The German Version is relevant in any Case.
denkwerk attaches great importance to the protection of privacy and the correct handling of personal data.
With this data protection notice, we would therefore like to inform you about the type, scope and purpose of the processing of personal data. The information relates to our online presence at denkwerk.com, with an integrated contact form and newsletter subscription, the use of our social media profiles such as Twitter, Vimeo, Instagram and Facebook and any other form of digital processing.
The terms used in this data protection notice, such as "processing" or "controller", correspond to the definitions in Article 4 of the General Data Protection Regulation ("GDPR"), which you can read on the European Commission's website, for example.
Before we go into the details, here is a quick summary:
Controller (within the meaning of Art. 4 No. 7 GDPR)
denkwerk GmbH
Vogelsanger Str. 66
50823 Cologne
E-mail: hello@denkwerk.com
Imprint
Data Protection Officer (DPO)
Address: c/o denkwerk GmbH
E-mail: datenschutzbeauftragter@denkwerk.com
Type of personal data processed
Inventory data (e.g. names, addresses of contact persons)
Contact details (e.g. e-mail address, telephone numbers)
Contract data (e.g. subject matter of the contract, term, billing address, identification features such as date of birth)
Payment data (e.g. account or bank details, payment history)
Usage data (e.g. log file entries such as user agent, access time, IP address, etc.)
Possible categories of affected persons
Visitors and users of our online services
Customers, interested parties, business partners, applicants and employees
Subscribers to our newsletter
Individual or cumulative purposes of processing and the intervening legal bases
Provision of our online services, maintenance and improvement of functions and content (see Art. 6 (1) lit. b or lit. f or also lit. a GDPR)
Provision of contractual or pre-contractual services, service and customer care (cf. Art. 6 para.
(1) lit. b GDPR)
Requested transmission of information and notifications (see Art. 6 para.
(1) lit. a GDPR)
Reach measurement/marketing (see Art. 6 para.
(1) lit. f GDPR)
Rights of the data subjects
Right to information
Art. 15 GDPR
Right to rectification Art. 16 GDPR
Right to object Art. 21 GDPR
Right to erasure and restriction of processing of data Art. 17 GDPR
Right to be forgotten Art. 17 GDPR
Right to data portability Art. 20
Right to lodge a complaint with supervisory authorities Art. 77 GDPR
Right to withdraw consent Art. 7 para. 3 GDPR
That was the general overview and now we would like to explain the details:
When you visit the denkwerk website(s), your browser automatically transmits the following data:
Your IP address
Websites from which you come (the so-called "referrer")
Date and time of page views
Your browser type and version
The operating system of your end device
If applicable, the duration of the visit
The temporary storage of this data is necessary to enable the website to be delivered to your computer and to ensure the functionality of the website.
We also use this data to gain statistical insights into how our websites are used. In addition, we collect the data in order to be able to trace and prevent unauthorized access to the web server and misuse of the websites and to secure our information technology systems.
The legal basis for this data processing is predominantly in our legitimate interest (Art. 6 para. (1) lit. f GDPR), partly in the fulfillment of a contractual or pre-contractual obligation (Art. 6 para. (1) lit. b GDPR) or occasionally also in your consent (Art. 6 para. (1) lit. a GDPR).
In the interests of user-friendliness, denkwerk also uses cookie consent technology. We inform you about the use of any cookies and obtain your consent to the storage of certain cookies on your end device. Furthermore, we then document this in compliance with data protection regulations.
