Brainlancer

Privacy

Privacy Notice for Brainlancer

We—Brainlancer GmbH (“Brainlancer GmbH” or “we”)—would like to inform you about our processing of your personal data in accordance with the General Data Protection Regulation (“GDPR”).

Our privacy notice is structured in a modular format. It consists of general information regarding any processing of personal data and processing situations (I.) and specific information, the content of which relates only to the processing situation specified therein (II. ff.). To find the sections relevant to you, please refer to the following outline:

1. General Information

1.1. Data Controller

Data controller within the meaning of the GDPR and other national data protection laws of the member states, as well as other data protection regulations is:

Brainlancer GmbH
Am Kaiserkai 69
20457 Hamburg
Email: admin@brainlancer.com
Website: www.brainlancer.com

1.2. Legal Basis for the Processing of Personal Data

We process some of your personal data based on the following legal grounds:

1.2.1. Consent of the data subject

To the extent that we obtain consent from the data subject for a specific purpose, the legal basis is Article 6(1)(a) GDPR.

1.2.2. Fulfilment of contractual obligations

To the extent that processing is necessary for the performance of a contract to which you are a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

1.2.3. Legal requirements and obligations

Where processing is necessary for compliance with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.

1.2.4. Protection of legitimate interests

To the extent that processing is necessary to protect our legitimate interests or those of a third party, and your interests, fundamental rights, and freedoms do not override the former interest, the legal basis is Article 6(1)(f) GDPR.

1.3. Retention period and deletion of personal data

Personal data will be deleted or blocked as soon as there is no longer a legal basis for processing.

1.4. Recipients of personal data

Internally, personal data is processed only by those departments that require it to fulfill their processing purposes. This also applies to the processors, service providers, and vicarious agents we engage. All departments and individuals who work with personal data are bound by data confidentiality and have been instructed to handle such data with care.

Personal data is only disclosed to third parties if this is in accordance with data protection regulations. In particular, persons engaged to carry out our business operations (e.g., banks, tax advisors, service providers for IT and computer services) as well as government agencies/authorities may receive your personal data to the extent necessary to fulfill a legal obligation.

1.5. Data Processing in Third Countries

In some cases, our services require the processing of personal data in countries outside the EU/EEA (“third countries”) by our data processors. To the extent that personal data is processed and the country in question does not have a level of data protection equivalent to European standards, as confirmed by an adequacy decision pursuant to Art. 45(3) GDPR by the European Commission, we have entered into EU Standard Contractual Clauses (“SCCs”) with the relevant processors to establish appropriate safeguards within the meaning of Article 46 of the GDPR. A copy of the EU Standard Contractual Clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE

Where processing takes place in a third country, we indicate this below.

1.6. Data Subject Rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:

1.6.1. Right of access

Pursuant to Art. 15 GDPR, you have the right to request information about the personal data we process. In particular, you may request

  • information regarding the purposes of processing,
  • the categories of data,
  • the categories of recipients to whom your data has been or will be disclosed, as well as information on whether the personal data is transferred to a third country or to an international organization (in this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR),
  • the planned storage period,
  • the existence of a right to rectification, erasure, restriction of processing, or objection,
  • the existence of a right to lodge a complaint,
  • the origin of your data, if it was not collected by us,
  • as well as information regarding the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and—at least in such cases—meaningful information regarding the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

1.6.2. Right to Rectification

Pursuant to Article 16 GDPR, you have the right to have your personal data rectified and/or completed if it is inaccurate or incomplete. We will carry out the rectification without undue delay.

1.6.3. Right to restriction of processing

Pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your data if you contest the accuracy of the data or if the processing is unlawful.

If processing has been restricted, we will notify you before the restriction is lifted.

1.6.4. Right to erasure

Pursuant to Article 17 GDPR, you have the right to erasure of your personal data, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

1.6.5. Right to make us inform third parties

If you have exercised your right to rectification, erasure, or restriction of processing with us, we are obligated to notify all recipients to whom the personal data has been disclosed of the rectification, erasure of the personal data, or restriction of processing, unless this proves impossible or involves disproportionate effort.

