Privacy Policy & Cookies

Last Update: 01/09/2023

Contents of this document:

1. Introduction
2. Name and Address of the controller
3. General Processing of Personal Data
4. Third Party Providers
5. Links to other websites
6. Processing of Personal Data from your end devices ("Cookie Policy")
7. Personal Data and Metaverse Experience (web.journee.live)
8. Objection or revocation against the processing of Personal Data
9. Rights of the Users
10. Hosting and Customer Support
11. Analysis tools
12. Journee Career
13. Our appearances in social networks
14. Changes to the Privacy Policy

1. Introduction

This Privacy Policy is valid for end users, visitors and cooperation partners of Journee Technologies GmbH (“Journee”, “we”, “our”, or “us”) for the use of the Journee Website (journee.live), any Journee Metaverse Experience (web.journee.live) and (console.journee.live) (individually as well as collectively “Services”). With the following information we give our end users, visitors and cooperation partners (“Users”, “Cooperation Partners”, “you”, or “your”) an overview of the processing of your personal data by us and your rights resulting from the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Which data is processed in detail and in which way it is used depends on the Services used and the data provided in each case.

We delete the data accruing after the storage is no longer necessary or restrict the processing if there are legal retention obligations. If we use Third Party Providers for individual functions of our Services, we will always carefully select and monitor these Third Party Providers and inform you in detail about the respective processes below.

2. Name and Address of the controller

The controller pursuant to Art. 4 para. 7 GDPR is:

Journee Technologies GmbH
Chausseestrasse 36
10115 Berlin
Germany

Phone: +49 (0) 30 40576377
Email:
Website: www.journee.live

3. General Processing of Personal Data

To provide you with our Services, we need to collect personal data relating to an identified or identifiable natural person ("Personal Data"). We collect Personal Data that you provide to us from your use of the Services and from other sources.

When you use our Services and/or when you contact us directly through any communication channel (e.g. Journee support, email), you may provide us with Personal Data such as your name, your email address, your phone number, information you provide in your communication with us and with other Users on our Journee Metaverse platform.

When you visit and/or use our Services, we may collect aggregate Personal Data about how you use the Services, such as visitors' and users' browsing and streaming activity on the Services, non-identifying Personal Data about the visitor's or user's device, operating system, internet browser, internet service provider, referring/exit pages, date/time stamp, etc.

The legal basis for processing the Personal Data is in each case Art. 6 para. 1 sentence 1 lit. f GDPR as we use your Personal Data (i) to provide and operate our Services; (ii) to develop, customize, enhance and improve our Services based on Users' experiences and preferences; (iii) to provide ongoing customer service and technical support to our Users; (iv) to analyse our performance and marketing activities; (v) to create aggregate statistical data and other aggregate and/or derived information that we or our Third Party Providers may use to provide and improve our respective Services; (vi) to provide you with professional support upon request; (vii) to improve our data security and fraud prevention; and (viii) to comply with applicable laws and regulations.

The legal basis for processing the Personal Data is Art. 6 para. 1 sentence 1 lit. b GDPR if the use of your Personal Data is necessary to perform or take steps to perform an agreement with you (for example, to provide you with a special function of our Services, to provide you with our customer service and technical support).

The legal basis for processing the Personal Data is Art. 6 para. 1 sentence 1 lit. c GDPR if the use of your Personal Data is necessary to comply with a relevant legal or regulatory obligation.

The legal basis for processing the Personal Data is Art. 6 para. 1 sentence 1 lit. f GDPR if the use of your Personal Data is necessary to support legitimate interests and business purposes (e.g. to maintain and improve our Services and the effectiveness of the Journee Platform by identifying technical issues), provided that it is done in a way that is proportionate and respects your privacy rights.

We also collect Personal Data provided to us by applicants for Journee jobs ("Careers") when they apply for one of the vacancies posted on https://journee.live/careers/ by email or otherwise.

4. Third Party Providers

We may share (or otherwise provide access to) your Personal Data with third parties as we use the services of selected Third Party Providers to improve your experience with our Services. The services and solutions by our Third Party Providers complement, facilitate and enhance our own. These are carefully selected by us, are bound by our instructions and are regularly monitored. If our Third Party Providers are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance when describing the respective Third Party Providers below. The services and solutions provided by Third Party Providers include hosting and server services, data and cybersecurity services, fraud detection and prevention services, web analytics, email delivery and monitoring services, session recording and remote access services, performance measurement, data optimization and marketing services, and content provision (collectively "Third Party Providers").

