Privacy

Privacy Policy

Last updated 2024-04-01

Table of contents

1. Name and address of the Data Controller
2. Name and address of the Data Protection Officer
3. General information on data processing
4. Provision of the website and creation of log files
5. Use of Cookies
6. Newsletter
7. Registration
8. Contact forms and contact via e-mail
9. Blog
10. Job Application Process
11. Web analytics by Google Analytics
12. Chatbot 
13. Social Media Networks
14. Conducting Quiz via Riddle
15. LinkedIn Insights
16. Pendo.io
Appendix 1. Rights of the Data Subject 
Appendix 2. My 3rd Party Content Embedding Preferences
Appendix 3. Overview of used cookies
Appendix 4. Google Analytics Opt-Out

1. NAME AND ADDRESS OF THE DATA CONTROLLER

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:

CoreMedia GmbH
Altes Klöpperhaus, 5. OG
Rödingsmarkt 9
20459 Hamburg, Germany
Germany
Phone +49 40 325 587 0
E-mail: [email protected]
Websites: www.coremedia.com, www.coremedia.de, contentcloud.coremedia.com

2. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The data protection officer of the data controller is:

Myrna Coaching & Consulting BV
Dennenbosstraat 17
3450 Geetbets
Belgium

Telefon / Phone +32497054005

E-Mail [email protected]

3. GENERAL INFORMATION ON DATA PROCESSING

3.1 Scope of the processing of personal data

We only process the personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after the consent of the user. An exception applies in those cases where prior consent cannot be obtained for real reasons, and the processing of the data is permitted by law. For data processing, we also work together with external service providers with whom we have concluded corresponding data processing addendum contracts.

3.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 paras. 1 lit. an EU Data Protection Ordinance (GDPR) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 paras. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 paras. 1 lit. f GDPR serves as the legal basis for processing.

3.3 Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, personal data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the data controller is subject. The personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. PROVIDING THE WEBSITE AND CREATING LOGFILES

4.1 Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

• Information about the browser type and version used.
• The user's operating system
• The user's Internet service provider
• The IP address of the user
• Date and time of access
• Websites from which the user's system reaches our website
• Websites are accessed by the user's system through our website.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

4.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

4.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in the data processing pursuant to Art. 6 paras. 1 lit. f GDPR also lies in these purposes.

4.4 Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

4.5 Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

5. USE OF COOKIES

5.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

• Log-in information

We also use cookies on our website, which enable an analysis of the user's surfing behavior.
In this way, the following data can be transmitted:

• Frequency of page views
• Use of website functions

The personal data collected in this way are pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the user. The data will not be stored together with other personal data of the users.

When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement.

You can access the Cookie banner at any time to change your preferences.

5.2 Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR unless you have given us consent via our Cookie Manager tool, in which case the basis is Art. 6 para. 1 lit a. for the selected cookie categories.

5.3 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

• Log-in to the support area and help center
• Log-in to the newsletter and communications preference area
• Sending forms

The user data collected by technically necessary cookies are not used to create user profiles.

5.4 Overview of used cookies

The overview of the cookies used can be found below in Appendix 3.

5.5 Duration of storage, the possibility of objection, and removal

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

6. NEWSLETTER

6.1 Description and scope of data processing

You can subscribe to various free newsletters on our website. When registering for the newsletter, the personal data from the registration form is transmitted to us.

For this purpose, we collect personal data:

• your email address
• your name, and
• optionally your telephone number
• optionally your company name.

In addition, the following data is collected upon registration:

• The IP address of the calling computer
• Date and time of registration

In the course of the registration process, your consent is obtained for the processing of the data, and reference is made to this privacy policy.

In connection with data processing for the dispatch of newsletters, no personal data is passed on to third parties. The personal data will be used exclusively for sending the newsletter.

6.2 Purpose of data processing

The collection of the user's e-mail address serves to send the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

6.3 Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The e-mail address and the name of the user will therefore be stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

6.4 Possibility of objection and removal

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.