1.6.6. Right to Data Portability

Pursuant to Article 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller.

1.6.7. Right to object

Pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data, provided that the processing is based on Article 6(1)(e) or (f) GDPR.

1.6.8. Right to withdraw consent

Pursuant to Article 7(3) GDPR, you have the right to withdraw your consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.

1.6.9. Right to lodge a complaint with a supervisory authority

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

2. Additional Information Regarding Data Processing When Visiting the Website

We are responsible for our website https://brainlancer.com and its subpages (“Website”). Personal data is processed when you use our Website. Below, we provide detailed information about the data processing that takes place.

2.1. Data Processor

To provide our Website, we use the data processor Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft Azure), with whom we have entered into a data processing agreement and who processes personal data exclusively on our behalf.

2.2. Provision of the Website and Creation of Log Files

When you visit our Website, we automatically collect data and information from the user’s device (so-called log files).

2.2.1. Information & Duration of Processing

The following information is processed when you visit the Website:

  • Information about the browser type and version used
  • Operating system of the device
  • The user’s Internet service provider
  • IP address of the device
  • Name and URL of the accessed file
  • Referrer URL
  • Status code and amount of data transferred
  • Date and time of access

The log files are deleted within seven days at the latest.

2.2.2. Purpose of processing & legal basis

The data is required to display the Website on the user’s device, to ensure its functionality, and to analyze any malfunctions. Additionally, the data helps us optimize the Website and ensure the security of our IT systems.

The legal basis is Art. 6(1)(f) GDPR. The collection of log files is strictly necessary for the operation of the Website. Consequently, the user has no right to object.

2.3. Use of Cookies

We use cookies on our Website. These are text files that are stored in or by the internet browser on the user’s device when visiting a Website. Each cookie contains a unique string of characters that allows the browser to be uniquely identified the next time the Website is accessed, and thus the respective user’s device.

2.3.1. Technically Necessary Cookies

Some functions of our Website cannot be performed without the use of cookies. For example, it may be necessary to use so-called counting cookies to prevent the Website from becoming overloaded. Session cookies may also be required to retain the selected language setting of the Website for future visits or to detect malicious bot requests. In addition, mandatory cookies also serve to allow our system to recognize whether the user has consented to the placement of cookies in their browser or has restricted them (so-called opt-out cookies). These technically necessary cookies are not used to determine the user’s identity or to create user profiles. The necessary cookies are deleted after the session ends.

The legal basis for storing essential cookies is Section 25(2)(2) of the German Teleservices Data Protection Act (TTDSG).

The legal basis for processing the personal data generated in this process is Article 6(1)(f) of the GDPR.

The use of these cookies is strictly necessary for the operation of the Website. Consequently, the user has no option to object.

2.3.2. Optional Cookies

We use optional cookies on our Website. These are used for functional, analytical, or marketing purposes. The use of these cookies is based on the user’s consent, which the user grants to us upon their first visit to the Website and which encompasses both the storage and retrieval of cookies as such and the processing of the resulting personal data. The legal basis for storing and retrieving analytics cookies is Section 25(1) of the German Telemedia Act (TDDDG); the legal basis for processing the resulting personal data is Article 6(1)(a) GDPR. You may revoke your consent at any time by changing the settings in the Consent Manager accessible in the footer of our Website. There you will also find all information regarding the cookies used, their purpose, the respective storage period, and the recipients of the data processed by the cookies. The lawfulness of the processing carried out on the basis of consent until revocation remains unaffected.

