Privacy policy

Data Controller and responsible for the website

We (Data Controller) operate this website:

EFESO Management Consultants
117 Avenue Des Champs Elysées
75008 Paris France

T : +33 1 53 53 57 00

Email : info.marketing@efeso.com

Data privacy officer (DPO)

RSCF GmbH

Sarmanna-Straße 1

93049 Regensburg, Germany

T : +49 (0)941-850 992 00

Email: info@rscf.de

If you have any questions relating to data protection or exercising your rights, you can use the following contact information to get in touch with our data protection officer directly: privacy@efeso.com

Our guiding principles

We take protecting your information very seriously. Your data is therefore processed with great care and in strict compliance with applicable data protection law. Organizational and technical security measures have been taken to protect all of our websites against the risks present in processing personal data. Our partners who support us in the provision of this website must comply with these provisions as well.

Cookies

Cookies are small text files that are stored in a special memory area of your browser. However, cookies cannot be used to start programs or transfer viruses to a computer. Cookies are set when you visit our website, or a so-called pixel-code/web beacon causes a cookie to be set. However, cookies can only be read by the web server of the same domain from which they were originally set.

You can also view our website without cookies. Internet browsers are regularly set to accept cookies. In order to prevent the use of cookies by your internet browser, you can deactivate the use of cookies via the settings of your internet browser and delete cookies that have already been set. The help functions of your internet browser tell you how to deactivate and delete cookies in your browser. Please note that the deactivation/deletion of cookies may result in individual functions of our website no longer functioning as expected. Cookies, which may be required for certain functions of our website, are shown below. In addition, the deactivation/deletion of cookies only affects the internet browser used here. For other internet browsers, the deactivation/deletion of cookies must therefore be repeated accordingly.

In addition, there are various ways to prevent the setting of certain cookies either by selecting them in our tracking banner or individually to the respective service provider whose tools we use for certain purposes. We point out the latter possibility to you in direct connection with the respective tool.

1.1.Session cookies

As part of the provision of our websites, we use session cookies which we store on your device when you visit our website – regardless of your selection as part of the tracking banner – and which are always deleted automatically when you close the internet browser (i.e. close the program). This enables us to provide you with various functions on our website using the information in the cookies.

We use the following session cookies, which we use for certain functions, which do not contain personal data, for the following purposes:

to ensure the failure free playback of video or audio content (for example, to play Vimeo or YouTube Videos)
temporarily store certain user inputs (e.g. contents of a shopping basket or an online form)
improvement of user-friendliness and statistical range measurement

Session cookies, which we use for certain functions, with personal data:

Session cookies that are used to temporarily identify or authenticate a user (e.g. by a session ID to temporarily save the contents of the shopping basket)
Session cookies are automatically deleted after the internet browser is closed, at the latest, however, at the end of the lifespan of the respective cookie.

1.2.Persistent Cookies

Persistent cookies are cookies that remain stored on your device, even after you have closed your internet browser. We use the information in these cookies to provide you with convenient functions on our website (e.g. to save certain user preferences or for search or language settings), but also to collect your usage behavior on our website and to use this information to improve our website (e.g. to detect errors) and to personalize advertising for you.

Persistent cookies with personal data to collect your usage behavior are only processed with your consent, which you can give us the first time you visit our website via the consent layer displayed there. You can revoke your consent to the processing of your usage behavior at any time by deleting all cookies set in your internet browser. In this case, however, it may be necessary to make a new decision about using cookies for the aforementioned purpose via the tracking-banner. You can also revoke your consent to individual web analytics/marketing tools, as shown hereinafter.

Data from persistent cookies are stored until the end of the term of the respective cookie or until the cookies are deleted by you.

1.3. Consent management platform

Type and scope of processing

We have integrated Cookiebot on our website. Cookiebot is a consent solution of the Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, with which consent to the storage of cookies can be obtained and documented. Cookiebot uses cookies or other web technologies to recognize users and to store the consent given or revoked.

Purpose and legal basis

The use of the service is based on the legally required consent to receive the use of cookies in accordance with Art. 6 sec. 1 lit.c. GDPR.

