vjoon Privacy Statement according to GDPR
1. Name and address of the responsible party for processing
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:
Kieler Straße 103-107, Haus D
PHONE +49 (0) 40 55 69 50 – 0
2. Name and address of the data protection officer
The data protection officer of the controller:
Fachenfelder Weg 84
3. General information on data processing
3.1 Scope of processing of personal data
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.
3.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
3.3 Data erasure and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
There are different types of cookies: temporary cookies are deleted after the browser is closed, permanent cookies are retained for a specified period of time and can make the stored information available when the online offer is called up again.
Cookies are used to facilitate the use of the service. For example, vjoon uses so-called session cookies to recognize that a user has already visited individual pages of our website. These are automatically deleted after leaving the online offer. In addition, vjoon also uses temporary cookies that are stored on the user’s device for a specified period of time in order to optimize user-friendliness. If the user visits the vjoon website again, it is automatically recognized that he or she has already visited our site and what entries and settings he or she has made so that he or she does not have to enter them again.
The data processed by cookies is required for the above-mentioned purposes in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f GDPR.
5. Creation of log files
Each time you visit the Website, vjoon collects data and information through an automated system. These are stored in the log files of the server.
The following data can be collected:
(1) Information about the browser type and version used
(2) The IP address of the user
(3) Date and time of access
The processing of the data serves to deliver the contents of our website and to guarantee the functionality of our information technology systems. The data of the log files are always stored separately from other personal data of the users.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The IP address of the user will remain stored for a maximum of one month. An evaluation of the data for marketing purposes does not take place in this context.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
6. Registration on our website
If the data subject uses the possibility of registering on the website of the controller, providing personal data, the data shall be transmitted to the controller in the relevant input mask. The data are stored exclusively for the purpose of internal use by the data controller. During registration, the user’s IP address and the date and time of registration are stored.
This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on.
Registration of the data is required for the provision of content or services. Registered persons have the possibility to delete or modify the stored data at any time. The person concerned receives information about the personal data stored about him or her at any time.
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
6.1 Press distribution list registration
vjoon only sends out press releases via the press distribution list. If you would like to receive press releases from vjoon, vjoon requires an e-mail address and information that you agree to receive the press releases. Subscription to the press distribution list is via the double opt-in procedure. vjoon will send you a confirmation e-mail after your registration, which contains a link that you must click to complete your subscription to the press distribution list. vjoon uses your data exclusively for sending press releases. If you no longer wish to receive e-mail messages from vjoon, you may revoke your permission at any time. To be removed from the vjoon email list or vjoon registration database, an email message is sufficient.
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The vjoon newsletter informs you about vjoon products, blog posts, webinars, events and other interesting, industry-related topics.
If you would like to receive the newsletter offered on the website, vjoon requires an e-mail address and information from you that you agree to receive the newsletter. If you subscribe to our company’s newsletter, the data will be transmitted in the respective input mask to the person responsible for processing.
Subscription to the newsletter is via the double opt-in procedure. After registering, you will receive a confirmation e-mail containing a link that you must click to complete your subscription to the newsletter. When registering for the newsletter, the IP address of the user and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on.
The data will be used exclusively for sending the newsletter and for its performance measurement. The subscription to the newsletter can be cancelled by the person concerned at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose there is a corresponding link in every newsletter.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR.
8. Possibilities to contact us
On vjoon’s website there is a contact form that can be used for electronic contact to request product demos. Alternatively, you can contact us via the e-mail addresses provided. If the data subject contacts the controller through one of these channels, the personal data transmitted by the data subject shall be stored automatically. This data is stored solely for the purpose of processing or contacting the person concerned. The data will be passed on to third parties as part of the processing of your enquiry. In order to forward your request to the right partner and to ensure an optimal preparation of your request, we need further data in addition to your e-mail address. This includes first name, surname, company and country. These data are marked as mandatory fields. The underlying purpose corresponds to the legitimate interest of vjoon, Art. 6 para. 1 lit. f GDPR.
9. Routine deletion and blocking of personal data
The controller shall process and store the personal data of the data subject only for as long as is necessary to achieve the purpose of the data retention. Furthermore, data may be stored insofar as this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.
As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
10. Rights of the data subject
If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
10.1 Right to information
You can ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request the following information from the person responsible:
a. the purposes for which the personal data are processed;
b. the categories of personal data processed;
c. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
d. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
e. the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. any available information on the origin of the data if the personal data are not collected from the data subject;
h. the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
10.2 Right to correction
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
10.3 Right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
a. if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
b. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
c. the data controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
d. if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
10.4 Right to cancellation
10.4.1 You may require the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
c. You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for processing or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
d. The personal data concerning you have been processed unlawfully.
e. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
f. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
10.4.2 If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
10.4.3 The right to cancellation does not exist if the processing is necessary
a. the exercise of freedom of expression and information;
b. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
c. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
e. to assert, exercise or defend legal claims.
10.5 Right to information
If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
The person responsible shall have the right to be informed of such recipients.
10.6 Right to Data Transferability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that
a. processing is based on consent pursuant to Art. 6 para. 1 lit. a DS GMO or Art. 9 para. 2 lit. a DS GMO or on a contract pursuant to Art. 6 para. 1 lit. b DS GMO and
b. processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
10.7 Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
10.8 Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
10.9 Automated decision in individual cases including profiling
They shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect vis-à-vis it or significantly affects it in a similar manner. This does not apply if the decision
a. is necessary for the conclusion or performance of a contract between you and the person responsible,
b. is admissible by law of the Union or of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
c. with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in a. and c., the person responsible takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.
