The Dive Logo
The Dive Logo
Privacy Policy
From: March 2nd 2023
The Dive Logo

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and in external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Content

  • Preamble
  • Controller
  • Contact Data Protection Officer
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transmission of Personal Data
  • Data Processing in Third Countries
  • Data Deletion
  • Use of Cookies
  • Business Services
  • Providers and Services Used in the Course of Business Activities
  • Provision of Online Offerings and Web Hosting
  • Video Conferences, Online Meetings, Webinars, and Screen Sharing
  • Audio Content
  • Application Processes
  • Cloud Services
  • Newsletters and Electronic Notifications
  • Surveys and Polls
  • Online Marketing
  • Social Media Presence
  • Plugins and Embedded Functions as well as Contents

Responsible Parties:

Dr. Simon Berkler, Uli Schoop, Andreas Lerche

Authorized Representatives:

Dr. Simon Berkler, Uli Schoop, Andreas Lerche
Email Address: hello@thedive.com

Contact Data Protection Officer:

Gregor Klar
Email: datenschutz@thedive.com

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing, and refers to the affected individuals.

  • Types of Processed Data:
  • Inventory data
  • Payment data
  • Contact details
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Applicant data
  • Image and/or video recordings
  • Event data (Facebook)

Special Categories of Data

  • Health data
  • Data concerning sexual life or sexual orientation
  • Religious or philosophical beliefs
  • Data revealing racial or ethnic origin

Categories of Data Subjects

  • Customers
  • Employees
  • Prospective customers
  • Communication partners
  • Users
  • Applicants
  • Business and contractual partners
  • Students/participants
  • Participants
  • Individuals depicted in images

Purposes of Processing

  • Provision of contractual services and customer service
  • Handling of contact inquiries and communication
  • Security measures
  • Direct marketing
  • Audience measurement
  • Tracking
  • Office and organizational procedures
  • Conversion measurement
  • Audience targeting
  • Management and response to inquiries
  • Application processes
  • Feedback
  • Marketing
  • Profiling with user-related information
  • Provision of our online offering and user-friendliness
  • Information technology infrastructure

Relevant Legal Bases

Below you will find an overview of the legal bases of the GDPR under which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or for taking steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Application process as part of a pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) GDPR) - Where special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information on severe disabilities or ethnic origin) are requested from applicants in the context of the application process, their processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, in the case of protecting vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c GDPR, or for purposes of preventive or occupational medicine, for the assessment of the employee's working capacity, medical diagnosis, provision of health or social care, or management of health or social care systems and services according to Art. 9 para. 2 lit. h GDPR. In the case of voluntary consent-based disclosure of special categories of data, their processing is based on Art. 9 para. 2 lit. a GDPR.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany, including in particular the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains special regulations, in particular on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transfer, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), especially with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, security of availability, and separation thereof. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. We also consider data protection principles in the development or selection of hardware, software, and procedures, including privacy by design and by default.

TLS encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Transmission of Personal Data

As part of our processing of personal data, it may occur that data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include service providers commissioned with IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and in particular, conclude appropriate contracts or agreements with recipients of your data that serve to protect your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs in the context of using third-party services or disclosing/transferring data to other individuals, entities, or companies, this is done only in accordance with legal requirements.

Subject to explicit consent or contractual or legally required transfer, we process or allow the processing of data only in third countries with an adequate level of data protection recognized by the EU, contractual obligations through EU Commission-approved standard data protection clauses, certifications, or binding corporate rules (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Data Deletion

The data processed by us will be deleted in accordance with legal requirements as soon as the consents allowing processing are revoked or other permissions expire (e.g., if the purpose of processing the data no longer applies or they are not necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy policy may also contain additional information on the retention and deletion of data that apply primarily to specific processing activities.

Use of Cookies

Cookies are small text files or other storage technologies that store information on end devices and retrieve information from them. For example, they can store login status in a user account, shopping cart contents in an e-shop, accessed content, or functions used in an online offering. Cookies can also be used for various purposes, such as ensuring functionality, security, and user convenience of online offerings, as well as analyzing visitor traffic.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless this is not required by law. Consent is not required, in particular, if storing and retrieving information, including cookies, is essential for providing users with a telemedia service (i.e., our online offering) explicitly requested by them. Revocable consent is clearly communicated to users and includes information on the specific use of cookies.