2.4. Google Services

We use several Google services. Our contractual partner in this regard is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Recipients of your data may include:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To the extent that Google processes data outside the EU/EEA and there is no level of data protection equivalent to European standards, Google Ireland Limited has entered into EU Standard Contractual Clauses with its affiliated companies Google LLC and Alphabet Inc., which are headquartered in California, USA, to establish appropriate safeguards pursuant to Art. 46 GDPR. A copy of the contractual clauses can be found here: https://policies.google.com/privacy/frameworks?hl=de&gl=de. In addition, Google LLC is certified under the EU-U.S. Data Privacy Framework. For more information, please visit: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

2.4.1. Google Tag Manager

Provided you have given your consent, Google Tag Manager is used on this Website. Google Tag Manager is primarily used to manage other tools. Instead of loading a tool directly, it is loaded by Google Tag Manager. Google Tag Manager uses administrator cookies and transmits cookies associated with Tag Manager to Google. The information collected via cookies about your use of this Website is generally transmitted to a Google server in the U.S. and stored there.

Due to the server connections between your internet connection and Google’s servers, your IP address and network data such as the following are also processed:

  • Approximate location (region)
  • Technical information about the browser and the devices used (e.g., language settings, screen resolution)
  • Internet service provider
  • The referrer URL (via which website or advertising medium users arrived at this Website)

The legal basis for data processing by Google Tag Manager is your consent pursuant to Section 25(1) of the German Telemedia Act (TDDDG) in conjunction with Article 6(1)(a) (GDPR).

You may revoke your consent at any time with future effect by accessing the settings in the Consent Manager and changing your selection there. The lawfulness of the processing carried out on the basis of your consent until its revocation remains unaffected. Furthermore, the data collected via the Google Tag Manager will be processed until you revoke your consent.

2.4.2. Google Analytics

If you have given your consent, the web analytics service Google Analytics 4 is used on this Website.

Google Analytics uses cookies that enable an analysis of your use of our Website. The information collected via the cookies regarding your use of this Website is generally transmitted to a Google server in the United States and stored there.

In Google Analytics 4, IP address anonymization is enabled by default. Due to IP anonymization, your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

During your visit to the Website, your user behavior is recorded in the form of “events.” Events may include:

  • Page views
  • First visit to the Website
  • Start of the session
  • Your “click path,” interaction with the Website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Ads viewed / clicked
  • Language setting

The following is also collected:

  • Your approximate location (region)
  • Your IP address (in truncated form)
  • Technical information about your browser and the devices you use (e.g., language setting, screen resolution)
  • Your internet service provider
  • The referrer URL (which website or advertising channel you used to reach this Website)

Google will use this information on our behalf to evaluate your pseudonymous use of the Website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our Website.

Data whose retention period has expired is automatically deleted once a month.

The legal basis for this data processing is your consent pursuant to Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. You may revoke your consent at any time with future effect by accessing the cookie settings in the consent manager and changing your selection there. There you will also find information about the cookies being processed. The lawfulness of the processing carried out on the basis of your consent until its revocation remains unaffected.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in limited functionality on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) by Google, as well as the processing of this data by Google, by

For more information on the terms of use of Google Analytics and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

2.5. Newsletter

If you would like to subscribe to the newsletter we offer, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. You may revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. The legal basis for data processing is your consent (Art. 6(1)(a) GDPR) ).

The newsletter is sent via the SendGrid service of our data processor Twilio Ireland Ltd., 70 Sir John Rogerson’s Quay, Dublin 2, D02 R296, Ireland (hereinafter “SendGrid”), with whom we have entered into a data processing agreement.

3. Additional Information for All Users of the Brainlancer Platform

We are responsible for the processing of personal data when using our Brainlancer platform (“App”). Personal data is processed when you use the App. Below, we provide detailed information about the data processing that takes place.

3.1. Data Processors

To provide our App and its functionalities, we use various data processors with whom we have each entered into a data processing agreement.

3.1.1. App Hosting

Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft Azure)

3.1.2. Automated out-of-app email sending

Twilio Ireland Ltd., 70 Sir John Rogerson’s Quay, Dublin 2, D02 R296, Ireland (SendGrit)

3.1.3. In-app video calls

Daily.co, 548 Market Street, Suite 39113, San Francisco, CA 94104, USA (whose data processing agreement includes the SCCs, as processing may take place in a third country)

3.1.4. In-app calendar features

Calendly, LLC, 115 E Main St Ste A1b, Buford, GA 30518, USA , (whose data processing agreement includes the SCCs, as processing may take place in a third country)

3.1.5. API for support chat and for scoring Brainlancer applications

Open AI Ireland Ltd., 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland.

