Thank you for visiting our website and for your interest in our company. When processing your data, we strive to take the greatest possible care. The following information provides a compact and simple overview of what happens to your personal data when you visit our website. Your personal data will be processed in accordance with the relevant legal provisions.

Controller

The controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the EU as well as other data protection regulations is:

TWAICE Technologies GmbH
Joseph-Dollinger-Bogen 26
80807 Munich
Germany
+49 (0) 89 997 324 58
contact@twaice.com
https://twaice.com/

Legal representatives

Dr. Stephan Rohr, Dr. Michael Baumann

Contact information for questions about data protection

We have appointed a data protection officer (Matthias Seidel, Confident Data GmbH). For questions on the subject of data protection, please contact: datenschutz@confidentdata.de

Validity and changes of the privacy policy

This privacy policy is valid and is dated from

May 29 2024.

Due to the further development of our website or the implementation of new technologies and features, it may become necessary to change this privacy policy. We reserve the right to make appropriate changes at any time.

Data protection rights and information on the right to object

Your rights of access, rectification, restriction, erasure, data portability and to lodge a complaint with the supervisory authority

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR.

With regard to the right of access and the right of erasure, the restrictions pursuant to §§34 and 35 BDSG apply.

You may object to the processing of your personal data at any time. This also applies to objections of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected by it.

In addition, there is a right to lodge a complaint with the supervisory authority (Art. 77 GDPR in conjunction with § 19BDSG). A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Information on the right to object pursuant to Art. 21 GDPR

Right to object to the collection of personal data in special cases and recipient of the request

You have the right to object at any time, based on reasons relating to your particular situation, to the processing of your personal data on the basis of Art. 6para. 1(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

The objection can be made informally with the subject "Objection" stating your name, address or other identification features to the contact data stored in the imprint.

General information

Data security

We use technical and organizational security measures to protect your personal data against misuse, loss, destruction or access by unauthorized persons. The security measures taken into account (such as encryption procedures, firewall and virus protection, back-up and recovery procedures) correspond to the current state of the art and are continuously updated.

Nevertheless, we would like to point out that there is always a certain residual risk when communicating on the Internet, which depends on the user's respective usage behavior and over which we consequently have no influence.

Scope (external links)

This privacy policy applies exclusively to visits to our own website.

At some points on our website, external websites of third parties are linked. These websites are subject to the liability of the respective operators. If you notice that links on the websites refer to Internet pages whose contents violate applicable law, please notify us via the e-mail address provided in the imprint.

We will then immediately remove these links from our website. The providers do not assume any liability for the topicality, correctness, completeness or quality of the information provided.

Data erasure routine

As a matter of principle, we only store your personal data for the period of time required to achieve the purpose of storage or if this is stipulated by national or European legislation.

In Germany there is an obligation to retain documents for 6 years in accordance with § 257 para. 1 HGB (Handeslgesetzbuch),which effects the e.g. the storage period of commercial books, inventories, opening balances, annual financial statements, business letters or accounting vouchers. And pursuant to § 147 para. 1 & 3 Abgabenordnung (AO), it is 10 years for books, records, management reports, accounting vouchers, documents relevant to taxation, and 6 years in particular for commercial and business letters.

If the purpose of storage no longer applies or if a legally prescribed storage period expires, your personal data will be deleted routinely and in accordance with the statutory provisions.

Please also be aware of the specific explanations on individual storage and deletion periods of the respective data processing in this data protection declaration.

Transfers to third countries

When browsing our website, personal data maybe transferred to servers in third countries outside the European Union through the integration of individual plug-ins and tools. Details about these data transfers, if any, including the respective valid legal basis, can be found in the section of the respective third-party tool in this privacy policy.

Data processing by processors

Tools and plug-ins from third-party providers are used on our website as part of commissioned processing. A data processing agreement  has been duly concluded with all commissioned processors used, which ensures an appropriate level of data protection.

You can find more information about the data processing by the  processors used in the section of the third-party tool in this privacy policy.

Hosting

External hosting provider: We use an external provider to host our website.

