Privacy policy

We have been developing business software for 20 years. Our customers include some of Europe's largest agencies, federal authorities, banks and industry. We take data protection very seriously and are regularly audited. We have listed all relevant declarations and contracts here. If you have any questions about our data protection regulations, please contact us.

1 Introduction and general information

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.

1.1 Responsible as defined by the GDPR

everii Group GmbH (hereafter: "everii")
Colonnaden 41, 20354 Hamburg
Telephone number: +49 40 882 15 33 20
Email: [email protected] ‍

together with the following subsidiaries:

everii Germany GmbH: Colonnaden 41, 20354 Hamburg
everii Frankfurt GmbH: Hanauer Landstraße 126-128, 60314 Frankfurt am Main
everii Austria GmbH: Mariahilfer Str. 121B, 1060 Vienna, Austria
everii Switzerland AG: Albisriederstrasse 253, 8047 Zurich, Switzerland
All companies mentioned under 1.1. form the "everii group of companies".

Responsibility within the everii group of companies

Certain data processing on this website is carried out under so-called joint responsibility with the above-mentioned regional subsidiaries of everii Group GmbH. This is indicated below in relation to each processing purpose. The companies of the everii Group have set up a joint contact point for data subjects within the meaning of Art. 26 para. 1 sentence 3 GDPR. If you wish to exercise your right of access, erasure or any other right under Chapter 3 of the GDPR, we recommend that you contact the joint contact point:

everii Group GmbH (hereinafter: "everii")
Colonnaden 41, 20354 Hamburg
[email protected]

Of course, we will also process the above-mentioned requests or enquiries if they are addressed to another company in the everii group of companies.

1.2 Contact details of the data protection officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstraße 21
80802 Munich
[email protected]

When contacting the data protection officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information, such as a copy of your ID, with your enquiry.

1.3 Definition of terms

Our privacy policy should be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.

1.4 Scope of application of this privacy policy

This privacy policy relates to the processing of personal data when you visit the hellohq.io website. It does not cover data processing when using products of the everii group of companies.

1.5 Access to and storage of information

By using our website, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases in which such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.

In cases in which such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

2 Webhosting

This website is hosted by an external service provider (hoster). This website is hosted by the provider Vercel Inc, 440 N Barranca Ave #4133, Covina, CA 91723, USA. Personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.

Hosting is carried out for the technical provision of the website under the responsibility of everii Group GmbH.

The listed data is collected in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

An order processing contract has been concluded with the provider in accordance with the requirements of Art. 28 GDPR, in which the provider is obliged to protect the personal data processed on behalf of the provider and not to pass it on to third parties.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

3 Server Logfiles

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

* Date and time of the request
* Name of the requested file
* Page from which the file was requested
* Access status
* Web browser and operating system used
* (Full) IP address of the requesting computer
* Amount of data transferred

The listed data is collected in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The log files are used to analyse system security and stability as well as for administrative purposes. The legal basis for the processing of the data is everii's legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. After 7 days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a reference to the individual user.

The data may also be processed in anonymised form for statistical purposes. At no time is this data stored together with other personal data of the user, compared with other databases or passed on to third parties.

4 Cookies

Our website uses so-called "cookies". Cookies are small text files that are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser. 

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising. 

The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the information on the specific data processing.

The processing of personal data through the use of other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time for the future. If such cookies are used for analysis and optimisation purposes, you will be informed of this separately and consent will be obtained in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. 

You can set your browser so that you  

* are informed about the setting of cookies,  
* allow cookies only in individual cases,  
* exclude the acceptance of cookies for certain cases or in general 
* activate the automatic deletion of cookies when closing the browser.  
‍

The cookie settings can be managed under the following links for the respective browsers 

* Google Chrome 
* Mozilla Firefox 
* Edge (Microsoft) 
* Safari 
* Opera

You can also manage cookies from many companies and functions that are used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choi... or http://www.youronlinechoices.c....  

Most browsers also offer a so-called "Do-Not-Track-Function". If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be "tracked" for the purpose of behaviour-based advertising and the like. 

For information and instructions on how to edit this function, please refer to the following links, depending on your browser provider:  

* Google Chrome 
* Mozilla Firefox  
* Edge (Microsoft)   
* Safari ‍
* Opera

You can also prevent scripts from loading by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/...). 

Please note that deactivating cookies may limit the functionality of our website. 

Changing cookie settings

You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via this link.

