Privacy Policy

Almato takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

The use of our website is usually possible without providing personal data. As far as personal data (such as name, address or e-mail address) is collected on our website, this is done on a voluntary basis, when possible. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the internet (e.g. during communication by e-mail) may have security gaps. We cannot guarantee complete protection of your data against access by any third parties.

1. Data controller in the sense of Art. 4 (7) GDPR

The data controller in the sense of Article 4 (7) of the General Data Protection Regulation (GDPR) is:

Almato AG
Theodor-Heuss-Str. 9
70174 Stuttgart
Germany
Phone: +49 711 3406 - 7810
E-Mail: info@almato.com

The following are responsible for their own processing:

Almato AI GmbH
Theodor-Heuss-Str. 9
70174 Stuttgart
Germany
E-Mail: info@almato.com

Almato Iberia
Torre Glories, Av.Diagonal 211, Planta 27, Sant Martí
08018 Barcelona
E-Mail: info@almato.com

The Almato companies are companies of the DATAGROUP.

2. Communication by e-mail/telephone/post/contact form

Purpose of data processing/legal basis:

Personal information that you provide to us via email, telephone, post, or contact form will naturally be treated confidentially. We use your data exclusively for the purpose of processing your request. The legal basis for data processing is Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Almato arises from the interest in answering inquiries from our customers, business partners and interested parties and thus maintaining and promoting customer satisfaction.

We use the telephony functions of Microsoft Teams. The information on Teams in this privacy policy applies accordingly to the telephony function.

It cannot be ruled out that, for example, e-mail addresses of external parties are processed in DATAGROUP systems for IT security purposes.

Recipients/categories of recipients:

We generally exclude the transfer of data to third parties outside DATAGROUP. In exceptional cases, data is processed on our behalf by processors. These are carefully selected, audited by us and contractually bound in accordance with Art. 28 GDPR. Furthermore, it may be necessary for us to forward inquiries to other companies within DATAGROUP if this is necessary for processing.

Storage period/criteria for determining the storage period:

We will delete or securely anonymize all personal data that you provide to us in response to inquiries no later than 90 days after the final reply has been sent to you. The 90-day retention period is due to the fact that you may occasionally need to contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that, as a rule, there are no more queries about our replies after 90 days.

Voice messages on answering machines remain stored until the called party deletes them.

3. Data processing of contact persons

Purpose of data processing/legal basis:

The DATAGROUP companies process the contact data of contact persons at customers, interested parties, suppliers and other business partners for communication by email, telephone, fax and post. The legal basis for data processing is Art. 6 para.1 f) GDPR. The legitimate interest on the part of Almato and DATAGROUP arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners and maintaining personal contact with contact persons.

Recipients/categories of recipients:

We generally exclude the transfer of data to third parties outside DATAGROUP. Within DATAGROUP, your data will be passed on, among other things, to carry out or initiate the business relationship. Exceptionally, data is processed by processors on our behalf. These are carefully selected, audited by us and contractually bound in accordance with Art. 28 GDPR.

Storage period/criteria for determining the storage period:

Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so.

4. Newsletter Subscription

Purpose of data processing/legal basis:

You have the option of subscribing to our newsletter via various channels (this website, at trade fairs). The legal basis for data processing in the context of sending newsletters is your consent in accordance with Art. 6 para. 1 a) GDPR and Section 7 para. 2 UWG. The purpose of data processing in the context of subscribing to the Almato newsletter is to inform newsletter subscribers about offers, promotions, news, products, events and services of the companies of the DATAGROUP Group.

If you register for the free Almato newsletter, we require your business e-mail address as well as first name and surname as mandatory information. If you voluntarily provide further information about yourself when registering, we will only use this data for the purposes of target group analysis and internal evaluation.

After submitting the registration form, you will receive an e-mail from us with a confirmation link. If you click on the link contained therein, you are registered for the newsletter. You will be informed of this by another e-mail. By confirming your registration, you confirm your consent to the processing of your e-mail address and your optional details for the purposes stated here. For evidence purposes, we store the time and the IP address used to subscribe to the newsletter.

