+49 89 452249-540 
E-Mail 
Privacy Policy
Information requirements according to Art. 12 ff. EU GDPR
I. Name and contact details of the responsible person
Your contact person as the responsible person within the meaning of the European Data Protection Regulation (“EU GDPR”) and other national data protection laws of the member states as well as other data protection regulations is:
Atreus GmbH
Landshuter Allee 8–10
80637 Munich Germany
Tel: +49 89 452249 540
Fax: +49 89 452249 599
Email: contact@atreus.de
(hereinafter referred to as “we”, “us” or “our”).
II. Contact details of the data protection officer
The protection of your personal data is of great importance to us. That is why our data protection officer is located globally at our parent company, Heidrick & Struggles International Incorporated. It comes from a highly experienced group of experts with many years of technical expertise.
Our data protection officer’s address is:
Heidrick & Struggles International Incorporated, Legal Department, Ms. Abby Schuster, 140 New Montgomery Street, 9th Floor, Suite 9008, San Francisco CA 94105, USA
If you have any questions about data protection and data security, please contact our data protection officer directly. Email: aschuster@heidrick.com/ Tel: +1 415 291 5287
III. General information on data processing
1. Scope
In principle, we only process your personal data insofar as this is necessary to make our website and our content and services available.
2. Legal basis
Insofar as we obtain your consent for the processing of your personal data, the legal basis for processing is Art. 6 (1) (1) (a) EU-GDPR.
If your personal data are processed in order to fulfill a contract with you or in the context of initiating a contractual relationship, the legal basis for the processing is Art. 6 (1) (1) (b) EU-GDPR.
Insofar as it is necessary to process personal data in order to fulfill a legal obligation incumbent on us, the legal basis for the processing is Art. 6 (1) (1) (c) EU-GDPR.
If your personal data are processed to safeguard our or a third party’s legitimate interests, whereby your interests, fundamental rights and freedoms do not outweigh the aforementioned interest, the legal basis for the processing is Art. 6 (1) (1) (f) EU-GDPR.
3. Storage period
Your personal data will be deleted as soon as the purpose for storage no longer applies or, if you have a right of revocation, you declare that you revoke your consent. Data may also be stored if this is stipulated by European or national legislators in union regulations, laws, or other provisions to which we are subject. In this case, however, your personal data will be restricted.
4. External links
If we provide links to external websites, this Privacy Policy does not apply to the processing of your personal data by the controller of the website linked. We therefore recommend that you read the data protection information on the other website. If this link requires a legal basis for the resulting processing of your personal data, this is constituted by your consent in accordance with Art. 6 (1) (1) (a) EU GDPR, which you provide by clicking on the link.
Usually, the following personal data are processed by clicking on the link (hyperlink):
- IP address;
- Display resolution;
- Browser used;
- Bandwidth;
- Language settings.
IV. Data processing on our website
1. Website functions
a. Provision of the website and creation of log files
(1) Description and scope
As part of the provision of our website, we process your personal data in order to enable error-free delivery of our website to your PC or mobile device. In some cases, your personal data has to be stored for the duration of a session.
We also temporarily store your personal data in log files to ensure the functionality of our website and the security of our IT systems. Your personal data will not be processed in any other way in log files.
The following personal data will be processed for the provision of the website and for the creation of log files:
- IP address;
- Date accessed;
- Time accessed;
- The website visited previously, if applicable;
- Browser used;
- Operating system used.
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to provide the website and to guarantee the functionality of the website and the security of the IT systems used for this purpose.
The purpose also serves our legitimate interest.
(4) Storage period
Your personal data will be stored in log files for the duration of the session or for a period of 30 days. In addition, your personal data will only be stored for the duration of the session as part of providing the website.
(5) Possibility of objection and deletion
It is absolutely necessary to process your personal data and store your personal data in log files to provide the website, guarantee the functionality of the website, and guarantee the IT systems used. Consequently, there is no possibility for you to object.
b. Technically necessary cookies
(1) Description and scope
In the context of technically necessary cookies, we process your personal data because many functions and services of our website that make it easier for you to use our website or enable you to use it in the first place do not function properly without cookies (“technically necessary cookies”).