5 Data transfer within the everii group of companies

Your personal data may be passed on within the everii group of companies between the affiliated companies mentioned under (1.). Insofar as the transfer is for internal administrative purposes such as the central administration of customer data, the associated data processing is carried out on the basis of the legitimate interests of the affiliated companies in accordance with Art. 6 para. 1 lit. f GDPR. Otherwise, personal data will only be passed on if this is necessary for the initiation or execution of a contract with you (Art. 6 para. 1 lit. b GDPR), if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if we are obliged to pass on data in accordance with Art. 6 para. 1 lit. c GDPR.

Insofar as personal data is transferred to everii UK Ltd (Compass House Vision Park, Chivers Way, Histon, Cambridge, CB24 9AD) in this context, the other companies of the everii Group rely on the adequacy decision of the EU Commission for the United Kingdom (Art. 45 para. 1 GDPR).

6 Data transfer and recipients

Your personal data will not be transferred to third parties unless this has been explicitly stated in the description of the respective data processing, if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, if the transfer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, in the event that there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR and insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

For the processing of our services, we also use external service providers who have been carefully selected, commissioned in writing and with whom, if necessary, order processing contracts have been concluded in accordance with Art. 28 GDPR. These service providers are bound by the instructions of everii or the companies of the everii group of companies and are regularly monitored by them. These include service providers for hosting, sending e-mails, maintenance and servicing of our IT systems, etc.

The following service providers are used:

* Google Ireland Ltd (reCAPTCHA, Google Analytics, Google Tag Manager, Google Ads) (7.1. - 7.4.)
* Outbrain UK Ltd (7.5.)
* LinkedIn Ireland Unlimited Company (7.6.)
* HubSpot Inc (7.7.)
* Meta Platforms Inc (Facebook and Instagram integration) (7.10.)
* Twitter International Company (Twitter Pixel) (7.11.)
* Vimeo LLC. (7.12.)

Further information on the service providers mentioned can be found under the numbers below.

6.1. Google reCAPTCHA

Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") is used on this website. This is used for security purposes under the sole responsibility of everii Germany GmbH. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The purpose of reCAPTCHA is to check whether the data input on our website (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. To analyse this, reCAPTCHA evaluates various pieces of information, e.g.

* IP address
* the time the website visitor spends on the website
* Mouse movements made by the user

The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from abusive automated spying and from unwanted, automated mailings (spam).

Since personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

We do not store any personal data from the use of reCAPTCHA. In general, personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies.

Further information on Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de... and https://www.google.com/recaptc...

6.2 Google Analytics

This website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

everii and its subsidiaries are jointly responsible for the use of Google Analytics under data protection law (Art. 26 GDPR). A corresponding agreement has been concluded.

Google will use this information on behalf of the operator of this website to analyse your use of the website and to compile reports on website activity. Google also uses cookies for this purpose. Google will also use this information to provide the website operator with further services associated with the use of the website and the Internet. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent.

Google Analytics is only used with IP anonymisation activated. This means that your IP address is only processed by Google in abbreviated form.

We have concluded an order processing contract with the service provider in which we oblige them to protect our customers' data and not to pass it on to third parties.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

The Google Analytics terms of use and information on data protection can be accessed via the following links:

http://www.google.com/analytic...
https://www.google.de/intl/de/...

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Data at user and event level that is linked to cookies, user IDs and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple ID for advertisers]) is deleted no later than 14 months after it is collected.

You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpag....

6.3 Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

everii and its subsidiaries are jointly responsible for the use of Google Tag Manager under data protection law (Art. 26 GDPR). A corresponding agreement has been concluded.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

6.4 Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

everii and its subsidiaries are jointly responsible for the use of Google Ads Remarketing functions under data protection law (Art. 26 GDPR). A corresponding agreement has been concluded.

If you have given us your consent to do so, this function enables us to link the advertising target groups created with Google Ads Remarketing with the cross-device functions of Google Ads and Google Marketing Platform. The legal basis is the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TTDSG. In this way, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you sign in with your Google account.

To support this feature, Google Analytics collects authenticated user IDs that are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account by following this link: https://adssettings.google.com...

The data will be deleted as soon as it is no longer required to fulfil the purpose(s) for which it was collected. If there is a legitimate interest in storage due to the defence against third-party legal claims or the assertion and enforcement of our own legal claims, processing may also take place after the above-mentioned purposes no longer apply. This also applies if we are legally obliged to continue processing.

Since personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

Further information and the data protection provisions can be found in Google's privacy policy at
https://www.google.com/policie...

6.5 Outbrain

This website uses "Outbrain", a technology of the provider Outbrain UK Limited, 100 New Bridge Street, UK ("Outbrain").

