Curated students for 8 industries. We take care of scheduling, contracts, and payroll – you focus on operations.
Above-average pay from €17/hr, real contracts, 8 industries – you decide when you work.
2,000+ companies, 50,000+ students, AÜG licensed - AI-powered matches, human-controlled.
The following information explains how we process personal data when you use
Personal data refers to all data that can be related to a specific natural person, e.g., their name or IP address.
The controller according to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is uCastMe GmbH, Heidestraße 46-52, Berlin, Germany, E-mail: info@ucm.jobs. We are legally represented by Amin Guellil, Dr. Christoph Keding. Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, E-mail: datenschutz@heydata.eu.
We detail the scope of data processing, processing purposes, and legal bases below. The following are generally considered as legal bases for data processing:
When we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission under Art. 45 Para. 3 GDPR guarantee the security of the data during transfer, where such decisions exist, as is the case for example with Great Britain, Canada, and Israel. For data transfers to service providers in the USA, the legal basis for the data transfer is an adequacy decision by the EU Commission, provided the service provider has additionally certified under the EU-US Data Privacy Framework. In other cases (e.g., where no adequacy decision exists), the legal basis for data transfer is generally, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Art. 46 Para. 2 lit. b GDPR, they ensure the security of data transfers. Many providers have provided contractual guarantees beyond the standard contractual clauses, which protect the data further than the standard contractual clauses. These include, for example, guarantees regarding data encryption or regarding a third party's obligation to notify data subjects if law enforcement agencies wish to access data.
Unless expressly stated otherwise in this privacy policy, data stored by us will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent its deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax law reasons.
Data subjects have the following rights concerning their personal data in relation to us:
Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details of the data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
Customers, prospective customers, or third parties are only required to provide us with personal data that is necessary for the establishment, performance, and termination of a business relationship or other relationship, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we will no longer be able to perform an existing contract or other relationship. Mandatory information is marked as such.
For the establishment and execution of a business relationship or other relationship, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, provided this is legally required.
When you contact us, e.g., by email or phone, the data you provide (e.g., names and email addresses) will be stored by us to answer your questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries directed to us. We delete the data collected in this context once storage is no longer necessary, or restrict processing if statutory retention obligations exist.
We reserve the right to inform customers who have already used our services or purchased goods about our offers from time to time by email or other means, provided they have not objected. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional cost, for example via the link at the end of each email or by email to our aforementioned email address. Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Registration takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document, or by another clear action, whereby interested parties declare their consent to the processing of their data, so that the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Consent can be revoked at any time, e.g., by clicking the corresponding link in the newsletter or by notifying our email address provided above. The processing of data until revocation remains lawful even in the event of revocation. Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.
Our website stores information on website visitors' terminal equipment (e.g., cookies) or accesses information already stored on the terminal equipment (e.g., IP addresses). The specific information involved can be found in the following sections. This storage and access is carried out based on the following provisions:
Subsequent data processing is carried out in accordance with the following sections and based on the provisions of the GDPR.
When using the website for informational purposes, i.e., when visitors do not separately submit information to us, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This constitutes our legitimate interest, making Art. 6 para. 1 sentence 1 lit. f GDPR the legal basis. These data are:
These data are also stored in log files. They are deleted when their storage is no longer required, at the latest after 14 days.
Our website is hosted by All-Inkl.com. The provider is René Münnich ("ALL-INKL.COM – Neue Medien Münnich"), Hauptstraße 68, 02742 Friedersdorf. The provider processes personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data, within the EU. Further information can be found in the provider's privacy policy at https://all-inkl.com/datenschutzinformationen/. It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
When you contact us via the contact form on our website, we store the data requested there and the content of the message. The legal basis for processing is our legitimate interest in responding to inquiries directed to us. Therefore, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We delete the data collected in this context once storage is no longer necessary, or restrict processing if statutory retention obligations exist.
