Data Protection

1. General Information on Data Processing

This privacy policy explains how we collect, process, and protect personal data when you use our websites and services. Personal data means any information relating to an identified or identifiable natural person, such as name, email address, or user behavior.

We implement appropriate technical and organizational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Our security measures are regularly reviewed and adapted to technological developments.

2. Controller

The controller responsible for data processing pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is:

catworkx GmbH

Raboisen 5, 20095
Hamburg
Germany

Email: info-de@catworkx.com
(see imprint)

3. Data Protection Officer

You can contact our data protection officer at:

Email: datenschutz@catworkx.de

or by post at the above address, adding

“Attn: Data Protection Officer”.

4. Data Subject Rights

You have the following rights with regard to the processing of your personal data, provided the legal requirements are met:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object to processing (Art. 21 GDPR)

If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time with effect for the future.

4.1 Right to object in the case of processing based on legitimate interests

Where your personal data is processed on the basis of Art. 6(1)(e) GDPR (processing in the public interest) or Art. 6(1)(f) GDPR (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to such processing, including profiling based on these provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

4.2 Right to object to direct marketing

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including related profiling, pursuant to Art. 21(2) GDPR.

If you object, your personal data will no longer be processed for direct marketing purposes.

4.3 Right to lodge a complaint

You also have the right to lodge a complaint with a competent data protection supervisory authority regarding the processing of your personal data.

5. Collection of Personal Data When Visiting Our Website

When you use our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we collect only the personal data that your browser transmits to our server.

This data is technically necessary to display our website correctly and to ensure its stability and security. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interests).

The data processed includes in particular:

• IP address of the requesting device
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Amount of data transferred
• Website from which the request originates
• Browser type and version
• Operating system and interface
• Language settings

We do not use this data to draw conclusions about your identity.

6. Contact by Email or Contact Form

When you contact us by email or via a contact form, we process the personal data you provide (e.g. name, email address, telephone number) in order to respond to your inquiry.

The legal basis for processing mandatory information is Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper handling of your inquiry and in the performance of our business activities.

Information marked as mandatory is required to process your request. Any additional information you provide is voluntary and is processed on the basis of your consent pursuant to Art. 6(1)(a) GDPR. This information is used solely to specify your request and to improve its processing.

If you provide contact details (such as an email address or telephone number), you also consent to us contacting you via these communication channels in order to respond to your inquiry. You may revoke this consent at any time with effect for the future.

The personal data collected in the course of contacting us will be deleted once your request has been fully processed and no further communication is required or requested by you, provided that no statutory retention obligations apply.

7. Newsletter

7.1 Subscription and dispatch

On our websites, you can subscribe to our newsletter, which we use to inform you about our company activities, services, offers, promotions, events and similar topics.

The legal basis for sending the newsletter is your consent pursuant to Art. 6(1)(a) GDPR.

We use the single opt-in procedure for marketing information registration. If you do not agree to receiving marketing information, your data will only be used for processing your request.

Mandatory information for subscribing to marketing information is your first name, last name, email, country, company and phone number. This information is used to personalize the kind of information we send to you.

We store your information for the purpose of sending the newsletter until you withdraw your consent.

To be able to prove that you have given consent, we also store:

• the IP address used at the time of registration,
• the date and time of registration and confirmation.

This data is stored for up to four years after you unsubscribe, based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 7(1) GDPR (statute of limitations).

You may withdraw your consent to receive the newsletter at any time. You can unsubscribe via the link provided in every newsletter email or by sending an email to info-de@catworkx.com.

7.2 Newsletter tracking

When sending the newsletter, we analyze statistical information such as open rates and click rates to improve our newsletter content and optimize our communication.

For this purpose, the newsletter emails contain so-called tracking pixels or web beacons, which are loaded when the email is opened. The following technical information may be processed:

• browser type,
• time of opening,
• IP address.

We do not assign opening or click rates to individual recipients and do not evaluate them on a personalized basis.

The legal basis for newsletter tracking is your consent pursuant to Art. 6(1)(a) GDPR. Please note that revoking your consent to tracking also means unsubscribing from the newsletter, as separate revocation is not technically possible.

Tracking data is stored for the duration of your newsletter subscription. After unsubscribing, the data is anonymized and used solely for statistical purposes.

7.3 Newsletter (or Marketing Automation) service provider (Hubspot)

We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc, 25 First St 2nd Floor Cambridge, MA, USA. The company has its European headquarters in Ireland at Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland.

This is an integrated software solution that covers various aspects of online marketing. Among other things, Hubspot enables us to manage existing and potential customers and customer contacts. With HubSpot CRM, we can record, sort, and analyze customer interactions via email, social media, and phone across multiple channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g., newsletter mailings). With HubSpot CRM, we are also able to record and analyze the user behavior of our contacts on our website.

HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device, and enable us to analyze your use of the website. HubSpot evaluates the information collected (e.g., IP address, geographical location, type of browser, duration of the visit, and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited.

Information collected by HubSpot is stored on the servers of HubSpot's service providers. The processing of personal data exclusively within the EU is contractually agreed. Nevertheless, we would like to point out that it cannot be completely ruled out that personal data may be transferred to the USA or that US security authorities may gain access to it.

For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: http://www.dataprivacyframework.gov/s/participant-search This means that any data transfer to the USA is unobjectionable due to the current adequacy decision of the European Commission of July 10, 2023.

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Art. 46 para. 2 lit. c) GDPR have also been agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. The Data Processing Agreement, which corresponds to the standard contractual clauses, can be found at https://legal.hubspot.com/dpa.

Purpose and legal basis

Data is only collected and stored with your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. This can be revoked at any time with effect for the future.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot CDN: https://legal.hubspot.com/de/privacy-policy.

You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings. You can object to the processing of your personal data at any time with effect for the future.

Further information on data protection can be found in HubSpot's privacy policy: HubSpot privacy policy, HubSpot information on the EU GDPR, and information on the cookies used by HubSpot.

8. Provision of Technical Articles and Initial Consultation

As part of our company presence on various platforms (e.g. LinkedIn or XING), we occasionally provide specialist articles or offer an initial consultation on technical or professional topics.

In order to provide these technical articles and consulting services, we collect certain personal data from you, which we use for advertising and marketing communication purposes. This includes contacting you by email or via direct messages on profession-related networks such as LinkedIn or XING.

The processing of your personal data is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Providing your personal data and granting consent to promotional contact is voluntary. If you do not wish to provide your personal data or do not consent to promotional contact, you are free not to make use of our specialist content or consulting offers.

You may revoke your consent at any time with effect for the future. Your revocation may be submitted informally, for example by email, to:

info-de@catworkx.com

We will implement your revocation without delay.

The personal data collected in connection with the provision of technical articles and the initial consultation will be stored until you revoke your consent, unless statutory retention obligations apply.

9. Events, Trainings & Webinars

9.1 General Information

You have the option to register for various events, trainings and webinars via our website. In order to register for and conduct the respective event, we process the personal data required for this purpose.

The legal basis for processing your personal data is the performance of the event contract pursuant to Art. 6(1)(b) GDPR.

9.2 Follow-up communication after events

After participating in an event, we may contact you by email with additional information related to the event, such as useful links or the recording of the session.

In addition, we may contact you with information about similar offers that may be of interest to you and provide the option of personal contact.

The legal basis for this processing is Art. 6(1)(b) GDPR for event-related communication and Art. 6(1)(f) GDPR in conjunction with §7(3) UWG for promotional follow-up communication.

Your data will be stored for as long as necessary for the purposes described above or until you object to the processing, unless statutory retention obligations require longer storage.

You may object to the use of your email address for this purpose at any time with effect for the future.

9.3 Voluntary information during registration

If we request information during event registration that is not strictly necessary, this information is used exclusively for:

• organization,
• implementation, and
• improvement of our events.

Providing this information is voluntary and based on your consent pursuant to Art. 6(1)(a) GDPR.
You may revoke your consent at any time with effect for the future.

9.4 Digital events and webinars

For the implementation of digital events and webinars, we use external services such as provided by Zoom by Zoom Video Communication, Inc., GoToWebinar by GoTo Technologies USA, Inc., or Teams Webinar by Microsoft.

Personal data may be transferred to countries outside the EU or EEA, in particular the USA. Please note that the level of data protection in these countries may not correspond to EU standards.

The use of such services is necessary for the performance of the respective event pursuant to Art. 49(1)(b) GDPR.
The privacy notices of the respective providers are made available to you during the registration process.

9.5 Active participation and visibility

To promote interaction during digital events, participants may actively participate (e.g. speaking, video, chat). In this case, your name and, depending on settings, your image may be visible to other participants.

We explicitly inform you of this prior to the event and obtain your consent pursuant to Art. 6(1)(a) GDPR. Participation is voluntary, and you may always choose to participate passively.

If an event is published via our YouTube channel, personal interactions are removed in advance. You will receive a link to the recording by email after the event.

9.6 Atlassian trainings

In the context of Atlassian trainings, personal data (name, first name, email address) is transferred to Atlassian Pty Ltdfor:

• provision of a virtual test environment,
• issuance of participant certificates.

Data may be processed outside the EU or EEA. The transfer is necessary for the performance of the booked training pursuant to Art. 49(1)(b) GDPR.

10. Customer Portals and Systems

10.1 catworkx Ticket System (Jira)

Customers may create an account to access our support system. Registration is voluntary but may be required to use certain services.

Processed data includes:

• salutation,
• first name,
• last name,
• email address (username),
• password.

Registration is completed using the double opt-in procedure.