The legal basis for processing the Personal Data is Art. 6 para. 1 sentence 1 lit. a and f GDPR.

To the extent that our Services enable you to access and obtain, through various technologies, various Third Party Services, products and tools to enhance the Services, including but not limited to applications and services offered to you by third parties through the Journee platform (including JourneeX), the Third Party Providers may have access to and process your Personal Data collected through Journee.

By using JourneeX, we allow third-party agencies and developers to develop and offer to users their own customized services, products, and tools through JourneeX. Each Third Party Provider is bound by JourneeX to, among other things, restrict the access, store, share and use the Personal Data provided by you and/or your users.

In each of the cases above, Journee is merely acting as an intermediary platform that allows you to obtain the services of such Third Party Providers with which you interact directly and at your discretion. In this regard, Journee acts as a service provider to you and shares information with the Third Party Providers on your behalf. Journee only discloses your users' Personal Data to Third Party Providers at your direction or with your permission and is in no way responsible or liable for the Third Party Providers' processing of such Personal Data.

Journee has no control over, and is not responsible for, the actions or policies of Third Party Providers. We encourage you to read the privacy policy of any Third Party Provider before deciding to install and/or use their services.

According to their own statements, all of our Third Party Providers outside the EEA maintain an adequate level of data protection equivalent to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with them.

Details of the Third Party Providers can be found below in the description of the individual Services.

5. Links to other websites

This Privacy Policy applies only to our Services. The Services may contain links to other websites, in particular to websites of our customers or partners that are not operated or controlled by Journee. We are not responsible for the content, accuracy or opinions expressed on such websites and such websites are not investigated, monitored, or checked for accuracy or completeness by us. Please remember that our Privacy Policy will no longer apply if you link from the Services to another website. Your browsing and interaction on another website, including those that link to our Services, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

6. Processing of Personal Data from your end devices ("Cookie Policy")

In addition to the above Personal Data, we use technical aids for various functions when you use our Services, in particular cookies that can be stored on your terminal device. When you use our Services and at any time later, you have the choice of whether you generally permit the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view, before going into more detail about your individual choices by describing technically necessary cookies, and cookies that you can voluntarily select or deselect.

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose functionality and legal basis we will explain below:

  • Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. In this way, various requests from your browser can be assigned to the joint session and your computer can be recognized when you return to our website.

  • Persistent cookies: Such cookies are automatically deleted after a specified duration, which is set differently depending on the cookie. You can view the cookies set and the durations at any time in the settings of your browser and delete the cookies manually.

Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use techniques, in particular cookies. Without these techniques, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. f GDPR.

Optional cookies when you give your consent: We set various cookies only after your consent, which you can select during your first visit to our website via the so-called cookie consent tool. The functions are only activated in the event of your consent and may serve in particular to enable us to analyze and improve visits to our website, to make it easier for you to use it via different browsers or terminal devices, to recognize you when you visit, or to serve advertising (possibly also to orient advertising to interests, to measure the effectiveness of ads, or to show interest-oriented advertising). The legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a GDPR. The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation.

7. Personal Data and Metaverse Experience (web.journee.live)

Our Services provide a publicly accessible Metaverse Experience (web.journee.live). Please note that any personal information you share with other users when entering a Journee Metaverse experience (e.g. name given to Avatar, or written text in the Experience's chat) may be read, collected and used by other users. To request removal of your personal information from our Services, you may contact us. In some cases, it may not be possible for us to remove your personal data. You are also free to use our Metaverse Experience Services under an imaginary name or pseudonym.

If you post content and otherwise make it available in the course of using our Service, you do so at your own risk. We have taken reasonable security measures to protect your personal information. However, we cannot control the actions of other users who may access your content posted as part of a Metaverse Experience and are not responsible for circumvention of any privacy settings or security measures that you or we may have in place.

8. Objection or revocation against the processing of Personal Data

If you have given your consent to the processing of your Personal Data, you may revoke this consent at any time (Art. 7 para. 3 GDPR). Such a revocation affects the permissibility of the processing of your Personal Data after you have expressed it to us. The permissibility of the processing of your Personal Data up to the time of your revocation remains unaffected.

You can object to the processing of your Personal Data for purposes of advertising and data analysis at any time. The best way to exercise your objection is to contact us using the contact details provided above.

In addition, you have the following rights in particular:

9. Rights of the Users

You have the following rights with respect to your Personal Data:

  • Right to information (Art. 15 GDPR)

You have the right to obtain confirmation from us as to whether or not Personal Data concerning you are being processed.