7. REGISTRATION

7.1 Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data - for training courses or for the use of our support services, among other things. The personal data is entered into a registration form and transmitted to us, and saved. The personal data will not be passed on to third parties.

The following personal data is collected during the registration process:

• First name,
• Last name
• E-mail
• Company name
• Address
• Telephone number
• Country
• Comments/message

At the time of registration, the following data is also stored:

• The IP address of the user
• Date and time of registration

In the course of the registration process, the user's consent to the processing of this personal data is obtained.

7.2 Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

If registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

7.3 Purpose of data processing

Registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.

We need your personal data in order to register for and conduct our training events and to participate in our events.

Access to our support pages is only possible for existing customers and partners. To check your access authorization based on your contract with us, we require registration and activation based on your personal data.

7.4 Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

This is the case for the data collected during the registration process if the registration on our website is canceled or changed.

This is the case for those during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to fulfil contractual or legal obligations.

7.5 Possibility of objection and removal

As a user, you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.

To do so, you can contact us by e-mail at [email protected].

You can also manage your communication preferences and newsletter subscriptions independently on our website: https://www.coremedia.com/manage-preferences.

If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

8. CONTACT FORM AND E-MAIL CONTACT

8.1 Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input form will be transmitted to us and stored. This data is:

• Name
• E-mail address
• Comment (if applicable)

At the time the message is sent, the following data is also stored:

• The IP address of the user
• Date and time of registration

Your consent is obtained for the processing of the data within the scope of the sending process, and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored. The data will be sent unencrypted.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.

8.2 Purpose of data processing

The processing of the personal data from the contact form serves us only for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

8.3 Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

8.4 Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

To do so, you can contact us by e-mail at [email protected].

All personal data stored in the course of contacting us will be deleted in this case.

You can also manage your communication preferences and newsletter subscriptions independently on our website: https://www.coremedia.com/manage-preferences

9. BLOG

9.1 Description and scope of data processing

You can write comments on our blog. If a user takes advantage of this possibility, the data entered in the comment form will be transmitted to us and stored. This data is:

• name
• email
• URL of your website (optional)
• comment text

At the time the message is sent, the following data is also stored:

• The IP address of the user
• Date and time the comment was submitted.

Your consent is obtained for the processing of the data within the scope of the sending process, and reference is made to this data protection declaration.

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing and display of comments.

9.2 Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

9.3 Purpose of data processing

The processing of personal data from the contact form serves us for display purposes on the Blog and, if necessary, for the establishment of contact.

The other personal data processed during the sending process serve to prevent misuse of the comment form and to ensure the security of our information technology systems.

9.4 Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the comment form, this is the case when the blog post is deleted.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

9.5 Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time.

To do so, you can contact us by e-mail at [email protected].

All personal data stored in the course of comments will be deleted in this case.

10. Job Application Process

10.1. Description and scope of data processing

What information does CoreMedia collect when you apply for one of our advertised job vacancies?

You can apply via email for specific job vacancies advertised on the www.coremedia.com website, or you can send us an unsolicited application. In this context, we collect all data that you make available to us in your job application. These include, without being limited to, the following:

• First name and surname
• Address
• Email address
• Phone number
• Date of birth, if applicable
• Nationality
• Salary requirements
• Desired starting date
• as well as attachments included with your application such as certificates, CVs, and photos, if applicable

10.2. Legal basis for data processing

If the data subject has given us consent to the processing of his or her personal data, point (a) of Article 6 (1) General Data Protection Regulation (GDPR) is the legal basis.

If the processing is necessary for the performance of a contract or in order to enter into a contract, point (b) of Article 6 (1) GDPR is the legal basis for the processing.

If the processing is necessary for the purposes of our legitimate interests, point (f) of Article 6 (1) GDPR is the legal basis.

10.3. Purpose of data processing

We process personal data concerning you for the purpose of reviewing your application and in order to look into or set up employment for you in our company. (The legal basis for this is your employment relationship or pre-contractual relationship as well as Section 26 (1) in conjunction with Section 8 (2) German Federal Data Protection Act (BDSG).)

