In the following, we would like to inform you about the processing of your personal data when you visit our website at https://emplify.de/ (also "website") as part of our information obligations (Art. 13 et seq. GDPR).

On our website you will find various options for contacting us and being informed about news, job offers and application opportunities. The responsibilities and circumstances of data processing depend on which functions of our website you use.

In the following, we explain which personal data we process in which cases, the legal basis for this and the data protection rights to which you are entitled. You will also receive information about who is responsible for the respective data processing and who you should contact in relation to your data protection rights and in relation to the processing of your personal data.

1. Information on the Person Responsible

emplify GmbH ("emplify"), Stöckachstraße 11A, 70190 Stuttgart, Germany, +49 (0)711 184229 0, office@emplify.de, is responsible for the processing of your personal data. Depending on the processing, our Swiss subsidiary, emplify Switzerland GmbH ("emplify Switzerland"), Oberallmendstrasse 18, 6300 Zug, Switzerland, info@emplify-switzerland.ch, may also be involved in individual data processing operations as joint controller. We will inform you about this in connection with the respective data processing. The main content of the agreement concluded with emplify Switzerland on joint responsibility in accordance with Art. 26 GDPR can be found in section 12.

2. Data Protection Officer

emplify has appointed a company data protection officer. You can reach him as follows:

Michael Nachtigall
DS Compliance GmbH,
Carlsplatz 24,
40213 Düsseldorf,
Germany,
E-mail: datenschutz@emplify.de

3. Informational Use of Our Website

If you only access our website to view content, so-called log files are automatically recorded by our system. The following data is processed automatically:

• IP address of the requesting computer
• Type of Internet browser used
• Language of the Internet browser used
• Version of the Internet browser used
• Operating system and its version
• Interface of the operating system
• Pages accessed
• Date and time of the visit
• Time zone difference to Greenwich Mean Time (GMT)
• Access status/http status code
• Amount of data transferred
• Website from which the request comes

The log files contain your IP address and possibly other personal data. It is therefore possible to identify you. However, we only store your data temporarily and, in particular, not together with other personal data.

The processing of the above-mentioned data is necessary for the provision and display of our website. We also store the data for the purpose of ensuring the security and stability of our information technology systems. These purposes also justify our legitimate interest in processing the data on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

The log files are deleted or anonymized immediately after they are no longer required to achieve the aforementioned purposes. If the data is collected for the purely informative provision of our website, it will be deleted when the respective session has ended. Your IP address is stored in full for up to 24 hours and then in anonymized form. The temporary storage of the IP address by our system is necessary in order to rectify faults on our website and to avert dangers.

4. Website Hosting

Our website is operated on the servers of the provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, with server location in Germany. This means that the data we collect when you visit and use this website is stored by our hoster. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our legitimate interest to use the services of professional providers for the secure and efficient provision of our website. The processing of your data by Hetzner is based on an order processing contract in accordance with Art. 28 GDPR, which we have concluded with Hetzner.

5. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter free of charge in order to be informed (exclusively) about emplify-related news. It is currently not possible to subscribe to a newsletter concerning emplify Switzerland.

5.1 Subscribing to Our Newsletter

To register for the emplify newsletter, we need your e-mail address in addition to your declaration of consent. Further details, e.g. your name, are voluntary and are used to address you personally. We will only send you the newsletter if you first confirm your registration by clicking on the link provided in a confirmation e-mail sent to you for this purpose. This is to ensure that only you can subscribe to the newsletter. You must confirm this within 24 hours of receiving the confirmation e-mail. Otherwise, your information will be blocked and automatically deleted from our database after one month. The legal basis for sending the newsletter and other voluntary information is Art. 6 para. 1 sentence 1 lit. a GDPR. By sending the newsletter registration, you consent to the processing of your data by us. As part of your newsletter registration, we also store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to ensure the security of our systems and to counteract misuse. In the confirmation e-mail sent for control purposes, we also store the date and time of the click on the confirmation link and your IP address in order to be able to trace any possible misuse of your e-mail address at a later date. Your data will only be processed in connection with the sending of newsletters. The purpose of processing your e-mail address is to enable us to send you the newsletter. Other data during the registration process is used either to address you personally or to ensure the security of our services and prevent misuse of the e-mail address used. Your data will only be stored for as long as is necessary to achieve the purpose. Your e-mail address will therefore be stored for the duration of your active newsletter subscription if you have given your consent. The data that we also collect automatically during your registration (IP address, date and time) will be deleted at the latest when you cancel your newsletter subscription.

5.2 Newsletter Service Provider:

To send the newsletter, we use the e-mail dispatch tool of CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach"). This means that the aforementioned information (e-mail address, time of your newsletter registration and newsletter confirmation, IP address, other information that you voluntarily provide to us) is stored on Cleverreach's servers. Cleverreach's servers are located exclusively in the EU.
The processing of your data by CleverReach is based on an order processing contract in accordance with Art. 28 GDPR, which we have concluded with CleverReach.

