Privacy Policy – Talentcube GmbH
→ Jump to privacy policy of the website / web-portal
→ Jump to privacy policy of the applicant app
Privacy Policy Website
1. Name and contact details of the controller and the company data protection officer
Responsible: Talentcube GmbH, Leonrodplatz 2, 80636 Munich, Germany Tel .: +49 (0) 89 392 979 40 Our company data protection officer is reachable under the above-mentioned Address or at datenschutz@talentcube.de.
2. Collection and storage of personal data and the nature and purpose of their use
a) When visiting then website
When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until automated deletion:
- Name of file accessed
- Date and time of access
- Quantity of transferred data
- Message whether access successful
- Browser Type and Browser version
- Operating system used
- previous page visited
- Provider
- IP address
- Ensuring a smooth connection of the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability as well
- for further administrative purposes.
b) Using our contact forms
We offer you the opportunity to contact us via a contact form provided on the website for questions of any kind. It is necessary to provide your name, contact details (telephone number or e-mail address) and a message in order to answer them. Further information can be provided voluntarily. The data processing for the purpose of contacting us is done according to Art. 6 (1) (b) DSGVO on the basis of your specific request.
3. Disclosure of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place. We only share your personal information with third parties if:
- You have given your express consent pursuant to Art. 6 (1) (a) DSGVO,
- disclosure pursuant to Art. 6 (1) (f) DSGVO is required and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
- in case that there is a legal obligation to disclose pursuant to Art. 6 (1) (c) DSGVO, as well as
- this is legally permissible and, according to Art. 6 (1) (b) DSGVO, is required for the settlement of contractual relationships with you.
4. Cookies
We use so-called cookies in some areas of our website. Such items may be used to identify your computer as a technical entity during your visit to this site, to help you use our offer, including during repeated visits. However, you usually have the option to set your Internet browser so that you are informed about the occurrence of cookies, with the result that you can allow or exclude them, or delete already existing cookies. Please use the help function of your internet browser to get information about changing these settings. We point out that some features of our website may not work if you have disabled the use of cookies. Cookies do not allow a server to read private data from your computer or data stored by another server. Cookies do not harm your computer and do not contain any viruses. We support the use of cookies on Art. 6 (1) (f) DSGVO: the processing is carried out to improve the functioning of our website. It is therefore necessary for the protection of our legitimate interests.
5. Use of Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: (http://tools.google.com/dlpage/gaoptout?hl=de). We point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp ();” in order to ensure an anonymous collection of IP addresses (so-called IP-Masking). You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. This procedure is particularly recommended when accessing our site via mobile devices. For more information about Terms of Use and Privacy, please visit www.google.com/analytics/terms/de.html or visit www.google.com/intl/de/analytics/privacyoverview.html. We support the use of the aforementioned analysis tool on Art. 6 (1) (f) of the GDPR: the processing is performed to analyze the user behavior and is therefore necessary to safeguard our legitimate interests.
