Privacy policy
We welcome you to our websites and appreciate your interest. The protection of your personal data is important to us. Therefore, we conduct our activities in accordance with applicable laws and regulations regarding the protection of personal data and data security. We would like to inform you below about the data of your visit and its purposes.
The following data is a translation from our German privacy policy website. Therefore, in legal matters, the German translation serves as the basis.
Controller for data processing under the GDPR
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws applicable in the member states of the European Union and other provisions with data protection character is:
collana hive GmbH
Borselstr. 20
22765 Hamburg
Data Protection Officer
Nils Möllers
Keyed GmbH
info@keyed.de
+49 (0) 25 05 – 63 97 97
https://keyed.de
What are personal data?
The term “personal data” is defined in the Federal Data Protection Act and the EU General Data Protection Regulation (GDPR). It refers to individual information about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, your civil name, address, telephone number, or date of birth. Learn more about what data protection is exactly.
Scope of anonymous data collection and processing
Unless otherwise stated in the following sections, no personal data is generally collected, processed or used when our websites are used. However, we learn certain technical information through the use of analysis and tracking tools based on the data transmitted by your browser (e.g., browser type/version, operating system used, websites visited by us including duration of stay, previously visited website). We only evaluate this information for statistical purposes. We only evaluate this information for statistical purposes.
Relevant legal bases for processing personal data
a. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. 1 lit. a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
b. In processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. 1 lit. b) DSGVO als Rechtsgrundlage. This also applies to processing operations necessary for carrying out pre-contractual measures.
c. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. 1 lit. c) GDPR serves as the legal basis.
d. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. 1 lit. d) GDPR serves as the legal basis.
e. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. 1 lit. f) GDPR serves as the legal basis for the processing.
Use of cookies
The websites of collana hive GmbH use cookies. Cookies are data that are stored by the Internet browser on the user’s computer system. The cookies can be transmitted to this page when it is called up and thus allow the user to be assigned. Cookies help to simplify the use of internet pages for users.
It is always possible to object to the setting of cookies by making the appropriate change in the browser setting. Set cookies can be deleted. Please note that if cookies are deactivated, not all functions of our website may be fully available. The data collected in this way from users are pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users. When our website is called up, When our website is called up, users are informed by an information banner about the use of cookies for analytical purposes and referred to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. 1 lit. f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his or her consent in this regard, is Art. 1 lit. a) GDPR. Please refer to our cookie banner and our notes in this privacy policy to determine whether and to what extent cookies are used on our website.
Real cookie banner
Description and purpose
This website uses the cookie consent technology “real cookie banner” from devowl.io GmbH to obtain your consent for the storage of certain cookies on your device and to document and record this in compliance with data protection regulations. As soon as you enter this website, the following personal data is transferred to real cookie banner:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser (http agent, http referrer)
- Information about your device
- Time of your visit to the website
The following additional data is added:
- Opt-in and opt-out data
- Referrer URL
- User agent
- User settings
- Consent ID and Consent number
- Information whether implicit or explicit consent exists
- Time (date and time) of consent
- Type of consent
- Template version
- Banner language
Furthermore, Real Cookie Banner stores a cookie in your browser to assign the granted consents or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Real Cookie Banner cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
Legal basis
Real cookie banner is used to obtain the legally required consents for the use of cookies. The legal basis for processing your personal data is Art. 6 Para. 1 lit. 1 lit. c) GDPR.
Recipient
The recipient of your personal data is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.
Transfer to third countries
There is no transfer of your personal data to a third country.
Duration of data storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In addition, the data will be deleted if you assert your right to deletion in accordance with Art. 17 Para. 1 GDPR.
Contractual and legal obligation
Those personal data must be provided which we are legally obliged to collect (or) the provision of this data is necessary to fulfil a legal obligation. The legal obligation is determined by Union law or the law of the Member States to which the controller is subject. The legal obligation arises in this case from: § 25 Para. 1 TTDSG in conjunction with Art. 7 GDPR. Failure to provide the data would mean that this legal obligation cannot be met.
Further data protection information
Further information on the processing of your personal data can be found here: https://devowl.io/en/privacy-policy/
Google Analytics und conversion tracking
Description and purpose
This website uses the service “Google Analytics”, which is offered by Google LLC, for the analysis of website usage by users. The service uses “cookies” – text files which are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If necessary, Google Analytics on this website will use the code “gat._anonymizeIp();” to ensure an anonymised collection of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. As part of the agreement on order processing, which the website operators have concluded with Google LLC, this company creates an evaluation of website use and website activity using the collected information and provides services related to internet use.
