I. Terms and Definitions

This data protection information contains the following terms.

Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "respective person"). An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Cookies

Cookies are small text files or similar technologies that are stored on your device by the websites you have visited and can be read by them as well as by other websites and servers. They are used to make websites optimally usable or to provide the operator with certain information, e.g. to identify users or provide certain functions. Cookies may contain personal data, such as a personal ID.

Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adjustment or alteration, retrieval, exchange, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Legal Basis

Permission to process personal data for specific purposes (e.g. consent or a law).

Recipient

Recipient is a natural or legal person, public authority, agency or other instance to whom personal data is disclosed.

Person Responsible

Person responsible or responsible for processing is the natural or legal person, public authority, agency or other instance which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the person responsible or the specific criteria for his/her/their nomination may be provided for by Union or Member State law.

Consent

Consent is any by the respective person, for a specific case in an informed way and unmistakably freely given declaration of intent in form of a statement or any other clear confirming act by which the respective person indicates that he/she/they agree(s) to the processing of personal data relating to him/her/them.

Third Country/Non-EU Country

All countries outside the European Union or the European Economic Area.

Profiling

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

II. Mandatory Information according to Art. 12-14, 21 GDPR and § 25 New German Telecommunications-Telemedia Data Protection Act

Information regarding the processing of applicant data can be found here.

In the following, we would like to inform you in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations. In particular, we hereby inform you about which personal data we collect for which purposes when you use our website and communicate with us electronically, how we use this data, to whom we pass it on and what rights you have in relation to your personal data.

1. Responsible Instance and Data Protection Officer

Responsible within the meaning of Art. 4 (7) GDPR and other provisions of a data protection characterization is:

eClever technology GmbH
Geschäftsführer: Jörg Walden, Oliver Raguse
Friedrichstraße 24
01067 Dresden
Phone: +49 351 82124990
E-Mail: info@eclever.io

You can contact our data protection officer at datenschutz@eclever.de or by post to the above address.

2. Your Rights

If your personal data is processed, you are a respective person within the meaning of the GDPR and you have the following rights vis-à-vis the responsible instance.

You can inform us about exercising your rights by contacting datenschutz@eclever.de or in general using the contact details provided in our imprint .

a. Right of Information

You can request confirmation from the instance responsible as to whether your personal data is being processed.
If such data processing should be the case, you can request the following information from the responsible instance:

(1) the purposes for which personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) the planned duration of the storage of your personal data concerning or, if specific information on this is not possible, criteria for determining the duration of storage;

(5) the existence of a right to rectify or delete your personal data, a right to restrict the processing by the responsible instance or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information about the origin of the data if the personal data is not collected from the respective person;

(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the respective person.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

b. Right of Correction

You have a right to rectification and/or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete. The responsible instance must make the correction without delay.

c. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you deny the accuracy of the personal data concerning you for a period enabling the responsible instance to verify the accuracy of the personal data;

(2) the processing is against the law and you oppose the deletion of your personal data and request the restriction of its use instead;

(3) the instance responsible no longer needs your personal data for the purposes of processing, but it is required by you for the establishment, exercise or defense of legal claims, or

(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the responsible instance outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the responsible instance before the restriction is lifted.

d. Right to Deletion

a) Duty to Delete

You have the right to obtain the erasure of your personal data without undue delay and the responsible instance shall have the obligation to erase personal data without undue delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or processed.

(2) You revoke your consent on which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no primary legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you has been processed against the law.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the responsible instance is subjected.

