Logo Wordinc

Privacy Policy wordinc

Introduction and terms

1.      Introduction

In order to operate our website www.wordinc.de (hereinafter “website”), we are required to process personal data. We treat this data strictly confidentially and process it in compliance with current legislation – in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, new BDSG). The purpose of our Privacy Policy is to inform you which of your personal data we collect, for what purpose, the legal basis on which we use it and – if applicable – to whom we disclose it. We will also explain your rights with regard to the protection of your data and the enforcement of the provisions on data protection.

2.      Terms

Our Privacy Policy contains terms used in the GDPR and the new BDSG. For purposes of comprehension, we would like to start by providing simple explanations of these:

2.1       Personal data

Personal data” is any information relating to an identified or identifiable person (Art. 4 no. 1 GDPR). Personal data relating to an identified person may for example include their name or email address. However, personal data also includes data from which the person's identity is not immediately apparent but which can be used in combination with internal or external information to identify them. A person can for example be identified from their address, bank account information, date of birth, user name, IP addresses and/or location data. All information that can be used in any way to draw conclusions regarding a person's identity is relevant in this context.

2.2       Processing

“Processing” as defined in Art. 4 no. 2 GDPR means any operation performed on personal data. It refers in particular to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Data controller and data protection officer

1.      Controller

The controller responsible for processing personal data is:

 

Company: wordinc GmbH ("we")
Legal representatives: Christina Jagdmann, Christine Pinnow (Managing Directors)
Address: Eiffestraße 426, 20573 Hamburg, Germany
Telephone:  +49 40 300305950
Fax: +49 40 300305958
Email: christine.pinnow@wordinc.de

 

2.      Data protection officer

We have appointed an external data protection officer for our company. He can be reached as follows:

 

Name: Arne Platzbecker
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg, Germany
Telephone: +49 40 18189800
Fax: +49 40 181898099
Email: datenschutz@habewi.de

 

Scope of processing

1.      Scope of processing: Website

With respect to the website with the URL www.wordinc.de, we process personal data of the types listed below in sections 6-14. We only process the data which you actively enter on our website (e.g. by filling out forms) or which you provide automatically when using our services.

Your data is processed exclusively by us and is never sold, lent or transferred to third parties. In instances where we engage external service providers to help process your data, this service takes the form of so-called contract processing in which we as the client are entitled to give instructions to our contractors. We use external service providers to host, maintain, look after and develop our website. If other external service providers are engaged to assist with data processing of the types listed in sections 6-14, these are named in the relevant section. Our website is hosted by OMCnet (OMCnet Internet Service GmbH, Ernst-Abbe-Straße 10, 25451 Quickborn, Germany).

 

Data is never transferred to third countries; neither is any such transfer planned. We will inform you of exceptions to this rule in the processing descriptions provided below.

 

Individual types of processing

1.      Website provision and server log files

1.2      Description of processing activities

Whenever you visit our website, we automatically collect the data which your browser transmits to our server (so-called log files). This data consists of the following:

 

  • your IP address
  • your browser software, including the version and language
  • your operating system
  • the URL from which you accessed our website (known as the referrer)
  • the subpages you access on our website
  • the date and time at which you accessed our website
  • your internet service provider
  • the data volume transmitted
  • the country and location from which you visited our website
  • the length of time you spend on our website

This data is stored in our system's log files. Your IP address has to be temporarily stored by the system so that our website can be delivered to your terminal device. Your IP address is therefore stored for the duration of the session. However, your IP address is not recorded in our log files.

1.2      Purpose

This type of processing is carried out to facilitate access to the website and to ensure that it is stable and secure. It is also carried out for purposes of statistical analysis and to improve our online services.

1.3      Legal basis

The processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 6.2.

1.4      Storage period

This data is erased as soon as it is no longer required for the purpose for which it was collected. If the data is collected in order to provide access to the website, this is the case when the respective session ends. The log files are erased after 7 days.

 

2.      Contact form and email contact

2.1      Description of processing activities

We have provided a contact form on our website through which you can contact us. This contact form requires you to enter your email address, your name and a message to us. When you click the “Send” button, this data is secured by SSL encryption (see section 15) and then transmitted to us. The contact form can only be transmitted if you accept our data protection provisions by activating the respective checkbox. You can also contact us at the email addresses provided on the website. If you do so, we will process the personal data transmitted with your email.