We store some of your personal data on these technically necessary cookies, which are only used for these functions and services. Your personal data will not be processed in any other way.
A list of the technically necessary cookies we use, their purpose, storage period, and further information can be found in our cookie banner.
The following personal data are processed in the context of the use of technically necessary cookies:
- IP address;
- Your browser’s language settings;
- Browser used;
- Cart information.
(2) Legal basis
Legitimate interest, Art. 25 (2) German Telecommunications and Digital Services Data Protection Act (TDDDG) in conjunction with Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to provide the functions and services of our website.
The purpose also serves our legitimate interest.
(4) Storage period
As a rule, for the duration of the respective session, unless otherwise stated in the detailed information in the list of technically necessary cookies we use.
(5) Possibility of objection and deletion
Technically necessary cookies are stored on your PC or mobile device and transmitted from it to our website. As a user, you therefore have full control over the use of technically necessary cookies.
You can disable or restrict the transmission of cookies by changing the settings in your Internet browser. You can also delete cookies that have already been saved at any time. This can also be done automatically. If cookies are deactivated on our website, it may no longer be possible to use all functions of the website in full.
c. Technically unnecessary cookies
If technically unnecessary cookies are used as part of the functions and services of our website, you will find a list of these cookies, their purpose, storage period, and further information in our cookie banner.
d. Manager Portal
(1) Description and scope
We process your personal data in our Manager Portal as part of the provision of our services. We store the following personal data:
- Title;
- Title;
- First name;
- Last name;
- Nationality;
- Address;
- Email address;
- IP address;
- Date of birth;
- Telephone number;
- Job titles;
- Professional experience;
- Educational level;
- Expertise;
- Skills;
- Language skills;
- Certifications;
- Performance periods;
- Job as an interim manager;
- Interest in working as an interim manager;
(2) Legal basis
The legal basis for the processing of your personal data within the framework of the Manager Portal is Art. 6 (1) (b) EU GDPR.
(3) Purpose
Your personal data are processed as part of registration in the Manager Portal in order to create your account in the Manager Portal and to record it in our manager database.
(4) Storage period
Your personalized data will be deleted as soon as they are no longer required to achieve the processing purpose for which they were collected. This is the case at the latest in the event that your account in the Manager Portal is terminated or insofar as statutory retention periods no longer apply.
(5) Possibility of objection and deletion
You have the option to close your account in the Manager Portal at any time. In this case, your personal data will be deleted, unless statutory retention periods prevent this.
e. CV parser
(1) Description and scope
In order to provide our services, we process your personal data in a CV parser. We process the following personal data:
• salutation;
• title;
• first name;
• last name;
• address;
• email address;
• date of birth;
• telephone number;
• job titles;
• employment history;
• level of education;
• knowledge;
• skills;
• language skills;
(2) Legal basis
The legal basis for the processing of your personal data within the framework of the CV parser is Art. 6 (1) (f) EU GDPR.
(3) Purpose
In the context of CV parsing, your personal data is processed to transfer the data from the CV to our system.
(4) Storage period
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose of their processing or if statutory retention periods no longer apply.
(5) Possibility of objection and deletion
You have the option of objecting to the processing at personal@atreus.de at any time. In this case, your personal data will be deleted, unless statutory retention periods prevent this.
f. Podigee Podcast
(1) Description and scope
To display video and audio content, we include Podigee videos and audio content on our website. This allows us to depict content that we want to present to you attractively, uniformly, and independently of your device on our website. Podigee is a service provided by Podigee GmbH, Revaler Straße 28, 10245 Berlin, Germany.
The following personal data are processed as part of the integration of Podigee videos or audio content:
IP address;
Browser used;
Display resolution.