5.3 Newsletter Tracking:

Based on a "web beacon" or "tracking pixel" (a pixel-sized file) implemented in our newsletter, we can track whether the newsletter has been opened (opening rate). This is done by loading the graphic together with all other images from the server when the mailing is opened. This image retrieval is recorded by the tracking system and enables the opening rate to be evaluated. We can also track whether links or buttons contained in the newsletter have been clicked (click rate). This is done by temporarily redirecting the recipient via the server of our newsletter service provider after clicking on a link and then forwarding them to the target address. We can also use the newsletter service provider to analyze the unsubscribe rate and bounce rate (percentage of undeliverable emails in relation to the total number of emails sent). This allows us to draw conclusions about the quality of our newsletters. Technical information (e.g. IP address, browser and time of retrieval and opening of the newsletter) is also recorded and statistically analyzed as part of the tracking process. The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal identification is excluded. We receive aggregated statistics that are automatically generated by our service provider (see above). As a rule, we therefore only have an overview of the percentage of recipients who have opened the newsletter or which content was particularly well received. This data is used exclusively for the statistical analysis of newsletter campaigns and can be used by us to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter. Your user behavior will only be analyzed if you have consented to the newsletter being sent and the associated personalized data analysis. The legal basis for data processing is your consent in accordance with Section 25 (1) TDDDG and Art. 6 (1) sentence 1 lit. a GDPR.

POSSIBILITY TO CANCEL / Unsubscribe From Newsletter

You can unsubscribe or cancel our newsletter at any time. Unfortunately, it is not possible to revoke your consent to newsletter tracking separately. If you wish to object to newsletter tracking, you must therefore also unsubscribe from the newsletter. You will find the link to do this at the end of each newsletter. You can also unsubscribe from the newsletter at any time by sending us a corresponding message (Section 1). By doing so, you revoke your consent with effect for the future or object to any further use of your data for the purpose of sending and tracking the newsletter. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Links to Social Networks

On our website, we use small icons and other links that refer to emplify's website on third-party platforms (Facebook, Instagram, LinkedIn and Xing). These are hyperlinks, so no data is automatically transmitted by you, but only when you click on the icons or the corresponding link and a new window opens in your browser with the website of the third-party provider.

6.1 Facebook Page (Formerly "Facebook Fan Page")

We operate a so-called Facebook page on the social media platform Facebook (Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland (hereinafter: "Meta")), which we link to on our website via the Facebook icon. As long as you do not click on the link, Meta will not receive any data from you. If you click on the link, for example to view our company presence on Facebook or to "like" our Facebook page, Meta will receive data from you (which data Meta receives also depends on whether you are logged in to Meta with your user profile while clicking on the page or not). Meta also uses so-called cookies, which are stored on your device when you visit our Facebook page even if you do not have your own Facebook profile or are not logged into it during your visit to our Facebook page. These cookies allow Meta to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside Facebook). Cookies remain on your device until you delete them. You can find more information about the cookies used on Facebook at https://www.facebook.com/policies/cookies/

According to its own information, Meta uses this data for a wide variety of purposes and transmits it worldwide, both internally to other Meta companies and to a wide variety of external partners. Meta bases this data processing on various legal bases, details of which can be found in Meta's Data Policy. The data policy can be found at the following link: https://www.facebook.com/policy.php

While Meta uses this data under its own responsibility for various purposes, we can only see aggregated data on our company Facebook page, i.e. statistics (e.g. user growth, user demographics, use of individual functionalities), which no longer have any specific personal reference. This data, which is called "page insights", is created using meta-logged so-called "events". An "event" can be, for example, the fact that someone has marked a certain post with a "like". As the website operator, we do not have access to the personal data that is processed in the context of events, but only to the summarized page insights. Events that are used to create Page Insights do not store any IP addresses, cookie IDs or any other identifiers that are assigned to people or their devices, apart from a Facebook user ID for people logged in to Facebook. You can find more information about Page Insights at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

In accordance with the provisions of the GDPR, we are jointly responsible with Meta for data processing on our Facebook page (Art. 26 GDPR). Accordingly, we have concluded an agreement with Meta provided by Meta in which this joint responsibility is regulated. You can find the agreement in German at the following link https://www.facebook.com/legal/terms/page_controller_addendum

This means that Meta is primarily responsible for the aggregated Insight Data. In addition, Meta will comply with all obligations under the GDPR with regard to the processing of Insight Data (including Art. 12, 13 GDPR, Art. 15-21 GDPR and Art. 32-34 GDPR). If you send us a request regarding our Facebook page, we will inform Meta promptly. Meta will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of various communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) TDDDG or Art. 6 (1) sentence 1 lit. a GDPR.

If you use our Facebook page to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

6.2 Internet Presence on Instagram

We operate a corporate presence on the social media portal Instagram. The operator of Instagram is Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland, whereby the platforms Facebook and Instagram share the technical infrastructure according to Meta's own information. In the following, the term "Instagram" is used for the social media portal and the term "Meta" for the operator of this portal.

