Data privacy

A. General information

1. Our contact details

If you have any questions or suggestions regarding this information or would like to assert your rights, please send your request to

ADFERENCE GmbH
Auf der Hude 74
21339 Lüneburg
Phone: +49 (0) 4131 2173 014
E-Mail: info@adference.com

2. On what basis do we process your data?

The data protection term "personal data" refers to all information that relates to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal permission. We only process personal data with your consent (Art. 6 para. 1 letter a GDPR), to fulfill a contract to which you are a party or at your request to carry out pre-contractual measures (Art. 6 para. 1 letter b GDPR), to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR) or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 para. 1 letter f GDPR).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).

3. Your rights

You control your data! As a data subject, you therefore have the right to assert your data subject rights against us. You have the following rights under the data protection laws that apply to you:

• In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
• You have the right to request that we rectify your data in accordance with Art. 16 GDPR.
• You have the right to demand that we delete your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
• You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
• In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
• If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
• If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

4. Where do we process your data?

In principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we send your data. Some data processing may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permitted if the European Commission has determined that an adequate level of data protection is required in such a third country. This applies to all transfers to countries in this list: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless there is an adequacy decision and unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data from the scope of the GDPR to third countries. You have the option of obtaining or viewing a copy of these EU standard data protection clauses. Please contact us at the address given under Contact.  

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 letter a GDPR.

5. Who do we share your personal data with and why?

In order to provide our services and operate economically as a company, we use various external companies to which we transfer personal data in some cases. If other specific recipients contain personal data for some groups of data subjects, we will inform you about this in Part B.

• Hosting provider: We commission certified service providers to host our data who have the highest security standards.
• IT service providers and SaaS providers: We use the services of various service providers who support us as processors and simplify and optimize our processes.
• Advertising and marketing providers: With the help of various advertising and marketing providers, we aim to raise our profile, promote demand for our services and increase customer loyalty. To this end, campaigns are planned, played out and their success measured and analyzed. As a rule, the providers are also processors.
• Affiliated companies: We are part of a group of companies. It is therefore possible that we may transfer personal data to our parent company or other affiliated companies.
• Administration and authorities: In order to comply with legal regulations or to respond to court orders or other similar official requests, further transfers may take place. This also includes transfers to the tax authorities and tax consultancy/auditing firms.

6. How long do we store your data?

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for ten years and store personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

7. How do we use "cookies" and other tracking technologies?

We use cookies and similar technologies on our websites. We have compiled more information about how we use these technologies in our cookie banner. The banner can be accessed via the footer of our websites. There you will also find a list of other companies that place cookies on our websites and process data on the basis of your consent in accordance with Art. 6 para. 1 letter a GDPR, a list of cookies that we place and an explanation of how you can refuse certain types of cookies.

8. How can you contact our data protection officer?

You can reach our data protection officer using the following contact details:

E-Mail: privacy@adference.com
Herting Oberbeck Datenschutz GmbH
https://www.datenschutzkanzlei.de

‍

B. Special section - How and why we process your data

a. Visitors our website

1) We process personal data that you provide to us via a contact form or chat, for example. This includes, in particular, your e-mail address and the content of the communication. We process this data for the following purposes:

• Communication: processing inquiries and providing assistance,
• Preparation of offers and initiation of contractual relationships,
• Download forms and other content.

‍Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the provision of simple and efficient contact and download options.

2) We process pseudonymous information about the device and browser you are using, server log files, your network connection and your IP address for the following purposes:

• Ensuring the security, operability and stability of our websites, including defense against attacks;
• Integration of third-party content.

‍Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the flawless functionality and stability of the website.

3) We process information about how you behave on the website. This includes the IP address and user IDs, some of which are assigned by third-party providers, and is used for the following purposes:

• Reach measurement and analysis of visitor behavior to optimize our websites, increase customer satisfaction and error analysis;
• (Conversion) tracking for reach measurement;
• Remarketing to attract new customers through personalized display of our advertising.

Legal basis: Consent in accordance with Art. 6 para. 1 letter a) GDPR, which we obtain via the consent banner on our website and which you can revoke or adjust at any time via the footer of the website.

b. Participants in webinars

1) We process the data you provide when you register for our webinars, such as your name, e-mail address and the name of the company you work for. The processing is carried out for the following purposes:

• Registration for and implementation of webinars;
• Sending the webinar recording.

‍Legal basis: Contract fulfillment according to Art. 6 para. 1 letter b) GDPR.

• Sending promotional e-mails with information about us, our services and interesting specialist topics;
• Invitation to further webinars.

Legal basis: Contract fulfillment according to Art. 6 para. 1 letter a) GDPR. Consent can be revoked at any time by sending an email to the contact details above or via the unsubscribe link in the emails .

c. Newsletter subscribers

1) We process the name and contact details that you provide to us when registering for our newsletter for the following purposes:

• Sending personalized advertising mailings with information and updates on our services, promotions and events for the purpose of promoting sales and acquiring new customers;
• Verification of your e-mail address via the double opt-in procedure.

2) We process pseudonymous information about how our newsletter is used (click behavior, opening rate and time, length of stay) for the following purposes:

• Performance measurement to optimize our content and improve our products.

The legal basis for data processing in connection with our newsletter is your consent pursuant to Art. 6 (1) (a) GDPR, which you can revoke at any time by contacting us using the contact details above or by using the unsubscribe link.

d. Users of the ADFERENCE tool

We will provide the ADFERENCE tool from August 2024. Below we explain which data processing is carried out when using the tool.

