Privacy Policy for Taledo

In the following, we, Taledo GmbH (“Taledo”), would like to inform you about how we process your personal data when visiting www.taledo.com, the recruitment services offered (“the Services”) and what rights you are entitled to.

Taledo GmbH, located at Rosenstraße 2, 10178 Berlin, is responsible for all data processing. Should you have any questions or suggestions, you may contact us in writing at the aforementioned address, by telephone at +49 (30) 220 6637 0 or by e-mail at datasecurity@taledo.com.

This Privacy Policy naturally only applies to our website and services and does not include content and websites of third parties to which our website and services merely link. This equally applies to the personal data that you provide via such platforms, for instance by contacting us via our profile posted on such platforms. Information regarding the management and protection of your personal data on these platforms can be found in the data protection declaration of the respective platform.

1 Data Collected when Using the Website

1.1 When visiting our website, the web server we use automatically logs information transmitted by your browser. This includes the IP address of the computer or other device you are using, the date and time (including time zone) at which the website was accessed, information regarding which part of our website was visited and the files requested on our website, the transferred data volume, the domain via which the respective request was made (so-called Referrer-URL), the operating system used and the browser used.

The legal basis for data processing enabling the use of the website is Art. 6 para. 1 sentence 1 lit. f) of the Basic Data Protection Ordinance (“GDPR”) or, in the case where you are already registered for the services, the legal basis is Art. 6 (1) (b) GDPR.

1.2 We also process this information in order to prevent the misuse of our website and Services, to analyze and optimize the use of our website and Services. The legal basis of this processing can be found under Art. 6 (1) (f) GDPR, where our legitimate interests are the security and enhancement of our website and services.

2 Use of Cookies

Our services use cookies. Cookies are small text files which store settings and data on your device. This data is then subsequently transmitted to us each time you access our Services. Cookies enable us to recognize your device and, if possible, to make your pre-settings immediately available.

Cookies allow us to make our services more user-friendly and effective, by storing the settings which you use to display our services during your visit and providing us with statistical information on the use of the website and our services. Cookies are only set with your consent (Article 6 (1) (a) GDPR).

Most cookies we use are so-called “session cookies”. They are automatically erased after visiting our website. Other cookies remain stored on your device for 14 days, unless they are deleted by your earlier.

Usually, you can set your browser so that you are informed about the setting of cookies, or that the setting is excluded for certain cases or in general, or the setting of cookies is only allowed in individual cases. You can also delete saved cookies in your browser settings. However, disabling cookies may limit the functionality of this website.

3 Use of Google Analytics

We use Google Analytics. This is a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), which uses cookies to analyze your use of our website. The information generated by cookies is transmitted by Google to a Google server in the USA and subsequently stored there. We use the extension “anonymizeIP()”. By activating this extension for our website, your IP address will be shortened before being sent to a Google server in the USA within the member states of the EU or other contracting states of the European Economic Area. Google uses the information on our behalf to evaluate your use of our website, to generate reports regarding the website activity and to provide us with other services relating to website and internet use.

The IP address transmitted by Google Analytics from your browser is not merged with any other data provided by Google.

You can prevent the storage of cookies by selecting the appropriate setting on your browser. You may however, in this case, not be able to use the full functionality of our website. Furthermore, you can prevent the collection of data generated by the cookies, related to your use of our website and services (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout. You can also prevent the future use of Google Analytics, especially when accessing our website from browsers on mobile devices, by clicking on the following link: here. By clicking on the link, an opt-out cookie is stored on your device. It is therefore necessary to save it again by clicking on the link if you delete the cookies on your device.

Further information regarding how Google processes personal data in in relation to Google Analytics can be found on the corresponding Google website ( https://marketingplatform.google.com/about/) and in Google’s data protection declaration ( https://policies.google.com/privacy?hl=de&gl=de).

The EU Commission has issued an adequacy decision (No. 2016/1250) for any transmission to the US, according to which companies that meet certain criteria are guaranteed an adequate level of protection, also known as the “EU-US Privacy Shield”. These companies are listed in the so-called “Privacy Shield List” or “Privacy Shield List”. Google is one of the companies listed there. The transmission to Google in connection with Google Analytics is based on Art. 45 and 28 GDPR.

We use Google Analytics to analyze the use of our website and services and to continuously improve them in terms of user-friendliness. The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. Our legitimate interest is the optimization and further development of our website and services.

We also use the UserID function of Google Analytics. Within this function, an individual user ID (the “UserID”) is assigned to you and transmitted to Google when you access our website and Services in order to evaluate your use of our website and Services across multiple devices. The UserID is only assigned if you register for our Services and log in or you are clearly identifiable to us because of other reasons regardless of your device. You can object to the processing of your personal data in connection with the UserID function by clicking on the following link: here. By clicking on the link, an opt-out cookie is stored on your device. It is therefore necessary to save it again by clicking on the link if you delete the cookies on your device.