The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you visit our website, the following personal data is transmitted to Usercentrics:
Your consent(s) or the withdrawal of your consent(s)
Your IP address
Information about your browser
Information about your end device
Time of your visit
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
Please note the option to customize the cookies:
Change cookie preferences
As a user, you are the data subject and can object to the future use of your data. You can find more information under Right of objection or revocation.
denkwerk uses Google Analytics, a web analysis service of Google Inc. ("Google") for its online offers. Google Analytics uses cookies that are stored on the website visitor's computer and that enable the use of the website to be analyzed. The information generated by the cookie, such as
IP address
Date and time of the request
Website from which the request comes
Browser
Operating system
The IP address is usually transmitted to a Google server in the USA and stored there. denkwerk uses Google Analytics with the extension "_anonymizeIp()"; this means that every IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of denkwerk, Google will use the information collected to evaluate the use of the website by visitors, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
The deletion of the data is carried out automatically after coordination and instruction of the person responsible with the help of the configuration options provided by Google after a period specified by the client.
Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences
denkwerk uses the web analysis service Matomo, a free web analysis software that is available at https://matomo.org/ under the GPL (GNU General Public License). Matomo is used to analyze usage behavior on our website and to obtain information about the use of the individual components of the website. This enables us to constantly optimize the website and its user-friendliness. By default, no cookies are set for web analysis; the exception is the technically necessary cookie for disabling all functionality (see Change cookie preferences). Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. It is not used in any other way, merged with other data or passed on to third parties. Matomo is configured in accordance with the applicable data protection regulations. You can read information about data protection at Matomo at any time at https://matomo.org/privacy/.
Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences
denkwerk uses HubSpot for marketing activities on our website. HubSpot is a software company based in the USA with a branch in Europe (HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland).
This integrated software solution helps us with our marketing, lead generation and customer service (sending newsletters and automated mailings, social media publishing and reporting, contact management, etc.) such as user segmentation and CRM, landing pages and contact forms.
HubSpot uses cookies, i.e. small text files that are stored locally in the cache of your computer's Internet browser and enable your use of the website to be analyzed. HubSpot evaluates the information collected (e.g. IP address, geographical location, browser type, length of visit and pages viewed) on our behalf so that we can compile reports on visits and the pages viewed.
Insofar as HubSpot transfers personal data to affiliated companies and processors in countries outside the EU, protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR applies to those companies that are certified under the EU-U.S. Data Privacy Framework (TADPF). HubSpot, Inc. is certified according to TADPF and is thus committed to complying with appropriate data protection standards. The standards can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
Further information on data processing by HubSpot can be found on the HubSpot website at: https://www.hubspot.de/data-privacy/gdpr.
Cookies used
You can view the cookies used under the following link and also configure them there:
Change cookie preferences
denkwerk uses the knowledge platform software Confluence for the efficient and improved exchange of information or as a wiki, so-called "knowledge bank", reference work or information base. The service provider is the American-Australian company Atlassian, Inc. 1098 Harrison Street, San Francisco, California 94103 - USA.
denkwerk processes your data in this tool if you are a customer of ours or otherwise maintain a business relationship with us within our customer projects. denkwerk manages the internally used Confluence described here on servers in Germany, i.e. the data are not in the cloud and there is no access by Atlassian or others.
The legal basis for this processing is denkwerk's legitimate interest in efficient cooperation and the provision of services (Art. 6 (1) lit. f GDPR).
Ultimately, however, it can never be completely ruled out that pData will also be transferred in the USA. However, Atlassian is an active participant in the EU-US Transatlantic Data Privacy Framework (TADPF) agreement. This agreement regulates the correct and secure transfer of personal data (pData) from EU citizens to the USA. By participating, the company undertakes to comply with it. You can find more information on this at: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721 .
In addition, Atlassian uses the so-called standard contractual clauses (Art. 46 (2) and (3) GDPR). These are the model contract templates provided by the EU Commission. Concluding a contract on this basis is a further obligation of Atlassian to comply with the European level of data protection when processing your data.
If you want to know more about how your data may be used and processed, you can find Atlassian's privacy policy at the following link: https://www.atlassian.com/de/legal/privacy-policy#what-this-policy-covers
Here you can make the settings for your cookies. Please note that the website may no longer function correctly if you block all cookies, including technically necessary cookies. Technically necessary cookies, on the other hand, are always set.
It may be technically necessary for your decision regarding the use of cookies to be stored in a cookie again. However, this cookie then has no further function.
