Privacy policy

VI. Tracking and analysis tools

1. Leadinfo

We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This recognizes visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behavior on our website and processes domains from form entries (e.g. “leadinfo.com”) in order to correlate IP addresses with companies and improve services. Further information can be found at www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. If you opt out, your data will no longer be collected by Leadinfo .

2. Mouseflow

We have integrated Mouseflow on this website. The provider is Mouseflow Inc, 106 E 6th St #900, Austin Texas, 78701, USA.

By using Mouseflow, we can analyze the behavior of visitors to our website. This helps to improve the operator’s website and offer visitors a more pleasant user experience.

To achieve this goal, mainly click paths from individual visits, known as “session replay”, are collected. Meanwhile, information is primarily collected about the way users interact with the website, such as by clicking or touching, moving the mouse, scrolling and browsing the pages. We also record all keystrokes via Mouseflow.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time.

You can also deactivate tracking via Mouseflow via the following link: https://mouseflow.com/opt-out/.

Further details can be found in the provider’s privacy policy at https://mouseflow.com/legal/visitor/privacy-policy/ and https://mouseflow.com/legal/gdpr/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TS56AAG&status=Active

Data Processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

VII. Your rights / rights of the data subject

According to the EU General Data Protection Regulation, you have the following rights as a data subject:

1. Right to information

You have the right to receive information from us as the controller as to whether and which personal data concerning you is processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.

You can assert your right to information at: info@dammbierbaum.de.

2. Right to rectification

If the personal data processed by us and relating to you is incorrect or incomplete, you have a right to rectification and/or completion. The correction will be made immediately.

3. Right to restriction

You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR).

4. Right to erasure

If the reasons set out in Art. 17 GDPR apply, you can demand that the personal data concerning you be deleted immediately.

We would like to point out that the right to erasure does not exist if the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

6. Right to data portability

Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

7. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to object

Furthermore, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 1 sentence 1 lit. GDPR.

9. Automated decision-making in individual cases, including profiling

Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10. Right to lodge a complaint with a supervisory authority

Finally, if you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

11. Data transfer outside the EU

The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services. We only authorise the processing of your data in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU by the EU Commission or compliance with officially recognised special contractual obligations, the so-called “standard data protection clauses”.

12 EU-US Trans-Atlantic Data Privacy Framework

As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search

13. data processing under the Swiss DPA

In principle, the use of our website is subject to the statutory provisions of the GDPR. If you also visit our website from Switzerland and insofar as the associated data processing also affects you as a Swiss citizen, these data protection provisions also apply to you under the Swiss Federal Act on Data Protection (“Swiss FADP” in the version of September 1, 2023), analogous to the GDPR.

The Swiss Data Protection Act does not provide for a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, is carried out in good faith and is proportionate in accordance with Art. Art. 6 para. 1 and 2 of the Swiss Data Protection Act. Furthermore, your data will only be collected by us for a specific purpose that is recognizable to the data subject and will only be processed in such a way that it is compatible with these purposes in accordance with Art. 6 para. 1 lit. a GDPR. Art. 6 para. 3 of the Swiss DPA.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss FADP. For example, the GDPR terms “processing” of “personal data”, “legitimate interest” and “special categories of data” used in this data protection notice correspond to the terms “processing” of “personal data”, “overriding interest” and “sensitive personal data” used in the Swiss FADP.

The data subject rights set out here pursuant to Art. 12 et seq. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 et seq. of the Swiss Data Protection Act.

14. minors under the age of 16

Minors under the age of 16 are expressly not addressees of our website and our offers on this website. We would like to point out that legal guardians must supervise the online activities of their children. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect it and do not pass it on to third parties.

VIII. Use of Calendly

We use Calendly, a planning and organisation tool, to arrange appointments as part of the application process on our website. The service provider is the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.

The data used are name, email address and telephone number. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the appointment will be automatically deleted after the appointment and the completion of your enquiry.

Calendly also processes data in the USA, among other places. Calendly uses standard contractual clauses approved by the EU Commission (Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients based in third countries (countries outside the direct scope of the GDPR) or for data transfer there. These clauses oblige Calendly to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. Further information about Calendly and Calendly’s data protection can be found at: https://calendly.com/de/privacy.

