This data protection notice informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as "Online Offer"). With regard to the terminology used, such as "personal data" or its "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).
No data is transferred to third parties without the consent of the data subject or without a legal basis.
Information on the handling of application data in the context of application procedures can be found in the section "Data protection information for applicants".
Orange Hive GmbH
60314 Frankfurt am Main
Laura Geisler, Steven Sasseville, Carsten Scheele
Tel.: +49 (0)69 15 04 66 000
Types of data processed:
- Inventory data (e.g., company name, contact persons, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data entered by the user on the website (e.g., message to Orange Hive).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9(1) GDPR): In principle, no special categories of personal data are processed, unless they are supplied to the processing by the users, e.g. entered in online forms.
Categories of data subjects:
- Customers, interested parties and business partners.
- Visitors and users of the website.
Hereafter, we also refer to the data subjects collectively as "users".
Purposes of processing:
- Provision of the online offer, its contents and functions.
- Answering contact requests and communication with users.
1. Relevant legal basis
1.1 In accordance with Article 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection notice, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfill our services and carry out (pre)contractual measures and respond to inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
2. changes and updates to the data protection notice
We ask you to inform yourself regularly about the content of our data protection notice. We adapt the data protection information as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
3. security measures
We take appropriate technical and organizational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access concerning them, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 of the GDPR).
4. Cooperation with processors and third parties
1. insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this shall only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b DSGVO), you have consented, a legal basis or obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
There is no unauthorized data transfer to third parties without a legal basis.
If we commission third parties with the processing of data on the basis of a "contract processing agreement", this is done on the basis of Art. 28 DSGVO or, in the case of service providers in third countries, in accordance with Art. 44 et seq. DSGVO.
5. transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur if it is done in order to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO, if an adequacy decision pursuant to Art. 45 DSGVO or appropriate safeguards pursuant to Art. 46 DSGVO are available.
Due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020), processing in the USA is only possible with your consent pursuant to Art. 6 (1) a DSGVO. A transfer to the USA in the sense of the European data protection level is not guaranteed with declaration of invalidity.
Alternatively or additionally create by the conclusion of the EU standard data protection clauses issued by the European Commission with the receiving entity appropriate guarantees under Art. 46 (2) c) DSGVO and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the website of the European Commission, available here.
6. rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to be informed about this data and to receive further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted without delay or, alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request its transfer to other data controllers (data portability).
You also have the right, pursuant to Art. 77 DSGVO, to lodge a complaint with the competent supervisory authority.
7. right of revocation
You have the right to revoke given consents pursuant to Art. 7 (3) DSGVO with effect for the future.
8. right of objection
You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.
9. Cookies and right of objection in the case of direct advertising.
Please note that in this case not all functions of this online offer can be used.
10. deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO unless expressly stated in the context of this data protection notice, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and will not be processed for other purposes in the future. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements, data is stored in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b) DSGVO (pre-contractual/contractual measures).
The information of inquirers may be stored in our Customer Relationship Management System ("CRM System") or comparable inquiry organization.
Data transmitted via the contact form will be deleted as soon as they are no longer required for their intended purpose or you request us to delete them and the deletion does not conflict with any statutory retention obligations.
12. collection of access data and log files
We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 10 working days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
The legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interest).
13. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
We use RapidMail to send newsletters. The provider is RapidMail rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany . This service allows us to organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your e-mail address, is stored on RapidMail's servers. Server locations are Germany and Ireland, respectively.
Sending the newsletter with RapidMail allows us to analyze the behavior of the newsletter recipient. The analysis reveals, among other things, how many recipients opened their newsletter and with what frequency links in the newsletter were clicked. RapidMail supports conversion tracking to analyze whether a previously defined action, such as a product purchase, occurred after a link was clicked. Details on data analysis by RapidMail can be found at: https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform.
Data processing is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent with effect for the future is possible at any time. For the revocation, an informal message by e-mail or you unsubscribe via the "unsubscribe" link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation. To send our newsletter, we require a valid e-mail address from you, which we verify beforehand. To verify the registration, we use the double opt-in procedure. You will receive an e-mail to the address you provided, in which you will be asked to confirm the registration. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
If you do not want RapidMail to analyze your data, you must unsubscribe from the newsletter. To unsubscribe, it is sufficient to send us an informal message by e-mail or to unsubscribe via the "unsubscribe" link in the newsletter.
Data entered to set up the subscription will be deleted from our servers and RapidMail's servers in case of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will still remain with us and will be stored for as long as it is required for the respective purpose. If the purpose ceases to apply and the data also does not need to continue to be stored due to legal retention periods, the data will be deleted.
Details of RapidMail's data protection policy can be found at: https://www.rapidmail.de/datenschutz.
Order processing: In order to fully comply with the legal data protection requirements, we have concluded an order processing agreement with RapidMail pursuant to Art 28 DSGVO.
Data entered to set up the subscription will be deleted in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will continue to remain with us and will be stored for as long as is necessary for the respective purpose. If the purpose no longer applies and the data also does not need to continue to be stored due to legal retention periods, the data will be deleted.
15. online presences in social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our data protection information, we process the data of users if they communicate with us voluntarily within the social networks and platforms, e.g. write posts on our online presences or send us messages.
On our website, there are links to the following social networks through which cookies are set.