When the video and audio content is played, further personal data may be processed by Vimeo. For more information, please visit:
https://www.podigee.com/de/ueber-uns/datenschutz/
(2) Legal basis
The legal basis for the processing of your personal data in the context of Podigee Podcast is Art. 6 (1) (a) EU GDPR.
(3) Purpose
The purpose of processing your personal data is to publish our podcasts and to evaluate statistics about our podcast listeners. This allows us to make the marketing of our podcasts more effective and targeted.
Podigee is a service provided by Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. These statistics are compiled by Podigee GmbH and provided to us in pseudonymized or anonymous form.
(4) Storage period
Your personalized data will be deleted as soon as they are no longer required to achieve the processing purpose for which they were collected.
(5) Possibility of objection and deletion
If you do not want your personal data to be processed by Podigee GmbH, you have the option of revoking your consent at any time. You can do this specifically by ending the podcast and leaving the podcast blog.
g. Vimeo videos
(1) Description and scope
We embed Vimeo videos on our website in order to display video content. This allows us to depict content that we want to present to you on our website attractively, uniformly, and independently of your device. Vimeo is a service provided by Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA.
The following personal data are processed as part of the integration of Vimeo videos:
IP address;
Browser used;
Display resolution.
Further personal data may be processed by Vimeo when the video is played. For more information, please visit:
https://vimeo.com/privacy.
(2) Legal basis
Consent, Art. 6 (1) (a) EU GDPR.
(3) Purpose
The purpose of data processing is to integrate video content attractively, uniformly, and independently of your device.
(4) Storage period
We only process your personal data until the end of your visit to the website. We have no influence over Vimeo’s deletion of your personal data. More information is available at:
https://vimeo.com/privacy.
(5) Possibility of objection and deletion
You have the option to revoke your consent at any time. This revocation is carried out specifically by terminating the application and/or reloading the website.
We have no influence over data processing by Vimeo. You can find further information at:
https://vimeo.com/privacy.
h. Google Fonts
(1) Description and scope
We integrate Google Fonts into our website to display fonts. This allows us to depict text content that we want to present to you on our website attractively, uniformly, and independently of your device. Google Fonts is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
The following personal data are processed as part of the integration of Google Fonts:
IP address;
Browser used;
Operating system used.
(2) Legal basis
The legal basis for the processing of your personal data in the context of the integration of Google Fonts is Art. 6 (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is the appealing, uniform integration of text content independently of your device.
(4) Storage period
We only process your personal data until the end of your visit to the website. We have no influence over Google’s deletion of your personal data. More information is available at:
https://policies.google.com/privacy?hl=de.
(5) Possibility of objection and deletion
The processing of your personal data is absolutely necessary to provide the website and to ensure the functionality of the website. As a result, you do not have a possibility of objection.
We have no influence over data processing by Vimeo. You can find further information at:
https://policies.google.com/privacy?hl=de
i. Google reCAPTCHA
(1) Description and scope
As part of spam prevention and manipulation protection provided by “reCAPTCHA”, it is necessary that we process your personal data. In this way, we protect the input fields provided on our website, e.g., in the context of commenting and contact functions, against abusive content (“spam”) by robot programs (“bots”). Google reCAPTCHA is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The following personal data are processed as part of the integration of Google reCAPTCHA:
IP address;
Date accessed;
Time accessed;
The website visited previously;
Browser used;
Operating system used;
Mouse and keyboard behavior;
Date of your operating system;
Language settings of your operating system;
Display resolution.
Further personal data may be processed when using the Google reCAPTCHA service. For more information, please visit:
https://policies.google.com/privacy?hl=de&gl=de
(2) Legal basis
Consent, Art. 6 (1) (a) EU GDPR.
(3) Purpose
The purpose of data processing is to prevent spam and manipulation.
(4) Storage period
We only process your personal data until the end of your visit to our website.
We have no influence over Google’s storage of your data. Further information on Google’s storage period for your personal data can be found at:
https://policies.google.com/technologies/retention?hl=de&gl=de
(5) Possibility of objection and deletion
You have the option to revoke your consent at any time.
j. Event registration
(1) Description and scope
The following personal data are processed as part of the event registration:
- Title;
- Title;
- First name;
- Last name;
- Email address;
- Telephone number;
- Job as an interim manager;
- Interest in working as an interim manager.