If you contact us in any way (e.g. via the contact form on our website or by e-mail), the data you provide will be processed to the extent necessary to respond to your request or to deal with your request.
denkwerk uses the services of a service provider (HubSpot, details under A 1 letter c) to manage such requests.
The processing of your electronic contact data takes place here on the basis of your consent (Art. 6 para. (1) lit. a GDPR), to fulfill your contact request (Art. 6 para. (1) lit. b GDPR) and / or serves the legitimate interest to answer your request (Art. 6 para. (1) lit. f GDPR).
As the enquirer, you are the data subject and can object to the future use of your data. You can find more information below in the text under Right of objection or revocation.
We also integrate videos from "Vimeo" on our website via a social plug-in from the service provider Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as: "Vimeo").
As a result, personal data is passed on to Vimeo. If you have a user account with Vimeo and are registered, Vimeo can assign the visit to your user account. Vimeo stores this data as a user profile and uses it for the purposes of advertising, market research and/or the needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website.
You can read details about their data processing here: https://vimeo.com/privacy
You have the right to object to the creation of these user profiles. Please contact Vimeo directly for this purpose. Details can be found under B. II.
We use Vimeo to display and offer you content and functions of the Vimeo social platform on our website, as well as to improve our offer and the user experience and make it more interesting. This also constitutes our legitimate interest in processing the above information. The legal basis for processing is therefore Art. 6 para. (1) sentence 1 lit. f) GDPR.
If you want to prevent the transfer of data, you cannot use the functions of Vimeo.
Irrespective of this, we recommend that you regularly log out of your user account after using a social network, as this will prevent you from being assigned to your profile with the respective provider.
Cookies used:
You can view the cookies used under the following link and also configure them there:
denkwerk also maintains profiles within social networks in order to communicate with the users active there, and thus possibly also with you, or to offer information about us there.
For this purpose, our website contains so-called hyperlinks to our offers there. If these hyperlinks are activated, you will be redirected from our website directly to the website of the social network. You can recognize this by the change in the URL address, among other things.
We assume no responsibility or liability for the confidential handling of your (personal) data by providers of other websites. And even if you are aware of this as a user of such networks, we would like to point out that your data as a user may be processed by the operator of the social networks outside the European Union. This could result in risks for users and make it more difficult to enforce their rights.
However, providers that are certified under the TADPF (https://www.dataprivacyframework.gov/s/participant-search) or offer comparable guarantees of a secure level of data protection have undertaken to comply with EU data protection standards. This enables denkwerk to work with them.
Insofar as the data of users within social networks (may) also be processed for market research and advertising purposes, which in turn is outside our sphere of influence, denkwerk refers to the data protection declarations and information provided by the operators of the respective networks for details of the respective form of processing and the possibilities of objection.
If you have given the provider of the relevant social network your consent to data processing with effect, the legal basis is Art. 6 (1) lit. a GDPR. This may also involve storage and further processing by us or our service provider (HubSpot, information under A 1 letter c). In addition, we have a legitimate interest within the meaning of Art. 6 para. (1) lit. f GDPR in communicating with users and in our public image for the purpose of advertising our company.
These are in detail:
Operator / Service provider: Meta Platforms Ireland Limited (Facebook Ireland), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platforms, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; TADPF(Safeguarding the level of data protection when processing data in the USA): https://www.dataprivacyframework.gov/s/participant-search ; ; Opt-Out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data. Facebook sets this cookie: "_fbp" -> explanation see here: https://www.ccm19.de/plugin.php?menuid=253&template=mv/templates/mv_show_front.html&mv_id=1&extern_meta=x&mv_content_id=57&getlang=de
Operator / Service provider: Vimeo, LLC, 555 West 18th Street, New York 10011; Website: https://vimeo.com/de; Privacy Policy: https://vimeo.com/privacy; TADPF (Safeguarding the level of data protection when processing data in the USA): https://www.dataprivacyframework.gov/s/participant-search
Operator / Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Website: Privacy Policy: https://twitter.com/de/privacy (Settings) https://twitter.com/personalization
Operator / Service provider: formerly Instagram Inc. / now Meta Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA - Website: https://www.instagram.com; Privacy Policy: https://www.facebook.com/privacy/policy/?entry_point=about_fb .