2.2      Purpose

Our purpose in providing a contact form on our website is to offer a convenient way to contact us. The data transmitted in and with the contact form or your email is used solely for the purpose of processing and responding to your query.

2.3      Legal basis

The processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 7.2. If the email correspondence relates to the conclusion or performance of a contract, the data is processed for the purpose of performing the contract (Art. 6(1)(b) GDPR).

2.4      Storage period

We erase the data as soon as it is no longer required for the purpose for which it was collected. This is usually the case when our correspondence with you has been terminated. The correspondence is understood to have been terminated when it can be inferred from the circumstances that the matter in question has finally been closed. If legal provisions on mandatory retention periods prevent us from erasing your data, we will do so as soon as the respective mandatory retention period has expired.

 

3      Cookies

3.1.      Description of processing activities

Our website uses cookies. Cookies are small text files that are stored on the user's terminal device when they visit a website. Cookies contain information that enables the terminal device to be recognised and – if applicable – facilitates the use of certain website functions. For the most part, we only use so-called “session cookies”. These are automatically deleted when you end your internet session and close your browser. Other cookies are stored on your terminal device for longer periods. We use the following cookies on our website:

 

  • Cookie name: PHPSESSID
    Purpose/function: stabilisation. Storage period: this cookie expires at the end of the browser session.
  • Cookie name: _ga. Purpose/function: Google Analytics, used to distinguish visitors. Storage period: this cookie expires 2 years after it was stored.
  • Cookie name: _gat. Purpose/function: Google Analytics, used to throttle the request rate. Storage period: this cookie expires 1 minute after it was stored.
  • Cookie name: _gid. Purpose/function: Google Analytics, used to distinguish users. Storage period: This cookie expires 24 hours after it was stored.

 

3.2      Purpose

We use cookies to make our website more user-friendly and to provide the functions described in section 8.1.

3.3      Legal basis

The processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 8.2.

3.4      Storage period

Cookies are deleted automatically when the session ends or when the above-mentioned storage period expires. Since cookies are stored on your terminal device, you as the user have full control over their use. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, you will be unable to use certain website functions or will only be able to use them to a limited degree.

 

4      Social media networks

4.1      Description of processing activities

Our website does not use so-called ‘social media plug-ins’. The logos of the social media networks Facebook, Instagram and Xing displayed on our website link solely to our company profiles on the respective network websites. If you click on one of the logos, you will be forwarded to the external website of the respective social media network.

 

However, data processing activities are also carried out in connection with our profiles on these social media networks. If you are logged in to the respective social media network when you visit one of these profiles, this information is assigned to your user account. If you interact with our profile, e.g. by “sharing”, “liking” or “retweeting” a post, this information is also stored in your user account. The so-called “Insights” function on our Facebook page enables us to retrieve statistical data. These statistics are provided by Facebook. The “Insights” function cannot be modified. We cannot decide whether to activate or deactivate it. The “Insights” function is available to all operators of Facebook pages, regardless of whether or not they use it. It furnishes us with data for a specifiable period and for the following groups of persons: fans, subscribers, persons reached, persons who interact with our page. The following categories of personal data are provided: total number of page views, “likes” including origins, page activities, interactions with posts, reach, post reach (divided into organic, paid and viral interactions), comments, shared content, responses, and demographic data, i.e. country of origin, gender and age. Facebook’s Terms of Use, which every user must agree to before they can use Facebook, allow us to identify subscribers and fans of our page and to view their profiles.

The social media networks with which you communicate store your data in pseudonymised user profiles which are then used for advertising purposes and market research. This makes it possible for the social media network and other third-party websites to show you advertising that reflects your alleged interests. The social media network usually stores cookies on your terminal device for this purpose. You will find more information about cookies in section 8. You have the right to object to the generation of these user profiles; however, you are required to contact the social media networks directly if you wish to exercise this right.

4.2      Purpose

We maintain profiles on the above-named social media networks for the purpose of up-to-date, supportive public relations and corporate communications with clients and interested parties.

We use the function “Facebook Insights” to make the posts on our Facebook page more appealing to our visitors. This enables us for example to use the information on preferred visiting times to optimise the timing of our posts.