(6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

b) Information to Third Parties

If the responsible instance has made the personal data concerning you public and is obliged to delete it pursuant to Article 17 (1) GDPR, he/she/they shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform persons responsible which are processing your personal data that you as the respective person have requested the deletion of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary

(1) for exercising the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the responsible instance is subjected or for the performance of a task carried out in public interest or in the exercise of official authority assigned to the responsible instance;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) seriously impairs or is likely to make the achievement of the objectives of that processing impossible, or

(5) for the assertion, exercise or defense of legal claims.

e. Right to Consultation

If you have asserted the right to rectification, deletion or restriction of processing against the responsible instance, that instance is obliged to notify all recipients to whom your personal data has been disclosed of this data rectification or deletion or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the instance responsible.

f. Right to Data Portability

You have the right to receive your personal data which you have provided to the responsible instance, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another responsible without hindrance from the responsible to which the personal data has been provided, if

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one responsible instance to another, where technically possible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that was assigned to the responsible instance.

g. Right to Objection

You have the right to object, on reasons relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The responsible instance will no longer process your personal data unless he/she/they demonstrate(s) compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

h. Right to Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a European data protection supervisory authority. You can find an overview of all German data protection supervisory authorities here.

3. Data Processing in Detail

Below you will find the legal information on data categories, purposes, legal bases, deletion periods, recipients, transfer to third countries, profiling and rights of revocation and objection for each processing activity.

Visiting the Website

Data Categories

When you visit the platform, we process the personal data or device data described below, which is automatically sent from your device to our servers when you access the website: Browser type / browser version, operating system used, version of the browser software, IP address, date and time of the server request, access status/HTTP status code, referrer URL (previously visited website).

Purposes

This data is required to establish a connection to our servers, to display the website to you and to provide the functions of the website.

Storage Duration

This data is processed for the duration of your visit to the website and stored in log files for 6 weeks. However, further processing may become necessary, e.g. in the event of misuse. In this case, the data will be processed for the duration of the prevention or investigation and prosecution.

Legal Basis

The data processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR and § 25 para. 2 TTDSG for the fulfillment of the above-mentioned purposes.

Recipient

Ihre Daten werden in unserem Auftrag von unseren Hosting-Dienstleistern STRATO AG (Otto-Ostrowski-Straße 7, 10249 Berlin) und Automattic Inc. (WordPress.com: 60 29th Street, San Francisco, CA 94110, USA) verarbeitet. Wenn Sie unsere Karriere- Website besuchen, werden die Daten zusätzlich von Personio SE und Co. KG (Seidlstraße 3 80335 München) verarbeitet.

Third country transfer and legal basis

The servers of STRATO AG and Personio SE and Co KG are located in Germany, which means that the above-mentioned data is processed there. There is no transfer of personal data to third countries.

Analysis of Website Use

Data Categories

The following data is collected and processed: Browser type/browser version, operating system used, , browser software version, IP address (anonymized), , date/time of visit, , URL visited, referrer URL (previously visited website).

Purposes

The above data is processed for statistical analysis of website usage for optimization and marketing purposes. This data is used to create and evaluate a pseudonymized user profile about you for the same purpose. The information generated in the pseudonymous user profile cannot be used to personally identify the visitor to the website and cannot be combined with personal data about the bearer of the pseudonym.
For data protection reasons, the IP address is anonymized in the log files by our hosting service provider. Only for the processing of website visits, i.e. the creation of aggregated statistics, non-anonymized IP addresses are used. However, we cannot see these.

Storage Duration

The IP address is not stored. The remaining data is not personal and can therefore be stored indefinitely. However, it is deleted at regular intervals.

Legal Basis

The processing of the data is based on Art. 6 (1) sentence 1 letter a) GDPR and Section 25 (1) TTDSG.

Recipient

Your data is collected and stored on our behalf by our hosting service provider (STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany) and processed on our behalf for the above-mentioned purposes.

Contacting Us

Data Categories

You can contact us via e-mail and by using the contact forms on our website. We process your e-mail address and optionally your name, telephone number, company name and the content of the message as well as the time stamp of the request.

Purposes

We need this data to process your request, to provide you with direct contact options via website and to manage contact requests efficiently.

Storage Duration

We delete your data as soon as the request has been finally clarified. However, further processing may be necessary to comply with statutory retention obligations and in the case of legal disputes. The storage period for these purposes is 3 to 10 years.