(2) Legal basis
Consent, Art. 6 (1) (1) (a) EU-GDPR.
(3) Purpose
The purpose of data processing is to register for the desired event.
(4) Storage period
Your personal data will be stored until you unsubscribe from our newsletter.
(5) Right of objection and deletion
You have the option to revoke your consent at any time. You can contact us via mail@atreus.de or events@atreus.de.N.In this case, your personal data will be deleted, and we will no longer be able to take you into account when sending out our newsletter.
2. Making contact
a. Contact form and email contact
(1) Description and scope
The following personal data are processed as part of the contact form and email contact:
- Title;
- Title;
- First name;
- Last name;
- Email address;
- Telephone number;
- Job as an interim manager;
- Interest in working as an interim manager;
- Message content.
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to process your request.
(4) Storage period
Your personal data will be stored until the purpose is no longer valid. This usually occurs when your request has been processed unless longer retention periods are relevant.
(5) Possibility of objection and deletion
You have the option to object at any time to the processing of your personal data in order for us to contact you in the future. In this case, however, we will not be able to process your request further. All personal data stored in the course of contacting us will be deleted in this case, unless statutory retention periods prevent this. Your personal data will then be restricted until the end of the statutory retention periods.
3. Marketing
a. Newsletter
(1) Description and scope
The following personal data are processed to send our newsletter to you:
- Title;
- Title;
- First name;
- Last name;
- Email address;
- Company;
- Job as an interim manager.
(2) Legal basis
Consent, Art. 6 (1) (a) EU GDPR.
(3) Purpose
The purpose of processing your personal data is to send our newsletter to you.
(4) Storage period
Your personal data will be stored until you unsubscribe from our newsletter.
(5) Possibility of objection and deletion
You have the option of revoking your consent at any time. You can do this by unsubscribing from our newsletter. In this case, your personal data will be deleted, in which case we will no longer be able to take you into account when sending out our newsletter.
b. Direct marketing
(1) Description and scope
The following personal data are collected to send information, offers, and if necessary, to promote turnover through the sale of goods or services:
- First name;
- Last name;
- Gender;
- Job title;
- Position;
- Academic degree;
- Company name;
- Telephone number;
(2) Legal basis
The legal basis for the processing of your personal data in the context of direct marketing measures is either the consent given by you in accordance with Art. 6 (1) (a) EU GDPR or the legal permission in Art. 6 (1) (f) EU GDPR or Art. 7 (3) German Act Against Unfair Competition (UWG).
(3) Purpose
The purpose of processing your personal data in the context of direct marketing measures is to send information, offers, and where appropriate, to promote turnover through the sale of goods or services.
(4) Storage period
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose of their processing; this is the case, in particular, upon receipt of revocation or objection.
(5) Possibility of objection and deletion
You can revoke your consent to the processing of your personal data in the context of direct marketing measures at any time for the future or object to the processing.
C. Prize competitions
(1) Scope and description
On our website, we offer visitors the opportunity to participate in our prize competitions. Your personal data will be processed in the course of registering to participate in these prize competitions and conducting the prize competitions.
The following personal data are processed as part of conducting the prize competitions:
- Title;
- First name;
- Last name;
- Address;
- Email address;
- Telephone number.
(2) Legal basis
Performance of the contract, Art. (1) (1) (b) EU-GDPR.
(3) Purpose
The purpose of data processing is to fulfill the contract for participation in the competition.
(4) Storage period
Until the prize competition is completed.