Purpose: Reliable accessibility and presentation of our website.

Legal basis: The use of our hoster is based on our legitimate interest in the most reliable accessibility and presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Data processing agreement: We have concluded a data processing agreement (DPA) with our hoster, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

SSL- / TLS: To protect the security of your data during transmission, we use the SSL or TLS encryption method via HTTPS.

Server-Log-Files: When you browse our website technical information of your browser session is automatically processed by our server. This data (so-called server log files) includes for example: the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

Purpose: Ensuring a stable and smooth connection to the website, a responsive use of our website and the guarantee of system security and stability. We also reserve the right to check the server log files on a regular basis if there are concrete indications of illegal use.

Legal Basis: The legal basis for the processing of the server log files is our legitimate interest in an error-free and secure presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Provision of your data voluntary or mandatory: The provision of server log files is neither legally nor contractually required. However, without the collection of the log files, the functionality of our website is not guaranteed.

Storage period: The server-log-files are deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended.

Content Delivery Networks (CDN): To ensure the global accessibility and performance of our website, we use so-called Content Delivery Network (CDN) service providers. For more information on the data processing by the CDN service providers, please refer to the section on third-party tools used.

Cookies

Cookies

Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

If you agree, cookies from third-party companies may also be stored on your end device (third-party cookies). These enable us or you to use certain services of the third-party company (e.g., reach measurement and evaluation of the usage behavior of our website, etc.)

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. saving your cookie preferences). Other cookies are used to evaluate user behavior or, for example, to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for storing your cookie preferences) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG); a given consent can be objected at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

As far as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, ask for your consent.

Cookie consent change or withdrawal

The user can change their Cookie consent at any time through the following ways accessible through any page of the website:

  1. “Cookie” link in the footer of the page which opens the Cookie banner
  1. Clicking on the "Withdraw Cookie Consent" button that is seen on the bottom left side of the website at all times. This privacy trigger is a small icon that enables users to check or update their given consent easily from anywhere on the site.  

Data processing on the website

Contact requests

Purpose: Processing of the request.

Description of data processing: Requests by e-mail, telephone or fax, including all resulting personal data, are stored and processed for the purpose of processing. A passing on of the data does not take place without your consent.

Legal basis: The processing of your request is based on our legitimate interest of pursuing our business interests pursuant to Art. 6 para. 1 lit. f GDPR. If you contact us to request a contractual offer, the processing is carried out for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. bGDPR.

Provision of data voluntarily or required: The provision of your data is neither legally nor contractually required. However, without the information a processing of your request is not possible.

Storage period: Your data will be deleted at the latest 6 months after processing the request. If a contractual relationship exists, we are subject to the statutory retention periods and delete your data after six or ten years.

Online contact form: By providing an online contact form, we would like to enable you to contact us easily. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions, taking into account the above-mentioned storage period.

Use of a third-party CRM-Tool: The personal data resulting from your inquiry may be stored in our third-party Customer Relationship Management System (CRM). For more information on the CRM system that is used, please refer to the section Third-party tools.

Applications

Purpose: Processing of applications.

Description of data processing: On our website, users have the possibility of applying to us either via our application form or directly by e-mail. In this context, we will inform you separately about the details of the processing of your application data with corresponding data protection information according to Art. 13, 14 and 21 GDPR.

Legal basis: The processing of your application is primarily based on the decision on the establishment of an employment relationship (Art. 88 GDPR in conjunction with §26 BDSG).  Furthermore, we may process your data for the fulfillment of legal obligations if this is necessary (Art. 6 para. 1 lit. c GDPR) and on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), for example in the case of assertion of legal claims and defense in legal disputes.

Provision of data voluntarily or required: The provision of your application is voluntary. However, we can only make a decision on the establishment of an employment relationship if you provide such personal data that is required for the execution of the application.

Storage period: Your application documents will be deleted no later than six months after the end of the application process (e.g. notification of the rejection decision), unless longer storage is legally required or permitted.

