We, ekipa GmbH (hereinafter “the company”, “we”, “us” or “ekipa”) take the protection of your personal data seriously and would like to take this opportunity to inform you about data protection in our company.
The German text applies. The English text is for convenience only and is not intended to have any legal significance.
As part of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to ensure the protection of personal data of the person affected by processing (we also refer to you as the data subject as “user”, “you”, or “data subject”).
Insofar as we decide on the purposes and means of data processing either alone or together with others, this includes above all the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 GDPR). With this policy (“Privacy Policy”), we inform you about the way in which your personal data is processed by us.
Our Privacy Policy has a modular structure. It consists of a general section for all processing of personal data and processing situations that apply each time a website is accessed (A. General) and a special section, the content of which relates only to the processing situation specified there with the designation of the respective offer or product, in particular the visit to websites as detailed here (B. Websites), and communication with business partners (C. Business Partners, Applicants and Employees), and the visit to our social media profiles (D. Social Media).
In order to find the parts relevant to you, please refer to the following overview of the subdivision of the privacy policy:
Part A: General, always relevant.
Part B: Website, relevant if you use our German website.
Part C: Business partner, applicant and employee, relevant if you wish to work with us as a service provider, supplier or similar partner, are already in an ongoing business relationship with us or have been in one in the past, are applying for employment with us or are already an employee.
Part D: social media, relevant if you visit our social media profiles.
1 Definitions
Following the example of Art. 4 GDPR, this data protection notice is based on the following definitions:
“Processor” (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
“Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the group.
“Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. The identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or audio recordings can also contain personal data).
“Processing” (Art. 4 No. 2 GDPR) means any operation which is performed on personal data, whether or not by automated means (i.e. using technical specifications). This includes, in particular, the collection (i.e. acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, or alteration of the purposes for which they were originally processed.
“Responsible Person” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2 Responsible Person
2.1 2.1 The person responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is:
ekipa GmbH
Kaiserstraße 56
60329 Frankfurt am Main
2.2 2.2 Managing directors authorized to represent the company:
Justin Gemeri & Nico Heby
E-Mail: hello@ekipa.de
Telefon: +49 1515 2592417
2.3 2.3 All questions and concerns regarding data protection at ekipa can be directed to the following e-mail address:
data-protection@ekipa.de
2.4 2.4 For further information about our company, please refer to the legal notice on our website: https://ekipa.de/en/imprint/.
3 Contact Details of the Data Protection Officer
You can reach our data protection officer at:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 München
4 Legal Basis for Data Processing
4.1 4.1 In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If no specific information on relevant legal bases is provided in the relevant sections of this privacy policy, the processing is based on the following legal bases. In principle, we collect, process and share the data described above on the following legal bases
• • Art. 6 para. 1 sentence 1 lit a GDPR (“consent”): Where the data subject has voluntarily, in an informed and unambiguous manner, indicated by a statement or other unambiguous affirmative act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
• • Art. 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• • Art. 6 para. 1 sentence 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
• • Art. 6 para. 1 sentence 1 lit. d GDPR: If processing is necessary in order to protect the vital interests of the data subject or another natural person;
• • Art. 6 para. 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
• • Art. 6 para. 1 sentence 1 lit. f GDPR (“Legitimate interests”): If the processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject (in particular where the data subject is a minor).
4.2 4.2 The storage of information in the end user’s terminal equipment or access to information that is already stored in the terminal equipment is only permitted if it is covered by one of the following justifications:
• • Section 25 para. 1 TTDSG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
• • Section 25 para. 2 no. 1 TTDSG: If the sole purpose is to carry out the transmission of a communication via a public telecommunications network; or
• • Section 25 para. 2 no. 2 TTDSG: If storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.
4.3 4.3 For the processing operations we carry out, we indicate the applicable legal basis in each case below. Processing can also be based on several legal bases.
5 Data Deletion and Storage Period
5.1 5.1 For the processing operations carried out by us, we indicate below how long the data is stored by us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in Germany, subject to any disclosure in accordance with the provisions in sections A.7 and A.8.
5.2 5.2 However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the controller (e.g. Section 257 HGB, Section 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
6 Data Security
6.1 6.1 We take appropriate technical and organizational measures to protect yourrf data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the existing risks of a data breach (including its probability and effects) for data subjects.
6.2 6.2 The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
6.3 6.3 We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see section A.3).
7 Cooperation with Data Processors
We use external domestic and foreign service providers (e.g. third-party providers of technical services, delivery companies, hosting providers, IT companies or communications agencies) to process our business transactions. These service providers only act on our instructions and are contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.
8 Requirements for the Transfer of Personal Data to Third Countries
8.1 8.1 As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 para. 1 lit. b or lit. f in each case in conjunction with Art. 44 et seq. GDPR). We will inform you about the respective details of the transfer at the relevant points below.
8.2 8.2 The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 para. 1, 2 lit. c GDPR (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates or recognized codes of conduct. Please contact our data protection officer (see section A.3) if you would like more information on this.
9 No Automated Decision-Making (including Profiling)
We do not intend to use personal data collected from you for automated decision-making (including profiling).
10 No Obligation to Provide Personal Data
We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a user, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products presented below and offered by us, you will be informed of this separately.
11 Legal Obligation to Transmit Certain Data
We may be subject to a special legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public authorities (Art. 6 para. 1 sentence 1 lit. c GDPR).
12 Your Rights
You can assert your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided at the beginning of section A.2. As the data subject, you have the right to:
• • to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
• • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;
• • in accordance with Art. 17 GDPR, to demand the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful;
• • in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (“data portability”)
• • pursuant to Art. 21 GDPR to object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing;
• • in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us (including before the GDPR came into force, i.e. before May 25, 2018) – i.e. your voluntary, informed and unequivocal declaration or other unambiguous confirmatory act indicating that you consent to the processing of the personal data concerned for one or more specific purposes – at any time if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future and
• • in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: Hessian Commissioner for Data Protection and Freedom of Information, Department 2.3, P.O. Box 3163, 65201 Wiesbaden, poststelle@datenschutz.de.