The legal basis for processing is Art. 6(1)(a), (b) and (f) GDPR.

10.2 catworkx Project System (Confluence)

Customers may create an account to access our wiki system. The registration and data processing conditions correspond to those of the ticket system.

The legal basis for processing is Art. 6(1)(a), (b) and (f) GDPR.

10.3 catworkx Helpdesk

If you contact our helpdesk, a support ticket is created and processed. Only data necessary to handle your request is processed.

The legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted three years after final processing of your request.

10.4 catworkx Documentations (information-only website)

This website is used purely for informational purposes and does not offer a customer login.

We only process technically necessary server log data pursuant to Art. 6(1)(f) GDPR (stability and security).

11. Applications

11.1 Purpose and legal basis

You can apply to us online via our website. If you apply by email, please note that sending unencrypted emails or email attachments is not secure.

We process your personal data for the purpose of carrying out the application process.
The legal basis for data processing is Section 26(1) in conjunction with Section 26(8) sentence 2 of the German Federal Data Protection Act (BDSG).

In addition, your personal data may be processed if this is necessary for the defense against asserted legal claims arising from the application process. The legal basis for this processing is Art. 6(1)(f) GDPR. These purposes also constitute our legitimate interest.

If an employment relationship is established, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26(1) BDSG.

11.2 Forwarding and extended storage with consent

With your consent, we may:

• forward your application data to affiliated companies, or
• store your application data for a longer period if we currently cannot offer you a position but consider your application suitable.

The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR.
You may revoke your consent at any time with effect for the future.

11.3 Storage period

There will be no processing of your application data beyond the purposes described above.

Your personal data will be deleted no later than six months after completion of the application process, provided that:

• no other legitimate interests oppose deletion, and
• you have not given consent for longer storage.

A legitimate interest in this sense may exist, for example, due to obligations to provide evidence under the General Equal Treatment Act (AGG).

11.4 Contact regarding vacancies and application process

If you would like us to contact you in advance or if you have questions about vacancies or the application process, you may use a contact form provided for this purpose.

We process the personal data you provide exclusively to respond to your inquiry.
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in handling your request.

Mandatory information is marked accordingly. Any additional information you provide is voluntary and processed on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

If you provide contact details (e.g. email address or telephone number), you also consent to us contacting you via these channels to respond to your inquiry. You may revoke this consent at any time with effect for the future.

Your data will be deleted once your request has been fully processed and no further communication is required, provided that no statutory retention obligations apply.

12. Cookies

When you use our website, cookies are stored on your device. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. Through these cookies, certain information is transmitted to the entity that sets the cookie.

Cookies cannot execute programs or transmit viruses to your device. They are used to make our website more user-friendly, effective and secure. In some cases, cookies are also used to recognize you on subsequent visits, for example if you have a user account. This allows you to remain logged in across visits without having to log in again each time.

12.1 Types of cookies used

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies

Transient cookies are automatically deleted when you close your browser. These include, in particular, cookies that store language settings or other temporary preferences.

Persistent cookies

Persistent cookies are stored on your device for a specified period of time and are automatically deleted after that period expires. The storage duration may vary depending on the cookie. You can delete persistent cookies at any time via the security settings of your browser.

Flash cookies

We do not use Flash content on our websites. Accordingly, no Flash cookies are set.

12.2 Cookie settings and prevention

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that if you do so, some functions of this website may not be fully available.

12.3 Legal basis and storage period

The legal basis for the processing of personal data using cookies and the respective storage periods depend on the specific type of cookie and its purpose.

Information on the individual cookies used, their purposes, storage periods and legal bases can be found in the relevant sections of this privacy policy and, where applicable, in our cookie consent management tool.

13. Website Analysis and Error Logging

In order to ensure the secure and error-free operation of our website, we process certain technical data for the purpose of analyzing errors and malfunctions.

In the event of technical errors, log files are evaluated for error analysis. The following data may be processed in this context:

• IP address of the request
• date and time of the request
• time zone difference to Greenwich Mean Time (GMT)
• content of the request (specific page)
• access status / HTTP status code
• amount of data transferred
• referring website
• browser type and version
• operating system and interface
• language settings

The processing of this data is strictly limited to what is necessary for error analysis and the secure operation of the website.

Log files used for error analysis are stored for a maximum period of seven (7) days and are then automatically deleted.

Legal basis:

The processing of personal data for the purpose of website analysis and error logging is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Our legitimate interest lies in the secure, stable and technically reliable operation of our website.

14. Web Analytics and Tracking

14.1 Google Analytics

If you have given your consent, we use Google Analytics, a web analytics service provided by Google LLC.

For users in the European Union and the European Economic Area, the responsible service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies that enable an analysis of your use of our website. The information generated by these cookies about your use of this website is generally transmitted to a Google server in the United States and stored there.

