Data Privacy Policy

Processing of (personal) data by the website operator (Personio)

1. General information

This website is provided by the company Personio GmbH, a business with headquarters in Germany that offers human resource and applicant management software (https://www.personio.com/legal-notice/). We provide you with this data privacy policy to inform you of how we handle your personal data collected on this website.

2. Data controller

The controller under data protection law is:
Personio GmbH
Rundfunkplatz 4
80335 München
Phone: +49 / 89 1250 1005
Commercial register entry number: HRB 213189
Registration Court: Amtsgericht München (Munich Local Court)
Data Protection Officer contact: datenschutz@personio.de

3. Access and activity logs (“server logs”)

Each access to this website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual.

Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is section 15 subsection 1 of the German Telemedia Act (TMG), as well as article 6 (1) f of the GDPR.

Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web.

These access logs are stored for a period of up to 7 days. There is no right to object to this.

4. Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is section 15 subsection 1 of the German Telemedia Act (TMG), as well as article 6 (1) f) of the GDPR.

When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected.

These error logs are stored for a period of up to 7 days. There is no right to object to this.

5. Use of cookies

So-called cookies are used on parts of this website. They are small text files which are stored on the device with which you access this website. Different categories of cookies are used:

  • Essential cookies are necessary for ensuring the core functionality of our website
  • Functional cookies are cookies that are used for tracking user behaviour on our website to improve the functionality of our website
  • Marketing cookies are cookies we are using for serving interest-based ads
  • External media cookies: These cookies serve the purpose of displaying external media (such as videos or maps)

The legal basis for the use of essential cookies is Art. 6 (1) (f) GDPR -a legitimate interest. Our legitimate interest for the usage of these cookies is providing a functioning website.

The legal basis for the usage of the other cookies is Art. 6 (1) (a) GDPR — your consent. Without your consent no non-essential cookies will be set. You can withdraw your consent anytime with effect for the future here. Alternatively, you can deactivate all non-essential cookies using this Opt-Out-Link.

6. Use of third-party provider tools

In order to provide and continuously improve our services, we are using the services of the following third-party providers which may also process personal data. These third-party providers have been selected diligently and in line with the requirements of the GDPR.

a. Google

Unless otherwise stated in the data privacy policy, the operator of all Google services mentioned here is Google Ireland Limited,Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

i. Google Maps

This website incorporates the API service “Google Maps” in order to be able to depict geographical information. The use of Google Maps makes it possible for Google to collect, process and use data on your use of the service.  By using Google Maps, information about the use of this website including your IP address and the (start) address entered in the route planner function can be transmitted to Google in the USA.  The map content is transmitted by Google directly to your browser and integrated by it into the website. Personio has no influence on the scope of the data collected by Google in this way. Personio also has no influence on the further processing and use of the data by Google. We have no influence and therefore cannot accept any responsibility for this.You can find further information on the processing of your data by Google at the Google data privacy information.

The following data is collected and processed:

  • IP addresses
  • Location information
  • Usage data
  • Date and time of visit
  • URLs

The legal basis for this data processing is your consent according to Art. 6 (1)(a) GDPR.If you do not want Google to collect, process or use data about you via our website, you can refuse your consent or withdraw it at any time with effect for the future. 

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Maps. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

ii. Google Tag Manager 

This website uses the service “Google Tag Manager”. The tag manager is a tool for managing so-called tags that are used during tracking in online marketing. In doing so, the tag manager does not process any personal data, since it merely serves to manage other services – e.g., Google Analytics, etc. 

You can find further information on the tag manager at: https://www.google.com/intl/de/tagmanager/use-policy.html

iii. Google Analytics

This website uses the service “Google Analytics”. The operator of this service is the company Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics is a web analysis service, and, by placement of cookies and the information acquired by this, it enables us to make inferences about user behavior on our website.  The information generated by the cookies is sent to a Google server in the USA and stored there. Our website uses the service Google Analytics on an exclusively pseudonymous basis. Your IP address is only recorded in abbreviated form and is hence anonymized.

