Data Privacy - we take it seriously! | STAFFOMATIC


Information on data protection


The use of this website may involve the processing of personal data. The following information will give you an overview of these processes so that you can understand them. In order to ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Responsible for data processing is EASYPEP UG, Neuer Kamp 30, 20357 Hamburg (hereinafter referred to as "we" or "us").

1. General

a. Contact

If you have any questions or suggestions about this information or would like to contact us to assert your rights, please send your request to EASYPEP UG Neuer Kamp 30, 20357 Hamburg, Germany Phone: +49 40-2109110-00 E-mail: datenschutzmanager@easypep.de

b. General information on data processing

When using this website, personal data may be processed. The term "personal data" under data protection law refers to all information relating to a specific or identifiable person. The IP address can also be a personal date. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data. When you use the Site, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected during your visit to the website.

We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data will only be processed by us on the basis of legal permission. When using this website, we only process personal data with your consent (Art. 6 para. 1 sentence 1 a GDPR), to fulfil a contract to which you are a contracting party, or on your request to implement pre-contractual measures (Art. 6 para. 1 sentence 1 b GDPR), to fulfil a legal obligation (Art. 6 para. 1 S. 1 c) GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 Para. 1 S. 1 f GDPR). If you apply for an open position in our company, we also process your personal data to decide on the establishment of an employment relationship (§ 26 Paragraph 1 Sentence 1 BDSG).

c. Duration of storage

Unless otherwise stated in the following information, we store the data only as long as necessary to achieve the purpose of processing or to fulfil our contractual or statutory obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations.

d. Technical Service Providers

Unless otherwise stated in the following information, the data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers process the data only after express instructions and are contractually obliged to guarantee adequate technical and organisational measures for data protection.

2. Processing of server log files

When using our website for information purposes only, general information is initially stored automatically (i.e. not via registration), which your browser transmits to our server. By default, this includes: browser type/version, operating system used, accessed page, previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 sentence 1 f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after thirty days, unless there is a justified suspicion of illegal use based on concrete evidence and further examination and processing of the information is necessary for this reason.

3. Contact possibilities and inquiries

Our website contains a contact form where you can send us messages. The transfer of your data is encrypted. All data fields marked as mandatory fields are required to process your request. If you do not provide us with your data, we will not be able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail. We process the data for the purpose of answering your inquiry.

The legal basis for data processing is Art. 6 para. 1 sentence 1 b GDPR.

4. Sign up and registration

To use our STAFFOMATIC shift planning software, registration via the website is required. The required information can be found in the registration form. The provision of information marked as mandatory is mandatory for registration to be completed.

The data provided will be processed for the purpose of providing the service. The processing is based on the legal basis of Art. 6 para. 1 sentence. 1 b GDPR.

We will delete the data when the account is cancelled. In addition, we may delete the data if you have not selected an STAFFOMATIC plan with costs two months after the expiry of the free STAFFOMATIC plan.

5. Order OF a STAFFOMATIC plan

If you order a paid STAFFOMATIC plan after the end of the free trial period, we will process your invoice and payment data for the purpose of fulfilling the contract. The provision of invoice and payment data is mandatory for the conclusion of the contract. Non-provision means that no contract can be concluded.

As far as this is necessary for the fulfilment of the contract, data will also be transmitted to third parties (e.g. to our payment service provider or the credit institution commissioned with the payment processing).

The legal basis for data processing is Art. 6 para. 1 sentence 1 b GDPR.

6. Blog and comment system Disqus

Aor our website we offer a blog in which we publish articles on various topics. You have the possibility to comment on these contributions. We have integrated the Disqus comment system. The comment system is an offer of Disqus, Inc. (717 Market St, San Francisco, CA 94103, USA, "Disqus"). For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Disqus. The programming language JavaScript is regularly used to integrate Disqus. You can therefore object to the data processing by deactivating the execution of JavaScript in your browser or by installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

This processing is based on the legal basis of Art. 6 para. 1 sentence 1 f GDPR. It serves our legitimate interest in a simple integration and the versatile operability of the comment function.

