This data protection notice informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
No data is transferred to third parties without the consent of the data subject or without a legal basis.
Information on the handling of application data in the context of application procedures can be found in the section "Data protection information for applicants".
Orange Hive GmbH
60314 Frankfurt am Main
Laura Geisler, Steven Sasseville, Carsten Scheele
Tel.: +49 (0)69 15 04 66 000
Types of data processed:
- Inventory data (e.g., company name, contact persons, addresses)
- Contact data (e.g., e-mail, telephone numbers)
- Content data entered by the user on the website (e.g., message to Orange Hive)
- Usage data (e.g., web pages visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Processing of special categories of data (Art. 9(1) GDPR): In principle, no special categories of personal data are processed unless they are provided by users, e.g. when entering data in online forms.
Categories of data subjects:
- Customers, interested parties and business partners
- Visitors and users of the website
Hereafter, we also refer to the data subjects collectively as "users".
Purposes of processing:
- Provision of the online offer, its contents and functions.
- Answering contact requests and communication with users.
1. Relevant legal basis
1.1 In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection notices, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and to carry out (pre)contractual measures and respond to inquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 lit. (1) (d) GDPRserves as the legal basis.
2. Changes and updates to the data protection notice
We ask that you inform yourself regularly about the content of our data protection notice. We adapt the data protection information as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
3. Security measures
We take appropriate technical and organizational measures in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance.
4. Cooperation with processors and third parties
1. If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this shall only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b DSGVO), you have consented, a legal basis or obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
There is no unauthorized transfer of data to third parties without a legal basis.
If we commission third parties with the processing of data on the basis of a "contract processing agreement", this is done on the basis of Art. 28 GDPR or, in the case of service providers in third countries, in accordance with Art. 44 et seq. GDPR.
5. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data or have data processed in a third country if the special requirements of Art. 44 et seq. DSGVO, if an adequacy decision pursuant to Art. 45 DSGVO or appropriate safeguards pursuant to Art. 46 DSGVO are available.
Due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020), processing in the USA is only possible with your consent pursuant to Art. 6 (1) a DSGVO. A transfer to the USA in the sense of the European data protection level is not guaranteed with the declaration of invalidity.
Alternatively or additionally, by entering into the EU standard data protection clauses issued by the European Commission with the receiving entity, appropriate safeguards pursuant to Art. 46 (2) c) GDPR create an adequate level of data protection. Copies of the EU standard data protection clauses are available on the website of the European Commission, available here.
6. Rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Art. 16 GDPR the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 of the GDPR, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand restriction of the processing of the data.
You have the right to receive your personal data in accordance with Art. 20 GDPR, which we process, and to request its transfer to other data controllers (data portability).
You also have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.
7. Right of revocation
You have the right to revoke given consents according to Art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
You may object to the future processing of data relating to you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct marketing.
9. Cookies and right of objection in the case of direct advertising.
10. Deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR; unless expressly stated within the scope of this data protection notice, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and will not be processed for other purposes in the future. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements, storage is carried out in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.)
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b GDPR (pre-contractual/contractual measures).
The information of inquirers may be stored in our Customer Relationship Management System ("CRM System") or comparable inquiry organization.
Data transmitted via the contact form will be deleted as soon as it is no longer required for its intended purpose or you request us to delete it and the deletion does not conflict with any statutory retention obligations.
12. Collection of access data and log files
We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 10 working days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest).
13. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany. This service allows us to organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your e-mail address, is stored on the servers of rapidmail. The servers are located in Germany and Ireland.
Sending the newsletter with rapidmail allows us to analyze the behavior of the newsletter recipient. The analysis shows, among other things, how many recipients have opened their newsletter and with what frequency links in the newsletter were clicked. rapidmail supports conversion tracking in order to analyze whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on data analysis by rapidmail can be found at: https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform.
The data processing is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent with effect for the future is possible at any time. For the revocation, an informal message by e-mail or you unsubscribe via the "unsubscribe" link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation. To send our newsletter, we require a valid e-mail address from you, which we verify beforehand. To verify the registration, we use the double opt-in procedure. You will receive an e-mail to the address you provided, in which you will be asked to confirm the registration. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
If you do not wish to have your data analyzed by rapidmail, you must unsubscribe from the newsletter. To unsubscribe, it is sufficient to send us an informal message by e-mail or to unsubscribe via the "unsubscribe" link in the newsletter.