14.1.1 IP anonymization

We use Google Analytics exclusively with activated IP anonymization (“anonymizeIP”).
As a result, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

14.1.2 Data processed by Google Analytics

During your visit to our website, the following data may be processed in particular:

• pages accessed and navigation behavior (“click path”)
• achievement of defined website goals
  (e.g. newsletter registrations, downloads)
• user behavior
  (e.g. clicks, dwell time, bounce rates)
• approximate geographic location (region)
• IP address (shortened)
• technical information about browser and end devices
  (e.g. language settings, screen resolution)
• internet service provider
• referrer URL (previously visited website)

14.1.3 Purposes of processing

The use of Google Analytics serves the following purposes:

• analysis of website usage
• evaluation of the performance of our website
• measurement and optimization of our marketing and campaign activities

14.1.4 Recipients and transfer to third countries

The recipient of the data is Google Ireland Limited as a processor.

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.

It cannot be ruled out that Google LLC and, where applicable, US authorities may access the data stored by Google.

Personal data is transferred to the USA only on the basis of your consent.

Please note that the level of data protection in the USA does not correspond to that of the EU or the EEA.

14.1.5 Storage period

The data sent by us to Google Analytics and linked to cookies is automatically deleted after 14 months.

The deletion of data whose retention period has expired occurs automatically once a month.

14.1.6 Legal basis and revocation

The use of Google Analytics is based exclusively on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

You may revoke your consent at any time with effect for the future by:

• accessing the cookie settings and changing your selection there, or
• not giving your consent to the use of Google Analytics.

Without your consent, Google Analytics will not be used.

14.1.7 Further information

Further information on Google Analytics terms of use and Google’s data protection provisions can be found at:

• https://marketingplatform.google.com/about/analytics/terms/
• https://policies.google.com/
  

14.2 Matomo

When saving your cookie settings, two independent tracking pixels are transmitted to the domain http://matomo.synaigy.io , which is operated by TIMETOACT GROUP GmbH.

The collection and processing of this data is carried out in order to ensure the stable and error-free functionality of our website, in particular in connection with campaigns, landing pages and the initial access to our website.

Only the loss rate within the web analysis is determined. For this purpose, the following information is recorded:

• the current URL accessed
• the consent or rejection of the individual consent categories

No personal data is collected. In particular, no user profiles are created and no conclusions can be drawn about individual users or their browsing behavior.

14.2.1 Purpose of processing

The processing serves exclusively to ensure the technical functionality and reliability of our website and to evaluate whether consent settings are correctly applied when users first access our website.

14.2.2 Legal basis

The processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Our legitimate interest lies in ensuring the secure, technically error-free operation of our website and the correct functioning of consent-dependent services.

14.2.3 Recipients

The data is processed by:

• TIMETOACT GROUP GmbH

as a technical service provider.

14.2.4 Storage period

No personal data is stored.

The recorded information is used exclusively for technical analysis and is not stored beyond what is technically necessary.

 

14.3 Microsoft Clarity

If you have given your consent, we use Microsoft Clarity, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and operated by TIMETOACT GROUP GmbH.

Microsoft Clarity helps us understand how visitors interact with our website and enables us to optimize usability and content. In particular, Clarity records interactions such as mouse movements, clicks, scrolling behavior and general usage patterns.

14.3.1 Data processed

Microsoft Clarity uses cookies and similar technologies to collect information about user behavior and end devices. The following data may be processed in particular:

• IP address (in anonymized form)
• device type and operating system
• browser information
• screen resolution
• language settings
• interaction data (e.g. mouse movements, clicks, scrolling behavior)

The data is processed in a pseudonymized form and used exclusively for analytical and statistical purposes.

14.3.2 Purposes of processing

The use of Microsoft Clarity serves the following purposes:

• analysis of user behavior on our website
• identification of usability issues
• optimization of website structure and content

14.3.3 Legal basis and revocation

The processing of personal data in connection with Microsoft Clarity is carried out exclusively on the basis of your consent pursuant to:

• Art. 6(1)(a) GDPR, and

• Section 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on your end device.

You may revoke your consent at any time with effect for the future via the cookie settings.
The lawfulness of the processing carried out until the time of revocation remains unaffected.

14.3.4 Recipients and transfer to third countries

Microsoft processes data partly in the United States.

A transfer of personal data to third countries, in particular the USA, cannot be ruled out.

Please note that the level of data protection in the USA may not correspond to that of the EU or the EEA.
Data is transferred only if you have given your consent.

14.3.5 Further information

Further information on data protection at Microsoft can be found at:

• Microsoft Privacy Statement:
  https://privacy.microsoft.com/privacystatement
• Microsoft Clarity Terms & FAQ:
  https://clarity.microsoft.com/terms

14.3.6 Recipients

The data is processed by:

• TIMETOACT GROUP GmbH

as a technical service provider.

