Sevenval Privacy Policy

Sevenval Technologies GmbH

Bahnhofsvorplatz 1
50667 Cologne, Germany
+49 (0) 221 84 630 0

Fax: +49 (0) 221 84 630 165
E-Mail: hello@sevenval.com

Represented by the management:

Jan Webering (CEO)

Thorsten May

Sascha Langfus

Robert Biedrzycki

(hereinafter referred to as »Sevenval«)

Data protection officer:

Roderich Pilars de Pilar

datenschutz@sevenval.com

IMPORTANT NOTE: The German version of this document governs our relationship – this translated English version is for convenience only and will not be interpreted to change the German version. For the German version, please visit this page.
  1. Information regarding data processing, legal bases and terminology
    1. This Privacy Policy explains the way, scope and purpose of processing personal data within our website content and the websites, functions and content (hereinafter mutually referred to as “website” or “website content”) associated with it. The Privacy Policy applies irrespective of the domains, systems, platforms and devices (e.g. desktop or mobile) used to display the website. There are supplementary provisions under Section 12 of this Privacy Policy that apply to the part of our website aimed at applicants to Sevenval that is operated at jobs.sevenval.com (hereinafter referred to as “applicant area”).
    2. The terminology used such as “personal data” or the “processing” thereof, refers to the definitions stated in Section 4 of the General Data Protection Regulation (GDPR).
    3. The personal data of users processed in the scope of this website content includes usage data (the webpages of our website content visited, access times), communication data (device IDs, IP addresses, location data, browser type and version, operating system used, website from which you visited us), content data (input in contact forms) as well as applicant data (name, contact details, specialist fields, application documents).
    4. The term “user” covers all categories of processing the data of data subjects. They include our business partners, customers, potential customers, applicants and other visitors to our website content. The terms used, such as “user” are to be understood as gender-neutral.
    5. We process personal user data solely under due observation of pertinent data protection regulations. This means that user data is only processed where statutory permission is in place, i.e. especially when the data processing is necessary or prescribed by law for the fulfilment of our contractual services (e.g. processing orders), as well as online services. Furthermore the users have given their consent as well as on the basis of our legitimate interests (i.e. in the analysis, optimisation and economic operation and security of our website content as defined by Section 6 Subsection 1 lit. f GDPR, in particular when measuring the reach, creating profiles for advertising and marketing purposes as well as collecting access data and using third-party services).
    6. We point out that the legal basis for the consents is Section 6 Subsection 1 lit. a and Section 7 GDPR; the legal basis for the processing for fulfilling our services and performing contractual measures is Section 6 Subsection 1 lit. b GDPR; the legal basis for the processing for fulfilling our statutory obligations is Section 6 Subsection 1 lit. c. GDPR; and the legal basis for the processing for observing our legitimate interests is Section 6 Subsection 1 lit. f GDPR.
  2. Safety precautions
    1. We take organisational, contractual and technical safety precautions in line with the latest state of technology to ensure the provisions of the data protection laws are observed and to, thus, protect the data we process against accidental or intentional manipulations, loss, destruction or against access by unauthorised persons.
    2. The safety precautions include, in particular, the encrypted transmission of data between your browser and our server.
  3. Disclosure of data to third parties and third-party providers
    1. Data is solely disclosed to third parties in the scope of statutory regulations. We only disclose user data to third parties if this is required on the basis of Section 6 Subsection 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests as per Section 6 Subsection 1 lit. f GDPR in the economic and effective operation of our business activities.
    2. To the extent we make use of subcontractors to provide our services, we take suitable legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in line with pertinent statutory regulations.
    3. To the extent content, tools or other media belonging to other providers (hereinafter mutually referred to as “third-party providers”) in the scope of this Privacy Policy and their stated domicile is in a third-party country, it must be assumed that data is transferred to the third-party providers’ domicile state. Countries to be understood as third-party countries are such countries where the GDPR is not a directly applicable law, i.e. in essence, countries outside the EU or the European Economic Area. Data is transferred in third-party countries when either there is an appropriate level of data protection, consent by the users or any other statutory permission in place.
  4. Collection of access data and logfiles
