[Last Update: 17th August 2023]
1. Introduction
We are dedicated to safeguarding your privacy and personal information. Our Data Protection Policy outlines how we manage data in adherence to stringent regulations like the GDPR. Committed to upholding your data security and adhering to the law, particularly the GDPR, we present this policy to illuminate the utilization of your information on our website and services. Kindly peruse this document carefully. If you have queries regarding your data handling, please reach out to us at [email protected]. Additional privacy notices may be provided when necessary, and these notices complement this Privacy Policy, offering a comprehensive understanding.
1.1. Scope and Handling of Personal Data
This Privacy Policy aims to elucidate the handling of personal data by EDI Jobs, a platform provided by MIG Media UG, located at Metzer Str. 45, 10405 Berlin, Germany (referred to as “EDI Jobs”, “we,” “us,” “our” or “platform”). Personal data encompasses information directly or indirectly linked to an individual. The guidelines delineated in this Privacy Policy govern the handling of your personal data while using our Platform, which includes a comprehensive range of services aimed at promoting EDI principles. These services encompass:
- Education & E-Learning: Providing educational resources on EDI topics.
- EDI @Work Course & Certificate: Offering specialized video content and certifications focused on implementing EDI principles in the workplace.
- EDI News: Curating news articles, blog posts, and updates relevant to EDI initiatives and advancements.
- EDI Calendar: Maintaining a calendar of events related to EDI.
- Job Board: Facilitating the posting and application of job opportunities that prioritize EDI principles.
- Sign in: Allowing users to create accounts and access personalized features.
- Featured Jobs: Showcasing highlighted job opportunities that prioritize EDI values.
- Services for Companies: Providing tools and resources to assist organizations in fostering EDI within their workplaces.
- Services for Candidates: Offering support and guidance to individuals seeking employment opportunities aligned with EDI principles.
- Publishing: Allowing users to publish articles, events, and job postings related to EDI.
- AI Text Tools: Providing tools to analyze and improve the inclusivity of written content, including gender-neutral language and CV optimization.
- Marketing & Branding: Assisting organizations in promoting their commitment to EDI through branding and marketing initiatives.
- EDI Commitment Badge: Recognizing organizations that demonstrate a strong commitment to EDI principles.
- Social Media Campaigns: Launching campaigns to raise awareness and promote EDI initiatives across various social media platforms.
2. Visit of Our Website
Upon accessing our platform, certain information is automatically conveyed to our servers through the platform and your device’s browser. This data is temporarily stored in a log file. The following details are collected without your input and remain in the log file until deletion:
- IP address of the device used
- Device type
- Date and time of access
- Name and URL of the accessed file
- Referrer URL (website from which you arrived)
- Unique identifier of your browser
This data processing is founded on our legitimate interest as stipulated in Article 6(1)(f) of the GDPR. Our interest stems from the purposes outlined below. It’s crucial to note that this collected data doesn’t reveal your identity, nor is that our intent. The IP address and the aforementioned data serve the following purposes:
- Ensuring a seamless platform connection and functionality
- Enhancing user experience of our services
- Evaluating system security and stability
- Performing administrative tasks
In addition, we employ cookies, tracking tools, targeting techniques, and interfaces to other services, such as social media platforms or job boards, as part of our offerings.
3. Conclusion, Implementation, or Termination of User Account Terms for Applicants & Candidates
When you register on our platform and create a user account, including your basic information and ongoing/completed applications, we utilize your data for the following purposes:
- Facilitating job application process our platform
- Tailoring job offers to your profile, preferences, and needs through job alerts
To achieve this, we organize and enhance your user account with statistical and user-specific data, utilizing your profile and past application data from EDI Jobs. These actions align with the contract under Article 6(1)(b) of the GDPR. If your explicit consent under Article 6(1)(a) or Article 9(2)(a) is required for data handling, we’ll obtain it before gathering your personal data. Remember, you can modify or delete settings and data in your user account and application at any time, though withholding essential data might limit your service utilization.