15. Tag Management

15.1 Google Tag Manager

For transparency reasons, we inform you that we use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager itself does not collect or store any personal data. It is used solely to manage and deploy tags on our website. Tags are small code elements that can be used, for example, to measure traffic and visitor behavior, evaluate the effectiveness of online advertising and social media channels, enable remarketing and targeting, and test and optimize websites.

Google Tag Manager does not set cookies itself and does not access information stored on users’ devices. If cookies have been disabled at the browser or domain level, this setting will also be respected by Google Tag Manager.

Data processing via tags implemented through Google Tag Manager (e.g. Google Analytics) takes place only if the respective legal requirements are met, in particular if you have given your consent where required. Information on such processing can be found in the corresponding sections of this privacy policy.

Further information on Google Tag Manager can be found at:

https://marketingplatform.google.com/about/tag-manager/use-policy/

16. Advertising and Marketing Services

16.1 Google Ads

If you have given your consent, we use Google Ads, an online advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Ads enables us to place advertisements within Google’s search network, display banner ads on third-party websites within the Google Display Network, and use remarketing functions to draw attention to our offers. This allows us, for example, to combine advertisements with specific search terms or to show ads for products and services that you have previously viewed on our websites.

16.1.1 Interest-based advertising and remarketing

For the purpose of displaying interest-based advertising, Google analyzes user behavior. This analysis is carried out using cookies that are set by Google when you click on an advertisement or visit our website.

Through this process, Google and we receive information that you clicked on an ad and were redirected to our website. This allows us to evaluate the effectiveness of individual advertising measures, for example by determining which ads or search terms have led users to our website.

In addition, remarketing lists enable us to address users who have previously visited our website and to optimize our search and display campaigns accordingly.

16.1.2 Data processed

In the context of Google Ads, the following data may be processed in particular:

• information that you clicked on a Google ad
• information about your visit to our website after clicking an ad
• cookie identifiers
• IP address
• information about your browser and device
• interaction data related to advertisements

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s servers. We have no influence on the scope and further use of the data collected by Google and therefore inform you based on our current state of knowledge.

If you are logged into a Google account, Google may associate your visit with your user account. Even if you are not registered with Google or not logged in, it is possible that Google may obtain and store your IP address.

16.1.3 Recipients and transfer to third countries

The recipient of the data is Google Ireland Limited as a processor.

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.

A transfer of personal data to the United States cannot be ruled out. Please note that the level of data protection in the USA does not correspond to that of the EU or the EEA.

Personal data is transferred to the USA only if you have given your consent to the use of Google Ads.

16.1.4 Legal basis and revocation

The processing of your personal data in connection with Google Ads is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

You may revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.

If you do not wish this processing to take place, you can also prevent the storage of cookies required for these technologies by adjusting your browser settings. Please note that this may limit the functionality of this and other websites.

16.1.5 Further information and opt-out options

Further information on data protection in the context of Google Ads can be found at:

https://policies.google.com/technologies/ads

You also have the option to manage or deactivate interest-based advertising by Google via Google’s ad settings:

https://adssettings.google.com/authenticated

Alternatively, you can disable the use of cookies by third parties via the Network Advertising Initiative:

https://optout.networkadvertising.org/

 

16.2 Google Marketing Platform

If you have given your consent, we use the Google Marketing Platform, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The Google Marketing Platform enables the placement and optimization of digital advertising campaigns. For this purpose, cookies may be stored on your device. Your browser receives a pseudonymous identification number (ID), which is used to determine which advertisements can be displayed to you and which advertisements have been accessed.

The information generated by these cookies is usually transmitted to a Google server in the United States and stored there for evaluation.

16.2.1 Purposes of processing

The processing of data via the Google Marketing Platform serves the following purposes:

• display of interest-based advertising
• analysis and optimization of advertising campaigns
• measurement of advertising effectiveness

16.2.2 Data processed

In the context of the Google Marketing Platform, the following data may be processed in particular:

• pseudonymous cookie identifiers
• information about displayed and accessed advertisements
• information about your interaction with advertisements
• IP address
• browser and device information

16.2.3 Recipients and transfer to third countries

The recipient of the data is Google Ireland Limited as a processor.

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.

It cannot be ruled out that Google LLC, headquartered in California, USA, and, where applicable, US authorities may access the data stored by Google.

A transfer of personal data to the United States may therefore occur. Please note that the level of data protection in the USA does not correspond to that of the EU or the EEA.

Personal data will only be transferred to the USA if you have given your consent to the use of the Google Marketing Platform.

16.2.4 Storage period

The data processed via the Google Marketing Platform is deleted as soon as it is no longer required for the purposes of advertising evaluation and optimization, unless statutory retention obligations apply.

16.2.5 Legal basis and revocation

The processing of personal data in connection with the Google Marketing Platform is carried out exclusively on the basis of your consent pursuant to:

• Art. 6(1)(a) GDPR, and
• Section 25(1) TTDSG.