As explained above, the data is transmitted to Google on the basis of Art. 45 and 28 GDPR. The legal basis for data processing within the framework of the UserID function is Art. 6 (1) (f) GDPR, whereby our legitimate interest is the efficient design and adaptation of our website and Services in line with a continuously improved user experience. Information on how users use our website and services differently depending on the individual terminal device used helps us to achieve such efficient design.

4 Use of Hotjar

We use the Hotjar analysis tool, offered by Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”), in order to better understand our users’ needs and to optimize our service and your user experience. Hotjar enables us to evaluate the behavior of our users on our website and Services and to tailor our website and Services directly to user’s needs. For this purpose, Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information as pseudonymized user profile. The transfer of personal data to Hotjar in connection with the Hotjar analysis tool is based on Art. 28 GDPR. For further details, please see Hotjar’s privacy policy by clicking on this link.

You may opt out of Hotjar’s ability to create a user profile, store information about your use of our website, and use tracking cookies on other websites by using this opt-out link. An opt-out cookie is set. If you delete the cookies from your device, it is therefore necessary to store this opt-out cookie again by following the instructions under this link. In addition, in many common browsers you will find a so-called “Do Not Track” setting, which you can use to indicate that you do not wish to have user profiles created about you. Hotjar will not collect any information from you if you have set the “Do Not Track” setting so that you do not want to create user profiles about yourself.

You can opt-out of Hotjar’s creation of a user profile, storing of data about your usage of our site and use of tracking cookies on other websites by following this opt-out link. This will set an opt-out cookie on your device. If you delete the cookies from your device, it is therefore necessary to set this opt-out cookie anew by following the instructions under this link once more. In addition, in many common browsers you will find a so-called “Do Not Track” setting, which you can use to indicate that you do not wish to have user profiles created about you. Hotjar will not collect any information from you if you have set the “Do Not Track” setting so that you do not want to create user profiles about yourself.

The transfer of personal data to Hotjar in connection with the Hotjar analysis tool is based on Art. 28 GDPR.

We use the Hotjar tool to analyze the use of our offer and to continuously develop our offer in terms of user-friendliness. The legal basis for the use of the Hotjar Tool is Art. 6 (1) (f) GDPR. Our legitimate interest is the optimization and further development of our website and services.

5 Data Collected from Registered Users and Processing of Such Data

5.1 Data collected during registration

5.1.1 You must register to use the Services. You have the choice between registering as an employer or an applicant. In both cases, you must enter your name, your e-mail address and a password of your own choice to register.

If you register as an applicant seeking job offers, you must in addition provide the following job-related information, which will be included in your user profile: Your place of residency, work experience, basic information about your preferred job (location, field/industry, position) and your employment status (i.e. whether you are currently actively looking for a new job). You must also send us your CV. The communication of your personal data is not required by law, but is required to conclude the contract regarding the use of our Services. You may also voluntarily provide additional information to supplement your user profile, such as your exact professional background, the existence of a work permit and details of your skills and experience.

5.1.2 We will process all of the aforementioned personal data of your user profile solely for the purpose of providing the Services on the basis of Art. 6 (1) (b) GDPR.

5.2 Use of the Services

5.2.1 We process the personal data of your user profile in order to provide the Services. If you are registered as an applicant, we may also recommend your profile to an employer with regard to a job application, and in this context transfer your personal information stored in your profile. We can also contact you directly, using your contact details, via the contact options you have selected (e.g. phone or e-mail) to inform you about potentially relevant employers and job offers of employers that potentially match your profile, in order to enable prompt notification and, if necessary, swift consultation with you, for example with regard to a job offer to be filled at short notice, in line with your interests and an efficient personnel recruitment.

In addition, we offer communication services through which you can communicate with an employer or applicant. We can thus, for this purpose, transmit data from your user profile and the message content to your communication partner.

The legal basis for the above-mentioned data processing is Art. 6 (1) (b) GDPR.

5.2.2 Please note that employers or applicants registered for our Services may also be located outside the EU, such as in the US. By providing the Services, we can therefore also transfer your personal data to these countries. Transmission will only take place if an appropriate level of protection is guaranteed or if you expressly consent to it after having been informed about the potential risks of such data transmissions without suitable guarantees. The legal basis for these transmissions is Article 6 (1) (b) GDPR and Art. 45 GDPR (if there is an adequacy decision set by the Commission), Art. 46 GDPR (if the respective recipient provides sufficient guarantees) or Art. 47 GDPR, for all other cases.