For a comprehensive overview of data processing purposes and categories, read on if you have an active user account with us:
3.1. Data Processing for User Account Creation and Usage
Establishing and managing a user account requires processing the following data:
- First name, last name (mandatory for account creation)
- Email address (mandatory for account creation)
- Password (encrypted)
Other fields are optional, such as following:
- Industry
- Location
- Resume upload
- Cover
- Title
- About (short bio)
- Additional Info
- Skills
- Education & Training
- Social Media
- Additional Files, such as Gallery/Portfolio, Video
- Job Alerts
When applying for a specific job on our platform, we process and share data with the hiring company according to your customised profile. This includes, but is not limited to, the following information generated from your profile:
- Email address
- Contact details
- First name, last name
- Resume, if provided
3.3. Data Processing for Sending Job Offers
We employ your user login data under Article 6(1)(b) of the GDPR to present job opportunities aligned with your interests, minimizing irrelevant offers. To achieve this, we assess your data against vacant job criteria, analyzing factors such as your resume, recommendations, preferences, and usage history. Should a potential match arise, we may contact you via email or our platform, allowing you to apply for the position. You can unsubscribe from notifications at any time, but this might limit access to our services.
3.4. External Job Post URLs
EDI Jobs participates in affiliate marketing programs related to job posts. This means that we provide links on our platform that may direct you to third-party job boards, recruiting platforms, or other services where job opportunities are posted. When you take actions such as clicking on these links, we may earn commissions or other compensation through these links.
Please note that clicking on affiliate links for job posts may result in the collection of certain information by the affiliate marketer, such as IP address, browser information, and interactions with the linked website. This information may be used by the affiliate marketer to track user interactions and attribute commissions. The use of such information by affiliate marketers is governed by their respective privacy policies, and we do not control or assume responsibility for their data practices.
The presence of affiliate links for job posts on our platform does not necessarily imply endorsement or recommendation of the linked job opportunities or recruiting platforms. We strive to provide accurate and helpful information to our users, but we encourage users to review the terms of use and privacy policies of any third-party websites or services they visit through affiliate links.
3.5. Termination
Should you wish to delete your account, you can do so at any time via your designated dashboard. Simply follow the provided instructions after clicking the delete button. Please note that by deleting your account, all personal information and data associated with it will be permanently removed from our platform. This action is irreversible, and you will lose access to your account as well as any ongoing or completed applications. Prior to deleting your account, we advise reviewing and downloading any important data or documents you may need.
4. Conclusion, Execution, or Termination of Service Agreement for Companies & Corporate Customers
Our platform offers an innovative solution for Diversity and Inclusion (D&I) initiatives, designed to support your company’s efforts in fostering an inclusive workplace. By creating a company account, you gain access to a range of features and services tailored to meet your D&I objectives:
- Posting job ads with support for gender-neutral language usage
- Managing application data efficiently
- Utilizing the EDI AI Text Tool for inclusive job descriptions
- Integrating your job posts with your Applicant Tracking System (ATS) via URL
- Accessing features such as multiposting and XML interface
- Receiving and managing applications for vacant positions
- Analyzing candidates
- Booking additional services conveniently through your dashboard
To fulfill these services, we process personal data provided through the platform.
These actions are firmly rooted in the contract existing between your organization and us, as governed by Article 6(1)(b) of the GDPR. If data processing necessitates consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, explicit consent will be obtained prior to collecting your personal data.
You maintain the capability to modify or delete data and settings within your employee login, company account/profile, and applicant management on our platform at any time. Keep in mind that withholding data essential for the purposes mentioned might limit your ability to fully utilize our services.
4.1. Detailed Breakdown of Processed Data Categories
4.1.1 Data Processing for Company Account Creation and Usage
To access our platform, you need to create a company account. During this process, we collect the following mandatory data:
- Company name
- Email address
- Password (encrypted)
Additionally, you have the option to customize your profile by providing further details about your company, including its logo, D&I statement, address, and contact information. You can also link your profile to social media accounts if desired.