Notes on legal bases for data protection: The legal basis for processing users' personal data using cookies depends on whether we ask for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if necessary for fulfilling our contractual obligations, if using cookies is required to fulfill our contractual obligations. We clarify the purposes for which cookies are processed during the course of this privacy policy or as part of our consent and processing procedures.

Storage duration: With regard to storage duration, cookies are classified into the following types:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
  • Persistent cookies: Persistent cookies remain stored even after the device is closed. For example, they can store login status or display preferred content directly when a user revisits a website. Data collected from cookies can also be used for audience measurement. If we do not provide explicit information on the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.
  • General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements under Art. 21 GDPR. Users can also declare their objection through their browser settings, e.g., by disabling the use of cookies (which may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Additional information on processing procedures, procedures, and services:
Processing of cookie data based on consent: We use a cookie consent management procedure through which users' consent to the use of cookies, or the processing and providers mentioned within the cookie consent management procedure, is obtained, managed, and revoked by users. The consent declaration is stored to avoid the need to repeat the request for consent and to be able to prove consent in accordance with legal obligations. Storage can be server-side and/or in a cookie (known as an opt-in cookie or similar technologies) to associate consent with a user or their device. Subject to individual information about providers of cookie management services, the following applies: The duration of consent storage can be up to two years. A pseudonymous user identifier is created, and information on the scope of consent (e.g., cookie categories and/or service providers), as well as the browser, system, and device used, are stored along with the time of consent.

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and similar legal relationships, as well as related measures and in communication with contractual partners (or pre-contractually), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, update obligations, and remedy warranty and other performance disruptions. Furthermore, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations and business organization. Additionally, we process the data based on our legitimate interests in proper and business-oriented management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities).

In accordance with applicable law, we only disclose contractual partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, such as for marketing purposes, within the scope of this privacy policy.

We inform contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, for example, for as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balance sheets, annual financial statements, the pertinent instructions for understanding these documents, and other organizational documents and booking vouchers, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, the booking voucher was created, the record was made, or the other documents were created.

To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.

  • Processed Types of Data: Master data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, telephone numbers); Contract data (e.g., contract subject matter, duration, customer category).
  • Special Categories of Personal Data: Health data (Art. 9(1) GDPR); Data on sexual life or sexual orientation (Art. 9(1) GDPR); Religious or philosophical beliefs (Art. 9(1) GDPR); Data revealing racial or ethnic origin (Art. 9(1) GDPR).
  • Data Subjects: Prospects; Business and contractual partners; Students/Participants; Customers.
  • Purposes of Processing: Provision of contractual services and customer service; Handling of contact inquiries and communication; Office and organizational procedures; Management and response to inquiries.
  • Legal Basis: Fulfillment of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Educational and Training Services: We process data of participants in our educational and training programs (collectively referred to as "trainees") to provide them with our training services. The data processed, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and training relationship. Processing methods also include performance evaluation and assessment of our services and those of the instructors. As part of our activities, we may also process special categories of data, particularly information regarding the health of the trainees and data revealing ethnic origin, political opinions, religious or philosophical beliefs. If necessary, we obtain explicit consent from the trainees for processing special categories of data, otherwise, we process these data only if it is necessary for the provision of training services, for health care purposes, social protection, or protection of vital interests of the trainees; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Coaching: We process data of our clients, prospective clients, and other contractors or business partners (collectively referred to as "clients") to provide them with our services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship. As part of our activities, we may also process special categories of data, particularly information regarding the health of the clients, potentially related to their sexual life or sexual orientation, and data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership. If necessary, we obtain explicit consent from the clients for processing special categories of data, otherwise, we process these data if it serves the health of the clients, the data are public, or other legal permissions exist. If required for contract performance, protection of vital interests, or legally mandated, and with consent from the clients, we disclose or transmit client data to third parties or agents, such as authorities, billing agencies, as well as in the areas of IT, office, or similar services; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Consulting: We process data of our clients, clients' representatives, prospective clients, and other contractors or business partners (collectively referred to as "clients") to provide them with our consulting services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship. If necessary for contract performance, protection of vital interests, or legally required, and with the clients' consent, we disclose or transmit client data to third parties or agents, such as authorities, subcontractors, or in the area of IT, office, or comparable services; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Online Courses and Online Training: We process data of participants in our online courses and online training programs (collectively referred to as "participants") to provide them with our course and training services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. The data typically include information about the courses and services taken and, as part of our service offering, personal specifications and results of the participants. Processing methods also include performance evaluation and assessment of our services as well as those of the course and training instructors; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Business Consulting: We process data of our customers, clients' representatives, prospective clients, and other contractors or business partners (collectively referred to as "customers") to provide them with our contractual or pre-contractual services, especially consulting services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and business relationship. If necessary for contract performance or legally required, and with the customers' consent, we disclose or transmit customer data to third parties or agents, such as authorities, courts, or in the area of IT, office, or comparable services; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Events and Occasions: We process data of participants in events, gatherings, and similar activities offered or organized by us (hereinafter collectively referred to as "participants" and "events") to enable their participation in the events and the utilization of associated services or actions related to participation. If we process health-related data, religious, political, or other special categories of data in this context, it is done based on public interest (e.g., for themed events) or for health care, security purposes, or with the consent of the data subjects. The required information is clearly marked as such during the contract, order, or comparable conclusion of the agreement and includes necessary details for service provision, billing, and contact information for communication purposes. Where we have access to information of end customers, employees, or other individuals, we process such data in accordance with legal and contractual requirements; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Architecture and Planning Services: We process data of our customers and clients (hereinafter collectively referred to as "customers") to enable them to select, purchase, or commission the chosen services or works, along with associated activities, payment, delivery, execution, or provision. In the course of our activities, we may also process special categories of data, particularly health-related information of customers. We obtain explicit consent from customers where necessary and process special categories of data only as required by our contractual obligations. The necessary information is clearly marked as such during the contract, order, or comparable conclusion of the agreement and includes necessary details for service provision, billing, and contact information for communication purposes; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Providers and Services Utilized in Business Operations