(5) Possibility of objection and deletion
You have the option to object at any time to the processing of your personal data in the context of participating in prize competitions in the future. In this case, you will no longer be able to participate in the prize competition. In such cases, all personal data that was stored in the course of your participation in the prize competition will be deleted.
d. Web analysis by Matomo (formerly PIWIK)
(1) Description and scope
As part of the web analysis, we use the open-source software tool Matomo (formerly PIWIK) to analyze your browsing behavior. If individual pages of our website are accessed, the following data is stored:
- Two bytes of the IP address of the user’s accessing system;
- The webpage accessed;
- The website from which you accessed the website (referrer);
- The subpages accessed from the website accessed;
- The time spent on the website;
- The frequency with which the website is accessed.
The software runs exclusively on the servers of our website. The personal data of users is only stored there. Your data will not be disclosed to third parties.
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to analyze your browsing behavior. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously optimize our website and its user-friendliness.
(4) Storage period
The data will be deleted as soon as it is no longer needed for our recording purposes. In our case, this is the case after 3 months.
(5) Possibility of objection and deletion
You can object to the processing of your personal data as part of web analysis at any time in the future.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated on our website, it may no longer be possible to use all functions of the website in full.
Further information on the processing of your personal data by Matomo can be found at:
https://matomo.org/docs/privacy/
e. Social plug-ins
(1) Description and scope
On our website, we offer you the opportunity to like or comment on or share content and posts that we have integrated directly via the website.
The following personal data are processed as part of the integration of social plug-ins:
- IP address;
- Display resolution;
- Post shared;
- Username;
- Email address;
(2) Legal basis
Consent, Art. 6 (1) (a) EU GDPR.
(3) Purpose
The purpose of data processing is to comment on and share the content and posts that we have integrated into our website.
(4) Storage period
Your personal data will be stored for as long as you provide your consent.
(5) Possibility of objection and deletion
Your personal data will only be transferred to the social media platform if you click on the “Social plug-in”. You therefore have full control over the transfer of your personal data to the respective social media platform.
You have the option to revoke your consent at any time. You can do this by reversing your interaction with the “Social plug-in”.
4. Data protection and law
a. Exercise of your data subject rights in accordance with Art. 12 ff. EU GDPR
(1) Description and scope
We process your personal data as part of the processing of data subject rights. We process your contact details transmitted in this context exclusively to process and answer your message and for the subsequent documentation of the legally compliant processing within the framework of our accountability.
The following personal data are processed in the context of the processing of data subject rights:
- First name;
- Last name;
- Mailing address;
- Email address;
- Telephone number.
(2) Legal basis
Legal obligation, Art. 6 (1) (1) (c) in conjunction with Art. 12 ff. EU GDPR.
Legitimate interest for the subsequent documentation, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
Legally compliant processing of your data protection rights.
(4) Storage period
3 years after completion of the processing of the respective process, Art. 41 German Federal Data Protection Act (BDSG) in conjunction with Art. 31 (2) (1) German Act on Regulatory Offenses (OWIG).
(5) Possibility of objection and deletion
You have the option to object at any time to the processing of your personal data in the context of your data subject rights in the future. In this case, however, we cannot further process your data subject rights under data protection law.
Documentation of the legally compliant processing for the respective processing of your data subject rights is mandatory. As a result, no objection is possible.
b. Legal defense and enforcement
(1) Description and scope
Your personal data will be processed by us if you assert legal claims against us or we assert claims and rights against you.
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to defend against unjustified claims and to legally enforce and assert claims and rights.
This is also our legitimate interest.
(4) Storage period
Your personal data will be stored until the purpose is no longer valid. This is usually provided with the legal force of the respective decision.
(5) Possibility of objection and deletion
The processing of your personal data in the context of legal defense and enforcement is absolutely necessary for legal defense and enforcement. As a result, no objection is possible.
V. Further data processing in addition to our website
1. LinkedIn page
(1) Description and scope
As part of the operation of our LinkedIn page, we process your personal data in order to contact and interact with users and visitors of the social employment network “LinkedIn”. We publish information about our company there.
If you contact us directly via our LinkedIn page (e.g., via a message), the data you provide will only be processed for the purpose of recording and responding to your request.
