Privacy policy

Overview

Protection of personal data and responsible handling of information are important and special concerns for us.
We process personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).

This privacy policy contains information how we process personal data in the case you

  • visit our website (see section 2)
  • visit our social network presence (see section 3) including our Facebook Fan-Page (see section 4)
  • conclude and execute agreements with us, in particular in connection with our freelancer network (see section 5)
  • apply for a job with us (see section 7).

Further, this privacy policy contains information on recipients of your personal data within the EEA (see section 8) and third countries (see section 9), deletion of your personal data and retention periods (see section 10), your rights as a data subject (see section 11) and automated decision making (see section 12).

1. Controller and Data Protection Officer

Controller pursuant to Art. 4 no. 7 GDPR: Expertlead GmbH | Lützowufer 6-9, 10785 Berlin (imprint)

Data Protection Officer: Dr. Bernhard Freund, PLANIT // LEGAL, Jungfernstieg 1, 20095 Hamburg, bernhard.freund@planit.legal

2. Website Visit

When you visit our website (www.expertlead.com), we process personal data to enable your use (Usage Data) to the extent described in section 2.1. In addition, personal data may be processed for web tracking and other purposes as described under 2.2. et seq. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.

2.1 Data Processing to Enable the Use of the Website

Usage Data includes your IP address and information on start, end, your use of the website and identification data (e.g. your login data when you log into a secure area). It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR).

2.2 Cookies and Web Tracking

When you visit our website, information in the form of cookies may be stored on your device. A cookie is a small text file that is sent from a web server to your browser and stored on your device. When you revisit our website, cookie data are transmitted to our web server again. We may then, for example, recognise you again and take your individual settings into account when displaying the website. Cookies can be categorised as first party cookies (deployed by YYY) and third-party cookies (deployed by third parties). We further categorise cookies as follows:

Type:
Description:
Category 1: technically necessary cookies
These cookies are technically necessary to provide the website functionality. We may not provide the website without deploying such cookies.
Category 2: functional cookies
These cookies serve to create the most pleasant surfing experience possible on our website, with a maximum of individual usage conformity (e.g. enabling a login across sessions, a high surfing speed through search suggestions or the storage of individual page settings such as language or text size, etc.).
Category 3: performance cookies
These cookies serve to continuously optimise our website and lead to a continuously improved surfing experience (e.g. by evaluating the use of website functions offered, reporting display errors, etc.). They track information how our website is used.
Category 4: Targeting and social network cookies
Some of these cookies allow you to connect to your social networks and share content. Others helps to better individualise advertising by adapting to your interests.

Category 2 to 4 cookies may be deployed to process your activities on our website and is processed in
pseudonymous usage profiles (web analysis). We only use this information for the aforementioned purposes (functionality and optimisation of the website, interest based advertising) and for statistical analysis. In addition to cookie based web tracking, there is non-cookie based web tracking using other means such as your individual device settings to recognize you when revisiting our website

Legal basis for deploying technically necessary cookies (category 1) is our legitimate interest in
providing our website under Art. 6(1)(f) GDPR. Legal basis for deploying category 2 to 4 cookies and web tracking is your consent under Art. 6(1)(a) GDPR. When you first visit our website or if necessary again, we will display a respective banner and (i) inform you about the use of category 2 to 4 cookies and web tracking and (ii) ask for your consent. If you click on “OK”, you express your consent. You can restrict your consent to cookies deployment in whole or in part by configuring your browser settings and deactivating cookies in whole or in part. In addition, you can install a browser plugin. Plugins offer the possibility to prevent web analyses - e.g. AdBlock, Ghostery. NoScript or uBlock Origin (please refer to the data protection information of the respective plugin provider).

In addition, some web providers are members of industry associations whose websites allow to
centrally prevent the use of web tracking. Please find below reference to the websites of these associations for expressing your choices in regard to web tracking and processing data in pseudonymous profiles.

In case you do not consent to cookies deployment or delete cookies from your device, this may affect your ability to use the website or individual functionalities. Please refer to the below table for detailed information in regard to the particular cookies deployed on our website.