Legal basis
The legal basis for processing your personal data is Art. 6 Para. 1 lit. 1 lit. a) GDPR, if the anonymized data collection does not take place using the code “gat._anonymizeIp”. . Otherwise, especially in the case of the use of “gat._anonymizeIp”, Article 6 1 lit. f) GDPR is the legal basis. Our predominant legitimate interest lies in the hosting of this website.
Recipient
The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
Transfer to third countries
Personal data is transferred to the USA. This transfer is made subject to suitable guarantees according to Art. 46 GDPR. We have concluded standard contract clauses according to Art. 46 2 lit. c) GDPR with the data importer. In addition, we are aware of our responsibility and, if necessary, take further measures to protect the rights and freedoms of natural persons, which ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In addition, the data will be deleted if you assert your right to deletion in accordance with Art. 17 Para. 1 GDPR.
Revocation and Objection
You have the right to revoke your consent to non-anonymized data collection at any time, see Art. 7 3) 1 GDPR. This can be done informally and without giving reasons, and takes effect for the future. The revocation of consent does not affect the legality of the processing carried out up to the time of revocation. Further information on this can be found further up in our privacy policy under “Rights of the data subjects”.
In the case of anonymized data collection, you have the right to object to the processing of your personal data at any time according to Art. 21 1 GDPR If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found further up in our privacy policy under “Rights of the data subjects”.
Contractual and Legal Obligation
There is no contractual or legal obligation to provide the data.
Further data protection information
Further information on the processing of your personal data can be found here:
Google Tag Manager
Description and purpose
We use the Google Tag Manager (Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. The Google Tag Manager allows us to manage website tags via an interface and is a cookie-free domain that does not collect personal information but can trigger other tags that collect data. Google pseudonymizes the data and the IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Legal basis
The legal basis for processing your personal data is Art. 6 Para. 1 lit. 1 lit. a) GDPR.
Recipient
The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
Transfer to third countries
Personal data is transferred to the United States. This transfer is made subject to suitable guarantees according to Art. 46 GDPR. To this end, we have concluded, as far as necessary, suitable guarantees according to Art. 46 2 GDPR with the data importer. In addition, we are aware of our responsibility and, if necessary, take further measures to protect the rights and freedoms of natural persons, which ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In addition, the data will be deleted if you assert your right to deletion in accordance with Art. 17 Para. 1 GDPR.
Revocation
You have the right to revoke your consent at any time, cf. Art. 7 Para. 3) 1 GDPR. This can be done informally and without giving reasons, and takes effect for the future. The revocation of consent does not affect the legality of the processing carried out up to the time of revocation. Further information on this can be found further up in our privacy policy under “Rights of the data subjects”.
Contractual and Legal Obligation
There is no contractual or legal obligation to provide the data.
Further data protection information
You can find more information about the processing of your personal data here: https://policies.google.com/privacy?hl=de&gl=de
Bee:anca Help Chat
Description and purpose
We have integrated a Help Center on our website to provide customers and those interested in our services with the easiest possible access to all questions relating to our products. The Help Center is based on the “Zendesk” structures of Zendesk Inc, 989 Market Street, San Francisco, CA 49130, USA. When you access our Help Center, your personal data is also processed. The processed data is necessary for the technical provision of the Help Center and includes data such as the IP address, log files and the user’s browser type.
Legal basis
The basis for the processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to provide our customers and interested parties with all information about our product in a clear and concise manner. This enables us to provide simple solutions to existing problems or questions from customers. This represents an efficient and economical customer support solution for us.
Recipient
The recipient of the data is the operator of the website and Zendesk Inc, 989 Market Street, San Francisco, CA 49130, USA.
Transmission to third countries
Data is transferred to the United States. Zendesk is certified under the new Data Privacy Framework and thus fulfills the appropriate guarantee under Art. 45 para. 1 GDPR for the secure transfer of data to a third country. We have also taken additional technical and organizational measures to protect your data in the best possible way.
Duration of data storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Contractual or legal obligation
The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract.You are also not obliged to provide the personal data.However, failure to provide it may mean that you will not be able to use our website or will not be able to use it to its full extent.