1) We process your professional contact data provided to us as part of the conclusion of the contract with your employer, such as your name and email address and the password you subsequently choose. In addition, we process communication data that is generated in the course of using our tool, for example when using the integrated chat tool. Processing is carried out for the following purposes:

• Provision of a login option for the ADFERENCE tool;
• Communication and support: Processing of inquiries and assistance with problems;
• Non-commercial communication on technical, contractual and security-related topics (e.g. forgotten password messages).

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 letter f) GDPR in the fulfillment of our contract with your employer.

• Invitation to participate in satisfaction surveys.

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR, which you can revoke at any time by sending us an e-mail or via the unsubscribe link.

2) We process pseudonymous information about the device and browser you are using, server log files, your network connection and your IP address for the following purposes:

• Ensuring the security, operability and stability of our ADFERENCE tool, including defense against attacks.

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the flawless functionality and stability of the website.

3) We process information about how you behave in our tool. This includes the IP address and user IDs, some of which are assigned by third-party providers, and is used for the following purposes:

• Analysis of user behavior to optimize our tool, increase customer satisfaction and error analysis.

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR, which we obtain via the consent banner in our tool and which you can revoke or adjust at any time.

e. Contact persons at service providers/ suppliers/ business partners

1) We process data that you provide to us about yourself and the company in which you work, such as your name, e-mail address and telephone number, for the following purposes:

• Fulfillment of the contract with the company in which you work (this includes contract management, documentation for ongoing cooperation, billing and communication).

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the performance of the contract between the company in which you work and us.

• Invitation to participate in satisfaction surveys.

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR, which you can revoke at any time by sending us an e-mail or via the unsubscribe link.

f. Applicants

1) Data that you provide to us in the course of your application or that a recruitment agency transmits to us. This is information about your CV, your previous career and other data that we process for the following purposes:

• Determining whether employment is possible;
• Initiation of an employment relationship.

Legal basis: Contract initiation in accordance with Art. 6 para. 1 letter b) GDPR and § 26 para. 1 sentence 1 BDSG.

• Fulfillment of statutory retention obligations or defense against legal claims.

Legal basis: Compliance with legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR.

• Inclusion in our talent pool for later contact if no employment relationship is established for the time being.

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR, which you can revoke at any time by contacting us using the contact details above.
‍
If we are unable to offer you employment, we will retain the application documents submitted by you for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

g. Social media visitors

1) Responsibility of the social media providers‍

When you visit our social media pages (Facebook, Instagram, LinkedIn, XING, TikTok) on which we present our company, certain information about you as a visitor is processed.
‍
Further information:
‍
Facebook and Instagram:

• Privacy policy of Meta Platforms Ireland Limited
• Opt-out option

LinkedIn: Privacy Policy of LinkedIn Ireland Unlimited Company

TikTok: Privacy Policy of TikTok Technology Limited

XING: Privacy policy of NEW WORK SE.

2) Joint responsibility of the social media providers and ADFERENCE (joint controllers)

The social media providers collect and process event data and send us anonymized statistics and data for our pages that help us gain insights into the various activities that visitors perform on our site (so-called "Page Insights"). These Page Insights are created based on certain information about people who have visited our site(s)
‍
Further information:
‍
Facebook and Instagram:

• Joint Controller Agreement
• Data subject rights can also be asserted against Meta. You can find more information on this in the privacy policy.

LinkedIn:

• Joint Controller Agreement
• Data subject rights can be asserted via this contact form at LinkedIn. You can contact LinkedIn's data protection officer via this link.
• LinkedIn and ADFERENCE have agreed that the Irish Data Protection Commission is the competent supervisory authority overseeing the processing of Page Insights. You can lodge your complaint with the Irish Data Protection Commission (see www.data protection.ie) or with another supervisory authority.

XING

• Joint responsibility agreement
• You can assert your data subject rights with XING on this website. You can contact XING's data protection officer using this contact form.

TikTok:

• Joint Controller Agreement
• Data subject rights can be asserted via this form at TikTok.
• TikTok and ADFERENCE have agreed that the Irish Data Protection Commission is the competent supervisory authority overseeing the processing of Pages Insights. You can lodge your complaint with the Irish Data Protection Commission (see www.data protection.ie) or with another supervisory authority.
  

3) Under the responsibility of ADFERENCE

We process information that you have made available to us via our social media channels on the respective social media platform. This information may be the name used, contact information or a message to us.
‍
Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in communicating with interested parties and followers.

h. Affected persons in Switzerland

If you are a data subject within the scope of the Swiss Federal Act on Data Protection, the information under this point also applies.

The legal references made in this data protection information are aimed at data subjects in Switzerland in accordance with the comparable provisions of the Federal Act on Data Protection. This applies in particular to the applicable rights of data subjects pursuant to Art. 25-29, 32 FADP.

Data processing also takes place in the following countries outside Switzerland:

• United States of America
• Australia
• Canada
• Countries within the EU/EEA
  

We guarantee an appropriate level of data protection. This is ensured by

• an established adequate level of data protection pursuant to Art. 16 para. 1 FADP for the recipient country;
• Standard data protection clauses that the FDPIC has previously approved, issued or recognized, in particular the standard contractual clauses of the European Commission;
• an international treaty in which an appropriate level of data protection is regulated.