6. Use of Google Marketing Services
We use the Google Inc. Marketing and Remarketing Services (“Google Marketing Services”), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”). Google Marketing Services allows us to better target advertisements for and on our website so that we only present ads to users that potentially match their interests. E.g.: It is called remarketing if users are also shown ads for products they are interested in on other websites. The information generated by the cookie or the tags about your use of this website is usually transmitted to a Google server in the USA and stored there. For these purposes, when Google and our other websites that are running Google Marketing Services are activated, Google runs a code and so-called (re-) marketing tags are added and incorporated into the website. The IP address of the users is also recorded, whereby in the context of Google Analytics the IP address is shortened within member states of the European Union or other contracting states of the Agreement on the European Economic Area. The data of the users are pseudonymised processed in the context of the Google marketing services. That means Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. From the perspective of Google, the ads are not managed and displayed to a specifically identifiable person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if users have explicitly allowed Google to process their data without this pseudonymization. (The information collected about the users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States. Among the Google marketing services we use is u.a. the online advertising program “Google AdWords”. In the case of Google AdWords, each advertiser receives a different “conversion cookie”. Cookies can not be tracked through AdWords advertisers’ websites. The information collected through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.) Among the Google marketing services we use is amongst others the online advertising program “Google AdWords”. In the case of Google AdWords, each advertiser receives a different “conversion cookie”. Cookies cannot be tracked through AdWords advertisers’ websites. The information collected through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. We embed third-party ads based on Google’s DoubleClick marketing service. DoubleClick uses cookies, which allow Google and its affiliate websites to serve ads based on users’ visits to this site or other sites on the Internet. Another Google marketing service we use is the Google Tag Manager, which allows additional Google analytics and marketing services to be integrated into our website (e.g. AdWords, DoubleClick, or Google Analytics). For more information about Google’s data usage for marketing, see their overview page: https://www.google.com/policies/technologies/ads, Google’s Privacy Policy is available at https://www.google.com/policies/privacy. If you wish to opt-out of Google Marketing Services, you may take advantage of Google’s settings and opt-out options: http://www.google.com/ads/preferences. We base the use of the aforementioned marketing services on Article 6 (1) (a) DSGVO.
7. Use of Linkedin Ads and Analytics
We use the Linkedin Ads and Linkedin Analyttics marketing services provided by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject. If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data. LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made. LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to opt out of targeting such targeted ads. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy. We support the use of the above-mentioned analysis tool on Art. 6 (1) (f) of the GDPR: the processing takes place according to the needs of our website and is therefore necessary to safeguard our legitimate interests.
8. Use of Gravatar
We use the Gravatar service of Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA, within our online offering and specifically on the blog. Gravatar is a service that allows users to log in and submit profile pictures and their email addresses. If users with the respective e-mail address on other online sites (especially in blogs) leave posts or comments, their profile pictures can be displayed next to the posts or comments. For this purpose, the e-mail address communicated by the user to Gravatar is transmitted in encrypted form in order to check whether a profile has been stored. This is the sole purpose of sending the e-mail address and it will not be used for any other purpose, but will be deleted afterwards. By displaying the images, Gravatar gets to know the IP address of the users, as this is necessary for communication between a browser and an online service. For more information about Gravatar’s collection and use of data, see the Automattic Privacy Notice: https://automattic.com/privacy/. If users do not want a user picture linked to their email address on Gravatar to appear in the comments, they should use a non-Gravatar email address to comment. We also point out that it is also possible to use an anonymous or even no e-mail address if the users do not want their own e-mail address to be sent to Gravatar. Users can completely prevent the transfer of data by not using our commenting system. We support the use of the above-mentioned analysis tool on Art. 6 (1) (f) of the GDPR: the processing takes place according to the needs of our website and is therefore necessary to safeguard our legitimate interests.
9. Use of Facebook Connect
By using Facbook Connect from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland we also offer the possibility of easier registration with Facebook for our services. You can use your existing Facebook user account for this purpose. By clicking the “Log in with Facebook” link, you can use this registration method via our online portal. To do this, you need to already have a Facebook account or have access to Facebook. If you would like to register for one of our services using your Facebook account, the first step in the registration process will immediately redirect you to Facebook. Facebook will then ask you to log in or to register. Under no circumstances will we receive your personal access data (user name and password). In a second step, you will connect your Facebook profile with the service for which you would like to register. At this point, you will be told what data from your Facebook profile will be transmitted to us. This information is usually your “public information” on Facebook and information which you have made available to the public or authorized for the application in question. Information of this type generally includes your name, profile picture and cover photo, your gender, your networks, your username (Facebook URL), and your user ID number (Facebook ID). We will also use the email address you have saved with Facebook in order to contact you outside of Facebook. You can see an overview of information in your profile that is available to the public via the General Account Settings menu of your Facebook profile (https://www.facebook.com/settings?tab=applications). The legal basis for data collection and storage is your consent, within the meaning of Art. 6 paragraph 1 sentence 1 letter a GDPR. If you would like to remove the connection between Facebook Connect and our service, please log in to Facebook and make the required changes to your profile. We will then no longer have the right to use information from your Facebook profile.