5.2.3 We may also process the contents of the message in order to improve, detect and prevent misuse of our Services. Such data processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest is the optimization of our Services and ensuring the proper use of our Services.

5.2.4 If a contract between you and an applicant or employer has been concluded, we collect remuneration data from this contract (employment date, job title, and agreed remuneration including any bonus payments). The disclosure of this information is set in the contract regarding the use of our Services, so failure to notify us will result in breach of your contract with us. We will process this data together (if necessary with the payment information provided by you) to calculate and bill our compensation as well as, if necessary, to determine your bonus payments, which we may wish to grant you. The legal basis for this processing is Article 6 (1) sentence 1 lit. b) GDPR.

6 Xing Plugin

6.1 We integrate social plugins of the social network Xing into our website and the services. These social plugins are offered by Xing SE (Dammtorstraße 30, 20354 Hamburg). These social plugins allow you to recommend the website and services. The content of the social plugins is transmitted by Xing SE directly to your device. We therefore have no influence regarding the extent to which Xing SE collects the data with these social plugins and inform you according to our knowledge. According to Xing SE, no data is transmitted to Xing SE when visiting the website. A transmission to Xing SE servers only occurs when you click on one of the plugins. Further information on data processing and data protection by Xing SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.

6.2 The legal basis for the use of these social plugins is subject to your consent according to Art. 6 para. 1 sentence 1 (a) or Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is to tailor our services to your preferences and wishes.

7 Linked Plugin

7.1 We integrate social plugins of the social network LinkedIn in our website and the services. These social plugins are offered by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, California 94085, (“LinkedIn”). These social plugins enable you to recommend the website and services. We use the Sha-riff solution, where the individual social plugin is not loaded until you press the social plugin. When the social plugin is loaded, your browser establishes a direct connection to LinkedIn’s servers in the USA and subsequently communicates with the respective LinkedIn services. The content of the social plugin is transferred from LinkedIn servers directly to your device. We therefore have no control over the amount of data that LinkedIn collects through the plugins and inform you according to our knowledge: We assume that the visit of the website, the activation of the plugin and the IP address of your terminal device, are registered. Accordingly, LinkedIn is notified when you have accessed our website through the integrated social plugins. If you are logged in to LinkedIn during this time, LinkedIn can assign your visit to your LinkedIn account. When you interact with the social plugins, the corresponding information is transmitted directly from your browser to LinkedIn.  

7.2 Further information regarding the purpose and scope of data collection and further use of the data by LinkedIn, as well as your rights and options for protecting your privacy, can be found in LinkedIn’s privacy policy under the following link: https://www.linkedin.com/legal/privacy-policy?_l=en_EN.

7.3 For transmission to the US, the EU Commission has issued an adequacy resolution (No. 2016/1250), according to which companies that meet certain criteria guarantee an adequate level of protection, also known as the “EU-US Privacy Shield”. These companies are listed in the so-called “Privacy Shield List” or “Privacy Shield List”. LinkedIn is one of the companies listed there. The transmission to LinkedIn in relation to the Social Plugins is based on Art. 45 GDPR.

7.4 The legal basis for using these Social Plugins is subject to your consent according to Art. 6 para. 1 sentence 1 lit. a) or Art. 6 para. 1 sentence 1 lit. f). Our legitimate interest is the optimal design of the website according to your wishes and preferences.

8 Newsletter

You can register for our newsletter service if you wish to receive regular updates regarding our services.

For the registration and sending of the newsletter we need your valid e-mail address. To make sure that you actually want to receive information from us, we use the so-called double opt-in procedure. Once you have registered, you will receive an e-mail containing a link to activate the newsletter service. Only after you have activated the newsletter service in this way will your registration be effective and the selected newsletter will be sent to you.

Of course, you can unsubscribe from the e-mail newsletter and revoke your consent to receive the newsletter at any time. You can object to the use of your e-mail address for the newsletter at any time. All you have to do is send an informal e-mail to datasecurity@taledo.com or click on the unsubscribe link contained in each newsletter.

The legal basis for data processing in connection with the newsletter is your consent pursuant to Art. 6 (1) (a) GDPR.

9 Other Processing of Personal Data

Further personal data is stored if you voluntarily enter it on our website (e. g. when you contact us via the options offered on the website).

We process this personal data to fulfil the purpose noticeably associated with the transmission, e. g. to process your request. The legal basis for this processing of your personal data is Art. 6 (1) (b) GDPR, in case you enter your personal data for the purpose of initiating a contract. Otherwise, the legal basis of this processing is Art. 6 (1) (f) GDPR. Our legitimate interest is the processing of your request.