Use of a third-party HR Tool: Your application data may be entered into our external HR software solution. For more information on the tool used, please refer to the section Third-party tools.

Newsletter mailing

Purpose: Sending a newsletter for marketing purposes.

Description of data processing: On our website visitors can sign up for a newsletter. If you decide to subscribe, your data will only be used to send you the newsletter you have subscribed to by e-mail and, if you have also consented to this, to evaluate how you use the newsletter and any content linked to it. To receive the newsletter, it is only mandatory to provide a valid e-mail address. All other information requested is voluntary.

Legal basis and objection: The receipt of our newsletter requires your consent. This consent is obtained as part of the newsletter sign up process. Legal basis is therefore Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. You can object your given consent in every newsletter mail by clicking on unsubscribe. You then will no longer receive the newsletter.

Provision of data voluntarily or required: The provision of your data is voluntary, based on your consent. However, without your consent, the receipt of our newsletter is not possible.

Storage period: Your data will only be processed as long as we have your consent in receiving our newsletter.

Use of a third-party newsletter tool: To ensure an efficient and performative newsletter mailing, we use a third-party newsletter tool. You can find more information about the newsletter tool we are using in the section about third-party tools.

Third-party tools

Cloudflare CDN

Provider: ‍Cloudflare – Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Purpose: ‍Increase the global accessibility and performance of our website by using the Cloudflare Content Delivery Network (CDN).

Description of data processing: ‍A Content Delivery Network (CDN) is a network of regionally distributed servers that are connected via the Internet. Simply put, a CDN creates a copy of our website on the network's own servers and ensures that our website is accessible everywhere in the world through shorter transmission distances. This network thereby ensures that the content of the website is delivered quickly and reliably, even when there is a lot of web traffic. In the case of Cloudflare CDN, the data transfer between your browser and our website is routed through Cloudflare's network. Cloudflare collects various access and log data in this process and also sets a cookie, which helps the provider to maintain a high level of security protection.

Legal basis and objection: The use of Cloudflare CDN requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPRand §25 para. 1 .TDDDG The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: ‍The provision of your data is voluntary. However, without the distribution via Cloudflare's Network, the performance of our website may be severely limited.

Storage period: ‍Cloudflare assures to store the submitted user data for less than 24 hours.

Further notes on data protection:

Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/  

Contract data processing: ‍By accepting Cloudflare's terms of use of we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. Cloudflare's DPA can be viewed here: https://www.cloudflare.com/cloudflare_customer_DPAv3.pdf  

Transfers to third countries: ‍Processing also takes place outside the EU. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Cloudflare's SCCs can be found here: https://www.cloudflare.com/cloudflare-customer-scc/.

Cookiebot

Provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Purpose:‍ Cookie management service for the End User’s consent management on our website.

Description of data processing: Cookiebot Consent Management Platform (CMP) is a service facilitating compliance with EU legislation concerning the use of cookies and similar technologies (hereafter jointly referred to as “cookies”) on TWAICE website, to help us obtain the relevant consents to the use of cookies from the users of your website and to make it possible for the users to withdraw their consent as easy as they gave it via the Privacy Trigger.

Legal basis and objection: The use of Cookiebot is based on our legitimate interest in managing the consent on our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.

Cookiebot Services do not track any user´s data before they have given their consent. A user may withdraw or change their consent at our website at any time by choosing Cookies in the footer, clicking on the privacy trigger icon and by deleting cookies on their browser.

Storage period: After 12 months, the consent is automatically deleted from the Cookiebot log and then used only in an aggregated, anonymized form as part of the statistics that TWAICE has access to on our Cookiebot CMP account.

Further notes on data protection: ‍

Cookiebot's privacy policy: https://www.cookiebot.com/en/privacy-policy/  

Data processing addendum:‍ https://www.cookiebot.com/en/wp-content/uploads/sites/7/2023/08/DPA_01_2023.pdf  

Datadog Cloud Monitoring

Provider: ‍Datadog – Europe: 21 Rue de Chateaudun 6th Floor Paris, 75009 France.

Purpose: ‍Increasing the IT Security Level of our website.