You can revoke your consent to receive the Almato newsletter at any time with effect for the future by clicking on the corresponding unsubscribe link in one of the newsletters or by sending an e-mail to almato.widerruf@datagroup.de.

Recipients/categories of recipients:

As a matter of principle, we do not pass on data to third parties outside DATAGROUP. We have commissioned the service provider HubSpot Inc. to send the newsletter. We have carefully selected, audited and contractually obligated this service provider in accordance with Art. 28 GDPR. HubSpot Inc. is certified under the EU - U.S. Data Privacy Framework, an adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR is thus given. Within the DATAGROUP group of companies, your data will be passed on by DATAGROUP SE to other companies so that they can also send you information.

Storage period/criteria for determining the storage period:

If you revoke your consent to receive the Almato newsletter, the data collected for this purpose will be deleted immediately, unless it is also required for another purpose.

5. Data processing for marketing purposes

Purpose of data processing/legal basis:

Almato and other DATAGROUP companies use personal data for marketing purposes, in particular for advertising by e-mail, telephone and post. The purpose of data processing in the context of marketing measures is to inform data subjects about products and services of DATAGROUP companies. The legal basis for sending advertising by post is Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Almato arises from the interest in sending customers and interested parties information about products and services. The legal basis for marketing measures by email or telephone is generally a declaration of consent given by you. Section 7 UWG may also apply to marketing measures towards existing customers.

You can object to receiving advertising at any time with effect for the future by sending a message to almato.widerruf@datagroup.de.

If you declare an objection to advertising, we will store your data in an advertising block file on the basis of Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Almato arises from the interest in ensuring that the objection asserted is observed.

Recipients/categories of recipients:

Your data will not be passed on to external parties. If external processors are used to carry out the sending of advertising, they are contractually obliged in accordance with Art. 28 GDPR and have been checked accordingly to ensure that suitable organizational and technical security measures are in place. Within DATAGROUP, your data may be passed on to other companies for marketing purposes.

Storage period/criteria for determining the storage period:

If you object to receiving advertising, your data will be blocked immediately and subsequently deleted, unless it is also stored for other purposes.

6. Receipt of job applications

Purpose of data processing/legal basis:

When applications are received, data is collected that is required to carry out the application process and to initiate an employment relationship. In addition, data associated with the use of the applicant management system is also collected, so-called usage data. Usage data is data that is required to operate our websites, such as information about the start, end and scope of use of our website, including login data. This processing complies with the provisions of data protection and telemedia law.

As part of the application process and/or the use of the system, processing activities may also take place that are carried out either on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR or on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Processing activities for which there is a legal obligation to process or a public interest, Art. 6 para. 1 lit. c) and e) GDPR, such as in the context of criminal prosecution or investigation by state authorities, also come into consideration. You can determine and control the scope of processing yourself through individual settings in your web browser, the configuration of the corresponding cookie settings and your user behavior.

Visiting the website

For operational and maintenance purposes and in accordance with the provisions of telemedia law, interaction is recorded (»system logs«), which are necessary for the operation of the career portal or are processed for system security purposes, for example to analyse attack patterns or illegal usage behaviour (»evidence function«). Your internet browser automatically transmits the following data when you access the career portal:

• Date and time of access,
• Browser type and version,
• operating system used,
• Amount of data sent,
• IP address of the access

This data is not used for direct allocation in the context of applicant management and is deleted again after 52 days in accordance with the legitimate retention periods, unless longer retention is required for legal or factual reasons, such as for evidence purposes. In individual cases, storage for the aforementioned purposes may be considered. The legal basis is Art. 6 para. 1 lit. f) GDPR and telemedia law.

Session cookies

We store so-called »cookies« in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. »Cookies« are small files that are stored on your computer with the help of your internet browser. If you do not wish cookies to be used, you can prevent them from being stored on your computer by making the appropriate settings in your Internet browser. Please note that the functionality and range of functions of our website may be restricted as a result.