We are also able to compile statistics about visits to our LinkedIn page. This information is compiled by LinkedIn (“Page insights”) and enables us to make the marketing of our activities more effective and targeted.
With regard to the “Page insights” data, we are jointly responsible for data processing with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For this purpose, we have entered into an agreement with LinkedIn Ireland Unlimited Company regarding which of us processes which obligations under the EU GDPR.
The essential contents of this agreement can be viewed at:
https://legal.linkedin.com/pages-joint-controller-addendum
You can find out which data LinkedIn uses for usage analysis in connection with our LinkedIn page, and which information LinkedIn provides for data processing in connection with the “Page insights” function here:
https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=de
Further information on the processing of your personal data by LinkedIn Ireland Unlimited Company can be found at:
https://de.linkedin.com/legal/privacy-policy
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to analyze the success of our LinkedIn page and the design of our LinkedIn page according to your interests and to process inquiries.
(4) Storage period
Information on the storage period of your personal data at LinkedIn Ireland Unlimited Company can be found at:
https://www.linkedin.com/legal/privacy-policy
(5) Possibility of objection and deletion
If you do not want your personal data to be processed by LinkedIn, you have the option to object at any time to the processing of your personal data in the context of the operation of our LinkedIn page for the future.
Further information on the processing of your personal data by LinkedIn can be found at:
https://de.linkedin.com/legal/privacy-policy
2. LinkedIN Lead Gen
(1) Description and scope
We rely on specialized instruments for lead generation in order to acquire customers. A lead represents a potential prospect who provides his/her contact details in order to open up the possibility of being contacted by a company that offers products or services. In this context, we use the LinkedIn Lead Gen forms service.
We use forms to generate leads. When contacting us via LinkedIn forms, personal data (such as name, email address, or telephone number) are recorded by LinkedIn and transmitted to us. We use this data to contact you, and if necessary, to discuss your application.
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (a) EU GDPR.
(3) Purpose
The lead-generation tools are used as part of our public-relations work and for communication with applicants.
(4) Storage period
Your data will be stored for a period of two years from Atreus’ receipt of the completed form. Insofar as statutory retention periods do not contain any conflicting provisions, the personal data will then be deleted.
Lead data on LinkedIn is automatically deleted after 90 days. For more information about how LinkedIn processes your data, please refer to LinkedIn’s Privacy Policy, which is available at the following link: https://de.linkedin.com/legal/privacy-policy
(5) Possibility of objection and deletion
If you do not want your personal data to be processed by LinkedIn, you have the option to object at any time to the processing of your personal data in the context of the operation of our LinkedIn page for the future.
Further information on the processing of your personal data by LinkedIn can be found at:
https://de.linkedin.com/legal/privacy-policy
3. Xing page
(1) Description and scope
As part of the operation of our Xing page, we process your personal data in order to contact and interact with users and visitors of the social network “Xing”. We also occasionally publish information about our company and related offerings.
If you contact us directly via our Xing page, the data you provide will only be processed for the purpose of recording and responding to your request.
We are also able to compile statistics about visits to our Xing page. This information is compiled anonymously by Xing and allows us to make the marketing of our activities more effective and targeted.
Information on how Xing processes your personal data can be found at:
https://privacy.xing.com/de/datenschutzerklaerung/druckversion
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of data processing is to analyze the success of our Xing page and the design of our Xing page according to your interests and the processing of inquiries.
(4) Storage period
Information on New Work SE’s storage period for your personal data can be found at:
https://privacy.xing.com/de/datenschutzerklaerung/druckversion
(5) Possibility of objection and deletion
If you do not want your personal data to be recorded as part of the operation of our Xing site, you have the option to object at any time to the processing of your personal data as part of the operation of our Xing site for the future.
Further information on the processing of your personal data by Xing can be found at:
https://privacy.xing.com/de/datenschutzerklaerung/druckversion
4. YouTube channel
(1) Description and scope
We run a YouTube channel operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As YouTube’s operator, Google Ireland Limited collects and processes personal data to the extent described in its privacy policy.
