Privacy Policy

Information on data protection

The German Version is relevant in any Case.

denkwerk attaches great importance to the protection of privacy and the correct handling of personal data.

With this data protection notice, we would therefore like to inform you about the type, scope and purpose of the processing of personal data. The information relates to our online presence at denkwerk.com, with an integrated contact form and newsletter subscription, the use of our social media profiles such as Twitter, Vimeo, Instagram and Facebook and any other form of digital processing.

The terms used in this data protection notice, such as "processing" or "controller", correspond to the definitions in Article 4 of the General Data Protection Regulation ("GDPR"), which you can read on the European Commission's website, for example.

Before we go into the details, here is a quick summary:

Controller (within the meaning of Art. 4 No. 7 GDPR)
denkwerk GmbH
Vogelsanger Str. 66
50823 Cologne
E-mail: hello@denkwerk.com

Imprint
Data Protection Officer
(DPO)
Address: c/o denkwerk GmbH
E-mail: datenschutzbeauftragter@denkwerk.com

Type of personal data processed

  • Inventory data (e.g. names, addresses of contact persons)

  • Contact details (e.g. e-mail address, telephone numbers)

  • Contract data (e.g. subject matter of the contract, term, billing address, identification features such as date of birth)

  • Payment data (e.g. account or bank details, payment history)

  • Usage data (e.g. log file entries such as user agent, access time, IP address, etc.)

Possible categories of affected persons

  • Visitors and users of our online services

  • Customers, interested parties, business partners, applicants and employees

  • Subscribers to our newsletter

Individual or cumulative purposes of processing and the intervening legal bases

  • Provision of our online services, maintenance and improvement of functions and content (see Art. 6 (1) lit. b or lit. f or also lit. a GDPR)

  • Provision of contractual or pre-contractual services, service and customer care (cf. Art. 6 para.

    (1) lit. b GDPR)

  • Requested transmission of information and notifications (see Art. 6 para.

    (1) lit. a GDPR)

  • Reach measurement/marketing (see Art. 6 para.

    (1) lit. f GDPR)

Rights of the data subjects

  • Right to information

  • Art. 15 GDPR

  • Right to rectification Art. 16 GDPR

  • Right to object Art. 21 GDPR

  • Right to erasure and restriction of processing of data Art. 17 GDPR

  • Right to be forgotten Art. 17 GDPR

  • Right to data portability Art. 20

  • Right to lodge a complaint with supervisory authorities Art. 77 GDPR

  • Right to withdraw consent Art. 7 para. 3 GDPR

That was the general overview and now we would like to explain the details:

A. Use of our website/ / use of cookie consent technology

When you visit the denkwerk website(s), your browser automatically transmits the following data:

  • Your IP address

  • Websites from which you come (the so-called "referrer")

  • Date and time of page views

  • Your browser type and version

  • The operating system of your end device

  • If applicable, the duration of the visit

The temporary storage of this data is necessary to enable the website to be delivered to your computer and to ensure the functionality of the website.

We also use this data to gain statistical insights into how our websites are used. In addition, we collect the data in order to be able to trace and prevent unauthorized access to the web server and misuse of the websites and to secure our information technology systems.

The legal basis for this data processing is predominantly in our legitimate interest (Art. 6 para. (1) lit. f GDPR), partly in the fulfillment of a contractual or pre-contractual obligation (Art. 6 para. (1) lit. b GDPR) or occasionally also in your consent (Art. 6 para. (1) lit. a GDPR).

In the interests of user-friendliness, denkwerk also uses cookie consent technology. We inform you about the use of any cookies and obtain your consent to the storage of certain cookies on your end device. Furthermore, we then document this in compliance with data protection regulations.

The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you visit our website, the following personal data is transmitted to Usercentrics:

  • Your consent(s) or the withdrawal of your consent(s)

  • Your IP address

  • Information about your browser

  • Information about your end device

  • Time of your visit

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

Please note the option to customize the cookies:
Change cookie preferences

As a user, you are the data subject and can object to the future use of your data. You can find more information under Right of objection or revocation.

A.1 Analysis of our website as well as tracking and retargeting

a) Google Analytics/Google Universal Analytics

denkwerk uses Google Analytics, a web analysis service of Google Inc. ("Google") for its online offers. Google Analytics uses cookies that are stored on the website visitor's computer and that enable the use of the website to be analyzed. The information generated by the cookie, such as

  • IP address

  • Date and time of the request

  • Website from which the request comes

  • Browser

  • Operating system

The IP address is usually transmitted to a Google server in the USA and stored there. denkwerk uses Google Analytics with the extension "_anonymizeIp()"; this means that every IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of denkwerk, Google will use the information collected to evaluate the use of the website by visitors, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.