4.3      Legal basis

The legal basis for the processing of data in connection with our profiles on social media networks is the pursuit of our overriding legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 9.2. If your consent is requested by the operator of a social media network, the legal basis is Art. 6(1)(a) GDPR. With regard to our Facebook page, the processing of data is otherwise based on a joint control agreement between ourselves and Facebook pursuant to Art. 26 GDPR. This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum.

4.3      Recipients and transfer to third countries

The respective social media networks are operated by the companies specified below. Further information on data protection with regard to our profiles on social media networks is provided in the linked privacy policies.

 

 

 

  • Xing: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany; Privacy Policy: https://privacy.xing.com/en/privacy-policy

 

The social media networks also process your personal data in the USA and have entered the EU-U.S. Privacy Shield. You will find further information about the EU-U.S. Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.

4      Font Awesome

Our website uses “Font Awesome”, an icon display and integration service developed by Fonticons, Inc. We operate Font Awesome exclusively as an installation on our own server. This means that the use and display of icons does not involve the transmission of data by Fonticons, Inc.

5      Google Analytics

5.1      Description of processing activities

Our website uses “Google Analytics”, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies (see section 8) that facilitate analysis of your website use. The information generated by the cookie is usually transmitted to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymisation. This means that your IP address is previously shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional circumstances is your full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. The statistics compiled by Google Analytics show in particular the number of visitors to our website, the countries or locations from which they access it, the subpages they access, and the links or search terms that bring visitors to our website. You will find the Google Analytics Terms of Service at https://marketingplatform.google.com/about/analytics/terms/us/ An overview of data protection at Google Analytics is available at http://www.google.com/intl/en/analytics/learn/privacy.html Google's Privacy Policy can be viewed at http://www.google.de/intl/de/policies/privacy.

5.2      Purpose

The purpose of the data processing is to evaluate use of our website. The information obtained in this way enables us to improve and structure our web presence in accordance with requirements.

5.3      Legal basis

The processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 11.2.

5.4      Storage period and right to object

We explain the storage period and your cookie control and setting options in section 8. You can object to the processing of your data by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=en. You can also click on the following link. This will install an opt-out cookie on your terminal device that will prevent your data from being collected on future visits to this website: Deactivate Google Analytics (LINK: "javascript:gaOptout()"). We automatically erase the analytical data processed and stored with Google Analytics after a period of 14 months.

5.5      Recipients and transfer to third countries

Google Analytics renders contract processing services on our behalf. Google also processes your personal data in the USA and has entered the EU-U.S. Privacy Shield. You will find further information about the EU-U.S. Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.

6      Content delivery networks (CDN)

6.1      Description of processing activities

Our website uses so-called content delivery networks (CDN). CDNs shorten the loading time of common JavaScript libraries since the files are transmitted from external servers that are fast, little used or located nearby. Another advantage compared to the local storage of JavaScript libraries on our server is that the external server providers regularly check the security of the files and keep them updated. We have integrated the JavaScript library jQuery from the external server providers in order to facilitate the execution of several program functions. When you visit our website, a connection is established between our website and the servers provided by the above-mentioned external services, following which the jQuery library is loaded on our website. This causes information regarding the web page you visited to be transmitted to the external service provider. Your IP address may also be transmitted. You can install a JavaScript blocker in your browser in order to prevent JavaScript from being executed.

6.2      Purpose

The data is processed for the purpose of shortening the loading time of our website and ensuring that the JavaScript library is integrated quickly and securely.

6.3      Legal basis

The processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 12.2.

 

6.4      Recipients and transfer to third countries

Integrating the JavaScript library causes your data to be transferred to one of the following CDNs:

  • jQuery hosted by Google at ajax.googleapis.com: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; further information on data protection at Google is available at https://www.google.com/policies/privacy/partners/?hl=en.

