Data privacy

This data privacy policy explains the type, scope and purpose of processing of personal data (hereinafter referred to as "data") as part of our online offering and the associated websites, functions and contents as well as external online presence such as our social media profiles. (hereinafter jointly referred to as "online service”). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

No data will be transferred to third parties without the consent of the data subject or without a legal basis.

You will find information on how application data are processed as part of application procedures in the “Data privacy for job applicants” section.

Controller:
Orange Hive GmbH
Lindleystr. 12
60314 Frankfurt am Main
Germany

Directors:
Laura Geisler, Steven Sasseville, Carsten Scheele
Phone: +49 (0)69 15 04 66 000
E-Mail: hello@orangehive.de

Types of data processed:

Processing of special categories of data (Article 9 (1) GDPR):
As a matter of principle, no special categories of personal data are processed unless they are supplied by users for processing, e.g. entered into online forms.

Categories of data subjects affected by processing:

In the following, we refer to data subjects collectively as "users".

Purposes of processing:

1. Relevant legal grounds
1.1 In accordance with Article 13 GDPR, we will inform you of the legal basis of our data processing. The following applies if the legal basis is not mentioned in our privacy policy: The legal basis for obtaining consent is Article 6 (1a) and Article 7 GDPR, the legal basis for processing for the purpose of carrying out our services and performing (pre-)contractual measures and answering enquiries is Article 6 (1b) GDPR, the legal basis for processing for the purpose of complying with our legal obligations is Article 6 (1c) GDPR, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Article 6 (1f) GDPR. If vital interests of the data subject or of another natural person require the processing of personal data, Article 6 (1d) GDPR serves as the legal basis.

2. Changes and updates to this data privacy policy
We would ask you to keep yourself up to date with the content of our data privacy policy on a regular basis. We amend our data privacy policy whenever changes to the data processing that we perform make this necessary. We will inform you as soon as any such changes require your cooperation (e.g. consent) or necessitate some other form of personal notification.

3. Security measures
We undertake appropriate technical and organisational measures in accordance with Article 32 GDPR, and taking into account state-of-the-art technology, the implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection commensurate with the risk. These measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access, input and forwarding as well as the security of availability and its separation. Furthermore, we have established procedures to ensure that the rights of data subjects are observed, that data are erased and that we respond to any threat to the data. We also consider the protection of personal data as early as in the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 GDPR).

4. Cooperation with contract processors and third parties
1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer them to such persons or companies or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract in accordance with Article 6 (1b) GDPR), if you have given your consent, if a legal basis or obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosting services etc.).

There will be no unauthorised transfer of data to third parties without a legal basis.

2. Should we commission third parties to process data on the basis of a "contract processing agreement", this will be performed on the basis of Article 28 GDPR or, in the case of service providers in third countries, in accordance with Article 44 ff. GDPR.

5. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if it is done in order to meet our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. We will only process or store the data in a third country – subject to legal or contractual permissions – if the special requirements of Article 44 ff. GDPR. In other words, processing is performed, for example, on the basis of specific guarantees, such as the officially recognised establishment of a level of data protection equivalent to that in the EU (e.g. for the US through the Privacy Shield) and/or compliance with officially recognised specific contractual obligations (e.g. so-called "standard contractual clauses").

Data are transferred to third countries to companies such as HubSpot and Google – see below for details on data protection compliance.

6. Rights of data subjects
You are entitled to request confirmation as to whether relevant data are processed and to information about these data as well as to additional information and a copy of the data in accordance with Article 15 GDPR.

In accordance with Article 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data relating to you.

In accordance with Article 17 GDPR, you have the right to request that the data in question be erased immediately, or alternatively, in accordance with Article 18 GDPR, to demand that the processing of the data be restricted.

You have the right to request to receive the data concerning you that you have provided us with, in accordance with Article 20 DSGVO, and to demand that they be transferred to other responsible parties (data transferability).

Furthermore, you are entitled to submit a complaint to the relevant supervisory authority in accordance with Article 77 GDPR.

