Privacy policy

Thank you for your interest in our company. Protecting your personal data is a matter of great importance to us. With this privacy information, we would like to inform you about the nature, scope, and purpose of the processing of personal data within our website, its functions and content, as well as our external online presences, such as our social media channels. Your data will be processed in accordance with the legal regulations on data protection. We have no influence or control over the content or data protection policies of linked websites. We recommend checking the privacy policies on the linked websites. 

The privacy policy for visitors and contractual partners can be found here. 

Responsible Entity in Terms of Data Protection Laws 

One Data GmbH
Kapuziner Straße 2C
94032 Passau
Germany
Email: dataprotection@onedata.de 

Contact Details of the Data Protection Officer 

PROLIANCE GmbH
Datenschutzexperte.de
Leopoldstr. 21
80802 Munich
Email: datenschutzbeauftragter@datenschutzexperte.de 

Please mention One Data GmbH directly in the subject line when contacting the data protection officer. Please refrain from including sensitive information such as a copy of your ID in your request. 

Definitions 

Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) are used. The official definitions are explained in Art. 4 GDPR. 

Data Processing Through Visiting the Website 

When you access our web pages, it is technically necessary for data to be transmitted to our web server via your internet browser. This website is hosted by an external service provider, Raidboxes, in Germany. Personal data collected on this website are stored on the host’s servers. We have concluded a data processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige them to protect our customers’ data and not to disclose them to third parties. 

Server Log Files 

The following data can be recorded during an ongoing connection for communication between your internet browser and our web server: 

  • Date and time of the request 
  • Time zone difference to GMT 
  • Page from which the file was requested 
  • The internet site from which an accessing system reaches our website (so-called Referrer-URL) 
  • Browser type and version used and operating system used 
  • Full IP address of the requesting computer 
  • Transferred amount of data 
  • Used protocol 
  • HTTP status code. 

These listed data are collected to ensure a smooth connection setup of the website and a technically error-free provision of our services. Additionally, the log file serves the evaluation of system security and stability as well as administrative purposes. The legal basis for processing the data is our legitimate interest in a correct presentation and functionality of our website according to Art. 6 para. 1 lit. f GDPR. 

The data are anonymized by shortening the IP address at the domain level after no later than seven (7) days, making it impossible to relate them to any individual user. In anonymized form, the data may also be processed for statistical purposes. Storage of these data together with other personal data of the user, a comparison with other databases, or a transfer to third parties does not occur at any time. 

We use HubSpot for marketing activities on our website – a software application of HubSpot Germany GmbH (“HubSpot”). Provided you have given your consent according to Art. 6 para. 1 s. 1 lit. a GDPR, processing on this website is for the purpose of website analysis. The data will be deleted as soon as they are no longer required for the purpose of their collection. Deletion of the data takes place no later than 13 months after their collection. Further information on data processing by HubSpot can be found in the section “HubSpot”. 

Cookies 

Our website uses cookies, which are stored by the browser on your device and contain certain settings for using the website (e.g., for the current session). Cookies are used to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your device until you delete them or the storage period expires. These cookies enable us to recognize your browser on your next visit. 

Partially, cookies serve to simplify website processes by storing settings (e.g., maintaining already selected options). If individual cookies implemented by us also process personal data, processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website, as well as a customer-friendly and efficient design of the site visit. You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Please note that the functionality of this website may be limited if cookies are disabled. 

You can revoke or change your cookie settings on our website at any time. To do so, call up the cookie settings again via our integrated fingerprint. You can find this at any time at the bottom left of the website. 

Duration of Storage of Personal Data 

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data are routinely deleted, provided they are no longer necessary for the fulfillment of the contract or the initiation of a contract and/or there is no longer any legitimate interest on our part in the further storage. 

Contacting Us 

When you contact us via contact form, email, or our social media channels (e.g., posts, comments, or private messages), your details from the inquiry form, your email, or direct message including the contact details you provided there will be stored by us to process your inquiry. Providing your data is necessary for processing and answering your inquiry – without their provision, we cannot answer your inquiry or can only provide limited responses. The data may be stored in our Customer Relationship Management System (“CRM system”) or a comparable inquiry organization. When contacting us via our social media channels (e.g., posts, comments, or private messages), please note that the respective social media provider also transmits your information to us. Therefore, the terms and conditions and privacy notices of the respective social media platform operator apply. 

The legal basis for the processing of the data is our legitimate interest in responding to your concerns according to Art. 6 Para. 1 lit. f GDPR and, if applicable, Art. 6 Para. 1 lit. b GDPR if your request is aimed at concluding a contract. You can revoke your consent at any time for the future. Your data will be deleted after final processing of your inquiry if the inquiry has been conclusively answered and there are no legal storage obligations to the contrary. In the case of Art. 6 Para. 1 lit. f GDPR, you can object to the processing of your personal data at any time. 