Please note that uploading a logo is required for posting jobs.
4.1.2. Data Processing for Employees
Upon creating a company account, employees are automatically registered as users using the provided email address. This connects them to the company account, granting access to post and manage job ads, handle applications, and engage with candidates.
4.1.3. Data Processing for Job Advertisement
Generating job advertisements manually or via XML file requires processing the following data:
- Logo
- Job Title
- Job Description
- Job Location
- Job Category
Optional fields are:
- Job Level
- Setting Job as Featured, if applicable
- Excerpt
- Required Experience in years
- Salary
- Benefits
- Valid Until date, if applicable, by default 30 days
- Employer (only if different from the company profile)
- Apply Job External URL (for direct linking to company’s ATS)
We ensure the confidentiality and security of this data in accordance with our privacy policy and relevant data protection regulations.
4.1.4. Data Processing for Application Process Management
Processing candidate applications includes the following data (not applicable for users using XML interface with direct link*):
- Contact details of the candidate (applicable in all cases).
- Contact details of the responsible person in your company (applicable when managing applications manually through the platform).
- Documents submitted by candidates through the platform.
- Information related to the application process.
*Note: The processing of contact details is not applicable for company accounts utilizing the XML interface with direct links. In such cases, the platform only facilitates the linking process, directing candidates to the employer’s ATS without processing any data.
4.1.5. Data Processing for Identifying Suitable Candidates
To match candidates with your company’s needs, we may process the following data:
- Your company’s data, including name, address, and contact details
- Company profile data
- Job description details
- Publicly available company data
4.1.6. Data Processing for Invoicing
For chargeable services or products, we process personal data for invoicing based on Article 6(1)(b) and Article 6(1)(c) of the GDPR, including:
- Contact details
- Company information
- Payment information
5. User and Customer Support
For registering on our platform, a double opt-in process is employed. Upon registration, you will receive an email to explicitly confirm your registration. Your account will be activated only after confirmation. Data processed for job offers and user/customer support includes the data you provide, such as name, email address, browser information, IP address, and interactions with emails and our platform.
6. Streak
To effectively manage customer data, we utilize the CRM platform Streak, located at 160 Pine St Ste 250, San Francisco, California, 94111, United States. This platform aids in recording customer information, communicating with customers, documenting interactions, and tailoring offers based on customer preferences.
The following data will be processed via Streak’s servers:
- Name
- E-mail address
- Customer master data
- Data on interactions with emails
This data processing is grounded in Article 6(1)(b) of the GDPR and contributes to the enhancement of our services and customer support. If you have inquiries or concerns, you can directly contact Streak at [email protected].
7. EDI Jobs AI Plugin and Data Processing
Our website incorporates the “EDI Jobs AI” plugin, leveraging GPT technology to assist users in adopting gender-neutral language and support candidates to optimize CV text. The plugin collects and processes log files and user input data to refine gender-neutral language suggestions and fine-tune the AI model.
7.1. Data Collected and Purpose of Processing:
- Log Files: Technical details like IP addresses, browser information, timestamps, and plugin interactions are gathered for analysis, troubleshooting, and performance improvement.
- User Input Data: Text input from users is collected to enhance the AI model’s language capabilities and personalize suggestions.
This processing is based on our legitimate interests under Article 6(1)(f) of the GDPR, aiming to enhance language suggestions. Data collected is anonymised and proportionate for the intended purposes. Log files and user input data are retained for a reasonable duration, safeguarded against unauthorized access.
Data collected through the plugin is not shared with third parties and is processed internally to ensure data confidentiality.
By using the “EDI Jobs AI” plugin, you consent to the described data processing activities. If you disagree with these practices, we recommend refraining from using the plugin.