In our business operations, we use additional services, platforms, interfaces, or plugins from third-party providers (shortly "services"), observing legal requirements. Their use is based on our interest in proper, lawful, and economical management of our business operations and internal organization.

  • Processed Types of Data: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); contract data (e.g., subject matter of the contract, duration, customer category).
  • Affected Persons: Customers; prospects; users (e.g., website visitors, users of online services); business and contractual partners; employees (e.g., employees, applicants, former employees).
  • Purposes of Processing: Provision of contractual services and customer service; office and organizational procedures.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Additional Information on Processing Processes, Procedures, and Services:
  • DATEV: Software for accounting, communication with tax consultants and authorities, and document storage; Service provider: DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, Germany; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: DATEV Online Applications; Privacy Policy: DATEV Privacy Policy; Data Processing Agreement: Provided by the service provider.

Provision of Online Services and Web Hosting

We process user data to provide them with our online services. To this end, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or end device.

  • Processed Types of Data: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services); customers.
  • Purposes of Processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); security measures; provision of contractual services and customer service.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, date and time of access, data volumes transferred, message about successful access, browser type and version, user's operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider. Server log files can be used, on one hand, for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the server's utilization and stability; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be kept for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

  • STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: STRATO; Privacy Policy: STRATO Privacy Policy; Data Processing Agreement: Provided by the service provider.

  • Sentry: Monitoring of system stability and identification of code errors - Device information or error timestamps are collected pseudonymously and subsequently deleted; Service provider: Functional Software Inc., Sentry, 132 Hawthorne Street, San Francisco, California 94107, USA; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: Sentry; Security Measures: defined (undefined), undefined (undefined), undefined (undefined), undefined (undefined); Privacy Policy: Sentry Privacy Policy; Standard Contractual Clauses (Ensuring Data Protection Level for Processing in Third Countries): Sentry DPA.

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conference"). When selecting conference platforms and their services, we comply with legal requirements.

  • Data processed by conference platforms: During participation in a conference, the conference platforms process the following personal data of participants. The extent of processing depends on the data required for a specific conference (e.g., access data or real names) and optional information provided by participants. In addition to processing for the purpose of conducting the conference, participant data may also be processed by conference platforms for security purposes or service optimization. Processed data includes personal information (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about professional position/function, IP address of internet access, information about participants' devices, their operating system, browser, technical and language settings, information about content communication processes, i.e., inputs in chats, as well as audio and video data, and the use of other available functions (e.g., surveys). Communications content is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the conference platforms, additional data may be processed according to the agreement with the respective conference provider.

