Website Privacy Policies
We welcome you to our website. We would like to inform you about the management of your personal data in accordance with Art. 13 General Data Protection Regulation (GDPR).
The controller responsible for the described data collection and processing is: Heimat Werbeagentur GmbH, Segitzdamm 2, 10969 Berlin.
Storage of Your IP address
We store the IP address transmitted by your web browser for a period of seven 7 days, strictly for the purpose of identifying, restricting and eliminating attacks on our website. After seven (7) days, we delete or anonymize your IP address. The legal basis for the processing of this personal data is provided for in Art. 6 para. 1 s. 1 lit. f GDPR.
When you visit our website, the data collected from the use of the website is temporarily stored on our web server for statistical purposes in order to improve the quality of our website. This data set contains:
- the page, from which the data is requested,
- the name of the data file,
- the date and time of the query,
- the amount of data transferred,
- the access status (file transmitted, file not found),
- a description of the type of browser used,
- the IP address of the requesting computer shortened to such an extent that no reidentification of any persona data is possible.
The listed usage data is stored anonymously.
Data Transfer to Third Parties
We transfer your data to service providers who support us in the operation of our website and the associated processes. This transference is made under the scope of a data processing agreement in accordance to Art. 28 GDPR. Our service providers are bound to us by strict instructions and contractual obligations. We use the following service providers: Pizza Pizza Design Services GmbH (website development and support), Netlify Inc. (hosting-service provider), Contentful GmbH (hosting-service provider).
In some cases, we may transfer personal data to third countries outside the EU. In each case, we ensure an appropriate level of data protection according to European standards.
In the case of Google Analytics (USA), an appropriate level of data protection is ensured by the corresponding participation in the Privacy Shield Agreement (Art. 45 para. 1 GDPR).
We use session cookies and permanent cookies on our website. The data is processed in accordance to Art. 6 para. 1 s. 1 lit. f GDPR and in the interest of optimizing or enabling user guidance and improving our website presence.
We use Google Analytics to create pseudonymous user profiles for improving and designing our website on demand. Google Analytics is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Google Analytics uses “cookies”, which are text files placed on your end device and can be read by us. In this way, we are able to recognize and count returning visitors. This data processing is carried out on the basis of Art. 6 para. 1 s. 1 lit. f GDPR.
The information generated by the cookies about your use of the website will be transmitted to and stored by Google on its servers in the United States. We have activated IP-anonymization on this website, your IP address will be truncated within the area of Member States of the European Union. Only in exceptional cases is the whole IP address transferred to a Google server in the USA and truncated there (an adequate level of data protection is ensured according to Art. 45 para. 1 GDPR because Google is a participant in the Privacy Shield Agreement). We have also concluded a contract with Google Inc. (USA) for order processing pursuant to Art. 28 GDPR. Accordingly, Google will solely use collected data for the purposes intended, which are to evaluate the use of the website and to compile reports on website activities.
You can withdraw your consent to the processing at any time. Please use one of the following options:
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
The Online Application System on our web pages is operated and provided by softgarden eRecruiting GmbH, Tauentzienstr. 14, 10789 Berlin, by order of TBWA (Deutschland) Holding GmbH. The service provider is strictly bound by our instructions, pursuant to contractual obligations. Besides softgarden, only subcontractors bound by the same instructions may gain access to your data, if commissioned by softgarden.
You are given the opportunity to apply for our advertised jobs on our applicant pages. We are processing your personal data according to applicable data protection regulations on basis of § 88 DSGVO (General Data Protection Regulation) in conjunction with § 26 par. 1 p. 1 BDSG. We are processing the data you reveal to us within the scope of your online application only for the purpose of choosing applicants. No data processing for any other purpose is taking place.
If you want us to consider your application also for other or future employment ads, then we ask you to notify us accordingly on your application. We will then process your data on basis of § 6 par. 1 p. 1 lit. a) DSGVO. You can revoke your consent at any time. Until revoked, such data processing is legit.
In order to make the application process transparent for you, you can register on the applicants’ page of softgarden. To do so, you need to state your name, your e-mail address, the name of the company, your user name, and choose a password. These data are necessary in order to create and maintain an account for you in the career portal. We also need such data and possibly further data in order to reply to your requests, questions and criticism.
Other optional data are:
• Contact data (address, phone number)
• CV data (e.g. school education, job training, job experience, language skills)
• Profiles in social networks (e.g. XING, LinkedIn, Facebook)
• Documents associated with applications (application photo/letter, references, work examples, etc.)
Data of rejected applicants are deleted three months after the end of the application process. Storage beyond this time span is only done with the applicant’s consent (applicant pool). In this case, data will be deleted after six months at the latest or after consent has been rejected.
Data of hired persons are stored for the duration of the employment relationship. After termination, data are deleted after three months, except if the data are relevant according to tax law and must be retained for six to up to ten years according to the statutory retention period.
Embedded Vimeo Videos
On some of our websites we embed Vimeo videos. Opening these websites results in Vimeo content being downloaded. In this context, Vimeo also receives your IP address, which is technically necessary for retrieving the contents. In principle, we have no influence on further data processing by Vimeo, which is operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. However, when embedding the videos, we activated the extended data protection mode offered by Vimeo.
Social Media Plugins
For data protection reasons, we do not integrate any social media plugins directly into our website. Therefore, when you access our pages, no data is transferred to social media services such as LinkedIn or Instagram. A profiling by third parties is thus excluded.
However, you still have the option of sharing selected pages by clicking on the LinkedIn or Instagram buttons, and you can see how often a page has been shared in the past when you view the post. We use the so-called Shariff solution developed by the German c't Magazine to offer a data protection compliant alternative to the classic social plug-ins.
What's behind it? The Shariff solution means that as a first step, all the data and functions required to display LinkedIn or Instagram buttons are provided by our web server.
Only when you decide to share a post via the corresponding button and click on it, does a data transfer to the operator of the respective social media service takes place.
To avoid unauthorized access to your data, we have implemented technical and organizational measures. We use encryption technologies on our website. Your data will be transferred to our servers and back again via a connection that is protected by a TLS encryption technology. You can recognize that you are browsing on an encryption secured website by the lock-symbol shown in the address bar of your browser and by the address bar starting with https://.
Your Rights as a User
As a website user, the GDPR grans you certain rights when processing your personal data.
1. Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.
2. Right to rectification and erasure (Art. 16 and 17 GDPR): You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed. You also have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the intended purpose.
3. Right to restriction of processing (Art. 18 GDPR): If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.
4. Right to data portability (Art. 20 GDPR): In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.
5. Right to object (Art. 21 GDPR): If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.
6. Right to lodge a complaint with a supervisory authority: Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.
Contact Details of the Data Protection Officer
Please contact our data protection officer if you have any further questions, suggestions or wishes regarding data protection:
Heike Wedekind datenschutz süd GmbH Wörthstraße 15 97082 Würzburg
Consult Heimat Werbeagentur GmbH's Imprint.