If this is the case, you have the right to obtain from us the following information:

  • the purposes of the processing of the Personal Data;

  • the categories of Personal Data concerned;

  • the recipients or categories of recipients to whom the Personal Data have been or will be disclosed;

  • the envisaged period for which the Personal Data will be stored or, if no specific information can be provided, the criteria for determining that period;

  • the existence of the right to obtain from us the rectification or erasure of Personal Data or the restriction of the processing of Personal Data relating to you or to object to such processing;

  • the right to lodge a complaint with a supervisory authority;

  • if the Personal Data have not been collected from you, any available information as to their source;

  • the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR and, at least in such cases, meaningful information about the underlying logic and the significance and likely consequences of such processing for you.

You have a right to know whether Personal Data are transferred to a third country or an international organization. If this is the case, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer. Please also note the right to data portability under Art. 20 GDPR.

  • Right to rectification or deletion (Art. 16 and 17 GDPR)

You have the right to request from us the rectification and/or completion of inaccurate or incomplete Personal Data concerning you. We will make the corrections without undue delay.

(a) “Right to be forgotten”

You have the right to request us to delete your Personal Data without undue delay and we are obliged to delete Personal Data without undue delay where one of the following reasons applies:

  • the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • you withdraw the consent on which the processing is based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal ground for the processing;

  • you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR;

  • the Personal Data have been processed unlawfully;

  • the Personal Data must be erased for compliance with a legal obligation under Union or Member State law to which we are subject;

  • the Personal Data have been collected in connection with the provision of information society services within the meaning of Art. 8 para. 1 GDPR.

(b) Information to Third Parties

Where we have published the Personal Data and are obliged to delete the Personal Data pursuant to Art. 17 para. 1 GDPR, we will, taking into account the available technology and the costs of implementation, take reasonable measures, including technical measures, to inform other controllers that process the Personal Data that you have requested to delete, including all links to, or copies or replications of, those Personal Data.

(c) Exceptions

The right to be forgotten shall not apply to the extent that the processing is necessary:

  • for the exercise of the right to freedom of expression and information;

  • for compliance with a legal obligation to process imposed by Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

  • for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and lit. i and Art. 9 para. 3 GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, where the “right to be forgotten” is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or

  • for the establishment, exercise or defence of legal claims.

  • Right to restriction of processing (Art. 18 GDPR)

You have the right to request us to restrict processing of Personal Data in one of the following cases:

  • the accuracy of Personal Data is contested by you for a period enabling us to verify the accuracy of the Personal Data;

  • the processing is unlawful and you object to the deletion of the Personal Data and request instead the restriction of its use;

  • we no longer need the Personal Data for the purposes of the processing but the Personal Data is required by us for the establishment, exercise or defence of legal claims;

  • your have objected to the processing pursuant to Art. 21 para. 1 GDPR as long as it is not yet established whether the legitimate grounds of us override those of you.

Where processing has been restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

A data subject who has obtained a restriction of processing based on the above conditions shall be informed by the controller before the restriction of processing is lifted.

  • Right to data portability (Art. 20 GDPR).

You have the right to obtain the Personal Data which you have provided to us in a structured, commonly used and machine-readable format, and you have the right to have those data transferred to another controller where:

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR or on an agreement pursuant to Art. 6 para. 1 lit. b GDPR; and

  • the processing is carried out with the aid of automated procedures.

When exercising your right to data portability, you have the right to have the Personal Data transferred directly from us to another controller where technically feasible.

  • Right to object to processing (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of your Personal Data which is carried out on the basis of Art. 6 para. 1 lit. e GDPR.

We will no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You also have the right to complain to a data protection supervisory authority about the processing of your Personal Data (Art. 77 GDPR).

The data protection supervisory authority responsible for us can be reached at the following contact details:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-Mail:

10. Hosting and Customer Support

10.1 Amazon Web Services

Our Services (journee.live, web.journee.live, console.journee.live) use Amazon Web Services, a web hosting service provided by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109 United States, (“AWS”). When Amazon Web Services EMEA SARL is the provider of an AWS Offering, Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, is the data controller of personal information collected or processed through the AWS Offering. Amazon Web Services EMEA SARL is also the authorized representative of Amazon Web Services, Inc. in the EEA.

AWS processes Personal Data from you also in the USA. According to the European Court of Justice, there is currently no adequate level of protection for the transfer of personal data to the USA. This may entail various risks for the lawfulness and security of the data processing.