We publish job advertisements on our website, on pages linked to our website, or on third-party websites. The data provided during the application process is processed for the purpose of conducting the application procedure. Insofar as this data is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG. We have marked or indicated the data required for the application process accordingly. If applicants do not provide this data, we cannot process the application. Further data is voluntary and not required for an application. If applicants provide additional information, the basis is their consent (Art. 6 para. 1 sentence 1 lit. a GDPR). We ask applicants to refrain from including information about political opinions, religious beliefs, and similarly sensitive data in their CVs and cover letters. This information is not required for an application. If applicants nevertheless provide such information, we cannot prevent its processing as part of the CV or cover letter processing. Its processing is then also based on the applicants' consent (Art. 9 para. 2 lit. a GDPR). Finally, we process applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We pass on applicants' data to the relevant human resources staff, to our processors in the recruiting sector, and to other employees involved in the application process. If we enter into an employment relationship with an applicant following the application process, we will only delete the data after the termination of the employment relationship. Otherwise, we will delete the data no later than six months after an applicant has been rejected. If applicants have given us their consent to use their data for further application procedures, we will delete their data one year after receiving the application.
Website visitors can book appointments with us on our website. For this purpose, in addition to the data entered, we process meta or communication data. We have a legitimate interest in offering prospective customers a user-friendly way to schedule appointments. Therefore, the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If we use a third-party tool for scheduling, information about it can be found under "Third-Party Providers".
We offer services for businesses via our website. In this context, we process the following data during the order process:
The data is processed for the performance of the contract concluded with the respective website visitor (Art. 6 para. 1 sentence 1 lit. b GDPR).
Our website uses cookies. Cookies are small text files that are stored in the web browser on a visitor's device. Cookies help to make the offering more user-friendly, effective, and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter referred to as "Technically necessary cookies"), the legal basis for the associated data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in providing a functional website to customers and other visitors. Specifically, we use technically necessary cookies for the following purposes:
We use HubSpot for analysis, marketing automation, and lead generation. The provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin. The provider processes content data (e.g., entries in online forms), meta/communication data (e.g., device information, IP addresses), and usage data (e.g., visited websites, interest in content, access times) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in managing data in a simple and cost-effective way. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy.
We use Pipedrive for lead management. The provider is Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. The provider processes master data (e.g., names, addresses), meta/communication data (e.g., device information, IP addresses), and contact data (e.g., email addresses, phone numbers) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in managing lead data for direct marketing purposes. We delete the data when the purpose of its collection ceases to apply. Further information can be found in the provider's privacy policy at https://www.pipedrive.com/en/privacy.
We use GDPR Legal Cookie for consent management. The provider is beeclever GmbH, Universitätsstraße 3, 56070 Koblenz. The provider processes meta/communication data (e.g., device information, IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in easily managing website visitors' cookie consents. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://gdpr-legal-cookie.com/pages/datenschutzerklarung.
We use Elementor for website creation. The provider is Elementor LTD., Tuval St 40, Ramat Gan, Israel. The provider processes meta/communication data (e.g., device information, IP addresses) and usage data (e.g., visited websites, interest in content, access times) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in setting up and maintaining a website and presenting ourselves externally. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://elementor.com/terms/.
We use Contact Form 7 for creating websites. The provider is Rock Lobster, LLC, 777 W. ROOSEVELT ST. UNIT 5, PHOENIX, 85007, Maricopa, AZ, USA. However, processing only takes place on our servers. The provider processes contact data (e.g., email addresses, phone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the EU. The legal basis for processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in setting up and maintaining a website and thus presenting ourselves externally. The data is deleted when the purpose for its collection has ceased and no retention obligation prevents it. Further information can be found in the provider's privacy policy at https://contactform7.com/privacy-policy/.
We use crisp.chat for customer support and communication with customers. The provider is Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France. The provider processes meta/communication data (e.g., device information, IP addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., entries in online forms) in the EU. The legal basis for processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in easily responding to our customers' inquiries. The data is deleted when the purpose for its collection has ceased and no retention obligation prevents it. Further information can be found in the provider's privacy policy at https://crisp.chat/de/privacy/.
We use heyflow for creating click funnels. The provider is Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg. The provider processes meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the EU. The legal basis for processing is Art. 6 (1) sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing up to the point of withdrawal. The data is deleted when the purpose for its collection has ceased and no retention obligation prevents it. Further information can be found in the provider's privacy policy at https://heyflow.com/de/datenschutz.
We use Google Analytics for analysis. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 (1) sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing up to the point of withdrawal. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision pursuant to Art. 45 (3) GDPR, has decided that the third country offers an adequate level of protection. The data is deleted when the purpose for its collection has ceased and no retention obligation prevents it. Further information can be found in the provider's privacy policy at https://business.safety.google/privacy/.
We use Google Tag Manager for advertising and analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 (1) sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing up to the point of withdrawal. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision pursuant to Art. 45 (3) GDPR, has decided that the third country offers an adequate level of protection. We delete the data when the purpose for its collection has ceased. Further information can be found in the provider's privacy policy at https://business.safety.google/privacy/.
