III. Use of third-party providers
14. Online meetings and webinars with Zoom
To conduct online meetings, workshops and webinars, we use the provider "Zoom" of Zoom Video Communications, Inc. The processing of personal data of meeting participants takes place exclusively in data centers in the European Union. Personal data is not transferred to the USA or any other third country.
We have concluded an order processing agreement with "Zoom" that includes the EU standard contractual clauses. The data of meeting participants (specified name, specified email address, duration of participation in meetings) are stored for a maximum period of 12 months.
The legal basis for the use of Zoom is Art. 6 para. 1 lit. b DS-GVO. In the case of "open webinars", it is Art. 6 (1) lit. f DS-GVO. For more information on the processing of personal data at Zoom, please visit https://zoom.us/de-de/gdpr and https://zoom.us/de-de/privacy.html.
15. Use of Zammad as a ticket system
(1) We use the ticket system Zammad, a service provided by Zammad GmbH, Marienstraße 11, 10117 Berlin, to process customer inquiries. For this purpose, when you contact us data such as surname, first name, email address and, optionally, any attachment to the message sent to us via our website are recorded so that we can process your inquiry. Zammad GmbH stores the data processed for us in Germany.
(3) If you contact us by email, via the form or chat on the website, we will only use the personal data you provide for processing your specific request. The data provided will be treated confidentially. The data provided and the message history with our team will be stored for a period of six months for follow-up questions and subsequent contact. The data entered in the contact form will be processed on the basis of your consent (Art. 6 Section 1 a GDPR).
(4) We have concluded an agreement with Zammad GmbH. for contract data processing.
16. Use of Mailjet as a contract data processor
(2) Mailjet may use the recipient's data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the distribution and presentation of the newsletter or for statistical purposes. However, the distribution service does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
17. Use of Google Analytics
(1) This platform uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how visitors use the site. The information generated by the cookies about your use of this platform is usually transferred to a Google server in the USA and stored there. However, by anonymizing your IP address on this platform, Google will previously truncate your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the platform, to compile reports on website activity and to provide the website operator with further services associated with website and internet use.
(2) The (anonymized) IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.
(3) A detailed description of the cookies used in connection with the use of Google Analytics can be found here.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal reference can be ruled out. If any data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user by means of the statistics. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Section 1 f GDPR.
(6) Third party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
(7) This website also uses Google Analytics for a device-independent analysis of visitor flows that is carried out via a user ID. You can disable cross-device analysis of your usage in your Google Account under "My data", "Personal data".
(8) We have also concluded a contract data processing agreement with Google as a precaution - although no IP is transmitted to Google thanks to the anomyzeIP function
18. Use of Hotjar
(1) This website uses Hotjar, a web analysis tool provided to us by Hotjar Ltd, Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta (hereinafter "Hotjar Ltd.). Interactions of randomly selected individual visitors with the website are recorded anonymously. In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated (also anonymously) for statistical purposes. This creates a protocol of e.g. mouse movements and clicks, with the aim of pointing out possible improvements to the respective website. This information is not personal and will not be passed on by Hotjar to third parties.
(2) If you do not wish your data to be tracked, you can deactivate this function on all websites using Hotjar by setting the DoNotTrack header in your browser. You can find more information on the following website https://www.hotjar.com/opt-out
For information in German please see: http://www.akademie.de/wissen/do-not-track-datenschutz
(3) You can find a detailed description of the cookies used in connection with the use of Hotjar here.
(4) Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com
(5) We have also concluded a contract data processing agreement with Hotjar Ltd. as a precaution - although no IP is transmitted to Hotjar Ltd. thanks to anonymization.
19. Integration of YouTube videos
(1) We and almost all Starters have included YouTube videos in our online offer or campaign descriptions, which are stored at http://www.YouTube.com and can be played directly from our platform. YouTube is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). The videos are all integrated in the "extended data protection mode" or can be integrated by Starters in this way, and are additionally prevented from direct transfer to YouTube by an image file upstream of the video. This means that no data about you as a user will be transferred to YouTube if you do not play the videos. The data mentioned in Section 2 will only be transmitted if you play the videos. We have no influence on the data transfer to Google after the start of the video.
(2) Playing a YouTube video on our platform informs Google that you have accessed the corresponding sub-page of our platform. In addition, at least the data specified in 3. of this declaration will be transmitted. You can do this whether you're logged in to your Google Account or not, or even if you don't have a user account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish the data to be associated with your user profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (even for not logged in users) for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our platform. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration. It also provides you with more information about your rights and privacy settings: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
20. Integration of Vimeo videos
(1) We and/or a number of Starters use components of the provider Vimeo as an alternative to YouTube videos on our site. Vimeo is a service of Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. Each time you visit our website equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. If you access such a video on our platform while logged in to Vimeo, Vimeo uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account at Vimeo. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal Vimeo account and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. However, this is done by placing an image file in front of the video only if you click on the component.
21. Use of SoundCloud Plugins
(1) We use SoundCloud for the integration of audio material. SoundCloud is operated by SoundCloud Limited, headquartered at 33 St James Square, London SW1Y 4JS, UK.