Storage period

The actual storage period of the processed data is not influenced by us, but is determined by Cybot A/S. For more information, see the privacy policy for Cookiebot: https://www.cookiebot.com/en/privacy-policy/.

Data processing on our behalf
- 2.1. Provision of the website

When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requested computer
Date and time of access/request
Name and URL of the retrieved file
Access status (file transferred, file not found, etc.)
website from which access is made (referrer URL)
browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
data volume transferred

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with. Art. 28 GDPR.

The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. This data is not merged with other data sources. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to call up our website without providing the data.

The aforementioned data are used for the duration of the display of the website and for technical reasons beyond that for a maximum of seven days. After seven days the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. In anonymous form, the data is also processed for statistical purposes; it is not compared with other data sets or passed on to third parties, even in extracts.

2.2.Application via website

We collect various personal data through the application process. Personal data is all information from which conclusions about your personal or factual circumstances can be drawn or which makes you identifiable. The following data is collected and processed for the automated processing of your application:

First name, surname, address, e-mail, date of birth, title, telephone number, country of residence and citizenship
Additional questions depending on the specific alert (e.g. driving license)
curriculum vitae, in particular details of professional experience and training
Skills and knowledge for the advertised position
Application photo
Qualifications, awards and language skills
Letter of motivation
Files and documents that you want to send or upload in connection with your application

By submitting the applicant data, you as an applicant, imply your consent (according to Art. 6 para. 1 lit. a GDPR) to the processing of personal data for the purpose of the scope set out in this data protection declaration.

We ask you not to include any information that is irrelevant for the processing of your application and is protected by Anti-Discrimination laws (including illness, pregnancy, trade union membership and sexual orientation).

Please do not transmit any content that could violate, for example, copyrights or the press rights of third parties.

2.3. Use of this personal data

Your transmitted data will only be collected, processed and used for purposes related to the processing of your application. This means your application data will be forwarded to the local HR in the respective country, where your data is stored and processed according to local special and privacy laws (in EU/EEA countries i.e. GDPR).

If you are hired by our company, we will use the data you provide for the administrative and organizational activities of payroll and financial accounting as well as for personnel scheduling.

Your personal data will only be collected or processed by people who are responsible for processing your application. All employees involved are obliged to treat your data confidentially. In particular, they may not pass on any data to unauthorized people. If you have submitted your application in writing, your personal data will be transferred to our applicant management system. The physical documents will be returned to the applicant after the data has been transferred.

If you have applied to us by e-mail, we will also incorporate the applicant data into our applicant management system. Your e-mail will then be stored for two weeks. After two weeks the e-mail will be deleted automatically.

Please note that e-mails are generally not sent encrypted. Applicants must therefore take care of the encryption themselves. We therefore recommend that you use the option of applying online or sending the application by post.

2.4. Storage period

If we are unable to offer you a job, we will retain your data for a maximum of six months after cancellation in order to be able to answer any questions that may arise in connection with the rejection.

If your application is of fundamental interest to us, we will ask you by e-mail to give us permission (Art. 6 para. 1 lit. a GDPR) to store your data for a longer period of time in order to include you in our pool of candidates for a possible later job offer. If you agree again within two weeks, your applicant data will be stored in our applicant management system for another 24 months. Otherwise, your applicant data will be deleted automatically.

If your applicant data is stored in our applicant pool, we will contact you again by e-mail two weeks before the 24-month expiration. If you agree again within two weeks, your applicant data will be stored in our applicant management system for another 24 months. Otherwise, your applicant data will be deleted automatically.

Should you wish your data to be deleted or have a request for information (in accordance with Art. 17 and 15 GDPR), please contact us.

Customer and contract data
- 3.1. Use of this personal data

We collect, process and use personal data only to the extent that it is necessary for the establishment, content or modification of the legal relationship (inventory data). We collect, process and use personal data on the use of our Internet pages (usage data) only to the extent necessary to enable the user to use the service or to invoice the user (according to Art. 6 para. 1 lit. b GDPR).

3.2. Storage period

The collected customer data is deleted after completion of the order/contract or termination of the business relationship. Legal retention periods remain unaffected.

3.3. Data transmission upon conclusion of contract for services and digital contents

We only transfer personal data to third parties if this is necessary within the framework of the contract, for example to the credit institution commissioned with the handling of payments (Art. 6 para. 1 lit. b GDPR).