3.1.6. VAT Check

API of the Federal Central Tax Office to verify Brainlancers’ VAT IDs (Endpoint: https://api.evatr.vies.bzst.de/app/).

3.1.7. Messenger, Support Chat

Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft Azure)

3.2. Log Files

When you use our App, we automatically collect data and information from your device (so-called log files).

3.2.1. Information & Duration of Processing

The following information is processed when you visit our Website:

  • Information about the browser type and version used
  • Operating system of the device
  • User’s Internet service provider
  • IP address of the device
  • Name and URL of the accessed file
  • Referrer URL
  • Status code and amount of data transferred
  • Date and time of access

The log files are deleted within seven days at the latest.

3.2.2. Purpose of processing & legal basis

The data is required to display the App on the user’s device, to ensure its functionality, and to analyze any malfunctions. Additionally, the data helps us optimize the App and ensure the security of our IT systems.

The legal basis is Art. 6(1)(f) GDPR. The collection of log files is strictly necessary for the operation of the App. Consequently, the user has no right to object.

3.3. User Registration

To use our App, prior registration and receipt of a verification email are required. The following personal data is processed in this process:

  • Email address
  • First name, last name
  • Password

For each subsequent login, the email address and password are processed.

The purpose of the processing is to provide our contractually obligated services to users. The legal basis for the processing is the user agreement; Art. 6(1)(b) GDPR. The data is processed for the duration of the user agreement, unless you have given us consent for permanent storage or there is a purpose and a legal basis for storage beyond this period. This includes statutory retention periods (Art. 6(1)(c) GDPR) as well as storage for the assertion or defense of civil claims based on overriding legitimate interests (Art. 6(1)(f) GDPR).

3.4. Registration as a “Brainlancer”

If you wish to register as a “Brainlancer” in the App, we will process the following personal data:

  • Email address
  • Password
  • First name, last name
  • Phone number
  • Language
  • Country
  • Information about work experience
  • Optional: Resume
  • Optional: Business Network URL (LinkedIn, etc.)
  • Company name
  • Company address
  • Company tax ID
  • Information about the service offered
  • If necessary, technical information about the service offered
  • If necessary, customer involvement
  • Price of the service
  • Amount of commission
  • Estimated delivery time
  • Optional: Special features of the service
  • Work samples

The purpose of processing is to provide and fulfill our contractually agreed services. This also includes reviewing work samples. The legal basis for processing is the terms and conditions; Art. 6(1)(b) GDPR. The data will be processed for the duration of the agreement, unless you have given us consent for permanent storage or there is a purpose and a legal basis for storage beyond this period. This includes statutory retention periods (Art. 6(1)(c) GDPR) as well as storage for the assertion or defense of civil claims based on overriding legitimate interests (Art. 6(1)(f) GDPR).

3.5. Registration as a “Client”

If you wish to register as a “Client” in the App, we will process the following personal data:

  • Email address
  • Password
  • First name, last name
  • Phone number
  • Company name
  • Company address
  • Company tax ID
  • Country

As a registered partner, the following personal data is also processed in the Partner Dashboard:

  • Statistical data on revenue and success rates

The purpose of processing is to provide and fulfill our contractually obligated services. The legal basis for processing is the terms and conditions; Art. 6(1)(b) GDPR. The data is processed for the duration of the agreement, unless you have given us consent for permanent storage or there is a purpose and a legal basis for storage beyond this period. This includes statutory retention periods (Art. 6(1)(c) GDPR) as well as storage for the assertion or defense of civil claims based on overriding legitimate interests (Art. 6(1)(f) GDPR).