You may revoke your consent at any time with effect for the future via the cookie settings.
The lawfulness of the processing carried out up to the time of revocation remains unaffected.

16.2.6 Further information

Further information on data protection at Google can be found at:

https://policies.google.com/

18. Video Conferencing Tools

18.1 Microsoft Teams

We use Microsoft Teams, a web conferencing tool provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).

18.1.1 Purpose and legal basis of processing

Personal data provided by you is processed solely for the purpose of conducting internal and external video conferences.

• If the video conference is conducted in the context of an existing or prospective contractual relationship, the legal basis for processing is Art.6(1(b) GDPR.

• If no contractual relationship exists, the processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in effective communication and collaboration with the parties involved.

Providing your personal data is necessary to participate in video conferences via Microsoft Teams. If you do not provide this data, participation is unfortunately not possible.

Automated decision-making within the meaning of Art. 22 GDPR does not take place.

18.1.2 Recipients

Personal data processed in connection with the use of Microsoft Teams is generally not disclosed to third parties unless disclosure is expressly intended or required for the purpose of conducting the video conference.

18.1.3 Transfer to third countries

Microsoft processes personal data partly in the United States.

The transfer of personal data to the USA is based on the EU Standard Contractual Clauses (SCCs).

Further information on Microsoft’s use of EU Standard Contractual Clauses can be found at:

https://learn.microsoft.com/compliance/regulatory/offering-eu-model-clauses

Please note that the level of data protection in the USA may not correspond to that of the EU or the EEA.

18.1.4 Further information

Further information on data processing by Microsoft can be found in Microsoft’s privacy policy:

https://www.microsoft.com/privacy/privacystatement

19. Social Media

19.1 General Information

We maintain presences on various social media platforms in order to communicate with interested parties, customers and users, and to provide information in a fast and effective way. Details on the individual social media platforms we use can be found in the following sections of this privacy policy.

When you visit our social media presences or interact with content linked to our website, personal data may be processed. As a rule, this data is used for market research and advertising purposes. This may include, in particular, assigning your visit to your user account on the respective social network or associating it via cookies stored on your device or your IP address.

Based on this data, user profiles may be created and interests inferred. This enables the display of interest-based advertising both within and outside the respective social media platform. In this context, cookies or similar technologies may be used.

Please note that we generally have no influence on the scope and further use of the data processed by the operators of the social media platforms.

19.1.2 Purposes of processing

The processing of data in connection with our social media presences serves the following purposes:

• communication and interaction with users
• provision of information about our company and services
• analysis of reach and interaction
• display of interest-based advertising

19.1.3 Legal basis

If you have not given consent on the respective platform, the processing of personal data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in effective communication, public relations and marketing.

If you have given consent on the respective social media platform, the processing is based on your consent pursuant to Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on your end device.

You may revoke your consent at any time with effect for the future. The lawfulness of the processing carried out until the time of revocation remains unaffected.

19.1.4 Joint controllership

The data processing operations carried out in connection with visits to our social media presences constitute joint controllership between us and the operator of the respective social media platform within the meaning of Art. 26 GDPR, insofar as the purposes and means of the processing are jointly determined.

Joint responsibility is limited to those processing operations over which we and the platform operator jointly decide. Further processing operations carried out independently by the platform operator are the sole responsibility of that operator.

You may assert your data subject rights both against us and against the operator of the respective social media platform.

19.1.5 Data deletion and cookies

If you revoke your consent, request deletion of your data, or if the purpose for data storage no longer applies, we will delete the data processed by us, unless statutory retention obligations prevent deletion.

Cookies stored on your device remain there until you delete them yourself via your browser settings.

19.1.6 Transfer to third countries

Please note that your data may also be processed outside the European Union or the European Economic Area. In such cases, there may be a risk that your rights as a data subject cannot be enforced to the same extent as within the EU.

 

19.2 LinkedIn (Link, Plugins and Insight Tag)

Our website uses services of the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

19.2.1 LinkedIn link

Our website contains a link to our presence on LinkedIn.

When you click on the LinkedIn link, you are redirected to the LinkedIn platform.

No personal data is transmitted to LinkedIn merely by visiting our website.

Data processing by LinkedIn only takes place once you access the LinkedIn platform and is governed exclusively by LinkedIn.

We have no influence on the scope or further use of the data processed by LinkedIn.

19.2.2 LinkedIn plugins (Share / Recommend buttons)

If you have given your consent, our website uses LinkedIn plugins such as the “Share” or “Recommend” button.

When you visit a page that contains such a plugin, a direct connection is established between your browser and LinkedIn’s servers. LinkedIn receives information that you have visited our website, including your IP address.

If you are logged into your LinkedIn account and interact with a plugin, LinkedIn may associate your visit to our website with your LinkedIn user account.

If you wish to prevent this, please log out of your LinkedIn account before visiting our website.