Description of data processing: ‍To increase the IT security level of our website, we have integrated the monitoring and security tool Datadog. Datadog helps us identify irregularities in access to our website at an early stage and thus prevent greater damage.

Legal basis: ‍The use of Datadog is based on our legitimate interest in providing our website as efficiently and securely as possible in accordance with Art. 6 lit. f GDPR.

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: ‍The website data transmitted to Datadog will be deleted as soon as it is no longer required or you request us to delete it.

Right to object / Opt-Out: ‍Information on your right to object according to Art.21 of the GDPR can be found in the section on data subject rights.

Further notes on data protection: ‍Datadog privacy policy: https://www.datadoghq.com/legal/privacy/  

Data Processing Addendum: ‍We have concluded Datadog's Data Processing Addendum (DPA), which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Datadog's DPA can be viewed here: https://www.datadoghq.com/legal/data-processing-addendum/  

Data transfers to third countries: ‍Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR.

Google Analytics

Provider: ‍Google - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose: ‍Analysis of the behavior of website visitors by evaluating, for example, page views, dwell time, operating system, etc., in order to optimize the website.

Description of data processing: ‍Google Analytics helps us to analyze the traffic of our website. For this to work, a tracking code provided by Google Analytics and integrated via the Google Tag Manager is implemented on our website. If you consent to tracking by Google Analytics, a cookie is set on your device, which gives your device a unique identifier (tracking ID). This cookie is linked to Google Analytics. It records the surfing behavior of our website visitors and the resulting statistics may provide information about which target groups feel addressed by our website.

Legal basis and objection: The use of Google Analytics requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Further notes on data protection: ‍Notes on data protection and Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de  
General information about Google Analytics: https://marketingplatform.google.com/about/analytics/terms/de  
Googles privacy policy: https://policies.google.com/privacy  
Browser Plug-In to Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=en  

Storage period: 14 months. We have configured Google Analytics so that the stored data at user and event level is automatically deleted after 14 months. You can find more information about the storage period of the tool here: https://support.google.com/analytics/answer/7667196?hl=de  

Anonymize IP: ‍We have activated the IP anonymization function. This means that no full IP addresses of visitors within the European Economic Area (EEA) are stored and transmitted unabbreviated to the USA. A transmission of unabbreviated IP addresses to servers in the USA can nevertheless not be completely ruled out and may occur in exceptional cases.

Data Processing Terms: ‍We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting their "Data Processing Addendum" in the Google Analytics settings. You can find more information about these data processing conditions here: https://privacy.google.com/businesses/controllerterms/mccs/.

Transfers to third countries: ‍Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Google's SCCs can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Tag Manager

Provider: ‍Google - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose: ‍Efficient organization and integration of Google tools on our website. And it is also a necessary technical tool as we use it for consent management and for loading the Cookiebot service.

Description of data processing: ‍The Google Tag Manager allows us to centrally integrate and manage various Google tools. For this purpose, small sections of code (so-called tags) of the various Google products (such as Google Analytics, Google Ads, etc.), but also tags from other companies are integrated into the Google Tag Manager and managed from there. The Google Tag Manager itself does not store any personal data, so it only acts as an "intermediary". The situation is different for the tools that are integrated via the Tag Manager. The data protection relevance of these tools is indicated in the corresponding text passages.

Legal basis and objection: The use of the Google Tag Manager requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: ‍The Google Tag Manager itself does not store cookies, user profiles, analyses, etc.. How long the analysis tools integrated via the Google Tag Manager store your data can therefore be found in the respective text passages.

Further notes on data protection: ‍How the Google Tag Manager works: https://support.google.com/tagmanager/?hl=de#topic=3441530  
Googles privacy policy: https://policies.google.com/privacy?hl=de.

Hubspot

Provider: ‍Hubspot – Hubspot Inc. 25 Street, Cambridge, MA 02141 USA.

Purpose: ‍Efficient customer communication and customer management.