IX. Social Media

We currently use the following social media platforms:

Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy: https://www.facebook.com/about/privacy/

Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Supplementary agreement Insights data: https://www.facebook.com/legal/terms/page_controller_addendum

Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy & Opt-Out: http://instagram.com/about/legal/privacy

LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

TikTok
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Privacy Policy & Opt-Out: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE

YouTube (Google)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy policy: https: //policies.google.com/privacy

Opt-out: https://adssettings.google.com/authenticated

X (formerly Twitter)
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
Privacy Policy: https://twitter.com/de/privacy

Opt-out: https://twitter.com/settings/account/personalization

X. Social Media presence

We maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services.

We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g. when enforcing your rights under European / German law).

As a rule, user data is processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. These user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users’ personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR. If users are asked by the respective providers for consent to data processing (i.e. they give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a. GDPR.

Further information on the processing of your personal data and your options to object can be found under the links provided by the respective provider. Data subjects can also assert their rights to information and other rights against the providers, but only those who have direct access to the user’s data and have the relevant information. We are of course available to answer any queries you may have and will support you if you need help.

A supplementary agreement is concluded with some social media platforms when operating a fan page. According to this agreement, data subject rights can generally be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of Insights data lies with the social media platform and it fulfils all obligations under the GDPR with regard to the processing of Insights data. In this context, the social media platform makes the essentials of the Page Insights supplement available to the data subjects.

As the operator of the fan page, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, such as the legal basis, the identity of the controller and the storage period of cookies on user devices.

XI. Newsletter

1. General information

We send an irregular newsletter to customers and interested business contacts, in which we provide information about current agency developments and industry topics. We store the data that you manually transmit or make available to us in the course of getting to know us via business cards or if you are interested in receiving a newsletter. We use the CRM system “Insightly” for data collection and storage (see point 4). We use the newsletter distribution platform Mailchimp to send the newsletter (see point 5).

We require and use the following data to send the newsletter: Title (Mrs/Mr), surname, email address.

Your data will not be passed on. The data will be used exclusively for sending the newsletter.

2. Legal basis

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The collection of the user’s email address serves to deliver the newsletter.

3. Cancellation, revocation and objection

You can cancel your subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose.

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.

4. Storage of the address data

The information entered when registering for the newsletter is processed in the Insightly CRM system of Insightly Inc, 680 Folsom St., San Francisco, California 94107. Insightly is subject to the requirements and certifications of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. You can view Insightly’s privacy policy here: www.insightly.com/privacy-policy

5. Dispatch service provider

The newsletter is sent using “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email address, title (female/male) and surname of our newsletter recipients and other data described under point 6 are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and analyse the newsletter on our behalf. Furthermore, MailChimp may, according to its own information, use this data to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.

We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with EU data protection regulations. You can view MailChimp’s privacy policy here: www.mailchimp.com/legal/privacy

6. Statistical survey

We would like to point out that we evaluate your user behavior when sending the newsletter in order to continuously optimize our newsletter.
Information on various general or personal activities is collected for this purpose. The following factors are tracked: opening rate, click rate, successful or unsuccessful delivery (bounces), unsubscribers,
opening time, clicked links/URLs, opening frequency per recipient or email domain, performance of embedded links.

XII. Making contact

It is possible to contact us via the telephone number and e-mail address provided on our website. In this case, the user’s personal data transmitted with the e-mail will be stored.

Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication.

The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 sentence 1 lit. b GDPR.

Should further personal data be processed during the sending process, this will only be used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

XIII. Processing of (personal) data by the operator of our recruiting site

Information on data protection for applications

Our recruiting site is operated by Personio SE & Co. KG, a company based in Germany that offers personnel administration and application management software (https://www.personio.de/impressum). Die im Rahmen Ihrer Bewerbung übermittelten Daten werden per TLS-Verschlüsselung übertragen und in einer Datenbank gespeichert. Für diese Daten ist allein die DAMM & BIERBAUM GmbH verantwortlich im Sinne von Art. 24 DSGVO, das dieses Online-Bewerbungsverfahren durchführt. Personio ist lediglich Betreiber der Software und der Recruiting-Seite und in dem Zusammenhang Auftragsverarbeiter nach Art. 28 DSGVO. Die Grundlage für die Verarbeitung durch Personio ist hierbei ein Vertrag zur Auftragsverarbeitung zwischen der verantwortlichen Stelle und Personio. Zudem verarbeitet die Personio SE & Co. KG zur Erbringung ihrer Dienstleistungen, insbesondere für den Betrieb der Recruiting-Seite, weitere Daten, die zum Teil auch personenbezogene Daten sein können.

You can find more information here: https://damm-bierbaum-gmbh.jobs.personio.de/privacy-policy?language=en