13 Changes to the Privacy Policy
As part of the further development of data protection law as well as technological or organizational changes, our data protection declaration is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes, in particular on our website at https://ekipa.de/en/privacy-policy/. This privacy policy is valid as of June 2024.
14 Further Information and Contacts
You may exercise your rights to rectification or erasure or to restriction of processing or to exercise your right to object to processing and the right to data portability at any time. You can address all questions and concerns about data protection at ekipa by e-mail to data-protection@ekipa.de or by letter to our company address. You can find our general contact details here.
1 Explanation of the Function
You can obtain information about our company and the services we offer in particular at https://ekipa.de/ together with the associated subpages (hereinafter jointly referred to as “websites”). When you visit our websites, your personal data may be processed.
2 Processed Personal Data
2.1 2.1 As a web-based open innovation platform, we process personal data in the course of providing our services. Personal data is either provided by the user themselves or is collected automatically via technical information.
All data requested by the website is mandatory. Failure to provide this data may result in this website not being able to provide its services. In cases where this website explicitly states that some data is not mandatory, users may choose not to provide this data without any consequences for the availability or functioning of the service. Users who are unclear about which data is mandatory can contact the data controller (see section A.2).
2.2 2.2 Calling up the Website
We collect, store and process the following categories of personal data when you use the website for information purposes:
“Log data”: When you visit our websites, a so-called log data record (so-called server log files) is temporarily and anonymously stored on our web server. This consists of:
• • the page from which the page was requested (so-called referrer URL)
• • the name and URL of the requested page
• • the date and time of the call
• • the description of the type, language and version of the web browser used
• • the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
• • the amount of data transferred
• • the operating system
• • the message as to whether the request was successful (access status/Http status code)
This information is stored for a maximum of 7 days in connection with the associated IP address for the purposes of misuse detection and prosecution. Usage data will also be deleted or anonymized immediately as soon as it is no longer required for the purposes stated in this declaration. Anonymized usage data may be used to optimize the design of the website to meet the needs of the user.
The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 sentence 1 lit. a or lit. f GDPR).
More detailed information on the type of data, purpose and external services can be found in part B of this privacy policy.
2.3 2.3 Contacting Us
“Contact form data”: When contact forms are used, the data transmitted by the user is processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b (in the context of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f (other requests) GDPR. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
We delete the requests if they are no longer necessary. We review the necessity every two (2) years. Otherwise, the statutory archiving obligations apply.
The processing of contact form data is carried out to process customer inquiries (legal basis is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR).
More detailed information on the type of data, purpose and external services can be found in part B of this privacy policy
2.4 2.4 Newsletter
In addition to the purely informational use of our website, we offer a subscription to our newsletter. We only send newsletters, emails and other electronic notifications with advertising information (“newsletters”) with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when subscribing to the newsletter, they are decisive for the user’s consent. Otherwise, our newsletters contain information about our services and us. If you register for our newsletter, the following “newsletter data” will be collected, stored and processed by us:
• • • the page from which the page was requested (so-called referrer URL)
• • • the date and time of the request
• • • the description of the type of web browser used
• • • the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
• • • the e-mail address
• • • the date and time of registration and confirmation
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded.
We process the personal data specified above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. f GDPR, the purposes mentioned also represent our legitimate interests.
The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a GDPR). We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to data-protection@ekipa.de or by sending a message to the contact details given in the imprint.
We may store the unsubscribed e-mail addresses for up to three (3) years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time.
If the processing of the data requires the storage of information in your terminal equipment or access to information that is already stored in the terminal equipment, Section 25 paras. 1 and 2 TTDSG is the legal basis for this.
3 Duration of Data Processing
3.1 3.1 Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly.
3.2 3.2 This means the following:
Personal data collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until this contract has been completely fulfilled;
Personal Data collected for the purposes of the legitimate interests pursued by the Owner will be retained for as long as necessary to fulfill those purposes. Users can obtain more information about the legitimate interests pursued by the owner in the relevant sections of this document or by contacting the owner;
3.3 3.3 In addition, the provider may be obliged to retain personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority. Further processing (for a limited period) is necessary for the following purposes:
• • • • Fulfillment of retention periods under commercial and tax law, which may result in particular from the German Commercial Code and the German Fiscal Code. The periods specified there for the retention of corresponding documentation are generally two (2) to ten (10) years.
• • • • Preservation of evidence within the scope of the statutory statute of limitations. According to Sections 195 seq. BGB, these limitation periods can be up to 30 years, whereby the regular limitation period is three (3) years.
3.4 3.4 Personal data will be deleted after the statutory retention period has expired. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be asserted after the retention period has expired.
3.5 3.5 If the account is deleted and the contract is therefore terminated, information and posts shared by the user on the platform may remain visible. However, these will be anonymized immediately.
3.6 3.6 Third parties engaged by us will store your data on their system for as long as is necessary in connection with the provision of the services for us in accordance with the respective order.
3.7 3.7 You can find more details on the storage period under section A.5 and the cookie policy attached below.
4 Transfer of Personal Data to Third Parties; Bases for Justification
4.1 4.1 The following categories of recipients, which are usually processors (see Ziffer A.7), may have access to your personal data:
• • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as these are not processors;
• • Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. c GDPR;
• • Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.
4.2 4.2 For guarantees of an adequate level of data protection when data is transferred to third countries, see section A.8.
4.3 4.3 In addition, we will only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
5 Use of Cookies, Plugins and other Services on our Website
5.1 5.1 We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard disk by means of a characteristic string of characters and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the website more user-friendly and effective overall, i.e. more pleasant for you.
5.2 5.2 Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.