The services in detail:
15.1 Facebook and Instagram
Our website contains a link to the services Facebook and Instagram, which in turn set cookies when you access the corresponding site. The operating company of Facebook and Instagram is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data of visitors to our Facebook or Instagram page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy) or in the Instagram Data Policy: help.instagram.com/519522125107875/?maybe_redirect_pol=0), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy
) or in the Instagram Data Policy: help.instagram.com/519522125107875/
As explained in the Facebook and Instagram Data Policies under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to Page operators to provide them with insights into how people interact with their Pages and with content associated with them. We have concluded a special agreement with Facebook as operator ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, address information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority), are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights"
Standard Contractual Clauses (ensuring level of data protection in case of processing in third countries):
Additional information: Shared Responsibility Agreement:
The legal basis for processing your personal data is Art 6 (1) f) DSGVO - legitimate interest. Our legitimate interest is to provide you with further information about diabetes beyond the content of our website with the link to our Facebook page.
When using this service, personal data may be transmitted to Facebook servers that are not located in the EU, e.g. in the USA. Due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020), an adequate level of data protection according to the GDPR is not guaranteed in the USA.
Our website contains a link to the Behance service, which in turn sets cookies when you access the corresponding site. The operating company of Behance is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Budiness Campus, Saggart D24, Dublin Ireland.
The online platform "Behance" serves members of creative professions to present their work, at the same time it offers the possibility to see the creative works of others from the creative industry. The platform is operated by Behance's New York, NY offices and hosted exclusively in the US. Behance can be accessed directly through www.behance.net or by Adobe Creative Cloud subscribers ("Creative Cloud") from various locations within Creative Cloud.
Behance is a wholly owned subsidiary of Adobe Systems Incorporated. Any information you provide to Behance may be shared with other companies within the Adobe group of companies.
If you are logged into your Behance account while on our website, information about your site visits may be stored by Behance. If the data subject does not want this information to be transmitted, he or she can prevent it from being transmitted by logging out of his or her Behance account before accessing our website. Detailed information on Adobe's data protection can be found at: https://www.adobe.com/privacy/policy.html.
We have concluded a data access agreement with Behance for cloud services.
16. data protection information for applicants
The data controller for all data arising in connection with the application process is Orange Hive GmbH, Lindleystr. 12, 60314 Frankfurt am Main, Germany.
You can contact the Orange Hive data protection officer by e-mail to datenschutz [at]orangehive.de, in writing to our postal address with the addition of "the data protection officer" or by telephone on +49 (0)69 15 04 66 000.
Purpose and legal basis of processing
The processing of your data serves to process your application and is based on Art. 88 (1) DSGVO in conjunction with. (in conjunction with) Section 26 of the German Federal Data Protection Act (BDSG), according to which personal data may be processed, among other things, for the purposes of the employment relationship or this is necessary for the decision on the establishment of an employment relationship. Your data will only be forwarded to the departments responsible for the specific application procedure.
Your personal data will initially be stored for the duration of the application process and beyond that for a further 6 months, after which it will be deleted. If your application could be of interest for future job offers, we will store your application data for a further period of 24 months after you have expressly consented to such storage and use.
17. Cookies & Reach Measurement
Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. Cookies may be small files or other types of information storage.
We use "session cookies", which are only stored for the duration of the current visit to our online presence. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.
Technically necessary cookies are required so that the website can be used correctly.
The legal basis for the use of marketing cookies is Art. 6 para. 1 lit. a DSGVO (consent).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
We maintain an online presence on Vimeo. For the integration and display of video content, our website uses plugins from Vimeo. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA We are jointly responsible with Vimeo for the collection of the following data (but not the further processing) of data of visitors to our Vimeo presence.
Vimeo can assign your surfing behavior directly to your personal profile. You have the option to prevent this by logging out beforehand.
The use of Vimeo is in the interest of an appealing presentation of our online offers. The legal basis for this is Art. 6 para. 1 lit. a DSGVO (consent).
We have concluded the EU standard data protection clauses in the controller-to-controller version with Vimeo.
Details on the handling of user data can be found in Vimeo's data protection notice at: https://vimeo.com/privacy.
19. analysis tools & advertising
a) Google Analytics
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Demographic characteristics with Google Analytics
This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
b) Google Analytics 4.0
We also use Google Analytics Version 4.0 from Google Ireland Ltd - see above. Google processes personal user data, unless you have previously objected to this use in your Google account. In this case, Google creates user profiles based on various data such as client ID, device used, last online status, among others also on those of Google Signals, which collects and can evaluate cross-device tracking data. Google can use this information to evaluate, for example, whether users first came across our website and how this occurred - for example, via an ad - or whether further interactions followed the website visit - for example, the installation of an app or purchases. We only receive statistical, anonymized information from Google in order to optimize our websites and our offer. Your data will be deleted after 2 months.
If, in the course of using our website, data such as your user activity is transferred to servers of the Google company and processed and stored outside the European Union, e.g. in the USA, this is only possible with your consent in accordance with Art. 6 (1) a DSGVO due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020) processing.
You can find more information about Google's data protection here: https://policies.google.com/privacy?hl=de&gl=de
c) Google Maps
The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO). The provision of your personal data is voluntary, based on your consent. If you prevent access, this may result in functional restrictions on the website.
By visiting the website, Google receives information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.
If you do not want the assignment in your profile at Google, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
We do not collect any personal data through the integration of Google Maps.
Google also processes your personal data in the USA. Regarding third country transfer, see also point 5. of this privacy notice.
If you do not want Google to collect, process or use data about you via our website, you can revoke your consent at any time in your cookie settings. If you prevent access, this may result in functional restrictions on the website.
d) Google Tag Manager (GTM)
The legal basis for the use of Google Tag Manager is Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interest is to use the most efficient way possible to activate/deactivate further services of our online offer.
Types of processing and types of data processed: privacy.google.com/businesses/adsservices
20. questions to the data protection officer
For information, suggestions and complaints regarding the processing of your personal data, please write us an e-mail or contact our data protection officer directly, who can be reached as follows:
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
61118 Bad Vilbel
Tel.: +49-6101-982 94 22