    1. On the basis of our legitimate interest as defined by Section 6 Subsection 1 lit. f GDPR, we collect data on every access to the server on which our website is located (so-called server logfiles). Access data includes the name of the website accessed, file, date and time of access, data volume transferred, report on the successful access, browser type and version, the user’s operating system, referrer URL (the site visited prior) and the requesting provider.
    2. Logfile information is stored for a maximum of 30 days for safety reasons (e.g. to investigate misuse or defraudation) and is deleted thereafter. Data which needs to be kept for evidence purposes is excepted from being deleted until the final clarification of the respective event.
    3. We use the service sloppy.io of sloppy.io GmbH, Bahnhofsvorplatz 1, 50667 Cologne, Germany to host our website. In the scope of the hosting, the user’s IP address (anonymised) is transmitted to sloppy.io GmbH in the shape of logfiles where it is deleted after 2 months at the latest. They process the data on our behalf as per Section 28 Subsection 3 Sentence 1 GDPR.
  5. Cookies and reach measurement
    1. Cookies are information that is transferred from our web server or third-party web servers to the users’ web browser and are stored there to be accessed later on. Cookies can be either small files or other means of storing information.
    2. We use “session cookies” that are only stored for the duration of the current visit to our website. We use these to be able to further optimise our site and to make your visit more user-friendly. A so-called session ID, a randomly generated unique identification number, is stored in a session cookie. In addition, a cookie contains information about its origin and the period of storage. These cookies cannot store any other data. Session cookies are deleted after you have finished using our website or when you close the browser.
    3. Users are informed of the use of cookies in the scope of pseudonymous reach measurement in the scope of this Privacy Policy.
    4. In case users do not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option in the system settings of the browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to restrictions in the functions of this website.
    5. You can object to the use of cookies that serve reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and, in addition, the US American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
  6. Google Analytics
    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website as defined by Section 6 Subsection 1 lit. f GDPR), we use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the website by the users is usually transmitted to a Google server in the USA and stored there.
    2. Google is certified under the EU-US Privacy Shield and thereby guarantees the compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    3. Google will use this information on our behalf to analyse the use of our website by users, to compile reports about the activities within this website and to provide us with further services associated with the use of this website and the Internet. It may be, that during the course of this, pseudonymous user profiles of the users are created from the processed data.
    4. We only use Google Analytics with activated IP anonymisation. This means that the user’s IP address is shortened by Google within Member States of the European Union or in other contractual states of the Treaty on the European Economic Area. Only in rare cases is the full IP address sent to a Google server in the USA and shortened there.
    5. The IP address transmitted by the user’s browser will not be stored together with other Google data. Users can prevent the storage of cookies by way of a corresponding setting in their browser software; users can additionally prevent the collection of data generated by the cookie and relating to their use of the website as well as the processing by Google of this data by downloading the browser plug-in available at the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.
    6. You can obtain further information about data usage by Google, possible settings and possibilities of objection on the web pages of Google: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://www.google.com/policies/technologies/ads (“How google uses cookies in advertising”), http://www.google.de/settings/ads (“managing information that Google uses to show you ads”).
  7. Establishing contact
    1. When a user contacts us (by contact form or e-mail), the information about the user is processed to deal with the contact request and to conclude it as defined by Section 6 Subsection 1 lit. b) GDPR.
    2. In order to process contact requests, we use “Salesforce”, which is CRM software by the provider salesforce.com Germany GmbH, Erika-Mann-Str. 3, 80636 Munich, Germany. You can view the provider’s Data Policy here: https://www.salesforce.com/de/company/privacy/.
  8. Newsletter
    1. The following information explains the content of our newsletters as well as the subscription, delivery and statistical analysis methods as well as your rights of revocation. By subscribing to our newsletter, you are agreeing to receiving it and to the methods described.