Data entered to set up the subscription will be deleted from our servers and the servers of rapidmail in case of unsubscription. Should this data have been transmitted to us for other purposes and elsewhere, it will continue to remain with us and be stored for as long as it is required for the respective purpose. Should the purpose no longer apply and the data also does not need to continue to be stored due to legal retention periods, the data will be deleted.
Details of rapidmail's data protection policy can be found at: https://www.rapidmail.de/datenschutz.
Order processing: In order to fully comply with the legal data protection requirements, we have concluded an order processing contract with rapidmail pursuant to Art 28 DSGVO.
Data entered to set up the subscription will be deleted in the event of unsubscription. Should this data have been transmitted to us for other purposes and elsewhere, it will continue to remain with us and will be stored for as long as it is required for the respective purpose. If the purpose no longer applies and the data also does not need to continue to be stored due to legal retention periods, the data will be deleted.
15. Online presences in social media
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our data protection information, we process the data of users if they communicate with us voluntarily within the social networks and platforms, e.g., write posts on our online presences or send us messages.
On our website, there are links to the following social networks through which cookies are set.
The services in detail:
15.1 Facebook and Instagram
Our website is linked to the services Facebook and Instagram, which in turn set cookies when you access the corresponding site. The operating company of Facebook and Instagram is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
As explained in the Facebook and Instagram Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to Page operators to provide them with insights into how people interact with their Pages and with content associated with them. We have concluded a special agreement with Facebook as operator ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, address information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority), are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights".
Facebook website: https://www.facebook.com
Instagram website: https://www.instagram.com
Standard Contractual Clauses (ensuring level of data protection in case of processing in third countries):
Additional information: Shared Responsibility Agreement:
The legal basis for the processing of your personal data is Art 6 (1) lit. f GDPR - legitimate interest. Our legitimate interest is to provide you with further information beyond the content of our website with the link to our Facebook page.
When using this service, personal data may be transmitted to Facebook servers that are not located in the EU, e.g. in the USA. Due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020), an adequate level of data protection according to the GDPR is not guaranteed in the USA.
Our website links to the Behance service, which in turn sets cookies when you visit the relevant site. Behance is operated by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland.
The online platform "Behance" serves members of creative professions to present their work, at the same time it offers the possibility to see the creative works of others from the creative industry. The platform is operated by Behance's New York, NY offices and hosted exclusively in the US. Behance can be accessed directly through www.behance.net or by Adobe Creative Cloud subscribers ("Creative Cloud") from various locations within Creative Cloud.
Behance is a wholly owned subsidiary of Adobe Systems Incorporated. Any information you provide to Behance may be shared with other companies within the Adobe group of companies.
If you are logged into your Behance account while on our website, information about your site visits may be stored by Behance. If the data subject does not want this information to be transmitted, he or she can prevent it from being transmitted by logging out of his or her Behance account before accessing our website. Detailed information on Adobe's data protection can be found at: https://www.adobe.com/privacy/policy.html.
We have concluded a data access agreement with Behance for cloud services.
16. Data protection information for applicants
The responsible party for all data arising in connection with the application process is Orange Hive GmbH, Lindleystr. 12, 60314 Frankfurt am Main, Germany.
You can contact the Orange Hive data protection officer by e-mail to datenschutz[at]orangehive.de, in writing to our postal address with the addition of "the data protection officer" or by telephone at +49 (0)69 15 04 66 000.
Purpose and legal basis of processing
The processing of your data serves to process your application and is based on Art. 88 (1) DSGVO in conjunction with. (in conjunction with) Section 26 of the German Federal Data Protection Act (BDSG), according to which personal data may be processed, among other things, for purposes of the employment relationship or this is necessary for the decision on the establishment of an employment relationship, as well as Art. 6 (1) lit. b DSGVO - pre-contractual/contractual measures. In this context, your data will only be forwarded to the specialist departments responsible for the specific application procedure.
Your personal data will initially be stored for the duration of the application process and beyond that for a further 6 months and then deleted. If your application could be of interest for future job offers, we will store your application data for a further period of 24 months after you have expressly consented to such storage and use.
17. Cookies & Reach Measurement
Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. Cookies may be small files or other types of information storage.
We use "session cookies", which are only stored for the duration of the current visit to our online presence. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.