We process personal data concerning you to the required extent in order to prevent any legal claims arising from the application process from being asserted against us. (The legal basis for this is the legitimate interest of CoreMedia to comply with its burden of proof in proceedings as per the German General Act on Equal Treatment (AGG).)

Provided that there is an employment relationship between you and CoreMedia, we may, as per Section 26 (1) German Federal Data Protection Act (BDSG), process your personal data in order to prepare the employment if it is required to enter into, perform or end employment or to perform or fulfill the legal rights and obligations arising from the employment.

Die sonstigen während des Absendevorgangs verarbeiteten personenbezogenen Daten dienen dazu, einen Missbrauch des Kommentarformulars zu verhindern und die Sicherheit unserer informationstechnischen Systeme sicherzustellen.

10.4. Duration of storage

Specifically, we store your personal data for as long as it is necessary until a decision has been taken concerning your application. If we do not enter into an employment relationship with you, we may continue to store your data, provided this is required to defend against legal claims. The job application documents are erased six months after notification of the rejection unless a legal dispute requires a longer storage period.

10.5. Transmitting data to third parties; service providers

Your personal data is generally only shared within CoreMedia. Furthermore, personal data may be forwarded to third parties provided that statutory provisions or enforceable regulatory or official orders oblige CoreMedia to do so.

10.6. Service providers

CoreMedia reserves the right to use service providers for the collection or processing of personal data. Service providers only receive the data that they need to complete the specific task for CoreMedia.

CoreMedia also uses a service provider for payroll.

Generally, service providers are commissioned as so-called processors who may only process the personal data of users of this online service as per the instructions from CoreMedia.

10.7. Transmitting data to countries outside of the EEA

CoreMedia does not transmit personal data to processors in countries outside of the EEA. However, if your job application refers to a job advertisement concerning our subsidiary in the US, we will forward your application to employees at CoreMedia Corporation. We will request your consent to forward your information beforehand.

10.8. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time.

To do so, you can contact us by e-mail at [email protected].

All personal data stored in the course of comments will be deleted in this case.

11. WEB ANALYTICS BY GOOGLE ANALYTICS

We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.

Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. For this purpose, Google Analytics uses cookies which enable an analysis of the use of our website. This involves the processing of personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about the interaction with our website.

Partly, this data is information stored in the end device you are using. In addition, the cookies used are used to store additional information on your device. Such data by Google Analytics or access to information already stored in your device will only take place with your consent.

Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by the users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the internet. In doing so, pseudonymous usage profiles can be created from the processed data.

The setting of cookies and the further processing of personal data as described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 (1) a GDPR. You can revoke this consent at any time with effect for the future in our Consent Management.

The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google's Ireland sub-processors maintain facilities. The legal basis for this transfer are the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 para. 2 lit. c GDPR.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of the users is shortened by Google Ireland within the member states of the European Union or in other contracting states to the agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data.

We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyze long-term relationships.

Data on user actions are stored for a period of 14 months and then automatically deleted. The deletion of data for which the storage period has expired takes place automatically once a month.

We also use the Google Analytics advertising functions (remarketing). This function enables us, in conjunction with the cross-device functions of Google, to display advertisements in a more targeted manner and to present users with ads that are tailored to their interests. Via remarketing, users are shown ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads or Google AdSense. In this way, interest-based, personalized advertising messages that have been adapted to a user depending on previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another end device of the user (e.g. tablet or PC).

We also use the "demographic characteristics and interests" function from Google. This provides us with generic information such as age, gender and consumer interests about our website visitors and use this information for our advertising activities via the Google network. For this purpose, Google Analytics collects and records information from various data sources, such as the DoubleClick cookie (web activity) or the Android or iOS advertising-ID (app activity).

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every device on which you log in with your Google account. The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users' google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.