The deletion of the data is carried out automatically after coordination and instruction of the person responsible with the help of the configuration options provided by Google after a period specified by the client.

Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences

b) Matomo (formerly Piwik)

denkwerk uses the web analysis service Matomo, a free web analysis software that is available at https://matomo.org/ under the GPL (GNU General Public License). Matomo is used to analyze usage behavior on our website and to obtain information about the use of the individual components of the website. This enables us to constantly optimize the website and its user-friendliness. By default, no cookies are set for web analysis; the exception is the technically necessary cookie for disabling all functionality (see Change cookie preferences). Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. It is not used in any other way, merged with other data or passed on to third parties. Matomo is configured in accordance with the applicable data protection regulations. You can read information about data protection at Matomo at any time at https://matomo.org/privacy/.

Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences

c) HubSpot

denkwerk uses HubSpot for marketing activities on our website. HubSpot is a software company based in the USA with a branch in Europe (HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland).

This integrated software solution helps us with our marketing, lead generation and customer service (sending newsletters and automated mailings, social media publishing and reporting, contact management, etc.) such as user segmentation and CRM, landing pages and contact forms.

HubSpot uses cookies, i.e. small text files that are stored locally in the cache of your computer's Internet browser and enable your use of the website to be analyzed. HubSpot evaluates the information collected (e.g. IP address, geographical location, browser type, length of visit and pages viewed) on our behalf so that we can compile reports on visits and the pages viewed.

Insofar as HubSpot transfers personal data to affiliated companies and processors in countries outside the EU, protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR applies to those companies that are certified under the EU-U.S. Data Privacy Framework (TADPF). HubSpot, Inc. is certified according to TADPF and is thus committed to complying with appropriate data protection standards. The standards can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

Further information on data processing by HubSpot can be found on the HubSpot website at: https://www.hubspot.de/data-privacy/gdpr.

Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences

d) LinkedIn (Insight tag)

With your consent, we activate a cookie from LinkedIn when you visit our website (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland).

The tag reports to LinkedIn what actions you have taken on our website and any personal data about you (e.g. IP address, browser, date/time).

The data allows LinkedIn to recognize that you have visited our website, what you have clicked on and if you have clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-related content. LinkedIn can link this data to your user account and use it for its own purposes. The processing of your data by LinkedIn is explained in the data protection information at https://www.linkedin.com/legal/privacy-policy.

We do not receive any data about you or other LinkedIn users, but only statistics that show us in aggregated form for all users in a given period how they have used our offers and advertisements on other LinkedIn platforms. This helps us to analyze which of our ads were successful and which were not.

You can view the cookies used under the following link and also configure them there:

Cookies used
Change cookie preferences

e) Meta Pixel

With your consent, we activate a pixel from Meta Platforms Ireland when you visit our website (Meta Platforms Ltd., 4 Grand Canal Square, Dublin 2, Ireland).

The pixel reports to Meta Platforms Ireland which actions you have performed on our website and possibly personal data from you (including information on app/browser, language setting, time, IP address, advertising ID).

With the data, Meta Platforms Ireland can recognize that you have visited our website, what you have clicked on and if you have clicked on a link on Facebook or Instagram that connects you to our website. This allows Meta Platforms Ireland to show you interest-based advertising on Facebook or Instagram or other websites that also use this function. Facebook can link this data to your user account and use it for its own purposes. The processing of your data by Meta Platforms Ireland is explained in the data protection information at https://www.facebook.com/about/privacy.

We do not receive any data about you or other users from Meta Platforms Ireland, but only statistics that show us, aggregated for all users in a given period, how they have used our offers and ads on other platforms of Meta Platforms Ireland (Facebook, Instagram). This helps us to analyze which of our ads were successful and which were not.

When transferring the data collected by the pixel, we act with Meta Platforms Ireland as a so-called "joint controller" in accordance with Art. 26 GDPR. We have concluded a separate agreement for this (see here: https://www.facebook.com/legal/controller_addendum). Facebook is solely responsible for further processing. If you exercise your rights to information, deletion, etc. (see section "Your rights"), Meta Platforms Ireland is responsible for the implementation of your rights within the framework of joint responsibility.

Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences

A.2 Configuration options

Here you can make the settings for your cookies. Please note that the website may no longer function correctly if you block all cookies, including technically necessary cookies. Technically necessary cookies, on the other hand, are always set.

It may be technically necessary for your decision regarding the use of cookies to be stored in a cookie again. However, this cookie then has no further function.

Change cookie preferences

A.3 Making contact

If you contact us in any way (e.g. via the contact form on our website or by e-mail), the data you provide will be processed to the extent necessary to respond to your request or to deal with your request.

denkwerk uses the services of a service provider (HubSpot, details under A 1 letter c) to manage such requests.

The processing of your electronic contact data takes place here on the basis of your consent (Art. 6 para. (1) lit. a GDPR), to fulfill your contact request (Art. 6 para. (1) lit. b GDPR) and / or serves the legitimate interest to answer your request (Art. 6 para. (1) lit. f GDPR).

As the enquirer, you are the data subject and can object to the future use of your data. You can find more information below in the text under Right of objection or revocation.

A.4 Integration of Vimeo videos

We also integrate videos from "Vimeo" on our website via a social plug-in from the service provider Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as: "Vimeo").

As a result, personal data is passed on to Vimeo. If you have a user account with Vimeo and are registered, Vimeo can assign the visit to your user account. Vimeo stores this data as a user profile and uses it for the purposes of advertising, market research and/or the needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website.

You can read details about their data processing here: https://vimeo.com/privacy

You have the right to object to the creation of these user profiles. Please contact Vimeo directly for this purpose. Details can be found under B. II.

We use Vimeo to display and offer you content and functions of the Vimeo social platform on our website, as well as to improve our offer and the user experience and make it more interesting. This also constitutes our legitimate interest in processing the above information. The legal basis for processing is therefore Art. 6 para. (1) sentence 1 lit. f) GDPR.

If you want to prevent the transfer of data, you cannot use the functions of Vimeo.

Irrespective of this, we recommend that you regularly log out of your user account after using a social network, as this will prevent you from being assigned to your profile with the respective provider.

Cookies used:

You can view the cookies used under the following link and also configure them there:

Change cookie preferences

A.5 Confluence

denkwerk uses the knowledge platform software Confluence for the efficient and improved exchange of information or as a wiki, so-called "knowledge bank", reference work or information base. The service provider is the American-Australian company Atlassian, Inc. 1098 Harrison Street, San Francisco, California 94103 - USA.

denkwerk processes your data in this tool if you are a customer of ours or otherwise maintain a business relationship with us within our customer projects. denkwerk manages the internally used Confluence described here on servers in Germany, i.e. the data are not in the cloud and there is no access by Atlassian or others.

The legal basis for this processing is denkwerk's legitimate interest in efficient cooperation and the provision of services (Art. 6 (1) lit. f GDPR).

Ultimately, however, it can never be completely ruled out that pData will also be transferred in the USA. However, Atlassian is an active participant in the EU-US Transatlantic Data Privacy Framework (TADPF) agreement. This agreement regulates the correct and secure transfer of personal data (pData) from EU citizens to the USA. By participating, the company undertakes to comply with it. You can find more information on this at: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721 .

In addition, Atlassian uses the so-called standard contractual clauses (Art. 46 (2) and (3) GDPR). These are the model contract templates provided by the EU Commission. Concluding a contract on this basis is a further obligation of Atlassian to comply with the European level of data protection when processing your data.

If you want to know more about how your data may be used and processed, you can find Atlassian's privacy policy at the following link: https://www.atlassian.com/de/legal/privacy-policy#what-this-policy-covers

A.6 Video conferences / online meetings

denkwerk uses - taking into account the preferences of the respective participants - one or other of the (video conferencing) tools listed below to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings").

"Zoom" is a service of Zoom Video Communications, Inc. which is based in the USA, namely in San Jose/CA. Zoom's privacy policy can be found at https://explore.zoom.us/en/privacy/.

"Slack" is a service of Slack Technologies Ltd, which is also based in the EU, namely in Dublin/Ireland. Slack's privacy policy can be found at https://slack.com/intl/de-de/trust/privacy/privacy-policy?geocode=de-de.

"MS Teams" is a service of the Mircosoft Corporation, which is also based in the USA, namely in Redmond/WA. The data protection provisions of Mircosoft can be found at https://privacy.microsoft.com/de-de/privacystatement.