    2. Content of the newsletter: We send out newsletters, e-mails and other electronic messages with advertising content (hereinafter “newsletter”) only with the recipients’ consent or permission by law. Insofar as the contents are defined in detail in the scope of subscribing to the newsletter, they are decisive for the users’ consent. For the rest, our newsletters contain information about our products, offers, campaigns and our company.
    3. Double opt-in and logging: A so-called double opt-in method is used for subscribing to our newsletter. This means that after subscribing, you receive an e-mail in which you are requested to confirm your subscription. This confirmation is necessary to ensure nobody can subscribe using another person’s e-mail address. The subscriptions to the newsletter are logged in order to be able provide evidence of the subscription process in line with statutory regulations. This includes the storage of the login and confirmation time as well as the IP address. In addition, we store and process your personal data that you have entered for registration. Likewise the changes of your data stored with the dispatch service provider are logged.
    4. Newsletters are sent by ”MailChimp”, a marketing automation platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the marketing automation platform’s data protection provisions here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield and, due to this, provides a guarantee of observing the European level of data protection (https://www.privacyshield .gov/participant?id=a2zt0000000TO6hAAG&status=Active).
    5. Furthermore, the marketing automation platform can, according to their own information, use this data in pseudonymised form, i.e. without being allocated to a user, to optimise or improve their own services, e.g. for the technical optimisation of delivery and presentation of the newsletter or for statistical purposes to determine which countries the recipients come from. The marketing automation platform does not, however, use the data to write to them themselves or to disclose it to third parties.
    6. Subscription data: In order to subscribe to the newsletter, all you need to state is your e-mail address. Optionally, we ask you to state a name to address you personally in the newsletter as well as your fields of interest for the purpose of customising the newsletter to your topics of interest.
    7. Statistical collection and analyses: The newsletters contain so-called “web beacons”, i.e. a pixel-sized file that is retrieved by the marketing automation platform when the newsletter is opened. In the scope of this retrieval, to begin with, technical information such as information about the browser and your system as well as your IP address and time of access is collected. This information is used to improve the services technically on the basis of the technical data or the target groups and their reading behaviour on the basis of the access locations (which can be determined with the help of the IP address) or the times of access. The data collection equally includes the determination as to whether the newsletters are opened, when they are opened and which links are clicked on. This information can in fact be allocated to the individual newsletter recipients, it is however neither our intention nor that of the marketing automation platform to monitor individual users. The analyses rather serve the purpose of us recognising our users’ reading behaviour and adapting our contents to them or to sending different contents according to the interests of the users.
    8. The use of the marketing automation platform, the performance of data collections and analyses as well as logging the subscription process is conducted on the basis of our legitimate interests as defined by Section 6 Subsection 1 lit. f GDPR. Our interest is directed towards both the use of a user-friendly and secure newsletter system that serves both our business interests and fulfils the expectations of the users.
    9. Unsubscribing/revocation: You can unsubscribe to receiving our newsletter at any time, i.e. revoke your consent. At the same time, your consent regarding the delivery of it by the marketing automation platform and the data collection is also terminated. Unfortunately, it is not possible to revoke the delivery by the marketing automation platform separately to the statistical analysis. There is a link at the end of each letter where the newsletter can be unsubscribed to. If users have only subscribed to the newsletter and have terminated this subscription, their personal data will be deleted.
  9. Downloading exclusive contents
    1. Sevenval offers registered users the possibility of requesting exclusive editorial contents on the website by e-mail and to download them. In the scope of this registration, we store the user’s name, e-mail address, the company and the telephone number for our own advertising purposes as well as the sending out of these contents as per their express consent as defined by Section 6 Subsection 1 lit. a. and Section 7 GDPR.
    2. To process registrations, we use”MailChimp”, a marketing automation platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the marketing automation platform’s data protection provisions here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield and, due to this, provides a guarantee of observing the European level of data protection (https://www.privacyshield .gov/participant?id=a2zt0000000TO6hAAG&status=Active).
    3. The user can revoke the processing of the data stated under Item 9.1 at any time as defined by Section 14 of this Privacy Policy.