To make a comment using Disqus, you must log in using a Disqus user account. When a comment is submitted, the specified e-mail address and IP address, among other things, are processed. Information on data processing by Disqus can be found at https://help.disqus.com/terms-and-policies/disqus-privacy-policy Alternatively, you can sign in to Facebook, Twitter and Google Plus using an existing user account. If you log in to the DISQUS function on our website with such a user account, the respective service provider will also collect and process information about your use of the DISQUS functions. Please contact the respective provider for further information.

To make a comment using Disqus, you must log in using a Disqus user account. When a comment is submitted, the specified e-mail address and IP address, among other things, are processed. Information on data processing by Disqus can be found at https://help.disqus.com/terms-and-policies/disqus-privacy-policy Alternatively, you can sign in to Facebook, Twitter and Google Plus using an existing user account. If you log in to the DISQUS function on our website with such a user account, the respective service provider will also collect and process information about your use of the DISQUS functions. Please contact the respective provider for further information.

Disqus is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active).

7. Newsletter

a. Registration and deregistration

On our website we offer the possibility to register for our newsletter. After registration we will inform you regularly about current news about our offers. A valid e-mail address is required to subscribe to the newsletter. To verify your e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of your consent. The processing is based on the legal basis of Art. 6 para. 1 1 a GDPR. When registering for the newsletter, we also store the IP address as well as the date and time of registration. The processing of this data is necessary in order to be able to prove that you have given your consent. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 1 c in conjunction with Art. 7 para. 1 GDPR).

b. Analysis

Wir analysieren außerdem das Leseverhalten und die Öffnungsraten unseres Newsletters. Hierzu werden pseudonymisierte Nutzungsdaten von uns erhoben und verarbeitet, die wir nicht mit Ihrer E-Mail-Adresse oder Ihrer IP-Adresse zusammenführen.

We also analyze the reading behavior and the opening rates of our newsletter. For this purpose, we collect and process pseudonymised usage data which we do not merge with your e-mail address or your IP address.

c. MailChimp

For our general newsletter we use the technical service provider MailChimp, who takes over the processing of our data. MailChimp is a service of The Rocket Science Group, LLC d/b/a MailChimp (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA "MailChimp"). MailChimp offers statistical evaluation options for usage data. This includes, among other things, information as to whether an e-mail has reached the recipient or whether it has been rejected by the server. All individual evaluations relating to the e-mail address are not used by us. The legal basis for processing is Art. 6 Para. 1 1 f GDPR and processing serves our legitimate interest in optimising our newsletter. If you do not want your data to be processed by MailChimp, we would like to ask you to unsubscribe from our newsletter service.

MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

8. Application

If you apply to our company, we will process your application data exclusively for purposes related to your interest in a current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.

+

If we are unable to offer you employment, we will keep the information you provide for up to six months after any refusal for the purpose of answering questions relating to your application and refusal. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly agreed to longer storage. The legal basis for data processing is 26 Para. 1 S. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 Para. 3 GDPR. Such a revocation does not affect the legality of the processing which has taken place until the revocation based on the consent.

9. Live-Chat and notification via Intercom

For our live chat and the sending of certain administrative e-mails (e.g. in the order process) we use the technology of the provider Intercom, Inc. (55 2nd Street, 4th Floor, San Francisco, California 94105 "Intercom"). Intercom also offers us the analysis of the use of our website in order to improve our services for you. We transmit a limited amount of your data (such as e-mail address and date of registration) to Intercom. The legal basis for data processing in connection with the use of this service is Art. 6 para. 1 f GDPR The processing serves our legitimate interest in optimising our website.

Intercom is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active).

10. Cookies

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. In particular, we use permanent cookies ("persistent cookies"). These cookies are automatically deleted after a specified period, which may vary depending on the cookie.