On our website, we link to our company presence on Instagram using the Instagram icon. As long as you do not click on the link, Meta will not receive any data from you. If you click on the link, for example to view or subscribe to our company presence on Instagram, Meta will receive data from you (which data Meta receives also depends on whether you are logged in to Instagram with your user profile while clicking on the page or not). In addition, Meta uses so-called cookies, which are stored on your device when you visit our corporate website even if you do not have your own Instagram profile or are not logged into it during your visit to our corporate website. These cookies allow Meta to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside Instagram). Cookies remain on your device until you delete them. You can find more information about the cookies used by Meta at https://help.instagram.com/1896641480634370?ref=ig

According to its own information, Meta uses this data for a wide variety of purposes and transmits it worldwide, both internally to other Meta companies and to various external partners. Meta bases this data processing on various legal bases, which you can find in detail in Instagram's privacy policy and Facebook's data policy. Instagram's privacy policy can be found at the following link: https://www.instagram.com/legal/privacy/ Facebook's data policy, which also applies to Instagram, can be found at https://www.facebook.com/policy

While Meta uses this data under its own responsibility for various purposes, we can only see aggregated data on our company website, i.e. statistics (e.g. user growth, user demographics, use of individual functionalities), which no longer have any personal reference. These are called "Instagram Insights". You can find more information about Instagram Insights on the corresponding information page of Meta, which refers to all Meta products (and thus also to Instagram). You can access this information page at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

In accordance with the provisions of the GDPR, we are jointly responsible with Meta for data processing on our Instagram corporate presence (Art. 26 GDPR). Accordingly, we have concluded an agreement with Meta provided by Meta in which this joint responsibility is regulated. You can find the agreement in German at the following link https://www.facebook.com/legal/terms/page_controller_addendum

This means that Meta is primarily responsible for the aggregated Insight Data. In addition, Meta will comply with all obligations under the GDPR with regard to the processing of Insight Data (including Art. 12, 13 GDPR, Art. 15-21 GDPR and Art. 32-34 GDPR). If you send us a request regarding our Instagram company presence, we will inform Meta promptly. Meta will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of various communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) TDDDG or Art. 6 (1) sentence 1 lit. a GDPR.

If you use our Instagram page to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

6.3 Internet Presence on LinkedIn

We operate a website on the social media portal LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn")), which we link to on our website via the LinkedIn icon.

As long as you do not click on the link, LinkedIn will not receive any data from you. If you click on the link, for example to view our website on LinkedIn, LinkedIn will receive data from you (which data LinkedIn receives also depends on whether you are logged in to LinkedIn with your user profile while you click on the page or not). LinkedIn also uses so-called cookies, which are stored on your device when you visit our company website, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our company website. These cookies allow LinkedIn to provide its own services, determine the performance of the services and display relevant ads (including job ads) inside and outside LinkedIn. Cookies remain on your device until you delete them. You can find more information about the cookies used by LinkedIn at https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy

According to its own information, LinkedIn uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including recipients who are not based in the EU. LinkedIn bases this data processing on various legal bases, which you can find in LinkedIn's privacy policy. The privacy policy can be found at the following link https://de.linkedin.com/legal/privacy-policy

While LinkedIn uses this data under its own responsibility for various purposes, we can only see aggregated data on our LinkedIn website, i.e. statistics that no longer have any personal reference. These are called "page analytics". You can find more information on "Page Analytics" on the corresponding LinkedIn information page at https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=de

In addition, if you decide to become a follower when you visit our LinkedIn website, we will also receive your name and your position in the company according to the information in your LinkedIn user profile, as well as the time at which you became our follower. https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en

In accordance with the provisions of the GDPR, we are jointly responsible with LinkedIn for data processing on our LinkedIn website (Art. 26 GDPR). Accordingly, we have concluded an agreement with LinkedIn provided by LinkedIn in which this joint responsibility is regulated. You can find the agreement at the following link https://legal.linkedin.com/pages-joint-controller-addendum

This means that LinkedIn is primarily responsible for the aggregated Insight data. In addition, LinkedIn will fulfill all obligations under the GDPR with regard to the processing of Insight data (including Art. 12 -22 GDPR and Art. 32-34 GDPR). If you send us a request regarding our LinkedIn website, we will inform LinkedIn promptly. LinkedIn will respond to the request in accordance with our agreement.