8. EDI @Work E-Learning Content
Our platform offers EDI @Work E-Learning Content, consisting of video modules and quizzes designed to enhance your knowledge and skills in equity, diversity, and inclusion (EDI) topics. We value transparency in our data processing practices and strive to provide you with clear information regarding the handling of your data when accessing this content.
8.1. Video Content Tracking:
When you engage with our video modules, we track certain interactions to improve the quality and effectiveness of our content delivery. Log files may record information such as:
- The number of users who watched specific videos
- Duration of video views
- Interaction patterns within the video player interface
This data helps us understand user engagement levels and identify areas for content improvement. Rest assured, we prioritize the privacy and security of your information, and the data collected is used solely for analytical purposes within our platform.
8.2. Quiz Data Processing:
Our quizzes are designed to assess your understanding of EDI concepts covered in the e-learning modules. Similar to video content tracking, log files may be generated to capture quiz-related activities, including:
- Quiz completion rates
- Scores achieved by users
- Time spent on each quiz question
These metrics enable us to evaluate the effectiveness of our educational content and tailor future offerings to better meet your learning needs.
8.3. Certification Form:
Upon successful completion of the e-learning modules and quizzes, users have the option to request a certification of completion. To facilitate this process, we provide a certification form where you can submit your name, last name, and email address.
The information collected via the certification form is used solely for the purpose of issuing and delivering your certification. We do not share this data with third parties, and stringent measures are in place to protect your personal information from unauthorized access or misuse.
9. EDI Commitment Badge & Self-Assessment Checklist
As part of our commitment to promoting equity, diversity, and inclusion (EDI) in workplaces, we offer the EDI Commitment Badge and Self-Assessment Checklist tools to empower users in their EDI journey.
9.1. Self-Assessment Checklist:
Our Self-Assessment Checklist provides users with a structured framework to evaluate their organization’s current practices and policies related to diversity and inclusion. By completing the checklist, users can gain insights into areas of strength and opportunities for improvement within their company’s DEI initiatives.
Upon completion of the Self-Assessment Checklist, users may receive tailored recommendations and resources to support their efforts in fostering a more inclusive workplace environment.
9.2. EDI Commitment Badge:
The EDI Commitment Badge serves as a visible symbol of an organization’s dedication to advancing diversity and inclusion in the workplace. Companies that demonstrate a commitment to EDI principles and practices may qualify to receive the EDI Commitment Badge.
To request the EDI Commitment Badge, users are required to fill out an order form providing necessary information for invoicing purposes. This may include details such as
- company name,
- billing address,
- contact person, and other
- relevant billing information.
Once the order form is submitted and processed, users will receive further instructions regarding the delivery of the EDI Commitment Badge and any associated documentation.
Privacy and Data Handling:
We understand the importance of safeguarding your personal information. Any data collected through the Self-Assessment Checklist or EDI Commitment Badge order form is handled in accordance with our privacy policy. We do not share this information with third parties unless required for billing purposes (Stripe).
10. Other Form Submissions
In addition to the specific tools and services offered on our platform, users may engage with various forms for activities such as publishing events, articles, subscribing to newsletters, or requesting social media services. These forms serve as a means for users to interact with our platform and access additional features based on their preferences and needs.
10.1. Purpose of Form Submissions:
-
Publishing Events/Articles: Users can submit forms to publish events or articles on our platform, thereby sharing relevant information with our community.
-
Subscribing to Newsletters: Users may choose to subscribe to newsletters to receive updates, announcements, and relevant content related to diversity, equity, and inclusion (DEI) initiatives.
-
Social Media Service Requests: Users can request social media services, such as promotion or coverage of events, through submission forms tailored to their specific requirements.
- Price Request: Users can request job posting services, through submission forms tailored to their specific requirements.
- Quote Request: Users can request a quote for job posting services, through submission forms.
10.2. Data Processing and Handling:
When users submit forms for various activities on our platform, we process the provided data according to their specified preferences and requirements. This may include information such as name, email address, company/organization details, event/article details, and any additional information relevant to the requested service.