10. Use of Intercom
We use the service “Intercom” of the provider Intercom Inc., 3rd Floor, Stephens Ct., 18-21 St. Stephen’s Green, Dublin 2, Irland, to send our messages by email and live chat and to evaluate the use of our website by users. We transmit a limited amount of your data (such as email address and date of registration) to Intercom and use Intercom for statistical analysis of your use of our website. Intercom analyses the use of our website and tracks our customer relationships with the aim of improving our services for you. We also use Intercom to send messages via email and live chat on our website. Further information on data protection at Intercom can be found at http://docs.intercom.io/privacy. The terms of use of Intercom can be found at http://docs.intercom.io/terms. You can object to data processing at any time in the live chat by saying “I disagree with the processing of my data”. We rely on the use of the above-mentioned analysis tool on Art. 6 (1) (f) of the GDPR: the processing takes place according to the needs of our website and is therefore necessary to safeguard our legitimate interests.
11. Data Retention/Storage Time
The stored data will be deleted as soon as they revoke any consent or if the data is no longer necessary for their intended purpose and the deletion does not conflict with any legitimate interests or statutory retention requirements. If the data is not deleted because it is required for other or legitimate purposes, its processing will be restricted. The data will be blocked and are not processed for other purposes. This applies for data of users who must be kept for commercial or tax reasons. According to legal requirements, storage takes place for 6 years in accordance with § 257 (1) HGB (for example commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (for example commercial and business letters, tax-relevant documents).
12. Rights of the data subject
You are entitled to the following data subject rights:
a. Right of access
You have the right to request a confirmation of the processing of your personal data.
b. Correction / Erasure / Restriction of processing
Furthermore, you have the right to ask us to
- rectify your incorrect personal data without delay (right to rectification);
- delete your personal data immediately (right to delete) and
- restrict the processing (right to restrict processing).
c. Right of data portability
You have the right to receive personally identifiable information in a structured, common and machine-readable format and to transmit that information to another person in charge.
d. Right of revocation
You have the right to withdraw your consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
e. Right of object
You have the right to object if the processing of personal data concerning you for the performance of a task in the public interest (Article 6 (1) (e) GDPR) or for the protection of our legitimate interests (Article 6 (1) (f) GDPR) is required.
f. Right to appeal
If you believe that the processing of your personal data is contrary to the GDPR, you have the right to complain to a supervisory authority, without prejudice to other legal remedies.
13. Changes to Privacy Policy
We reserve the right to amend this privacy policy in case of any change in the legal situation, the service or the data processing. However, this only applies to declarations of data processing. If users’ consent is required or elements of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users. Users can regularly inform themselves about any changes in this privacy statement.
Privacy Police for the applicant app
With the following information, we would like to give you an overview of the processing of your personal data as part of the installation and use of the mobile application “Talentcube” (hereinafter app) and your rights under the Data Protection Act.
1. Who is responsible for data processing and whom can I contact?
Responsible: Talentcube GmbH, Leonrodplatz 2, 80636 Munich, Germany Tel .: +49 (0) 89 392 979 40 Our company data protection officer is reachable under the above-mentioned Address or at datenschutz@talentcube.de.
2.What sources and data do we use?