Our legitimate interests in the processing of personal data lie in the use and linking of various communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Section 25 (1) TDDDG or Art. 6 (1) sentence 1 lit. a GDPR

If you use our LinkedIn presence to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we will only process the data you provide in order to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time (see section 1 above) that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

6.4 Internet Presence on Xing

We have a company page on the social media portal XING (New Work SE, Dammtorstraße 29-32, 20354 Hamburg, Germany, hereinafter referred to as "XING"), which we link to on our website via the XING icon. As long as you do not click on the link, XING will not receive any data from you. If you click on the link, for example to view our company presence on XING, XING will receive data from you (which data XING receives also depends on whether you are logged in to XING with your user profile while you click on the page or not). XING also uses so-called cookies, which are stored on your device when you visit our company website, even if you do not have your own XING profile or are not logged into it during your visit to our company website. Among other things, these cookies allow XING to use tracking tools and display personalized advertising (inside and outside Xing). Cookies remain on your device until you delete them. You can find more information about the cookies used by Xing at https://privacy.xing.com/de/datenschutzerklaerung/druckversion

According to its own information, XING uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including recipients who are not based within the EU. XING bases this data processing on various legal bases, which you can find in detail in XING's privacy policy. The privacy policy can be found at the following link https://privacy.xing.com/de/datenschutzerklaerung/druckversion

While Xing uses this data under its own responsibility for various purposes, we can only see aggregated data on our company website, i.e. statistics that no longer have any personal reference.

Furthermore, if you are logged in with your user profile when you visit our XING company website, we may receive additional information about you. The extent to which we see such additional information about you (e.g. your name, activity information, the time of your page visit) depends on the settings you have made in your XING user profile. You can use your XING user profile to control in detail which data we receive about you personally.

Our legitimate interests in the processing of personal data lie in the use and linking of various communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

If you use our Xing presence to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. You can inform us at any time (see section 1 above) that we should delete the data provided in the course of the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

7. Integration of YouTube Videos on Our Website

We integrate videos from YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the purpose of making our website appealing. In the following, the term "YouTube" is used for the video portal, the term "Google" for the operator of this portal.

When integrating YouTube videos, we use the extended data protection mode, in which, according to the provider, information about you is only shared with Google if you activate the video by clicking on the play button of the video.

If you activate the video, Google may use cookies to collect information for analysis and advertising purposes and to improve user-friendliness. According to Google, the data is processed pseudonymously. However, especially if you are logged into your Google or YouTube account, the data may be linked directly to these accounts.

According to its own information, Google uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including recipients who are not based within the EU. Google bases this data processing on various legal bases. You can find an overview of this in Google's privacy policy, which you can access at the following link: https://policies.google.com/privacy?hl=de

In addition, so-called Google Fonts (fonts provided by Google) may be loaded when the video is played.

We have embedded YouTube videos on our website in such a way that they are only loaded once you have given your consent. The legal basis for the integration of the YouTube service on our website and the associated processing of your data is therefore your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

If YouTube sets cookies when you actively click on and play a YouTube video on our site, we process your data on the basis of your consent (Section 25 (1) TDDDG or Art. 6 (1) sentence 1 lit. a GDPR).

You can withdraw your consent in accordance with the aforementioned legal bases at any time by changing the data protection settings on our website.

Note on Data Transfers to the USA:

However, Google Ireland Ltd. is a subsidiary of the US group Google, which means that your personal data may also be transferred to US Google group companies (in particular Google LLC) and Google servers located in the USA. The USA is a third country within the meaning of the GDPR for which the EU Commission has issued an adequacy decision (the so-called "EU-US Data Privacy Framework" or "EU-US DPF"). Google LLC is certified as a US company under the EU-US DPF.

8. Registration / Login to the emplify automate Tool

We provide our emplify automate tool at https://automate.emplify.de/, which you as an employer can use to publish job advertisements on various job boards.

In order to use our emplify automate tool, you must first create a customer account. If you decide to create a customer account, you must provide us with the following information:

• First and last name
• Name of the company
• Your position in the company
• E-mail address
• Phone number

All other information is voluntary. We store the following voluntary information together with your e-mail address if you provide it to us:

• Number of vacancies

Your data will be used for the purpose of managing your customer account and providing the associated functions, such as processing your customer data and displaying and managing your job advertisements. The legal basis for the storage of your customer account data is Art. 6 para. 1 sentence 1 lit. b GDPR or, if you do not set up the customer account in your own name but as a representative of the respective employer company, Art. 6 para. 1 sentence 1 lit. f GDPR, as it corresponds to our legitimate interest.

The data will be stored for as long as is necessary for the provision of the emplify automate tool and within the scope of our obligations arising from any user contract with you or the employer company. Beyond this, we only store your data in order to comply with our legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR). In this case, we block your data to the extent that it is only processed for the necessary purposes.

In addition to the aforementioned data, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is in our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security of our systems and to counteract misuse. This additional data will be deleted as soon as it is no longer required, at the latest when the contract with you has been completed.

9 Use of Tracking Technologies

9.1 Meta Pixels and Use of Other Meta Technologies

On our website, we use the analytics tool Meta Pixel (formerly "Facebook Pixel") from Meta Platforms Inc. and Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland ("Meta"). The Meta Pixel works with a JavaScript code snippet that is executed when someone opens a page or performs a certain action. We use it to analyze the effectiveness of our advertising. We cannot identify individual users via our Facebook Business profile or specifically address them with advertising, but only user groups.

We use the Meta Pixel in such a way that the sending of pixel actions to Meta is interrupted until the cookie consent has been given. The legal basis for the setting of these cookies and the subsequent further processing of your personal data is your consent (Section 25 (1) TTDSG, Art. 1 (1) sentence 1 lit. a GDPR). You can revoke your consent at any time via the data protection settings on our website.

