Privacy statement

This privacy statement describes the processing of personal data when using our website in accordance with the requirements of the General Data Protection Regulation ("GDPR").

1. Website provider and data controller

Simpliant Legal - Wittig, Bressner, Groß Rechtsanwälte PartG mbB; Simpliant GmbH and Simpliant Technologies GmbH (each located at Fasanenstrasse 12, 10623 Berlin, Germany; collectively referred to as "SIMPLIANT" or "we") are joint controller of the website and therefore jointly responsible for data protection (Art. 26 GDPR).

2. Data subject rights and supervisory authority

As a data subject, you can exercise the following rights vis-à-vis SIMPLIANT:

• Information about your data stored by us and its processing (Art. 15 GDPR)
• Correction of inaccurate personal data (Art. 16 GDPR)
• Deletion of your data stored by us (Art. 17 GDPR)
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR)
• Data transfer if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR)
• Object to the processing of your data by us (Art. 21 GDPR).
  If you have consented to data processing, you have the right to revoke your consent with effect for the future.
  To exercise your rights, please contact us by e-mail via datenschutz@simpliant.eu. Please note that in doing so, we will need to verify your identity and therefore identify you by appropriate means.
  You can file a complaint with a supervisory authority for data protection at any time, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.
  The authority responsible for us is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin, Germany.
  Under the following link you will find all supervisory authorities for Germany for non-public bodies https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

3. Legal bases

The legal basis for the data processing results from Art. 6 para. 1 GDPR.
In particular, your data will be processed on the basis of the following legal bases:

• Art. 6 para. 1 lit. a) GDPR - your consent
• Art. 6 para. 1 lit. b) GDPR - fulfillment of a contract or pre-contractual measures
• Art. 6 para. 1 lit. c) GDPR - fulfillment of a legal obligation
• Art. 6 para. 1 lit. f) GDPR - legitimate interests
  Several legal bases may apply to the individual processing operations.

4. Retention period

The duration of data storage depends on the respective data category and processing activity. If the retention period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g., § 257 HGB, 147 AO) and in the event of a possible legal dispute.
Security measures are continuously improved and adapted in line with technological developments.

5. Recipient of the data

For some of the data processing activities that we perform we use service providers. These service providers are processors on behalf (“processors”) and have been contractually obligated by us pursuant to Art. 28 GDPR to process data only in accordance with our instructions. These processors may have access to personal data in the course of their activities.

6. Specifics of individual data processing operations

6.1 Server protocols

When you visit our website, certain connection data is stored in a server log by the hosting provider.

The following categories of data are processed:

• IP address
• Name of the telecommunications service provider
• Browser type, browser software version and browser language
• Operating system
• Date and time of access
• Access content
• Quantity of transferred data
• Access status (successful transmission/error)
• Web pages that were redirected to
• Visited websites

The processing is carried out for the following purposes:

• Ensuring a trouble-free connection to the website
• Ensuring a smooth use of our website
• Assessment of system security and stability

Legal basis:

The processing is carried out pursuant to Art. 6 para. 1 lit. f) GDPR based on our legitimate interest to provide the website and to improve and monitor the security, stability, and functionality of the website.

Storage period:

The storage period from collection is 7 days.

6.2 Email contact and contact form

You can contact us by sending us an email or entering data in our end-to-end encrypted contact form. You can specify your request and contact our office directly using the contact information on our website.

Purpose of data processing:

The data entered and transmitted by you will be processed for the purpose of individual communication with you.

Legal basis:

The data processing is carried out for the implementation of pre-contractual measures, the fulfillment of a contract (Art. 6 para. 1 p.1 lit. b) GDPR) or based on our legitimate interests in providing an efficient and secure method of communication (Art. 6 para. 1 p.1 lit. f) GDPR.

Storage period:

If no legal retention periods require the storage of data or the type of processing requires the ongoing processing of personal data, your data will be deleted no later than 3 years after the last contact. If a contractual relationship is established, your contact data will be stored for as long as this contractual relationship lasts. If we are subject to legal retention periods, we will comply with these and delete your data after these periods have expired.

6.3 Applications and Talent Pool

Nature and purpose of data processing:

On our website, you can apply for positions. In principle, you will provide the data for this purpose yourself. In addition, we may also receive data from third parties (e.g., personnel service providers or applicant platforms) if you have applied to us via such a platform. Also, we may process personal data that we have received from publicly available sources (e.g., professional social networks).
In order to accept and evaluate your application and depending on the data you provide we may process the following personal data:

• Any information you submit about yourself:
• Name
• Contact details
• E-mail
• Phone number
• Date and place of birth

Files and documents, such as testimonials and certificates, that you send us in connection with your application. If we are not able to retain you for a position you applied for, we may ask for your consent to keep your application data for future openings (“Talent Pool”).

Legal basis:

The processing of the data is based on Art. 6 para. 1 sentence 1 lit. b, Art. 88 GDPR in conjunction with § 26 para. 1 BDSG (pre-contractual measures and contract performance; establishment, implementation and termination of the employment relationship). In case that you give us consent to keep your data in our Talent Pool, the legal basis is Art. 6 para. 1 p.1 lit. a) GDPR.

Retention period:

If your application is accepted by us, we will transfer your application data to your personnel file and delete it from the systems for the application process. If your application is rejected, your personal data will be deleted no later than six months after the end of the application process.
The data in our Talent Pool will be stored after 2 years or until you revoke your consent.

6.4 Website Analytics

Nature and purpose of data processing:

We use the privacy-friendly and cookieless web analytics provider Plausible (plausible.io) to better understand how our website is used and to optimize our web presence. Plausible does not perform any cross platform tracking and does not share data with third parties. The is a service provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (registration number 14709274).
Plausible pseudonymizes your data from HTTP requests that you send to our webservers by a hash function with a rotating salt. This means that a changing identifier in the form of a random string of letters and numbers is generated from the IP address and the user agent. This is required to uniquely calculate the number of visitors for that day. This is privacy-friendly as your raw data, IP address and user agent, are not stored in Plausible's logs, databases or hard drives.
After 24 hours, the data is anonymized, as the old salt is deleted and traceability is completely excluded. Only the generated hash is stored on Plausible's servers located in the EU.
For more specific information on how Plausible processes the data, please visit https://plausible.io/data-policy.

Legal basis:

The legal basis for the processing is our legitimate interest in gaining knowledge about the use and reach of our website (Art. 6 para. 1 lit. f GDPR).

Retention period:

After 24 hours, the data is anonymized

Opt-out

If you would not like us to track your visit for statistical purposes, you may opt-out by configuring setting follow this link:
Privacy Settings
A cookie will be stored in your browser in order for us to be able to respect your choice not be tracked.

7. Modification of the privacy statement

We reserve the right to adapt this data privacy statement in order to always comply with the current legal requirements or to present changes to our offers in the data protection declaration (e.g., when introducing new services). The current version of the data privacy statement applies in each case.