Outbrain is used by the companies of the everii Group in joint responsibility with the service provider Outbrain. A corresponding agreement has been concluded between the companies of the everii Group and with Outbrain in accordance with Art. 26 GDPR on joint responsibility for the processing of data (Data Sharing Agreement). This agreement specifies the data processing operations and data protection obligations for which we and Outbrain are responsible. You can view the agreement on joint responsibility concluded between us and Outbrain at the following link: https://www.outbrain.com/legal... . (Accordingly, only the function of the Outbrain pixel described below is carried out under joint responsibility with Outbrain).

In the event that your personal data is also or exclusively processed by Outbrain, Outbrain may also be independently responsible for data processing within the meaning of the GDPR in addition to the companies of the everii Group (or in their place).

With the help of a so-called widget, you as a user are referred to further content within our website and on third-party websites that may also be of interest to you. The content displayed in this Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology. Your pseudonymised IP address at the time of access, the device you are using, the browser and operating system used, as well as the pages visited, the time of the visit and the referring URL are transmitted to the external provider. Outbrain uses a visitor pixel and cookies, which are stored on the user's end device or browser, to display this further interest-related content. Outbrain also assigns a so-called Universally Unique Identifier (UUID), which can identify the user by device when they visit a website on which the Outbrain widget is implemented. Outbrain creates user profiles in which user interactions (e.g. page views and clicks) of a browser or end device are aggregated in order to derive the preferences of the UUID. The data collected in this respect is only made available to us by Outbrain in anonymised form; we ourselves do not store any personal data in this context.

According to Outbrain, the data collected in this way is stored for a period of 13 months. After 13 months, the data is anonymised so that it can no longer be associated with you. 

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Personal data is transferred to a third country (the United Kingdom). The basis for this is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR.

Further information can be found in Outbrain's privacy policy at https://www.outbrain.com/legal.... You can prevent Outbrain from tracking the display of interest-based recommendations at any time by clicking on the "Opt-out" field in Outbrain's privacy policy, available at http://www.outbrain.com/de/leg.... The opt-out only applies to the device you are using and also loses its validity if you delete your cookies.

6.6 LinkedIn Analytics / LinkedIn Insight

This website uses the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn). This enables us to display personalised advertisements on LinkedIn to visitors to our website. For this purpose, a cookie, LinkedIn Insight Tag, is set in your browser with a validity of 120 days, which enables LinkedIn to recognise you if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn uses this data to create anonymous reports on the performance of adverts and information on website interaction. The information generated by the cookie is usually transferred to a server in the USA and stored there.

everii and its subsidiaries are jointly responsible for the use of LinkedIn Insights. A corresponding agreement has been concluded between the companies of the everii Group and with LinkedIn pursuant to Art. 26 GDPR on joint responsibility for the processing of data (LinkedIn
Insights) has been concluded. This agreement specifies the data processing operations and data protection obligations for which we and LinkedIn are responsible. You can view the joint responsibility agreement concluded between us and LinkedIn at the following link: https://www.linkedin.com/legal...

In the event that, apart from the Insight function, your personal data is also or exclusively processed by LinkedIn, LinkedIn is responsible for data processing within the meaning of the GDPR in addition to the companies of the everii Group (or in their place).

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

LinkedIn transfers personal data to the USA. According to LinkedIn, this transfer takes place on the basis of standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. Everii or its subsidiaries are not responsible for this transfer.

You can deactivate LinkedIn Insight conversion tracking and interest-based personalised advertising by opting out at the following deactivate link: https://www.linkedin.com/psett.... Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal....

6.7 HubSpot

This website uses the software Hubspot (HubSpot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141, USA). We use this integrated software platform in relation to the entire everii group of companies for marketing purposes, lead generation and customer service purposes. This includes email marketing, which regulates the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact or other forms.

everii and its subsidiaries are jointly responsible for the use of Hubspot.

Hubspot uses cookies, which are stored locally in the cache of your web browser on your end device and enable us to analyse your use of the website.
website by us. Hubspot analyses the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited. Information collected by Hubspot and the content of our website is stored on the servers of Hubspot's service providers. Such processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The data will be deleted no later than 13 months after collection.

As personal data is transferred to third countries (including the USA), further protection mechanisms are required to ensure the level of data protection required by the
GDPR are ensured. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR (https://legal.hubspot.com/dpa). These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the third country.

You can permanently object to the collection of data by Hubspot and the setting of cookies by preventing the storage of cookies through your browser settings.

Further information on the use of Hubspot can be found at: https://legal.hubspot.com/de/p...