The meta pixel can record the following data:

HTTP header - all information that is usually contained in HTTP headers, e.g. IP addresses, information about the web browser, the location of the page, the document, the referrer and the person using the website.

Pixel-specific data - including the pixel ID and the Facebook cookie.

Click data for buttons - all buttons that visitors to the website have clicked on, the labels of these buttons and all pages that were accessed as a result of these button clicks.

Optional values - we can optionally specify that additional information about the visit is sent via custom data events. Examples of custom data events include conversion value and page type.

Form field names - Including website field names such as "email", "address", "quantity", for the purchase of a product or service.

With the Meta Pixel, we want to ensure that visitors to our website are shown advertisements on Facebook who fulfill certain characteristics (interest in certain products, gender, certain age, live in a certain city, etc.). Meta calls the grouping of users based on certain characteristics "Custom Audiences". The advertising on Facebook should be shown to potentially interested parties and not to those who are unlikely to be interested in our product. Our Custom Audience therefore consists of the "Website Custom Audiences" function, i.e. the meta pixel matches visitors to our website with people on Facebook so that we can then create a Facebook ad for this target group. This is called "retargeting".

The pixel also helps to statistically track the effectiveness of advertisements. This is called meta "conversion". The meta pixel tells us whether people in the target group have visited our website, searched for a specific product on our website, looked at a specific product or product category, whether a purchase has been initiated, whether a purchase has been completed. The meta pixel also tells us whether people were directed to our site from a paid search engine result and whether people are interested in special offers. We can only see from the statistics whether or that this has happened - we cannot identify individual people.

In addition, our custom audience may also consist of "engagement custom audiences" (custom audiences by interaction) in relation to user interactions on Instagram or Facebook. "Engagement" means, for example, that a person has clicked on a video on our Facebook page or that the person has followed our Instagram profile or left a comment there. With Engagement Custom Audiences, we can show ads to these people.

While Engagement Custom Audiences are based on actions within the meta technologies, Website Custom Audiences are based on actions that take place on our website and are recorded by the meta pixel. Data is therefore only collected via the meta pixel in the latter case.

We also use the "Lookalike Audience" function. This allows us to reach new people who are likely to be interested in our company because they are similar to our existing customers.

In your Facebook profile, you can choose whether you want to receive personalized advertising. You can object to the collection by the meta pixel and the use of your data for Facebook Ads (as part of a Custom Audience). If your browser does not accept third-party cookies, the meta pixel will not be set.

You can find the Facebook data policy here: https://www.facebook.com/policy.php. You can find more information from Meta about the Meta Pixel here: https://www.facebook.com/business/help/651294705016616

We have concluded an order processing contract with Meta. You can find out more at https://www.facebook.com/legal/technology_terms, https://www.facebook.com/legal/terms/dataprocessing and https://www.facebook.com/legal/EU_data_transfer_addendum/update

Note on Data Transfers to the USA:

The Meta Pixel is used on the basis of a contract that we have concluded with Meta Platforms Ireland. However, Meta Platforms Ireland is a subsidiary of the US group Meta Platforms Inc., which means that your personal data may also be transferred to US Meta group companies (in particular Meta Platforms Inc.) and Meta servers located in the USA. The USA is a third country within the meaning of the GDPR, for which an adequacy decision of the EU Commission (the so-called "EU-US Data Privacy Framework" or "EU-US DPF") exists. Meta Platforms Inc. is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/

9.2 Google Analytics 4

The analytics service Google Analytics 4 is implemented on our website, which is offered for users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "Google Analytics 4"). You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=de.

We have concluded an order processing contract with Google Ireland Limited in accordance with Art. 28 GDPR.

Google Analytics 4 can record the following information, among others:

• Type of Internet browser used
• Version of the Internet browser
• the operating system you are using
• selected language
• Data on the requesting end device
• Referrer (previously visited website)
• Your IP address (according to Google, the IP address is only used temporarily to determine a rough location of the requesting end device (city level) and then deleted),
• (Rough) location data, i.e. city (including its longitude and latitude), continent, country, region and subcontinent of the requesting end device
• Date and time of the server request
• The duration of the session

• The click and scroll behavior including playing media, internal searches, sharing content

• Webshop interactions, such as product views and orders.

Google Analytics 4 only uses the IP address to derive location data. According to Google, IP addresses are otherwise not logged or stored.

We are only shown statistics via Google Analytics 4, which we use to optimize our website and offers. We have also configured Google Analytics 4 so that Google is not allowed to use the data for its own analysis of online trends or to improve its own products and services.

Before we use Google Analytics 4 to analyze your website visit, we obtain your consent to the processing of your personal data (Art. 6 para. 1 sentence 1 lit. a GDPR) and to the setting of the necessary cookies (§ 25 para. 1 TDDDG). Further information on the cookies used can be found in our cookie information.