Cookie(s)
Category
Controller
Purpose
Retention Period
lang
lidc
UserMatch
History
Functionality, targeting and social networks
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland;
Language settings, web analysis, interest-based advertising
Up to 30 days
MUID
MUIDB
Targeting and social networks
Bing Ads: Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, USA)
Web analysis, interest-based advertising
Up to 12 months
_hssc
_hssrc
_hstc
_cfduid
_hsfirstvisit
Performance
Hub: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland
Web analysis
End of session
_fbp
_fr
_tr
Targeting and social networks
Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, USA
Web analysis, interest-based advertising
3 months
_ga
_gat
_gcl_au
_gid
1p_JAR
CONSENT
Performance
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis
Up to 24 months
DSID
DIE
AID
ANID
APISID
SAPISID
NID
HSID
SID
SIDCC
SSID
Targeting and social networks
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis, interest-based advertising
Up to 24 months
Hubspotut
Functionality
Hub: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland
Authentication
12 months
intercom-id
gtmid
Functionality
Intercom, Inc., a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Anonymous user identification
10 months

Please refer to the below table for information in regard to web tracking services used on our website and the associated providers. In addition, there are links to the privacy policy of the provider and an explanation on how you can prevent web tracking. Typically, in such cases, an “anti-tracking cookie” is stored on your device preventing the collection of usage data from your device by the respective provider. Please note: in case you delete cookies from your device, you may have to set the "anti-tracking cookie" again.

Tool/Provider
Purpose
Link to privacy policy/prevention of processing
Bing Ads: Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, USA)
Web analysis, interest-based advertising
https://privacy.microsoft.com/en-us/privacystatement/
Prevention of processing: Via anti tracking cookie (see anti tracking website) or via EDAA website
Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, USA
Web analysis, interest-based advertising
https://www.facebook.com/privacy/explanationWeitere Informationen zum Datenschutz
Prevention of processing: Via anti tracking cookie (see privacy policy)
Google Analytics: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis, interest-based advertising
https://www.google.de/intl/de/policies/
Prevention of processing: Via anti browser plugin (see add-on) and further information under section 2.3
Google Double-Click, Google AdWords Conversion, Google Dynamic Remarketing: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis, interest-based advertising
https://www.google.de/intl/de/policies/
Prevention of processing: Via anti advertising manager by Google and further information under section 2.
Hotjar: Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta
Web analysis
Hub: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland
Web analysis, interest-based advertising
https://legal.hubspot.com/privacy-policy
Prevention of processing: Via anti tracking cookie (Opt-out now)

2.3 Google Analytics

This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies (see section 2.4) to enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, Google will reduce your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand and thus make it anonymous. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You can prevent the storage of cookies by a corresponding setting of your browser software ) or a privacy plug-in (see section 2.4). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

Further information on data protection at Google Analytics can be found at: https://www.google.de/intl/de/policies/.

Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2.4 Google Double-Click, Google AdWords Conversion

We use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. In order to improve our offers, we can analyse what happens after a user clicks on our ad, e.g. whether the user has accessed the ad from a mobile phone. You will also receive interest-based advertising through these services. Their consent is required for this (see section 2.4). If you do not wish this, you can prevent this, in addition to the variant described in section 2.4, using Google's Ads Preferences Manager: http://www.google.com/settings/ads/onweb/?hl=en.

DoubleClick places a cookie on your computer to record your surfing behaviour on various websites (tracking) and to play out interest-related advertising. If you do not want this to happen permanently, you can download a plug-in from the following link to prevent the DoubleClick cookie: https://www.google.com/settings/u/0/ads/plugin?hl=en or you can proceed as described in section 2.4.

Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

2.5 Google Tag Manager

This website uses Google Tag Manager to manage website tags. A tag is a JavaScript snippet used to send information from a website to recipients, in particular in the context of web tracking.
The Google Tag Manager tool itself does not collect any personal data. The tool triggers other tags that may collect data (e.g. the Google Analytics tag). Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. This makes it easier to effectively implement your need against tracking procedures.

Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2.6 Google Maps

On the page of the contact form there is a plugin which shows a map of Google Maps. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us.

This is done by connecting your browser to Google's servers as if you were visiting the Google search engine's website. If you are logged into Google, your information will be directly linked to your account. If you do not wish to be linked to your profile on Google, you must log out before activating the button. Google is responsible for data processing by Google. There is no tracking by Google on our website.

If you do not agree to the future transfer of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore also the map display on this website can then not be used.