Description of data processing: ‍To manage our customers, we use the customer relationship management system (CRM) Hubspot. When you contact us, for example by filling out one of our website forms, your data can be transferred to the Hubspot CRM system. There we can centrally manage your request and control and analyze customer-related processes. In this process personal data is transmitted to Hubspot's servers. Furthermore, in case of your consent, we can also control marketing measures (e.g. newsletter campaigns) with Hubspot or record and analyze the usage behavior of our contacts on our website.

Legal basis: The processing of customer data with Hubspot CRM is based on our legitimate interest in the most efficient customer management and customer communication possible, pursuant to Art. 6 lit. f GDPR. The storage of Hubspot's third-party cookies when you visit our website on the other hand requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: ‍The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period: ‍The customer data transmitted to Hubspot is deleted as soon as it is no longer required or you request us to delete it. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

Right to object / Opt-Out: ‍Information on your right to object according to Art.21 of the GDPR can be found in the section on data subject rights. In the footer area of the website, you have the option of resubmitting your cookie preferences. Another option for opting out is to manually delete the website cookies in your browser settings.

Further notes on data protection: ‍Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy  

Data Processing Addendum: We have concluded Hubspots data processing addendum (DPA), which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Hubspots DPA can be found here: https://legal.hubspot.com/dpa  

Data transfers to third countries: ‍Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Further Information on Hubspot and the SCCs can be found here: https://legal.hubspot.com/dpa

jsDelivr  

Provider: Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB

Purpose: Technically necessary tool for loading different Javascript libraries.

Legal basis: ‍The use of jsDelivr is based on our legitimate interest in running the website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Description of data processing: Usage Data jsDelivr CDN

  1. We may collect information how the Service is accessed and used ("Usage Data").
  1. This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, referrer data (limited to domain), the URLs of our Service that you visit (limited to the cdn.jsdelivr.net domain), the time and date of your visit, unique device identifiers and other diagnostic data. We never associate any gathered data with specific users or try to track their usage at any point and in any way.

Storage period: jsDelivr will retain your personal data only for as long as is necessary for the purposes set out in the Privacy Policy. jsDeliv will retain and use your personal data to the extent necessary to comply with legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

jsDelivr will also retain non-aggregated Usage Data for internal analysis purposes, for example, to detect abuse of our Services. Non-aggregated Usage Data is retained for a shorter period of time until it is analyzed and deleted, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Privacy policy: https://www.jsdelivr.com/terms/privacy-policy  

Data processing agreement: https://www.jsdelivr.com/documents/data-processing-agreement.pdf  

LinkedIn Insight Tag

Provider: ‍LinkedIn – LinkedIn Ireland Unlimited Company, WiltonPlaze, Dublin 2, Ireland.

Purpose: ‍Optimization of our website by analyzing the behavior of our website visitors.

Description of data processing: ‍The LinkedIn Insight Tag helps us to get information about the visitors of our website. If a user is registered with LinkedIn, the tool allows us to analyze the key professional data available in LinkedIn (position, employer, industry, location, etc.) and align our website accordingly. For this purpose, the toolsets a browser cookie that stores your IP address, time stamp, page activity and your information published on LinkedIn if you are an active LinkedIn member at the time of the visit. The collected data is hashed (pseudonymized).

Legal basis and objection: ‍The use of LinkedIn Insight Tag requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: ‍The direct IDs of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within the next 180 days. We store your data for as long as you need for the purpose of campaign evaluation and web audience analysis, or you have objected to the storage of your data or revoked your consent.

Right to object / Opt-Out: ‍Information on your right to object according to Art. 21 of the GDPR can be found in the section on data subject rights. In the footer area of the website, you have the option of resubmitting your cookie preferences. Another option for opting out is to manually delete the website cookies in your browser settings.