We set the JSESSIONID cookie on the careers page as a technically necessary session cookie. This stores a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. This session cookie is deleted when you log out or close the browser. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR and § 25 para. 2 no. 2 TTDSG.

Application process

As part of the application process, you can set up and manage an account in the career portal after configuring your user name and password. In addition to the individual application, you can use further options in the softgarden applicant management system and make your individual settings (e.g. inclusion in a talent pool).

For an efficient and promising application, you can provide the following information as part of your application to us:

• Contact details (address, telephone number)
• CV data e.g. school education, vocational training, work experience, language skills
• Profiles in social networks (e.g. XING, LinkedIn, Facebook)
• Documents in connection with applications (application photos, cover letters, certificates, references, work samples, etc.)

The legal basis for processing for the purposes of carrying out the application process and initiating an employment relationship is Section 26 (1) sentence 1 BDSG and Art. 6 (1) (b) GDPR. In addition, the use of the applicant management system by the controller is in the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. If consent within the meaning of Art. 6 para. 1 lit. a) is required for a specific processing activity, this will be obtained separately and transparently from you by the controller, unless it results from conclusive and voluntary behaviour on your part in accordance with the transparency requirement, such as voluntary participation in a video interview.

Joint recruiting process

If two or more companies carry out a joint recruiting process, the companies involved are joint controllers under data protection law. In these cases, the data protection rights of the applicants can be asserted at both companies involved. The legal basis for the transfer of applicant data between the participating companies is Art. 6 para. 1 lit. b) GDPR.

Feedback module

In addition to your application, we may ask you to submit your feedback after an interview and 3 months after your recruitment. We will send you an invitation link that will take you to the rating system to submit your feedback. The purpose of the processing is to further develop and optimise our recruiting and application processes as well as the company image. The following data is processed automatically for this purpose

• Contact details (name, e-mail)
• Position title of the job for which you have applied
• Location of the position
• Job category
• Applicant identifier

The feedback itself is anonymised and stored in the database. No personal reference is made. In addition to a star rating for individual questions, you have the opportunity to leave comments here. We expressly ask you not to leave any personal data in the comments. The information collected in this way can be displayed together with your feedback on our review page or transmitted to external partners such as kununu. Participation is purely voluntary and only takes place with your consent, without which the submission of feedback is not possible. The legal basis is Art. 6 para. 1 lit. a) GDPR.

Subscription to job adverts »Job subscription«

To be informed about new job vacancies, you can subscribe to the job newsletter or have suitable vacancies displayed on our career board (RSS feed). You can define your subscription in more detail by specifying the desired job and location. Your e-mail address is also required for the subscription. The legal basis for this is your consent to receive the newsletter in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out). No personal data is processed via the RSS feed itself to inform you about new job advertisements.

Talent pool

As part of your application or via the »Get in touch« button, you have the opportunity to recommend yourself for our talent pool. This processing is necessary in order to be automatically considered for further job advertisements, i.e. for similar or other suitable positions. If you register for the talent pool using the »Get in touch« button, the following information will be requested:

• Salutation, academic title (optional)
• First name, surname, email address
• Job fields of interest
• Current career level
• Preferred location(s)
• XING profile or CV

Inclusion in the talent pool is completely voluntary with your consent and by using an opt-in link. The legal basis is Art. 6 para. 1 lit. a) GDPR. Your data will remain in the talent pool for 24 months. After this period has expired, we will ask you whether you wish to consent to your data being stored for a further 24 months. If you do not give your consent, your data will be deleted from the talent pool after 2 weeks.

Employee recruitment campaign

If you have been recruited as an applicant by an active employee of the DATAGROUP Group and you are hired, the employee who recruited you will be informed about the hiring and will receive a bonus. The recruiting employee may also be employed by another company. If necessary, this other company will also be informed of your recruitment. The legal basis for this data processing is § 26 para. 1 sentence 1 BDSG or Art. 6 para. 1 lit. b) GDPR, as the information is required in the context of the performance of the employment relationship of the recruiter.