The following data is collected and processed:

  • IP-Addresses (anonymized)
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Pages visited
  • Referrer URL
  • Downloads
  • Flash-version
  • Location information
  • Purchase activity
  • Widget interactions
  • Date and time of visit

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR.. If you do not want Google Analytics to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Analytics. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

iv. Google Audiences / Remarketing

This website uses the service “Google Audiences/Remarketing”. The operator of this service is the company Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The purpose of this service is to display advertising to users based on their interests. This requires conducting an analysis of website use, which is carried out using cookies. In this process, the cookies store anonymized or pseudonymized data regarding the use of the website.  If you visit additional websites that also use these services, then you will be shown advertising that matches your previous interests. You can find more information at https://www.google.com/privacy/ads/

The following data is collected and processed:

  • Pages visited
  • IP Addresses
  • Duration of visit
  • Other data on use of websites
  • Content user is interested in

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Google Audiences to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Audiences. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

v. Google Ads (formerly GoogleAdwords) and Google Ads Conversion Tracking

This website uses the service “Google AdWords”. The operator of this service is the company Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The purpose of this service is so-called conversion tracking, i.e., we can detect what happened after you clicked on our advertisements. Cookies are placed for this purpose, but they are only valid for a limited time.

The following data is collected and processed:

  • Cookie-ID
  • Visited Pages
  • IP Addresses
  • Duration of visit
  • Usage data
  • Content user is interested in
  • Clicked Ads
  • Web requests
  • Cookie information
  • Referrer URL
  • Browser language
  • Browser type

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Google Ads to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Ads. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

vi. YouTube

This website uses the service “YouTube” to insert videos into the page. The operator of the software necessary for this purpose is the company Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. 

The integration of YouTube content is carried out in “extended privacy mode”. This ensures that YouTube does not initially store cookies on your device. As a result, YouTube no longer stores any information about visitors until you watch the video.

When you click on the video, your IP address is sent to YouTube, which tells YouTube that you have watched the video. If you are logged in to YouTube, this information is also associated with your account. This can be prevented by logging out of YouTube before viewing the video.

Accordingly, the following data can be collected and processed:

  • IP Addresses
  • Referrer URL
  • Device Information
  • Watched videos

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want YouTube to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by YouTube. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

vii. Google Web Fonts

On this website the service Google Web Fonts is used. The service is provided by Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.  Google Web Fonts enables us to load and display external fonts, so-called Google Fonts, on our website. Google Web Fonts is locally integrated on our website. This means that the fonts are not loaded from Google servers. 

In the context of processing via Google Web Fonts, the following personal data is collected and processed:

  • IP address

The legal basis for this processing is Art. 6 (1)(f) GDPR — a legitimate interest. Our legitimate interest in the processing is to present the website in an attractive and user-friendly manner. Local hosting ensures that no data is transferred to Google, and no data transfer takes place. 

Personal data is stored for as long as it is necessary to fulfill the purpose of processing. The data is deleted as soon as it is no longer required for the purpose.

b. Facebook Custom Audiences and Facebook Pixel

This website uses the service “Facebook Custom Audiences”. For this service Facebook-Pixel is used. Operator of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. This service enables us to show the user advertising related to their interests on the social network – Facebook.

For this purpose we have implemented the Facebook Remarketing Tag on our website. When you visit the website, this tag creates a direct link with Facebook’s servers. This gives Facebook information on the pages that you have visited our website. Facebook then compares this with your Facebook user account. The next time that you visit Facebook, you will be shown customized advertisements – Facebook Ads – related with your interests. You can find further information in Facebook’s data privacy instructions: https://www.facebook.com/about/privacy/.

The following data is collected and processed:

  • Facebook-User-ID
  • IP Addresses
  • Browser information
  • Non-sensitive custom data
  • Facebook cookie information
  • Referrer URL
  • Pixel specific data
  • Pixel ID
  • Social media friend network
  • Usage Data
  • Views and interactions with content and ads
  • Viewed content
  • Device information
  • Success of marketing campaigns
  • transaction information
  • Hardware/software type
  • Browser type
  • Device operating system
  • Location
  • Cookie ID
  • Information from third party sources
  • User agent
  • Conversion

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Facebook to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Facebook Ireland Limited :

  • Facebook Inc.