Further notes on data protection: ‍LinkedIn privacy statement: https://www.LinkedIn.com/legal/privacy-policy#choices-oblig  
Opt-Out Cookie for LinkedIn Retargeting: https://docs.microsoft.com/en-us/clarity/faq  

Data Processing Addendum: ‍By accepting LinkedIns services agreement, we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. The DPA can be found via the following document search: LinkedIn's DPA can be found here: https://www.linkedin.com/legal/l/dpa  

Data transfers to third countries: ‍Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on LinkedIn and the SCCs can be found here: https://www.linkedin.com/legal/l/customer-sccs

Personio

Provider: ‍Personio – Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Purpose: ‍Efficient HR-Management and application management

Description of data processing: ‍Our Human Resources Management uses the cloud-based HR operating system Personio. The tool helps us to deal with HR processes, such as the applications via our website. When you apply for a job at our company, your data can be transferred in to the Personio HR Operating System. There we can centrally manage your application and control and analyze HR-related processes. All applicants will, of course, be informed separately about the data processing in the context of their application.

Legal basis and objection: ‍The processing of applicant data with Personio is based on our legitimate interest in the most efficient HR-Management possible, pursuant to Art. 6 lit. f GDPR.

Provision of data voluntarily or required: ‍The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period: ‍The applicant data transmitted to Personio is deleted as soon as it is no longer required (after 6 months the latest) or you request us to delete it. If the application leads to an employment relationship, other retention periods apply.

Further notes on data protection: ‍Personio's privacy policy: https://www.personio.com/privacy-policy/  

Data processing addendum: ‍We have concluded Personio's data processing addendum, which ensures that Personio only processes the personal data according to our instructions and in compliance with the GDPR.


Salesforce Sales Cloud

Provider: ‍Salesforce – salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.

Purpose: ‍Efficient customer communication and customer management.

Description of data processing: ‍To manage our customers, we use the customer relationship management system (CRM) Salesforce Sales Cloud. When you contact us, for example by filling out one of our website forms, your data can be transferred to the Salesforce CRM system. There we can centrally manage your request and control and analyze customer-related processes. This happens in the Salesforce Sales Cloud, which means that personal data is transmitted to Salesforce's servers. Salesforce has assured us that our customer data is hosted exclusively on servers in the EU. In exceptional cases - for example, in the event of technical problems - data may nevertheless be transferred to the parent company of Salesforce in the USA, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Legal basis and objection: ‍The processing of customer data with Salesforce SalesCloud is based on our legitimate interest in the most efficient customer management and customer communication possible, pursuant to Art. 6 lit. f GDPR. The storage of Salesforce's third-party cookies on the other hand requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: ‍The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period: ‍The customer data transmitted to Salesforce is deleted as soon as it is no longer required or you request us to delete it. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

Further notes on data protection: ‍Salesforce privacy policy: https://www.salesforce.com/de/company/privacy/  

Data processing addendum: ‍We have concluded Salesforce's data processing agreement, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Salesforce's DPA can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf  

Transfers to third countries: ‍In exceptional cases, processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of binding corporate rules (BCR) in accordance with Article 47 of the GDPR, to which Salesforce has committed itself and which have been approved by the French data protection authority and also in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Salesforce's SCC Ammendment can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf

Weglot CDN

Provider: ‍Weglot – 138, rue Pierre Joigneaux in BOIS-COLOMBES (92270), France.

Purpose: ‍Technically necessary for the translation of the website.

Description of data processing: ‍The translation tool Weglot is embedded on our website. With Weglot, text sections displayed on the website are automatically translated into other languages.

Legal basis: ‍The use of Weglot is based on our legitimate interest in managing the content of our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: ‍The website data transmitted to Weglot is deleted as soon as it is no longer required or you request us to delete it.

Right to object / Opt-Out: ‍Information on your right to object according to Art. 21 of the GDPR can be found in the section on data subject rights.

Further notes on data protection: ‍Weglot privacy policy: https://weglot.com/de/privacy/.  

Data Processing Addendum: ‍We have concluded Weglots data processing addendum (DPA, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Zoom

Provider: Zoom Video Communications, Inc. 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, United States

Purpose: Providing videoconferencing, online meetings, webinars and other communication services.