  • Logging and recordings: If text inputs, participation results (e.g., from surveys), as well as video or audio recordings are logged, participants are transparently informed in advance and, if necessary, asked for consent.

  • Data protection measures for participants: Please refer to the privacy notices of the conference platforms for details on how your data is processed, and choose the optimal security and privacy settings within the conference platform settings. During a video conference, please ensure data and personal privacy in the background of your recording (e.g., through informing household members, locking doors, and using background obfuscation features where technically possible). Links to conference rooms and access data must not be shared with unauthorized third parties.

Legal basis notes

If, in addition to conference platforms, we also process user data and ask users for their consent to use conference platforms or specific features (e.g., consent for recording conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing conversation results, etc.). Otherwise, user data is processed based on our legitimate interests in efficient and secure communication with our communication partners.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Content Data (e.g., inputs in online forms); Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Communication partners; Users (e.g., website visitors, users of online services); Depicted persons.
  • Purposes of Processing: Provision of contractual services and customer service; Contact inquiries and communication; Office and organizational procedures.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing processes, procedures, and services:

Audio Content

We utilize hosting and analysis services from service providers to offer our audio content for listening or download and to obtain statistical information about the access of the audio content.

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Conversion measurement (measurement of the effectiveness of marketing measures); Profiles with user-related information (creation of user profiles); Provision of our online offer and user-friendliness.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing processes, procedures, and services:

Application Process

The application process requires applicants to provide us with the necessary data for their evaluation and selection. The information required is specified in the job description or, in the case of online forms, in the provided fields.

Essentially, the required information includes personal details such as name, address, contact information, as well as evidence of qualifications necessary for the position. Upon request, we are happy to provide additional details about the required information.

Applicants can submit their applications via an online form, where data is transmitted to us encrypted using state-of-the-art technology. Alternatively, applicants can also submit their applications via email. However, please note that emails sent over the internet are generally not encrypted. While emails are typically encrypted during transit, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of the application between the sender and our server.

For the purpose of applicant search, submission of applications, and selection of candidates, we may use applicant management or recruitment software, platforms, and services provided by third parties, in compliance with legal requirements.

Processing of special categories of data: If special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data such as severe disability status or ethnic origin) are requested from applicants within the application process, the processing is carried out in accordance with Art. 9(2) GDPR. This includes processing necessary for exercising rights or fulfilling legal obligations in the field of employment law and social security and social protection law, safeguarding vital interests of applicants or other persons under Art. 9(2)(c) GDPR, or for purposes of preventive or occupational medicine, assessment of the working capacity of the employee, medical diagnosis, provision of health or social care or treatment, or management of health or social care systems and services under Art. 9(2)(h) GDPR. If the processing is based on voluntary consent of the applicant for special categories of data, it is carried out in accordance with Art. 9(2)(a) GDPR.

Data deletion: Data provided by applicants will be processed further in case of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, applicant data will be deleted. Applicants have the right to withdraw their application at any time, and their data will be deleted accordingly, unless a legitimate revocation is made by the applicant. Data will be deleted no later than six months after the application process ends, in order to respond to any follow-up questions regarding the application and to comply with our obligations under the equal treatment of applicants regulations. Invoices for any reimbursement of travel expenses will be archived in accordance with tax regulations.

Inclusion in an applicant pool: If offered, inclusion in an applicant pool is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the ongoing application process, and can be revoked at any time for the future.

  • Processed types of data: Inventory data (e.g., names, addresses); Contact details (e.g., email, phone numbers); Content data (e.g., entries in online forms); Applicant data (e.g., personal information, postal and contact addresses, application documents and the information contained therein, such as cover letters, CVs, certificates, as well as other information voluntarily provided by applicants regarding their person or qualifications in relation to a specific position).
  • Data subjects: Applicants.
  • Purposes of processing: Application process (establishment and potential subsequent execution as well as potential termination of the employment relationship).
  • Legal basis: Application process as pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) GDPR).

Additional information on processing procedures, methods, and services:
Kenjo: All-in-One platform for managing, communicating, and developing applicants and employees; Service provider: Kenjo GmbH, Urbanstraße 71, 10967 Berlin; Website: https://www.kenjo.io/en; Privacy Policy: https://www.kenjo.io/en/legal/privacy-policy.

Cloud Services

We use software services accessible via the internet and operated on the servers of their providers (so-called "cloud services," also referred to as "Software as a Service") for the storage and management of content (e.g., document storage and management, exchange of documents, content and information sharing with specific recipients, or publication of content and information).

Within this framework, personal data may be processed and stored on the servers of the providers, to the extent that they are part of communication processes with us or are otherwise processed by us as outlined in this privacy policy. This data may include master data and contact details of users, data on processes, contracts, and other procedures and their contents. The providers of cloud services also process usage data and metadata for security purposes and service optimization.

If we provide forms or other documents and content via the cloud services for other users or publicly accessible websites, the providers may store cookies on users' devices for purposes of web analysis or to remember user settings (e.g., in the case of media control).

  • Processed types of data: Inventory data (e.g., names, addresses); Contact details (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Image and/or video recordings (e.g., photographs or video recordings of a person).
  • Data subjects: Customers; Employees (e.g., employees, applicants, former employees); Interested parties; Communication partners; Users (e.g., website visitors, users of online services); Persons depicted.
  • Purposes of processing: Office and organizational procedures; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "Newsletter") only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described as part of the registration for the newsletter, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or additional information if necessary for the purposes of the newsletter.

Double opt-in procedure: The registration for our newsletter is generally carried out in a double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent someone from registering with someone else's email address. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

Deletion and restriction of processing: We can store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider with the dispatch of emails, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents:

Information about us, our services, promotions, and offers:

  • Processed data types: Inventory data (e.g., names, addresses); Contact details (e.g., email, phone numbers); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage data (e.g., visited websites, interest in content, access times).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or postal).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Opt-out option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a cancellation link at the end of each newsletter or can use one of the contact options provided above, preferably email.

Further information on processing procedures, methods, and services:

Surveys and Questionnaires

We conduct surveys and questionnaires to collect information for the respective communicated survey or questionnaire purpose. The surveys conducted by us (hereinafter "Surveys") are evaluated anonymously. Processing of personal data only occurs to the extent necessary for the provision and technical execution of the surveys (e.g., processing of IP address to display the survey in the user's browser or using a cookie to enable resumption of the survey).

  • Processed data types: Contact details (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Communication partners; Participants.
  • Purposes of processing: Feedback (e.g., collecting feedback via online form).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

Online Marketing

We process personal data for the purposes of online marketing, which includes the marketing of advertising space or the display of promotional and other content (collectively referred to as "content") based on potential user interests, as well as measuring their effectiveness.
For these purposes, user profiles are created and stored in a file (known as a "cookie") or similar methods are used to store information relevant to the user for displaying the aforementioned content. This information may include viewed content, visited websites, used online networks, as well as communication partners and technical details such as the browser used, the operating system used, as well as information on usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

We also store the IP addresses of users. However, we use available IP masking techniques (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear user data (such as email addresses or names) are not stored in the context of online marketing procedures, but pseudonyms are used. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is typically stored in cookies or similar methods. These cookies can also be read later on other websites that use the same online marketing procedure, for purposes of displaying content, analyzing them, supplementing them with additional data, and storing them on the server of the online marketing service provider.

In exceptional cases, clear user data may be associated with the profiles. This is the case, for example, if users are members of a social network whose online marketing procedures we use and the network links the users' profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, for example, by consenting during registration.

In principle, we only have access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

  • Processed data types: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Event data (Facebook) ("Event data" refers to data that may be transmitted to Facebook via Facebook pixel (via apps or other means) by us and relate to individuals or their actions; Data includes, for example, information about visits to websites, interactions with content, functions, app installations, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include actual content (such as posted comments), login information, or contact information (i.e., no names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from it are deleted with the deletion of our Facebook account).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest-based/behavioral profiling, use of cookies); Conversion measurement (measurement of the effectiveness of marketing measures); Audience targeting; Marketing; Profiles with user-related information (creation of user profiles); Provision of our online offering and user-friendliness.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Opt-out option: We refer to the privacy policies of the respective providers and the opt-out options provided for the providers (so-called "opt-out"). If no explicit opt-out option is provided, there is the possibility to deactivate cookies in the settings of your browser. However, this may restrict functions of our online offering. Therefore, we also recommend the following opt-out options, which are offered in summary for respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-border: https://optout.aboutads.info.