    4. Use of HubSpot
      Sevenval uses Hubspot, a service of Hubspot Inc., on its websites for analysis purposes. Hubspot is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. "Cookies" or similar technologies (such as "web beacons") are used, which are stored on your computer and enable us to analyze your use of our website. Hubspot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of Sevenval in order to generate reports about the visit and the pages visited on the Sevenval website. If you have registered on our website, Hubspot allows us to link a user's visits to Sevenval websites to personal data (above all name/email address) on the basis of a consent given, thus recording personal data and informing users individually and purposefully about preferred topics. For the same purpose, we link approved personal data with further information from freely accessible sources. Further information about the functionality of Hubspot can be found in the Hubspot Inc. data protection declaration under: http://legal.hubspot.com/de/privacy-policy.
  10. Live Support
    1. Via the chat function on our website, users are able to establish direct contact with employees at Sevenval in order to clarify, for example, questions regarding job vacancies. There is no need to state personal data to use the chat function.
    2. We use Userlike, live chat software by the company Userlike UG (limited liability) for the service stated under Item 11.1. Userlike uses "Cookies", text files that are stored on your computer and which enable a one-to-one conversation with you in the shape of a real-time chat on the website. The data collected is not used to personally identify visitors to this website and is not merged with personal data via the bearer of the pseudonym.
    3. In order to evaluate and optimise the quality of our service internally, we store the chat protocols for a period of 90 days.
  11. Embedding third-party services and contents
    1. On the basis of our legitimate interests (i.e. the interest in the analysis, optimisation and economic operation of our website as defined by Section 6 Subsection 1 lit. f. GDPR), within our website, we use offers of content and services by third-party providers such as embedding possibilities for recommending our website (hereinafter holistically called “contents”). This always presupposes that the third-party providers perceive the users’ IP address, because they could not send the contents to their browser without the IP address. The IP address is thus necessary for the presentation of these contents. We endeavour to only use such contents whose respective provider solely uses the IP address to send out the contents. Furthermore, third-party providers can use so-called pixel tags (invisible graphic images also called “web beacons”) for statistical or marketing purposes. Via the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users’ device and contain, among others, technical information about the browser and operating system, referring websites, time of visit as well as other details on using our website, and can also be associated with such information from other sources.
    2. The following provides an overview of third-party providers as well as their contents plus links to their Privacy Policies, which contain further information on the processing of data and, partially stated here, possibilities of revocation (so-called “opt-out”):
      1. Functions of the service Google+ are embedded in our website. These functions are provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the contents of our pages with your Goggle+ profile by clicking the Google+ button. By doing so, Google can assign the visit to our pages to your user account. We must point out that we, as the provider of the pages, receive no knowledge of the content of the transmitted data, nor of the use of it by Google+. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
      2. Our website uses functions of the network, LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When visiting one of our pages that contains functions of LinkedIn, a connection is established to servers of LinkedIn. LinkedIn is informed that you have visited our web pages with your IP address. If you click on the “Recommend-Button” of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We must point out that we as the provider of the pages receive no knowledge of the content of the transmitted data nor of the use of it by LinkedIn. Data Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
      3. We use social plug-ins of the social network, Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). If you visit a page that contains such a plugin, your browser makes a direct connection to the servers of Pinterest. The plugin transmits logging data to the server of Pinterest in the USA. This logging data may contain your IP address, the address of the page visited that equally contains Pinterest functions, type and settings of the browser, date and time of the request, your means of using Pinterest as well as cookies. Privacy Policy of Pinterest: https://about.pinterest.com/de/privacy-policy.