Description of data processing:  

  1. Strictly Necessary Cookies

Types:  

  • Core: These Cookies are required to enable basic Website functionality such as providing a secure login and remembering your progress through an order.
  • Technical Performance: Zoom uses these Cookies for, among other things, detection of browsing issues, optimization of technical performance and ergonomics, estimation of the required server power, the proper presentation of the Website and load balancing as strictly necessary to ensure that the Websites remain up and operating.
  • Necessary Settings: Zoom uses these Cookies to record a user’s settings, such as language, currency, timezone, browser, device (such as camera) and multimedia player settings, that are strictly necessary to enable the Websites to operate properly.  
  1. Functional Cookies

Type: - Enhanced Functionality and Customization: These Cookies are not core to the service provided or the purpose of the web page visited. Functional Cookies enable the Website to provide enhanced functionality and customization, such as showing you video clips with support explanations or remembering a user’s preferences.

  1. Performance Cookies

Type: - Analytics: To provide and improve the performance of the Websites and products, Zoom uses Cookies, including session recording and replay technology, to gather usage and performance data (including mouse movements, clicks and other actions).

4. Targeting

Types:  

  • Advertising: Zoom and Zoom’s advertising partners may set Cookies on Zoom’s Websites that collect data about how you interact with Zoom’s Website so that they can provide advertising for Zoom on other websites and apps.
  • Social Media Cookies: Some of Zoom's websites use cookies provided by social media companies to enable easy sharing of Zoom content on social media platforms. If you're logged into your social media account, these cookies facilitate sharing. However, if you disable targeting cookies, social media companies won't be able to detect if you're logged in, potentially limiting your ability to share Zoom content on social media.

Legal basis: ‍The use of Zoom is based on our legitimate interest in managing the content of our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: Personal data is retained as per Zoom Privacy Policy unless a longer retention period is required by applicable law.

Privacy policy: https://explore.zoom.us/en/privacy/

Notes on our presence on social media

Data processing resulting from our presence on social media platforms

We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Purpose:

Ensuring the most comprehensive online presence possible

Description of data processing:

The type of data processing differs from platform to platform. Social networks such as Facebook, Instagram, Twitter, etc. can comprehensively analyze user behavior when you visit the respective platform or a website with integrated social media content (e.g. share/ like buttons or banners). Visiting our profiles on the platforms triggers numerous processing operations relevant to data protection.

For example:
If you are logged into your account and visit our profile, the operator of the platform can assign this visit to your user account. Your personal data transmitted when you visit our profile may also be collected if you are not logged in or do not have an account with the respective social media platform. This is done, for example, via cookies that are stored on your terminal device or by recording your IP address.

The data collected in this way enables the platforms to create user profiles of the visitors, in which the preferences and interests of the users are stored. This helps the operators of the platforms to show you advertising tailored to your respective interests inside and outside platforms. This is how the platforms earn money. Provided you have an account with the respective platform, this advertising can be displayed on all devices on which you are or were logged in.

The data processing that takes place on the individual platforms is very difficult for outsiders to understand:  It is therefore not possible for us to trace all the processing operations that actually take place on the individual networks. When visiting the platforms, it is therefore quite possible that further processing operations of your data are carried out by the operators. You can find more information on this in the terms of use and data protection provisions of the individual services.

Legal basis:

The legal basis is our legitimate interest in a comprehensive presence on social media platforms pursuant to Art. 6 para. 1 lit. f GDPR. The data processing on the social media platforms themselves is based on other legal bases for which the operators themselves are responsible.

Storage period:

Personal data that we have collected directly via the individual platforms will be deleted from our systems as soon as you request us to do so, revoke your consent to storage or the purpose for storing the data no longer applies. Cookies remain on your device until you delete them. We have no direct influence on the storage period of your data on the individual social media platforms.