If this use of cookies results in the processing of personal data, this is based on the legal basis of Art. 6 para. 1 f GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective and secure. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings.

Further information is available here: https://www.whatismybrowser.com/guides/how-to-enable-cookies/

11. Analysis of our website

Google Analytics

We use the Google Analytics service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") to evaluate our website visits. Google uses cookies that enable an analysis of your use of our website. The information generated by the cookie about the use of our website by users is usually transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the Internet. Pseudonymous user profiles can be created from the processed data. We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

In addition, we have integrated the tool Google Optimize into Google Analytics. Google Optimize uses cookies. The IP address is anonymized immediately after processing. Google Optimize analyses the use of different versions of our website and helps us to personalise the user-friendliness according to the behaviour of our users on the website.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly. The legal basis for data processing in connection with the Google Analytics service is Art. 6 Para. 1 f GDPR and the processing serves the legitimate interest of the analysis of user behaviour on our website and the possible demand-oriented design. You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent the information generated by the cookie from being collected by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Hotjar

Our website uses a plugin provided by Hotjar Ltd (St Julians Business Centre,3, Elia Zammit Street, St Julians STJ 1000, Malta, "Hotjar") via which we analyse movements on our website using so-called "heat maps". For example, you can see how far users scroll and which buttons users click and how often. It is also possible to get feedback directly from the users of the website. This provides us with valuable information to make our website even faster and more customer-friendly. With Hotjar we can only see which buttons are clicked, the mouse history, how far you scroll, the screen size of the device, device type and browser information. In addition, we receive information about your geographical position (country) and the preferred language for displaying our website. Areas of the websites in which personal data of you or third parties is displayed are automatically hidden by Hotjar and are therefore at no time traceable by the tool. For more information on Hotjar's privacy policy, please visit: https://www.hotjar.com/legal/policies/privacy The legal basis for data processing in connection with the use of this service is Art. 6 Para. 1 f GDPR and the processing serves our legitimate interest in optimising our website.

When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by visiting this page: https://www.hotjar.com/opt-out and clicking'Disable Hotjar'. Alternatively, you can activate'Do Not Track (DNT)' in your browser.

New Relic

Our website uses New Relic, an analysis service of New Relic Inc, 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. New Relic is a web analysis tool that collects the user data of a website in order to analyze and monitor the performance of the website, for example to improve the loading times of individual parts of the website. Further information on data protection and the cookies used can be found on the Internet at http://newrelic.com/privacy. The legal basis for the use of this service is Art. 6 Para. 1 f GDPR and serves the legitimate interest of optimizing our website. New Relic is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).

12. Tracking & Retargeting

Facebook Visitor action pixel

We use the "visitor action pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). With the help of the visitor action pixel we can track the behaviour of users after they have been redirected to the provider's website by clicking on a Facebook advertisement (so-called "conversion"). We can also use it to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we inform you according to our level of knowledge. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook's Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The visitor action pixel is triggered by Facebook when our Internet service is accessed and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is still anonymous to us, so it does not provide us with any information about the identity of the users. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If personal data are processed, the use of this service is based on the legal basis of Art. 6 para. 1 f GDPR serves our legitimate economic interests. You can object to the collection by the Facebook pixel and use of your data to display Facebook ads at the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Google AdWords Conversion Tracking

We use the online advertising program Google AdWords of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"), via which we place advertisements on Google. When you access our website via a Google ad, Google sets a cookie on your device ("conversion cookie"). Each AdWords customer is assigned a different conversion cookie so that the cookies are not tracked through the websites of different AdWords customers. The information collected with the help of the cookie is used to generate conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information that personally identifies users. Insofar as personal data are processed here, this is based on the legal basis of Art. 6 para. 1 sentence 1 f GDPR and serves our legitimate economic interests. You can object to the inclusion in the conversion tracking by preventing the setting of cookies via your browser setting.