Operator / Service provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany - Website: https://www.xing.com/legalnotice; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Operator / Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Parent company: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA - Website: https://www.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy; TADPF (Safeguarding the level of data protection when processing data in the USA): https://www.dataprivacyframework.gov/s/participant-search
LinkedIn uses these cookies from this list: https://www.ccm19.de/plugin.php?menuid=308&template=mv/templates/mv_show_front.html&mv_id=4&extern_meta=x&mv_content_id=257&getlang=de
denkwerk offers employees, customers and other interested parties a newsletter at regular intervals. This newsletter contains new trends, general news and other relevant information about denkwerk and its service portfolio.
denkwerk uses the services of a service provider (HubSpot, details under A 1 c)) to send the newsletter. You as the interested party subscribe and unsubscribe directly. In order to ensure that it is your wish and that no errors have been made when entering the e-mail address, we use the so-called double opt-in procedure: After you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be added to our mailing list.
The processing of your electronic contact data takes place here on the basis of your consent (Art. 6 para. (1) lit. a GDPR) and to fulfill your request (Art. 6 para. (1) lit. b GDPR).
You can revoke your consent at any time with effect for the future. All you need to do is click on the "Unsubscribe" button at the end of each newsletter.
denkwerk does not pass on data directly to this service provider at any time. Further information on data processing by HubSpot can be found on the HubSpot website at: https://www.hubspot.de/data-privacy/gdpr
denkwerk stores and processes employee contact, inventory and contract data to the extent necessary. We also make video and photo recordings of our employees and use these on our intranet, in the personnel management tool used by denkwerk (Personio) or on our company profiles in the social networks. If individual consent is required, denkwerk will of course obtain this before processing, and appropriate information will also be provided at events. Audio-visual recordings serve on the one hand to make it easier for us to recognize each other and on the other hand it gives interested parties a first impression of our workplace culture and gives a good insight into our thinking and work.
denkwerk will provide you with all the necessary information about the processing of your personal data in the context of the employment relationship (including payroll accounting, vacation administration) to give you a detailed insight at the start of your employment relationship.
Before you become part of denkwerk and thus one of our employees, you will go through our application process. For this purpose, you will make initial contact usually via our careers page, application platforms of our subscription partners, such as LinkedIN, indeed, JOIN, WeAreDevelopers, or directly by e-mail. Attached documents can be: your CV, your cover letter - including salary expectations and start date - and, if necessary, a portfolio of your previous projects. We store all of this in Personio and view it for evaluation and analysis by the relevant specialist managers. We will keep in touch with you by email or telephone throughout the application process. In most cases, part of the interviews take place on site, while the other part is covered by web-based video tools such as ZOOM or GoTo. During the meetings, notes are taken by the participants and saved in Personio.
The aforementioned service provider of the personnel management tool Personio operates under the name Personio SE & Co. KG Seidlstraße 3 80335 Munich, Germany Phone: +49(89) 1250 1004 Email: info@personio.de Website: www.personio.de. You can read details about their processing here: https://www.personio.de/datenschutzerklaerung.
The legal basis here is Art. 6 para. (1) lit. b) GDPR ("contractual context") and in some cases also Art. 6 para. (1) lit. c GDPR ("legal obligation"), but in individual cases we also ask for consent and thus Art. 6 para. (1) lit. a GDPR (also) applies.
We also offer the option of being added to our applicant pool (managed in the Personio tool). By being included, we enable you to apply again at a later date and to retrace the process you went through previously or we can contact you again if something changes in our requirements. . However, we always obtain your consent for this in advance, as the longer storage of your personal data always requires your consent within the meaning of Art. 7 GDPR).