7. Right of revocation
You have the right to revoke consents granted in accordance with Article 7 (3) GDPR with effect for the future.

8. Right of objection
You may at any time object to the future processing of data relating to you in accordance with Article 21 GDPR. Objection can be made in particular to processing for the purposes of direct marketing.

9. Cookies and right of objection to direct advertising
We use temporary and permanent cookies, i.e. small files that are stored on the users' devices. In some cases, cookies may be used for security purposes or are necessary for the operation of our online service (e.g., for the presentation of the website) or to store users' choices when the cookie banner is confirmed. We or our technology partners also use cookies to measure reach and for marketing purposes, about which the users are informed in the course of data privacy warnings.

A general objection to the use of cookies for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in your browser's settings.
Please note that you may not be able to use all functions of our online service.

10. Erasure of data
Data processed by us will be erased or restricted in their processing in accordance with Articles 17 and 18 DSGVO unless expressly stated in this data privacy policy, and the data stored by us will be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory storage obligations. The processing of any data not erased by us because they are required for other, legally permissible purposes will be restricted. This means that the data will be blocked and not processed for other purposes in the future. This applies, for example, to data whose storage is stipulated by commercial or tax law.

In accordance with legal requirements, data will be stored specifically for 6 years in accordance with Section 257 (1) of the German Commercial Code – HGB – (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code – AO – (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

11. Contact
When contacting us (via a contact form or e-mail), the user's details will be processed for the purpose of dealing with the contact request and its processing in accordance with Article 6 (1b) GDPR (pre-contractual/contractual measures).

The information provided by enquirers may be stored in our customer relationship management system ("CRM system") or similar method of organising enquiries.

Data submitted via the contact form will be erased as soon as they are no longer required for their intended purpose or if you request us to erase them and there are no legal obligations to retain them.

12. Collection of access data and log files
We collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 (1f) GDPR. Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the investigation of abuse or fraud) for a maximum period of 10 working days and then erased. Data whose further storage is required for documentary purposes are excluded from erasure until final clarification of the case in question.
The legal basis for this is Article 6(1f) GDPR (legitimate interest).

13. SSL/ TLS encryption
Our website uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as the site operator. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" in the address and the padlock icon in the browser address bar.

14. Newsletter
We use CleverReach for sending our newsletter. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This service allows us to organise and analyse newsletter distribution. The data you enter to receive the newsletter, such as your e-mail address, are stored on CleverReach's servers. The servers are located in Germany and Ireland.

Sending a newsletter via CleverReach allows us to analyse the behaviour of newsletter recipients. One of the results of the analysis is how many recipients have opened their newsletter and how often links in the newsletter were clicked. CleverReach supports conversion tracking in order to analyse whether a previously defined action, such as a product purchase, took place after a link was clicked. Details on data analysis by CleverReach can be found at: https://www.cleverreach.com/en/features/reporting-tracking/.

Data processing is carried out exclusively on the basis of your consent (Article 6 (1a) GDPR). You may revoke your previously granted consent with effect for the future at any time. An informal notification by e-mail is sufficient for your revocation or you can unsubscribe via the "unsubscribe" link in the newsletter. The legitimacy of data processing that has already been performed remains unaffected. We require a valid e-mail address from you in order for us to send you our newsletter, which we verify beforehand. Any supplementary data will not be collected or are voluntary. The data will be used exclusively to send the newsletter.

You must unsubscribe from the newsletter if you do not wish your data to be analysed by CleverReach. To unsubscribe, simply send us an informal e-mail or use the "unsubscribe" link in the newsletter.

Data that were entered in order to set up the subscription will be deleted from our servers and those of CleverReach when you unsubscribe. Should these data have been transmitted to us for other purposes and to a different location, they will remain with us and will be stored for as long as necessary for the purpose in question. The data will be deleted if the purpose no longer applies and they no longer need to be stored for a statutory retention period.

Details regarding CleverReach's privacy policy can be found at: https://www.cleverreach.com/en/privacy-policy/.

Contract processing: We have concluded an agreement with CleverReach on contract processing to fully comply with statutory data protection requirements.