5.3 5.3 A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, a distinction is made between cookies:
• • Technical cookies: These are strictly necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes or store which websites you have visited;
• • Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website; they do not collect any information that could identify you – all information collected is anonymous and is only used to improve our website and to find out what interests our users;
• • Advertising cookies, targeting cookies: These are used to offer the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
• • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
5.4 5.4 The legal basis for cookies that are absolutely necessary in order to provide you with the expressly requested service is Section 25 para. 2 no. 2 TTDSG. Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent in accordance with Section 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 sentence 1 lit. a GDPR. This applies in particular to the use of performance, advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
5.5 5.5 For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please see our cookie policy attached below.
5.6 5.6 Google Maps
On this website we use the services of Google Maps, offered by Google Inc. This enables us to show the user interactive maps directly on the website.
By visiting the website, Google receives the information that the user has accessed a corresponding sub-page of our website. This occurs regardless of whether or not the user has a user account with Google and is logged in. If a user is logged in to Google, the data is assigned directly to the respective account.
Further information on the use of data by Google, setting and objection options, can be found in Google’s privacy policy (https://policies.google.com/privacy).
If users do not wish to be associated with their Google user account, they must log out of Google before accessing the website. Google stores the data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Users have the right to object to the creation of these user profiles, whereby they must contact Google to exercise this right.
5.7 5.7 Xing
Functions and content of the Xing service, offered by XING AG, may be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within Xing. If the users are members of the Xing platform, Xing can assign the access to the above-mentioned content and functions to the users’ profiles there.
Personal data collected: Cookie and usage data.
You can find more information about Xing and data protection at https://privacy.xing.com/de/datenschutzerklaerung
If a user is a Xing member and does not want Xing to collect data about them via this online service and link it to their member data stored at Xing, they must log out of Xing and delete their cookies before using our online service
5.8 5.8 LinkedIn
Functions and content of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company, may be integrated into our online offering. This may include, for example, content such as images, videos or text and buttons with which users can share content from this online offering within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned content and functions to the users’ profiles there.
Personal data collected: Cookie and usage data.
Further information on LinkedIn and data protection can be found at https://www.linkedin.com/legal/privacy-policy, an opt-out option can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
If a user is a LinkedIn member and does not want LinkedIn to collect data about them via this online offering and link it to their membership data stored on LinkedIn, they must log out of LinkedIn and delete their cookies before using our online offering.
5.9 5.9 Facebook Social Plugins
Social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. (“Facebook”), may be integrated into our online offering. This may include, for example, content such as images, videos or text and buttons with which users can share content from this online offering within Facebook. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Personal data collected: Cookie and usage data.
You can find more information about Facebook and data protection at https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about them via this online service and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
5.10 5.10 Instagram
Functions and content of the Instagram service, offered by Instagram Inc. (“Instagram”), 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated into our online offering. This may include, for example, content such as images, videos or text and buttons with which users can share content from this online offering within Instagram. If the users are members of the Instagram platform, Instagram can assign the access to the above-mentioned content and functions to the users’ profiles there.
You can find more information about Instagram and data protection at http://instagram.com/about/legal/privacy/.
If a user is an Instagram member and does not want Instagram to collect data about them via this online service and link it to their membership data stored on Instagram, they must log out of Instagram and delete their cookies before using our online service.
5.11 5.11 X
Functions of the X service (formerly known as ‘Twitter’) may be integrated on our pages. These functions are offered by X Corp. (“X”), 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of persons living outside the United States.
By using X and the ‘re-tweet’ function, the websites visited by the user are linked to their X account and made known to other users. Data is also transmitted to X in the process.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X. Further information on this can be found in X’s privacy policy(https://twitter.com/de/privacy)
Personal data protection settings on X can be changed in the account settings(http://twitter.com/account/settings).
5.12 5.12 YouTube
We use the https://www.youtube.com/ platform (“YouTube”) to post our own videos and make them publicly accessible. YouTube is a service provided by a third party not affiliated with us, namely YouTube LLC.
Some of our Internet pages contain links or connections to YouTube. In general, we are not responsible for the content of linked websites. However, in the event that the user follows a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.
We also directly integrate videos stored on YouTube on some of our websites. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also known as “framing”. When the user calls up a (sub)page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying the corresponding browser.
The integration of YouTube content only takes place in “extended data protection mode”. This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on the device. However, when the relevant pages are called up, the IP address and the other data mentioned in section B.2.2 are transmitted and thus, in particular, which of our Internet pages have been visited. However, this information cannot be directly assigned unless the user was logged in to YouTube or another Google service (e.g. Google+) before accessing the page or is permanently logged in.
Address and link to the privacy policy of the third-party provider:
Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
5.13 5.13 Flockler
To display social media content on our website, we use the service Flockler (“Flockler”), Flockler Oy Rautatienkatu 26 B 32, 33100, Tampere Finland, which aggregates relevant social media channels and displays them on our website.
By interacting with the respective content, a connection to the Flockler servers is established. Flockler also obtains your IP address. This also applies if you are not logged in to the respective social media provider or do not have an account with them. The websites you visit are linked to your social media account and made known to other users. Data is also transmitted to the social media provider. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by the social media provider. Further information on this can be found in the provider’s privacy policy. The data protection provisions and further information on this service provider can be found at: https://flockler.com/privacy-policy.
5.14 5.14 Interaction with External Social Networks and Services
These types of services enable interaction with social networks or other external platforms directly via this website. The interaction and the information collected via this website are always subject to the privacy settings made by the users for the respective social network or service.
If a service is installed for interaction with social networks, it can collect data from the data traffic for the pages on which it is installed, even if users do not use the service.
We use these services on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR).
5.15 5.15 Other Services
These following services enable the management of a database with, for example, e-mail contacts, any other contact information, profile data, user contributions, order data or other information.
In certain cases, the services may also collect data about the date and time messages were read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.
We use such services on the basis of the performance of our services and implementation of our services (i.e. implementation of an open innovation platform within the meaning of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR).
