Data protection information status: 08/18/2022

Content

1. Introduction
2. What is personal data?
3. Who is responsible?
4. Who is the data protection officer?
5. General information on the collection, processing and use of personal data
6. For what purposes do we process personal data?
   • External hosting
   • External contact management
   • Provision of the website and creation of log files
   • Use of cookies
   • Newsletter
   • Appointment arrangement
   • Contacting
   • Registration
   • Blog comments
   • Social media platforms 

 

I. Introduction

WeShyft processes your personal data in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (EU-DSGVO) and other legal regulations, e.g. the Telecommunications Telemedia Data Protection Act (TTDSG).

 

II. What is personal data?

According to the DSGVO, personal data is any information about an identified or identifiable natural person. This can be, for example, the name, address, telephone number, e-mail address or date of birth.

 

III. Who is responsible?

Responsible according to Art. 4 Para. 7 DSGVO is

WeShyft GmbH
Schomburgstr. 50
D-22767 Hamburg

Also see https://www.weshyft.com/impressum/.

 

IV. Who is the data protection officer?

We have appointed the following data protection officer and reported to the data protection authority.

WeShyft GmbH
Colin Bien
Schlankreye 39
D-20144 Hamburg

Für Auskünfte und Anregungen zum Thema Datenschutz stehen wir bzw. unser Datenschutzbeauftragter Ihnen gern zur Verfügung. Sie erreichen unseren Datenschutzbeauftragten unter colin.bien@weshyft.com

Our data protection officer monitors the data protection-compliant processing of personal data by WeShyft GmbH. In this context, regular auditing takes place.

 

V. General information on the collection, processing and use of personal data

a.) Scope of processing of personal data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services.

WeShyft collects and processes personal data in the following cases:

1.) You visit the WeShyft website without logging in in any way. This occurs in particular when you access our home page, landing pages or in the blog and advice area (website access).

2.) As soon as you would like further information about our product or news from the market environment, you have the option of registering for our newsletter (newsletter).

3.) If you would like a personal appointment with us, you have the option of arranging a digital meeting with us via our calendar (appointment arrangement).

4.) You contact us directly, e.g. by phone, email, post or in person (contact).

5.) After registration, you use the online product from WeShyft (registration).

6.) You use the opportunity to comment on our guide and blog (blog).

7.) You use other services provided via our website (operation).

The processing of personal data of our users only takes place insofar as the processing of the data is permitted by legal regulations.

b.) Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Article 6 (1) (b) DSGVO serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f DSGVO serves as the legal basis for the processing.

c.) Data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

VI. For what purposes do we process personal data? a.) External hosting

Our website and our online software are operated on servers of the following hosting service provider (hereinafter "AWS"):

Amazon Web Services, Inc.
410 Terry Avenue North
Seattle WA 98109
United States

The hosting environment at AWS is configured accordingly so that the storage takes place on servers located in Frankfurt (Germany).

A contract for order processing has been concluded with AWS for the performance of these services, which obliges them to protect your personal data. For more information, see

The data collected as part of the following processing operations is generally stored and processed on the servers commissioned by us. This includes in particular data that is collected automatically or through your input when using our website and our online software. This also includes making backup copies on backup servers.

The respective legal bases, the scope of the processed data and the associated deletion periods depend on the subsequent processing operations. Backup copies on backup servers are automatically deleted with a time delay.

b.) External contact management

We use a professional service provider (hereinafter "HUBSPOT") to manage and process customer contacts:

Hubspot, Inc.
1 Harbour Pl, Suite 175
Portsmouth, NH 03801
United States

HUBSPOT is a US-based company and provides a software solution that can be used to serve various aspects of online marketing, such as email marketing, social media marketing, contact management, reporting, and the provision of landing pages and contact forms. In this case, the personal data collected from you in forms on our website will be processed outside the EU.

A contract for order processing has been concluded with HUBSPOT for the performance of these services, which obliges them to protect your personal data. For more information, see https://legal.hubspot.com/dpa.

The scope of the processed data depends on the respective processing operation. In addition to the personal data collected from you in the respective form, HUBSPOT also regularly processes the information that is also collected when you use our website. Furthermore, the legal bases and deletion periods are based on the respective processing operations in which HUBSPOT is used.

c.) Provision of the website and creation of log files

Purpose and description of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

In order to ensure stable operation of our website, we use a professional service provider (hereinafter "CLOUDFLARE"):

Cloudflare, Inc.
101 Townsend St
San Francisco, CA 94107
United States

CLOUDFLARE is a so-called Content Delivery Network (CDN) and has the purpose of providing the content of our website with high availability and speed. Furthermore, CLOUDFLARE implements various mechanisms to protect our website from attacks (e.g. DDoS attacks). Through the use of CLOUDFLARE, the personal data mentioned below can be processed outside the EU.

A contract for order processing has been concluded with CLOUDFLARE for the performance of these services, which obliges them to protect your personal data. For more information, see https://www.cloudflare.com/de-de/cloudflare-customer-dpa/.

Legal basis of data processing

If our website is used to make use of our services, in particular the use of the online software WeShyft, the legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO. For all other purposes, our legitimate interest lies in data processing in accordance with Article 6 (1) (f) DSGVO.

data categories

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected here:

• IP address of the user
• Date and time of access
• URL of the retrieved web page
• Source from which the website was accessed
• Browser type and version
• Operating system used
• Transport data, such as file size and transmission status

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Deletion deadlines

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

d.) Use of cookies

Purpose and description of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

As soon as you open the WeShyft website for the first time, you will see what is known as a “consent banner”. The purpose of this banner is to obtain various consents for the processing of personal marketing, tracking and analysis data. If you do not give your consent, no personal marketing, tracking and analysis data will be processed except for the scripts technically required for the website. If you give your consent, various marketing, tracking and analysis scripts can be executed, which may also transmit and process your personal browser data to third-party providers in non-European countries. This is usually your IP address, cookies, caches and storage information. For more details, please refer to the consent banner itself. There you can view the data categories and additional information on processing for each provider.

Legal basis of data processing

So that you can manage your cookies on WeShyft, we use the consent management system "Borlabs", with which you can independently grant and withdraw consent (revocation). Our legitimate interest in data processing in accordance with Article 6 (1) (f) DSGVO lies in these purposes.

More information on the categorization of the Consent Management System:

Essential cookies are mandatory to ensure the proper operation of our website and our online software. WeShyft cannot be used without these cookies, so these cookies cannot be deactivated.

Statistic cookies help us understand how visitors interact with WeShyft by collecting and reporting information anonymously. This enables WeShyft to design the product in a customer-oriented manner. The legal basis for processing this data is Art. 6 (1) (a) DSGVO (consent).

Marketing cookies enable us to display ads that are relevant to the individual user. This enables WeShyft to use marketing efforts efficiently. We therefore also allow other companies to collect data from our users using cookies in order to optimize marketing campaigns for WeShyft. We also pass on tracking data to companies such as Google, Microsoft and Facebook to measure the success of advertising campaigns (so-called conversion tracking). The legal basis for the processing of this data is Article 6 (a) DSGVO (consent).

data categories

You can view the data categories via the following link: Change data categories.

Deletion deadlines

You can revoke your consent at any time via the following link: Revoke deletion deadlines

e.) Newsletter

Purpose and description of data processing

We provide you with a newsletter that you can subscribe to on our website. The form for registering for the newsletter is provided by HUBSPOT services. The data you enter in the input mask will be transmitted to us and saved.

For the actual registration for our newsletter, we use the so-called double opt-in procedure. After you have registered, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you would like us to send you the newsletter in the future.

We use a service provider (hereinafter “HUBSPOT”) to send newsletters:

HubSpot, Inc.
25 First Street, Cambridge,
MA 02141
USA

HUBSPOT is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter (e.g. e-mail address) will be stored on the HUBSPOT servers in Germany or Ireland.

A contract for order processing has been concluded with HUBSPOT for the performance of these services, which obliges them to protect your personal data. For more information, see https://legal.hubspot.com/de/privacy-policy.

Legal basis of data processing

Registration for the newsletter and the associated processing of personal data by HUBSPOT is based on your consent in accordance with Article 6 (1) (a) DSGVO.

Newsletters are generally sent on the basis of the consent obtained as part of the double opt-in. In this case, the legal basis for the processing of personal data is Art. 6 (1) (a) DSGVO.

The legal basis for sending the newsletter as a result of the sale or use of goods or services is Section 7 (3) UWG in conjunction with Article 6 (1) (f) DSGVO.

data categories

• Name and email address
• Company name
• IP address of the user
• Time of confirmation

Deletion deadlines

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case if the subscription to the newsletter is terminated or the user revokes their consent to the processing of the data.

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also enables a revocation of the consent to the storage of the personal data collected during the registration process.

After unsubscribing from the newsletter distribution list, the user's e-mail address may be placed on a blacklist to prevent future newsletters. The data on this blocking list will only be used for this purpose.

f.) Appointment arrangement

Purpose and description of data processing

You have the option of making an appointment with us via our website. The appointment booking form is provided by HUBSPOT Services. The data you enter in the input mask will be transmitted to us and saved. The processed data is required to process your request and carry out the online appointment.

We use a service provider (hereinafter “ZOOM”) to hold the online appointment:

Zoom Video Communications, Inc.
55 Almaden Blvd 6th Floor
San Jose, CA 95113
United States

ZOOM is a US based company. In this case, the personal data collected during the online appointment will be processed outside the EU.

A contract for order processing has been concluded with ZOOM for the performance of these services, which obliges them to protect your personal data. For more information, see https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.

Legal basis of data processing

We will obtain your consent for the display of the contact form and the processing of personal data by HUBSPOT and ZOOM in connection with the processing of appointments. In this case, the legal basis for processing is Article 6 (1) (a) DSGVO.

data categories

• Name and email address
• Company name
• Date and time of contact
• Desired time for the appointment
• IP address of the user
• Date and time of start and end of the respective conference
• Traffic data for the technical implementation of the conference
• Documents and files shared by the user
• User chat messages
• Audio stream (if enabled by user)
• Video or webcam stream (if activated by the user)

Deletion deadlines

Your personal data will only be stored until your request has been finally processed. In the case of an appointment, this is usually the case when the online appointment has ended and it can be inferred from the circumstances that the facts in question have been finally clarified.

Even after the communication has ended, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

g.) Contacting

Purpose and description of data processing

There is a contact form on our website which can be used to contact us electronically. The form is provided by HUBSPOT services. The data you enter in the input mask will be transmitted to us and saved.

Alternatively, you can contact us via the email address provided on our website. In this case, the user's personal data transmitted with the e-mail will be stored.

Legal basis of data processing

We will obtain your consent for the display of the contact form and the processing of personal data by HUBSPOT in connection with the handling of the conversation. In this case, the legal basis for processing is Article 6 (1) (a) DSGVO.

If the request is aimed at concluding a contract, or if the request relates to an existing contractual relationship, the additional legal basis for the processing is Art. 6 (1) (b) DSGVO.

data categories

• Name and email address of the sender and recipient
• Time of sending
• Subject of the email
• News content
• Transport data, such as providers involved and the status of the transmission

Deletion deadlines

The data will be deleted when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

Even after the communication has ended, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

h.) Registration

Purpose and description of data processing

On our website, we offer users the opportunity to register for the use of our online software by providing personal data. The data is entered into an input mask and transmitted to us and stored.

In order to ensure that the e-mail address entered is correct, we send a confirmation link to the e-mail address entered during registration using the so-called double opt-in procedure. After confirming this link, your user profile will be fully activated.

We use a service provider (hereinafter "BUBBLE") to implement our online software:

Bubble Group, Inc.
22 W 21 Street 3rd Floor
New York, NY 10010
United States

BUBBLE is a service provider to create online applications without any technical knowledge. By using BUBBLE, the personal data mentioned below can be processed outside the EU.

A contract for order processing has been concluded with BUBBLE for the performance of these services, which obliges them to protect your personal data. You can find more information about this at https://bubble.io/dpa.

Legal basis of data processing

The registration thus serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, therefore the legal basis for the processing of the data is Article 6 (1) (b) DSGVO.

data categories

• Email address of the user
• IP address of the user
• Date and time of registration

Deletion deadlines

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case at the earliest upon termination of the usage relationship. Even after the end of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations (in particular storage obligations).

i.) Blog comments

Purpose and description of data processing

We offer a blog on our website. In this blog we publish articles on various topics in our field of activity. You can comment on the respective posts. If you make a comment, it will be published with the username you specified, assigned to the respective post.

When choosing a user name, we recommend that you use a pseudonym instead of your real name. To use the comment function, you must provide the user name you have chosen and your e-mail address. All other information you provide is voluntary.

Legal basis of data processing

Your e-mail address is stored for the purpose of being able to contact you if a third party reports your comment to us as illegal or to be able to defend ourselves against third-party claims if you publish illegal content. This is also our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO.

We reserve the right to delete comments if they are objected to by third parties as unlawful.

data categories

• Comment content
• Your chosen username
• Your email address

Deletion deadlines

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case as part of the blog's comment function if your comment is no longer publicly visible or you have objected to further use and there are no overriding storage reasons to the contrary.

 

 j.) Social media platforms

Purpose and description of data processing

We maintain online presences on various social media platforms and professional career networks in order to provide information about our company and our services to customers and interested parties and to contact these users.

We would like to point out that we have no influence on the processing of personal data by the respective operator of the platform and that data can also be transferred to servers located outside the European Union, which can make it difficult to enforce your rights.

As a rule, the platform operators process your data for market research and advertising purposes. For this purpose, the operator usually stores corresponding cookies on the user's computer in order to create usage profiles for personalized advertising. This processing may also affect users who are not registered with the relevant platform.

Legal basis of data processing

Insofar as we process personal data, e.g. due to a contact being made by the user within a social media platform or a professional career network, the data is processed exclusively to answer the user's request. For these purposes, our legitimate interest lies in the processing of personal data in accordance with Article 6 (1) (f) DSGVO.

Deletion deadlines

Further information on the collection and storage of data by the respective platforms can be found here:

LinkedIn: https://de.linkedin.com/legal/privacy-policy

 

Your data subject rights at a glance

Your right to information (Article 15 DSGVO)

You can ask WeShyft to confirm whether personal data relating to you is being processed by us.

If such processing is present, you can request information from WeShyft about the following information:

• the processing purpose,
• the categories of personal data
• recipients or categories of recipients to whom personal data has been/will be disclosed,
• the storage duration,
• the existence of a right to rectification or erasure of the personal data concerned,
• the existence of a right of appeal to the supervisory authority,
• the origin of the data,
• the existence of automated decision-making.

Please use the above contact options to assert your right to information. We would also like to inform you that we are obliged to clearly verify your identity before providing information. Therefore, please only send your request from the e-mail address you provided at the time of registration.

Your right to rectification (Article 16 GDPR)

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

Your right to erasure (Art. 17 DSGVO)

You have the right to have your personal data deleted immediately.

This is particularly the case when

• the personal data are no longer necessary for the purposes for which they were collected,
• you have withdrawn your consent,
• you have lodged an objection to the processing and there is no overriding reason for storage,
• the personal data have been processed unlawfully or
• Your personal data must be deleted in order to comply with legal requirements.

Please note that overriding storage reasons (in particular due to retention periods) may prevent deletion. In addition, data can also be stored to assert, exercise or defend legal claims.

Your right to restriction of processing (Article 18 DSGVO)

You have the right to request WeShyft to restrict processing if one of the following conditions is met:

• the accuracy of the personal data is contested by you for a period enabling WeShyft to verify the accuracy of the personal data,
• the processing is unlawful and you reject the deletion of the personal data and instead request that the use of the personal data be restricted,
• WeShyft no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims or
• You have objected to the processing pending the verification whether WeShyft's legitimate grounds override yours.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

Your right to data portability (Art. 20 DSGVO)

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. In this case, you can also request that we transmit this data directly to a third party, insofar as this is technically feasible.

Your right to withdraw consent (Art. 7 DSGVO)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

Your right to object to processing (Art. 21 DSGVO)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f DSGVO.

WeShyft no longer processes the personal data relating to you, unless WeShyft can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising ("objection to advertising").

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes. We try to process the objection immediately, but there may be delays as part of our campaign control, so that you may receive further advertising for a short transitional period.

Your right to lodge a complaint with the supervisory authority (Art. 77 DSGVO)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the DSGVO.

The supervisory authority responsible for our company is:

The Hamburg Commissioner for Data Protection and Freedom of Information
Email: mailbox@datenschutz.hamburg.de