No data will be transferred to third parties without the consent of the data subject or without a legal basis.
You will find information on how application data are processed as part of application procedures in the “Data privacy for job applicants” section.
Orange Hive GmbH
60314 Frankfurt am Main
Laura Geisler, Steven Sasseville, Carsten Scheele
Phone: +49 (0)69 15 04 66 000
Types of data processed:
- Basic data (e.g., company name, contact persons, addresses).
- Contact details (e.g. e-mail addresses, telephone numbers).
- Content data that users enter on the website (e.g. message to Orange Hive).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
Processing of special categories of data (Article 9 (1) GDPR):
As a matter of principle, no special categories of personal data are processed unless they are supplied by users for processing, e.g. entered into online forms.
Categories of data subjects affected by processing:
- Customers, interested parties and business partners
- Job applicants
- Visitors to and users of the website
In the following, we refer to data subjects collectively as "users".
Purposes of processing:
- Development of our online service, its content and functions.
- Responding to enquiries and communication with users.
1. Relevant legal grounds
3. Security measures
We undertake appropriate technical and organisational measures in accordance with Article 32 GDPR, and taking into account state-of-the-art technology, the implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection commensurate with the risk. These measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access, input and forwarding as well as the security of availability and its separation. Furthermore, we have established procedures to ensure that the rights of data subjects are observed, that data are erased and that we respond to any threat to the data. We also consider the protection of personal data as early as in the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 GDPR).
4. Cooperation with contract processors and third parties
1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer them to such persons or companies or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract in accordance with Article 6 (1b) GDPR), if you have given your consent, if a legal basis or obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosting services etc.).
There will be no unauthorised transfer of data to third parties without a legal basis.
2. Should we commission third parties to process data on the basis of a "contract processing agreement", this will be performed on the basis of Article 28 GDPR or, in the case of service providers in third countries, in accordance with Article 44 ff. GDPR.
5. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if it is done in order to meet our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. We will only process or store the data in a third country – subject to legal or contractual permissions – if the special requirements of Article 44 ff. GDPR. In other words, processing is performed, for example, on the basis of specific guarantees, such as the officially recognised establishment of a level of data protection equivalent to that in the EU (e.g. for the US through the Privacy Shield) and/or compliance with officially recognised specific contractual obligations (e.g. so-called "standard contractual clauses").
Data are transferred to third countries to companies such as HubSpot and Google – see below for details on data protection compliance.
6. Rights of data subjects
You are entitled to request confirmation as to whether relevant data are processed and to information about these data as well as to additional information and a copy of the data in accordance with Article 15 GDPR.
In accordance with Article 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data relating to you.
In accordance with Article 17 GDPR, you have the right to request that the data in question be erased immediately, or alternatively, in accordance with Article 18 GDPR, to demand that the processing of the data be restricted.
You have the right to request to receive the data concerning you that you have provided us with, in accordance with Article 20 DSGVO, and to demand that they be transferred to other responsible parties (data transferability).
Furthermore, you are entitled to submit a complaint to the relevant supervisory authority in accordance with Article 77 GDPR.
7. Right of revocation
You have the right to revoke consents granted in accordance with Article 7 (3) GDPR with effect for the future.
8. Right of objection
You may at any time object to the future processing of data relating to you in accordance with Article 21 GDPR. Objection can be made in particular to processing for the purposes of direct marketing.
9. Cookies and right of objection to direct advertising
Please note that you may not be able to use all functions of our online service.
10. Erasure of data
In accordance with legal requirements, data will be stored specifically for 6 years in accordance with Section 257 (1) of the German Commercial Code – HGB – (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code – AO – (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
When contacting us (via a contact form or e-mail), the user's details will be processed for the purpose of dealing with the contact request and its processing in accordance with Article 6 (1b) GDPR (pre-contractual/contractual measures).
The information provided by enquirers may be stored in our customer relationship management system ("CRM system") or similar method of organising enquiries.
Data submitted via the contact form will be erased as soon as they are no longer required for their intended purpose or if you request us to erase them and there are no legal obligations to retain them.