Further data protection
information via link
You can find more information about Zendesk athttps://www.zendesk.de/company/agreements-and-terms/privacy-policy/
Bee:anca Help Chat
Description and purpose
On this website we use our chat Bee:anca. This chatbot was created with “Zendesk” from Zendesk Inc, 989 Market Street, San Francisco, CA 49130, USA. The chat provided serves to give potential interested parties and existing customers easy access to the information they need about our products and services. Suitable contributions from our website are provided via chat for their inquiries. In addition, the help center can be accessed via the chat and a page for booking appointments for demo presentations can be called up for those interested in our services. When using the chatbot, only technically necessary data such as the IP address is processed.
Legal basis
For cases in which contact is made via chat for the purpose of contractual or pre-contractual measures, Art. 6 para. 1 lit. b) GDPR is the relevant legal basis. In all other cases, your consent pursuant to Art. 6 para. 1 lit. a) GDPR applies.
Recipient
The recipient of the data is the operator of the website and Zendesk Inc, 989 Market Street, San Francisco, CA 49130, USA. Within the chat, depending on the action you take, you may also be redirected to external pages, such as those of our CRM provider, for example to arrange a demo appointment.
Transfer to third countries
Data is transferred to the United States. Zendesk is certified under the new Data Privacy Framework and thus fulfills the appropriate guarantee under Art. 45 para. 1 GDPR for the secure transfer of data to a third country. We have also taken additional technical and organizational measures to protect your data in the best possible way.
Duration of data storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data.
Possibility of revocation
You have the option of withdrawing your consent to data processing within the meaning of Art. 6 para. 1 lit. a) at any time. Withdrawal does not affect the effectiveness of data processing operations carried out in the past.
Contractual or legal obligation
The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to do so may mean that you will not be able to use our website or will not be able to use it to its full extent.
Further data protection information via link
You can find more information at: https://www.zendesk.de/company/agreements-and-terms/privacy-policy/
Creation of log files
With every visit to the website, collana hive GmbH collects data and information through an automated system. These are stored in the server’s log files. The data is also stored in our system’s log files. These data are not stored together with other personal data of the user.
The following data can be collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website (referrers)
- Websites accessed by the user’s system via our website
Duration of Personal Data Storage
ersonal data is stored for the duration of the respective legal retention period. After the expiration of this period, the data is routinely deleted, unless it is necessary for initiating a contract or fulfilling a contract.
Comment function
If users leave comments on the blog, the username chosen by the website visitor is also stored along with the information provided by them via the input form. This serves the security of the provider, as the provider can be held liable for illegal content on its website, even if this content is posted by third parties via comments.
Contact options
There is a contact form on the collana hive GmbH websites that can be used for electronic contact. Alternatively, contact can be made via the provided e-mail address. If the person concerned contacts the person responsible for processing via one of these channels, the personal data transmitted by the person concerned are automatically stored. The storage serves solely for the purpose of processing or making contact with the person concerned. There is no transfer of this data to third parties. The legal basis for the processing of the data, if the user has given his consent, is Art. 6 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 1 lit. f) GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 1 lit. b) GDPR. The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is considered finished when it can be inferred from the circumstances that the matter in question has been finally clarified.
Newsletter
If the newsletter of our company is subscribed to, the data in the respective input form is transmitted to the person responsible for processing. In addition, the data is transmitted to our newsletter provider, Hubspot Inc. You can find more about HubSpot in the “HubSpot” section. The registration for our newsletter is done in a so-called double opt-in process. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are saved. This serves to prevent misuse of the services or the e-mail address of the person concerned.
The data is not passed on to unauthorized third parties. For the purpose of sending the newsletter, the data is transmitted to providers of newsletter services. übermittelt. An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the person concerned at any time. Likewise, consent to the storage of personal data can be revoked at any time with effect for the future. For this purpose, a corresponding link can be found in every newsletter. The legal basis for the processing of data after the user’s registration for the newsletter, if the user has given his consent, is Art. 6 para. 1 lit. a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is §7 para. 3 UWG.
Registration on our website
If the person concerned takes the opportunity to register on the website of the person responsible for processing by providing personal data, the data entered in the respective input mask is transmitted to the person responsible for processing. The data is stored exclusively for internal use by the person responsible for processing. The data will be deleted as soon as they are no longer necessary for the purpose of their collection. When registering, the user’s IP address and the date and time of registration are stored. This is done to prevent misuse of the services. The data will not be passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The registration of the data is necessary for the provision of content or services. Registered persons have the possibility to have the stored data deleted or modified at any time. The person concerned has the right to receive information about their stored personal data at any time.