We use Calendly for scheduling appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), contact data (e.g., email addresses, phone numbers), master data (e.g., names, addresses) in the USA. The legal basis for processing is Art. 6 (1) sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing up to the point of withdrawal. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision pursuant to Art. 45 (3) GDPR, has decided that the third country offers an adequate level of protection. We delete the data when the purpose for its collection has ceased. Further information can be found in the provider's privacy policy at https://calendly.com/pages/privacy.
We use Zapier for automations between applications. The provider is Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in easily connecting the applications in our company and thus optimizing our workflow. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission, within the framework of an adequacy decision pursuant to Art. 45 (3) GDPR, has decided that the third country offers an adequate level of protection. We delete the data when the purpose for its collection has ceased. Further information can be found in the provider's privacy policy at https://zapier.com/privacy.
We use OneSignal for communication with customers. The provider is OneSignal, 2850 S Delaware St Suite 201, San Mateo, CA 94403, USA. The provider processes meta/communication data (e.g., device information, IP addresses), content data (e.g., entries in online forms), contact data (e.g., email addresses, phone numbers) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in optimizing interaction with our customers and other individuals. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued in accordance with the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed upon with the provider. We delete the data when the purpose of its collection ceases to apply. Further information can be found in the provider's privacy policy at https://onesignal.com/privacy_policy.
We use TikTok Pixel for advertising and analysis. The provider is TikTok, Inc., 10100 Venice Blvd Suite 401 Culver City, CA 90232, USA. The provider processes meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued in accordance with the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed upon with the provider. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://www.tiktok.com/legal/privacy- policy?lang=de.
We use Mailchimp for email marketing and email management. The provider is Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. The provider processes content data (e.g., entries in online forms), meta/communication data (e.g., device information, IP addresses), contact data (e.g., email addresses, phone numbers), usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of data transferred to the third country (i.e., a country outside the EEA) is ensured because the EU Commission, within the framework of an adequacy decision pursuant to Art. 45 para. 3 GDPR, has determined that the third country offers an adequate level of protection. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://mailchimp.com/legal/privacy/.
We use WhatsApp API for API development and communication. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes master data (e.g., names, addresses), meta/communication data (e.g., device information, IP addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., entries in online forms), usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in developing new applications easily. The transfer of personal data to a country outside the EEA is based on an adequacy decision. The security of data transferred to the third country (i.e., a country outside the EEA) is ensured because the EU Commission, within the framework of an adequacy decision pursuant to Art. 45 para. 3 GDPR, has determined that the third country offers an adequate level of protection. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://www.whatsapp.com/legal/updates/privacy-policy-eea.
We use ElevenLabs to generate voices for artificial intelligence functions. The provider is ElevenLabs Inc.; 169 Madison Ave #2484, New York, NY 10016, United States. The provider processes content data (e.g., entries in online forms) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal. The transfer of personal data to a country outside the EEA is based on standard contractual clauses. The security of data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued in accordance with the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed upon with the provider. The data will be deleted when the purpose of its collection ceases to apply and no retention obligations prevent deletion. Further information can be found in the provider's privacy policy at https://elevenlabs.io/privacy.
We have integrated a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g., IP addresses) within the EU. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in providing website visitors with confirmation of our data protection compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, which is why a mere image copy of the certificate is not a viable alternative for confirmation. The data is masked after collection so that it can no longer be linked to an individual. Further information can be found in the provider's privacy policy at https://heydata.eu/datenschutzerklaerung.
Provision of online services
For the provision of our online services, we use an external service provider: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter "Perspective"). Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America, as Perspective uses sub-processors based in the USA. Since July 2023, the EU-US Data Privacy Framework (DPF) adopted by the EU Commission has served as the legal basis for these potential transfers. Perspective's sub-processors are thereby committed to a high level of data protection. Nevertheless, there remains a risk that your data could be processed by US authorities for control and monitoring purposes. Therefore, for such data transfers to the United States, Perspective offers additional measures and guarantees in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, by concluding standard contractual clauses between Perspective and the sub-processors.I. Description and Scope of Data Processing
Perspective processes your data for us so that we can provide you with our online services. For this purpose, Perspective automatically transmits your IP address to deliver the content and functions of our online services to your browser or device. The following data may be collected:
Perspective stores the data mentioned under I. in so-called log files. This is done to ensure
The temporary storage of the IP address by the system is also necessary to enable the delivery of the website to your computer. For this purpose, your computer's IP address must remain stored for the duration of the session. These purposes also constitute our legitimate interest in data processing. The legal basis for data processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR.