11. Online Presence and Website Optimization
We prioritize safeguarding your information and ensuring a smooth online experience. Your privacy remains paramount, and we clarify our approach to data sharing, cookies, and analytics.
11.1. Cookies – General Information:
Cookies enhance your browsing experience on our website. These small files, created by your browser, assist in improving user interactions without causing harm to your device. Cookies contain device-specific information and enhance convenience.
- Session cookies remember previous actions and settings for your convenience.
- Temporary cookies enhance user-friendliness and are deleted after leaving our site.
- Statistical analysis and optimization cookies help us tailor our services.
11.2. Google Analytics:
Google Analytics helps enhance our platform’s user experience. Usage profiles generated by pseudonymised cookies aid in evaluating platform usage. Information is sent to Google servers in the USA for analysis.
Google Analytics ensures data protection. IP addresses are anonymized. You can prevent data collection by Google via browser add-ons. If logged into Google while visiting our site, note that Google may use collected data.
For further information, refer to Google Analytics’ privacy policies.
Your privacy and user experience are our priority, and we’re committed to transparently addressing these aspects.
11.3. Meta | Facebook Pixel
To optimize Facebook campaigns and effectively measure their conversion, we utilize an integration provided by Facebook Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). This integration, based on Article 6 (1) (a) GDPR, involves embedding the pixel code within our platform. Our goal is twofold: firstly, we ensure that our Facebook ads target users who exhibit genuine interest, aligning ads with their preferences to enhance user experience. Secondly, the pixel enables us to track user actions after interacting with our Facebook ads, facilitating conversion measurement for statistical, market research, and billing purposes.
The data processed during this integration includes:
- Timestamp
- URL
- Campaign-related information (e.g., impressions, form fields, activated buttons)
Data collected remains anonymous and does not reveal the user’s identity. However, please note that if you log into your Facebook account or visit our website while logged in, Facebook might store and process this data in accordance with its privacy policy. This data may be associated with your Facebook account and used for Facebook’s advertising purposes.
You can control data processing by adjusting your Facebook settings, including opting out of ads served on and off Facebook. Please note that opt-out settings apply to the specific device used. For further details, consult Facebook’s privacy policy and information on protecting your privacy.
11.4. Calendly
We are using Calendly, a scheduling tool provided by Calendly LLC, to facilitate appointment bookings and streamline scheduling processes. When you interact with Calendly embedded on our website, certain information may be collected and processed by Calendly, including personal data such as your name, email address, and scheduling preferences. Please note that Calendly’s use of cookies and tracking technologies is subject to its own privacy policy, and we encourage you to review Calendly’s privacy practices for more information on how your data is handled. By using Calendly through our website, you acknowledge and consent to the processing of your personal data by Calendly in accordance with its privacy policy and terms of service.
12. Stripe Payment Processing Service
When companies opt for our paid job posting services, we transmit necessary data to our payment service provider, Stripe Payments Europe Ltd, located at Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”), for payment processing. This transfer is executed with the consent of the contact person or to fulfill contractual obligations, as per Article 6 (1) (b) GDPR. Information such as name and email address, provided by the individual initiating the payment, is forwarded to Stripe.
By leveraging Stripe’s library, information entered during the order process (e.g., address, account number, bank code, credit card number, invoice details) is directly transmitted to Stripe by your browser, bypassing our processing. Stripe solely uses this data to facilitate secure payment processing via “SSL” encryption. Stripe’s cookies have a one-year lifespan and are PCI DSS certified. Please be aware that Stripe processes and stores personal data outside the EU. For an in-depth understanding of Stripe’s privacy practices, refer to their privacy policy.