Hubspot
Description and purpose
We use HubSpot (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland) for our online marketing activities. With the registration service, we collect contact information and other personal data from our visitors and store them on our software partner HubSpot’s servers in the EU. Hubspot serves as our central CRM software, which means that personal data concerning you is stored in the system when you use or are interested in our services. The data includes:
- First and last name
- E-mail address
- Phone number
- Company name
- Job title
HubSpot also provides us with additional website features, such as the newsletter or the appointment scheduling function. In this context, your personal data will be processed as described here.
he use of HubSpot serves the purpose of managing and maintaining our business relationship with you and to offer and improve our products and services.
Legal basis
The legal basis for processing your personal data is Art. 6 Para. 1 lit. 1 lit. a) GDPR (for processing you have actively agreed to, including the newsletter), Art. 6 lit. b) GDPR (for processing within the framework of pre-contractual measures or performance of the contract for the use of our products and services) Art 6 1 lit. f) GDPR. Our legitimate interest in using this service is to improve our service, optimize our customer service, and manage our contact data.
Recipient
The recipient of your personal data is, besides the responsible body, HubSpot (2nd Floor 30 North Wall Quay, Dublin 1, Ireland). In addition, data is passed on to the providers of electronic signatures as part of offers.
Transfer to third countries
We have chosen an EU location for storing personal data with Hubspot. However, we are aware of our responsibility and have therefore agreed on standard contractual clauses with the provider HubSpot. In addition, we take further measures to protect the rights and freedoms of natural persons, if necessary, to ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In addition, the data will be deleted if you assert your right to deletion in accordance with Art. 17 Para. 1 GDPR.
Revocation and objection
In the cases of processing based on Art. 6 para. 1 lit. a) GDPR, you have the right to revoke your consent at any time, see Art. 7 para. 3) 1 GDPR. This can be done informally and without giving reasons, and takes effect for the future. The revocation of consent does not affect the legality of the processing carried out up to the time of revocation. Further information on this can be found further up in our privacy policy under “Rights of the data subjects”.
In the cases of processing based on Art. 6 para. 1 lit. f) GDPR, you have the right to object to the processing of your personal data at any time in accordance with Art. 21 para 1 GDPR If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found further up in our privacy policy under “Rights of the data subjects”.
Contractual and Legal Obligation
There is no contractual or legal obligation to provide the data.
Further data protection information
Further information on the processing of your personal data can be found here: https://legal.hubspot.com/en/privacy-policy
Routine Deletion and Blocking of Personal Data
The data controller processes and stores personal data of the data subject only as long as this is necessary for the purpose of storage. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other regulations to which the data controller is subject. As soon as the storage purpose is omitted or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
Rights of the Data Subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights against the data controller:
Right of Access according to Art. 15 GDPR
You can request confirmation from the data controller as to whether we are processing personal data that affects you. If such processing is taking place, you can request information from the data controller about the following information:
a. the purposes for which the personal data is processed;
b. the categories of personal data which are processed;
c. the recipients or the categories of recipients to whom your personal data has been or will be disclosed;
d. the planned duration of storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
e. the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the data controller, or a right to object to such processing;
f. the existence of a right to lodge a complaint with a supervisory authority;
g. all available information about the origin of the data if the personal data is not collected from the data subject;
h. the existence of automated decision-making, including profiling, according to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisaged impact of such processing for the data subject.
You have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.
Right to Rectification according to Art. 16 GDPR
You have a right to rectification and/or completion against the data controller, provided that the processed personal data concerning you is incorrect or incomplete. The data controller must make the correction immediately.
Right to Deletion according to Art. 17 GDPR
(1) You can request the data controller to delete your personal data immediately, and the data controller is obliged to delete this data immediately if one of the following reasons applies:
a. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
b. You revoke your consent on which the processing was based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
c. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
d. The personal data concerning you has been processed unlawfully.
e. The deletion of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
f. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
(2) If the data controller has made your personal data public and is obliged to delete it in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical ones, taking into account the available technology and the costs of implementation, to inform data controllers who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
(3) The right to deletion does not exist insofar as processing is necessary
a. for exercising the right to freedom of expression and information;
b. for compliance with a legal obligation which requires processing under the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right mentioned in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
e. for the establishment, exercise or defense of legal claims.
Right to restriction of processing according to Art. 18 GDPR
Under the following conditions, you can request the restriction of processing of your personal data:
a. if you dispute the accuracy of your personal data for a period that allows the data controller to verify the accuracy of the personal data;
b. the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
c. the data controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims, or
d. if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, this data may – apart from its storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the processing has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.