6.8 Pipedrive (sales, management of customer data)

The software Pipedrive (Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia, EU; hereinafter: "Pipedrive" or "Provider") is used for sales purposes and generally for the purpose of managing customer data. Pipedrive is a so-called CRM software, i.e. a programme designed to support the process of customer acquisition and communication with our customers and to enable efficient management of the relevant data. Pipedrive is directly connected to our website.

everii and its subsidiaries are jointly responsible for the use of Pipedrive.

Various personal data is processed in the process. This processing is carried out on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in using software as a company to efficiently pursue the above-mentioned purposes.

In particular, the following personal data may be processed Name, address and contact data, payment and bank data, customer history, IP addresses, references and sales or performance-related notes and documentation. Personal data provided to us by customers or interested parties via forms or similar on our website is also processed.

The data will be deleted as soon as it is no longer required to fulfil the purpose(s) for which it was collected, in particular if stored data relating to customers and/or interested parties is no longer required to initiate or execute a contract. If there is a legitimate interest in storage due to the defence against third-party legal claims or the assertion and enforcement of our own legal claims, processing may also take place after the above-mentioned purposes no longer apply. This also applies if we are legally obliged to further processing (for more information, see
information on this under 9).

We have carefully selected the provider and concluded an order processing contract with them in accordance with Art. 28 GDPR. The provider is based within the European Union. However, Pipedrive may also transfer personal data to third countries such as the USA, in particular to affiliated companies.
companies. Pipedrive has undertaken to transfer personal data to third countries only in compliance with the requirements of the GDPR. In particular, Pipedrive relies on the EU standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR.

Further information about Pipedrive can be found in the provider's privacy policy at https://www.pipedrive.com/en/p... and the information at https://support.pipedrive.com/... .

6.9 YouTube with extended data protection mode

On our website, we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data is your consent given in accordance with Art. 6(1)(a) GDPR.

everii and its subsidiaries are jointly responsible for the use of YouTube.

If the playback of embedded YouTube videos is started with your consent, the provider "YouTube" uses cookies to collect information about user behaviour. According to information from "YouTube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for the purposes of advertising, market research and/or customising its websites.

Such an analysis is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, Google uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even through this contractual
cannot be ensured by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/pr...

6.10. Facebook Business Tools

This website uses Facebook Business Tools for advertising and marketing purposes. Facebook Business Tools are provided by Meta Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. (parent company: Meta Platforms Inc., 1601 Willow Rd, Menlo Park, California 94304, USA) (hereinafter referred to as: "Meta Ireland").

The following Facebook business tools are used (in relation to the social media platforms Facebook and Instagram): (Meta) Pixel in connection with Facebook Conversions, Facebook Custom Audiences (with so-called extended matching) and so-called social plugins. Further information on this can be found
below.

Facebook Business Tools are used by us exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

Meta Ireland stores personal data collected when using the above-mentioned tools for a maximum period of 2 years. Target groups (custom audiences, see below), which are created at our instigation, can be stored independently of this for up to one year.

Meta Ireland transfers personal data to the USA. Everii or the companies of the everii group of companies are not responsible for this transfer.
responsible for this transfer. As far as we know, Meta Ireland relies on standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR when transferring your personal data to the USA. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.

Facebook Business Tools are used by the companies of the everii Group in joint responsibility with the service provider Meta Ireland. A corresponding agreement has been concluded between the companies of the everii Group and with Meta Ireland in accordance with Art. 26 GDPR on joint responsibility for the processing of personal data. This agreement specifies the data processing operations and data protection obligations for which we and Meta Ireland are responsible. You can view the joint controllership agreement concluded between us and Meta Ireland at the following link: https://www.facebook.com/legal... .

Further information on Facebook Business Tools can be found at: https://www.facebook.com/legal...

and at: https://www.facebook.com/legal...

Pixel (in connection with Facebook Conversions and Custom Audiences)

The (meta) pixel is an (invisible) element integrated into our website that enables Meta Ireland to display our adverts within Facebook to targeted users based on a visit to or interaction with our website. However, this data can be linked by Facebook to your user account there.

We use the Facebook Conversion API in conjunction with Pixel. This technology enables a direct connection of marketing data collected on our systems online and offline with Meta Ireland. This enables us to personalise and optimise advertisements and measure their success. Coversions API is used in addition to pixels to increase the reliability of data collection and improve the quality of the data collected and its analysability. In order to optimise the results of our advertising measures, the Conversions API is used with the function of so-called extended data matching. This means that personal contact data is only sent to Meta Ireland in the form of a mathematical representation (so-called "hash"). These are then compared with Meta Ireland's database and, if a visitor to our website is recognised, used for the targeted display of our Meta advertisements.