Recipients/categories of recipients:

Your data will not be passed on to unauthorised third parties as part of applicant management and will only be processed for the purposes stated in this privacy policy. Inspection by internal departments and specialist managers of the controller is in the legitimate interest, insofar as knowledge of the information from the application process is required and permitted for the selection of applicants or internal administrative purposes of the company. For this purpose, your data may be forwarded by e-mail or within the management system to third parties in the company (including works councils) and group companies. The legal basis may be § 26 para. 1 BDSG, Art. 6 para. 1 lit. b), Art. 6 para. 1 lit. f) and a) GDPR.

softgarden e-Recruiting GmbH

We use an applicant management system from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management system as a processor within the meaning of Art. 4 No. 8 GDPR. A contract for order processing in accordance with Art. 28 GDPR has been concluded with the provider, which ensures compliance with data protection regulations. We remain your first point of contact for exercising your data subject rights and handling the application process.

Cloudflare:

We use the service of the ISO 27001-certified provider Cloudflare Inc, 101 Townsend St, San Francisco, USA or its subsidiary Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (»Cloudflare«) to increase the security of our recruiting platform, in particular to protect against DDoS attacks, and to improve the speed of delivery. Cloudflare provides a network of servers capable of delivering optimised content to the end user and intercepting virus-laden traffic.

The services provided by Cloudflare include the product »Data Localisation Suite« with the components »Regional Services« and »Metadata Boundary for Customers«. Both components ensure that the transfer of personal data when using our platform takes place exclusively within the EU.

The »Regional Services« ensure that the customer content traffic, in this case the end customer traffic, is securely transferred to Cloudflare PoPs within the region we have selected and is checked within a Point of Presence (PoP) in this defined region.

We have chosen Germany as the selected region, so all traffic is checked exclusively on servers in Germany. Metadata Boundary ensures that Cloudflare does not transmit any customer logs originating from the services used outside the European Union.

The personal data processed by Cloudflare includes all content transmitted by our applicants, i.e. beyond the IP address, all files (application documents) and multimedia images, graphics, audio or video, as well as any interaction of their browser with our system.

Cloudflare sets technically necessary cookies, which are necessary for security purposes and for the secure provision of the service, § 25 para. 2 no. 2 TDDDG.

Your personal data will be stored by Cloudflare for as long as is necessary for the purposes described, usually 124 calendar days.

Storage period/criteria for determining the storage period:

Your data will be stored for the duration of the application process and in accordance with the legitimate probationary periods after completion of the application process. In the event of a rejection, the data will be kept for 4 months. After the retention period has expired, the data will be completely anonymised. The processing of anonymised data records is not subject to the material scope of the data protection regulations, so that anonymised data may be processed for statistical and analytical purposes, for the creation of market studies or for product development.

7. seminar registration and registration for events

Purpose of data processing/legal basis:

If you would like to book seminars or register for events via our website, we require the information marked as mandatory in the booking form. You can optionally fill in the input fields that are not marked. As part of the booking process, you will receive an e-mail from us to confirm your registration. The booking process is only completed when you activate the link contained in this e-mail. In the case of a virtual event, this e-mail also contains the participation link. The information you provide for the booking will be processed by us for the purpose of carrying out the booking and the seminar or for registering for events. The legal basis for this data processing is Art. 6 para. 1 b) GDPR.

In the case of a virtual event, special categories of personal data within the meaning of Art. 9 para. 1 GDPR are processed, the legal basis is Art. 9 para. 2 lit. a) GDPR. You expressly give your consent for this.

If you give us your consent for this, we will also use your data to send you marketing information about the respective seminar/event by email, post or telephone following the seminar/event. You can revoke your consent at any time with effect for the future by clicking on the corresponding unsubscribe link in one of the e-mails or by sending an e-mail to almato.widerruf@datagroup.de. The legal basis for data processing in the context of sending information is your consent in accordance with Art. 6 para. 1 a) GDPR and Section 7 para. 2 UWG.

Recipients/categories of recipients:

We pass on some of the names of those who register for an event on our homepage to our event partner, who organizes the events with us. They need this data for the organizational handling of the events.