Further transmission of the data does not take place or only if you have expressly agreed (according to Art. 6 para. 1 lit. a GDPR) to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

Social and other networks/services

Protecting your privacy when processing personal data is an important concern for us. We process personal data transmitted to us, which is collected during your visit to our respective social media site (e.g. YouTube, LinkedIn, etc.) confidentially and only in accordance with the legal regulations.

Responsible for processing your data via our social media site is the respective operator of the social media site (see examples below) together with us. Insofar as the processing of this data takes place within our area of responsibility, we are available to answer all questions regarding data protection and the exercise of your rights in accordance with the information in this data protection information.

4.1. Data processing by the social media service

The social media service processes your personal data as soon as you use our respective social media site. The processing is linked to the following usage processes, for example:

Calling up a page or an article or a video from a page
Subscribe or Unsubscribe to a page
Mark a page or post with “Like it” or “Don’t like it anymore” or similar functions
Recommend a page in a post or comment
Comment, share or react to a page post (including the type of reaction)
Hide a page contribution or report it as spam
Click on a link from another page on the social media provider or from a website outside the social media provider that leads to the page
Move the mouse over the name or profile picture of a page to see a preview of the page contents
Use features of the social media provider, such as the web page, phone number, “Plan a route” button, or any other button on a page
The information whether the registration is done via a computer or a mobile device.

Which personal data is collected by the social media provider in detail, how it is processed and which data protection rights you have towards the social media provider, you can find out in each case in the following data protection guideline of the social media provider. We have no influence on the data processing by the social media provider following the collection.

4.2. Data processing by us

In the case of the website provided by us via social media provider, the processing of your personal data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in providing an efficient online presence and interacting with users. If you have given your consent to data processing, this is based on Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR.

The social media provider “grants us access” to the following categories of data that will be processed:

Statistical analysis provides information about the use of our social media website. The analyses visible to us do not allow us to analyze the usage behavior of individual people. We can only view aggregated data (including number of hits, likes, followers, region of origin, age group, gender) that provide information about our audience and the use of our social media website. The data of the respective users on which the analyses are based are not transmitted to us.
We can determine which target group should be reached for the social media website or for individual published articles. The settings are made on the basis of general parameters (e.g. age group, language, region, interests), which enable us to target our content to specific groups. Based on the data provided to us by the social media provider, it is not possible for us to address or identify individual people.
If you contact us directly via the social media provider or interact with us in any other way and deliberately transmit personal data (e.g. direct networking with our social media website), we will store and process this personal data for the purposes for which you have transmitted it to us.
We process this data solely for the purpose of making content on our social media website known to specific target groups and to better understand and optimize the use of our social media website.
Furthermore, we cannot influence data processing (upstream for the provision of this data) by the social media provider.

Which personal data are collected by the respective social media provider, how they are processed and which data protection rights you have towards the respective social media provider, can be found below:

4.3. Privacy policies of the respective social media providers:

Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA: http://www.facebook.com/policy.php
LinkedIn for European Union (EU), European Economic Area (EEA) countries and Switzerland: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland and for all other countries: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA: https://www.linkedin.com/legal/privacy-policy
YouTube LLC (part of Google LLC) for European Union (EU) or European Economic Area (EEA): Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and for all other countries: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: https://policies.google.com/privacy?hl=de
WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025: https://www.whatsapp.com/legal/#privacy-policy

Legal basis for data processing
- 5.1. Consent in accordance with Art. 6 para.1 lit. a GDPR (Regulation (EU) 2016/679):

Participation in competitions
Participation in surveys, reviews
Participation in event offers
Use our website as a business partner
Contact
Application
Persistent cookies for recording user behavior
Newsletter
Web Analysis & Marketing
Google Analytics
DoubleClick
Google Ads & Remarketing

Fulfilment of contractual obligations in accordance with Art. 6 para.1 lit. b GDPR (Regulation (EU) 2016/679):

Contractual Obligations with clients

Legitimate interest in accordance with Art.6 para.1 lit. f GDPR (Regulation (EU) 2016/679):

Technical facilities for the presentation of the website (e.g. content delivery networks)
Providing additional functions of the website
Log data for monitoring and detecting threats (ensuring sufficient safety)
Session cookies and persistent cookies for convenience functions

Providing an efficient online presence and interacting with users (Social-Media)

Failing to provide personal data

If you choose not to provide the personal data that we have requested, we may be unable to supply the products and/or services that you have ordered or fulfil the purposes for which we requested such data.