Newsletter 

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your email address as a mandatory field. For sending the newsletter, we use the so-called double opt-in procedure, meaning we will only send you our newsletter by email if you have explicitly confirmed to us beforehand that you agree to receive newsletters. You will receive a notification email with a link that you can use to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. With the confirmation, you give us your consent according to Art. 6 Para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch. 

When registering for the newsletter, we store, in addition to the email address required for sending, the date and time of registration and confirmation to be able to trace any possible misuse at a later point in time. You can unsubscribe from the newsletter at any time via the link inserted in every newsletter or by sending an email to the responsible person mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, provided you have not expressly consented to the further use of the collected data or the further processing is otherwise legally permitted. 

We also process your data for the analysis of newsletter campaigns. For this evaluation, the emails sent include so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For the analysis, we record when you read our newsletters and which links you click on in them, and conclude your personal interests from this. We link this data to actions you have taken on our website. The information is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for the analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. 

The dispatch of our e-mail newsletters is carried out via the technical service provider HubSpot Germany GmbH (“HubSpot”), to whom we pass on the data you provided when registering for the newsletter. Further information about HubSpot can be found in the section “Analysis of website activity”. 

Whitepapers 

We offer you the opportunity to use free services (e.g., access to whitepapers) via our website. 

HubSpot 

HubSpot is a software company from the USA with a branch in Germany, HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin. We use this integrated software solution for our own marketing, lead generation, and customer service purposes. These include email marketing, which regulates the sending of newsletters as well as automated mailings, social media publishing & reporting, contact management such as user segmentation and CRM, and contact forms. 

HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your device and enable us to analyze your use of the website. The information collected (e.g., IP address, geographic location, type of browser, duration of the visit, and pages accessed) is evaluated by HubSpot on our behalf so that we can generate reports about the visit and the pages visited. The information collected by HubSpot and the content of our website are stored on servers of HubSpot’s service providers. Since the transfer of personal data by HubSpot to affiliated companies and subcontractors in countries outside the EU and the EEA is possible, HubSpot is certified according to the EU-U.S. Data Privacy Framework. 

Zapier 

We have integrated Zapier. The provider is Zapier Inc., Market St. #62411, San Francisco, CA 94104-5401, USA (“Zapier”). 

Zapier allows us to link various functionalities, databases, and tools with our website and synchronize them with each other. This way, for example, content that we publish on our website can be automatically played out on our social media channels, or content from marketing and analysis tools can be exported. Depending on the functionality, Zapier can also collect various personal data. In particular, Zapier may have access to the contact details of our customers or prospects. Zapier processes this data for us as a processor within the meaning of Art. 28 GDPR exclusively according to our instructions (and not for its own purposes of Zapier or third parties). We have concluded a data processing agreement with Zapier, in which we oblige it to protect our customers’ data and not to pass them on to third parties. 

The use of Zapier is based on Art. 6 Para. 1 lit. f GDPR. As a website operator, we have a legitimate interest in automating actions between different apps to improve our internet presence and make it more time-efficient. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. 

The collected data is processed on servers in the USA. Zapier is an active participant in the EU-US Data Privacy Framework. 

For more information about privacy at Zapier, visit: https://zapier.com/privacy/ and https://zapier.com/tos. 

Google Services 

Our website uses various services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), in the context of which personal data may be transmitted to Google. The setting of cookies by Google Analytics, Ads, and Optimize, and the corresponding processing by Google are based on Art. 6 Para. 1 lit. f GDPR. As a website operator, we have a legitimate interest in the quick and uncomplicated integration and management of various tools on our website as well as in analyzing user behavior to optimize our web offer and our advertising. If the corresponding consent has been requested (e.g., consent to store cookies), processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR. We have concluded a data processing agreement with Google, in which we oblige it to protect our customers’ data and not to pass them on to third parties. 

The collected data can also be transferred to the USA and other third countries according to Google’s statement. Google is an active participant in the EU-US Data Privacy Framework. 

The terms of use of Google and information on data protection can be accessed via the following links: https://marketingplatform.google.com/about/analytics/terms/us/ and under https://www.google.com/intl/en/policies/ and https://support.google.com/analytics/answer/6004245?hl=en. 

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. Deletion of data at the user and event level, linked to cookies, user identifiers (e.g., User ID), and advertising IDs, takes place no later than 14 months after their collection. 

You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. 

Google Analytics 

We use Google Analytics, a web analytics service provided by Google, which uses so-called cookies to collect data on website usage. Google uses this information to evaluate your use of our website on our behalf and to compile reports on website activities. Google may also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We only use Google Analytics with activated IP anonymization, meaning your IP address will only be processed by Google in a shortened form. 