The legal basis for the processing of your personal data and the setting of cookies in the context of Google Analytics 4 is therefore your consent in accordance with Section 25 (1) TDDDG and Art. 6 (1) sentence 1 lit. a GDPR.

You can withdraw your consent in accordance with the aforementioned legal bases at any time by changing the data protection settings on our website.

Note on Data Transfers to the USA:

The use of Google Analytics 4 is based on a contract that we have concluded with Google Ireland Ltd. However, Google Ireland Ltd. is a subsidiary of the US Google Group, which means that your personal data may also be transferred to US Google Group companies (in particular Google LLC) and Google servers located in the USA. The USA is a third country within the meaning of the GDPR for which the EU Commission has issued an adequacy decision (the so-called "EU-US Data Privacy Framework" or "EU-US DPF"). Google LLC is certified as a US company under the EU-US DPF, see https://www.dataprivacyframework.gov/

You can also prevent the collection of your personal data by Google Analytics 4 and the processing of this data by Google by downloading and installing the browser add-on available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de) to deactivate Google Analytics.

Finally, you can also prevent the storage of Google cookies yourself by making the appropriate settings in your browser settings.

10. Cookie Consent Tool

In order to obtain and document the consent of our visitors to the cookies we use, we set a technically necessary cookie ("cookie-consent") to store your cookie consents. This cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again. You can find more information on this in our cookie information.

11. Contact emplify and emplify Switzerland by E-mail or Telephone

You have the option of contacting emplify and/or emplify Switzerland via the e-mail addresses or telephone numbers provided on the website. To process incoming contact requests, emplify and emplify Switzerland use a common IT infrastructure and jointly determine the purposes and means of processing. Thus, emplify and emplify Switzerland are jointly responsible according to Art. 26 GDPR.

Your personal data transmitted in this way will be processed exclusively in order to process your contact appropriately, whereby this corresponds to our legitimate interest. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified.

If your contact is aimed at concluding a contract with us, the legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. This data is stored for as long as it is required for the performance of the contract or pre-contractual measures. Beyond this, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

You can inform us at any time (see section 1 above) that we should delete the data provided during the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

12. Contacting emplify and emplify Switzerland via Contact Form

You can contact emplify and/or emplify Switzerland electronically via the contact form on our website, e.g. to provide us with feedback, to send inquiries about the services we offer or to ask us general questions. If you use this option, you transmit the following data to us:

• Name
• e-mail
• Your message to us

Inquiries received via the contact form are processed centrally by emplify, even if they are addressed to emplify Switzerland. This means that your request will be viewed by emplify employees. Your data will not be passed on to third parties and emplify will not use your data for other purposes. emplify and emplify Switzerland have decided to jointly use a central contact form and thus jointly determine the purposes and means of processing, which is why emplify and emplify Switzerland are jointly responsible in accordance with Art. 26 GDPR.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR and - if you have given us your consent - Art. 6 para. 1 sentence 1 lit. a GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified. If we

If your contact is aimed at concluding a contract with us, the additional legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.
The data will be stored for as long as it is necessary for the performance of the contract or pre-contractual measures. Beyond this, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

In addition to the data you provide to us, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is in our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) to ensure the security of our systems and to counteract misuse. This data, which we also collect when you contact us, will be deleted as soon as it is no longer required, at the latest when your contact request has been fully clarified.

You can inform us at any time (see section 1 above) that we should delete the data provided during the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

13. Application Procedure (via on apply)

On our website, we provide information about vacancies in the emplify and emplify Switzerland team and you can submit your application to us via our website with the third-party provider on apply (On-apply GmbH, Schumannstraße 27, 60325 Frankfurt am Main, hereinafter "on apply"). We also use on apply to centrally manage applications via the applicant management system offered by on apply. The tool helps us to recruit new employees and to receive and manage applications in one central location. We have concluded an order processing contract with on apply, in which on apply has undertaken to protect the data of our applicants and to process it exclusively in accordance with our instructions.

The vacancies in our teams are displayed by integrating the on apply software within our website. A connection to the on apply server is therefore required in order to be able to show you the vacancies, which results in your IP address being transmitted to on apply. We have embedded the on apply software on our website in such a way that job advertisements are only loaded once you have given your consent. The legal basis for the integration of the on apply service on our website for the purpose of displaying open job advertisements and the associated processing of your data is therefore your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

If you would like to find out more information about an open position, you will be redirected to our website at on apply. If you apply via the online application management system at on apply, you must provide the following information and documents:

• Salutation
• First and last name
• E-mail address
• Salary expectations
• Application documents (optional)
• Comment (optional)

It is up to you which data you make available to us in the documents you create.

Incoming applicant data, even if you apply for a job advertisement for emplify Switzerland, will be processed centrally by emplify to handle your application process. This means that your application will be viewed by emplify employees who are responsible for pre-selection. Your data will not be passed on to third parties and emplify will not use your data for other purposes. emplify and emplify Switzerland have decided to jointly use a central applicant portal for the publication of job advertisements and thus jointly determine the purposes and means of processing, which is why emplify and emplify Switzerland are jointly responsible in accordance with Art. 26 GDPR.