As a data subject, you are of course free to contact our data protection officer at datenschutzbeauftragter@denkwerk.com or denkwerk in general at hello@denkwerk.com to obtain details or to object to data processing in the future.
denkwerk will then comply with this immediately, whereby the objection or a request for deletion requires the existence of a special interest and is limited by any statutory storage or other obligations.
denkwerk stores and processes contact, inventory and contract data of its potential, new and existing customers, and their contact persons, but also of suppliers, partners and freelancers (so-called "freelancers") to the extent necessary.
We communicate and exchange information with them via email or collaboration tools such as Slack, Altlassian's Jira or Confluence. We also manage the data of freelancers in a tool called XING-HelloFreelancer. In this context, we would like to point out that limited access to denkwerk has been agreed with the service provider and further processing by the service provider or third parties has been contractually excluded (we have provided information on this under the above letter B section V).
Disclosure to external parties only takes place if it is required by law or as part of an order. If the agreed contractual service includes the processing of personal data provided by third parties, we act in accordance with the instructions of the client and the legal requirements of order processing in accordance with Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.
denkwerk uses the services of a service provider for contact management (HubSpot, information under A 1 letter c)). The provider's privacy policy can be viewed here: https://legal.hubspot.com/privacy-policy
The legal basis here is Art. 6 para. (1) lit. b GDPR ("contractual context") and in some cases also Art. 6 para. (1) lit. f GDPR ("legitimate interest") or Art. 6 para. (1) lit. c GDPR ("legal obligation"), but in very few cases also Art. 6 para. (1) lit. a GDPR ("consent"), whereby we then expressly ask you as the data subject for your consent.
Of course, each of these data subjects is free to contact us via our data protection officer at datenschutzbeauftragter@denkwerk.com or otherwise to denkwerk at hello@denkwerk.com to obtain details or to object to the data processing of their own data for the future. denkwerk will then comply with this without delay, whereby the objection or the request for deletion is comprehensibly restricted by any statutory retention or other obligations that may apply.
denkwerk works together with a service provider to implement the obligations arising from the Whistleblower Protection Act (HinSchG), which in turn uses a software tool, namely "Legal Tegrity".
The service provider operates under the name pme Familienservice GmbH (with headquarters at Flottwellstr. 4-5, 10785 Berlin) and the sub-service provider, i.e. tool provider, is LegalTegrity GmbH (with headquarters at Platz der Einheit 2, 60327 Frankfurt. This is a web-based tool whose link is integrated on the denkwerk website and for internal use employee managementtool. Whistleblowers can use this access to submit reports and information that are to be reported to §2 HinSchG.
Depending on the selected procedure, the submissions contain "anonymous" or "named" pData of the whistleblower and may contain further pData of third parties within the scope of the reported violation or the facts to be reported.
Our service provider receives the reports received via the tool, processes and selects them and then forwards them to denkwerk for clarification and processing - in anonymized form or, if appropriate consent has been given, stating the pData of the whistleblower and third parties mentioned.
This is followed by joint processing, whereby denkwerk is informed and advised about the legal facts by the service provider. The person responsible for the issue at denkwerk uses the tool to provide information on the results of the case analysis and any measures taken. The whistleblowers can use the tool to find out about the status of the case and/or the outcome or to supplement the report accordingly in the event of queries. The tool is also used by the service provider to provide interim and final reports to the required extent.
Right of objection or revocation
Any data subject may object to the future processing of their data at any time in accordance with Art. 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.
Every data subject also has the right to revoke consent once given in accordance with Art. 7 para. 3 GDPR with effect for the future.
Data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless we have expressly stated otherwise, data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations or other legal requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
If necessary due to legal changes or as soon as changes in the data processing carried out by us make this necessary, we will adapt this information. denkwerk therefore asks you to inform yourself regularly about the content. As soon as the changes require your cooperation (e.g. consent) or other individual notification, we will of course inform you immediately.
(Status of these notes: April 2024)