13. Social Login Providers
To simplify the registration process and enhance your user experience, we offer the option to register an account on EDI Jobs and EDI @Work using your existing credentials from various social media platforms. These social login options provide a convenient way to create an account and log in, saving you time and effort. The following social login providers are currently integrated into our platform:
-
Google Single Sign-In (SSO): Simplify registration and login using your Google account credentials through Google Single Sign-In. This feature is facilitated by Google Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland. For more information on data processing, refer to Google’s privacy policy and terms of use.
By utilizing these social login options, you can streamline the registration and login processes, making it more convenient to access our services. The data processing associated with these social login providers is carried out in accordance with the relevant provisions of Article 6 (1) (a) or Article 6 (1) (b) GDPR. Whether you have registered accounts with these platforms or not, we prioritize the security and privacy of your data. Please refer to the respective (social media) platforms’ privacy policies for comprehensive information on data processing, purposes, rights, and privacy settings.
We aim to provide you with a secure and seamless registration and login experience, while ensuring that your privacy and data security remain a top priority.
14. Subsequent Data Utilisation
In cases where the anonymization of data is not feasible, we engage in the processing of your personal information as outlined above to facilitate our business operations. This encompasses activities such as administrative and organizational tasks, evaluation and analysis of our offerings, and enhancement of our services to cater to your needs. Furthermore, we employ your personal data to foster and cultivate our business relationship with you, identify relevant services, execute business development strategies, dispatch publications and communications, and extend invitations to our offers.
The legal foundation for these aforementioned purposes is our legitimate interest in accordance with Article 6 (1) (f) GDPR, contingent upon the condition that your fundamental rights and freedoms are not compromised. You maintain the right to oppose this data processing at any juncture. For such objections, you are encouraged to send us an email at [email protected]. If the processing of data requires your consent as prescribed by Article 6 (1) (a) or Article 9 (2) (a) GDPR, we will explicitly solicit this consent when collecting your personal data. Moreover, we undertake the processing of your personal data if it aligns with legal obligations mandated by Article 6 (1) (c) GDPR.
15. Sharing Your Personal Data
In line with our services and the purposes stipulated in this Privacy Policy, we may disclose your collected personal data to third parties when necessary or appropriate. These parties may include service providers, courts, authorities, and others located within the EU, or other countries. These instances may arise during the provision of our services, when you contact us, or while browsing our website.
Additionally, we have collaborations with third-party service providers who assist us in our operations. Your personal information may be shared with these entities to fulfill the objectives elucidated in this Privacy Policy. Such third parties could include banks, CRM tool providers, payment processing services, other job boards and IT providers. They may access your personal data as directed by us or in support of software maintenance.
For detailed insights into the service providers we engage with for user and customer support as well as our online presence and website optimization, please consult the corresponding segments within this privacy policy.
Moreover, the disclosure of your personal data to third parties could occur under the following circumstances:
- Upon obtaining your necessary consent, or in cases where your employing organization has obtained your consent as required.
- When compelled by legal, regulatory, or business obligations.
- In connection with corporate transitions such as company sales, mergers, restructurings, dissolutions, or similar occurrences, including instances of bankruptcy or insolvency.
- In situations linked to legal proceedings or the pursuit or defense of claims.
16. Sharing Your Personal Data with Recipients Outside the EU
There are instances where we may transfer your personal data to recipients situated beyond the European Union (“EU”), or the European Economic Area (“EEA”). This is especially relevant for processes involving analysis or targeting technologies, which might necessitate data transfer to the servers of service providers. Additionally, affiliated service providers essential for delivering our services—such as hosters, CRM tool providers, analytics service providers, or job posting portals for multi-posting—could also be recipients. It’s important to note that these servers may reside outside the EU or the EEA, notably in the United States.
We take meticulous measures to ensure that our service providers and other recipients of your data adhere to data protection standards equivalent to those set forth in the General Data Protection Regulation (GDPR), and that applicable guidelines are followed. For instance, we exclusively transfer your data to recipients in countries acknowledged by the relevant authorities (the European Commission in the EU) as possessing adequate data protection. In cases where a recipient resides in a country not recognized as having adequate protection—such as the U.S.—we employ additional protective measures in alignment with applicable data protection laws. These measures could involve contractual guarantees from these recipients to ensure compliance with EU standards and the reinforcement of data subject rights. This might encompass utilizing standard contractual clauses of the EU Commission.