3.6. Provision of Services (“Brainlancer”)

If you, as a Brainlancer, wish to offer a service via the App, we process the following personal data in the process:

  • Email address
  • Password
  • First name, last name
  • Company name
  • Business Address
  • VAT ID
  • Services Offered
  • If necessary, technical information about the service offered
  • Price of the service
  • Commission amount
  • Estimated delivery time
  • Optional: Special features of the service
  • Work samples

The purpose of processing is to review your application for admission as a Brainlancer, as well as to provide and fulfill our contractually obligated services. The legal basis for processing is the terms and conditions; Art. 6(1)(b) GDPR. The data will be processed for the duration of the agreement, unless you have given us consent for permanent storage or there is a purpose and a legal basis for storage beyond this period. This includes statutory retention periods (Art. 6(1)(c) GDPR) as well as storage for the assertion or defense of civil claims based on overriding legitimate interests (Art. 6(1)(f) GDPR).

3.7. Orders

If you order a paid service via the App, we process the following personal data:

  • Email address
  • Password
  • First name, last name
  • Selected service, service details if applicable
  • Name of the service provider
  • If necessary, technical information about the selected service
  • If relevant, failed order process
  • If relevant, service that is fully booked
  • Price of the service
  • Amount of commission

The purpose of the processing is to provide and fulfill our contractually owed services to users. The legal basis for the processing is the terms and conditions; Art. 6(1)(b) GDPR. The data is processed for the duration of the agreement, unless you have given us consent for permanent storage or there is a purpose and a legal basis for storage beyond this period. This includes statutory retention periods (Art. 6(1)(c) GDPR) as well as storage for the assertion or defense of civil claims based on overriding legitimate interests (Art. 6(1)(f) GDPR).

3.8. Payment Service Provider

To process payments initiated through our App, we use the payment service provider “Stripe” operated by Stripe Technology Europe, Ltd. (STC), One Wilton Park, Wilton Place, Dublin 2, Ireland. Brainlancers must be registered with Stripe.

The respective credit card company (the financial services company that issued your card) is also involved in the payment process.

When Stripe provides services as a payment service provider (PSP), Stripe itself is the controller within the meaning of the GDPR. Payment processing via a credit card stored with Stripe is handled directly by the respective providers. We do not process this data for our own purposes.

If necessary, the exchange of data related to your respective transaction may also be required to resolve payment processing discrepancies between us and the payment service provider. These data transfers are carried out on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR. Please note that, with regard to the processing of financial transaction data, the financial service providers and responsible entities may also disclose your personal data to credit bureaus, affiliated companies, and subcontractors, to the extent that this is necessary to fulfill contractual obligations or on the basis of a legitimate interest, or if the data is processed on their behalf. It cannot be ruled out that financial service providers may also transfer personal information to affiliated companies outside the EU or the EEA (e.g., in the U.S.). Service providers and subcontractors based in the U.S. are generally certified under the EU-U.S. Data Privacy Framework. Further information is available here: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf. If service providers used by are not certified under the DPF, the EU Standard Contractual Clauses have been adopted as an appropriate safeguard.

Your data is transmitted to the financial service providers in encrypted form and is processed exclusively by them for the purpose of payment processing. The financial service providers are legally obligated to process and verify this data.

For further information on data protection in connection with this payment service provider, please refer to Stripe’s privacy policy: https://stripe.com/de/privacy or to your respective card issuer.

In the event that you pay for services, we also share your data with our service providers in the areas of banking, taxes, and tax consulting, as well as—within the scope of legal requirements—with the tax authorities.

4. Additional Information Regarding Communication with Us

The following information applies to all communication with us. It applies to general data processing in relation to all data subjects who communicate with us, e.g., customers, suppliers, service providers, etc.

If the communication takes place within a contractual relationship or another contractual arrangement, data processing is also governed by section 5.

If the communication is related to a job application with us, data processing is also governed by section 5.

4.1. Phone

You can contact us by phone.

4.1.1. Processed Information & Duration of Processing

In addition to your phone number, we process the personal data you provide to us during the call.

The data will be deleted—unless there is another reason for processing it—as soon as the matter has been resolved with you.

4.1.2. Purpose of Processing & Legal Basis

We process personal data exclusively for the purpose of handling your inquiry and in the event of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for processing is Article 6(1)(b) of the GDPR.