Data Transmission

We pass on your personal data that we process on our website to third parties only if this is necessary for the fulfillment of the purposes and in individual cases that are covered by the legal basis (e.g. consent or protection of legitimate interests). We work together with a number of service providers to implement and operate our website. We have chosen these service providers carefully and concluded a data protection agreement (according to Art. 28 GDPR) with each individual service provider to keep your information safe. The service providers we use to implement and operate our website are:

Service provider for hosting services including associated technical services (e.g. performance control and measurement, content delivery networks).
Third parties for providing additional services and functions (e.g. marketing measures, website interactions, comfort functions, etc.)

We only transmit your data to other recipients where necessary to fulfil a contract with you, where we or the recipient has a legitimate interest in the disclosure of your data, or where you have given your consent to that transmission. In such cases, your data will be processed in accordance with the data protection regulations of the recipient of your data concerned. These recipients include service providers and other companies within our corporate group. Furthermore, data may be transmitted to other recipients in the event that we are obliged to do so due to legal provisions or enforceable administrative or court orders.

Security

We have implemented both technical and organizational security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers are bound by applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before transmission. This ensures that your data cannot be misused by third parties. Our security measures are continuously reviewed and improved in line with technological developments, and our privacy policy is regularly updated. Please ensure you are referring to the latest version.

To provide the highest level of security, efeso.com and www.efeso.com are protected by a state-of-the-art certification. This certificate ensures strong encryption and verifies the identity of our organization, offering enhanced trust and data protection during your interactions with our website.

Web Analytics and Website Functions

We use web analytics tools for the purposes of advertising, market research and for user feedback on the design of our website (and, where applicable, the newsletter). For these purposes, we use analysis cookies and/or JavaScript to collect and process usage data about your visit to our website and your use of links in the newsletter (if available). The collection of your usage data and the creation of a usage profile from it is carried out using a cookie ID. Your IP address is either not collected or anonymized immediately after collection. Therefore, it is not possible to directly deduce your identity from the ID used.

You can find more detailed information on the use of processors and web services in the overview of the individual processing operations below:

9.1. Matomo (cloud-based)

Type and scope of processing

We use the open-source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (see above for cookies). If individual pages of our website are accessed, the following data will be stored:

Two bytes of the IP address of the user’s calling system (anonymized IP address)
The website accessed
The website from which the user has accessed the website accessed (referrer)
The subpages accessed from the web page you are calling
The length of stay on the website
The frequency of the web page is accessed

We use a InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand-hosted version of the software. The above data is processed by InnoCraft Ltd..

Purpose and legal basis

We process your data with the help of the analysis software Matomo for the purpose of evaluating the use of individual components and contents of our website on the basis of your consent in accordance with Art. 6 sec. 1 lit. a GDPR.

Storage period

The actual storage period of the processed data is not influenced by us but is determined by InnoCraft Ltd.. For more information, see the privacy policy for Matomo Cloud: https://www.innocraft.com/privacy.

9.2. Google Analytics

Type and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of visits to our online offer, subpages visited and the length of stay of visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on the activity of the website.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0915.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy?hl=en.

9.3. Google Tag Manager

Type and scope of processing

We use the Google Tag Manager of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Tag Manager is used to manage website tags through an interface and allows us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services in order to evaluate user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Click here to be excluded from the Google Tag Manager

9.4. Stape.io

Type and scope of processing

We use Stape.io to host server‑side Google Tag Manager containers and related event gateways that handle analytics and marketing requests from our website. Stape.io is provided by Stape, Inc., 8 The Green, Suite #12892, Dover, DE 19901, USA, operating the hosted platform used to deliver these endpoints and services on our website.
When these endpoints are accessed, a connection to Stape infrastructure is established and request, usage and device information necessary for delivery, logging and security may be processed. Stape provides request logs for server‑side containers and acts as a data processor for controller‑provided data under a data processing agreement.