Every time you visit our website that contains such a component, the component causes the browser you are using to download a corresponding representation of the SoundCloud component. If you start such an audio file on our platform while logged into SoundCloud, SoundCloud uses the information collected by the component to identify which specific page you are visiting and associate this information with your personal account on SoundCloud. For example, if you click the "Play" button and/or make comments, this information will be transferred to your personal SoundCloud account and stored there. In addition, the information that you have visited our site will be shared with SoundCloud. However, this is done by placing an image file in front of the audio file only if you click on the component.
22. Use of Spotify Plugins
(1) We use plugins from "Spotify" an audio streaming platform operated by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. For an overview of Spotify plugins, please visit: https://developer.spotify.com
(2) We use Spotify by embedding individual audio files from the platform on our website as a so-called iFrame, so that they can be played on our website as a stream. If you visit a subpage of our website on which a Spotify plugin is embedded and you click the "Play" button, a connection is established to the Spotify servers and the plugin is displayed within our website. Thereupon, this information is transmitted to your personal user account at Spotify and stored there. In addition, the information that you have visited our site is passed on to Spotify. For more information on data protection at Spotify, please visit https://www.spotify.com/de/legal/privacy-policy. The legal basis for the processing is Art. 6 para. 1 lit. f DS-GVO.
23. Login with Facebook
(1) We offer you the option of using your Facebook profile information from your Facebook account to authenticate you to Facebook on our website ("Facebook Connect").
(3) The legal basis for the transfer of data in connection with your use of Facebook Connect is the contractual basis with Facebook (Article 6 para. 1 sentence 1 lit. b GDPR) as well as supplementary consent within the framework of the express use of the Facebook Connect function (Article 6 para. 1 sentence 1 lit. a GDPR).
24. Login with Google
(1) We offer you the possibility to authenticate yourself with your Google account on our website ("Google Connect"). The registration takes place via a redirect to the website of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), where you can log in with your login.
(3) If you do not agree with this data exchange, you should not use the Google login. You can still log in directly via our website as usual.
(4) The legal basis for the transfer of data in connection with your use of Google is the contractual basis with Google (Article 6 (1) sentence 1 lit. b DS-GVO) and, in addition, the consent in the context of the express use of the Google function (Article 6 (1) sentence 1 lit. a DS-GVO).
25. Use of Cloudflare
CloudFlare is used as a so-called CDN ("Content Delivery Network") to secure this website and optimize loading times. For this reason, all requests relating to our platform are forcibly routed through their servers and consolidated into statistics that cannot be deactivated and stored in the European Union. The collected raw data is usually deleted within 4 hours, at the latest after 3 days. Here you will find information about the data collected there and about security & privacy at CloudFlare. We have concluded a corresponding agreement with Cloudflare (DPA, Data Processing Agreement). Cloudflare is a certified participant of the EU-US Privacy Shield Framework. Cloudflare is committed to handling all personal data held by European Union (EU) member states in accordance with the Privacy Shield Framework and its applicable principles. Further information about the Privacy Shield Framework can be found on the US Department of Commerce's Privacy Shield list at [https://www.privacyshield.gov]. The legal basis is Art. 6 Section 1 f GDPR.
26. Use of New Relic
(1) We use New Relic on our website to ensure robust technical platform operation. New Relic allows us to determine whether the website can be accessed and how quickly the page is displayed on your device when accessed. If your browser generates a technical error message, this is transmitted anonymously to New Relic.
(2) For this purpose, your browser connects to the domain bam-cell.nr-data.net operated by New Relic during your visit to Startnext. This transfers information such as your IP address and the type of browser you are using. No data like cookies are stored in the browser. All page views of all visitors are considered together, so that no identification of the actions of a single person is possible. You can find more information on data protection at: https://newrelic.com/termsandconditions/privacy. The legal basis is Art. 6 Section 1 f GDPR.
27. Use of Podigee (Podcast-Hosting)
(1) We use the Podcast Hosting service Podigee of the offerer Podigee UG, Am Walde 2, 56249 Herschbach, Germany. The Podcasts are hosted by Podigee or transferred over Podigee.
(2) The legal basis is Art. 6 Section 1 f GDPR (i.e. interest in a safe and efficient supply, analysis as well as optimization of our Podcast offer).
(3) Podigee processes IP addresses and device information to enable podcast downloads/reproductions and to determine statistical data, such as the number of downloads. This data is anonymised or pseudonymised before it is stored in the Podigee database, provided it is not required for the provision of the podcasts.
(4) Further information and possible objections can be found in Podigee's data protection declaration: https://www.podigee.com/de/about/privacy/.
28. Use of Risk.Ident
1) For our website we use the services of the IT security service provider Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Germany. All communication between us and Risk.Ident is solely for the purpose of avoiding fraudulent use of our websites.
(4) Data transmission: Furthermore, we transmit data to Risk.Ident if we become aware that a user has committed or attempted to commit fraud against us. Risk.Ident will be informed of this fact as well as the respective device-specific data of the user.