We use the GoTo Webinar tool for virtual events. As a result, the provider GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland receives personal data from you. We have carefully selected this provider and contractually obliged it in accordance with Art. 28 GDPR. Further information on data protection at the provider can be found at https://www.goto.com/company/trust/faq

The provider GoTo Technologies may transfer data to locations outside the EU. You consent to the transfer of your data to these bodies in accordance with Art. 49 para. 1 lit. a) GDPR. Entities outside the EU may not have an adequate level of data protection. This is associated with risks such as the lack of enforcement of data subjects' rights or possible access by government agencies. You can revoke your consent at any time with effect for the future.GoTo Technologies has also concluded standard contractual clauses with its subcontractors.

We use the pretix ticket system to register for certain events. As a result, the provider rami.io GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany, receives personal data from you. We have carefully selected this provider and contractually obligated it in accordance with Art. 28 GDPR. You can find further information on data protection at the provider at https://pretix.eu/about/en/privacy.

Storage period/criteria for determining the storage period:

We store the data of participants in seminars and events, if necessary, for the duration of the statutory retention obligations. Thereafter and otherwise, the data will generally be deleted. If you have given your consent to receive information, we will store your data for this purpose until you withdraw your consent.

Microsoft Teams

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR, we ask you to black out this data in advance or otherwise make it unrecognizable.

Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using »Teams« can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/.

Almato, whose employee sent you the invitation link, is responsible for the collection and processing of your personal data in connection with the use of Microsoft Teams. The contact details can be found in this privacy policy or in the e-mail signature of the invitation.

Purposes of data processing/legal basis:

We use the »Microsoft Teams« tool to conduct online meetings, video conferences and/or webinars and, if necessary, to exchange documents with the participants.

he legal basis for data processing with regard to contact persons at external bodies is Art. 6 para. 1 lit. f) GDPR. Our interest lies in improved organization and communication with our contact persons as well as the reduction of previously used tools. If our contact person is a direct contractual partner and a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis.

By clicking on »Agree / With reservation« and accepting the appointment, you expressly consent in accordance with Art. 9 para. 2 lit. a) GDPR to the processing of information/references to your ethnic origin, religion or health (e.g. skin color, glasses or headgear) or special categories of personal data when activating the camera/microphone or, if applicable, in the form of your profile picture.

Furthermore, in accordance with Art. 49 para. 1 lit. a) GDPR, you expressly agree that this may also result in transfers to locations outside the EU/EEA where there is no adequate level of data protection within the meaning of the General Data Protection Regulation. You are aware of the associated risks, such as the lack of enforcement of data subjects' rights and possible access by government agencies.

You can revoke this consent at any time with effect for the future. In the event of revocation, any stored documents will be deleted from Microsoft Teams.

Recipients / disclosure of data:

Personal data that is processed in connection with the storage of documents in Microsoft Teams is generally not passed on to third parties unless it is intended to be passed on. Please note that content from the stored documents, as well as in personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of »Microsoft Teams« necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with »Microsoft Teams«.

Data processing outside the European Union:

In principle, data processing outside the European Union (EU) does not take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU or the EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. We have agreed EU standard contractual clauses with the provider of »Microsoft Teams«.

You are not obliged to communicate with us via Microsoft Teams. If you wish, communication can take place by other means (e.g. by e-mail or phone).

Storage period/criteria for determining the storage period:

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

8. Cookies and other data processing when accessing the website

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called »session cookies«. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The legal basis for data processing by so-called »necessary cookies« is Art. 6 para. 1 lit. f GDPR and Section 25 para. 2 no. 2 TDDDG. Necessary cookies enable basic functions and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.

The following cookies that are set by this website are necessary for the operation of the website:

Name of the cookie:Storage duration of the cookie:

• borlabs-cookie: 1 year

The legal basis for using cookies in analytics, advertisements and functional is the consent granted by you in accordance with Art. 6 para. 1 lit. a) DSGVO and Section 25 para. 1 S. 1 TDDDG. You can revoke this consent at any time effective for the future.