"Google Meet" is a service of Google and - depending on the user's habitual residence (European Economic Area or Switzerland) - is located at Google Ireland Limited, based in the EU, Dublin/Ireland (see: https://www.google.de/contact/impressum.html). Google's privacy policy can be found at https://policies.google.com/privacy

The tools are used to run "online meetings". All participants in such an online meeting have access to see, hear and read the content of the video conference itself, i.e. the participants, as well as the chat.

The provider of the tool used in each case has access to the processed data as part of the order processing.

If denkwerk wants to record an "online meeting", we will communicate this transparently in advance and - if necessary - ask for your consent.

The fact of the recording will also be displayed in the application so that you can see for yourself.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, we would point this out separately; chat histories are normally deleted when the conference ends.

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user with one of the those tools, reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by the provider for up to one month. - However, automated decision-making within the meaning of Art. 22 GDPR is not used.

The following personal data may be processed:

User details: first name / surname (not mandatory, but useful), company (optional), telephone (optional), e-mail address and password (only if you use your own account), profile picture (optional)

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in by phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

Text, audio and video data: You have the option of using the chat, question or survey functions in an "online meeting". In this case, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the video conferencing tool.

In order to take part in an "online meeting" or enter the "meeting room", it is useful for the conference to take place if you at least provide information about your name.

Insofar as personal data of denkwerk employees is processed during an online meeting, Art. 6 (1) (b) GDPR (formerly Section 26 BDSG in conjunction with Art. 88 GDPR) is the legal basis for data processing. If, in connection with the use of one of those tools, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of the video conferencing tool, Art. 6 para. (1) lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of "online meetings".

Otherwise, the legal basis for data processing when conducting "online meetings" is Art. 6 para. (1) lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. Here too, we are interested in the effective conduct of "online meetings".

Some of the services mentioned, such as "Zoom" or "MS Teams", are also or exclusively provided by the respective provider in the USA. The processing of personal data therefore takes place in a third country. However, the respective tool providers have submitted to the TADPF (Transatlantic Data Privacy Framework, https://www.dataprivacyframework.gov/s/). This means that an EU adequacy decision applies to them, so that the level of protection required by the GDPR applies to the processing of personal data.

As additional protective measures, denkwerk has carried out the respective configuration, if possible by the provider, in such a way that only data centers in the EU or EEA are used to conduct "online meetings".

As a data subject, you are of course free to contact our data protection officer at datenschutzbeauftragter@denkwerk.com or denkwerk in general at hello@denkwerk.com to obtain details or to object to data processing in the future.

denkwerk will then comply with this without delay, whereby the objection or the request for deletion is comprehensibly restricted by any statutory retention or other obligations that may apply.

B. denkwerk profiles in social networks

denkwerk also maintains profiles within social networks in order to communicate with the users active there, and thus possibly also with you, or to offer information about us there.

For this purpose, our website contains so-called hyperlinks to our offers there. If these hyperlinks are activated, you will be redirected from our website directly to the website of the social network. You can recognize this by the change in the URL address, among other things.

We assume no responsibility or liability for the confidential handling of your (personal) data by providers of other websites. And even if you are aware of this as a user of such networks, we would like to point out that your data as a user may be processed by the operator of the social networks outside the European Union. This could result in risks for users and make it more difficult to enforce their rights.

However, providers that are certified under the TADPF (https://www.dataprivacyframework.gov/s/participant-search) or offer comparable guarantees of a secure level of data protection have undertaken to comply with EU data protection standards. This enables denkwerk to work with them.

Insofar as the data of users within social networks (may) also be processed for market research and advertising purposes, which in turn is outside our sphere of influence, denkwerk refers to the data protection declarations and information provided by the operators of the respective networks for details of the respective form of processing and the possibilities of objection.

If you have given the provider of the relevant social network your consent to data processing with effect, the legal basis is Art. 6 (1) lit. a GDPR. This may also involve storage and further processing by us or our service provider (HubSpot, information under A 1 letter c). In addition, we have a legitimate interest within the meaning of Art. 6 para. (1) lit. f GDPR in communicating with users and in our public image for the purpose of advertising our company.

