Data protection
With this privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as “data”). Personal data is all data that has a personal reference to you, e.g. name, address, e-mail address or your user behaviour. The privacy policy applies to all data processing operations carried out by us, both in the context of our core activities and for the online media we provide.
Who is responsible for data processing at our company
Responsible for data processing is
workinghead GmbH Co. KG
Dr Alexandra Ranzinger
Kopernikusstraße 9
81679 Munich
Munich, Germany
+49 (0)89 – 30 70 – 9440
info@workinghead.de
Your rights under the GDPR
Under the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in Section 1 of this Privacy Policy:
- Right to information: You have the right to request information from us as to whether and which of your data we process.
- Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.
- Right to erasure: You have the right to request the erasure of your data.
- Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.
- Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.
Right of withdrawal
You have the right to withdraw your consent to data processing at any time.
Right to object
You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you exercise your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights.
Irrespective of the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.
Please send your objection to the contact address of the controller given above.
When do we delete your data?
We delete your data when we no longer need it or when you instruct us to do so. This means that – unless otherwise stated in the individual data protection notices in this privacy policy – we delete your data
- when the purpose of the data processing has ceased to exist and the respective legal basis stated in the individual data protection notices no longer exists, e.g.
- after termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or
- after our legitimate interest in the further processing or storage of your data ceases to apply (Art. 6 para. 1 lit. f GDPR)
- if you exercise your right to object and there is no other legal basis for the processing within the meaning of Art. 6 para. 1 lit. b-f GDPR,
- if you exercise your right to object and there are no compelling legitimate grounds for erasure.
However, if we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defence of legal claims arising from contractual relationships (up to four years) make this necessary or the data is needed to protect the rights of another natural or legal person, we will only delete (the part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfilment of retention obligations).
Web hosting
To maintain our website, we use a provider on whose server our website is stored and made available for retrieval on the Internet (hosting). The provider may process all data transmitted via the browser you use that is generated when you use our website. This includes, in particular, your IP address, which the provider requires in order to be able to deliver our online offer to the browser you are using, as well as all entries you make via our website. In addition, the provider we use can collect:
- the date and time of access to our website
- Time zone difference to Greenwich Mean Time (GMT)
- access status (HTTP status)
- the amount of data transferred
- the internet service provider of the accessing system
- the browser type and version you are using
- the operating system you are using
- the website from which you may have reached our website
- the pages or sub-pages that you visit on our website.
The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.
Data concerned:
- Content data (e.g. posts, photos, videos)
- Usage data (e.g. access times, websites clicked on)
- Communication data (e.g. information about the device used, IP address)
Data subjects: Users of our website
Purpose of processing: Displaying our website, ensuring the operation of our website
Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR
Web host(s) commissioned by us:
Contacting us
If you contact us via e-mail, social media, telephone, fax, post, our contact form or in any other way and provide us with personal data such as your name, telephone number or e-mail address or provide further information about yourself or your request, we will process this data to answer your inquiry within the framework of the pre-contractual or contractual relationship existing between us.
Data concerned:
- Inventory data (e.g. names, addresses)
- Contact data (e.g. email address, telephone number, postal address)
- Content data (texts, photos, videos)
- Contract data (e.g. subject matter of the contract, duration of the contract)
Data subjects: Interested parties, customers, business and contractual partners
Purpose of processing: Communication and responding to contact requests, office and organisational procedures
Legal basis: Contract fulfilment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
Online advertising
We use services to display online advertising. The services we use collect certain user data via a cookie or pixel. This includes, in particular, the information from which website you came to our website (so-called referrer), which pages of our website you accessed, how long you visited our pages and what interactions you made there. In addition, data on the browser, computer system and device type you are using is collected. In addition, demographic information, such as age or gender, can also be collected as pseudonymous values via such a service. If you have consented to the collection of your location data, this may also be processed, depending on the provider. In order to collect and store this data, the respective service places a cookie or a so-called counting pixel on the end device you are using, which also collects the IP address assigned to you. However, this is shortened using a so-called IP masking procedure so that the IP address can no longer be assigned to your visit to our website. In principle, no clear data such as names or e-mail addresses are stored when the respective service is used. This is only the case if you are a member of a social network that offers one of the services listed below and merges your profile with the aforementioned data material.
The data is analysed by the service we use in order to produce a report with statistical statements about the number of visitors generated by the advertising and the success of the advertising measure. Among other things, the reports show the total number of users who were redirected to our website via our advertisements. The reports also contain information on the users’ end devices and browsers the locations at which the users were located and the times at which the advertisement was clicked. However, the reports do not contain any information that could be used to personally identify you as a user of our website.
We would like to point out that, depending on the location of the service provider, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.
Data concerned:
- Usage data (e.g. access times, websites clicked on)
- Communication data (e.g. information about the device used, IP address)
Data subjects: Users of our online services
Purpose of processing: Measuring reach, monitoring the success of campaigns, remarketing and marketing based on interests and behaviour
Legal basis: If we have asked for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. Otherwise, we use the respective service on the basis of our legitimate interest in directing visitor flows to our website, analysing these visitor flows in order to be able to continuously improve the functions, offers and user experience, Art. 6 para. 1 lit. f GDPR.
We use the following service providers for online advertising:
Google AdSense
Service provider: Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Headquarters in Europe: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://www.google.com/intl/de_de/adsense/start/
Privacy policy: http://www.google.de/intl/de/policies/privacy
Google Ads
Privacy policyService provider: Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Headquarters in Europe: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://ads.google.com/home/
Datenschutzerklärung: http://www.google.de/intl/de/policies/privacy
Security measures
We also take state-of-the-art technical and organisational security measures to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.
Up-to-dateness and amendment of this privacy policy
This privacy policy is currently valid and is dated July 2024. Due to changes in legal or official requirements, it may be necessary to adapt this privacy policy.