Data may be transferred to the USA as part of processing by Facebook. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

c. BingAds

This website uses the service “BingAds”. BingAds is a conversion and tracking service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft places cookies in the users’ devices that analyze the user behavior on our website. This presupposes that the user has reached our website through a BingAds advertisement. This only serves to provide use with information on the total number of users who have clicked on this type of advertisement. In this process, no IP addresses are stored, and no personal information on our users’ identity is shared. You can find further information in Microsoft’s data privacy statement in: https://privacy.microsoft.com/de-de/privacystatement.

The following data is collected and processed:

  • Engagement metrics
  • Number of visits
  • Bounce rates
  • Microsoft Click ID
  • Digital signature
  • UET ID tag
  • URLs
  • Referrer URL
  • Page title
  • Conversions
  • Screen height
  • Screen width
  • Browser language setting
  • Duration of visit
  • Screen color depth
  • Page response times
  • Clicked Advertisement

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Microsoft to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Microsoft. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

d. Zendesk

On this website we are using the Customer Relationship Management (CRM)  “Zendesk”. Operator of this service is the company Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. Zendesk is used to integrate contact forms and forward your requests to us. The use of Zendesk is optional. If you do not agree to Zendesk collecting your information, we offer alternative ways to contact you to submit service requests by phone or mail. To use Zendesk, you must provide at least one correct e-mail address. The service can also be used pseudonymously. Your data will not be passed on to any additional third parties. More information about the data processing of Zendesk can be found here

In addition, Zendesk sets cookies. These cookies are cookies that are technically necessary to ensure the technical functionality of the website and to protect the website from bot-driven attacks. 

Regarding the contact forms the following data can be collected and processed:

  • E-mail addresses
  • Names
  • Addresses

Regarding the cookies the following data can be collected and processed:

  • IP Adresses

If the data collected via contac forms is used to provide contractual services to data subjects, the legal basis for processing is Art. 6 (1)(b) GDPR . Furthermore, Art. 6 (1)(a) GDPR serves as legal basis, provided that you have consented to the data processing.

The data processing that takes place via the cookies is based on art. 6 (1)(f) GDPR — a legitimate interest. Our legitimate interest is that we must ensure the functionality and security of our website.

The personal data will be stored for as long as they are required to fulfil the purpose of processing. The data will be deleted as soon as they are no longer required for the purpose.

Data may be transferred to the USA as part of processing by Zendesk. The security of the transmission of data is secured via so-called standard contractual clauses and binding corporate rules. If these standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, Art. 49 (1)(a) GDPR can serve as a legal basis. Please note the reference to the risk of data transfer to an unsafe country under sub-item “7. Forms”.

e. Capterra

On this website we use Capterra for our online marketing activities. Capterra is operated by the company Capterra Inc., a software company with headquarters at 901 North Glebe Road, Suite 1010, Arlington, VA 22203, USA.

If you initiate a so-called conversion event on a Personio website (e.g., registration for a user account or requesting a product demo), then Capterra will place cookies that will be required for purposes of marketing and analysis and will send the information to the servers of Capterra Inc. that a conversion event has taken place. More information about Capterra’s Privacy Policy. can be found here

The following data is collected and processed

  • IP Addresses
  • Data about Conversion Events

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Capterra to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Capterra. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

f. HubSpot

On this website we use HubSpot for different purposes. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages and contact forms. 

Our registration service enables visitors to our website to find out more about our company, to download contents and to provide their contact information, together with further demographic information. This information, together with the contents of our website are stored on the servers of our software partner HubSpot. We can use it to make contact with visitors to our website and to determine which of our company’s services are interesting for them. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures. 

More information about the Privacy Policy can be found here.
More information about Hubspots  regarding the EU-Data Protection Regulations can be found here.