Legal Basis

The legal basis for processing in the context of a contract or the initiation of a contract is Art. 6 para. 1, sentence 1 lit. b) GDPR. If there is no contractual relationship and this is not intended or the data processing is not required for this, the legal basis is Art. 6 para. 1, sentence 1 lit. f) GDPR, i.e. our predominantly legitimate interests in providing and using an opportunity to make contact for other purposes or to improve our services. The legal basis for the storage of data in the event of statutory retention obligations is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with § 147 AO, § 257 HGB.

You can object to the storage and further processing at any time on the basis of our legitimate interests. Please note the above information on your right to object. You can declare your objection to data processing using the contact details above.

Recipient

Ihre Daten werden in unserem Auftrag bei Kontaktaufnahme per E-Mail von Microsoft Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521), bei Kontaktaufnahme per Kontaktformular von Mailjet (Sinch AB, 4 rue Jules Lefebvre, 75009 Paris) verarbeitet.

Third country transfer and legal basis

The servers or the companies that operate the servers are located in the USA, so that the above-mentioned data can be processed there. According to the European Court of Justice, the USA is considered to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.
The adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by Sentry to protect your data. The standard data protection clauses are available here .

Newsletter

Data Categories

The following data is processed: E-mail address, time of registration. The user is free to enter their first name and surname when registering for the newsletter. In this case, the corresponding data would also be processed.

Purposes

The following data is processed: E-mail address, time of registration. The user is free to enter their first name and surname when registering for the newsletter. In this case, the corresponding data would also be processed.

Storage Duration

We will delete the data if you revoke your consent or if we stop sending it for another reason. We will delete your consent three years after revocation or discontinuation of mailing.

Legal Basis

The processing of the data is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The logging of consent is based on Art. 6 para. 1 sentence 1 lit. c, Art. 7 GDPR, i.e. our legal obligation to prove the existence of consent.

Recipient

Your data will be processed by Mailjet (Sinch AB, 4 rue Jules Lefebvre, 75009 Paris) on our behalf.

Third country transmission

The data is processed either on servers in the USA or by companies based in the USA. According to the European Court of Justice, the USA is considered to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.
The appropriate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by Google to protect the data. The standard data protection clauses are available here .

4. Presence in Social Networks

We maintain online presences within social networks and process user data in this context in order to communicate with active users or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' data protection rights.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently from the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Data Categories

Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Purposes

We use social networks for contact requests and communication, collecting feedback as well as marketing and measuring campaigns in social networks, e.g. the reaction of users to our posts.

Legal Basis

Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR, whereby accessibility via social networks reflects our legitimate interests.

Recipient

• LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: LinkedIn; Privacy Policy: LinkedIn-Datenschutz; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): LinkedIn-DPA; Opt-Out: LinkedIn-Wiederspruch; Data processing agreement: LinkedIn-DPA.
• XING: Soziales Netzwerk; Dienstanbieter: New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland; Website: Xing; Privacy Policy: Xing-Datenschutz.
• X (formerly Twitter): Social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: X Corp, Attn: Copyright Agent, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy , (Settings:https://twitter.com/settings/privacy_and_safety ).
• Facebook pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: Facebook-Datenschutz), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook Data Policy: Facebook-DatenschutzAs explained in the Facebook Data Policy at "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", Facebook-Vereinbarung), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (Facebook-Insights); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: Facebook; Privacy Policy: Facebook-Datenschutz ; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): Facebook-Drittländer ; Further information: Agreement on joint controllership: Facebook-gemeinsame Verantwortlichkeit
• Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: Instagram; Privacy Policy:  Instagram-Datenschutz.

Data Transfer to a Third Country

Your data is processed in the USA. The USA is considered to be a country with an inadequate level of data protection by EU standards according to the European Court of Justice . In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.
The adequate level of data protection when transferring data to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by the recipients to protect the data. The standard data protection clauses are available here .

5.  Handling of Applicants' Data

Information regarding the processing of applicant data can be found here.

6. Updating

This data protection information was last updated on 20.11.2023. We will adapt the data protection information with effect for the future, in particular in the event of the further development of our hardware and software, the use of new technologies or changes to the legal basis or the corresponding case law.