Purpose and legal basis

The use of the hosted server‑side tagging platform is based on our legitimate interests, i.e., interest in a secure and efficient provision and optimization of our online offer in accordance with Art. 6 sec. 1 lit. f GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance to appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0915.

We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

Storage period

The actual storage period of the processed data is not determined by us but by Stape, Inc. as the provider according to its retention practices. For more information, please refer to Stape’s privacy information and GDPR resources: https://stape.io/privacy-notice.

9.5. GA Audience

Type and scope of processing

We use GA Audience from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, as a service to help analyze the use of your computer and mobile devices (e.g. smartphones). Google Audience will have access to the cookies created through the use of Google Adwords and Google Analytics. Within the scope of use, data, such as in particular the IP address and activities of the user, can be transmitted to a Google server and stored there.

You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by deactivating the execution of Java-Script in your browser, by installing a tool such as ‘NoScript or downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=en).

Further information on data protection can be found at the following link: https://support.google.com/analytics/answer/2700409?hl=enef_topic=2611283

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

Storage period

9.6. CloudFlare

Type and scope of processing

We use Cloudflare CDN to properly provide the content of our website. Cloudflare CDN is a service of the Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc., whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Cloudflare CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Cloudflare, Inc.. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.

9.7. Google reCaptcha

Type and scope of processing

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

9.8. New Relic

Type and scope of processing

We have integrated New Relic Data Collection Server on our website. New Relic Data Collection Server is a service provided by New Relic, Inc. that develops cloud-based software that enables website and application owners to track the performance of their services.

New Relic Data Collection Server offers the possibility to determine statistical evaluations on the technical performance of our services (e.g. the duration of a particular database query, the stability and accessibility of our servers, or the response time of our servers). For this purpose, application and browser data are collected and stored in the browser using cookies.

In this case, your data will be passed on to the operator of New Relic Data Collection Server that New Relic Inc, 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

Purpose and legal basis

The use of New Relic Data Collection Server is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

Storage period

The actual storage period of the processed data is not influenced by us but is determined by New Relic, Inc.. For more information, see the privacy policy for New Relic Data Collection Server: https://newrelic.com/termsandconditions/privacy.

9.9. Gravity Forms Zoho CRM Add-On

We use the Gravity Forms Zoho Add-On to process form submissions and synchronize data with our Zoho CRM.

Type and Scope of Processing: The data you provide through our forms (such as name, email address, and other requested details) is collected and transmitted to Zoho CRM. Gravity Forms itself does not store your form data beyond what is configured in our WordPress environment.

Purpose and Legal Basis: The processing is carried out to respond to your inquiries, manage customer relationships, and fulfill contractual or pre-contractual obligations. The legal basis for this processing is your consent (Article 6(1)(a) GDPR) and/or the performance of a contract (Article 6(1)(b) GDPR).

Storage Period: Form entries are retained in our WordPress system only for the period necessary to fulfill the stated purposes. We apply automated deletion settings to ensure data is not kept longer than required. Data synchronized with Zoho CRM is stored according to Zoho’s retention policies.

For more details, please refer to Gravity Forms Privacy Policy and Zoho Privacy Policy.

9.10. Crazy Egg

Type and scope of processing

We use Crazy Egg, Inc. Crazy Egg, to perform so-called A/B tests on our online offering. At the same time, different versions of our online offer are published and measured, which of these versions is more user-friendly.

When testing the versions, data such as the operating system used, the browser’s user agent, and the time of the call can be collected to measure the success of the version.

Web tracking technologies are used to link the above data to the version of our online offering to be tested.

Purpose and legal basis

The use of Crazy Egg is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

Storage period

The actual storage period of the processed data is not influenced by us but is determined by Crazy Egg, Inc.. For more information, see the privacy policy for Crazy Egg: https://www.crazyegg.com/privacy.