You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

12. CHATBOT

12.1 Description and scope of data processing

We also provide a chatbot on our website, which can be used for electronic contact or to fill forms step-by-step. If a user takes advantage of this possibility, the data entered in the input form will be transmitted to us and stored. This data is:

• First name
• Last Name
• Company Name
• E-mail address
• Telephone number
• Comments/Messages (if applicable)

At the time any message is sent, the following data is also stored:

• The IP address of the user
• Date and time of registration

Your consent is obtained for the processing of the data within the scope of the sending process, and reference is made to this data protection declaration.

12.2 Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

If registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

12.3 Purpose of data processing

The processing of the personal data from the chatbot serves us for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

12.4 Duration of storage

The data will be deleted after a maximum of 24 months.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

12.5 Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

To do so, you can contact us by e-mail at [email protected].

All personal data stored in the course of using the Chatbot will be deleted in this case.

13. Data Processing through Social Networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below. Social networks such as Facebook, Twitter, etc., can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads).

When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail: If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way, you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in terms of the use and privacy policy of the respective social media portals.

13.1 Legal Basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g.consent within the meaning of Art. 6 (1) (a) GDPR).

13.2 Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can, in principle, protect your rights (information, correction, deletion, limitation of processing, data portability, and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

13.3 Storage time

The data collected directly from us via the social media presence will be deleted from our systems. As soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

13.4 Individual social networks

13.4.1 Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand CanalSquare, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement, the collected data will also be transferred to the USA and to other third-party countries.

We have signed an agreement with Facebook on shared responsibility for the processing of data (ControllerAddendum). This agreement determines which data processing operations Facebook or we are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customize your advertising settings independently in your user account. Click on the following link and log in:https://www.facebook.com/settings?tab=ads.Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission.

Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

13.4.2 Twitter

We use the short message service Twitter. The provider is Twitter International Company, One CumberlandPlace, Fenian Street, Dublin 2, D02 AX07, Ireland. You can customize your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the EuropeanCommission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. For details, see the Twitter Privacy Policy: https://twitter.com/privacy.

13.4.3 Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025,USA.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the EuropeanCommission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875. and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.

13.4.4 Pinterest

We have a profile on Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, FenianStreet, Dublin 2, Ireland. Details on how they handle your personal data can be found in the privacy policy of Pinterest: https://policy.pinterest.com/de/privacy-policy.

13.4.5 XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany .Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

13.4.6 LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, WiltonPlace, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

13.4.7 Vimeo

We have a profile on Vimeo. The provider is Vimeo, Inc., 555 West 18th Street, New York 10011, USA. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.

Details on how they handle your personal data can be found in the Vimeo privacy policy: https://vimeo.com/privacy.

13.4.8 YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.

14. Conducting Quiz via Riddle

We use the service Riddle to conduct quizzes, polls, personality tests, and surveys. This service is provided by Riddle Technologies AG, Lenaustr. 1, 66125 Saarbrücken, Germany and is referred to below only as "Riddle". The service acts as a processor for us.

If we request personal data within the test (e.g. your name and email address), we only process this data with your consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time.

For the provision of the service and anonymized reporting, Riddle uses various technical required cookies, which you can view here: https://www.riddle.com/legal/cookies.

15. LinkedIn Insights

We use the LinkedIn Insight tag on our website, a marketing product of LinkedIn Ireland Unlimited Company (Ireland/EU). For information on the contact details of LinkedIn Ireland and the contact details of the data protection officer of LinkedIn Ireland, please refer to LinkedIn's data policy at https://www.linkedin.com/legal/privacy-policy. 

The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using. Such storage of information by the LinkedIn Insight tag or access to information already stored in your terminal device and also further processing of personal data in connection with the LinkedIn Insight tag will only take place with your consent. The legal basis for the collection and transmission of personal data by us to LinkedIn Ireland is, therefore, Art. 6 (1) a DSGVO. 

Via the LinkedIn Insight tag, we can perform various functions, which we describe in detail below. 

LinkedIn conversion tracking is an analytics function supported by the LinkedIn Insight Tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with personally identifiable information, but only provides reports (in which you are not identified) on-site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. 