Further information on Xing’s processing of your personal data can be found at:
https://policies.google.com/privacy?hl=de&gl=de
If you contact us directly via our YouTube channel (e.g., via a message or a comment), the data you provide will only be processed for the purpose of recording and responding to your request.
We are also able to compile statistics about visits to our YouTube channel. This information is compiled by YouTube via the “Analytics” service and allows us to make the marketing of our activities more effective and targeted.
You can find out which data YouTube uses for usage analysis in connection with our YouTube channel and which information YouTube provides for data processing in connection with the analytics function here:
https://support.google.com/youtube/answer/9002587?hl=de
(2) Legal basis
Legitimate interest, Art. 6 (1) (1) (f) EU GDPR.
(3) Purpose
The purpose of the data processing is to analyze your behavior when visiting our YouTube channel, analyze the success of the videos we upload, and process inquiries.
(4) Storage period
(5) Possibility of objection and deletion
If you do not want your personal data to be processed by Google Ireland Limited, you have the option to object at any time to the processing of your personal data as part of the operation of our YouTube channel for the future. In this case, we will forward your objection request to Google Ireland Limited.
5. Podigee podcast blogs
(1) Description and scope
To display video and audio content, we include Podigee videos and audio content on our website. This allows us to depict content that we want to present to you on our website attractively, uniformly, and independently of your device. Podigee is a service provided by Podigee GmbH, Revaler Straße 28, 10245 Berlin, Germany.
The following personal data are processed as part of the integration of Podigee videos or audio content:
IP address;
Browser used;
Display resolution.
When the video and audio content is played, further personal data may be processed by Vimeo. For more information, please visit:
https://www.podigee.com/de/ueber-uns/datenschutz/
(2) Legal basis
The legal basis for the processing of your personal data in the context of our Podigee podcast blog is Art. 6 (1) (a) EU GDPR.
(3) Purpose
The purpose of processing your personal data is to publish our podcasts and to evaluate statistics about our podcast listeners. This allows us to make the marketing of our podcasts more effective and targeted.
Podigee is a service provided by Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. These statistics are compiled by Podigee GmbH and provided to us in pseudonymized or anonymous form.
(4) Storage period
(5) Possibility of objection and deletion
If you do not want your personal data to be processed by Podigee GmbH, you have the option of revoking your consent at any time. You can do this specifically by ending the podcast and leaving the podcast blog.
6. Personio
(1) Description and scope
We use Personio to manage and process applications. This allows us to record the application process in a structured manner, process it, and communicate with applicants.
As part of the integration, the following personal data will be processed depending on the group of people:
Employees
- First name
- Last name
- Birth name
- Address
- Phone number
- Emergency contact
- Date of birth
- Seniority
- Tax class
- Tax ID
- Social security number
- Marital status
- Religious affiliation
- Health insurance
- Children
- Birth certificates
- Bank details
- Salary and all salary components
- Working time and time tracking
- Absences of any kind
- Education/degree
- Performance data & feedback
- Nationality & employment permit
- Contracts, bonuses, and supplementary agreements
- Onboarding documents and onboarding plan
- Parking and admission cards
- Team membership
- Line manager
- Application documents
- Interim references
Former employees:
- First name
- Last name
- Birth name
- Address
- Phone number
- Emergency contact
- Date of birth
- Seniority
- Tax class
- Tax ID
- Social security number
- Marital status
- Religious affiliation
- Health insurance
- Children
- Birth certificates
- Bank details
- Salary and all salary components
- Working time and time tracking
- Absences of any kind
- Education/degree
- Performance data & feedback
- Nationality & employment permit
- Contracts, bonuses, and supplementary agreements
- Onboarding documents and onboarding plan
- Parking and admission cards
- Team membership
- Line manager
- Application documents
- Interim references
- Leaving date
- Relevant leaving documents
Candidates:
- First name
- Last name
- Address
- Phone number
- Application documents
- Assessments
- Notes from conversations
- Email communication
External:
- First name
- Last name
(2) Legal basis
The legal basis for the processing of your personal data within the framework of our Personio website is Art. 6 (1) (b) and (c) EU GDPR.