We have profiles on the following platforms:
Facebook (Meta)

Provider: ‍Meta Platforms Ireland Limited, MERRION ROAD, DUBLIN 4, D04 X2K5, IRELAND  

Purpose: To share TWAICE website content on Facebook or visit the TWAICE Facebook page

Joint controllership: ‍When you visit our Facebook page, Facebook and we are jointly responsible for the processing of your data under data protection law. Facebooks agreement of joint controllership has been concluded. It can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum  

Data transfers to the US: ‍When visiting our Facebook profile, personal data is transferred to Facebook's server in the USA. The transfer of personal data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.facebook.com/legal/EU_data_transfer_addendum  

Legal basis: ‍The use of Facebook is based on our legitimate interest in managing the content sharing and channels on our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: Meta keeps information as long as they need it to provide their Products, comply with legal obligations or protect their or other’s interests. They decide how long they need information on a case-by-case basis. More on this in the Facebook Privacy Policy https://www.facebook.com/privacy/policy and for extended periods of time for certain reasons listed here https://www.facebook.com/privacy/policy/?annotations[0]=8.ex.3-WhyWeMayPreserve  

Information on Facebook and privacy:

‍Advertising settings in your Facebook profile: https://www.facebook.com/settings?tab=ads.
Facebook Privacy Policy: https://www.facebook.com/settings?tab=ads  
Information on the Standard Contractual Clauses: https://de-de.facebook.com/help/566994660333381  

Instagram (Meta)

Provider: ‍ Meta Platforms Ireland Limited, MERRION ROAD, DUBLIN 4, D04 X2K5, IRELAND

Purpose: To visit the TWAICE Instagram page

Data transfers to the US: ‍Whilst visiting our Instagram profile, personal data is transferred to servers of Facebook (Meta), as Instagram's parent company, in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://www.facebook.com/legal/EU_data_transfer_addendum  

Legal basis: ‍The use of Instagram (Meta) is based on our legitimate interest in managing social media channels on our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: Meta keeps information as long as they need it to provide their Products, comply with legal obligations or protect their or other’s interests. They decide how long they need information on a case-by-case basis. More on this in the Facebook Privacy Policy https://www.facebook.com/privacy/policy and for extended periods of time for certain reasons listed here https://www.facebook.com/privacy/policy/?annotations[0]=8.ex.3-WhyWeMayPreserve

Information on Instagram and privacy:

‍Instagram privacy policy: https://help.instagram.com/519522125107875  
Information on the Standard Contractual Clauses: https://de-de.facebook.com/help/566994660333381  

LinkedIn

Provider: ‍LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Purpose: To share TWAICE website content on LinkedIn or visit the TWAICE LinkedIn page

Contract data processing: ‍We have concluded LinkedIn's Contract data processing, which ensures that the personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR. LinkedIn's Contract data processing can be found here: https://www.LinkedIn.com/legal/l/dpa  

Data transfers to the US: ‍Whilst visiting our LinkedIn profile, data is transferred to LinkedIn servers in the USA. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.linkedin.com/legal/l/eu-sccs.

Legal basis: ‍The use of LinkedIn is based on our legitimate interest in managing the content sharing and channels on our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: LinkedIn keeps most of your personal data for as long as your account is open. They generally retain your personal data as long as you keep your account open or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile open, unless you close your account. In some cases we choose to retain certain information (e.g., insights about Services use) in a depersonalized or aggregated form.

Information on LinkedIn and privacy:

‍LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy  
Opt-out cookie to disable LinkedIn retargeting: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out  

X

Provider: Twitter International Unlimited Company (Co. number 503351, VAT number IE9803175Q), an Irish company, which provides X and the Services, with its registered office at One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland.  

Purpose: To share TWAICE website content on X or visit the TWAICE X page

Data transfers to the US: ‍Whilst visiting our X profile, data is transmitted to X's server in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://gdpr.x.com/en/controller-to-controller-transfers.html  

Description of data processing: Data collected by X can be found here: https://twitter.com/en/privacy  

Legal basis: ‍The use of X is based on our legitimate interest in managing the content sharing and channels on our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.  

Provision of data voluntarily or required: ‍The provision of your data is voluntary.

Storage period: X keeps keeps your profile information and content for the duration of your account and other personally identifiable data when you use their products and services for a maximum of 18 months

Information on X and privacy: ‍X Privacy Policy: https://twitter.com/en/privacy  https://x.com/privacy