More Information about HubSpots Cookies can be found here and here.
As part of the optimization of our marketing activities, Hubspot may collect and process the following data:

  • Geographical position
  • Browser type
  • Navigation information
  • Reference URL
  • Performance data
  • Information about how often the application is used
  • Mobile apps data
  • HubSpot subscription service credentials
  • Files that are displayed on site
  • Domain names
  • Viewed pages
  • Aggregated use
  • Version of the operating system
  • Internet service provider
  • IP address
  • Device identification
  • Duration of the visit
  • Where the application was downloaded from
  • Operating system
  • Events that occur within the application
  • Access times
  • Clickstream data
  • Device model and version

We also use HubSpot’s contact forms. More information about this can be found at 7. of this Privacy Policy

Moreover, we use the live chat service “messages” from HubSpot on some sub-pages to improve users’ experience on our website for the sending and receipt of notifications (round chat icon on the lower right edge of the screen). If you consent to and use this feature, then the following data are transferred to the HubSpot servers:

– Content of all chat messages sent and received

– Context information (e.g., page on which the chat was used)

– Optional: Email address of the user (if it is provided by the user via the chat feature)

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Hubspot. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, Art. 49 (1)(a) GDPR can serve as a legal basis. Please note the reference to the risk of data transfer to an unsafe third-country under sub-item “7. Forms”.

g. LinkedIn

We use the retargeting tool and the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose the LinkedIn Insight Tag is incorporated into our webpage. LinkedIn uses it to collect statistical, pseudonymized data from your visit and use of our website and to provide us with the corresponding aggregated statistics based on these. In addition, this information serves to be able to show you relevant offers and recommendations specific to your interests, after you have inquired on the website about certain services, information and offers. The information in this regard is stored in a cookie. More information about Data Privacy of LinkedIn can be found here.

In this process this data will be collected and processed:

  • IP Address
  • Device information
  • Browser information
  • Referrer URL
  • Timestamp

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want LinkedIn to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by LinkedIn. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

h. Usercentrics.

On this website we use the services of Usercentrics. The service is operated by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Usercentrics is a consent management service. With the help of Usercentrics, the consent required under data protection law is obtained. 

The following data is collected and processed:

  • Browser Information
  • Opt-in and opt-out data
  • Request URLs of the website
  • Page path of the website
  • Geographical location
  • Date and time of the visit
  • Device Information

The legal basis of the processing is Art. 6 (1)(c) GDPR. The processing is necessary for the fulfilment of a legal obligation (obtaining and managing consents under data protection law). 

The data (consent and revocation of consent) are stored for as long as necessary for processing — regularly this is three years.

i. Vimeo

We use Vimeo on our website. The service is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, United States of America. Vimeo is used to display videos on our website.

In this context, the following data is collected and  processed:

  • IP address
  • Browser type
  • Device Information
  • Browser Information
  • Cookie Information
  • Browser language
  • Referrer URL
  • Visited pages
  • Operating system
  • Search query
  • Information from third party sources
  • Information that users provide on this website

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR.. If you do not want the aforementioned data to be collected and processed by Vimeo, you can refuse your consent or withdraw it at any time with effect for the future.

The personal data will be stored for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Vimeo. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

j. Typeform

On this website the service Typeform is used. Typeform is operated by TYPEFORM SL, C/Bac de Roda, 163, 08018 Barcelona, Spain. Typeform is a service that we use to display online surveys on our website. 

In this context, the following data is collected and processed:

  • IP address
  • e-mail address
  • Visit duration
  • Date and time of the visit
  • If applicable, other data collected in the course of the survey

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want the above data to be collected and processed by Typeform, you can refuse your consent or revoke it at any time with effect for the future.

The personal data will be stored for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required for the purpose.

Within the scope of processing via Typeform, data may be transferred to the USA. The security of the transmission is regularly ensured by so-called standard contract clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the DSGVO. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent will be obtained in advance from you within the framework of the Usercentrics consent management system in accordance with Art. 49 (1)(a) GDPR.

 

k. Hotjar

We use the Hotjar web analysis service of Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (Hereinafter: Hotjar). Hotjar uses cookies, i.e. small text files, which are stored locally in the cache of your web browser on your end device and which enable an analysis of the use of our online presence by you. Personal data can thus be stored and evaluated, in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system) and a tracking code (pseudonymised user ID). The information thus collected will be transferred by Hotjar to a server in Ireland and stored there in an anonymised form. Further information on the collection and storage of data by Hotjar can be found here.