Google Fonts

This Website uses Google Fonts. The fonts are embedded locally. In this context, the IP address is not transmitted to Google.

Cloudflare and jsdelivr

The usage of these technically necessary scripts does not transmit any personal data (including the IP address) to external sources.

Insofar as the operator of this website processes personal data when using these technically necessary scripts,  the legal basis is Art. 6 para. 1 lit. f DSGVO and Section 25 para. 2 no. 2 TDDDG.

9. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type/browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• The IP address of the requesting internet-enabled device

This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

The legal basis for the processing of this data is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the purposes of data processing listed above. This data is not transmitted to external bodies. The storage period of the log files is:

• Mail server log: 7 days
• Apache log: 1 month

HubSpot, https://www.hubspot.com, supports us in operating this website. As a data processor, they may have access to personal data related to the use of the website.

10. Tracking & analysis tools

LinkedIn Insight Tag

Our website uses the »LinkedIn Insight Tag« conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of the following data, among others: IP address, device and browser characteristics and page events (e.g. page views). LinkedIn does not share any personal data with Almato AG, but offers anonymized reports on the website target group and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Almato AG can use this data to display targeted advertising outside its website without identifying you as a website visitor. Further information on data protection at LinkedIn can be found in the LinkedIn privacy policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website (»opt-out«), click here.

Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG, provided that you have given your consent via our banner. This consent can be revoked at any time.

The following cookies that are set by this website are associated with LinkedIn

Name of the cookie: Storage duration of the cookie:

• AnalyticsSyncHistory: 30 days
• UserMatchHistory: 30 days
• bcookie: 24 months
• bscookie: 24 months
• lang: Session duration
• li_sugr: 90 days
• li_gc: 24 months
• lidc: 24 hours
• lang: Session duration
• lms_analytics: 30 days
  
  

Recipients / categories of recipients:

In the context of LinkedIn, LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) supports us as a processor in accordance with Art. 28 GDPR.

11. YouTube videos

On our websites, we embed videos from the YouTube platform in the so-called extended data protection mode, which are not stored on our servers. YouTube is operated by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When you access the embedded video, a connection is established to the servers of the provider YouTube in the USA and certain information (e.g. your IP address) is sent to the provider, even if you are not logged in to the provider. We have no knowledge of the type and scope of the data collected by YouTube and have no influence on its use. The purpose and scope of the data collection and the further processing and use of the data by YouTube as well as your rights in this regard and the available setting options to protect your privacy can be found in the provider's privacy policy: Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

Playing the embedded videos is only possible if you have previously consented to the transfer of your data to YouTube in the USA in accordance with Art. 49 para. 1 lit. a) GDPR.  Google LLC is certified under the EU - U.S. Data Privacy Framework, an adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR is thus given.

The legal basis for the transfer of data to YouTube is the consent you have given in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke this consent at any time.

The following cookies that are set by this website are associated with YouTube:

Name of the cookie: Storage duration of the cookie:

• NID: 6 months

12. HubSpot

We use HubSpot to create our website. The provider is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

HubSpot CRM enables us to effectively manage existing and potential customers and customer contacts, among other things. It enables us to record, organize and analyse interactions with customers via various channels such as e-mail, social media or telephone.  The personal data collected in the process can be used for communication with potential customers or for marketing activities such as sending newsletters. In addition, the HubSpot CRM enables us to track and analyze the user behavior of our contacts on our website.

The HubSpot CRM is used in accordance with Article 6 para. 1(f) GDPR. The website operator has a legitimate interest in efficient customer management and communication. Insofar as consent has been obtained, processing is carried out exclusively in accordance with Article 6 para. 1 (a) GDPR and Section 25 para. 1 TDDDG, provided that the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) in accordance with TDDDG. This consent can be revoked at any time.

For further details, please refer to HubSpot's privacy policy: HubSpot privacy policy.

Recipients / categories of recipients: 

We have concluded an order processing contract (AV) in accordance with Article 28 GDPR with the above-mentioned provider. This contract ensures that the provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. HubSpot Inc. is certified under the EU - U.S. Data Privacy Framework, an adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR is thus given.