Google is certified under the EU-US Privacy Shield Agreement and thus offers a suitable guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

LinkedIn Ads (Conversion Tracking)

On our website we use the analysis and conversion tracking technology of the LinkedIn platform of LinkedIn Ireland Unlimited Company, (Wilton Place, Dublin 2, Ireland, "LinkedIn"). With the aforementioned LinkedIn technology, you can see more relevant advertising based on your interests. LinkedIn also provides us with aggregated and anonymous reports of ad activity and information about how you interact with our website. If personal data are processed, the use of this service is based on the legal basis of Art. 6 para. 1 f GDPR and serves our legitimate economic interests. You can object to the collection l and use of the data at the following address: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=

If data is transmitted to the USA, LinkedIn is not certified under the Privacy Shield Agreement.

Microsoft Bing Ads

We use the conversion and tracking tool Bing Ads from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, "Microsoft") on our website. Microsoft stores a cookie on the user's computer to enable an analysis of the use of our online offer. The prerequisite for this is that the user has reached our website via an advertisement from Microsoft Bing Ads. Microsoft and we can see in this way that someone has clicked on an ad, has been redirected to our online offer and has reached a predetermined target page. We only see the total number of users who clicked on a Bing ad and were then forwarded to the target page (conversions). No IP addresses are stored. No other personal information about the identity of the user will be disclosed.

Users can find further information on data protection and the cookies used at Microsoft Bing Ads in Microsoft's data protection declaration: https://privacy.microsoft.com/en-en/privacystatement.

The legal basis for the use of this service is Art. 6 Para. 1 f GDPR and serves our legitimate economic interests. If you do not wish to participate in the Bing Ads tracking process, you can object here at Microsoft: http://choice.microsoft.com/en-US/opt-out. Microsoft is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

XING Ads

On our website we use the analysis and conversion tracking technology of the XING platform of XING SE (Dammtorstraße 30, 20354 Hamburg, Germany "XING"). With the aforementioned XING technology, you can see more relevant advertising based on your interests. XING also provides us with aggregated and anonymous reports of ad activity and information about how you interact with our website. The legal basis for the use of this service is Art. 6 Para. 1 f GDPR serves our legitimate economic interests.

13. Integrated services and contents of third parties

We use services and content provided on our website by third parties (hereinafter collectively referred to as "content"). For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider.

This data processing is carried out in each case for the protection of our legitimate interests in the optimisation and the economic operation of our website and is based on the legal basis of Art. 6 Para. 1 f GDPR.

The programming language JavaScript is regularly used to integrate the contents. You can therefore object to the data processing by deactivating the execution of JavaScript in your browser or by installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

We have incorporated content from the following services provided by third parties into our website: "Google Web Fonts" from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") for displaying fonts. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

"Typekit" of the third party Adobe Systems Inc. (345 Park Avenue, San Jose, CA 95110-2704, USA, "Adobe") for displaying fonts. Adobe is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

14. Revocation of consent

If you have given us a separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 Para. 3 GDPR. Such a revocation does not affect the legality of the processing which has taken place until the revocation based on the consent.

15. Your rights

As the person concerned, you have the right to assert your rights against us. In particular, you have the following rights:

In accordance with Art.15 GDPR and § 34 BDSG, you have the right to request information as to whether and to what extent we process personal data about you or not.

You have the right to request us to correct your data in accordance with Art. 16 GDPR. You have the right to request us to delete your personal data in accordance with Art. 17 GDPR and § 35 BDSG. You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR. In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format and to transmit this data to another person responsible.

16. Right of objection

In accordance with Article 21 of the DSVGO, you have the right to appeal against any processing based on the legal basis of Article 6(1)(1)(e) or (f) of the DSVGO. If we process personal data about you for the purpose of direct advertising, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.

17. Data protection officer

You can reach our data protection officer at the following contact details: datenschutzbeauftragter@easypep.de

18. Complaint to a supervisory authority

If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right of appeal to a supervisory authority in accordance with Art. 77 GDPR.

Status: Mai 2018