Data protection
I. Explanation of terms
This data protection information contains the following terms, among others.
Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Cookies
Cookies are small text files or similar technologies that are stored on your device by the websites you have visited and can be read by them as well as by other websites and servers. They are used to make websites optimally usable or to provide the operator with certain information, e.g. to identify users or provide certain functions. Cookies may contain personal data, such as a personal ID.
Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Legal basis
Permission to process personal data for specific purposes (e.g. consent or a law).
Receiver
Recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed.
Person responsible
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Drittland
Alle Länder außerhalb der Europäischen Union bzw. des Europäischen Wirtschaftsraums.
Third country
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
II Mandatory information pursuant to Art. 12-14, 21 GDPR and § 25 TTDSG
Information on the handling of applicant data can be found here. In the following, we would like to inform you in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations. In particular, we hereby clarify which personal data we collect for which purposes when you use our website and communicate with us electronically, how we use it, to whom we pass it on and what rights you have with regard to your personal data.
1. Responsible body and data protection officer
The controller within the meaning of Art. 4 (7) GDPR and other provisions of a data protection nature is: eClever Systems GmbH Managing Director: Oliver Raguse Friedrichstraße 24 01067 Dresden Phone: +49 351 82124990 Email: info@eclever.io You can contact our data protection officer at datenschutz@eclever.de or by post at the above address.
2. Your rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller. You can inform us about exercising your rights at datenschutz@eclever.de or in general using the contact details provided in the legal notice.
a. Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller: (1) the purposes for which the personal data are being processed; (2) the categories of personal data being processed; (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; (4) the recipients to whom the personal data have been or will be disclosed. the categories of recipients to whom the personal data concerning you have been or will be disclosed; (4) the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period; (5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (6) the existence of the right to lodge a complaint with a supervisory authority; (7) all available information about the origin of the data if the personal data is not collected from the data subject; (8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
b. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
c. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions: (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or (4) if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds of the controller override your grounds. If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
d. Right to erasure
a) Obligation to erase You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed. (2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing. (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR. (4) The personal data concerning you has been processed unlawfully. (5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR. b) Information to third parties If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. c) Exceptions The right to erasure shall not apply to the extent that processing is necessary (1) for exercising the right of freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or (5) for the establishment, exercise or defense of legal claims.
e. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.
f. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, provided that (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and (2) the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g. Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
h. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a European data protection supervisory authority. You can find an overview of all German data protection supervisory authorities here.
3. Data processing in detail
Below you will find the legal information on data categories, purposes, legal bases, deletion periods, recipients, transfer to third countries, profiling and rights of revocation and objection for each processing activity.
Visit the website
Data categories
When you visit the platform, we process the personal data or device data described below, which is automatically sent from your device to our servers when you access the website: Browser type / browser version, operating system used, language and version of the browser software, IP address, date and time of the server request, access status/HTTP status code, referrer URL (previously visited website).
Purposes
This data is required to establish a connection to our servers, to display the website to you and to provide the functions of the website.
Storage duration
This data is generally only processed for the duration of your visit to the website and is not stored any further. However, further processing may become necessary, e.g. in the event of misuse. In this case, the data will be processed for the duration of the prevention or investigation and prosecution.
Legal basis
The processing of the data is based on Art. 6 para. 1 sentence 1 lit. f) GDPR and § 25 para. 2 TTDSG for the fulfillment of the above-mentioned purposes.
Receiver
Your data will be processed on our behalf by our hosting service providers Vercel Inc (440 N Barranca Ave #4133, Covina, California 91723, USA) and Contentful GmbH (Max-Urich-Straße 3, 13355 Berlin, Germany). When you visit our career website, the data is also processed by Personio SE und Co KG (Seidlstraße 3 80335 Munich, Germany) and Mapbox, Inc (740 15th Street NW, 5th Floor, Washington DC 20005, USA).
Third country transfer and legal basis
The servers are located in the USA, which means that the above-mentioned data is processed there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse. The adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by Sentry to protect the data. The standard data protection clauses are available here.
Analysis of website usage
Data categories
The following data is collected: The following data is collected and processed: Browser type/browser version, operating system used, device type used, language/version browser software, IP address (anonymized), personal ID (automatically generated by the system), date/time of first and last visit, duration and number of visits, URL visited and actions, geographical location (name of city), screen resolution, referrer URL (previously visited website), frequency of page views, use of website functions (activities on the website).