10 Transmission to Service Providers

10.1 Any communication with you via email is accomplished by using the Gmail service offered by Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA . Your personal data (e-mail address, message content) can also be sent to Google servers outside the EU such as the USA. The transmission to Google is based on Art. 28 and 45 GDPR. For more details, please see paragraph 3. The processing of your personal data is based on Art. 6 Para. 1 S. 1 lit. b) GDPR as long as you are registered for our Services. Otherwise, the transmission is based on Art. (1) (f) GDPR, whereby our legitimate interest is communication with you for processing your possible request.

10.2 We use so-called CRM tools of Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (“Salesforce”) for the administration of our customer data. This means that your personal data (email address, message content) may be transferred to Salesforce servers, which may also be located outside the EU such as the United States. Salesforce is on the Privacy Shield List. The transfer to Salesforce is based on Articles 28 and 45 GDPR. The processing of your personal data with the CRM tools is based on Art. 6 (1) (b) GDPR.

11 Communication between Users

When communicating via our services and uploading content within our services, we ask the user to note that this may be visible to other users. We therefore ask the user to handle the information provided by him/her carefully. Uploaded user content is transmitted in order to fulfil the relevant functions of our services on the basis of Art. 6 (1) (b) GDPR.

12 Storage Period and Deletion of Data

We process personal data of the user as long as the user is registered for the use of our services or as long as it is necessary to achieve the processing purposes or is prescribed by a legal obligation to store the data. Subsequent to this period, the data is immediately deleted.

However, we retain data which is stored due to a legal obligation for as long as this is required by law (up to ten years).

Data that we store to pursue legal claims or defend against legal claims will be retained for as long as this is legally permissible. This can be up to 30 years.

If necessary, we may ask the user, when submitting content, for permission to process the data beyond this period.

13 Disclosure of Personal Data to Third Parties

Personal data will only be disclosed to third parties – unless otherwise stipulated in this privacy policy – without the express consent of the user, if this is necessary for the provision of Taledo’s services or for the performance of the contract with the user (in particular for personnel placement).

Apart from that, Taledo will not pass on the User’s personal data to third parties unless the user has expressly consented to the transfer (Art. 6 para. 1 sentence 1 lit. a) GDPR) or Taledo is not entitled or obliged to do so by legal provisions or court orders. In the latter case, the transmission by Taledo is for the fulfilment of a legal obligation pursuant to Art. 6 (1) (c) GDPR.

14 User Rights

14.1 Right to information

The User has the right to obtain from Taledo, in writing and free of charge, the personal data related to him/her which is stored at Taledo, the purposes of processing, its origin, which recipients or categories of recipients the transfer of data has been passed on to, the storage period and his/her relevant rights at his disposal.

14.2 Right to correction, deletion and/or limitation of data processing

The user has the right to request at any time the correction of incorrect data, the deletion and/or restriction of the processing of personal data stored about him, unless Taledo is legally obliged to retain such data or there is another, opposing legitimate reason as defined in Art. 17 (3) GDPR. Insofar as this includes personal data required for the provision of services to the user, the deletion or restriction of the processing of such data can only take place when the user no longer uses Taledo’s services.

14.3 Right to object

The user has the right, at any time, to object to data processing based on Article 6 (1) (e) or (f) GDPR for reasons arising from his particular situation, unless Taledo can demonstrate compelling justifiable reasons, which outweigh the interests of the user, or the processing serves to assert, exercise or defend legal claims. The user can object to data processing for the purpose of direct advertising at any time without special reasons being required.

14.4 Right to Data Transferability

If the user provides data relating to the himself/herself and Taledo processes such data on the basis of the user’s consent or in order to fulfil the contract, the user may request that the he/she receive such data in a structured, current and machine-readable format from Taledo or that Taledo transmit such data to another person responsible to the extent technically possible (so-called right to data transferability).

14.5 Right to revoke consent

Any consent given by the user regarding the use of personal data can be freely revoked by the user at any time with effect for the future.

14.6 Right of appeal to a supervisory authority

The user may also lodge a complaint with a supervisory authority against data processing which, in his opinion, violates the statutory provisions.

15 Changes to the Privacy Policy

Taledo reserves the right to change this Privacy Policy at any time, while always complying with the statutory data protection requirements. Therefore, Taledo recommends that users regularly take note of the applicable privacy policy.

You can exercise your rights by contacting us in writing at Taledo GmbH, c/o Classik Business Space, Rosenstraße 2, 10178 Berlin via e-mail to datasecurity@taledo.com. Furthermore, our data protection officer Thomas Lang is available to you in writing at INTARGIA Management Consulting GmbH, Max-Planck-Straße 20, 63303 Dreieich or via e-mail to datasecurity@taledo.com.