 

7      Google AdWords conversion and Google remarketing

7.1      Description of processing activities

Our website uses the advertising service “Google Adword Conversion” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Adwords Conversions enables us to place advertising on external websites in order to draw your attention to our services when you visit them. This service also enables us to determine the reach and success of individual marketing measures. Google delivers our advertising through so-called “ad servers”. To do this, Google uses so-called “ad server” cookies to measure certain parameters that are indicative of success, for example ad displays or user clicks. If you access our website through a Google ad, Google Adwords stores a cookie on your terminal device (see section 8). According to Google, these cookies are not intended to identify you personally. As a rule, the unique cookie ID, the number of ad impressions per placement (frequency), the most recent impression (relevant for post-view conversions) and opt-out information (marker indicating that the user does not wish to be contacted any more) are stored with these cookies as analysis values. The cookies enable Google to recognise your web browser. If a user visits the website of an Adwords client and the cookie saved on their computer has not yet expired, Google and the client can recognise that the user clicked on the advertisement and was transferred to the page in question. A different cookie is assigned to each Adwords client. This means that cookies cannot be tracked through the websites of Adwords clients. We ourselves do not process personal data in connection with our Google Adwords advertising measures. Google merely provides us with statistical analyses. We can use these analyses to determine which of our advertising measures have been particularly successful. We do not receive any other data in connection with the use of advertising; in particular, we are unable to identify users on the basis of this information. The use of these tools means that your browser establishes a connection with the Google servers when you visit our website. We have no influence over the scope of the data collected by Google through the use of Google Adwords, neither can we influence the further use of this data. This means that we can only provide you with information which accords with our own knowledge: after integrating Google Adwords Conversion, Google receives information about which subpage of our website you accessed or is informed you have clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or are not logged in, Google may be able to determine your IP address and store it.

 

Furthermore, our website uses the marketing service “Google remarketing”, which is also operated by Google. After you have visited our website, Google remarketing enables us to display further advertising when you visit other websites in the Google advertising network. Here too, Google uses cookies that are stored in your browser and enable Google to collect and analyse information about your user behaviour when you visit various websites. This enables Google to recognise that you visited our website on a previous occasion and display advertising for our services on other websites. According to Google, the data collected in connection with Google remarketing is not combined with any of your personal data stored by Google. In particular, Google states that Google remarketing uses pseudonymisation.

You will find further information about data protection at Google here: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html.

7.2      Purpose

The purpose of the data processing is to enable us to carry out targeted advertising for our own services and to evaluate its effectiveness and reach.

7.3      Legal basis

The processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in section 13.2.

7.4     Storage period and right to object

We explain the storage period and your cookie control and setting options in section 8. Furthermore, you can object to the processing of your data by Google Adword Conversion and Google remarketing at any time by acting on the instructions on the following website: http://www.google.com/ads/preferences.

7.5      Recipients and transfer to third countries

The integration of Google Adword Conversion and Google remarketing may cause personal data to be transmitted to Google. Google also processes your personal data in the USA and has entered the EU-U.S. Privacy Shield. You will find further information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.

 

8      Processing applicant data

8.1      Description of processing activities

We process the data you provide in connection with your application to review your suitability for the position (or, if applicable, for other vacant positions in our company) and to conduct the application procedure. In general, the data concerned consists of general personal data (e.g. names, address and contact data), information on your education and professional qualifications, information on further vocational training, knowledge and skills, and any other information you disclose to us in connection with your application. This information is usually provided in cover letters, CVs, references, written correspondence, verbally or by phone.

Our aim is to evaluate all applicants solely on the basis of their qualifications; we therefore request you to refrain from disclosing “special categories of personal data” pursuant to Art. 9 of the General Data Protection Regulation (e.g. photos from which your ethnic origins can be identified, information about severe disabilities etc.) in your application. If your application contains information of this type, please send us a corresponding declaration of consent as we will otherwise be unable to consider it.

If your application is successful, we will transfer your data to your employee record; we will then use it during the course of your employment and to terminate the employment relationship.

If we are unable to offer you employment at this time, we may process your data after sending you a rejection in order to defend ourselves in the event of legal claims, in particular claims relating to any alleged discrimination during the application procedure.

If you are not selected for the vacant post, we will transfer your data to our pool of applicants provided we have your consent to do so.

 

8.2      Purpose

The purpose of the data processing is to conduct the application procedure, to reach a decision regarding the establishment of a work relationship with us, and to document compliance with statutory provisions during the application procedure.