Storage period/criteria for determining the storage period: 

We generally do not store your data for longer than is necessary for the above-mentioned purposes.

13. Microsoft Teams

General information:

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR, we ask you to black out this data in advance or otherwise make it unrecognizable.

Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using »Teams« can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/.

The DATAGROUP company whose employee sent you the invitation link is responsible for the collection and processing of your personal data in connection with the use of Microsoft Teams. The contact details can be found in this privacy policy or in the e-mail signature of the invitation.

Purposes of data processing/legal basis:

We use the »Microsoft Teams« tool to hold online meetings, video conferences and/or webinars and, if necessary, to exchange documents with the participants.

The legal basis for data processing with regard to contact persons at external bodies is 6 para. 1 lit. f) GDPR. Our interest lies in improved organization and communication with our contact persons and the reduction of previously used tools. If our contact person is a direct contractual partner and a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis.

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are processed, e.g. within documents provided, the legal basis is Art. 9 para. 2 lit. a) GDPR. You expressly give your consent for this.

Furthermore, in accordance with Art. 49 para. 1 lit. a) GDPR, you expressly consent to the fact that data may also be transferred to places outside the EU/EEA where there is no adequate level of data protection within the meaning of the GDPR. You are aware of the associated risks, such as the lack of enforcement of data subjects' rights and possible access by government agencies.

You can revoke this consent at any time with effect for the future. In the event of revocation, the documents will be deleted from Microsoft Teams.

Recipients / forwarding of data:

Personal data that is processed in connection with the storage of documents in Microsoft Teams will not be passed on to third parties unless it is intended to be passed on. Please note that content from the stored documents, as well as in personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with »Microsoft Teams«.

Data processing outside the European Union:

Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU or the EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. We have agreed EU standard contractual clauses with the provider of »Microsoft Teams«. In addition, the EU-US Data Privacy Framework applies to Microsoft in the USA. You are not obliged to communicate with us via Microsoft Teams. If you wish, communication can take place by other means (e.g. by email or telephone).

Storage period/criteria for determining the storage period:

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Where relevant - Special information on recordings in Microsoft Teams:

For use in our DATAGROUP Academy and in webinars for external parties/customers or for other purposes communicated in individual cases, we would like to make digital sound and image recordings of the meeting (»recordings«). The topic can be found in the subject of the invitation. The recording will be stored digitally by the host of the meeting. This may include audio recordings, video recordings and public chat content of the meeting participants. (»Information«)

The digital recordings are made available to the participants of the meeting and made available on DATAPEDIA, our intranet, for information and training purposes. All DATAGROUP companies (recipients) have access to DATAPEDIA.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) and Art. 9 para. 2 lit. a) GDPR. You can withdraw your consent at any time with effect for the future. The provision of your data is neither contractually nor legally required. The non-provision or withdrawal of consent has no effect on your contractual relationship with us. The revocation should be addressed to Corporate Communications marketing@datagroup.de. The recordings will be deleted immediately after the expiry of the period specified in the invitation once the stated purpose no longer applies, unless you have already withdrawn your consent. Personal data may be transferred to third countries under certain circumstances; this is done on the basis of standard contractual clauses.

14. Your rights as a data subject

In accordance with Art. 15 (1) GDPR, you have the right to request information free of charge about your personal data stored by Almato.

In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject's interest in objecting.

If you have provided the processed data yourself, you have a right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on consent pursuant to Art. 6 para. 1 a) or Art. 9 para. 2 a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

Please contact the data protection officer in writing or by email in the aforementioned cases, if you have any unanswered questions or in the event of complaints.

You also have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the controller has its registered office is responsible.

In the case of joint controllers, you will receive the relevant information from the controller with whom you are initiating or conducting a business relationship.

15. No obligation to provide personal data

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide personal data if no information to the contrary has been provided previously. Failure to provide your personal data may mean that we are unable to respond to your contact request or that you are unable to participate in the application process or attend an event.