17. Data Retention Period
Primarily, we process and store your personal data only for the duration necessary to fulfill the purpose for which it was collected or as legally mandated.
Hence, unless otherwise specified in this Privacy Policy, the following principles apply:
- Personal data processed to fulfill a contract between our platform and yourself will be retained at least until the complete fulfillment of said contract.
- Personal data processed to uphold our platform’s legitimate interests (e.g., in providing our site, user and customer support, enhancing our offerings, etc.) will be held as long as necessary for these objectives.
- Our platform may extend the retention period for personal data if you’ve given consent, as long as the consent remains valid, or if legal obligations (e.g., accounting or tax laws) demand longer storage, or if an authority or legal procedure necessitates it.
- Upon the lapse of the retention period (usually six to ten years following the contract’s termination), your personal data will be deleted, unless our platform holds a legitimate interest in retaining your data.
18. Your Rights Concerning Personal Data
18.1. Overview
You possess various rights related to your data processed by our platform. These rights encompass:
- Obtaining information on processed data: You have the right to learn if our platform processes your data, receive details about specific processing aspects, and obtain a copy of your data.
- Acknowledging cross-border transfers: In cases of data transfers beyond borders, you have the right to access suitable or adequate safeguards and information on how to acquire copies of these safeguards.
- Verification and correction: You can ensure data accuracy and request updates or corrections.
- Restricting processing: You can limit data processing under certain circumstances.
- Requesting data deletion or removal: You can ask for data deletion under specific conditions.
- Obtaining your data for transfer: You can receive your data in a structured, machine-readable format and, if feasible, transfer it to another controller.
- Withdrawing consent: If you’ve consented to specific data processing, you can withdraw this consent at any time.
- Objecting to processing: A general right to object applies to all processing based on our legitimate interest under Art. 6 (1) (f) GDPR. However, this objection can only be compelled if overriding reasons are provided. Additionally, you can appeal to the relevant supervisory authority.
These rights can be exercised via email, contacting us at [email protected]. We might request additional information to verify your identity. Please note that the fulfillment of these rights could be restricted for legal or data protection law reasons. If necessary, we’ll elucidate the rationale behind our decision.
18.2. Right to Object
The general right to object pertains to all processing outlined in this Privacy Policy based on our legitimate interest under Art. 6 (1) (f) GDPR. However, unlike the specific right to object related to promotional processing, we’re obligated under the GDPR to act on a general objection only when compelling reasons are provided (e.g., a potential threat to life or health). We may continue processing your data if we can demonstrate a legitimate interest outweighing your interests, fundamental freedoms, and rights.
Furthermore, you have the option to contact the responsible supervisory authority—the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin—in such matters.
19. Data Protection Measures
We maintain top-tier information security standards for our infrastructure and data processing. Protective measures, such as firewalls and data encryption, are implemented for computers. Physical access controls are in place for buildings and data. Access to customer data is restricted to employees requiring it for their roles.
All personal data, including payment information, transmitted by you is conducted through the secure and widely accepted standard SSL (Secure Socket Layer). This SSL connection can be recognized by the ‘s’ appended to http (i.e., https://…) in your browser’s address bar or by the lock symbol in the lower browser area.
Appropriate technical and organizational security measures are deployed to safeguard your stored personal data against manipulation, loss, unauthorized access by third parties, or complete loss. Our security measures are continuously monitored, updated, and improved in response to technological advancements and changing risks.
20. Privacy Policy Updates
We retain the right to periodically update and revise this Privacy Policy to reflect changes in our personal data processing methods or alterations in legal requirements.
Any future amendments to our privacy policy will be posted on our website.