 17(1) GDPR, we shall take all reasonable measures to inform other controllers responsible for data processing that you have requested the erasure of all links to such personal data or of copies or replications of such personal data.

The right to erasure does not apply insofar as the processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the purposes of such processing; or
for the establishment, exercise, or defence of legal claims.

Right to Restriction of Processing (cf. Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defence, or establishment of legal claims, you have the right to request the restriction of processing of your personal data instead of erasure.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Right to Notification (cf. Art. 19 GDPR)

If you have exercised your right to rectification, erasure, or restriction of data processing vis-à-vis us, we are obligated to notify all recipients of your personal data of the rectification, erasure, or restriction of data processing. This applies only insofar as such notification does not prove to be impossible or involve a disproportionate effort.

You have the right to be informed about which recipients have received your data.

Right to Data Portability (cf. Art. 20 GDPR)

You have the right to receive your personal data from us in a commonly used, machine-readable format in order to forward it, if applicable, to another controller, provided that:

the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(b) GDPR; and
the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have personal data transmitted directly from us to another controller, where technically feasible.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to Object to Data Collection in Special Cases and to Direct Marketing (cf. Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority (cf. Art. 77 GDPR)

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

The supervisory authority with which the complaint was lodged shall inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Data Collection on Our Website

Chatbot

On our website, we offer a chatbot that helps you create an individual requirements profile for a position and select suitable skill tests. The chatbot uses ChatGPT technology provided by OpenAI. During the use of the chatbot, the information you enter is processed to provide you with suitable recommendations. In doing so, personal data such as name, qualifications, professional interests, and other content you provide may be processed.

The processing of data is based on Art. 6(1)(1)(b) GDPR, insofar as the use of the chatbot serves the preparation or performance of a contractual relationship. In other cases, the processing is based on Art. 6(1)(1)(f) GDPR, based on our legitimate interest in providing a user-friendly and efficient advisory service.

The processing of your data is carried out exclusively for the purpose of providing interactive support in creating a requirements profile and selecting suitable skills.

The data entered is stored for a period of 24 months unless the user deletes the information themselves. In individual cases, temporary storage may occur for troubleshooting or improving the user experience.

The chatbot uses OpenAI's services to process your inputs. In doing so, data may be transmitted to OpenAI's servers. OpenAI processes this data in accordance with its own privacy policy. Further information on data processing by OpenAI can be found at: https://openai.com/de-DE/policies/row-privacy-policy/

Cookies

Our websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your terminal device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your terminal device until you delete them yourself or they are automatically deleted by your web browser.

Cookies cannot execute programmes or transmit viruses to your computer. We use them to enable you to log in and to analyse the use of our website in anonymised or pseudonymised form and to present you with interesting offers on this website. In this way, various data can be transmitted:

Frequency of website visits
Which functions of the website you use
Your cookie settings

When you access the website, a cookie banner informs you about the use of cookies and refers to the privacy policy.

The legal basis for the processing of data through cookies that do not solely serve the functionality of our website is Art. 6(1)(1)(a) GDPR.

The legal basis for data processing for cookies that solely serve the functionality of this website is Art. 6(1)(1)(f) GDPR. Our legitimate interest arises from ensuring a smooth connection setup and comfortable use of our website, as well as from reasons of evaluating system security and stability. Data processing also takes place to enable a statistical evaluation of website usage.

You can set your browser to inform you about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. You have the option at any time to revoke your consent to data processing through cookies that do not solely serve the functionality of the website. Furthermore, we only set cookies after you have consented to the setting of cookies when accessing the page. In this way, you can prevent data processing via cookies on our website.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this privacy policy and, if applicable, request your consent.

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.

Data processing is carried out for the purpose of enabling the use of the website (connection setup). It serves system security, the technical administration of the network infrastructure, and the optimisation of the internet offering. The IP address is only evaluated in the event of attacks on our network infrastructure or that of our internet provider.

The personal data is deleted as soon as it is no longer required for the above-mentioned purposes. This is the case when you close the website. Our hosting provider may use the data for statistical purposes. However, the data is anonymised for this purpose. The data is automatically deleted by our hosting provider.

The website can only be displayed if the described data is processed. Please assert any objection to further processing of the data with our data protection officer or with the hosting provider (see above under Hosting).

Contact Form

If you send us enquiries via the contact form (https://skillware.ehochdrei-hr.de/contact), your details from the enquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We also use HubSpot for efficient customer support (see above).

Various data is required for responding to the enquiry, which is automatically stored for processing. The following data is collected at minimum (marked as mandatory field) within the contact form:

Name
Company
Email
Phone
Your message

The data is not passed on to third parties.

The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.

The data you entered in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by Email, Phone, or Fax

If you contact us by email, phone, or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested; consent can be revoked at any time.

The data you send to us via contact enquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Seminar Registration

You can register online on our website as a participant for a seminar organised and offered by us. (https://skill.ehochdrei-hr.de/seminare)

The data entered is used only for the purpose of using the respective offering for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject participation. The following data is collected at minimum:

Email address
First name
Last name

You may optionally provide the following data:

Phone number

The processing of the data entered during registration is carried out for the purpose of performing the business relationship established through participation and, where applicable, for initiating further contracts (Art. 6(1)(1)(b) GDPR). If you also enter personal data in the other (optional) input fields, the data processing is based on Art. 6(1)(1)(a) GDPR.

The data collected during registration is stored by us as long as it is necessary for contract fulfilment. Statutory retention periods remain unaffected. Both during and after registration, you are free to change, correct, or delete the personal data provided.