These are in detail:

I. Facebook - Social network

Operator / Service provider: Meta Platforms Ireland Limited (Facebook Ireland), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platforms, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; TADPF(Safeguarding the level of data protection when processing data in the USA): https://www.dataprivacyframework.gov/s/participant-search ; ; Opt-Out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data. Facebook sets this cookie: "_fbp" -> explanation see here: https://www.ccm19.de/plugin.php?menuid=253&template=mv/templates/mv_show_front.html&mv_id=1&extern_meta=x&mv_content_id=57&getlang=de

II Vimeo – video portal / creative community

Operator / Service provider: Vimeo, LLC, 555 West 18th Street, New York 10011; Website: https://vimeo.com/de; Privacy Policy: https://vimeo.com/privacy; TADPF (Safeguarding the level of data protection when processing data in the USA): https://www.dataprivacyframework.gov/s/participant-search

III Twitter - Social network

Operator / Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Website: Privacy Policy: https://twitter.com/de/privacy (Settings) https://twitter.com/personalization

IV. Instagram - Social network

Operator / Service provider: formerly Instagram Inc. / now Meta Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA - Website: https://www.instagram.com; Privacy Policy: https://www.facebook.com/privacy/policy/?entry_point=about_fb .

V. XING - Social network

Operator / Service provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany - Website: https://www.xing.com/legalnotice; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

VI LinkedIn - Social network

Operator / Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Parent company: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA - Website: https://www.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy; TADPF (Safeguarding the level of data protection when processing data in the USA): https://www.dataprivacyframework.gov/s/participant-search

LinkedIn uses these cookies from this list: https://www.ccm19.de/plugin.php?menuid=308&template=mv/templates/mv_show_front.html&mv_id=4&extern_meta=x&mv_content_id=257&getlang=de

C. denkwerk newsletter

denkwerk offers employees, customers and other interested parties a newsletter at regular intervals. This newsletter contains new trends, general news and other relevant information about denkwerk and its service portfolio.

denkwerk uses the services of a service provider (HubSpot, details under A 1 c)) to send the newsletter. You as the interested party subscribe and unsubscribe directly. In order to ensure that it is your wish and that no errors have been made when entering the e-mail address, we use the so-called double opt-in procedure: After you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be added to our mailing list.

The processing of your electronic contact data takes place here on the basis of your consent (Art. 6 para. (1) lit. a GDPR) and to fulfill your request (Art. 6 para. (1) lit. b GDPR).

You can revoke your consent at any time with effect for the future. All you need to do is click on the "Unsubscribe" button at the end of each newsletter.

denkwerk does not pass on data directly to this service provider at any time. Further information on data processing by HubSpot can be found on the HubSpot website at: https://www.hubspot.de/data-privacy/gdpr

D. Employees and application process

denkwerk stores and processes employee contact, inventory and contract data to the extent necessary. We also make video and photo recordings of our employees and use these on our intranet, in the personnel management tool used by denkwerk (Personio) or on our company profiles in the social networks. If individual consent is required, denkwerk will of course obtain this before processing, and appropriate information will also be provided at events. Audio-visual recordings serve on the one hand to make it easier for us to recognize each other and on the other hand it gives interested parties a first impression of our workplace culture and gives a good insight into our thinking and work.

denkwerk will provide you with all the necessary information about the processing of your personal data in the context of the employment relationship (including payroll accounting, vacation administration) to give you a detailed insight at the start of your employment relationship.

Before you become part of denkwerk and thus one of our employees, you will go through our application process. For this purpose, you will make initial contact usually via our careers page, application platforms of our subscription partners, such as LinkedIN, indeed, JOIN, WeAreDevelopers, or directly by e-mail. Attached documents can be: your CV, your cover letter - including salary expectations and start date - and, if necessary, a portfolio of your previous projects. We store all of this in Personio and view it for evaluation and analysis by the relevant specialist managers. We will keep in touch with you by email or telephone throughout the application process. In most cases, part of the interviews take place on site, while the other part is covered by web-based video tools such as ZOOM or GoTo. During the meetings, notes are taken by the participants and saved in Personio.

The aforementioned service provider of the personnel management tool Personio operates under the name Personio SE & Co. KG Seidlstraße 3 80335 Munich, Germany Phone: +49(89) 1250 1004 Email: info@personio.de Website: www.personio.de. You can read details about their processing here: https://www.personio.de/datenschutzerklaerung.

The legal basis here is Art. 6 para. (1) lit. b) GDPR ("contractual context") and in some cases also Art. 6 para. (1) lit. c GDPR ("legal obligation"), but in individual cases we also ask for consent and thus Art. 6 para. (1) lit. a GDPR (also) applies.