12. Collection of access data and log files
We collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 (1f) GDPR. Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the investigation of abuse or fraud) for a maximum period of 10 working days and then erased. Data whose further storage is required for documentary purposes are excluded from erasure until final clarification of the case in question.
The legal basis for this is Article 6(1f) GDPR (legitimate interest).
13. SSL/ TLS encryption
Our website uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as the site operator. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" in the address and the padlock icon in the browser address bar.
We use CleverReach for sending our newsletter. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This service allows us to organise and analyse newsletter distribution. The data you enter to receive the newsletter, such as your e-mail address, are stored on CleverReach's servers. The servers are located in Germany and Ireland.
Sending a newsletter via CleverReach allows us to analyse the behaviour of newsletter recipients. One of the results of the analysis is how many recipients have opened their newsletter and how often links in the newsletter were clicked. CleverReach supports conversion tracking in order to analyse whether a previously defined action, such as a product purchase, took place after a link was clicked. Details on data analysis by CleverReach can be found at: https://www.cleverreach.com/en/features/reporting-tracking/.
Data processing is carried out exclusively on the basis of your consent (Article 6 (1a) GDPR). You may revoke your previously granted consent with effect for the future at any time. An informal notification by e-mail is sufficient for your revocation or you can unsubscribe via the "unsubscribe" link in the newsletter. The legitimacy of data processing that has already been performed remains unaffected. We require a valid e-mail address from you in order for us to send you our newsletter, which we verify beforehand. Any supplementary data will not be collected or are voluntary. The data will be used exclusively to send the newsletter.
You must unsubscribe from the newsletter if you do not wish your data to be analysed by CleverReach. To unsubscribe, simply send us an informal e-mail or use the "unsubscribe" link in the newsletter.
Data that were entered in order to set up the subscription will be deleted from our servers and those of CleverReach when you unsubscribe. Should these data have been transmitted to us for other purposes and to a different location, they will remain with us and will be stored for as long as necessary for the purpose in question. The data will be deleted if the purpose no longer applies and they no longer need to be stored for a statutory retention period.
Contract processing: We have concluded an agreement with CleverReach on contract processing to fully comply with statutory data protection requirements.
Data entered to set up the subscription will be deleted when you unsubscribe. Should these data have been transmitted to us for other purposes and to a different location, they will remain with us and will be stored for as long as necessary for the purpose in question. The data will be deleted if the purpose no longer applies and they no longer need to be stored for a statutory retention period.
15. Online presence in social media
We maintain an online presence in social networks and platforms in order to communicate with customers, interested parties and users and to inform them about our services. When accessing the relevant networks and platforms, the terms and conditions and data processing guidelines of their particular operators apply.
Our website contains links to the social networks Facebook, Instagram and Behance and they also set cookies.
The legal basis for this is Article 6 (1a) GDPR.
16. Data privacy for job applicants
The controller for all data arising in connection with the job application process is Orange Hive GmbH, Lindleystr. 12, 60314 Frankfurt am Main, Germany.
You can contact the Orange Hive data protection officer by sending an e-mail to datenschutz[at]orangehive.de, by sending a letter to our postal address with the addition " Data Protection Officer" or by telephone on +49 (0)69 15 04 66 000.
Purpose and legal basis of processing
We process your data in order to be able to deal with your application and on the basis of Article 88 (1) GDPR in combination with Section 26 of the Federal Data Protection Act (BDSG), according to which personal data may be processed, for example, for the purposes of the contract of employment, or, where necessary, for the decision regarding the establishment of an contract of employment. Your data will only be forwarded to the departments responsible for the specific job application procedure.
Your personal data will initially be stored for the duration of the application process and for a further 6 months in addition and then deleted. If your application may be of interest for future job offers, we will store your application data for a further 24 months after you have expressly agreed to such storage and use.
17. Cookies & reach measurement
Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of users and stored there for later retrieval. Cookies can be small files or other forms of information storage.
We use "session cookies", which are only stored for the duration of the current visit to our online presence. A session cookie holds a randomly generated unique identification number, a so-called session ID. A cookie also contains information about its origin and the storage period. Session cookies are deleted when you have finished using our online service and, for example, log out or close your browser.
Technically necessary cookies are required to allow the website to be used correctly.