Members' direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days. 

This processing is done for the purpose of obtaining information about our website audience and a report on the effectiveness of LinkedIn campaigns. 

We also use the Matched Audiences service to target our advertising campaigns to specific audiences. Through LinkedIn Matched Audiences and related data integrations, we can target advertising to specific audiences based on data we provide to LinkedIn (e.g., company lists, hashed contact information, device identifiers, or event data such as websites visited). 

This processing is done for the purpose of marketing our offers via the targeted playout of advertising. 

We have a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. We will be happy to provide you with the document upon request.

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn’s data protection guidelines. LinkedIn only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.

16. Pendo.io

We use the Pendo.io service of Pendo.io, Inc. (USA) within our software to analyse your usage behaviour and to improve our software.

The processing of your data takes place on the basis of Art. 6 Para. 1 S.1 lit. a GDPR and is based on your consent.

Cookies and Scripts are set on your terminal device to integrate the service. Cookies and Scripts are set with your consent, which you can revoke at any time with future effect via “Preferences”. When using the service, your data is transferred to the USA on the basis of Art. 46 Para. 2 lit. c of the GDPR. For further information on data protection at Pendo.io, Inc., please refer to the data protection information of Pendo.io, Inc. at https://www.pendo.io/legal/privacy-policy/.

Appendix 1. RIGHTS OF THE DATA SUBJECT

If your personal data is being processed, you are affected within the meaning of the GDPR, and you have the following rights vis-à-vis the data controller:

1.1 Right to information

You can ask the data controller to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the data controller:

• the purposes for which the personal data are processed;
• the categories of personal data processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
• the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
• the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller, or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• any available information on the origin of the data if the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

1.2 Right to correction

You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The data controller shall make the correction without delay.

1.3 Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

• if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
• the processing is unlawful, and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
• the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise, or defend legal claims, or
• if you have filed an objection to the processing pursuant to Art. 21 paras. 1 GDPR, and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising, or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

1.4 Right to cancellation

1.4.1 Duty to delete

You may request the data controller to delete the personal data relating to you without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent, on which the processing was based pursuant to Art. 6 paras. 1 lit. a or Art. 9 paras. 2 lit. a GDPR, and there is no other legal basis for the processing.
• You file an objection against the processing pursuant to Art. 21 paras. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 paras. 2 GDPR.
• The personal data concerning you have been processed unlawfully.
• The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
• The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

1.4.2 Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data.

1.4.3 Exceptions

The right to erasure does not exist insofar as the processing is necessary

• to exercise freedom of expression and information;
• for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9 paras. 2 lit. h and i and Art. 9 paras. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
• to assert, exercise, or defend legal claims.

1.5 Right to information

If you have exercised your right to have the data controller correct, delete, or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The data controller shall have the right to be informed of such recipients.

1.6 Right to Data Transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common, and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

• processing is based on consent pursuant to Art. 6 paras. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 paras. 1 lit. b GDPR and
• processing are carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

1.7 Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the DSBER; this also applies to profiling based on these provisions.

The data controller no longer processes the personal data concerning you unless he can prove compelling reasons worthy of protection for the processing, which outweighs your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

1.8 Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

1.9 Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has a legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

• is necessary for the conclusion or performance of a contract between you and the data controller,
• is admissible by law of the Union or of the Member States to which the data controller is subject, and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
• with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 paras. 1 GDPR, unless Art. 9 paras. 2 lit. a or g GDPR applies, and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state his own position and to challenge the decision.

1.10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work, or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Appendix 2. My 3rd Party Content Embedding Preferences

I agree that the selected services may load embedded content automatically without asking for my permission every time. I understand that this means that my personal data may be submitted to the 3rd party service whose separate privacy policies apply. These privacy policies are linked below for your review.

CoreMedia will set preferences cookies locally in my browser for these settings. I can change my preference settings here at any time and withdraw my consent by deactivating all options.

Appendix 3. Overview of used cookies

Appendix 4. Google Analytics Opt-Out