16. Data protection officer of Almato AG

Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:

Dr. iur. Christian Borchers
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

office@datenschutz-sued.de

17. Privacy Policy for Social Media Pages

Privacy Policy for Our Social Media Pages

Below, we would like to inform you about the handling of your data in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Controller

We, Almato AG, operate the following social media pages:

• YouTube: [https://www.youtube.com/channel/UCGRj9YdNItRYcKf-ANeEwBA] 
• LinkedIn: [https://www.linkedin.com/company/almato-just-add-digital/] 
  
  

Our contact details can be found in our legal notice.

In addition to us, the operator of the social media platform itself is also a controller. This operator conducts data processing, over which we have limited influence. Where we can exert influence and configure data processing, we aim to ensure that the social media platform operator handles your data in a privacy-compliant manner within the scope of our capabilities. However, in many instances, we cannot influence the data processing carried out by the social media platform operator and are not fully aware of the data they process. The operator provides information about this in their respective privacy policy.

Data Processing by Us

The data you enter on our social media pages, such as comments, videos, images, likes, public messages, etc., are published by the social media platform and are not used or processed by us for other purposes. We reserve the right to delete content if necessary. Where applicable, we may share your content on our page if this is a function of the social media platform and communicate with you via the platform. The legal basis for this is Article 6(1)(f) GDPR. The data processing is carried out in the interest of our public relations and communication efforts.

If you wish to object to specific data processing under our control, please contact us using the details provided in the legal notice. We will review your objection and forward it to the social media platform if necessary.

If you send us a query on the social media platform, we may refer you to other secure communication channels that guarantee confidentiality, depending on the required response. You can always send us confidential inquiries to the address provided in our legal notice.

As previously mentioned, we strive to ensure that our social media pages are as privacy-compliant as possible, within the limits imposed by the platform provider. For example, we do not use demographic, interest-based, behavioral, or location-based targeting options for advertising provided by the social media platform. Overall, we do not use the social media platform for advertising purposes. Regarding statistics provided by the platform operator, we can only influence these to a limited extent and cannot disable them. However, we ensure that no additional optional statistics are provided to us.

Data Processing by the Social Media Platform Operator

The operator of the social media platform uses web tracking methods, which can occur even if you are not logged in or registered on the platform. As mentioned earlier, we have little control over the platform’s web tracking methods and cannot disable them.

Please be aware that it cannot be ruled out that the social media platform provider uses your profile and behavioral data to analyze your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by the social media platform operator.

Further information on data processing by the platform provider and additional options for objection can be found in the provider’s privacy policy:

• YouTube: [https://www.so-geht-youtube.de/datenschutzerklaerung/] 
• LinkedIn: [https://www.linkedin.com/legal/privacy-policy?_l=de_DE] 
  
  

Where we share joint responsibility with the social media platform for processing your data, you can find the key content of this shared responsibility here:

• LinkedIn: [https://legal.linkedin.com/pages-joint-controller-addendum]
  
  

Your Rights as a User

Under the GDPR, you are entitled to the following rights regarding the processing of your personal data:

1.) Right of Access (Article 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed, and if so, access to the personal data and the information specified in Article 15 GDPR.

2.) Right to Rectification and Erasure (Articles 16 and 17 GDPR):

You have the right to demand the immediate correction of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.

You also have the right to demand the immediate erasure of your personal data if one of the reasons specified in Article 17 GDPR applies, e.g., if the data is no longer required for the intended purposes.

3.) Right to Restriction of Processing (Article 18 GDPR):

You have the right to request the restriction of processing if one of the conditions specified in Article 18 GDPR is met, e.g., if you have objected to the processing for the duration of any verification.

4.) Right to Data Portability (Article 20 GDPR):

In specific cases detailed in Article 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format or to have this data transmitted to a third party.

5.) Right to Object (Article 21 GDPR):

If data is collected based on Article 6(1)(f) GDPR (data processing for legitimate interests), you have the right to object to the processing at any time for reasons related to your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint with a Supervisory Authority

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The complaint may be lodged with a supervisory authority in the Member State of your residence, workplace, or the location of the alleged infringement.