For more information about using Google Maps, please see the Google Maps Terms of Use. For further information on data protection at Google, please refer to Google's privacy policy.

Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2.7 Contact Form

We process your personal data when you use our contact form. If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. Legal basis is either the performing of a contract obligation or our legitimate interest in providing a contact form (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR).
You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal information, we may not be able to process your request. Otherwise there will be no consequences for you. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

If you register for our newsletter, we will process your email address and send you a confirmation email with a confirmation link, which you can use to register for the newsletter. You can unsubscribe from the newsletter and object to email advertising at any time. An option to do so will be included in every newsletter or email containing advertisement we may send you.

3. Visit of our presences in social networks

We operate presences in the following social networks: Facebook, Instagram, LinkedIn, Twitter, Xing. We use these presences to provide information about us and to communicate with the respective users. This data protection declaration also applies to such online presences.

If you contact us via social networks – e.g. for the purposes of an application or other inquiry – we process your data as described in this data protection declaration. The legal basis for such processing is our legitimate interest in public relations and communications (Art. 6, para. 1, sentence 1, lit. f GDPR), unless otherwise specified.

The providers of the abovementioned social networks regularly process data of their users for advertising purposes and create usage profiles based on the activities of their users. The relevant providers also use cookies and other tracking technologies for such purposes. We do not control such processes. You will find detailed information on this in the privacy policies of the relevant provider. There you will also find information regarding your rights vis-à-vis the relevant provider.

Facebook makes information regarding the use of our Facebook Fan-Page available to us, see section 4 below.

Moreover, we note that providers of social networks may process user data outside the European Economic Area, e.g. USA. This may involve a lower data protection standard than within the EU, and the enforcement of data protection rights based on EU law may be more difficult. To the extent specified below, however, providers of social networks have accepted the EU-US Privacy Shield and are thus obligated to adhere to European data protection standards:

4. Facebook Fan-Page Visit (Facebook insights data)

When you visit or interact with our Facebook Fan Page, your personal data (e.g., "Like" information) is processed as explained in this section.

4.1 Joint Controllership

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, (“Facebook”) provides us with statistics and insights that help us understand the use of our Fan-Page (“Page Insights”). In this case, Facebook and Expertlead are jointly responsible for data processing (“Joint Controllers”).

4.2 Legal Basis, Purpose and Necessity of Processing your personal Data

The legal basis for processing your personal Data is Art. 6(1)(f) GDPR. We use information you provide via your Facebook profile or by visiting our Fan-Page through your Browser to provide the functionalities of our Fan-Page. This may include checking the reach of our posts; defining our audience more accurately; customizing advertisements to fit our audience and designing our Facebook Fan-Page to match the actual interests of our visitors.
This includes:

  • Age
  • Geographical data
  • Shopping habits
  • Browsing habits

We process this data in our legitimate interest to maintain the functions of our Fan-Page; to review our reach and to design and display our Fan-Page in accordance with your interests. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

4.3 Further information on our joint controllership with Facebook

To transparently and explicitly determine the responsibilities for compliance with the obligations under the GDPR between Expertlead and Facebook, we have concluded an agreement with Facebook that states that Facebook is primarily responsible for data processing when visiting our Fan-Page. In particular, Facebook will be responsible in case you exercise your rights under Art. 12 and 13 GDPR, Art. 15 to 22 GDPR, and to ensure compliance with Art. 32 to 34 GDPR.

You may at any time also address your enquiry regarding data processing in connection with our Fan-Page to us or exercise your rights vis-à-vis the address listed in Section 1 (for further information about your rights see section 11). Where necessary to carry out your request or exercise your rights, we will forward your matter to Facebook.

For further information about page-insight data and the exercise of your rights, please see the information provided by Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data

For further information about the determination of the responsibilities within the joint controllership in the meaning of Art. 26 GDPR, please see the agreement with Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

For further information about the placement of cookies when visiting our Fan-Page, please see Facebooks Cookie Policy: https://www.facebook.com/policies/cookies/

For more information about protecting your privacy at Facebook, please see Facebook's privacy policy: https://www.facebook.com/privacy/explanation.