We use "HubSpot" for this purpose, a platform for marketing, sales, customer management, and customer service. Data processing is carried out by: HubSpot, Inc., 25 First Street Cambridge, MA 02141, USA. HubSpot does not use the data and does not share it with third parties. We trust in the reliability and IT and data security of HubSpot. Further information on data protection at HubSpot can be found at https://legal.hubspot.com/de/terms-of-service

Website Login

You can log in on our websites (https://skillware.ehochdrei-hr.de, https://panel.ehochdrei-skillware.de, https://feedback.ehochdrei-skillware.de, https://vac.ehochdrei-skillware.de) to use our software. The data entered is used only for the purpose of using the respective offering or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. The following data is collected at minimum:

Email address
Password

For important changes, such as changes to the scope of offerings or technically necessary changes, we use the email address provided during registration to inform you accordingly.

The processing of the data entered during registration is carried out for the purpose of performing the usage relationship established through registration and, where applicable, for initiating further contracts (Art. 6(1)(1)(b) GDPR). If you also enter personal data in the other (optional) input fields, the data processing is based on Art. 6(1)(1)(a) GDPR.

The data collected during registration is stored by us as long as you are registered on this website and is subsequently deleted. Statutory retention periods remain unaffected. Both during and after registration, you are free to change, correct, or delete the personal data provided.

Registration

To purchase products, it is necessary to register with a customer account. (https://skillware.ehochdrei-hr.de/register/business) The data entered is used only for the purpose of using the respective offering for which you have registered. The mandatory information requested during registration must be provided in full. The following data is collected at minimum:

Account type
Inclusive assessments
Master data
- Company
- Company address
User data
- First name
- Last name
- Email address

You may optionally provide the following data:

Salutation
Phone number

Google Calendar

On our website, you have the option to schedule appointments with us. For scheduling, we use Google Calendar. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").

For the purpose of booking an appointment, you enter the requested data and your preferred appointment time in the designated form. The following data is collected at minimum:

Email address
First name
Last name
Preferred time & duration of the meeting

You may optionally provide the following data:

Phone number

The data entered is used for the planning, conduct, and, where applicable, follow-up of the appointment. The appointment data is stored for us on Google Calendar's servers, whose privacy policy you can view here: https://policies.google.com/privacy.

The data you entered will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.

The legal basis for data processing in the context of appointment scheduling is Art. 6(1)(1)(b) GDPR and serves (pre-)contractual purposes. The purpose of data processing is to facilitate the simplest possible appointment scheduling with interested parties and customers.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here:

https://workspace.google.com/terms/dpa_terms.html
https://cloud.google.com/terms/sccs

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform any independent analyses. It serves only the management and deployment of the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, session duration, operating systems used, and origin of the user. This data is assigned to the respective user's terminal device. An assignment to a user ID does not take place.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available at Google (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data by, for example, analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here:

https://policies.google.com/privacy/frameworks
https://privacy.google.com/businesses/controllerterms/mccs

Interview Guide Request

On our website, you have the option to request a structured interview guide. (https://skill.ehochdrei-hr.de/interview)

For the purpose of sending, you enter the requested data in the designated form. The following data is collected at minimum:

Email address
First name
Last name

You may optionally provide the following data:

Phone number

The data entered is used for sending the requested interview guide.

The legal basis for data processing in the context of the request is Art. 6(1)(1)(b) GDPR and serves (pre-)contractual purposes.

IP Anonymisation

We have activated the IP anonymisation function on this website. As a result, your IP address is truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

6. Audio and Video Conferences

Data Processing

For communication with our customers, we use, among other things, online conferencing tools. The specific tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide/use to utilise the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other "context information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for the handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective tools used, which we have listed below this text.

Purpose and Legal Bases

The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(1)(b) GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6(1)(1)(f) GDPR). Insofar as consent was requested, the use of the tools in question is based on this consent; the consent can be revoked at any time with effect for the future.

Storage Duration

The data directly collected by us via the video and conferencing tools is deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage duration of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please contact the operators of the conferencing tools directly.

Conferencing Tools Used

We use the following conferencing tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom's privacy policy: https://zoom.us/de-de/privacy.html.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can also be found here: https://zoom.us/de-de/privacy.html.

7. Job Applications

Handling of Applicant Data

We offer you the opportunity to apply to us by email. For this purpose, personal data is processed and stored for further processing for the respective application procedure. If you send us an email in this regard, we process the data contained therein, such as CV, cover letter, application photo.

We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions, and that your data is treated with strict confidentiality.

Scope and Purpose of Data Collection

When you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship and exclusively for the purpose of conducting the application procedure. The legal basis for this is Section 26 BDSG (German Federal Data Protection Act) and Art. 88 GDPR.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG (German Federal Data Protection Act) and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

Data Retention Period

If the application leads to the establishment of an employment relationship, the personal data will be stored in accordance with statutory provisions. If the application is not considered in the selection of a potential candidate, it will be deleted in accordance with the rules of the applicable deletion concept, taking into account the provisions of the AGG (General Equal Treatment Act), in particular the existing burden of proof pursuant to Section 22 AGG.

This does not apply if statutory provisions preclude deletion or you have given your consent to longer storage. In this case, the further storage of your personal data is based on Art. 6(1)(1)(c) or (a) GDPR.

Right of Removal

Consent to the longer retention of your applicant data can be revoked at any time. Your personal data will only be shared within our company with persons involved in processing your application.

Inclusion in the Applicant Pool

If we do not make you a job offer, there may be the possibility of including you in our applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6(1)(1)(a) GDPR). The giving of consent is voluntary and is not related to the ongoing application procedure. The data subject can revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no statutory retention reasons.

The data from the applicant pool will be irrevocably deleted no later than two years after consent is given.