As legal basis of data processing with recipients located in third countries (outside the

European Union, in particular in the USA) or a data transfer from the EU to a country outside the EU (in particular, the USA), AWS uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your Personal Data also complies with the European data protection standards even if they are transferred to and stored in third countries (such as the USA). We have agreed on Standard contractual clauses with AWS, the purpose of which is to ensure compliance with an appropriate level of data protection outside the European Union, in particular in the USA.

Through Standard contractual clauses, AWS commits to process any Personal Data on an European level of data protection when processing your Personal Data, even if the Personal Data is stored, processed and managed in the USA. These Standard contractual clauses are based on an Implementing Decision of the EU Commission that can be found under the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

AWS has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data.

The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, can be found at https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

You can find out more about your Personal Data that is processed using AWS in the respective Privacy Policy available at https://aws.amazon.com/privacy/?nc1=h_ls.

10.2 Cobrowse

Our Services (console.journee.live) use Cobrowse, a customer support service provided by Cobrowse.io LLC, 10 Allen Rd, Wellesley, MA 02481, USA (”Cobrowse”).

Cobrowse processes Personal Data from you also in the USA. According to the European Court of Justice, there is currently no adequate level of protection for the transfer of personal data to the USA. This may entail various risks for the lawfulness and security of the data processing.

As legal basis of data processing with recipients located in third countries (outside the

European Union, in particular in the USA) or a data transfer from the EU to a country outside the EU (in particular, the USA), Cobrowse uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your Personal Data also complies with the European data protection standards even if they are transferred to and stored in third countries (such as the USA). We have agreed on Standard contractual clauses with Cobrowse, the purpose of which is to ensure compliance with an appropriate level of data protection outside the European Union, in particular in the USA.

Through Standard contractual clauses, Cobrowse commits to process any Personal Data on an European level of data protection when processing your Personal Data, even if the Personal Data is stored, processed and managed in the USA. These Standard contractual clauses are based on an Implementing Decision of the EU Commission that can be found under the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Cobrowse has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data.

The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, can be found at https://cobrowse.io/legal#data-processing-agreement.

You can find out more about your Personal Data that is processed using Cobrowse in the respective Privacy Policy available at https://cobrowse.io/privacy.

10.3 GitBook

Our Services (console.journee.live) use GitBook, a knowledge management and documentation tool by GitBook INC., 440 N Barranca Ave #7171, Covina, CA 91723, USA (”GitBook”).

GitBook processes Personal Data from you also in the USA. According to the European Court of Justice, there is currently no adequate level of protection for the transfer of personal data to the USA. This may entail various risks for the lawfulness and security of the data processing.

As legal basis of data processing with recipients located in third countries (outside the

European Union, in particular in the USA) or a data transfer from the EU to a country outside the EU (in particular, the USA), GitBook uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your Personal Data also complies with the European data protection standards even if they are transferred to and stored in third countries (such as the USA). We have agreed on Standard contractual clauses with GitBook, the purpose of which is to ensure compliance with an appropriate level of data protection outside the European Union, in particular in the USA.

Through Standard contractual clauses, GitBook commits to process any Personal Data on an European level of data protection when processing your Personal Data, even if the Personal Data is stored, processed and managed in the USA. These Standard contractual clauses are based on an Implementing Decision of the EU Commission that can be found under the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

GitBook has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data.

The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, can be found at https://policies.gitbook.com/privacy-and-security/statement#dpa.

You can find out more about your Personal Data that is processed using GitBook in the respective Privacy Policy available at https://policies.gitbook.com/privacy-and-security/statement.

11. Analysis tools and marketing

Some of our Services use special analytics services that help us to continuously improve the user experience for our Users through the analyzed data. Depending on which specific Service you use, we make use of different analysis tools:

11.1 Google Analytics (with anonymization function)

Our Services (journee.live) (“website”) uses Google Analytics and Tag Manager, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of the tool is to enable the analysis of your user interactions and to improve our Services through the statistics and reports obtained and to make it more interesting for you as a User.

We collect the interactions between you as a User of the website and our website primarily by means of cookies, device/browser data, IP addresses and website or app activities. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as the website operator, with information about which country, region or location the respective user comes from (so-called "IP location determination"). For your protection, however, we naturally use the anonymisation function ("IP masking"), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.

Google acts as a processor and we have concluded a corresponding data processing agreement with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.

Further information on the scope of services provided by Google Analytics is available at marketingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at www.google.de/intl/de/policies/privacy/.