5.16 5.16 Mailjet (SAS Mailjet)
Mailjet (“Mailjet”) is a service provided by SAS Mailjet for the management of e-mail addresses and the sending of messages. The mailing service provider may use the data of the recipients in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Personal data collected: email
SAS Mailjet implements the European General Data Protection Regulation. You can find more information about Mailjet and data protection at https://www.mailjet.de/privacy-policy/.
5.17 5.17 Crisp.chat (Crisp IM S.A.R.L.)
Crisp.chat (“crisp.chat”) is a live chat service provided by Crisp IM S.A.R.L. for communicating with users of our online offering, which we use to improve the user experience. This gives us the opportunity to get in touch with users faster and more directly in line with their expectations and to process their inquiries. With crisp.chat, we can send users messages via live chat, email, SMS or push messages, provided this is permitted by law. For this to be possible, we must synchronize our contact information to the users with Crisp IM S.A.R.L. via an interface.
Personal data collected: various types of data as described in the privacy policy of the service.
Crisp IM S.A.R.L. implements the GDPR: https://help.crisp.chat/en/article/whats-crisp-eu-gdpr-compliance-status-nhv54c/.
You can find more information about Crisp.chat and data protection at https://crisp.chat/en/privacy/.
5.18 5.18 HubSpot (HubSpot Inc.)
HubSpot (“HubSpot”) is an integrated software solution that we use to cover various aspects of our online marketing. We have concluded an order data processing contract with HubSpot in accordance with the requirements of the GDPR.
These include, among others: Email marketing (newsletters and automated mailings, e.g. to provide downloads), reporting (e.g. traffic sources, hits, etc. …), contact management (e.g. user segmentation & CRM) and landing pages and contact forms.
Our registration service allows users of our website to learn more about our company, download content and provide their contact information and other demographic information. It may be used by us to contact users of our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this Privacy Policy. We use all information collected exclusively to optimize our marketing measures. HubSpot is a software company from the USA with a branch in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.
Personal data collected: Email address, usage data and various types of data as described in the service’s privacy policy.
More information about HubSpot’s privacy policy can be found here: https://legal.hubspot.com/privacy-policy.
More information from HubSpot regarding EU data protection regulations can be found here: https://legal.hubspot.com/data-privacy.
5.19 5.19 Digital Ocean (Digital Ocean, LLC)
We use Digital Ocean to store user data. We have concluded an order data processing contract with Digital Ocean, LLC in accordance with the requirements of the GDPR.
Personal data collected: profile data (e.g. user name, description, email address, etc.).
Contact: DigitalOcean
101 6th Ave New York, NY 10013
E-Mail: privacy@digitalocean.com
You can find more information about Digital Ocean’s privacy policy at https://www.digitalocean.com/legal/privacy-policy.
6 Infrastructure and Backend
6.1 6.1 The purpose of this type of service is to host data and files so that this website can be managed and used. Furthermore, these services can provide a ready-made infrastructure that handles specific functions or entire components for this website. We use such services on the basis of the performance of our services and implementation of our services (i.e. implementation of an open innovation platform within the meaning of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR).
Some of these services work with geographically distributed servers, making it difficult to determine the location where the personal data is stored.
6.2 6.2 Primsic (Prismic Networks Inc.)
We use Prismic as the content management system for our website. This is a service provided by Prismic Networks, Inc. 185 Alewife Brook Parkway, #410 Cambridge, MA 02138 hereinafter referred to as “Prismic”.
Personal data collected: Through the connection to Prismic established when you access our website, Prismic can determine from which website your request has been sent and to which IP address the content is to be transmitted.
Prismic provides further information at https://prismic.io/legal/privacy and https://prismic.io/security and points out that Prismic’s privacy policy complies with the GDPR.
6.3 6.3 Google Cloud Storage (Google Inc.)
Google Cloud Storage is an object storage service. We have concluded a data processing contract with Google Inc. in accordance with the requirements of the GDPR.
Personal data collected: Data uploaded to our platform by users and the associated profile data (e.g. user name, description, email address, etc.).
Where possible, we use servers located within the EU. However, it cannot be ruled out that data may also be transferred to the USA. You can find more information about Google Cloud Storage and data protection at https://policies.google.com/privacy and firebase.google.com.
7 Login and Authentication
7.1 7.1 By logging in or authenticating, users authorize this application or website to identify them and grant them access to specific services.
Depending on what is specified below, third-party providers may provide login and authentication services. In this case, this website may access some data stored by these third parties for login or identification purposes.
We use such services on the basis of the performance of our services and implementation of our services (i.e. implementation of an open innovation platform within the meaning of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR) as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR).
7.2 7.2 Firebase Authentication (Google Inc.)
Firebase Authentication is a login and authentication service provided by Google Inc. To simplify the login and authentication process, Firebase Authentication may use third-party identity services and store the information on its platform.
Personal data collected: Email, username, password
Where possible, we use servers located within the EU. However, it cannot be ruled out that data may also be transferred to the USA. You can find more information about Google Firebase and data protection at https://policies.google.com/privacy and firebase.google.com.
1 Applicants and Employees
1.1 1.1 Information on vacancies in our company can be found in particular at https://ekipa.de/offene-stellen/. You can find more information on data processing when visiting our website under Part B – Visiting Websites.
1.2 1.2 We process personal data of our applicants and employees (including interns and working students) to establish, implement and terminate the respective employment relationship. The legal basis for this is Art. 26 para. 1 sentence 1 GDPR.
2 Communication
2.1 2.1 Furthermore, the following services enable communication with external business partners and applicants as well as internal company communication. This involves the collection and storage of information such as the name and IP address of the respective person. We use such services on the basis of the fulfillment of our services and the performance of our services within the meaning of Art. 6 para. 1 sentence 1 lit. b and Art. 6 para. 1 sentence 1 lit. c GDPR.
2.2 2.2 Microsoft Office 365
Microsoft Office 365 is a productivity, collaboration and exchange platform for individual users, teams, communities and networks, which is used within ekipa GmbH and with external partners. The service provider collects and stores data such as name and contact details, login information, demographic data, data on licenses and subscriptions as well as interactions. The data collected depends on the context of the interaction with Microsoft, the preferences (including privacy settings), the products and features used, the location and the laws applicable there.