We have no influence on the scope of the data collected by LinkedIn via the plugins or on how this data is further processed.

19.2.3 LinkedIn Insight Tag

If you have given your consent, we use the LinkedIn Insight Tag, which enables us to analyze the effectiveness of our campaigns, retarget website visitors and gain aggregated insights into our website audience.

The Insight Tag may collect, in particular:

• IP address
• timestamp
• page events (e.g. page views)
• device and browser information
• referrer URL

LinkedIn does not provide us with personally identifiable information, but only with aggregated reports on website audiences and ad performance.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Opt-out option:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

19.2.4 Legal basis and revocation

The processing of personal data in connection with LinkedIn services is carried out only if you have given your consent pursuant to:

• Art. 6(1)(a) GDPR, and

• Section 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on your end device.

You may revoke your consent at any time with effect for the future via the cookie settings.
The lawfulness of the processing carried out until the time of revocation remains unaffected.

19.2.5 Transfer to third countries

According to LinkedIn, personal data may be transferred to countries outside the European Union or the European Economic Area, in particular to the United States.

The transfer is based on the EU Standard Contractual Clauses (SCCs).

Further information can be found at:

https://www.linkedin.com/legal/l/eu-sccs

19.2.6 Further information

Further information on the LinkedIn Insight Tag can be found at:

https://www.linkedin.com/help/linkedin/answer/65521

LinkedIn’s privacy policy is available at:

https://www.linkedin.com/legal/privacy-policy

Additional information on LinkedIn marketing solutions and GDPR can be found at:

https://www.linkedin.com/help/linkedin/answer/87150

 

19.3 Facebook Plugins (Like and Share Buttons)

If you have given your consent, this website uses Facebook plugins (such as the “Like”, “Share” or “Send” buttons), which are operated by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

When you visit a page on our website that contains a Facebook plugin, a direct connection is established between your browser and Facebook’s servers. Through this connection, Facebook receives information that you have visited our website, including your IP address.

If you are logged into your Facebook account and interact with the plugin (e.g. by clicking the “Like” or “Share” button), Facebook may associate your visit to our website with your Facebook user account. If you wish to prevent this association, please log out of your Facebook account before visiting our website.

We have no influence on the scope of the data collected by Facebook via the plugins or on how Facebook uses this data.

19.3.1 Joint controllership

The use of Facebook plugins constitutes joint controllership between us and Facebook within the meaning of Art. 26 GDPR, insofar as the collection and transmission of personal data via the plugin are concerned.

Joint responsibility is limited to those processing operations for which the purposes and means are jointly determined, namely the collection of personal data and its transmission to Facebook via the plugin.

If you wish to assert your data subject rights, you may do so directly with Facebook. If you assert your rights against us, we are obliged to forward your request to Facebook.

The agreement on joint controllership can be viewed here:

https://www.facebook.com/legal/controller_addendum

19.3.2 Legal basis and revocation

The processing of personal data in connection with Facebook plugins is carried out only with your consent pursuant to:

• Art. 6(1)(a) GDPR, and

• Section 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on your end device.

You may revoke your consent at any time with effect for the future via the cookie settings.

The lawfulness of the processing carried out until the time of revocation remains unaffected.

19.3.3 Transfer to third countries

According to Facebook, personal data may also be transferred to countries outside the European Union or the European Economic Area, in particular to the United States.

The transfer of data to third countries is based on the EU Standard Contractual Clauses (SCCs).

Further information can be found at:

https://www.facebook.com/legal/EU_data_transfer_addendum

Please note that the level of data protection in third countries may not correspond to that of the EU or the EEA.

19.3.4 Further information

Facebook’s privacy policy can be found at: 

https://www.facebook.com/privacy/explanation

A detailed overview of Facebook plugins is available at:

https://developers.facebook.com/docs/plugins/

 

19.4 Twitter / X (Link and Plugins)

Our website contains a link to our presence on the social network Twitter / X, operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter” / “X”).

19.4.1 Twitter / X link

When you click on the Twitter/X link on our website, you are redirected to the Twitter/X platform.

No personal data is transmitted to Twitter/X merely by visiting our website.

Data processing by Twitter/X only takes place once you access the platform and is governed exclusively by Twitter/X. We have no influence on the scope or further use of the data processed by Twitter/X.

19.4.2 Twitter / X plugins (Like, Retweet and Share buttons)

If you have given your consent, our website uses Twitter/X plugins such as “Like”, “Retweet” or “Share” buttons.

When you visit a page on our website that contains such a plugin, a direct connection is established between your browser and Twitter/X servers. Twitter/X thereby receives information that you have visited our website, including your IP address.

If you are logged into your Twitter/X account and interact with the plugin, Twitter/X may associate your visit to our website with your user account.

If you wish to prevent this association, please log out of your Twitter/X account before visiting our website.