In the context of processing by Hotjar, the following data may therefore be collected and processed:

  • Data and time of visit
  • Browser information
  • Usage data
  • Click path
  • IP addresses

The legal basis for this data processing is your consent according to Art. 6 (1)(a) GDPR.If you do not want Google to collect, process or use data about you via our website, you can refuse your consent or withdraw it at any time with effect for the future. 

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

7. Forms

We use the service HubSpot to provide you with the following online forms. For this purpose, we forward your data to HubSpot and Zendesk, which processes the data exclusively at our request. See data privacy policy on “HubSpot” and “Zendesk”.

Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. The security of the transfer is regularly ensured by so-called standard contractual clauses and, in the case of Zendesk, by Binding Corporate Rules, which ensure that the processing of personal data is subject to a level of security equivalent to that of the DSGVO. If the standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, your approval of this privacy policy will be deemed to be consent within the meaning of Art. 49 (1)(a)  GDPR, which justifies data transfer to unsafe third countries.

a. Free offer of digital contents

In order to provide you with our downloadable content, we collect personal data from you. Below we explain these data.

  • Collected data: Email address, last name, first name, title, job title
  • Purpose of use: Customized sending of contents requested
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. The data is deleted after sending the content.
  • Legal basis: article 6 (1) b) GDPR

b. Personio events

For planning and holding of events, the event sponsor requires the participant’s personal data. The participant grants consent to the processing and use of his data for the initiation, holding and follow-up on the event.

  • Collected data: Email address, last name, first name, title, job title, city
  • Purpose of use: Management of invitations by email, sending of registration confirmations by email, sending of reminders before the event by email, sending of further information or short-term modifications to the registered event participants, optimization of event planning, general contract initiation.
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. If we invite you to an event, then we will delete your data as soon as this data is no longer needed for organization and structuring of the event. In particular, however, we will promptly delete your data if we cannot invite you to an event. An exception to this applies if you have registered for our newsletter (optional).
  • Legal basis: article 6 (1) b) GDPR

Optional:
See data privacy policy on “Event alarm.”

c. Newsletter

If you subscribe to our newsletter, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties.

  • Collected data: Email address, first name, last name, title, job title
  • Purpose of use: Sending of the newsletter requested
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data. 
  • Legal basis: article 6 (1) a) GDPR – consent
  • Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to content@personio.de.

d. Web demo

If you request an appointment for a web demo, then we use your data to contact you and coordinate together with you an appointment and to hold the appointment.

  • Collected data: Email address, last name, first name, telephone number, (business)
  • Purpose of use: Coordination and holding of the web demo, as well as preparation for and follow-up on the demo
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. The data are stored as long as is needed to prepare, hold and follow-up on the appointment. 
  • Legal basis: article 6 (1) b) GDPR

e. Event alarm

If you sign up for our event alarm, then we use your data to keep you up-to-date on planned events.

  • Collected data: Email address, last name, first name, title, job title, city
  • Purpose of use: Sending of the requested event alarm newsletters
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the event alarm newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data.
  • Legal basis: article 6 (1) a) GDPR – consent
  • Revocation: You can unsubscribe from our event alarm newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can revoke your consent at any time by sending an email to events@personio.de.

f. Webinars

If you register for a webinar, then we use your data to ensure that you receive the necessary information and to enable you to participate in the webinar.

  • Collected data: Email address, last name, first name
  • Purpose of use: Sending of the requested invitation to the webinar, as well as preparation, holding and follow-up on the webinar
  • Storage period: As a rule, the data is only stored for as long as is needed to fulfill the purpose. The data is deleted after holding the webinar.
  • Legal basis: article 6 (1) b) GDPR

g. Trial account

If you register for a trial account, then we use your data to ensure that you receive the necessary information and to introduce you to the test account and the features of the software.