      4. Functions of the service Twitter are embedded in our website. These services are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When using Twitter and the “retweet” function, the websites you have visited are linked up to your Twitter account informing others. At the same time, data is also transmitted to Twitter. We must point out that we, as the provider of the pages receive no knowledge of the content of the transmitted data nor of the use of it by Twitter. Privacy Policy of Twitter at http://twitter.com/privacy. You can change your Twitter privacy settings in the account settings at http://twitter.com/account/settins.
      5. We use functions of the network XING. The provider is XING SE Dammtorstraße 30, 20354 Hamburg, Germany. every time one of our pages containing functions of Xing is accessed, a connection is established to the servers of Xing. As far as we know, personal data is not stored. In particular, no IP addresses are stored nor is user behaviour analysed. Privacy policy of XING:  https://www.xing.com/app/share?op=data_protection.
      6. We use the marketing tool Unbounce on our websites to create forms for establishing contact and processing incoming enquiries. This is a service provided by Unbounce Germany GmbH, Friedrichstraße 68, 10117 Berlin, German. Privacy Policy of Unbounce: https://unbounce.com/privacy/.
  12. Rules for applicants
    1. When sending in their application via our website, the user consents to the processing of their personal data in the scope of the recruiting process. This includes name, address, date of birth, telephone number, e-mail address as well as possible further data from the curriculum vitae or other attachments. During the process, the data is stored in our applicant management system Talention, Software by TFI GmbH, Delphiplatz 1, 42119 Wuppertal, Germany.
    2. If the recruiting process results in the conclusion of an employment contract, the data transmitted by the applicant can be stored by Sevenval in their personal file for the purpose of the usual organisational and management process under due consideration of pertinent statutory regulations.
    3. If the recruiting process does not result in the conclusion of an employment contract, the applicant’s data will be stored for 2 months and then deleted in their entirety.
  13. Inclusion in the talent pool
    1. It is possible for candidates who are not applicants in a specific recruiting process or whose profile does not match any current vacancy (hereinafter referred to as “candidates”) to be included in a relationship database of Sevenval (hereinafter referred to as “talent pool”). This is a database in which we store the candidate’s personal data. This includes the name, address, date of birth, telephone number, e-mail address as well as possible further details from the curriculum vitae or other attachments. During the process, the data is stored in our applicant management system Talention, Software by TFI GmbH, Delphiplatz 1, 42119 Wuppertal, Germany.
    2. This data is processed as per the candidate’s express permission in line with Section 6 Subsection 1 lit. a. and Section 7 GDPR.
    3. Candidates can object to the processing of the data stated under Item 13.1 at any time as per Section 14 of this Privacy Policy.
  14. Users’ rights
    1. Users are entitled to obtain information upon request about the personal data that we have stored about them at no extra cost.
    2. In addition, users are entitled to have wrong data corrected, to restrict the processing and delete personal data to the extent applicable, to assert their rights to data portability and, in the event of illegal data processing, submit a complaint to the pertinent supervisory board.
    3. Equally, users can, in principle, revoke their consent with immediate effect.
  15. Deletion of data
    1. Data we have stored is deleted as soon as it is no longer necessary for the intended use and the deletion does not contradict any statutory obligations to preserve records. To the extent that user data is not deleted because it is necessary for other, and legally permissible, purposes, the processing thereof will be restricted. This means the data will be blocked and will not be processed for other purposes. This applies, for example, to user data that must be preserved for business or fiscal reasons.
    2. As per statutory regulations, records are preserved for 6 years as defined by Section 257 German commercial Code (account books, inventories, business letters, opening balances, annual financial statements, journal vouchers, etc.) as well as for 10 years as per Section 147 Subsection 1 General Fiscal Law (accounts, records, management reports, receipts, business letters, documents relevant for taxation, etc.).
  16. Right of revocation
    1. Users can revoke future processing of their personal data according to statutory regulations at any time. The revocation may, in particular, be directed towards processing for purposes of direct marketing.
  17. Amendments to the Privacy Policy
    1. We reserve the right to amend the Privacy Policy to adapt it to changes in law or in the event of a change in the service as well as data processing. This, however, only applies with regard to policies on data processing. To the extent consent by the usesr is necessary or parts of the Privacy Policy contain regulations regarding the contractual relationship with the users, the amendments are only made with the consent of the users.
    2. Users are requested to obtain information about the content of the Privacy Policy at regular intervals.