We have no influence on the scope of the data collected by Twitter/X via the plugins or on how this data is further processed.

19.4.3 Legal basis and revocation

The processing of personal data in connection with Twitter/X is carried out only if you have given your consent pursuant to:

• Art. 6(1)(a) GDPR, and

• Section 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on your end device.

You may revoke your consent at any time with effect for the future via the cookie settings.

The lawfulness of the processing carried out until the time of revocation remains unaffected.

19.4.4 Transfer to third countries

According to Twitter/X, personal data may be transferred to countries outside the European Union or the European Economic Area, in particular to the United States.

The transfer of personal data to third countries is based on the EU Standard Contractual Clauses (SCCs).

Further information can be found at:

https://gdpr.x.com/en/controller-to-controller-transfers.html

19.4.5 Further information

Twitter/X privacy policy:

https://twitter.com/privacy

 

19.5 XING (Link and Share Button)

Our website contains a link to our presence on the social career network XING, operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”).

19.5.1 XING link

When you click on the XING link on our website, you are redirected to the XING platform.

No personal data is transmitted to XING merely by visiting our website.

Data processing by XING only takes place once you access the XING platform and is governed exclusively by XING.

We have no influence on the scope or further use of the data processed by XING.

19.5.2 XING Share Button

If you have given your consent, this website uses the XING Share Button operated by New Work SE.

When you visit a page that contains the XING Share Button, a direct connection is established between your browser and XING’s servers in order to provide the share functionality (e.g. displaying the share counter).

According to XING, no personal data (such as IP addresses) is stored or analyzed in connection with the use of the Share Button.

We do not receive any information about the content of the data transmitted to XING or its further use.

19.5.3 Legal basis and revocation

The processing of personal data in connection with XING is carried out only if you have given your consent pursuant to:

• Art. 6(1)(a) GDPR, and

• Section 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on your end device.

You may revoke your consent at any time with effect for the future via the cookie settings.

The lawfulness of the processing carried out until the time of revocation remains unaffected.

19.5.4 Further information

Further information on data processing by XING can be found at:

https://privacy.xing.com/
https://www.xing.com/app/share?op=data_protection

20. Fonts and Visual Assets

20.1 Google Fonts

This website uses Google Fonts for the integration of external fonts. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The fonts are integrated locally on our own servers. As a result, no direct connection to Google’s servers is established when you visit our website, and no personal data is transmitted to Google in connection with the use of Google Fonts.

The use of Google Fonts serves the purpose of ensuring a uniform and visually appealing presentation of our website.

20.1.1 Legal basis

The legal basis for the use of locally hosted Google Fonts is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Our legitimate interest lies in the uniform and consistent display of fonts and icons on our website.

 

20.2 Font Awesome

Our website uses web fonts from Font Awesome to ensure a consistent display of fonts and icons.

The fonts are integrated locally on our own servers. As a result, no direct connection to the servers of the provider is established when you visit our website and no personal data is transmitted.

The use of Font Awesome serves the purpose of a uniform and visually consistent presentation of our website.

20.2.1 Legal basis

The legal basis for the use of locally hosted Font Awesome fonts is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Our legitimate interest lies in the uniform presentation of fonts and icons.

21. Consent Management (Cookie Banner)

We use a consent management tool to obtain, manage, and document legally required consent declarations.

The cookie banner enables us to obtain and store consent declarations required for data processing by certain applications or cookies in accordance with legal requirements. The use of the consent management tool and the cookies set by it are technically necessary for the legally compliant operation of our website.

Data processed:

• date and time of the visit
• device information
• browser information
• anonymized IP address
• consent and revocation (opt-in / opt-out) data

21.1 Legal basis and storage period

The legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Our legitimate interest lies in fulfilling legal obligations.

Consent declarations are stored until revoked.

Proof of revocation is generally stored for three years.

22. Data Transfer and Recipients

As a rule, your personal data is not transferred to third parties, unless:

• we are legally obliged to do so,
• the transfer is necessary for the performance of a contractual relationship, or
• you have given your explicit consent.

External service providers receive personal data only to the extent necessary and act as processors pursuant to Art. 28 GDPR.

23. Data Processing Outside the EU / EEA

We generally process personal data within the European Union or the European Economic Area.

If, in individual cases, data is processed outside the EU / EEA, we ensure an adequate level of data protection before the transfer, for example by:

• EU Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• equivalent legally recognized safeguards

24. Data Security

We have implemented extensive technical and organizational measures to protect personal data against accidental or intentional manipulation, loss, destruction, or unauthorized access.

Our security measures are regularly reviewed and adapted to technological developments.

25. Links to Other Websites

Our websites may contain links to other providers' websites.

This privacy policy applies exclusively to the websites of catworkx GmbH and catworkx AG (Germany, Austria & Switzerland).

We have no influence over, and do not control, whether external providers comply with applicable data protection regulations.