You can find more information about Microsoft Office 365 and data protection at: https://privacy.microsoft.com/de-de/privacystatement.
1 General
1.1 1.1 We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data.
1.2 1.2 When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the data protection declarations of the respective operator.
The privacy policy for the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be found at https://www.facebook.com/about/privacy/
update?ref=old_policy.
the privacy policy for the social network Instagram, which is operated by Meta Platforms Ireland Limited, can be found at https://help.instagram.com/
155833707900388;
the privacy policy for the social network YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be viewed at https://policies.google.com/privacy?
hl=de;
the privacy policy for the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place,
Dublin 2, Ireland, can be viewed at https://de.linkedin.com/legal/privacy-policy.
1.3 1.3 As the operator of a Facebook page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged into it when you visit our fan page. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when visiting our fan page. We do not have access to the usage data that Meta Platforms collects to compile these statistics. Meta Platforms has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to make the essentials of this obligation available to those affected. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our website in a target group-oriented manner. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f GDPR. Meta Platforms also uses cookies, which are stored on your device when you visit our website, even if you do not have your own Facebook profile or are not logged into it during your visit to our website. These cookies allow Meta Platforms to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside Facebook). Cookies remain on your device until you delete them. You can find details on this in Facebook’s privacy policy.
1.4 1.4 As the operator of an Instagram page, we can only view the information stored in your public Instagram profile, and only if you have such a profile and are logged into it when you visit our site. In addition, Instagram provides us with anonymous usage statistics that we use to improve the user experience when visiting our site. We do not have access to the usage data that Meta Platforms collects to compile these statistics. Meta Platforms has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to make the essentials of this obligation available to those affected. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our website in a target group-oriented manner. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f GDPR. Meta Platforms also uses cookies that are stored on your device when you visit our website, even if you do not have your own Instagram profile or are not logged into it during your visit to our website. These cookies allow Meta Platforms to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside Instagram). Cookies remain on your device until you delete them. You can find details on this in Instagram’s privacy policy.
1.5 1.5 As the operator of a YouTube page, we can only view the information stored in your public YouTube profile, and only if you have such a profile and are logged into it when you visit our site. In addition, Google provides us with anonymous usage statistics that we use to improve the user experience when visiting our site. We do not have access to the usage data that Google collects to compile these statistics. Google has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to make the essentials of this obligation available to those affected. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our website in a target group-oriented manner. The legal basis for data processing is therefore Art. 6 para. 1 lit. f GDPR. Google also uses so-called cookies, which are stored on your end device when you visit our site even if you do not have your own YouTube profile or are not logged into it during your visit to our site. These cookies allow Google to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside YouTube). Cookies remain on your device until you delete them. You can find details on this in YouTube’s privacy policy.
1.6 1.6 As the operator of a LinkedIn page, we can only view the information stored in your public LinkedIn profile, and only if you have such a profile and are logged into it when you visit our site. In addition, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our site. We do not have access to the usage data that LinkedIn collects to compile these statistics. LinkedIn has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to make the essentials of this obligation available to those affected. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our website in a target group-oriented manner. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f GDPR. LinkedIn also uses cookies, which are stored on your device when you visit our website, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our website. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside LinkedIn). Cookies remain on your device until you delete them. You can find details on this in LinkedIn’s privacy policy.
1.7 1.7 If you use our profiles on social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore Art. 6 para. 1 lit. a and b GDPR. We delete stored data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.
1 General
1.1 1.1 Our website (https://ekipa.de/en/homepage/) uses cookies. “Cookies” are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. “Third-Party-Cookies” are cookies that are offered by other providers than the responsible person who operates the online service (otherwise, if they are only their cookies, one speaks of “First-Party Cookies”). Personal data can be stored in Cookies.
1.2 1.2 We use temporary and permanent cookies. If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
1.3 1.3 A general objection to the use of cookies used for online marketing purposes can become the EU website http://www.youronlinechoices.com/ for a large number of services, especially in the case of tracking, via the US American website http://www.aboutads.info/choices/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all functions of this online offer can be used in this case.
2 Necessary Cookies
2.1 2.1 We distinguish between cookies that are mandatory for the technical functions of the website and the platform of ekipa and optional cookies.
2.2 2.2 Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of website. The website cannot function properly without these cookies.
2.3 2.3 Polylang
Purpose: Polylang is a multilingual system for WordPress websites. The cookies store the user’s language and can redirect the user to the version of the website that corresponds to the language of the user’s browser.
Legal basis for use: Art. 6 para. 1 sentence 1 lit. f GDPR.
Provider: United Kingdom
E-Mail: wordpress@mentenich.com
Technical cookie definition: p11_language
Type: HTTP cookie
Host: ekipa.aquilamedia.de
Duration: 1 year
2.4 2.4 Real Cookie Banner
Purpose: Real Cookie Banner asks website visitors for their consent to the setting of cookies and the processing of personal data. For this purpose, each website visitor is assigned a UUID (pseudonymous identification of the user), which is valid until the cookie for storing consent expires. Cookies are used to test whether cookies can be set, to store a reference to the documented consent, to store which service groups the visitor has consented to and, if consent is obtained in accordance with the Transparency & Consent Framework (TCF), to store the consents in TCF partners, purposes, special purposes, functions and special functions. The consent obtained is fully documented as part of the duty of disclosure under the GDPR. In addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and functions the visitor has consented, this includes all settings of the cookie banner at the time of consent as well as the technical circumstances (e.g. size of the viewing area at the time of consent) and the user interactions (e.g. clicks on buttons) that led to consent. Consent is collected once per language.
Legal basis for use: Art. 6 para. 1 sentence 1 lit. c GDPR.