Right to information according to Art. 19 GDPR
If you have asserted the right to correction, deletion or restriction of processing to the data controller, they are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the data controller.
Right to data portability according to Art. 20 GDPR
You have the right to receive your personal data that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to transfer this data to another data controller without hindrance from the data controller to whom the personal data was provided, if
a. the processing is based on consent according to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract according to Art. 6 para. 1 lit. b) GDPR and
b. the processing is carried out using automated processes. In exercising this right, you also have the right to have your personal data transferred directly from one data controller to another data controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object according to Art. 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. The data controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the opportunity, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
Right to revoke the data protection consent declaration according to Art. 7 para. 3 GDPR
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged informs the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 77 GDPR.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a. is necessary for the conclusion or performance of a contract between you and the controller,
b. is permissible due to legislation of the Union or of the Member States to which the data controller is subject, and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
c. is carried out with your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and appropriate measures to protect the rights and freedoms and your legitimate interests have been taken.
With regard to the cases mentioned in a. and c., the data controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which at least include the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Integration of other services and content from third parties
Description and purpose
It may occur that within this online offer content from third parties, such as videos, fonts or graphics from other websites are included. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the users. Because without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore necessary for the presentation of this content. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. However, we have no control over whether the third-party providers store the IP address e.g. for statistical purposes. As far as we are aware of this, we inform the users. Through these integrations, we want to provide and improve our online offer.
Legal basis
The legal basis for the integration of other services and content from third parties is Art. 6 para. 1 lit. f) GDPR. Our predominant legitimate interest lies in the intention of an appropriate presentation of our online presence and user-friendly and economically efficient services on our part. Further information can be found in the respective privacy statements of the providers.
Contractual or legal obligation to provide personal data
The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, the non-provision could mean that you may not be able to use this function or not fully.
Data transfer to third countries
The data controller may transfer personal data to a third country. Basically, the controller can ensure through various suitable guarantees that an appropriate level of protection for the processing is achieved. It is possible to transfer data on the basis of an adequacy decision, internal data protection rules, approved codes of conduct, standard data protection clauses or an approved certification mechanism according to Art. 46 para. 2 lit. a) – f) GDPR.
If the data controller carries out a transfer to a third country on the legal basis of Art. 49 para. 1 a) GDPR, you will be informed here about the possible risks of a data transfer to a third country.
There is a risk that the third country receiving your personal data may not provide a level of protection equivalent to the protection of personal data in the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the respective third country or if certain agreements between the European Union and the respective third country are declared invalid. Specifically, there are risks in some third countries regarding effective protection of EU fundamental rights through the use of surveillance laws (for example USA). In such a case, it is the responsibility of the controller and the recipient to assess whether the rights of the data subjects in the third country enjoy an equivalent level of protection as in the Union and can also be effectively enforced.
However, the General Data Protection Regulation should ensure that the level of protection for natural persons guaranteed throughout the Union is not undermined when personal data is transferred from the Union to controllers, processors or other recipients in third countries or international organisations, even if personal data is transferred from a third country or an international organisation to controllers or processors in the same or another third country or the same or another international organisation.
Additional Features of the Website
Applications (training & job offers)
By submitting their application to us, applicants agree to the processing of their data for the purpose of the application process in accordance with the nature and extent set out in this privacy policy. Applications are forwarded for processing to the human resources managers of our parent company, collana IT GmbH, Lise-Meitner-Str.14, D-24941 Flensburg. The legal basis for the processing of applicant data is Art. 88 GDPR, § 26 BDSG-new, and Art. 9 para. 2 lit. b) GDPR. If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily disclosed during the application process, their processing is additionally carried out according to Art. 9 para. 2 lit. b) GDPR (e.g., health data, such as severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application process, their processing is additionally carried out according to Art. 9 para. 2 lit. a) GDPR (e.g., health data, if necessary for professional practice). If provided, applicants can submit their applications to us using an online form on our website. The data is transferred to us encrypted according to the state of the art. Furthermore, applicants can submit their applications to us via email. However, please note that emails are generally not sent encrypted and applicants must ensure encryption themselves. Therefore, we cannot take responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or postal delivery. Because instead of application via online form and email, applicants still have the option to send us the application by mail. The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. The applicant’s data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion takes place after the expiry of a period of six months so that we can answer any follow-up questions about the application and fulfill our proof obligations under the General Equal Treatment Act. Invoices for any travel expense reimbursement are archived according to tax regulations.