The personal data processed by Perspective will be deleted as soon as it is no longer required for the purpose for which it was collected:
You have the right at any time to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the rectification, blocking, or erasure of this data. For this and other questions regarding data protection, you can contact us at any time at the address provided in the imprint. Furthermore, in the event of violations of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.Because data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation. If you object, we will no longer process your affected personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21 para. 1 GDPR). Since the collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of our website, there will usually be no possibility for you to object.Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.Contact and Inquiry ManagementFor the provision of contact, inquiry, or application forms, we use an external service provider: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter "Perspective"). Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America, as Perspective uses sub-processors based in the USA. Since July 2023, the EU-US Data Privacy Framework (DPF) adopted by the EU Commission serves as the legal basis for these potential transfers. Perspective's sub-processors thereby commit to a high level of data protection. Nevertheless, there remains a risk that your data could be processed by US authorities for control and surveillance purposes. Therefore, for such data transfers to the United States, Perspective offers additional measures and guarantees in accordance with GDPR requirements to ensure an adequate level of protection. For example, through the conclusion of standard contractual clauses between Perspective and the sub-processors.I. Description and Scope of Data ProcessingWhen using Perspective's contact, inquiry, or application forms, the following data is transmitted to Perspective's servers:
The purpose of this data processing is to ensure the communication initiated by you. The processing of your data from contact, inquiry, or application forms is therefore initially based on your consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. If an inquiry form leads to the initiation of a contract, the legal basis is also Art. 6 para. 1 sentence 1 lit. b GDPR. The legal basis for processing data in an application form can be, in addition to Art. 6 para. 1 sentence 1 lit. f GDPR, also Art. 88 GDPR in conjunction with Section 26 BDSG.
Your personal data will be stored for as long as necessary to fulfill the processing purpose, or until you revoke your consent. Exempt from this principle are data that Perspective must retain due to legal obligations. These include, for example, commercial and tax law retention obligations. These retention periods are – currently – up to ten years. For application data, if no employment relationship is established, your data will be deleted no later than six months after the completion of the application process, unless you have expressly consented to longer storage.
You have the right at any time to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification, blocking, or erasure of this data. For this and other questions on the subject of data protection, you can contact us at any time at the address given in the imprint. Furthermore, in the event of violations of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. You can revoke your consent to data processing at any time by informal notification to us (e.g., by email). The revocation does not affect the legality of the processing carried out based on the consent until the revocation. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.”
We are present on social media networks to present our organization and services there. The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertisements on the network pages and elsewhere on the internet that match the users' interests. To do this, the network operators store information about user behavior in cookies on the users' computers. It is also possible that the operators combine this information with other data. Further information and instructions on how users can object to processing by the site operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning they process data there. This can create risks for users, e.g., because enforcing their rights becomes more difficult or government agencies gain access to the data. If network users contact us via our profiles, we process the data provided to us to answer their inquiries. This constitutes our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://www.facebook.com/policy.php. You can object to data processing via ad settings: https://www.facebook.com/settings?tab=ads. Based on an agreement, we are jointly responsible with Facebook, in the sense of Art. 26 GDPR, for processing the data of visitors to our profile. Facebook explains exactly what data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can assert their rights both with us and with Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Therefore, data subjects will receive a quicker response if they contact Facebook directly.
We maintain a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://help.instagram.com/519522125107875.
We maintain a profile on TikTok. The operator is TikTok Technology Limited, whose registered office is at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The privacy policy can be found here: https://www.tiktok.com/de/privacy-policy.
We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy can be found here: https://policies.google.com/privacy?hl=de.
We maintain a profile on X. The operator is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy can be found here: https://twitter.com/de/privacy. You can object to data processing via the ad settings: https://twitter.com/personalization.
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. You can object to data processing via the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We maintain a profile on Xing. The operator is New Work SE, Dammtorstraße 29- 32, 20354 Hamburg. The privacy policy can be found here:https://privacy.xing.com/de/datenschutzerklaerung.
We reserve the right to amend this privacy policy with future effect. An up-to-date version will always be available here.
For questions or comments regarding this privacy policy, please feel free to contact us using the details provided above.