Provider: United Kingdom
E-Mail: wordpress@mentenich.com
Technical cookie definition: real_cookie_banner*
Type: HTTP Cookie
Host: .aquilamedia.de
Duration: 365 days
Technical cookie definition: real_cookie_banner*-tcf
Type: HTTP Cookie
Host: .aquilamedia.de
Duration: 365 days
Technical cookie definition: real_cookie_banner-test
Type: HTTP Cookie
Host: .aquilamedia.de
Duration: 365 days
3 Functional Cookies
3.1 3.1 Functional cookies are necessary to provide features that go beyond the essential functionality of the website, such as prettier fonts, video playback or interactive Web 2.0 features. Content from video and social media platforms, for example, is blocked by default and can be consented to. If the service is approved, this content is automatically loaded without further manual consent.
The following cookies belong to this category:
3.2 3.2 Gravatar
Purpose: Gravatar allows displaying images of people who have, for example, written a comment or logged in an account. The image is retrieved based on the provided email address of the user, if an image has been stored on gravatar.com for this email address. This requires processing the user’s IP-address and metadata. No cookies or cookie-like technologies are set on the client of the user. This data can be used to collect visited websites and to improve the services of Aut O’Mattic.
Provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
Privacy policy: https://automattic.com/privacy/
3.3 3.3 Google Maps
Purpose: Google Maps enables the embedding of maps directly into websites in order to improve the website. This requires the processing of the user’s IP address and metadata. Cookies or cookie-like technologies can be stored and read. These may contain personal data and technical data such as user IDs, consents, card software settings and security tokens. This data can be used to record websites visited, to compile detailed statistics on user behavior and to improve Google’s services. This data may be linked by Google with the data of users logged in to Google’s websites (e.g. google.com and youtube.com). Google makes personal data available to its affiliated companies, other trusted companies or persons who can process this data on the basis of Google’s instructions and in accordance with Google’s data protection regulations.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
Imprint: https://www.google.de/contact/impressum.html
Data processing in unsafe third countries: Australia, Brazil, Chile, Hong Kong, India, Indonesia, Qatar, Singapore, Taiwan
Technical cookie definition: NID
Type: HTTP Cookie
Host: .google.com
Duration: 6 months
Technical cookie definition: __Secure-3PSIDCC
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: __Secure-1PSIDCC
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: SIDCC
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: __Secure-3PAPISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: SSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: __Secure-1PAPISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: HSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: __Secure-3PSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: __Secure-1PSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: SID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: SAPISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: APISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: CONSENT
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: __Secure-ENID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: AEC
Type: HTTP Cookie
Host: .google.com
Duration: 6 months
Technical cookie definition: _c;;i
Type: Local Storage
Host: https://www.google.com
Duration: No expiration
Technical cookie definition: LH;;s-*
Type: Local Storage
Host: https://www.google.com
Duration: No expiration
Technical cookie definition: sb_wiz.zpc.gws-wiz.
Type: Local Storage
Host: https://www.google.com
Duration: No expiration
Technical cookie definition: sb_wiz.ueh
Type: Local Storage
Host: https://www.google.com
Duration: No expiration
3.4 3.4 Google Tag Manager
Purpose: Google Tag Manager is a service for managing tags that are triggered by a specific event, which insert a third-party script or send data to a third-party service. No cookies in the technical sense are set on the user’s client device, but technical and personal data such as the IP address are transmitted from the client to the service provider’s server to enable the use of the service. Google Tag Manager makes it possible to configure and manage so-called tags (e.g. integration of third-party services, recording of events, forwarding of collected data between different services and similar). The user’s IP address and metadata must be processed for this purpose. The data is processed in order to provide the functionalities of the Google Tag Manager and to improve Google’s services. Google passes on personal data to its affiliated companies and other trustworthy companies or persons who process this data for it on the basis of Google’s instructions and in accordance with Google’s data protection provisions.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Phone: +1 650 253 0000
E-Mail: dpo-google@google.com
Kontaktformular: https://support.google.com/
Privacy policy: https://policies.google.com/privacy
Imprint: https://www.google.de/contact/impressum.html
Data processing in unsafe third countries: Australia, Brazil, Chile, Hong Kong, India, Indonesia, Qatar, Singapore, Taiwan
Suitable guarantees: standard contractual clauses
3.5 3.5 YouTube
Purpose: YouTube enables the embedding of content on websites that are published on youtube.com in order to improve the website with videos. This requires the processing of the user’s IP address and metadata. Cookies or cookie-like technologies can be stored and read. These may contain personal data and technical data such as user IDs, consents, video player settings, connected devices, interactions with the service, push notifications and the account used. This data can be used to record websites visited, to compile detailed statistics on user behavior and to improve Google’s services. It may also be used for profiling, e.g. to offer you personalized services such as advertising based on your interests or recommendations. This data may be linked by Google with the data of users logged in to Google’s websites (e.g. youtube.com and google.com). Google makes personal data available to its affiliated companies, other trusted companies or persons who may process this data on the basis of Google’s instructions and in accordance with Google’s privacy policy.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy?hl=de
Imprint: https://www.google.de/contact/impressum.html
Data processing in unsafe third countries: Chile, Taiwan, Singapore, Brazil, India, Hong Kong, Australia, Qatar
Technical cookie definition: SIDCC
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 year
Technical cookie definition: __Secure-3PAPISID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: __Secure-APISID
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 month
Technical cookie definition: SAPISID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: SSID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: 1P_JAR
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 month
Technical cookie definition: SEARCH_SAMESITE
Type: HTTP Cookie
Host: .youtube.com
Duration: 6 months
Technical cookie definition: YSC
Type: HTTP Cookie
Host: .youtube.com
Duration: Session
Technical cookie definition: LOGIN_INFO
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: HSID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: VISITOR_INFO1_LIVE