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager does collect your IP address, which can also be transmitted to Google’s parent company in the United States. 

Our website uses the “demographic features” function of Google Analytics. This allows reports to be generated that contain statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. Assigning the data to a specific person is not possible. You can deactivate this function at any time. This can be done via the ad settings in your Google account or by generally prohibiting the collection of your data by Google Analytics as explained in the item “Objection to data collection”. 

Google Ads and Conversion Tracking 

Google Ads is an online advertising program. With the help of Google Conversion Tracking, Google and we can recognize whether the user has carried out certain actions. After clicking on an ad placed by Google, a cookie for conversion tracking is set. Google Ads cookies lose their validity after 30 days and are not used for personal identification of the users. Through the cookie, Google and we can recognize that you clicked on an ad and were redirected to our website. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that can be used to personally identify users. Google itself uses cookies or comparable recognition technologies for identification. If you do not want to participate in tracking, you can object to its use. Here, the conversion cookie in the user settings of the browser is to be deactivated. Then no inclusion in the conversion tracking statistics takes place. 

Google Ads Remarketing 

With Google Ads Remarketing, we can assign people who interact with our online offer to certain target groups in order to then display interest-based advertising to them in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. This way, interest-based, personalized advertising messages that have been adapted to you based on your previous usage and browsing behavior on one end device (e.g., mobile phone) can also be displayed on another of your end devices (e.g., tablet or PC). 

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/. 

LinkedIn Insight Tag 

Our website uses the conversion tracking tool LinkedIn Insight Tag. The provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection-related aspects in the European Economic Area (EEA), the EU, and Switzerland, the company LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible. 

This tool creates a cookie in your web browser, which enables the collection of, among other things, the following data: IP address, device and browser properties, and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share personal data with us but provides anonymized reports on the website audience and display performance. If a website visitor is registered with LinkedIn, we can analyze his or her professional key data (e.g., career level, company size, country, location, industry, and job title) and thus better align our website with the respective target groups. LinkedIn Insight Tag also offers a retargeting function, which allows us to display targeted advertising to visitors to our website outside the website, with LinkedIn stating that no identification of the advertising addressee takes place. 

LinkedIn will store the collected personal data of website visitors on its servers in the USA and use them as part of its own advertising measures. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. 

The use of LinkedIn Insight is based on Art. 6 Para. 1 lit. f GDPR. As a website operator, we have a legitimate interest in effective advertising measures, including social media. If the corresponding consent has been requested (e.g., consent to store cookies), processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR. Your consent can be revoked at any time. 

The collected data can also be transferred to the USA and other third countries according to LinkedIn’s statement. LinkedIn is a subsidiary of Microsoft LLC. Microsoft is an active participant in the EU-US Data Privacy Framework. 

Registration for Our Webinars (GoToWebinar) 

We offer you the opportunity to register for our webinars on our website. The webinars themselves are held via the GoToWebinar platform. GoToWebinar is operated by GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, Ireland. We have concluded a data processing agreement with GoTo, in which we oblige them to protect our customers’ data and not to pass them on to third parties. The integration of GoToWebinar serves the technically flawless execution of the webinar with professional tools. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. 

When you register for a webinar on our website, you must provide your email address, first and last name, company name, country, job title, and telephone number. To participate in the webinar, you must confirm the email sent to you and will then be redirected to GoToWebinar. Therefore, please also note GoTo’s privacy policy at https://www.goto.com/company/legal/privacy. 

Social Networks 

Social networks (Instagram, Facebook, LinkedIn, Twitter, and XING) are either linked to the respective services on our website or we use so-called Shariff buttons (from the German computer magazine c’t), which prevent the transmission of personal data before clicking the respective button. After clicking the integrated text/image link, you will be redirected to the page of the respective provider. Only after the redirection will user information be transmitted to the respective provider. Please refer to the respective privacy policies of the providers you use for information on how they handle your personal data when using these websites. 

To display social media content on our website, we use the service Flockler, Flockler Oy, Rautatienkatu 26 B 32, 33100 Tampere, Finland, which aggregates relevant social media channels and displays them on our website (“Social Media Wall,” in this case, a collection of different posts from the social media channels of One Data). By interacting with the respective content, a connection to Flockler’s servers is established. In the process, your IP address is transmitted. When loading the content, data is also passed on to the respective social media providers. This also applies if you are not logged in to the respective social media provider or do not have an account with them. We point out that as the operator of this site, we have no knowledge of the content of the transmitted data or their use by the social media provider. For more information, please see the privacy policy of the providers. 