10.10 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
11. Passing on the data to third parties
11.1 Newsletter and customer data
We use third-party software to send and track our newsletters. The personal data will be treated strictly confidential by us and by the provider of the newsletter software and will not be passed on to third parties. An order data processing contract within the meaning of Art. 28 GDPR exists between vjoon as client and the contractor.
11.2 Social Media Plugins
vjoon uses social plugins from the social networks Facebook, Twitter, LinkedIn, Google (YouTube iFrame) and XING in its online offering on the basis of Art. 6 para. 1 p. 1 lit. f GDPR in order to make itself better known. The underlying advertising purpose corresponds to the legitimate interest of vjoon, art. 6 par. 1 lit. f GDPR. Responsibility for the data protection-compliant operation of social networks must be guaranteed by their respective providers.
The integration of these plug-ins by the provider takes place by means of the so-called two-click method in order to protect the users in the best possible way. This means that when a user visits our site, no personal data is initially transmitted to the providers of the plugins. Users can recognize the provider of the plugin by the marking on the box above its initial letter or the respective logo (e.g. for Facebook: white “f” on blue tile or a “thumbs up” sign). We offer users the possibility to communicate directly with the provider of the plug-in via the button. Only if a user clicks on the marked field and thereby activates it, the plug-in provider receives the information that a user has accessed the corresponding website of our online offer. In addition, personal data (in particular the IP address) will then be transmitted to the provider of the respective plugin. In the case of Facebook and Xing, the IP address is anonymized immediately after collection, according to the respective provider in Germany. By activating the plugin, personal user data is transferred to the respective plugin provider and stored there (for US providers in the USA). Since the plugin provider collects data particularly via cookies, we recommend that users delete all cookies before clicking on the grayed out box via the security settings of their browser.
vjoon has no influence on the collected data and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods of the plug-in providers. We also have no information on the deletion of the data collected by the plug-in provider.
The respective plug-in provider stores the data collected about users of our online offer as user profiles and uses these for purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about the activities of the users on our website. Users have a right of objection to the creation of these user profiles, whereby a user must contact the respective plug-in provider directly to exercise this right. Through the plugins we offer users the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for our users.
The data transfer is independent of whether users have an account with the plug-in provider and are logged in there. If users are logged in with the plugin provider, their data collected by us will be directly assigned to their existing accounts with the plugin provider. If a user presses the activated button and e.g. links the page, the plugin provider also stores this information in the relevant user account and communicates it publicly to the user’s contacts. We therefore recommend that you log out regularly after using a social network, but especially before activating the button, as this avoids any assignment to the profile with the plug-in provider.
Further information on the purpose and scope of data collection and its processing by the plug-in providers is contained in the data protection declarations of these providers notified below. There you will also find further information on the rights of users and the setting options for the protection of privacy within these networks.
a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc. 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; www.xing.com/privacy.
d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
e) Google Inc. (YouTube), 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
12. Web analysis by Matomo (formerly Piwik)
12.1 Scope of processing of personal data
On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer (for cookies see point 4). If individual pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the user’s calling system
(2) The accessed website
(3) The website from which the user has accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessed
The software runs exclusively on the servers of our website. The personal data of users is only stored there. The data will not be passed on to third parties.
The software is set so that the IP addresses are not completely stored, but 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). In this way it is no longer possible to assign the shortened IP address to the calling computer.
12.2 Legal basis for the processing of personal data
The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.
12.3 Purpose of data processing
The processing of users’ personal data enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 Para.1lit.f GDPR. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.
12.4 Duration of storage
The data is stored for a total of 393 days.
12.5 Possibility of objection and elimination
We offer our users on our website the possibility of an opt-out from the analysis procedure. The link for this can be found in the footer next to the imprint (opt-out for user statistics). This link disables web tracking for the website as well as for the blog. In this way, another cookie is placed on your system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.
13. Data protection information for applicants
Responsible in terms of data protection law is:
Fachenfelder Weg 84
You will find further information about our company, details of the authorised representatives and other contact details in our imprint on our website: https://vjoon.com/legal-information/imprint/
13.1 Which data do we process? And for what purposes?
We process the data you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application procedure.
13.2 On what legal basis is this based?
The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG in the version valid from 25.05.2018. It allows the processing of data required in connection with the decision to establish an employment relationship.
Should the data be necessary for legal prosecution after completion of the application procedure, data may be processed on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. We are then interested in asserting or defending claims.
13.3 How long is the data stored?
Candidate data will be deleted after six months in the event of rejection.
In the event that you wish your personal data to be stored further, please let us know. We will then transfer your data to our applicant pool. There the data will be deleted after two years. If you have won a job during the application process, the data from the applicant data system will be transferred to our personnel information system.
13.4 To which recipients will the data be passed on?
The applicant data is forwarded to the HR department for review and verification. A passing on to third parties or to a service provider does not take place. Suitable applications are then forwarded internally to the department heads for the respective open position. Then the further procedure is coordinated. In the company, only those persons have access to your data who need this for the proper course of our application procedure.
13.5 Where is the data processed?
The data are processed exclusively in data centers of the Federal Republic of Germany.
13.6 Your rights as “data subjects“
You have the right to information about the personal data processed by us to your person. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be. Furthermore, you have a right to correction or deletion or to restriction of the processing, insofar as you are legally entitled to do so. Furthermore, you have a right of objection against the processing within the framework of legal requirements. The same applies to a right to data transferability.
13.7 Right of appeal
You have the right to complain to a data protection supervisory authority about our processing of personal data.