9.11. Lusha

Type and scope of processing

We use Lusha to enrich and verify business contact details and company information for B2B sales, marketing, and recruiting use cases across our organization.
Lusha is provided by Lusha Systems Inc., 800 Boylston Street, Suite 1410, Boston, MA 02199, USA, with Lusha Systems Ltd. (Tel Aviv) acting as an affiliated entity and joint controller for certain data subject categories as described in Lusha’s Privacy Notice.
When using this service, a connection to Lusha’s infrastructure is established and technical data such as device information and IP address may be processed for delivery, troubleshooting and security; Lusha performs processing for customers under a Data Processing Addendum and, for specific integrations (e.g., connecting CRM, Google or Microsoft accounts), may act as an independent controller as set out in its Privacy Notice.

Purpose and legal basis

The use of the business contact enrichment platform is based on our legitimate interests, i.e., interest in a secure and efficient provision and the optimization of our B2B outreach in accordance with Art. 6 sec. 1 lit. f GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance with appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0915.

Storage period

The actual storage period of the processed data is not determined by us but by Lusha according to its retention policy and suppression‑list practices detailed in its Privacy Notice.
For more information, please refer to Lusha’s privacy policy and additional information on data protection: https://www.lusha.com/legal/privacy-notice/.

9.12. Zoho Forms

Type and scope of processing

We have integrated Zoho Forms on our website. Zoho Forms is a Zoho Corporation Pvt. Ltd. service that provides marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing, and web analytics.

Zoho Forms is used to store data entered in forms, e.g. when contacting them via contact form. The specified data can be stored in our Customer Relationship Management System (CRM System).

In this case, your data will be passed on to the operator of Zoho Forms that Zoho Corporation Pvt. Ltd. Estancia IT Park, Plot No. 140 & 151 GST Road Taluk, Vallancherry Village Kanchipuram District, Chengalpattu, Tamil Nadu 603202, India.

Purpose and legal basis

The use of Zoho Forms is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

The use of Zoho Forms and the integrated services is subject to our legitimate interest under Art. f. GDPR, optimizing our marketing activities and improving our service quality on the website.

Storage period

The actual storage period of the processed data is not influenced by us but is determined by Zoho Corporation Pvt. Ltd.. For more information, see the privacy policy for Zoho Forms: https://www.zoho.com/de/privacy.html.

Information on the EU-US Data Privacy Framework (“DPF”)

Information can be found at: https://www.dataprivacyframework.gov/.

Your Rights as a data subject

You have the right to access, rectification, erasure or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to complain in accordance with the requirements of data protection law at any time (Art. 12-23 GDPR):

Right to access (Art. 15 GDPR):

You can demand information from us as to whether and to what extent we process your data.

Right of rectification (or completion) (Art. 16 GDPR):

If we process your data that is incomplete or incorrect, you can demand that we correct or complete it at any time.

Right to erasure (“right to be forgotten”) (Art. 17 GDPR):

You can demand the deletion of your data from us if we process them unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the practice of your right to deletion, we will delete your data immediately and completely, provided that there is no legal obligation to retain it.

Right to restriction of processing (Art. 18 GDPR):

You can demand that we restrict the processing of your data if

You dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.
the processing of the data is unlawful, but you object to its deletion and instead request a restriction on the use of the data,
we no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims, or
you have lodged an objection to the processing of the data.

Right to data portability (Art. 20 GDPR):

You may require us to provide you with your data that you have provided to us in a structured, common, machine-readable format and that you may transfer such data to another responsible party without hindrance by us, provided that

we process this data on the basis of a revocable consent given by you or for the fulfilment of a contract between us, and
this processing is carried out using automated procedures.
If technically feasible, you can request us to transfer your data directly to another responsible party.

Right to object (Art. 21 GDPR):

If we process your data out of a legitimate interest, you may object to this data processing at any time. This would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Your right to withdraw consent (Art. 7 para. 3 GDPR):

You can withdraw consent given for your data to be processed with effect for the future at any time. The legality of processing your data remains unaffected by this up to the point at which your consent is withdrawn.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR):

If you are of the opinion that we are violating French or European data protection law in processing your data, we ask you to contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority. If you wish to assert any of the above rights against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Exceptions to this only apply under the conditions of Art. 22 para. 2 GDPR.

Changes to this privacy policy

We reserve the right to change our privacy policy if new technologies make this necessary. Please make sure that you have the latest version. If fundamental changes are made to this data protection declaration, we will announce these on our website.

Industries

Services

About us

Privacy policy