  • Collected data: Email address, last name, first name, telephone number
  • Purpose of use: Provision of the requested test account and explanation of the features of the software
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. After the expiry of the test phase your data is deleted, if you do not become a customer.
  • Legal basis: article 6 (1) b) GDPR

8. Personio Community 

If you use the Personio Community (available at www.community.personio.de)  we will additionally process your personal data for the following purposes and on the basis of the following legal principles. 

a. Data that we process on the basis of a consent, Art. 6 (1)(a) GDPR:

We use and store the email address you provide to keep you informed about various Personio Community activities. You decide whether you want to receive this information. You can change these e-mail messages at any time in the “My settings” section according to your wishes and thus withdraw your consent.

b. Data that we process for the fulfilment of a contract, art. 6 (1)(b) GDPR

i. Contact
If you contact us (e.g. by e-mail), we will process and store the personal data provided in this context, such as name and e-mail address, in order to process your request.

ii. Registration and participation in the Personio Community

If you register for the Personio Community at www.community.personio.de, we process and store the data provided in this context (e.g. name, e-mail address) for the purpose of providing this service.

The following personal data is processed for this purpose:

  • Name
  • first name
  • e-mail address
  • Company
  • City
  • Contributions and contents 
  • further details (if made)

The provision of the above mentioned personal data is necessary to offer the Personio Community in its form. If you do not provide us with this data, you will only be able to use the Personio Community in a limited way (e.g. you will not be able to upload or comment on images or articles) or not at all.

Duration of storage: The data is stored only as long as necessary to achieve the purpose of the service.
If you use the Personio Community, we transfer personal data to the following recipients:
Recipient: inSided

On this website we use the Customer Success Community Platform inSided. inSided is operated by inSided B.V., a software company with headquarters at Singel 118a, 1015 AE, Amsterdam, The Netherlands. 

If you want to register in the community, write or comment on articles or give feedback on our products, the following data will be collected from you:

  • First and last name 
  • e-mail address
  • Company
  • City
  • Contributions and contents 
  • further details (if made)

InSided collects and processes your data only to provide the publicly viewable community or information about community activities, to evaluate user activities, to provide the gamification offer and to forward any inquiries to us.

Duration of storage: The data will be stored only as long as necessary to achieve the purpose of the game.

The legal basis for the processing is — according to Art. 6 (1)(a) GDPR — your consent, which you give us in the context of the registration about the knowledge of the privacy policy

For more information, please refer to the inSided privacy policy: https://www.insided.com/docs/privacy-policy .

9. Rights of data subjects

If the company Personio GmbH processes personal data as data controller, then you as the data subject have certain rights derived from Chapter III GDPR, which depend on the legal basis and purpose of the processing. These rights include when relevant especially the right to information (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to cancellation (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), and the right to objection (Art. 21 GDPR).  If the processing of personal data is based on your consent, then you have the right pursuant to Art. 7 III GDPR to revoke this consent granted under data protection law.

Please contact the Data Protection Officer of Personio GmbH (see Section 2) in order to assert you rights as data subject regarding the data processed for the operation of this website. Please be aware that you must contact the data controller directly to assert your rights as data subject derived from the processing by us, as data processor of our customers. We reserve the right not to respond to corresponding queries or to redirect them to the corresponding companies.

If Personio GmbH as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.

Please contact the data protection officer of Personio GmbH to assert your rights with regards to the data processed for the operation of this software (see section 2). Please note that you must address yourself exclusively to the controller in order to assert your rights as a data subject from the processing of personal data by Personio as subprocessor on behalf of our customers. We reserve the right not to answer such questions or to pass them on to the controller of this data processing.

10. Right to lodge a complaint

We would hereby like to inform you that pursuant to article 77 GDPR you have the right to lodge a complaint with the supervisory authority if you believe that your personal data have been processed illegitimately by us. 

11. Right to object

You can object to the use of your data by using the appropriate opt-out or by making the appropriate adjustments in the Usercentrics consent management system.

12. Final clauses

Personio reserves the right to adjust this data privacy policy at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced or modifications are made on the website. In this case, the new data privacy statement applies to any later visit of this software.

Version 10-2020