The legal basis for the processing of your data is Art. 88 para. 1 GDPR in conjunction with. § 26 BDSG. The legal basis for the transfer of applicant data that apply for a job advertisement for emplify Switzerland to emplify for further processing is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in the legitimate interest of both companies to centralize application procedures at emplify in order to standardize processes and decisions and to reduce costs.

If we reject your application, we will only store the data for as long as necessary, for a maximum period of six months, unless you give us your consent to store the applicant data for longer in order to contact you after this period has expired. If you give us your consent for longer storage, we will delete your data at the latest as soon as one year has passed since the last application-related contact between you and us.

The legal basis for this processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 88 para. 1 GDPR in conjunction with. § Section 26 BDSG and - if you have given us your consent - Art. 6 para. 1 sentence 1 lit. a GDPR. In this respect, our legitimate interest lies in being able to inform you of a change in our decision shortly after your application has been rejected or to inform you of any identical new job advertisements

Upon your request (e.g. by e-mail), all personal data relating to the application will be deleted, unless a longer storage period is necessary to protect our legitimate interests and unless your interests prevail (Art. 6 para. 1 sentence 1 lit. f GDPR).

In addition to the data that you voluntarily provide to us, we may receive the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we also collect during your application via the online application management, will be deleted as soon as it is no longer required, at the latest after completion of the application process.

14. Kununu Widget

We have integrated the Kununu widget of New Work SE, Am Strandkai 1, 20457 Hamburg (hereinafter "Kununu") on our website in order to display our current employer rating on our website.

When you call up the page on which we have integrated the widget, your browser establishes a short-term connection to the Kununu server in order to display the widget. As a result, Kununu receives your IP address, browser data and the information that you are currently visiting our website. According to Kununu's own information, this data and other personal data is not stored by Kununu. In particular, Kununu does not store any IP addresses and there is no evaluation of your usage behavior through the use of cookies in connection with the "kununu widget".

We have integrated the widget in such a way that it is only displayed with your consent. The legal basis for the processing of your data is therefore Art. 6 para. 1 sentence 1 lit. a GDPR. If cookies are set in connection with the display of the widget, the legal basis for this is Section 25 (1) TDDDG.

If you click on the widget, you will be taken to our company page on the "Kununu" platform. On this page, you can view our current employer rating in the file section. If you click on the widget, for example to view our company page on Kununu, Kununu will receive data from you (which data Kununu receives also depends on whether or not you are logged in to Kununu with your user profile when you click on the page).In addition, Kununu uses so-called cookies, which are stored on your end device when you visit our company website, even if you do not have your own Kununu profile or are not logged into it during your visit to our company website. Among other things, these cookies allow Kununu to use tracking tools and display personalized advertising (inside and outside of Kununu). Cookies remain on your device until you delete them. You can find more information about the cookies used by Kununu at https://privacy.xing.com/de/datenschutzerklaerung

According to its own information, Kununu uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including recipients who are not based within the EU. Kununu bases this data processing on various legal bases, which you can find in detail in Kununu's privacy policy.

While Kununu uses this data under its own responsibility for various purposes, we can only see aggregated data on our company website, i.e. statistics that no longer have any personal reference. You can find more information on the aforementioned statistics at https://arbeitgeber-support.kununu.com/hc/de/articles/5140290478993-Statistiken-zum-Firmenprofil.

Our legitimate interests in the processing of personal data lie in the use and linking of various communication channels, marketing via high-reach social media platforms and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. If you consent to data processing (in particular to the setting of cookies), the processing is also carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

15. Joint Data Processing, Data Transfers

As described in sections 11 to 13, the processing of incoming contact requests and applications by emplify and emplify Switzerland is carried out under joint responsibility in accordance with Art. 26 GDPR. emplify and emplify Switzerland have concluded a corresponding agreement in accordance with Art. 26 GDPR, the main content of which we present to you below:

emplify and emplify Switzerland cooperate in order to process inquiries from interested parties or customers as well as application procedures centrally as simply, efficiently and cost-effectively as possible. The data exchange that takes place for this purpose is generally directed towards emplify as the company that has the necessary human resources.

emplify and emplify Switzerland access jointly used human resources and IT systems as part of the cooperation. Access by both controllers is only granted to the extent necessary to fulfill the obligations arising from the cooperation. The responsibilities with regard to data processing are divided between the parties as follows:

In the case of contact requests received by e-mail and/or telephone, emplify or emplify Switzerland is responsible for the collection of personal data, depending on who the contact request is addressed to; in the case of applications received via on apply, emplify is responsible for the collection of personal data;
Personal data collected from interested parties and/or customers is stored in the shared IT infrastructure for which both emplify and emplify Switzerland are responsible. Personal data of applications received via on apply are stored within the on apply software solution, which is managed by emplify.
Both companies are responsible for changing and deleting the data, restricting its processing and transferring it in accordance with Art. 20 GDPR.
Both companies may use the data for the purposes specified in this contract.
emplify and emplify Switzerland will inform each other immediately, in particular about the assertion of data subject rights, violations of the protection of personal data and inquiries from data protection supervisory authorities.
emplify is the central point of contact for the assertion of your data subject rights. Nevertheless, you can always assert your rights under the GDPR against a controller of your choice.