Data entered to set up the subscription will be deleted when you unsubscribe. Should these data have been transmitted to us for other purposes and to a different location, they will remain with us and will be stored for as long as necessary for the purpose in question. The data will be deleted if the purpose no longer applies and they no longer need to be stored for a statutory retention period.

15. Online presence in social media
We maintain an online presence in social networks and platforms in order to communicate with customers, interested parties and users and to inform them about our services. When accessing the relevant networks and platforms, the terms and conditions and data processing guidelines of their particular operators apply.

Unless otherwise stated in our data privacy policy, we process the data of users who voluntarily communicate with us in social networks and platforms, e.g. write articles on our online presence or send us messages.

Our website contains links to the social networks Facebook, Instagram and Behance and they also set cookies.

The legal basis for this is Article 6 (1a) GDPR.

16. Data privacy for job applicants
The controller for all data arising in connection with the job application process is Orange Hive GmbH, Lindleystr. 12, 60314 Frankfurt am Main, Germany.

You can contact the Orange Hive data protection officer by sending an e-mail to datenschutz[at]orangehive.de, by sending a letter to our postal address with the addition " Data Protection Officer" or by telephone on +49 (0)69 15 04 66 000.

Purpose and legal basis of processing
We process your data in order to be able to deal with your application and on the basis of Article 88 (1) GDPR in combination with Section 26 of the Federal Data Protection Act (BDSG), according to which personal data may be processed, for example, for the purposes of the contract of employment, or, where necessary, for the decision regarding the establishment of an contract of employment. Your data will only be forwarded to the departments responsible for the specific job application procedure.

Storage duration
Your personal data will initially be stored for the duration of the application process and for a further 6 months in addition and then deleted. If your application may be of interest for future job offers, we will store your application data for a further 24 months after you have expressly agreed to such storage and use.

17. Cookies & reach measurement
Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of users and stored there for later retrieval. Cookies can be small files or other forms of information storage.

We use "session cookies", which are only stored for the duration of the current visit to our online presence. A session cookie holds a randomly generated unique identification number, a so-called session ID. A cookie also contains information about its origin and the storage period. Session cookies are deleted when you have finished using our online service and, for example, log out or close your browser.

Users are informed about the use of cookies in the context of pseudonymous range measurement within the scope of this data privacy policy.

Technically necessary cookies are required to allow the website to be used correctly.

Marketing cookies are used, among other things, to measure website usage, or they are cookies from third parties. Our website includes content and services from other providers (e.g. YouTube), which in turn may use cookies and active components. Orange Hive has no influence on how these providers process personal data. You can find further information about this type of processing and the way your data are handled in this data privacy policy and on the websites of the various providers.
The legal basis for the use of marketing cookies is Article 6 (1a) GDPR (consent).

If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of your browser. If you choose to exclude cookies, you may experience functional limitations in our online service.

You may opt out of the use of cookies for audience measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

18. YouTube
Our website uses plugins from YouTube to integrate and display video content. The video portal is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").

When you access a page with an integrated YouTube plugin, a connection to the YouTube servers is established. This informs YouTube which of our pages you have visited.

YouTube can assign your surfing behaviour directly to your personal profile if you are logged in to your YouTube account. You can prevent this by logging out beforehand. YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

We use YouTube in order to present our online service in an appealing way. The legal basis for this is Article 6 (1a) GDPR.

You can find details on how YouTube handles user data in the YouTube privacy policy at:https://policies.google.com/privacy.

19. Vimeo
Our website uses plugins from Vimeo to integrate and display video content. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you access a page with an integrated Vimeo plugin, a connection to the Vimeo servers is established. This informs Vimeo which of our pages you have visited. Vimeo learns your IP address even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.

Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand.

We use Vimeo in order to present our online service in an appealing way. The legal basis for this is Article 6 (1a) GDPR (consent).

You can find details on how Vimeo handles user data in the Vimeo privacy policy at: https://vimeo.com/privacy.