The legal basis for the use of marketing cookies is Article 6 (1a) GDPR (consent).
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of your browser. If you choose to exclude cookies, you may experience functional limitations in our online service.
Our website uses plugins from YouTube to integrate and display video content. The video portal is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").
When you access a page with an integrated YouTube plugin, a connection to the YouTube servers is established. This informs YouTube which of our pages you have visited.
YouTube can assign your surfing behaviour directly to your personal profile if you are logged in to your YouTube account. You can prevent this by logging out beforehand. YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.
We use YouTube in order to present our online service in an appealing way. The legal basis for this is Article 6 (1a) GDPR.
Our website uses plugins from Vimeo to integrate and display video content. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you access a page with an integrated Vimeo plugin, a connection to the Vimeo servers is established. This informs Vimeo which of our pages you have visited. Vimeo learns your IP address even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.
Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand.
We use Vimeo in order to present our online service in an appealing way. The legal basis for this is Article 6 (1a) GDPR (consent).
20. Google Analytics
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the Internet. The processed data can be used to create pseudonymised user profiles.
We use Google Analytics to ensure that the ads placed within Google's advertising services and those of its partners are only displayed to users who have also shown an interest in our online service or who display certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we pass on to Google (so-called "remarketing" or "Google Analytics audiences"). Our aim in using remarketing audiences is also to ensure that our advertisements match the potential interest of users and are not intrusive.
We only use Google Analytics with activated IP anonymisation. This means that the Google will abridge the IP address of users in Member States of the European Union or in other states party to the Treaty on the European Economic Area. The full IP address will only be transferred to one of Google's servers located in the USA and abridged there in exceptional cases.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of our online service to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
The legal basis for the use of Google Analytics is Article 6 (1a) GDPR (consent).
You can find further information on Google's use of data, settings and objection options on Google's websites:
https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners");
https://policies.google.com/technologies/ads ("Data use for advertising purposes");
https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").
21. Google reCaptcha
Google ReCaptcha is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google ReCaptcha is used to check whether input has been made by an actual person or whether input has been made improperly by automated, machine processing. An abridged IP address is processed; only in exceptional cases will the full IP address be transferred to a Google server in the USA and then abridged. Data are transferred to servers in the USA in the course of using the service. The information is transferred on the basis of an adequacy decision (Article 45 GDPR): Commission Implementing Decision (EU) 2016/1250 of 12/07/2016 on the "EU-US Privacy Shield".
The legal basis for the use of Google Analytics is Article 6 (1a) GDPR (consent).
We use HubSpot, an SaaS solution (software-as-a-service), on our website. HubSpot supports us in the area of inbound marketing and helps us optimise our marketing/sales strategy <>. Cookies are used for this purpose. You can prevent the storage of cookies at any time by making the appropriate setting in your browser software or you can delete the cookies already stored. Please note that you may not be able to fully use the services provided on our website if cookies are blocked.
The following data will be stored and processed on servers of our software partner HubSpot when you submit a project request to us:
- E-mail address
- Company name
- Free text/your message
- Date of your query
- Cookie data
We use the information collected through HubSpot to contact visitors to our site, to respond to your query and to determine what specific services our company offers that may be of interest to you.
We process all the information we collect in accordance with applicable data protection rules and legislation. We only use collected cookie information to optimise our marketing and sales activities.
HubSpot is a US software company with a subsidiary in Ireland.
2nd Floor, 30 North Wall Quay,
Dublin 1, Ireland
Phone: +353 1 5187500
HubSpot is listed in the "EU – U.S. Privacy Shield Framework". https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG
You can find more information on the cookies used by HubSpot here: https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=230861184.4bd3953ce4cbf9ab5d4c6edd18ef4ab3.1493986648400.1493986648400.1493986648400.1&__hssc=230861184.1.1493986648400&__hsfp=2592471858
The legal basis for processing data with HubSpot is Article 6 (1a) GDPR (consent).
23. Questions to our data protection officer
If you require information, have any suggestions or complaints regarding the processing of your personal data, please send us an e-mail or contact our data protection officer directly, who you can reach as follows:
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
61118 Bad Vilbel
Phone: +49-6101-982 94 22