Technically necessary cookies are required so that the website can be used correctly.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
We maintain an online presence on Vimeo. For the integration and display of video content, our website uses plugins from Vimeo. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. We are jointly responsible with Vimeo for the collection of the following data (but not the further processing) of data from visitors to our Vimeo presence.
Vimeo can assign your surfing behavior directly to your personal profile. You have the option to prevent this by logging out beforehand.
The use of Vimeo is in the interest of an appealing presentation of our online offers. The legal basis for this is Art. 6 para. 1 lit. a DSGVO (consent).
We have concluded the EU standard data protection clauses in the controller-to-controller version with Vimeo.
Details on the handling of user data can be found in Vimeo's data protection notice at: https://vimeo.com/privacy.
19. Analysis tools & advertising
a) Google Analytics
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Demographic characteristics with Google Analytics
This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
b) Google Maps
The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO). The provision of your personal data is voluntary, based on your consent. If you prevent access, this may result in functional restrictions on the website.
By visiting the website, Google receives information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.
If you do not want the assignment in your profile at Google, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
We do not collect any personal data through the integration of Google Maps.
Google also processes your personal data in the USA. Regarding third country transfer, see also point 5. of this privacy notice.
If you do not want Google to collect, process or use data about you via our website, you can revoke your consent at any time in your cookie settings. If you prevent access, this may result in functional restrictions on the website.
c) Google Tag Manager (GTM)
The legal basis for the use of Google Tag Manager is Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interest is to use the most efficient way possible to activate/deactivate further services of our online offer.
Types of processing and types of data processed:
d) Google AdSense
The information obtained via cookies and web beacons - including your IP address - is transmitted to a Google server and stored there. In this context, a transmission to servers of Google LLC. In the USA is possible.
Google uses the information received to evaluate your user behavior with regard to AdSense ads. According to Google, your IP address transmitted via AdSense will not be merged with other Google data. Google may share this collected information with third parties if required by law or if Google commissions service providers.
The described processing of data takes place for the purpose of targeting the user by advertising third parties, whose ads are displayed on this website based on the evaluated user behavior. This also serves our economic interest in exploiting the potential of our website by displaying personalized third-party advertising content for a fee.
The legal basis for the processing of your data described above is your consent pursuant to Art. 6 (1) a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service here or by preventing it through an appropriate setting in your browser software or you can manage the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de
e) Google Ads (Adservices)
Our website uses Google Conversion Tracking. Here, the individual sales of a product ad are assigned and evaluated. The cookie for conversion tracking is set when a user clicks on an ad placed by Google.
If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Google Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. These cookies lose their validity after 30 days and are not used for personal identification.
Furthermore, the service collects information on user behavior for measuring the success and control of advertising campaigns as well as the control of personalized advertising. Cookie IDs and IP addresses are processed. The storage period is up to 540 days.
The processing is carried out in accordance with your consent (Art. 6 para. 1 lit. a DSGVO). In addition, you have the option to prevent processing (opt-out): https://www.youronlinechoices.com/de/praferenzmanagement/
If you do not want Google to collect, process or use data about you via our website, you can revoke your consent at any time in your cookie settings. If you prevent access, this may result in functional restrictions on the website.
If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain "googleleadservices.com" are blocked.
Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
20. Use of Cloudflare (Content Delivery Network)
Cloudflare is a content delivery network service provided by Cloudflare Inc (101 Townsend St., San Francisco, CA 94107, USA). With this service we increase the security, availability and performance of our website. For this purpose, your IP address as well as log file data (date, time) and system configuration information are stored.
We process this data with your consent in accordance with Art. 6 para. 1 lit. a DSGVO. In addition, there is a legitimate interest on our part to use Cloudflare to optimize our online presence and make it more secure.
When using this service, personal data may be transmitted to servers that are not located in the EU, e.g. in the USA, and where there is no adequate level of data protection. Due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020), processing is only possible with your consent pursuant to Art. 6 (1) lit. a DSGVO. A transfer in the sense of the European data protection level is not guaranteed with the declaration of invalidity.
The data will be deleted as soon as they are no longer required for the purpose. The storage period is 3 days.
You can find more information about this service here: https://www.cloudflare.com/privacypolicy/
21. Questions to the data protection officer
For information, suggestions and complaints regarding the processing of your personal data, please write us an e-mail or contact our data protection officer directly, who can be reached as follows:
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
61118 Bad Vilbel
Tel.: +49-6101-982 94 22
Status: 29. August 2022