20. Google Analytics
We make use of Google Analytics, a web analysis service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online service within the meaning of Article 6 (1f) GDPR. Google uses cookies. The information generated by the cookie about the use of our online service by the user is generally transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the Internet. The processed data can be used to create pseudonymised user profiles.

We use Google Analytics to ensure that the ads placed within Google's advertising services and those of its partners are only displayed to users who have also shown an interest in our online service or who display certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we pass on to Google (so-called "remarketing" or "Google Analytics audiences"). Our aim in using remarketing audiences is also to ensure that our advertisements match the potential interest of users and are not intrusive.

We only use Google Analytics with activated IP anonymisation. This means that the Google will abridge the IP address of users in Member States of the European Union or in other states party to the Treaty on the European Economic Area. The full IP address will only be transferred to one of Google's servers located in the USA and abridged there in exceptional cases.

The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of our online service to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

The legal basis for the use of Google Analytics is Article 6 (1a) GDPR (consent).

You can find further information on Google's use of data, settings and objection options on Google's websites:
https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners");
https://policies.google.com/technologies/ads ("Data use for advertising purposes");
https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").

21. Google reCaptcha
Google ReCaptcha is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google ReCaptcha is used to check whether input has been made by an actual person or whether input has been made improperly by automated, machine processing. An abridged IP address is processed; only in exceptional cases will the full IP address be transferred to a Google server in the USA and then abridged. Data are transferred to servers in the USA in the course of using the service. The information is transferred on the basis of an adequacy decision (Article 45 GDPR): Commission Implementing Decision (EU) 2016/1250 of 12/07/2016 on the "EU-US Privacy Shield".

The legal basis for the use of Google Analytics is Article 6 (1a) GDPR (consent).

22. HubSpot
We use HubSpot, an SaaS solution (software-as-a-service), on our website. HubSpot supports us in the area of inbound marketing and helps us optimise our marketing/sales strategy <>. Cookies are used for this purpose. You can prevent the storage of cookies at any time by making the appropriate setting in your browser software or you can delete the cookies already stored. Please note that you may not be able to fully use the services provided on our website if cookies are blocked.

The following data will be stored and processed on servers of our software partner HubSpot when you submit a project request to us:

We use the information collected through HubSpot to contact visitors to our site, to respond to your query and to determine what specific services our company offers that may be of interest to you.
We process all the information we collect in accordance with applicable data protection rules and legislation. We only use collected cookie information to optimise our marketing and sales activities.

HubSpot is a US software company with a subsidiary in Ireland.

HubSpot
2nd Floor, 30 North Wall Quay,
Dublin 1, Ireland
Phone: +353 1 5187500

HubSpot is listed in the "EU – U.S. Privacy Shield Framework". https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG

You can find more information on HubSpot’s data privacy policy here: https://legal.hubspot.com/de/privacy-policy?hstc=185665590.574d6f7279c20e78a5af3c102764cdd4.1586876079332.1586876079332.1586876079332.1&__hssc=185665590.1.1586876079332&__hsfp=3132960577

You can find more information on the cookies used by HubSpot here: https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=230861184.4bd3953ce4cbf9ab5d4c6edd18ef4ab3.1493986648400.1493986648400.1493986648400.1&__hssc=230861184.1.1493986648400&__hsfp=2592471858

https://knowledge.hubspot.com/articles/kcs_article/account/hubspot-cookie-security-and-privacy?__hstc=230861184.4bd3953ce4cbf9ab5d4c6edd18ef4ab3.1493986648400.1493986648400.1493986648400.1&__hssc=230861184.1.1493986648400&__hsfp=2592471858

The legal basis for processing data with HubSpot is Article 6 (1a) GDPR (consent).

23. Questions to our data protection officer
If you require information, have any suggestions or complaints regarding the processing of your personal data, please send us an e-mail or contact our data protection officer directly, who you can reach as follows:

Ronald Baranowski
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
61118 Bad Vilbel
Phone: +49-6101-982 94 22
E-Mail: rb[at]six-datenschutz.de
E-Mail: datenschutz@orangenhive.de

Updated: 24/04/2020

Cookie Settings