In all other cases, the legal basis is Article 6(1)(f) of the GDPR. Your interest does not override our interest in responding to your inquiry; since you have written to us, a response is also in your interest, and you are aware that must process your personal data to respond to your inquiry.

4.2. Email

You can contact us via email (e.g., through our contact form). We would like to point out that there is a possibility that third parties may gain access to email communications. If it is important to you that the information you provide is not exposed to the risk of illegal access by third parties, we therefore recommend using a different communication channel. However, if you contact us via email, we assume that further communication via this channel is also in your interest.

4.2.1. Processed Information & Duration of Processing

In addition to your email address, we process the personal data you provide to us in our email communications.

The data will be deleted—unless there is another reason for processing it—as soon as the matter has been resolved with you.

4.2.2. Purpose of processing & legal basis

We process personal data exclusively for the purpose of handling your inquiry and in the event of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for the processing is Article 6(1)(b) of the GDPR.

In all other cases, the legal basis is Article 6(1)(f) of the GDPR. Your interest does not outweigh our interest in responding to your inquiry; since you have written to us, a response is also in your interest, and you are aware that we must process your personal data in order to respond to your inquiry.

4.3. Video calls

We also use video calls for communication.

4.3.1. Processor

To facilitate video calls, we use the service Daily.co, 548 Market Street, Suite 39113, San Francisco, CA 94104, USA, as our data processor. We have entered into a data processing agreement with the data processor. It is possible that the data processor may process personal data in a third country to ensure smooth video calls. We have therefore entered into EU Standard Contractual Clauses with the data processor to establish appropriate safeguards within the meaning of Article 46 of the GDPR.

4.3.2. Processed Information & Duration of Processing

The following communication data is processed during video calls:

  • Personal master data (if you provide this voluntarily)
  • Content of the online meeting (if you appear personally with verbal and/or written contributions)
  • Authentication data
  • Log files, log data
  • Metadata (e.g., IP address, time of participation, etc.)
  • Profile data (e.g., your username, if you provide it voluntarily)

Personal data will be deleted as soon as the matter has been resolved with you and provided there is no longer any other reason for processing.

4.3.3. Purpose of processing & legal basis

We process personal data exclusively for the purpose of handling your inquiry and in the event of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for processing is Article 6(1)(b) of the GDPR.

In all other cases, the legal basis is Article 6(1)(f) of the GDPR. Your interest does not override our interest in responding to your inquiry; since you are writing to us, a response is also in your interest, and you are aware that we must process your personal data to respond to your inquiry.

5. Additional Information for Contractual Partners

The following information also applies to you if we are in a contractual relationship with each other. It also applies to general data processing in relation to all contractual partners, i.e., customers, suppliers, service providers, etc.

5.1. Processed Information & Duration of Processing

The specific data processed about you depends on the tasks within the contractual relationship. We use personal information exclusively for the purpose for which it was provided to us. This includes, for example, personal details (name, address, and other contact information, date and place of birth). In addition, this may also include order data (e.g., payment orders), data arising from the fulfillment of our contractual obligations (e.g., transaction data in payment transactions), information about your financial situation (e.g., creditworthiness data), advertising and sales data, as well as other data comparable to the categories mentioned.

Personal data will be deleted as soon as the contractual relationship with you has ended and provided there is no longer any other reason for processing.

5.2. Purpose of Processing & Legal Basis

Processing is primarily carried out for the purpose of establishing and executing the contractual relationship; the legal basis is Art. 6(1)(b) GDPR.

In addition, we also process your data in part based on our legitimate interest, namely for the purposes of contact and communication management, cost-effectiveness reviews, contract and project management, and to ensure the operation of information and telecommunications systems. The legal basis is Article 6(1)(f) of the GDPR.

Furthermore, as a company, we are bound by various legal obligations that must be complied with under applicable laws and regulations. The legal basis for processing to fulfill legal requirements and obligations is Article 6(1)(c) of the GDPR. This includes, on the one hand, tax-related retention obligations.