Data Privacy Policy

Processing of (personal) data by the website operator (Personio)

1. General information

This website is provided by the company Personio GmbH, a business with headquarters in Germany that offers human resource and applicant management software (https://www.personio.com/legal-notice/). We provide you with this data privacy policy to inform you of how we handle your personal data collected on this website.

2. Data controller

The controller under data protection law is:
Personio GmbH
Rundfunkplatz 4
80335 München
Phone: +49 / 89 1250 1005
Commercial register entry number: HRB 213189
Registration Court: Amtsgericht München (Munich Local Court)
Data Protection Officer contact: datenschutz@personio.de

3. Access and activity logs (“server logs”)

Each access to this website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual.
Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is section 15 subsection 1 of the German Telemedia Act (TMG), as well as article 6 (1) f of the GDPR.
Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web.
These access logs are stored for a period of up to 7 days. There is no right to object to this.

4. Error-Logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is section 15 subsection 1 of the German Telemedia Act (TMG), as well as article 6 (1) f) of the GDPR.
When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected.
These error logs are stored for a period of up to 7 days. There is no right to object to this.

5. Use of cookies

So-called cookies are used on parts of this website. They are small text files which are stored on the device with which you access this website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”).
Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

6. Use of third-party provider tools

In order to provide and continuously improve our services, we are using the services of the following third-party providers which may also process personal data. These third-party providers have been selected diligently and in line with the requirements of the GDPR.

a. Google

Unless otherwise stated in the data privacy policy, the operator of all Google services mentioned here is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

i. Google Maps

This website incorporates the API service “Google Maps” in order to be able to depict geographical information. The use of Google Maps makes it possible for Google to collect, process and use data on your use of the service.
You can find further information on the processing of your data by Google at the Google data privacy information.

ii. Google Tag Manager

This website uses the service “Google Tag Manager”. The tag manager is a tool for
managing so-called tags that are used during tracking in online marketing. In doing so, the tag manager does not process any personal data, since it merely serves to manage other services – e.g., Google Analytics, etc.
You can find further information on the tag manager at: https://www.google.com/intl/de/tagmanager/use-policy.html

iii. Google Analytics

This website uses the service “Google Analytics”. The operator of this service is the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Google Analytics is a web analysis service, and, by placement of cookies and the information acquired by this, it enables us to make inferences about user behavior on our website. The information generated by the cookies is sent to a Google server in the USA and stored there.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service derives from the fact that we must be able to analyze and optimize the use of our website.
Moreover, Google is certified under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), and hence it ensures compliance with European data protection law.
Our website uses the service Google Analytics on an exclusively pseudonymous basis. Your IP address is only recorded in abbreviated form and is hence anonymized.

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.
Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there. 

iv. Google Audiences / Remarketing

This website uses the service “Google Audiences”. The purpose of this service is to display advertising to users based on their interests. This requires conducting an analysis of website use, which is carried out using cookies. In this process, the cookies store anonymized or pseudonymized data regarding the use of the website. No personal data is stored. If you visit additional websites that also use these services, then you will be shown advertising that matches your previous interests. It is possible that in this process your data will be transferred to the USA. Google is certified under the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in using this service is based on sending advertising to the website’s users in a targeted manner.
You can find further information at https://www.google.com/privacy/ads/

https://www.google.com/privacy/ads/

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.
Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

v. Google AdWords

This website uses the service “Google AdWords”. The purpose of this service is so-called conversion tracking, i.e., we can detect what happened after you clicked on our advertisements. Cookies are placed for this purpose, but they are only valid for a limited time and do not contain any personal data. Hence an individual identification of the user is not possible.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in using this service is based on analyzing and optimizing the operation of our website.
You can find further information, together with Google’s data privacy statement at:
https://www.google.de/policies/privacy/