Type: HTTP Cookie
Host: .youtube.com
Duration: 6 months
Technical cookie definition: CONSENT
Type: HTTP Cookie
Host: .youtube.com
Duration: 9 months
Technical cookie definition: __Secure-SSID
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 month
Technical cookie definition: __Secure-HSID
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 month
Technical cookie definition: APISID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: __Secure-3PSID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: PREF
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 year
Technical cookie definition: SID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: s_gl
Type: HTTP cookie
Host: .youtube.com
Duration: Session
Technical cookie definition: SIDCC
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: __Secure-3PAPISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: SAPISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: APISID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: OTZ
Type: HTTP Cookie
Host: www.google.com
Duration: 1 day
Technical cookie definition: IDE
Type: HTTP Cookie
Host: .doubleclick.net
Duration: 9 months
Technical cookie definition: SOCS
Type: HTTP Cookie
Host: .youtube.com
Duration: 9 months
Technical cookie definition: SOCS
Type: HTTP Cookie
Host: .google.com
Duration: 9 months
Technical cookie definition: yt-remote-device-id
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-player-headers-readable
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: ytidb::LAST_RESULT_ENTRY_KEY
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-fullerscreen-edu-button-shown-count
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-remote-connected-devices
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-player-bandwidth
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: LogsDatabaseV2:*||
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: ServiceWorkerLogsDatabase
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: YtldbMeta
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: __Secure-YEC
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 year
Technical cookie definition: test_cookie
Type: HTTP Cookie
Host: .doubleclick.net
Duration: 1 day
Technical cookie definition: yt-player-quality
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-player-performance-cap
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-player-volume
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: PersistentEntityStoreDb:*||
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-idb-pref-storage:*||
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt.innertube::nextId
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt.innertube::requests
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-html5-player-modules::subtitlesModuleData::module-enabled
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-remote-session-app
Type: Session Storage
Host: https://www.youtube.com
Duration: Session
Technical cookie definition: yt-remote-cast-installed
Type: Session Storage
Host: https://www.youtube.com
Duration: Session
Technical cookie definition: yt-player-volume
Type: Session Storage
Host: https://www.youtube.com
Duration: Session
Technical cookie definition: yt-remote-session-name
Type: Session Storage
Host: https://www.youtube.com
Duration: Session
Technical cookie definition: yt-remote-cast-available
Type: Session Storage
Host: https://www.youtube.com
Duration: Session
Technical cookie definition: yt-remote-fast-check-period
Type: Session Storage
Host: https://www.youtube.com
Duration: Session
Technical cookie definition: *||::yt-player::yt-player-lv
Type: Local Storage
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: swpushnotificationsdb
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-player-local-media:*||
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: yt-it-response-store:*||
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: __HOST-GAPS
Type: HTTP Cookie
Host: accounts.google.com
Duration: 13 months
Technical cookie definition: OTZ
Type: HTTP Cookie
Host: accounts.google.com
Duration: 1 day
Technical cookie definition: __Secure-1PSIDCC
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: __Secure-1PAPISID
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: __Secure-3PSIDCC
Type: HTTP Cookie
Host: .youtube.com
Duration: 1 year
Technical cookie definition: __Secure-1PAPISID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: __Secure-1PAPISID
Type: HTTP Cookie
Host: .youtube.com
Duration: 13 months
Technical cookie definition: __Secure-3PSIDCC
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: __Secure-ENID
Type: HTTP Cookie
Host: .google.com
Duration: 1 year
Technical cookie definition: AEC
Type: HTTP Cookie
Host: .google.com
Duration: 6 months
Technical cookie definition: __Secure-1PSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: ytGefConfig:*||
Type: IndexedDB
Host: https://www.youtube.com
Duration: No expiration
Technical cookie definition: __Host-3PLSID
Type: HTTP-Cookie
Host: accounts.google.com
Duration: 13 months
Technical cookie definition: LSID
Type: HTTP Cookie
Host: accounts.google.com
Duration: 13 months
Technical cookie definition: ACCOUNT_CHOOSER
Type: HTTP Cookie
Host: accounts.google.com
Duration: 13 months
Technical cookie definition: __Host-1PLSID
Type: HTTP Cookie
Host: accounts.google.com
Duration: 13 months
Technical cookie definition: SSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: HSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: __Secure-3PSID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: SID
Type: HTTP Cookie
Host: .google.com
Duration: 13 months
Technical cookie definition: CONSENT
Type: HTTP Cookie
Host: .google.com
Duration: 9 months
Technical cookie definition: NID
Type: HTTP Cookie
Host: .google.com
Duration: 6 months
Technical cookie definition: 1P_JAR
Type: HTTP Cookie
Host: .google.com
Duration: 1 month
Technical cookie definition: DV
Type: HTTP Cookie
Host: www.google.com
Duration: 1 minute
The legal basis of the data processing by the above functional cookies is Art. 6 para. 1 s. 1 lit. a GDPR.
4 Statistics Cookies
4.1 4.1 Statistics cookies are required to collect pseudonymized data about visitors to the website. The data enables us to better understand the visitors and optimize the website.
The following cookies belong to this category:
4.2 4.2 Google Analytics
Purpose: Google Analytics compiles detailed statistics on user behavior on the website in order to obtain analysis information. This requires processing a user’s IP address and metadata that can be used to determine a user’s country, city and language. Cookies or cookie-like technologies can be stored and read. These can contain personal data and technical data such as the user ID, which can provide the following additional information:
• • Time information about when and for how long a user was or is on the various pages of the website;
• • Device category (desktop, mobile and tablet), platform (web, iOS app or Android app), browser and screen resolution used by a user;
• • where a user came from (e.g. website of origin, search engine including the searched term, social media platform, newsletter, organic video, paid search or campaign);
• • whether a user belongs to a target group or not;
• • what a user has done on the website and what events were triggered by the user’s actions (e.g. page views, user engagement, scrolling behavior, clicks, added payment information and custom events such as e-commerce tracking);
• • Conversions (e.g. whether a user has bought something and what was bought);
• • Gender, age and interests, if an assignment is possible.