YouTube
Description and purpose
We use the platform YouTube.com to post our own videos and make them publicly accessible. YouTube is an offering of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Some pages of our offer contain links or connections to the offer of YouTube. In general, we are not responsible for the content of websites to which we link. However, in case you follow a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g., personal information, IP address) according to its own data use policies and uses it for business purposes. We also directly embed videos stored on YouTube on some of our web pages. In this embedding, content from the YouTube website is depicted in parts of a browser window. However, the YouTube videos are only retrieved by separate clicking. This technique is also called “framing”. When you call up a (sub-)page of our internet offer on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the internet page by notifying your browser.
Legal basis
The legal basis for processing your personal data is Art. 6 Para. 1 lit. 1 lit. a) GDPR.
Recipient
The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Transfer to third countries
Personal data is transferred to the United States. This transfer is made subject to suitable guarantees according to Art. 46 GDPR. For this, we have concluded standard contractual clauses with the data importer. In addition, we are aware of our responsibility and, if necessary, take further measures to protect the rights and freedoms of natural persons, which ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In addition, the data will be deleted if you assert your right to deletion in accordance with Art. 17 Para. 1 GDPR.
Revocation
You have the right to revoke your consent at any time, cf. Art. 7 para. 3) 1 GDPR. This can be done informally and without giving reasons, and takes effect for the future. The revocation of consent does not affect the legality of the processing carried out up to the time of revocation. Further information on this can be found further up in our privacy policy under “Rights of the data subjects”.
Contractual and legal obligation
There is no contractual or legal obligation to provide the data.
Further data protection information
You can find more information on the processing of your personal data here: https://policies.google.com/privacy
Security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, data protection is continuously guaranteed by us through constant auditing and optimization of the data protection organization.
Conclusion
collana hive GmbH reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system as part of hellotrust, a brand of Keyed GmbH.
Whistleblower Protection Act
We do not tolerate unethical or criminal behavior in the workplace at our company. By setting up an internal reporting office, we can register any misconduct. Your notice will help us to identify and remedy violations at an early stage. If, at the time of reporting, there is sufficient reason to believe that the notice is correct, no negative consequences are to be expected for you.
As part of the implementation of the EU Directive on the protection for whistleblowers into national law, the German legislator has introduced the Whistleblower Protection Act (HinSchG). The aim of the HinSchG is to protect persons who have obtained information about violations during their professional activities and report them. In accordance with §16 (3) HinSchG, we have set up an internal reporting channel for this purpose, which can be accessed via compliance@collanahive.com. Violations must be noticed in accordance with §2 HinSchG.
Reports received via this channel are processed by the internal reporting office, which is staffed by three employees of the collana IT Group. Anonymous reports are also followed up.
The protection of confidentiality has top priority when processing incoming reports. Accordingly, the employees who are part of the internal reporting office have committed themselves to confidentiality in accordance with §8 and 9 HinSchG. Furthermore, they have the necessary specialist knowledge for this task in accordance with §15 (2) HinSchG.
Processing and handling of reports:
After receiving a notice, the reporting office must confirm it within seven days and provide information on planned or taken measures within three months (§17 HinSchG).
The notices received are checked by the internal reporting office to determine whether they fall within the material scope of application (§2 HinSchG) by initiating appropriate follow-up measures. To this end, internal investigations are first initiated, possible measures to rectify the problem are implemented and, if necessary, a responsible authority is involved (§18 HinSchG).
All incoming reports must be documented and stored for three years, unless there is a legal requirement for longer storage (§11 HinSchG).
In addition to the regulations of the HinSchG, the regulations of the EU GDPR also apply.
Information about external reporting offices:
Independently of the internal reporting office, the official authorities also process notices of criminal behavior. Every citizen is free to contact them as well.
The Federal Office of Justice is one of the external reporting offices in Germany responsible for you. If you would like to contact the Federal Office, you can do so at any time using the contact form or the email address below. You can also contact the Federal Office with your questions during business hours.
Contact:
Telephone: +49 228 99 410-40
Fax: +49 228 410-5050
Email: poststelle@bfj.bund.de
De-Mail: post@bundesjustizamt.de-mail.de
Business hours:
Mon. to Thurs.: 08:00h to 16:00h and Fri: 08:00h to 14:30h
There are other external reporting offices, e.g. at federal state level.
We would like to point out that you can instead also contact our company’s internal reporting channel described above.