11.2 HubSpot

Our Services (journee.live) use HubSpot, a service provided by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, (“HubSpot”). HubSpot also has a registered office in Ireland at 1 Sir John Rogerson's Quay, Dublin Docklands, Dublin, D02 CR67.

We use embedded HubSpot forms on journee.live to process data (including Personal Data) submitted via our Contact and Request a Demo pages.

HubSpot processes Personal Data from you also in the USA. According to the European Court of Justice, there is currently no adequate level of protection for the transfer of personal data to the USA. This may entail various risks for the lawfulness and security of the data processing.

As legal basis of data processing with recipients located in third countries (outside the

European Union, in particular in the USA) or a data transfer from the EU to a country outside the EU (in particular, the USA), HubSpot uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your Personal Data also complies with the European data protection standards even if they are transferred to and stored in third countries (such as the USA). We have agreed on Standard contractual clauses with HubSpot, the purpose of which is to ensure compliance with an appropriate level of data protection outside the European Union, in particular in the USA.

Through Standard contractual clauses, HubSpot commits to process any Personal Data on an European level of data protection when processing your Personal Data, even if the Personal Data is stored, processed and managed in the USA. These Standard contractual clauses are based on an Implementing Decision of the EU Commission that can be found under the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

HubSpot has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data.

The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, can be found at https://legal.hubspot.com/dpa.

You can find out more about your Personal Data that is processed using HubSpot in the respective Privacy Policy available at https://legal.hubspot.com/de/privacy-policy.

12. Journee Career

Our Career services (https://journee.live/careers/) use Greenhouse, a job application and recruiting software provided by Greenhouse Software, Inc., 18 West 18th St., 11th Floor
New York, NY 10011 USA (“Greenhouse”).

Greenhouse processes Personal Data from you also in the USA. According to the European Court of Justice, there is currently no adequate level of protection for the transfer of personal data to the USA. This may entail various risks for the lawfulness and security of the data processing.

As legal basis of data processing with recipients located in third countries (outside the

European Union, in particular in the USA) or a data transfer from the EU to a country outside the EU (in particular, the USA), Greenhouse uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your Personal Data also complies with the European data protection standards even if they are transferred to and stored in third countries (such as the USA). We have agreed on Standard contractual clauses with Greenhouse, the purpose of which is to ensure compliance with an appropriate level of data protection outside the European Union, in particular in the USA.

Through Standard contractual clauses, Greenhouse commits to process any Personal Data on an European level of data protection when processing your Personal Data, even if the Personal Data is stored, processed and managed in the USA. These Standard contractual clauses are based on an Implementing Decision of the EU Commission that can be found under the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Greenhouse has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data.

Applications are deleted automatically twelve months after the end of the application process. You can always request us to delete your data by sending an email to .

You can find out more about your Personal Data that is processed using Greenhouse in the respective Privacy Policy available at http://www.greenhouse.io/privacy-policy.

13. Our appearances in social networks

We have various presences in social networks which we operate with the following providers:

  • LinkedIn. The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

  • Instagram. The operating company of Instagram is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

  • X. The operating company of X is Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland. The applicable data protection provisions of X may be accessed under https://twitter.com/privacy?lang=en.

  • YouTube. The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. YouTube's data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

  • TikTok. The operating company of TikTok is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The applicable privacy policy for TikTok is available under https://www.tiktok.com/legal/page/eea/privacy-policy/en. The TikTok Cookie Policy is available under https://www.tiktok.com/legal/tiktok-website-cookies-policy.

We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you access our social media accounts, the providers of the social media platforms collect, among other things, your IP address and other information that is stored in the form of cookies on your terminal device. This information is used to provide us, as the operator of the accounts, with statistical information about interaction with us.

The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection equivalent to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies. We do not know in what way the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is shared with third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device and restart your browser.

The legal basis for processing your data on the social media platform is Art. 6 para. 1 sentence 1 lit. f GDPR.

To exercise your rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.

What information the social media platform receives and how it is used is described by the providers in their privacy statements (see above for links). There you will also find information on contact options and on the settings options for advertisements.

14. Changes to the Privacy Policy

We may change our Services, and we may need to make changes to this Privacy Policy to ensure that it accurately reflects our Services. Unless otherwise required by law, we will notify you (e.g., through our Services) before we make changes to this Privacy Policy and give you an opportunity to review it before it becomes effective. If you then continue to use the Service, you will be bound by the updated Privacy Policy.

Manage cookie settings

Click here to manage your cookie settings.