We also offer the option of being added to our applicant pool (managed in the Personio tool). By being included, we enable you to apply again at a later date and to retrace the process you went through previously or we can contact you again if something changes in our requirements. . However, we always obtain your consent for this in advance, as the longer storage of your personal data always requires your consent within the meaning of Art. 7 GDPR).

As a data subject, you are of course free to contact our data protection officer at datenschutzbeauftragter@denkwerk.com or denkwerk in general at hello@denkwerk.com to obtain details or to object to data processing in the future.

denkwerk will then comply with this immediately, whereby the objection or a request for deletion requires the existence of a special interest and is limited by any statutory storage or other obligations.

E. Customers, partners and suppliers/freelancers

denkwerk stores and processes contact, inventory and contract data of its potential, new and existing customers, and their contact persons, but also of suppliers, partners and freelancers (so-called "freelancers") to the extent necessary.

We communicate and exchange information with them via email or collaboration tools such as Slack, Altlassian's Jira or Confluence. We also manage the data of freelancers in a tool called XING-HelloFreelancer. In this context, we would like to point out that limited access to denkwerk has been agreed with the service provider and further processing by the service provider or third parties has been contractually excluded (we have provided information on this under the above letter B section V).

Disclosure to external parties only takes place if it is required by law or as part of an order. If the agreed contractual service includes the processing of personal data provided by third parties, we act in accordance with the instructions of the client and the legal requirements of order processing in accordance with Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.

denkwerk uses the services of a service provider for contact management (HubSpot, information under A 1 letter c)). The provider's privacy policy can be viewed here: https://legal.hubspot.com/privacy-policy

The legal basis here is Art. 6 para. (1) lit. b GDPR ("contractual context") and in some cases also Art. 6 para. (1) lit. f GDPR ("legitimate interest") or Art. 6 para. (1) lit. c GDPR ("legal obligation"), but in very few cases also Art. 6 para. (1) lit. a GDPR ("consent"), whereby we then expressly ask you as the data subject for your consent.

Of course, each of these data subjects is free to contact us via our data protection officer at datenschutzbeauftragter@denkwerk.com or otherwise to denkwerk at hello@denkwerk.com to obtain details or to object to the data processing of their own data for the future. denkwerk will then comply with this without delay, whereby the objection or the request for deletion is comprehensibly restricted by any statutory retention or other obligations that may apply.

F. Implementation of the Whistleblower Protection Act for employees, customers, partners and suppliers/freelancers

denkwerk works together with a service provider to implement the obligations arising from the Whistleblower Protection Act (HinSchG), which in turn uses a software tool, namely "Legal Tegrity".

The service provider operates under the name pme Familienservice GmbH (with headquarters at Flottwellstr. 4-5, 10785 Berlin) and the sub-service provider, i.e. tool provider, is LegalTegrity GmbH (with headquarters at Platz der Einheit 2, 60327 Frankfurt. This is a web-based tool whose link is integrated on the denkwerk website and for internal use employee managementtool. Whistleblowers can use this access to submit reports and information that are to be reported to §2 HinSchG.

Depending on the selected procedure, the submissions contain "anonymous" or "named" pData of the whistleblower and may contain further pData of third parties within the scope of the reported violation or the facts to be reported.

Our service provider receives the reports received via the tool, processes and selects them and then forwards them to denkwerk for clarification and processing - in anonymized form or, if appropriate consent has been given, stating the pData of the whistleblower and third parties mentioned.

This is followed by joint processing, whereby denkwerk is informed and advised about the legal facts by the service provider. The person responsible for the issue at denkwerk uses the tool to provide information on the results of the case analysis and any measures taken. The whistleblowers can use the tool to find out about the status of the case and/or the outcome or to supplement the report accordingly in the event of queries. The tool is also used by the service provider to provide interim and final reports to the required extent.

Right of objection or revocation

Any data subject may object to the future processing of their data at any time in accordance with Art. 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.

Every data subject also has the right to revoke consent once given in accordance with Art. 7 para. 3 GDPR with effect for the future.

Deletion of the collected data

Data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless we have expressly stated otherwise, data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations or other legal requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Amendment and updating of the data protection information

If necessary due to legal changes or as soon as changes in the data processing carried out by us make this necessary, we will adapt this information. denkwerk therefore asks you to inform yourself regularly about the content. As soon as the changes require your cooperation (e.g. consent) or other individual notification, we will of course inform you immediately.

(Status of these notes: June 2024)