5. Application as a Freelancer

If you apply as a freelancer for our network, we process the necessary data to carry out the application process. The legal basis for this is § 26 German Federal Data Protection Code (Bundesdatenschutzgesetz – BDSG). The easiest way to apply is through our website. This requires your full name, email address, professional field and your CV. You may also provide your website or social media profiles to make further information available to us

After reviewing the documents and information provided by you, we will get in touch and inform you about the further process. If you are a suitable candidate for our network, we will invite you to further interviews and testing. For this purpose, we will forward your data to the extent necessary to freelancers within our network which will perform such interviews or tests. Such freelancers are obligated to adhere to data protection laws by way of data protection agreements pursuant to Art. 28 GDPR.

Usually we will offer you to participate in a video interview via Google Hangouts (a service by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or Zoom (a service by Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA95113, USA). Please note the privacy policies of these providers. We note that both providers are located outside in the USA and that local data protection standards are not entirely equal to those within the EU. However, both providers have accepted the EU-US Privacy Shield and are thus obligated to adhere to European data protection standards according to GDPR.

If upon successful completion of the application process we offer you to join our freelance community, we will process the necessary data required from you for this purpose. We will store the application files with your documents. Should your application not be successful, we will delete the data received from you within six months; however, we may merely store your name and date of birth for up to two years, in order to recognize repeated applications.

6. Job Applications

When you apply for a job with us directly, we will process the data received from you for the purposes of establishing contact and reviewing your suitability for the position you apply for. The legal basis for this is § 26 BDSG.

If we make you an offer to join us, we will process the necessary data required from you for this purpose. We will store the application files with your documents. Should your application not be successful, we will delete the data received from you within six months; however, we may merely store your name and date of birth for up to two years, in order to recognize repeated applications.

With your consent, we offer you to include you into our applicant pool. This may be helpful in case we do not have a suitable position at the time of your application. In such case, we will contact you once we do have a suitable vacant position. We will store your data for a maximum period of 12 months in such case. You may withdraw your consent at any time with effect for the future by writing to “mail@expertlead.de”. In this case we will delete your application from the pool.

Applicant data is also being processed by the provider Personio (Personio GmbH, Rundfunkplatz 4, 80335 München) based on our instructions. For scheduling we use the service Calendly (Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA) or Google Calendar (a service by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The aforementioned providers are adequately obligated under data protection agreements pursuant to Art. 28 GDPR. Calendly and Google are located in the USA; in order to guarantee an adequate level of data protection, we have entered into the EU standard contractual clauses with Calendly, whereas Google LLC is certified via the EU-US-Privacy Shield.

Usually we will offer you to participate in a video interview via Google Hangouts (a service by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or Zoom (a service by Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA95113, USA). Reference is made to section 5 regarding these providersTransfer to Recipients of Personal Data within the EEA

We will transfer personal data to third parties only where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR. In particular, we transferred personal data to the following categories of service providers:

  • Providers of accounting, financial institutions, tax and legal advice;
  • IT service providers
  • Providers for data destruction and facility services;

Providers for application management (see above sections 4 and 5).In other cases, we transfer personal data to other recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.

7. Transfer to Recipients of Personal Data in States outside the European Economic Area (EEA)

If necessary, for our purposes, we may also transfer your data to recipients outside the EEA. This is in particular the case if we have to transferred this data to recipients in third countries for the purposes of contract performance or due to legal obligations.

We only transfer further data to third countries where the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer. To ensure an adequate level of protection for the recipient of data, we in particular use the standard contractual clauses of the EU Commission on the transfer of personal data to third countries, unless an adequacy decision within the meaning of Art. 45(1) GDPR has been taken by the EU Commission. We may transfer your data to the following third countries: USA (see section 2.2 regarding forwarding data to Microsoft, Facebook and Google; these recipients are certified according to EU-US Privacy Shield), states in which interviewers pursuant to section 5 perform their services. We may transfer your data to the following categories of service providers:

  • IT services
  • Web analysis
  • Services in connection with job/network applications

8. Deletion

We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for Expertlead to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.

For the deletion of data from applications see section 5.

9. Your Rights

As a data subject of the data processing, provided the statutory preconditions are met you have the right to confirmation as to whether personal data relating to you are processed by Expertlead and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).

In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions or complaints about data protection at Expertlead, we recommend that you first contact our data protection officer (see contact details under section 1).

10. No automated individual Decision-Making

We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.

11. Amendment of the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website.