This data could also be used by Google to record the websites visited and to improve Google’s services. They can be linked to other Google products (e.g. Google AdSense, Google Ads, BigQuery, Google Play) used by the website operator via several domains operated by this website operator. They can also be linked by Google with the data of users who are logged in to Google’s websites (e.g. google.com). Google shares personal data with its affiliates and other trusted companies or individuals who process this data for it on the basis of Google’s instructions and in accordance with Google’s privacy policy. It may also be used for profiling by the website operator and Google, e.g. to offer a user personalized services, such as ads based on a user’s interests or recommendations.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Phone: +1 650 253 0000
E-Mail: dpo-google@google.com
Contact form: https://support.google.com/
Privacy policy: https://policies.google.com/privacy
Imprint: https://www.google.de/contact/impressum.html
Data processing in unsafe third countries: Australia, Brazil, Chile, Hong Kong, India, Indonesia, Qatar, Singapore, Taiwan
Suitable guarantees: standard contractual clauses
Technical cookie definition: _ga
Type: HTTP Cookie
Host: .ekipa.de
Duration: 24 months
Technical cookie definition: _ga_*
Type: HTTP Cookie
Host: .ekipa.de
Duration: 24 months
The legal basis of the data processing by the above statistics cookies is Art. 6 para. 1 s. 1 lit. a GDPR.
5 Marketing Cookies and Third-Party Cookies
5.1 5.1 Marketing cookies are used by us and third parties to record the behaviour of individual users, to analyze the collected data and, for example, to display personalized advertising. These services allow us to track users across multiple websites.
The following cookies belong to this category:
5.2 5.2 Hotjar
Purpose: Hotjar is a service for analyzing behavior and collecting user feedback. It creates heatmaps and session recordings of the website user and plays surveys. The cookies are used to identify the user across multiple subpages, store the status of surveys, control the playing of ads and link the data collected during session recordings.
Provider: Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta
Privacy policy: https://www.hotjar.com/legal/policies/privacy
Data processing in unsafe third countries: United States
Technical cookie definition: _hjClosedSurveyInvites
Type: HTTP Cookie
Host: ekipa.de
Duration: 365 days
Technical cookie definition: _hjDonePolls
Type: Local Storage
Host: ekipa.de
Duration: No expiration
Technical cookie definition: _hjMinimizedPolls
Type: HTTP Cookie
Host: ekipa.de
Duration: 365 days
Technical cookie definition: _hjShownFeedbackMessage
Type: HTTP Cookie
Host: ekipa.de
Duration: 365 days
Technical cookie definition: _hjid
Type: HTTP Cookie
Host: .ekipa.de
Duration: Session
Technical cookie definition: _hjRecordingLastActivity
Type: HTTP Cookie
Host: ekipa.de
Duration: Session
Technical cookie definition: _hjTLDTest
Type: HTTP Cookie
Host: ekipa.de
Duration: Session
Technical cookie definition: _hjUserAttributesHash
Type: HTTP Cookie
Host: ekipa.de
Duration: Session
Technical cookie definition: _hjCachedUserAttributes
Type: HTTP Cookie
Host: ekipa.de
Duration: Session
Technical cookie definition: _hjLocalStorageTest
Type: Local Storage
Host: ekipa.de
Duration: No expiration
Technical cookie definition: _hjIncludedInSample
Type: HTTP Cookie
Host: ekipa.de
Duration: Session
Technical cookie definition: _hjAbsoluteSessionInProgress
Type: HTTP Cookie
Host: .ekipa.de
Duration: 30 minutes
Technical cookie definition: _hjid
Type: Local Storage
Host: ekipa.de
Duration: No expiration
Technical cookie definition: _hjDonePolls
Type: HTTP Cookie
Host: ekipa.de
Duration: Session
Technical cookie definition: _hjIncludedInPageviewSample
Type: HTTP Cookie
Host: ekipa.de
Duration: 1 minute
5.3 5.3 LinkedIn Insight-Tag
Purpose: LinkedIn Insight Tag helps to determine whether you are the target group for the presentation of ads within the LinkedIn advertising network. This allows you to be targeted in a target group we have created (e.g. people who have liked a particular company). In addition, the data is used for so-called “remarketing” in order to be able to display targeted advertising again to users who have already clicked on one of our ads within the LinkedIn advertising network or visited our website. The LinkedIn Insight tag also makes it possible to track the effectiveness of Linkedin advertising (e.g. conversation tracking). Cookies are used to distinguish users and record their behavior on the website in detail and to link this data with advertising data from the Linkedin advertising network. This data can be linked to the data of users registered on linkedin.com with their Linkedin accounts.
Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland
Privacy policy: https://de.linkedin.com/legal/privacy-policy
Imprint: https://www.linkedin.com/legal/impressum
Data processing in unsafe third countries: United States
Suitable guarantees: standard contractual clauses
Technical cookie definition: long
Type: HTTP Cookie
Host: .linkedin.com
Duration: Session
Technical cookie definition: bcookie
Type: HTTP cookie
Host: .linkedin.com
Duration: 2 years
Technical cookie definition: AnalyticsSyncHistory
Type: HTTP Cookie
Host: .linkedin.com
Duration: 1 month
Technical cookie definition: UserMatchHistory
Type: HTTP Cookie
Host: .linkedin.com
Duration: 1 month
Technical cookie definition: long
Type: HTTP Cookie
Host: .ads.linkedin.com
Duration: Session
Technical cookie definition: li_gc
Type: HTTP Cookie
Host: .linkedin.com
Duration: 23 months
Technical cookie definition: lidc
Type: HTTP Cookie
Host: .linkedin.com
Duration: 1 day
Technical cookie definition: li_mc
Type: HTTP Cookie
Host: .linkedin.com
Duration: 23 months
Technical cookie definition: liap
Type: HTTP cookie
Host: .linkedin.com
Duration: 3 months
The legal basis of the data processing by the above marketing cookies is Section 6 para. 1 s. 1 lit. a GDPR.