In the case of data processing in which emplify Switzerland is involved on the basis of the above-mentioned agreement, data is transferred to Switzerland. Switzerland is a so-called third country, i.e. a country outside the EU and the European Economic Area (EEA), for which, however, an adequacy decision of the EU Commission exists. All data transfers to Switzerland are subject to the requirements of this adequacy decision.

16. Your Rights

If we process your data, you are a "data subject" within the meaning of the GDPR. You have the following rights: right of access, right to rectification, right to restriction of processing, right to erasure, right to information and right to data portability. You also have the right to object, the right to withdraw consent and the right to lodge a complaint with the supervisory authority.

Below you will find some details on the individual rights:

16.1 Right to Information

You have the right to request confirmation from us as to whether we are processing your personal data. If we process your personal data, you have the right to obtain information in particular about the processing purposes, categories of personal data, recipients or categories of recipients and, if applicable, the storage period.

16.2 Right of Rectification

You have the right to correct and/or complete the data that we have stored about you if this data is incorrect or incomplete. We will make the correction or completion without delay.

16.3 Right to Restriction of Processing

Under certain circumstances, you have the right to request that we restrict the processing of your personal data. An example of this is if you dispute the accuracy of your personal data and we need to verify the accuracy for a certain period of time. Your data will only be processed to a limited extent for the duration of the check. Another example of restriction is if we no longer need your data, but you need it for a legal dispute.

16.4 Right of Deletion

In certain situations, you have the right to request that we delete your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected it or if we have processed your data unlawfully. Another example would be if we process your data on the basis of your consent, you withdraw your consent and we do not process the data on any other legal basis. However, your right to erasure does not always apply. For example, we may process your personal data in order to comply with a legal obligation or because we need it for a legal dispute.

16.5 Right to Information

If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom we have disclosed your personal data of the rectification, erasure or restriction of processing of your data, unless this proves impossible or involves a disproportionate effort.

16.6 Right to Data Portability

Under certain conditions, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to have this data transmitted to another controller. This is the case if we process the data either on the basis of your consent or on the basis of a contract with you and that we process the data using automated procedures.

You have the right to obtain that we transfer your personal data directly to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not affected by this.

16.7 Right of Objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is associated with direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.

16.8 Right of Withdrawal

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not retroactively invalidate the lawfulness of the processing.

16.9 Right to Lodge a Complaint With a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you may exercise your right to lodge a complaint in the Member State of your place of residence, your place of work or the place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.

You can find an overview of the respective state data protection officers and their contact details under the following link:

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

17 Status and Topicality of This Data Protection Information

Status: October 2, 2024

Cookie Information

We use cookies on our website. Cookies are text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. Cookies are then sent to the server of our website with every server request or page view. A cookie can therefore identify your Internet browser when you visit the website again. Some of the functions that we have integrated into our website also use web storage objects. These work in a similar way to cookies, but are temporarily stored in your browser and are generally not transmitted to the server.

There are session cookies, which are deleted when the browser is closed, and there are persistent cookies, which are stored on the hard disk until their preset expiration date is reached or until they are actively removed by you. Web storage objects are divided into local storage objects, which never expire, and session storage objects, which are deleted when the browser is closed.

A distinction is made between first party cookies (only visible from the domain you are currently visiting) and third party cookies (visible across domains and regularly set by third parties).

Cookies and web storage objects are divided into the following categories:

• Technically necessary: These are absolutely necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes or store which web pages you have visited. The legal basis for setting technically necessary cookies and web storage objects is Section 25 (2) TDDDG.
• Optional: These are used, for example, for analysis and marketing purposes and to display external content such as videos. Analysis cookies and web storage objects collect information about how you use a website, which pages you visit and, for example, whether errors occur when using the website. Marketing cookies and web storage objects are used to show you customized advertising on the website or offers from third parties and to measure the effectiveness of these offers. These are technologies that are not technically necessary. The legal basis for setting these cookies and web storage objects is therefore your consent in accordance with Section 25 (1) TDDDG.

Please note the following: You can ensure yourself that no cookies and similar technologies are stored on your computer at all, or that the storage of only certain cookies is permitted. You can select this in your Internet browser settings. You can also view and delete the stored cookies there. If you block all cookies, it is possible that not all functions of our website will be available to you.

Right of Revocation and Removal

As stated above, you can enable or restrict the transmission of cookies and similar technologies by changing the settings in your Internet browser. You can delete cookies and web storage objects that have already been saved by your internet browser at any time. If cookies and web storage objects are restricted or deactivated for our website, it is possible that not all functionalities can be used.

Information About the Cookies and Web Storage Objects on Our Website:

We use the following cookies and web storage objects on our website: