Privacy Policy of Experteer GmbH

We welcome you on your visit to our website and are pleased at your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable personal data protection legislation, in particular the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementation laws applicable to us. With the help of this privacy policy, you will find comprehensive information on about the processing of your personal data by Experteer GmbH, and the rights granted to you thereby.

Personal data comprises information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, your employment record, telephone number, email address, as well as your IP address.

It is anonymous data, if no personal reference to the user can be made.

Purposes and legal bases of data processing

Experteer is your personal career service agency, which gives you access and transparency to the high-quality employment market. Our service will help you identify your position and opportunities in the employment market, and will help you take control of your career. You therefore confide in us with your career-related personal data, which we carefully store for these purposes, according to your preferences, and provided it to you as needed. Experteer provides you, with “Privacy by Design” in the view settings of your employment record, the ability to determine easily and in a distinguishable manner which data you wish to make visible to recruiters checked by us, and, in particular, provides the option to you to adjust this in varied ways for headhunters or for internal company recruiters.

You may create your employment record with your individual milestones, career goals and various attachments. This profile serves, on the one hand, to better match open positions and allows you, on the other hand, to make this profile available to headhunters and company recruiters in a simple, discreet and secure manner. You will be informed about relevant open positions via saved searches or the Experteer Career Newsletter.

Experteer is not an ad-supported business model and does not rely on marketing the “user as a product”. Our product comprises an online career service agency that we offer for professionals and executives. The candidate as the customer is the centre of our business model. Under this, you give us your trust and thereby give us considerable amounts of personal data about your career path and your goals. We commit ourselves to dealing with your data in full confidence and in your interest, and to support your career as best possible. Our business model is built precisely upon this, unlike free portals.

If you feel that we are not in keeping with the terms of this statement or the data protection provisions, please contact us at the following email address: privacy@experteer.com.

For the processing of your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are complied with. Legal bases for the data processing arise are provided for specifically in Art. 6 EU GDPR.

We use your data for business contact, to fulfil contractual and legal obligations, to perform on the contractual relationship, to offer products and services, and to strengthen the customer relationship, which may include marketing and direct advertising.

Data entered related to your employment record and your career goals are provided directly to headhunters, recruiters, and/or indirectly via recruitment software providers and applicant database providers. These data entries are the core purpose and value added of the Experteer service provision and will always be shared according to your personal preferences. These data are specifically entered by you in your employment record, your career goal and applications, as well as any attachments as well as your user account.

Furthermore, the data you provide will be used for the contractual relationship with Experteer.

For the purpose of a better product experience, usage-related data is also collected. This allows us, in particular, to provide better matching with relevant agencies and headhunter clients as well as customer communication on the website or via email. You may also adjust the frequency of communication via email in your account settings.

Your consent also comprises the data protection permission requirement. In this, we will inform you about the purposes of data processing and your right of withdrawal. If the consent also relates to the processing of special categories of personal data, we will expressly inform you in the consent, as per Art. 88 para. 1 EU GDPR.

A processing of special categories of personal data, for the purpose of Art. 9 para. 1 EU GDPR only takes place when this is required on the basis of legal provisions, and there is no reason to believe that your legitimate interest prevails to the exclusion of this processing, as per Art. 88 para. 1 EU GDPR.

Responsible authority and data protection officer

Address
Experteer GmbH, Lenbachplatz 3, D-80333 München

Contact Information
info@experteer.com, Tel +49 89 / 5527938 - 100
Fax: +49 89 / 5527938 - 110
Responsible person: Dr. Christian Göttsch

Contact for privacy policy issues
privacy@experteer.com

Your Rights as a Data Subject

First of all, we would like to inform you about your rights as a data subject. These rights are standardised in Articles 15 - 22 EU GDPR. These include:

  • The right to be informed (Article 15 EU GDPR),
  • The right to erasure (Article 17 EU GDPR),
  • The right to rectification (Article 16 EU GDPR),
  • The right to data portability (Article 20 EU GDPR),
  • The right to restrict data processing (Article 18 EU GDPR),
  • The right to object to data processing (Article 21 EU GDPR).

To exercise these rights, please contact: privacy@experteer.com. This also applies if you have questions about data processing in our company. You also have a right of appeal to a data protection supervisory authority.

Right to object

Please note the following in connection with the right to object:

If we process your personal data for the purpose of direct mail, you have the right to object to this data processing at any time without giving reasons. This also applies to the any, provided that it is related to the direct marketing.

If you object to the processing for direct marketing purposes, then your personal data shall no longer be processed for these purposes. This is possible vie email to privacy@experteer.com at any time. This right to object is free and may take place without a form.

In the event that we process your data to protect justified interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling arising from these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds worthy of protection for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Third Party Sharing

We will only convey your data to third parties within the scope of the legal provisions or with the appropriate consent. Apart from that, it will not be convey to third parties unless we are required to do so based on mandatory legal provisions (disclosure to external authorities, i.e. supervisory authorities or law enforcement authorities).

Data recipients/Recipient categories

Within our company, we ensure that only those persons receive the data they need to fulfil the contractual and legal obligations.

In many cases, service providers support our departments in fulfilling their tasks. The required privacy policy agreement was concluded with all service providers.

  • Payment systems
    • Adyen B.V.
    • PayPal (Europe) S.à r.l. et Cie
  • Newsletter/Advertising purposes existing customers
    • Emarsys eMarketing Systems AG
    • Marketo EMEA Ltd.
  • Contact method/Customer service
    • Freshdesk Inc.
  • Advertising measurement/optimisation
    • Google Inc.
    • Criteo SA
    • Microsoft Corporation
    • LinkedIn Corporation
    • Doubleclick
    • Facebook
    • Twitter Inc.
  • Monitoring/Webtracking
    • Google Inc.
    • Sentry (Functional Software Inc.)
    • New Relic Inc.
    • Crazy Egg Inc.
  • Other
    • Textkernel
    • Talent Inc

Sending to third country/Intention to send to third country

A data transfer to third countries (outside the European Union and/or the European Economic Area) may only take place if required by law, or if you have given us your consent to do so.

We transfer your personal data to a service provider outside the European Economic Area: specifically, the United States.
Compliance with data protection standards is guaranteed by the EU standard contractual clauses.

Data storage period

We store your data for as long as they are needed for the respective processing purpose. Please note that multiple retention requirements may require that data continue to be stored. This specifically involves commercial or tax-related retention requirements (i.e. commercial code, tax code, etc.). Unless there are further retention requirements, the data will be deleted after use, as a matter of routine.

In addition, we may retain data if you have given us your permission to do so, or if there are legal disputes and we use evidence within the statutory limitation period, which may be up to thirty years; the regular limitation period is three years.

Secure transfer of your data

In order to best protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we utilise appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Any data exchange from and to our website is encrypted. For transmission protocol, we use HTTPS for our website, with each transfer based on up-to-date encryption protocols.

Obligation to provide the data

Various personal data are necessary for the establishment, implementation and termination of the discharge of contract, and for the fulfilment of associated contractual and legal obligations. This also applies to the use of our website and the various functions it provides.

We have summarised the details in the above point. In certain cases, data must also be collected and/or made available based on legal regulations. Please note that it is not possible to process your request or fulfil the underlying discharge of contract without providing this information.

Categories, sources and origins of the data

Which data we process determines the respective context: This depends on whether you, i.e. enter your profile data, respond to a contact request from a headhunter, apply for a position, subscribe to a paid premium membership or submit a request on our contact form.

Please note that we may also make available information for specific processing situations separately where appropriate, e.g. when uploading application documents or when making a contact request.

When visiting our website, we collect and process the following data:

  • Information on the website from which you are visiting us
  • Web browser and operating system used
  • The IP address assigned by your Internet Service Provider
  • Files requested, amount of data transferred, downloads/file export
  • Information on the websites that you access through us, including date and time
  • For reasons of technical security (in particular to defend against attempts to attack our web server), these data are stored as per Art. 6 para. 1 lit. F EU GDPR. Within no more than 30 days, this data will be deleted so that no connection to the user can be made.

As part of a contact request to our customer service, we collect and process the following data:

  • Last name, first name
  • Contact Information
  • Title
  • Status of your Experteer membership, e.g. Premium or Basic

As part of the order process, we process the following data:

  • Title
  • Last name, first name
  • Date of birth
  • Billing address
  • Email address

As part of answering a contact request of a recruiter or a headhunter, we collect and process the following data:

  • Title
  • Last name, first name
  • Email
  • Phone number
  • Experteer profile data, if necessary
  • personal response

For online applications, we collect and process the following data:

  • Last name, first name
  • Address
  • Contact Information
  • Experteer profile data
  • if appropriate, attachments such as resumes, certificates and cover letters

For newsletters, we collect and process the following data:

  • Last name, first name
  • Email address
  • Title
  • if appropriate, data analysis from newsletter and website evaluations

Please note that when uploading your Experteers profile or, if you upload your resume when are applying for a job through our website, if necessary we will transfer these to the company Textkernel (Nieuwendammerkade 28A17, Amsterdam, Noord-Holland 1022 AB, The Netherlands) for evaluation. Your document is parsed there and sent back to us as an XML file. In the course of this, the following information is processed:

  • First Name
  • Last Name
  • City
  • Country
  • Phone number
  • Profile image
  • Title
  • Date of birth
  • Resume
  • Title
  • Academic title
  • Education
  • Work experience
  • Spoken languages
  • Skills

All data is thereby transmitted in encrypted form. More information on data protection at Textkernel can be obtained at https://www.textkernel.com/privacy-statement/.

In addition, at your request, we may forward your resume, which you have uploaded through our website, to Talent Affiliate, 215 Park Avenue South, Suite 1902, New York, NY 10003, USA. Your resume will be analysed there and you will receive suggestions on how to increase your chances of successfully completing a job interview.

All data is thereby transmitted in encrypted form. More information on data protection at Talent Inc. can be obtained at http://talent-inc.com/privacy-policy/.

Contact form / contact by email (Article 6 para. 1, lit. a, b EU GDPR)

On our website a contact form is available, which may be used for electronic contact. If you write to us via the contact form, we will process your data provided in the contact form in order to contact you and answer your questions and requests.

In doing so, we respect the principle of data economy and data avoidance, by providing only the information we need to contact you. These comprise your email address as well as the message field itself. In addition, your IP address is processed due to technical necessity as well as legal security. All other data is optional and is provided optionally (i.e.in order to respond to your questions more specifically).

If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request.

On our website and for customer service via email, we use the Freshdesk tool, an offering of Freshdesk Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA, which supports us in the processing of customer inquiries, in order to give you the best possible support. Freshdesk handles your support request and contact information on our behalf when you send us an email to customer service.

More information on data protection at Freshdesk can be obtained at http://www.freshdesk.com/privacy/.

Registration / Customer account (Art. 6 para. 1 lit. a, b EU GDPR)

On our website, we offer users the opportunity to register by providing personal information. The advantage is that you may, in particular, store your profile data permanently, so that you may be found and contacted by headhunters and recruiters. In addition, when applying for job postings, you may easily share your profile information, significantly accelerating the application process.

The registration is therefore either necessary or option in order to fulfil a contract with you or to carry out pre-contractual measures.

In doing so, we respect the principle of data economy data avoidance, since only the data necessary for the registration are marked with asterisks (*) as obligatory fields. These comprise e.g. the email address as well as password including password repetition.

For the subscription to a premium membership, information on the billing address (title, first name, last name, address) must also be provided.

By registering on our website, the IP address of the user, the date and time of registration are also stored (technical background data). By clicking the “Register now” button, you give the consent to the processing of your data.

Please note: Your password will be stored in encrypted form by us. Employees of our company are not able to read this password. Therefore, they can give you no information, if you have forgotten your password.

In this event, use the “Forgot password” function, which will send you a link to re-enter your password via email. No employee is entitled to request your password by telephone or in writing. Please never give your password if you receive such requests.

Upon completion of the registration process, your data will be stored with us for the use of the protected customer area. Once you access our website with your email address with your username and password, this data will be made available for the actions you have carried out on our website (for example, for the subscription to a premium membership on our website). Completed orders may be tracked in the “My Account” area. Changes to the billing address may be entered here.

Registered persons are free to make any changes/corrections to the billing information in the “My Account” area. Changes/corrections will also be gladly carried out by our customer service, if you contact them. Naturally, you may also cancel or delete the registration and/or your customer account. You will find the description for that in the “My Account” area.

Experteer Premium membership (Art. 6 para. 1 lit. b EU GDPR)

We process the data provided by you as part of a subscription to an Experteer Premium Membership, only for the implementation and/or fulfilment of the contractual relationship, unless you agree to a further use.

We respect the principle of data economy and data avoidance, by providing only with the information we need to implement the contract and/or to fulfil our contractual obligations (i.e. your name, address, email address, and payment data needed for each payment method) or to collect it we are required by law.

In addition, your IP address is processed due to technical necessity as well as legal security. Without this data, we would have to unfortunately reject the execution of the contract, because we would then not be able to implement it or would have to, if necessary, terminate an existing contract. Naturally, you may also provide more data if you wish.

Payment systems (Art. 6 para. 1 lit. a, b EU GDPR)

On our website, you may pay by credit card, PayPal or direct debit (SEPA direct debit). For this, the relevant payment-related data is collected in order to execute your order and payment. In addition, your IP address is processed due to technical necessity as well as legal security.

We respect the principle of data economy and data avoidance, by providing us with only the data we need to perform the payment and fulfilment of the contract or to collect it we are required by law.

Without this data, we would have to unfortunately reject the execution of the contract, because we would then not be able to implement it.

Payments are processed by our partner Adyen BV, Simon Carmiggelstraat 6 - 50, 1011 DJ Amsterdam. To prevent and detect fraud, we send your IP address to Adyen BV. Your IP address will be stored by Adyen BV. All data is transmitted in encrypted form.

We would like to point out that Adyen B.V. transmits your personal data to other entities necessary for the fulfilment of the transaction, in particular, to the participating credit institutions, banks, credit card institutions. The processing of your personal data to process the payment also takes place.

Note on credit card payment: As is usual with credit card payments, credit card details are checked.

Note on PayPal: PayPal is a company of PayPal (Europe) S.à r.l. and Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. If the data subject selects “PayPal” as a payment option during the order process in our online shop, the data of the data subject will be automatically transmitted to PayPal.

By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually a first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing.

For the fulfilment of the purchase contract, those personal data, which are related to the respective order, are also necessary. Details on data protection at PayPal may be found at: https://www.paypal.com/webapps/mpp/ua/privacy-prev.

Note on direct debit: As usual with direct debit, your account details will be collected, in order to debit the corresponding amount from your account.

Newsletter / Advertising purposes existing customers / (Art. 6 para. 1 lit. f EU GDPR)

We are interested in maintaining the customer relationship with you and to provide you with information and offers about our products/services. Therefore, we process your data in order to send you the corresponding information and offers by email.

You may subscribe to a free newsletter on our website. The email address as well as your name provided during registration will be used to send you a personalised newsletter.

In doing so, we respect the principle of data economy and data avoidance, since only the email address (if necessary, the name of the personalised newsletter) is marked as required. Due to technical necessity as well as legal security, your IP address will be processed when ordering the newsletter.

You may naturally terminate the subscription at any time, via the opt-out option provided in the newsletter and thus withdraw your consent. It is also possible to unsubscribe from the newsletter via our website at any time.

The technical handling of the newsletter is either via Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna or via Marketo EMEA Ltd., Cairn House, South County Business Park, Leopardstown Road, Dublin 18. For this purpose, all necessary data from your profile will be transmitted to Emarsys or Markto. The legal basis for this is Art. 6 para. 1 lit. f EU GDPR. We respect the principle of data economy and data avoidance, by providing only the data that we will need to perform the newsletter distribution. All data is transmitted in encrypted form. The data, which are necessary for the newsletter receipt, are not transmitted to other third parties.

For the evaluation of newsletter campaigns, newsletters contain tracking pixels. An email thumbnail formatted in HTML is embedded for this purpose, allowing us to see which email you have opened and when. In addition, we can determine which links in the email you have accessed.

Unsubscribing from the newsletter is possible at any time, and may be done via a dedicated link in the newsletter.

You can find further information on the technologies used in the privacy policy of Emarsys eMarketing Systems AG at https://www.emarsys.com/en-uk/privacy-policy/ and of Marketo EMEA Ltd. at https://documents.marketo.com/legal/privacy/.

If you do not wish this, you may object at any time to the use of your personal information for the purpose of direct marketing; this also applies to profiling if it is associated with direct mail. If you object, we will stop processing your data for this purpose.

The objection may be made without giving reasons, for free and free of form, and should be does as directly as possible online in your account settings, or by email to privacy@experteer.com.

Location of data storage / hosting

For the purpose of operating our website, we use the services of infrastructure providers PlusServer GmbH (Hohenzollernring 72, 50672 Cologne), Amazon Webservices, Inc (410 Terry Drive Ave North, WA 98109-5210 Seattle, USA) and DigitalOcean (101 6th Ave, New York, NY 10013, USA). Personal data is stored exclusively in the EU at locations in Cologne and Frankfurt.

Automated individual decision-making

To improve search and recommendation resultswe may store information about your usage behaviour on our platform so that suitable job offers can be found for you. As part of this, we store which job offers you have viewed, which job offers you have applied to and which headhunters or recruiter you have contacted. This information is kept, however, in anonymous form, so that no direct personal reference to you can be made from only this data. The legal basis is from Art. 6 para. 1 f GDPR. Our legitimate interest is that, by storing this information, we want to ensure that you receive continuously improved search and recommendation results.

Cookies (Art. 6 para. 1 lit. f EU GDPR / Art. 6 para. 1 lit a EU GDPR with consent)

Our website uses cookies at several points. The help in making our site more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive).

By means of these cookies, it allows us to analyse how users use our websites. We can thus design website content according to visitor needs. Through cookies, it also allows us to measure the effectiveness of a given ad and have it ranked, for example, depending on the user's preferences.

Most cookies used by us are the kind that are referred to as “session cookies”. These will be deleted automatically after your visit. Persistent cookies are automatically deleted from your computer when their validity period (usually six months) is reached or you delete them yourself before the expiration date.

Most web browsers accept cookies automatically. Normally, you may change your browser settings if you prefer not to send the information. You may still use our website offerings without restrictions (exception: configurations).

We use cookies to make our site more user-friendly, effective and safer. Beyond that, we use cookies that allow us to analyse how users use our websites. We can thus design content according to visitor needs. Through cookies, it also allows us to measure the effectiveness of a given ad and have it ranked, for example, depending on the user's preferences.

Cookies are stored on the user computer and transmitted by it to our website. As user, you have complete control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Furthermore, cookies being used may be deleted at any time via an internet browser or other software programs. This is possible in all popular internet browsers.

Please note: If you deactivate the placing of cookies, our website becomes unusable.

Advertising measurement/optimisation

Criteo: On our website, we utilise the services of Criteo SA, 32 Rue Blanche, 75009 Paris, France, to target visitors to our website with personalised, interest-based advertisements based on their browsing habits. Criteo SA collects and stores information in anonymous form, for this purpose, on the browsing behaviour of visitors to our website. For this, Criteo uses anonymous browser cookies, which at no time collect personal data such as name or address. Identification of the website user is therefore impossible. Only the identifiers in the browsers used by the visitor (desktop, tablet or smartphone) are compared. There is no further use or disclosure of data. The storage of cookies may be prevented by a corresponding setting in your browser. You may permanently disable the use of Criteo cookies by following the link below and changing the cookie setting accordingly: http://www.criteo.com/privacy/. Further information on the technology used is in the Criteo SA Privacy Policy at: http://www.criteo.com/privacy/.

Google Adwords: We also use the Google AdWords Conversion Tracking feature of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States („Google“). Google AdWords uses cookies when you click on a Google ad

As long as the cookie is valid, Google and we, as the website owner, can see that you have clicked on an ad and reached a specific landing page (e.g. registration, job search). These cookies can not be tracked across multiple websites from different AdWords participants. The cookies generate conversion statistics in Google AdWords. These statistics include the number of users who clicked on any of our ads. In addition, it counts how many users have come to a landing page that has been tagged with a “Conversion tag”. However, the statistics do not contain any data that identifies you.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR and our legitimate interest in the analysis, optimisation and economic operation of our website.

More information on how Google uses conversion data and Google's privacy policy may be found at: https://policies.google.com/privacy and https://support.google.com/adwords/answer/93148?ctx=tltp.

Bing Ads: on our website, we also use technologies from Bing Ads (bingads.microsoft.com), which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses a cookie on your device if you have reached our website via a Microsoft Bing ad. Microsoft and we can see, in this way, that someone clicked on an ad, was redirected to our site, and reached a predefined Conversion site. We only become aware of the total number of users who clicked on a Bing ad and were then redirected to the Conversion site. Microsoft uses the cookie to collect, process and utilise information that is used to create usage profiles using pseudonyms. These usage profiles are utilised to analyse visitor behaviour and are used to display advertisements. No personal information about the identity of the user is processed.

If you do not want information about your behaviour to be used by Microsoft as explained above, you may refuse the necessary setting of a cookie - i.e. via a browser setting that generally disables the automatic setting of cookies. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft, by using the following link http://choice.microsoft.com/opt-out to explain object.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR and our legitimate interest in the analysis, optimisation and economic operation of our website.

For more information about privacy and cookies used on Microsoft and Bing Ads, visit the Microsoft website at https://privacy.microsoft.com/privacystatement.

LinkedIn Remarketing/Retargeting: On our website, we also use the analysis and Conversion Tracking technology of the social network LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you visit our pages, remarketing tags create a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our site with your IP address. This allows LinkedIn to associate the visit to our pages with your user account. We can use this information to display LinkedIn ads. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data and their utilisation by LinkedIn. Further information on this may found in the Privacy Policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR and our legitimate interest in the analysis, optimisation and economic operation of our website.

Using the link below, learn how to decline interest-based advertising on LinkedIn: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences.

Doubleclick by Google: On our website, we also use DoubleClick by Google (“DoubleClick”). DoubleClick uses cookies to present ads that are relevant to you, to improve the reports on ad campaign performance or to prevent you from seeing the same ads multiple times. In addition, DoubleClick uses cookies to track conversions related to ads. That would be the case for example, if you see a DoubleClick ad and later use the same browser to visit our website and register with us. According to Google, DoubleClick cookies do not contain personally identifiable information.

Based on the marketing tools used, your browser automatically establishes a direct connection to the Google server. By including DoubleClick, Google receives the information that you have accessed the relevant part of our website or have clicked on an ad from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google and/or have not logged in, Google may be able to find and store your IP address.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR and our legitimate interest in the analysis, optimisation and economic operation of our website.

More information on DoubleClick by Google can be obtained at https://www.google.com/doubleclick, as well as on data protection at Google in general: https://www.google.com/policies/privacy. Alternatively, you may visit the website for the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Facebook Custom Audience: As part of use-based online advertising, the Custom Audiences product of Facebook (Facebook Custom Audiences 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on our website. Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which may be transmitted to Facebook for analysis and marketing purposes. For this purpose, a Facebook tracking pixel is used on our website. Information is collected on your activities on the website (i.e. browsing behaviour, visited subpages, etc.). For the geographical guiding of advertising, your IP address is stored and used.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR and our legitimate interest in the analysis, optimisation and economic operation of our website.

For more information on the purpose and scope of the data collection and the further data processing and utilisation, as well as the privacy settings, please refer to the Privacy Policy of Facebook (https://www.facebook.com/policy.php).

Twitter Advertising: Finally, we also use the Twitter Tracking Code on our website (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA). A Twitter cookie is used. Information is collected on your activities on the website (i.e. browsing behaviour, visited subpages, etc.). For the geographical guiding of advertising, your IP address is stored and used.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR and our legitimate interest in the analysis, optimisation and economic operation of our website.

For more information on the purpose and scope of the data collection and the further data processing and utilisation, as well as the privacy settings, please refer to the Privacy Policy of Twitter (https://twitter.com/privacy).

Google Tag Manager: For reasons of transparency, we would like to point out that we use Google Tag Manager. Google Tag Manager does not collect personally identifiable information. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that can be used, among other things, to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimise websites. If you have opted out, this opt out is taken into account be the Google Tag Manager. For more information on Google Tag Manager see: https://www.google.com/tagmanager/use-policy.html.

Monitoring / Web tracking process

Google Analytics: Our website uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies, which are text files that are stored on your computer and that allow your use of the website to be analysed. Google Analytics also uses, among other things, the DoubleClick cookie mentioned above, to target, optimise, and present ads based on previous visits by a user to our site. The cookie stores, among other things, information on the IP address, the browser type and the operating system of the requesting computer as well as the URL of the referring website. The information generated by the cookies related to your use of our website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymity is enabled for our website, anywhere within the member states of the European Union or in other countries that are parties to the Agreement on the European Economic Area, your IP address will first be abbreviated by Google. Your full IP address will be transmitted to a Google server in the USA and truncated there only in exceptional cases. Google will use this information on behalf of this website’s operator to evaluate your use of our website, to create reports about the website activities, and to provide additional services connected with the website and Internet use to the website operator. The IP address transmitted from your browser as part of Google Analytics is not associated with any other data held by Google. You can prevent cookie storage by selecting the appropriate settings in your browser; however, we would like to point out that in such cases you might not be able to use all of the functionality of our website. In addition, you may prevent the tracking of the data created by the cookie related to your use of our website (incl. your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout.

On our website, we use Google Analytics that also includes the functions of Universal Analytics. Universal Analytics makes it possible to analyse the activities on our pages across devices (e.g. access via laptop/tablet). This is made possible by the pseudonymous assignment of a user ID to a user. Such an assignment takes place, for example, when you register for a customer account and/or log in to your customer account. To prevent this tracking, please use the following link: http://tools.google.com/dlpage/gaoptout.

Sentry: We use Sentry to collect error messages from our online platform. In the process, usage data (called URL, website status) and technical data (browser information, IP) are collected and processed. We collect this data on the basis of legitimate interests for the purpose of Art. 6 para. 1 lit. f EU GDPR, in order to constantly improve our systems and to prevent security gaps.

We have entered into a data processing agreement with Functional Software Inc. (Sentry), which commits Sentry to compliance with EU data protection standards. Sentry is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000TNDzAAO&status=Active.

More information may be found in the Privacy Policy of Functional Software Inc. (Sentry) at https://sentry.io/privacy/.

New Relic: We use the performance analysis services of New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA, for the purpose of collecting performance data from our website. These are stored and analysed, for logged-in users with registration of the respective user ID. If data is conveyed on to New Relic, this is done exclusively and completely anonymised. The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR. More information may be found in the Privacy Policy of New Relic at https://newrelic.com/termsandconditions/privacy.

Crazy Egg: To improve usability and customer experience, we use the “Crazy Egg” web analytics service of Crazy Egg Inc. USA on our website. Using Crazy Egg Inc. technology, visitor information is collected and transmitted to the Crazy Egg Inc servers. The technology allows user activities to be collected, analysed and visualised while visiting our website. For example, we can use a “heat map” to identify which areas of our website are most visited and clicked on. Cookies are also used for this purpose. From the pseudonymous data utilised, we are not able to establish a direct personal reference. The legal basis for the processing of your data is Art. 6 para. 1 lit. f EU GDPR. At any time, you may object to the collection, processing and compilation of data generated by CrazyEgg.com, by following the instructions at http://www.crazyegg.com/opt-out. More information on data protection at CrazyEgg.com may be found at https://www.crazyegg.com/privacy.

Social network social plugins

Facebook: We use social plugins of the Facebook.com social network, which is operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. The Like button also uses such a social plugin. If such a plugin is called by our users, the user browser establishes a direct connection to the Facebook servers. As a result, the information on which Experteer websites were visited by the user is automatically transmitted to the Facebook server. For users who are logged in to Facebook, Facebook assigns this information automatically their personal Facebook account and stores them. A cookie may also possibly be installed on your computer, but deleted when the browser is closed. The purpose and scope of the data collection and the further utilisation of the data by Facebook may be found in the Facebook Privacy Policy at http://www.facebook.com/policy.php.

Google Plus: We use the Google +1 button made available by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States. If you visit a website with a built-in Google +1 button, and it is uploaded, Google will discover your IP address and that our website was visited via that IP address. To use Google +1, you will need a profile on Google +1. If you are logged in to Google +1 on your profile and you click on the integrated Google +1 button on Experteer, you recommend the content of the page on which the button is integrated. Google then saves that you have clicked on this button together with information about the respective page. The fact that you have clicked on the Google +1 button and recommended that page may be displayed in your Google +1 profile or on other websites that use Google +1. If you do not want Google to directly associate the data collected through our website with your Google profile, you must log out of Google before visiting our website. More information on the data collection and utilisation by Google in connection with Google +1 as well as your related rights in this regard, please refer to the Google Privacy Policy at http://www.google.com/policies/privacy/.

Twitter: On our website, we use features of the Twitter service offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. If you visit a website with a built-in Twitter button, and it is uploaded, Twitter will discover your IP address and that our website was visited via that IP address. In order to use Twitter, you need a Twitter account. If you are logged in to Twitter on your profile and click on the Twitter button on Experteer, you will share the content of the page in which the button is integrated with other Twitter users. Twitter will then remember that you have clicked this button along with information about the page and make that information available to other Twitter users. If you do not want Twitter to directly associate the data collected via our website to your Twitter profile, then you must log out of Twitter before visiting our website. For more information about data collection and utilisation by Twitter and your right related to it, please refer to the Privacy Policy of Twitter at https://twitter.com/privacy.

Using the Shariff solution: We are glad if you recommend and discuss the contents of our pages on social media. For this, we use the buttons provided by the “Shariff” extension. Standard social media buttons transmit user data with each page view, and give the social networks accurate information about your browsing behaviour (user tracking). You do not have to be logged in or be a member of the network. The Shariff social button only creates direct contact between the social network and visitors when the latter actively clicks on the share button. If the user is already logged in to a social network, this is done on Facebook and Google+ without another window. On Twitter, a pop-up window appears where you can still edit the tweet. More information on this may be found at heise.de.

Links to other providers

Our website also contains - clearly recognisable - links to the Internet sites of other companies. Although there are links to the websites of other providers, we have no influence on their content. Therefore, no guarantee and liability can be assumed for such content. The relevant providers or operators of these sites are always responsible for their contents.

The linked pages were checked at the time of linking for possible legal violations and identifiable infringements. No illegal content was identifiable at the time of linking. However, we cannot be expected to continuously monitor the contents of linked pages if there are no specific indications that an infringement of rights has occurred. If we become aware of infringements of rights, such links will be removed immediately.

Application portal (Art. 6 para. 1 lit. a, b EU GDPR)

If you apply to Experteer as an employee: We are glad to hear of your interest in working for Experteer GmbH. We are aware of the importance of your data and process the personal data provided by you within the application form only for the purpose of the effective and correct fulfilment of the application process and for contact purposes during the application process. No transfer of data to third parties takes place without your consent.

Your application should ideally be sent by email. You will be asked to provide personal information. In so doing, we respect the principle of data economy and data avoidance by providing us with only the data we need to fully review your application documents, i.e. your resume or to collect it we are required by law. Without this data, we would unfortunately not be able to carry out an examination of your application documents.

In order to best protect the security and confidentiality of your data, we implement appropriate security measures.

We store your data for the above purpose until the application process is completed, a maximum of 6 months. For longer storage we require your consent, which you may give us by email. You may naturally revoke your consent at any time without giving any reason with effect for the future, by post to Experteer GmbH, Lenbachplatz 3, D-80333 München.

Minor

Persons under 16 years of age may not submit any personal data to us without the consent of the legal guardian and/or a declaration of consent is provided. We encourage parents and guardians to actively participate in the online activities and interests of their children.

Munich, May 25, 2018