The use of the Flockler plugin is based on your consent according to Art. 6 Para. 1 lit. a GDPR. The privacy policy and further information on Flockler can be found at: https://flockler.com/privacy-policy  

During your first visit to our website, a pop-up banner appears, pointing out the cookies on the site and thus also the connection to Flockler (see Cookies). The Social Media Wall only collects your data if you click “Accept all” in the cookie banner or tick “Marketing” in the cookie settings. If you do not do this, only the content of the Social Media Wall will not be displayed, but you will still have access to a large part of the content of our website. 

YouTube 

For the integration and display of video content, our website uses plugins from YouTube. The video portal’s provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The use of YouTube is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. 

We use the “extended data protection mode” option provided by YouTube. When you visit a page with an embedded YouTube video, a connection to YouTube’s servers is established. YouTube is informed about which specific subpage of our website you have visited. According to YouTube’s statements, your data – especially device-specific information, including the IP address – is only transmitted to the YouTube server in the USA when you actively click on the video. YouTube can directly assign your surfing behavior to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand. 

The collected data can also be transferred to the USA and other third countries according to YouTube’s statement. YouTube is a 100% subsidiary of Google LLC. Google is an active participant in the EU-US Data Privacy Framework. 

For details on handling user data, please refer to YouTube’s privacy policy at: https://www.google.com/intl/en/policies/privacy/. 

Applications 

If you apply for a job with us, you can find the relevant privacy policy directly in the application form or at this link. 

Data Transfer and Recipients 

Your personal data will not be transferred to third parties, except 

  • if we have explicitly pointed it out in the description of the respective data processing. 
  • if you have given your express consent according to Art. 6 Para. 1 S. 1 lit. a GDPR, 
  • the disclosure according to Art. 6 Para. 1 S. 1 lit. f GDPR is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data, 
  • in the event that there is a legal obligation for the transfer according to Art. 6 Para. 1 S. 1 lit. c GDPR, and 
  • as far as this is legally permissible and necessary according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you. 

In addition, we use external service providers for the execution of our services, which we have carefully selected and commissioned in writing, and with which we have concluded data processing agreements if necessary according to Art. 28 GDPR. They are bound by our instructions and are regularly monitored by us. These are service providers for web hosting, sending emails, and maintenance and care of our IT systems, etc. The service providers will not pass on this data to third parties. 

Data Processing in Third Countries 

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EAA)) or this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this will only be done in compliance with our contractual or legal obligations. 

Subject to legal or contractual permissions, we process or let the data be processed in third countries only with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR). 

For the USA, an adequacy decision of the EU Commission according to Art. 45 Para. 1 GDPR exists for companies with certification under the EU-U.S. Data Privacy Framework. For potential transfers to other third countries outside the EU and the EEA for which no adequacy decision of the EU Commission exists, standard data protection clauses according to Art. 46 Para. 2 lit. c GDPR are also agreed upon. These oblige the recipient of the data in the third country to process the data according to the protection level in Europe. Further information can be found on the information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en. 

Automated Decision-Making (Profiling) 

Automated decision-making or profiling according to Art. 22 GDPR does not take place. 

Your Rights 

Below you will find information on the rights of data subjects which the current data protection law grants you against the controller with regard to the processing of your personal data: 

The right to request information about your personal data processed by us according to Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, limitation of processing, or objection, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. 

The right according to Art. 16 GDPR to demand the immediate correction of incorrect or complete personal data stored by us. 

The right according to Art. 17 GDPR to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims. 

The right according to Art. 18 GDPR to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion, and we no longer need the data, but you need it to assert, exercise, or defend legal claims or you have objected to the processing according to Art. 21 GDPR. 

The right according to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request the transfer to another controller. 

The right to complain to a supervisory authority according to Art. 77 GDPR. As a rule, you can contact the supervisory authority of our above-mentioned seat, or if applicable, your usual place of residence or workplace. 

Right to revoke consent granted according to Art. 7 Para. 3 GDPR: You have the right to revoke consent to the processing of data at any time with effect for the future. In the case of revocation, we will delete the affected data immediately, provided that further processing cannot be based on a legal basis for consentless processing. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. 

Right to Object 

If your personal data is processed by us based on legitimate interests according to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right according to Art. 21 GDPR to object to the processing of your personal data, provided there are reasons for this arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right of objection without the requirement of stating a particular situation. If you would like to exercise your right of revocation or objection, an email to dataprotection@onedata.de is sufficient. 

Reservation of the Right to Change 

We reserve the right to adjust or update this privacy policy if necessary in accordance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and take into account changes in our services, e.g., when introducing new services. The most current version applies to your visit. 

Status: March 14, 2024