 

8.3      Legal basis

The legal basis for the processing of data in connection with application procedures is section 26 par. 1 s. 1 BDSG and Art. 6(1)(b) GDPR. If your application is successful, the legal basis for the further processing of your data is Art. 6(1)(b) GDPR in conjunction with Art. 88(1) GDPR in conjunction with section 26 par. 1 BDSG, the purpose being to establish, continue and terminate the employment relationship. If you have given us your consent, e.g. to add your data to our applicant pool, the legal basis for the processing of your data is Art. 6(1)(a) GDPR. Otherwise, the legal basis for the processing of your data following a rejection is Art. 6(1)(f) GDPR. Our legitimate interest lies in the defence of legal claims.

 

8.4      Storage period

If your application is successful, your data will be transferred to your employee record and erased in compliance with the provisions that apply to employee records. If we are currently unable to offer you any employment, we will continue processing your data for up to six months following the issue of a rejection. Should we transfer your data to the applicant pool following the application procedure, we will erase your data from the applicant pool in the event of an employment relationship being established at any later date or two years after the transfer.

 

8.5      Data recipients, transmission of data to third parties, transfer to third countries

After we receive your application, your data is viewed by the human resources department. Suitable applications are then forwarded internally to the department manager responsible for the respective job vacancy. The further proceedings are then agreed. Within the company, your data can only be accessed by the persons who need it for the proper implementation of the application procedure. Your data is not transmitted to third parties. Your data is not transferred to third countries, nor is this planned.

 

Security measures

1      Security measures

Our website has an SSL/TLS certificate to protect your personal data from unauthorised access. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security”; these functions serve to encrypt data communication between a website and the user's terminal device. You can see whether SSL or TLS encryption is active from the small padlock symbol displayed at the left side of the browser address bar.

 

Your rights

1      Rights of data subjects

As the data subject, you have the following rights with regard to the processing of your personal data by our company as described above:

1.1      Information (Art. 15 GDPR)

You have the right to request confirmation from us as to whether we are processing your personal data. If this is the case and the conditions specified in Art. 15 GDPR are met, you have the right to obtain information regarding this personal data along with the other types of information listed in Art. 15 GDPR.

1.2      Rectification (Art. 16 GDPR)

You have the right to obtain from us the rectification of inaccurate personal data and, if applicable, the completion of incomplete data without undue delay.

1.3      Erasure (Art. 17 GDPR)

You have the right to obtain from us the erasure of your personal data without undue delay if one of the grounds set out in Art. 17 GDPR applies, e.g. if your data is no longer required for our purposes.

1.4      Restriction of data processing (Art. 18 GDPR)

You have the right to have us restrict the processing of your data if one of the conditions set out in Art. 18 GDPR applies; if you are contesting the accuracy of your personal data, for example, the processing of your data will be restricted for the time required for us to verify your data.

1.5      Data portability (Art. 20 GDPR)

Provided the conditions specified in Art. 20 GDPR are met, you have the right to request the handover of your personal data in a structured, commonly used and machine-readable format.

1.6      Withdrawal of consent (Art. 7(3) GDPR)

If the processing of your data is based on your consent, you have the right to withdraw this at any time. The withdrawal of your consent applies from the time this right is exercised. In other words, it is effective for the future. Your withdrawal does not affect the lawfulness of any processing that took place beforehand.

1.7      Complaints (Art. 77 GDPR)

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right by lodging a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

1.8      Prohibition of automated decision-making/profiling (Art. 22 GDPR)

Decisions that produce legal effects for you or have similar significant effects may not be based solely on the automated processing of personal data, including profiling. We herewith confirm that we do not carry out automated decision-making/profiling with regard to your personal data.

1.9      Objection (Art. 21 GDPR)

If we are processing your personal data on the basis of Art. 6(1)(f) GDPR (for the pursuit of our overriding legitimate interests), you have the right to object to this provided the conditions specified in Art. 21 GDPR are met. However, this is only possible on grounds that relate to your particular situation. If you lodge an objection, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Neither do we have to cease processing your personal data if this is necessary for the establishment, exercise or defence of legal claims. Irrespective of your particular situation, you have the right to object at any time to the processing of your personal data for direct marketing purposes.

 

Version: May 2019

Contact

Hamburg
 +49 40 300 30 59-50
  +49 40 300 30 59-58
 

Follow us

Facebook Instagram

Member of QSD

QSD

Quotation

Request a non-binding quotation today and we’ll get back to you as quickly as possible!

To your quotation