Services:

  • Facebook Pixel and Audience Targeting (Custom Audiences): Using the Facebook pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Facebook can determine visitors to our online offering as a target group for displaying ads (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display Facebook ads to users on Facebook and within services of Facebook's cooperating partners (known as the "Audience Network" https://www.facebook.com/audiencenetwork/) who have shown interest in our online offering or who exhibit certain characteristics (e.g., interest in specific topics or products visible from visited websites), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also aim to ensure that our Facebook ads correspond to potential user interests and do not appear intrusive. Additionally, the Facebook pixel allows us to track the effectiveness of Facebook advertisements for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion tracking"); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Further Information: User event data, i.e., behavioral and interest-related information, is processed for targeted advertising and audience targeting based on the joint responsibility agreement ("Controller Addendum," https://www.facebook.com/legal/controller_addendum). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, an EU-based company. Further data processing is the sole responsibility of Meta Platforms Ireland Limited, including the transfer of data to the parent company Meta Platforms, Inc., in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).

  • Google Ad Manager: We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform distinguishes itself by displaying ads in real-time based on presumed user interests. This allows us to display ads for and within our online offering more effectively to users, showing them ads that potentially match their interests. For example, if a user is shown ads for products they have shown interest in on other online platforms, this is referred to as "remarketing"; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Data processing terms for Google advertising products: Information on services, data processing terms between controllers, and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms; if Google acts as a processor, data processing terms for Google advertising products and standard contractual clauses for third-country transfers of data: https://business.safety.google/adsprocessorterms.

  • Pardot: Marketing automation for the acquisition of contacts, their management, audience targeting, and conversion tracking; Service provider: salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.salesforce.com/de; Privacy Policy: https://www.salesforce.com/de/company/privacy; Data processing addendum: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf; Standard contractual clauses (ensuring data protection level for processing in third countries): https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf; Further Information: Data transfer impact assessment & Salesforce Services: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/dpia-and-salesforce-services.pdf.

Social Media Presences (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with active users there or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, data of users within social networks is typically processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can in turn be used, for example, to place advertisements within and outside of the networks that presumably correspond to the interests of the users. For these purposes, cookies that store user behavior and interests are generally stored on users' computers. Additionally, data can also be stored in the user profiles independent of the devices used by the users (especially if users are members of the respective platforms and logged in).

For a detailed presentation of the respective processing methods and options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Even in the case of inquiries and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

  • Processed Data Types: Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact requests and communication; Feedback (e.g., collecting feedback via online form); Marketing.
  • Legal Basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

Plugins and Embedded Functions and Contents

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

Integration always presupposes that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for displaying this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags allow information such as visitor traffic on the pages of this website to be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, visit times, and other information regarding the use of our online offering, as well as be linked to such information from other sources.

  • Processed Data Types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness; Profiles with user-related information (creation of user profiles).
  • Legal Basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Google Fonts (access from Google server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to currency and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with Google Fonts' Cascading Style Sheets (CSS) and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user for accessing the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system versions of the website visitors, as well as the referral URL (i.e., the website where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referral URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API must adapt the user agent to generate the font appropriate for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts "Analytics" page. Finally, the referral URL is logged so that the data can be used for production maintenance and to generate an aggregated report on top integrations based on the number of font requests. According to Google's own information, none of the information collected by Google Fonts is used to create profiles of end users or to display targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Further information: https://developers.google.com/fonts/faq/privacy?hl=en.

  • YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Opt-out possibility (Opt-Out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for displaying advertising: https://adssettings.google.com/authenticated.

  • Vimeo: Video content; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-out possibility (Opt-Out): We would like to point out that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) and the opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en) or Google's settings for data use for marketing purposes (https://adssettings.google.com/).

  • SoundCloud Music Player Widget: SoundCloud Music Player Widget; Service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.

At TheDive, we constantly create new things.
Stay up to date with our newsletter!

Subscribe now!