Your personal data described below, including any candidate videos you have posted in the app (collectively referred to as applicant data below), will be collected and used to the extent described below to enable you to use the app and use our services: We will receive your personal information, if you register or login via Xing, LinkedIn or Facebook Login. If necessary, we will collect the following data, as far as you have indicated this in your Xing, LinkedIn or Facebook profile:
XING:- Contact information (especially e-mail address)
- Date of birth
- Profile picture
- Address (street, house number, zip code, city)
- Work experience (with job title, duration of employment, start date, end date, company name)
- Education (degree, subject, school)
- Phone
- Links to other website profiles
- Interests
- Skills
- Linguistic proficiency
- Certificates
- Awards
- Publications
- Contact information (especially e-mail address)
- Profile picture
- Work experience
- Contact information (especially e-mail address)
- Profile picture
- Work experience/ Education
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG):
a. On the basis of your consent (Article 6 (1) a DSGVO): If you have given us an explicit opt-in for the processing of personal data for the respective purposes within corresponding functions of the app, the legality of this processing (for example transfer of applicant data, analysing of your voice recording) is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were given to us before the validity of the GDPR, i.e. before May 25, 2018. The revocation of consent does not affect the legality of the data processed until the revocation.
b. For the fulfillment of contractual obligations (Article 6 (1) b DSGVO): The processing of data is primarily to provide the services and features of our app.
c. In the context of weighing interests (Article 6 (1) of the GDPR): If necessary, we process your data in order to safeguard legitimate interests of us or third parties, for example
- for the needs-based design of the app,
- for testing and optimizing requirements analysis procedures for direct customer approach,
- for advertising, market and opinion research, as long as you have not objected to the use of your data,
- to ensure IT security,
- to control and further develop our app.
4. How are services integrated by third parties?
Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO (i.e. interest in the analysis, optimization and economical operation of our app) we use the following services of third parties:
a. Mixpanel:
We use Mixpanel, a service offered by Mixpanel Inc. (Mixpanel), 405 Howard Street, Floor 2, San Francisco, CA 94105, USA, to collect pseudonymised technical data from our app and website to understand how users interact with our app. Mixpanel is used to track and improve activities within the app, as well as to inform you based on your activities. More information about Mixpanel can be found at https://mixpanel.com/terms. At https://mixpanel.com/optout/ you can object to this data processing at any time.
b. Crashlytics:
We use the Crashlytics analytics service provided by Google Inc. (Google), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Crashlytics collects user data to generate so-called crash reports in case of software crashes. These crash reports serve as documentation for troubleshooting and improvement of the service. Crashlytics automatically collects usage data that is not attributable to the individual user. These usage data include, device status, Mac address, device type and software version, information about how a service is being used and the physical location of the device at the time of a software crash. For more information about Crashlytics’ data processing and how you can opt out of data processing at any time, please visit https://try.crashlytics.com/terms/privacy-policy.pdf.
c. Intercom:
To send our communications via live chat, as well as to evaluate the use of our website, we use the service “Intercom” provided by Intercom Inc., 3rd Floor, Stephens Ct., 18-21 St. Stephen’s Green, Dublin 2, Irland. Intercom transmits a limited amount of your data (such as email address and date of registration) for statistical evaluation of your website usage. Intercom analyzes the use of our website and tracks our customer relationships with the aim of improving our offer for you. We also use Intercom to send messages via live chat on our website. More information about Intercom can be found at http://docs.intercom.io/privacy. You can object to data processing at any time in live chat by saying “I disagree with the processing of my data”.
5. Who has access to my data?
Apart from the above-mentioned processing, your personal data will only be transferred with your consent.
6. Is data transmitted to a third country or to an international organization?
A transfer of data to offices in countries outside the European Union (so-called third countries) only takes place, as far as
- it is necessary to pass on the application,
- it is required by law,
- in the context of order data processing or
- you have given us your consent.
7. How long will my data be stored?
Your personal data will be deleted immediately after completing the application process or after a maximum of 6 months, unless you have given us expressly your consent for a longer storage of your data. Otherwise, we will store and process your personal information as long as it is necessary to fulfill our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, these are regularly deleted, unless their temporary processing is necessary for the preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195ff. of the Civil Code (BGB) these limitation periods can be up to 30 years, but the regular limitation period is 3 years.
8. Which data protection rights do I have?
All data subjects have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure (“right to be forgotten”) under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object to Article 21 GDPR, as well as the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO i.V.m. § 19 BDSG). You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only works for the future. Processing that took place before the revocation is not affected.
June 2020