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.
Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

vi. Doubleclick by Google

This website uses the service “Doubleclick by Google”. This service uses cookies in order to show you advertisements that are relevant for you. This occurs over a pseudonymized identification number (pID), which is received by your browser and is assigned to it. The service can use this pID to detect which advertisements have already been shown to you and which have been called up. The cookies used for this purpose do not contain any personal data. Rather, the cookies are used to position advertisements that overlap with a website by enabling Google to identify the pages that you have visited. The information generated by the cookies is transferred by Google to a server in the USA for analysis and stored there. Google transfers data to third-parties only based on legal regulations or in the context of data processing assignments. By no means will Google collate your data with other data that Google has collected.
By using our website, you consent to the processing of your data by Google in accordance with the description and purposes stated. You can prevent the use of cookies using the appropriate settings in your browser. These settings however may make it impossible to use the website in an unrestricted manner.
You can find further information on data privacy at Google at this address: https://policies.google.com/technologies/ads?hl=en

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.
Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

vii. YouTube

This website uses the service “YouTube” to insert videos into the page. The operator of the software necessary for this purpose is the company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page with inserted YouTube videos, a link to YouTube servers is created. In this process, YouTube is notified of which pages you visit.

If you start a video, then the operator inserts cookies that collect data on user behavior.
You can find further information on data privacy at “YouTube” in the operator’s data privacy policy at: https://www.google.de/intl/de/policies/privacy/

b. Facebook

i. Custom Audiences

This website uses the service “Facebook Custom Audiences”. Facebook Custom Audiences is a service of the company Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; hereinafter “Facebook”). This service enables us to show the user advertising related to their interests on the social network – Facebook.
For this purpose we have implemented the Facebook Remarketing Tag on our website. When you visit the website, this tag creates a direct link with Facebook’s servers. This gives Facebook information on the pages that you have visited our website. Facebook then compares this with your Facebook user account. The next time that you visit Facebook, you will be shown customized advertisements – Facebook Ads – related with your interests.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in using this service is based on sending advertising to the website’s users in a targeted manner.
You can find further information in Facebook’s data privacy instructions: https://www.facebook.com/about/privacy/.
Facebook is Privacy-Shield-certified: https://m.facebook.com/about/privacyshield

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.

Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

ii. Connect

It is possible to sign up on this website using your Facebook Account.
Facebook Connect is an offering of Facebook, Inc. The use of Facebook Connect is subject to Facebook’s data privacy conditions and conditions for use.
If you use Facebook Connect, then your Facebook profile data and public data on Facebook are transferred to us from your Facebook profile. Furthermore, we can transfer data to your Facebook profile. Your transferred data are stored on our website and processed by us for the purpose of registration.
If you register on our website using Facebook Connect, then you consent to the transfer of profile data from your Facebook profile to us, as well as to the transfer of data on use of our website to Facebook. The data that are transferred are those that are publicly available data on your Facebook profile. We hereby notify you that if the data privacy conditions and conditions of use of Facebook change, then the “list of friends” of the Facebook profile owner could also be transferred if this list was marked as “public” in Facebook’s privacy settings.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service is to enable users to share content easily on Facebook.
You can find further information at: https://www.facebook.com/about/privacy/your-info-on-other

c. BingAds

This website uses the service “BingAds”. BingAds is a conversion and tracking service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft places cookies in the users’ devices that analyze the user behavior on our website. This presupposes that the user has reached our website through a BingAds advertisement. This only serves to provide use with information on the total number of users who have clicked on this type of advertisement. In this process, no IP addresses are stored, and no personal information on our users’ identity is shared.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service derives from the fact that we must be able to analyze and optimize the use of our website. You can find further information in Microsoft’s data privacy statement in: https://privacy.microsoft.com/de-de/privacystatement.
Microsoft is Privacy-Shield-certified: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.

Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

d. Zendesk

This website makes use of the Customer Relationship Management (CRM) service of the company Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in using this service is based on being able to respond quickly and efficiently to user queries.
Zendesk uses your data only for forwarding your queries to us. They are not forwarded to third parties. In order to use Zendesk, you must state at least a correct email address. The service can also be used on a pseudonymized basis. In the course of the processing of service queries, it may be necessary to collect further data (e.g., first name, last name, address, etc.).
The use of Zendesk is optional. If you do not consent to Zendesk collecting your data, then we offer you alternative contact options for submitting service queries by telephone or post.
You can find further information in Zendesk’s data privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.

e. Capterra

On this website we use Capterra for our online marketing activities. Capterra is operated by the company Capterra Inc., a software company with headquarters at 901 North Glebe Road, Suite 1010, Arlington, VA 22203, USA.
If you initiate a so-called conversion event on a Personio website (e.g., registration for a user account or requesting a product demo), then Capterra will place cookies that will be required for purposes of marketing and analysis and will send the information to the servers of Capterra Inc. that a conversion event has taken place. No personal data is transferred to the company Capterra Inc.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service derives from the fact that we must be able to assess the profitability of our Capterra marketing campaigns and also to optimize the use of our website.
You can find further information in Capterra’s data privacy policy: https://www.capterra.com/legal/privacy-policy

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.

Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

f. HubSpot

On this website we use HubSpot for our online marketing activities. HubSport is a software company from the USA with branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.
This is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:
Email marketing (newsletter, together with automated mailings, e.g., for provision of downloads), social media publishing & reporting, reporting (e.g., traffic sources, accesses, etc. …), contact management (e.g., user segmentation & CRM), landing pages and contact forms.
Our registration service enables visitors to our website to find out more about our company, to download contents and to provide their contact information, together with further demographic information. This information, together with the contents of our website are stored on the servers of our software partner HubSpot. We can use it to make contact with visitors to our website and to determine which of our company’s services are interesting for them. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures.
Moreover, we use the live chat service “messages” from HubSpot on some sub-pages to improve users’ experience on our website for the sending and receipt of notifications (round chat icon on the lower right edge of the screen). If you consent to and use this feature, then the following data are transferred to the HubSpot servers:
– Content of all chat messages sent and received
– Context information (e.g., page on which the chat was used)
– Optional: Email address of the user (if it is provided by the user via the chat feature)
The legal basis for the use of HubSpot’s services is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service is the optimization of our marketing measures and the improvement of our service quality on the website.
HubSpot is certified under the conditions of the “EU – U.S. Privacy Shield Framework” and it is subject to TRUSTe’s Privacy Seal, as well as the “U.S. – Swiss Safe Harbor” Framework.
More information on HubSpot’s data privacy provisions »
More information from HubSpot regarding to EU data protection provisions »
More information on the cookies used by HubSpot can be found here & here »

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.

Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

g. LinkedIn

We use the retargeting tool and the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose the LinkedIn Insight Tag is incorporated into our webpage. LinkedIn uses it to collect statistical, pseudonymized data from your visit and use of our website and to provide us with the corresponding aggregated statistics based on these. In this process, as a general rule, the following information, among others, in collected:

  • LinkedIn User ID (Cookie ID)
  • IP Address
  • Metadata of the website visit, such as, e.g., browser type, website visited

In addition, this information serves to be able to show you relevant offers and recommendations specific to your interests, after you have inquired on the website about certain services, information and offers. The information in this regard is stored in a cookie.

If you want to prohibit this tracking, then you can use the following link for that purpose: Opt-Out Link.

Note: If you use Personio’s German-language page – www.personio.de, then you must likewise carry out an opt-out in the data privacy policy presented there.

7. Forms

We use the service HubSpot to provide you with the following online forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively at our request. See data privacy policy on “HubSpot.”

a. Free offer of digital contents

In order to provide you with our downloadable content, we collect personal data from you. Below we explain these data.

  • Collected data: Email address, last name, first name, title, job title
  • Purpose of use: Customized sending of contents requested
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. The data is deleted after sending of the contents.
  • Legal basis: article 6 (1) b) GDPR

Option 1:
See data privacy policy on “Web demo.”

Option 2:
See data privacy policy on “Newsletter.”

b. Personio events

For planning and holding of events, the event sponsor requires the participant’s personal data. The participant grants consent to the processing and use of his data for the initiation, holding and follow-up on the event.