Purposes
The above-mentioned data is processed for statistical analysis of website usage for optimization and marketing purposes. This data is used to create and evaluate a pseudonymized user profile about you for the same purpose. The information generated in the pseudonymous user profile cannot be used to personally identify the visitor to the website and cannot be combined with personal data about the bearer of the pseudonym. The IP address is stored in anonymized form. This means that the last digit of the IP address is deleted. Example 192.168.178.xxxx. Non-anonymized IP addresses are only used for the processing of website visits, i.e. the creation of aggregated statistics. However, we cannot see these.
Storage duration
The IP address is not stored. The remaining data is not personal and can therefore be stored indefinitely. However, they are deleted at regular intervals.
Legal basis
The processing of the data is based on your consent pursuant to Art. 6 para. 1 sentence 1 letter a) GDPR and § 25 para. 1 TTDSG.
Receiver
Your data is collected and stored on our behalf by our hosting service provider (T-Systems International GmbH, Hahnstraße 43d, D-60528 Frankfurt am Main) and further processed on our behalf for the above-mentioned purposes.
Contact us
Data categories
you contact us by e-mail and via a contact form on the website. We process your e-mail address and, if applicable, your name, the content of the message and the time of the request. If you contact us directly via the website, the following data will also be sent to us automatically: Browser type / browser version, operating system used, language and version of the browser software, IP address, date and time of the server request, access status/HTTP status code, referrer URL (previously visited website).
Purposes
We need this data to process your request, to provide you with the direct contact option via the website and to manage contact requests efficiently.
Storage duration
We delete your data as soon as the request has been finally clarified. However, further processing may be necessary to comply with statutory retention obligations and in the event of legal disputes. The storage period for these purposes is 3 to 10 years.
Legal basis
The legal basis for processing in the context of a contract or the initiation of a contract is Art. 6 para. 1, sentence 1 lit. b) GDPR. If there is no contractual relationship and this is not intended or the data processing is not required for this, the legal basis is Art. 6 para. 1, sentence 1 lit. f) GDPR, i.e. our predominantly legitimate interests in providing and using an opportunity to make contact for other purposes or to improve our services. The legal basis for the storage of data in the event of statutory retention obligations is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with § 147 AO, § 257 HGB.
You can object to the storage and further processing at any time on the basis of our legitimate interests. Please note the above information on your right to object. You can declare your objection to the processing of the data to us using the contact details above.
Receiver
Your data will be processed on our behalf by Microsoft Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521) if you contact us by e-mail, by Mailjet (Sinch AB, 4 rue Jules Lefebvre, 75009 Paris) or by Atlassian Pty Ltd (Level 6, 341 George Street, Sydney NSW 2000, Australia) if you contact us by contact form.
Third country transfer and legal basis
The servers or the companies that operate the servers are located in the USA so that the above-mentioned data can be processed there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse. The adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by Sentry to protect the data. The standard data protection clauses are available here.
Show the map
Data categories
The following personal data is automatically collected when you use the map function: Connection and device data, including IP address, device model and browser information, operating system purposes This data is required to establish a connection to the servers on which the map material is located and to provide you with the map function.
Storage duration
We do not store any data in connection with your use of the map function.
Legal basis
The processing of the data is based on your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future, e.g. in the app settings.
Receiver
Your data is processed on our behalf on the servers of Mapbox, Inc. (Address: 740 15th Street NW, 5th Floor, Washington DC 20005, USA).
Third country transfer
The data is processed on servers in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes, possibly without any legal recourse. The adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by Google to protect the data. The standard data protection clauses are available here.
4. Presence in Social Networks
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Data categories
Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Purposes
We use social networks for contact requests and communication, collecting feedback as well as marketing and measuring campaigns in social networks, e.g. the reaction of users to our posts.
Legal basis
Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR, whereby accessibility via social networks reflects our legitimate interests.
Receiver
– LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out; Data Processing Agreement: https://legal.linkedin.com/dpa.
– Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
– Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
– Facebook pages: Profiles within the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (known as a “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, for page operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy ; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum ; Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data
– Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
Transfer of data to a third country
Your data is processed in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse. The adequate level of data protection when transferring data to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by the recipients to protect the data. The standard data protection clauses are available here.
5. Handling of applicant data
Information on the handling of applicant data can be found here.
6. Update
This data protection information was last updated on 22.05.2023. We will adapt the data protection information with effect for the future, in particular in the event of the further development of our hardware and software, the use of new technologies or changes to the legal basis or the corresponding case law.