Data collected by pixels can be transmitted by us to Meta Ireland to create custom audiences, i.e. target groups defined by us, for advertising purposes on Facebook. Personal data may be compared with Meta Ireland in order to determine whether a visitor to our website is also a Facebook user.

As a result of the use of Facebook Pixel and the other functions described here, personal data is transmitted to Meta Ireland. This includes http header information (browser used, language used, etc.), personal identifiers such as IP addresses or Facebook-related identifiers and information about your interaction with our website (e.g. buttons clicked).

Social plugins

Social plugins are also used on our website. These are, for example, a "Like" or "Share" button as well as embedded posts from Facebook.

The integration of these social plugins involves the transmission of personal data to Meta Ireland, including personal identifiers and http header information.

6.11. Twitter Pixel

This website uses conversion tracking with Twitter Pixel, a tool provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). With conversion tracking, Twitter places a cookie on your device when you visit our website by clicking on a Twitter advert. This allows the behaviour of users to be tracked after they have been redirected to our website by clicking on a Twitter ad. This process is used to evaluate and optimise the effectiveness of Twitter ads. If you are logged in to Twitter with your user account, information about your interaction with our website is transmitted to Twitter, including in particular Twitter cookie ID, browser user agent string, browser IP address, website tag ID, timestamp, page URL, website interactions such as purchases. of Twitter with your user account there. On this basis, Twitter provides us with summarised information, i.e. information that is not related to individual persons, for the purposes listed below.

everii and its subsidiaries are jointly responsible under data protection law for the use of Twitter pixels on our website and the transmission of personal data collected through them to Twitter (Art. 26 GDPR). A corresponding agreement has been concluded.

Twitter processes personal data transmitted to Twitter under its own responsibility. We therefore have no influence on the further processing of this data by Twitter. If you have a Twitter user account and are registered, Twitter can assign the visit to your user account. If you are not registered with Twitter or have not logged in, it is still possible for Twitter to collect and store your IP address and any other identifying features.

We use Twitter pixels for marketing and optimisation purposes, in particular to place relevant and interesting ads for you on Twitter and thus improve our offer and make it more interesting for you as a user and avoid annoying ads. The legal basis for the use of the Twitter pixel and the transfer of your data to Twitter is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be deleted as soon as it is no longer required to fulfil the purpose(s) for which it was collected. If there is a legitimate interest in storage due to the defence against third-party legal claims or the assertion and enforcement of our own legal claims, processing may also take place after the above-mentioned purposes no longer apply. This also applies if we are legally obliged to continue processing.

Since personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection of the GDPR.
level of data protection. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

Conditions specifically for the use of Twitter Pixel and Conversion: https://business.twitter.com/e...

Opt-out information: https://help.twitter.com/en/sa...

Further information on data processing by Twitter can be found at https://twitter.com/privacy.

6.12. Vimeo

Videos from "Vimeo" are integrated on this website. "Vimeo" is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA. Vimeo is used to integrate videos within this website.

everii and its subsidiaries are jointly responsible for the use of Vimeo under data protection law (Art. 26 GDPR). A corresponding agreement has been concluded.

If you have given us your consent, the processing is carried out to optimise the marketing of our offer in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

The Google Analytics tracking tool is automatically integrated into videos from "Vimeo" that are embedded on our website. We have no influence on the tracking settings and the analysis results collected via this tool, nor can we view them. In addition, web beacons are set for website visitors via the embedding of "Vimeo videos". To prevent the setting of Google Analytics tracking cookies, you can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

The data will be deleted as soon as it is no longer required to fulfil the purpose(s) for which it was collected. If there is a legitimate interest in storage due to the defence against third-party legal claims or the assertion and enforcement of our own legal claims, processing may also take place after the above-mentioned purposes no longer apply. This also applies if we are legally obliged to continue processing.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage...

Since personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

or more information about Vimeo and setting options to protect your privacy, please refer to the "Vimeo" privacy policy: https://vimeo.com/privacy

7 Data security

In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

8 Duration of storage of personal data

The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfilment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you have exercised your right of revocation or objection. Further information on specific storage periods can be found above (7.) in relation to the respective processing purposes. The storage period of the log data about your visit to the everii website is specified under 4.

9 Your rights

Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims,
exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR.

The right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

10 Right of objection

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.

If you wish to exercise your right of cancellation or objection, simply send an email to [email protected].

11 Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

12 Automated decision-making

Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.

13 Reservation of right of amendment

We reserve the right to amend or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.

14. AGBs & AVV (German)