  • Collected data: Email address, last name, first name, title, job title, city
  • Purpose of use: Management of invitations by email, sending of registration confirmations by email, sending of reminders before the event by email, sending of further information or short-term modifications to the registered event participants, optimization of event planning, general contract initiation.
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. If we invite you to an event, then we will delete your data as soon as this data is no longer needed for organization and structuring of the event. In particular, however, we will promptly delete your data if we cannot invite you to an event. An exception to this applies if you have registered for our newsletter (optional).
  • Legal basis: article 6 (1) b) GDPR

Optional:
See data privacy policy on “Event alarm.”

c. Newsletter

If you subscribe to our newsletter, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties.

    • Collected data: Email address, first name, last name, title, job title
    • Purpose of use: Sending of the newsletter requested
    • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data. 
    • Legal basis: article 6 (1) a) GDPR – consent
    • Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to content@personio.de.

d. Webdemo

If you request an appointment for a web demo, then we use your data to contact you and coordinate together with you an appointment and to hold the appointment.

    • Collected data: Email address, last name, first name, telephone number, (business)
    • Purpose of use: Coordination and holding of the web demo, as well as preparation for and follow-up on the demo
    • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. The data are stored as long as is needed to prepare, hold and follow-up on the appointment. 
    • Legal basis: article 6 (1) b) GDPR

e. Event-Alarm

If you sign up for our event alarm, then we use your data to keep you up-to-date on planned events.

    • Collected data: Email address, last name, first name, title, job title, city
    • Purpose of use: Sending of the requested event alarm newsletters
    • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the event alarm newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data.
    • Legal basis: article 6 (1) a) GDPR – consent 

    Revocation: You can unsubscribe from our event alarm newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can revoke your consent at any time by sending an email to events@personio.de.

f. Webinars

If you register for a trial account, then we use your data to ensure that you receive the necessary information and to introduce you to the test account and the features of the software.

    • Collected data: Email address, last name, first name, telephone number
    • Purpose of use: Provision of the requested test account and explanation of the features of the software
    • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. After the expiry of the test phase your data is deleted, if you do not become a customer.
    • Legal basis: article 6 (1) b) GDPR

g. Test Account

Wenn Sie sich für einen Test Account anmelden, dann nutzen wir Ihre Daten, um Ihnen die erforderlichen Informationen zukommen zu lassen und Ihnen den Test Account sowie die Features der Software vorzustellen.

    • Collected data: Email address, last name, first name, telephone number
    • Purpose of use: Provision of the requested test account and explanation of the features of the software
    • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. After the expiry of the test phase your data is deleted, if you do not become a customer.
    • Legal basis: article 6 (1) b) GDPR

8. Rights of data subjects

If the company Personio GmbH processes personal data as data controller, then you as the data subject have certain rights derived from Chapter III GDPR, which depend on the legal basis and purpose of the processing. These rights include when relevant especially the right to information (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to cancellation (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), and the right to objection (Art. 21 GDPR). If the processing of personal data is based on your consent, then you have the right pursuant to Art. 7 III GDPR to revoke this consent granted under data protection law.
Please contact the Data Protection Officer of Personio GmbH (see Section 2) in order to assert you rights as data subject regarding the data processed for the operation of this website. Please be aware that you must contact the data controller directly to assert your rights as data subject derived from the processing by us, as data processor of our customers. We reserve the right not to respond to corresponding queries or to redirect them to the corresponding companies.
If Personio GmbH as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
Please contact the data protection officer of Personio GmbH to assert your rights with regards to the data processed for the operation of this software (see section 2). Please note that you must address yourself exclusively to the controller in order to assert your rights as a data subject from the processing of personal data by Personio as subprocessor on behalf of our customers. We reserve the right not to answer such questions or to pass them on to the controller of this data processing.
.

9. Right to lodge a complaint

We would hereby like to inform you that pursuant to article 77 GDPR you have the right to lodge a complaint with the supervisory authority if you believe that your personal data have been processed illegitimately by us.

10. Right to object

You can object to the use of your data by making use of the corresponding opt-outs.

11. Final clauses

Personio reserves the right to adjust this data privacy policy at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced or modifications are made on the website. In this case, the new data privacy statement applies to any later visit of this software.

Version 04-2019