(3) Purpose
Personio is integrated on our website for the purpose of convenient and confidential application for vacancies while avoiding system discontinuities.
(4) Storage period
Employees:
The data are stored for the period of employment.
Former employees:
The retention period is three years.
Candidates:
Automated anonymization takes place after 90 days.
External:
The data are stored for the duration of collaboration. Thereafter, the duration of the storage is as “former employees”.
(5) Possibility of objection and deletion
If you do not want your personal data to be processed by Personio, you have the option to object at any time to the processing of your personal data in the context of the operation of our Personio website for the future, insofar as statutory retention periods no longer apply. In this case, we will forward your objection request to Personio SE & Co. KG.
VI. Recipient categories
Within our company, those offices and departments receive personal data that need it to fulfill the aforementioned purposes. In addition, we sometimes use different service providers and transfer your personal data to other trustworthy recipients. These may be, for example:
- Banks
- Scan Service
- Print shops
- Letter shops
- IT service providers
- Lawyers and courts
VII. Third-country transfer
In the course of processing your personal data, we may transfer your personal data to trusted service providers in third countries. Third countries are countries that are outside the European Union (EU) or the European Economic Area (EEA).
In doing so, we only work with service providers who can provide us with suitable guarantees for the security of your personal data and guarantee that your personal data will be processed in accordance with strict European data protection standards. A copy of these suitable guarantees can be viewed at our premises.
If we transfer personal data in third countries, this is done on the basis of an “adequacy decision” of the European Commission or, in the absence of such a decision, on the basis of “standard data protection clauses”, which have also been issued by the European Commission.
VIII. Your rights
You have the following rights towards us:
1. Right to information
You have a right to information about whether and which of your personal data are processed by us. In this case, we will additionally inform you about
- the purpose of processing;
- the categories of data;
- the recipients of your personal data;
- the planned storage period or the criteria for the planned storage period;
- your other rights;
- unless you have provided us with your personal data: all available information about its origin;
- if available: the existence of automated decision-making and information about the logic involved, the scope, and the intended effects of the processing.
2. Right to rectification
You have a right to rectification and/or completion if your personal data processed by us is inaccurate or incomplete.
3. Right to restrict processing
You have a right to restrict processing, provided that
- we verify the accuracy of your personal data that we process;
- the processing of your personal data is unlawful;
- you need your personal data processed by us for legal prosecution after the purpose has ceased to exist;
- you have objected to the processing of your personal data and we are reviewing this objection.
4. Right to deletion
You have a right to deletion, provided that
- we no longer need your personal data for its original purpose;
- you revoke your consent and there is no other legal basis for processing your personal data;
- you object to the processing of your personal data and – unless it is direct marketing – there are no overriding reasons for further processing;
- the processing of your personal data is unlawful;
- the deletion of your personal data is required by law;
- your personal data was collected as a minor for information society services.
5. Right to information
If you have exercised your right to rectification, erasure, or restriction of processing, we will notify all recipients of your personal data of this rectification, erasure of the data or restriction of processing.
6. Right to data portability
You have a right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, common, and machine-readable format and to transfer it to another controller. If technically feasible, you have the right to have us transfer this data directly to another controller.
7. Right of objection
You have the right to revoke any consent given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In case of processing of your personal data for direct marketing purposes, you have the right to object at any time. In this case, we will no longer process your personal data unless we can prove compelling legitimate grounds for the processing.
In case of processing of your personal data for direct marketing purposes, you have the right to object at any time.
8. Right of revocation
You have the right to revoke your consent given to us at any time. The revocation of consent does not affect the lawfulness of processing based on consent until the revocation.
9. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data by us infringes the EU GDPR.
The competent supervisory authority for us is:
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Tel: +49 981 180093 0
Fax: +49 981 180093 800
Email: poststelle@lda.bayern.de
Status: March 31, 2025