We would like to inform you here about the processing of your personal data and explain your rights as a data subject within the meaning of the European General Data Protection Regulation (hereinafter “GDPR”) when you visit our website. In addition, we provide you with supplementary data protection information on the following topics:
Responsible for the processing of personal data within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
thingsTHINKING GmbH
represented by the managing directors Dr. Sven J. Körner and Dr. Mathias Landhäußer
Haid-und-Neu-Straße 7, 76131 Karlsruhe
Email: privacy@thingsthinking.net
– hereinafter referred to as thingsTHINKING –
Susanne Göthel
c/o thingsTHINKING GmbH
Haid-und-Neu-Straße 7
D -76131 Karlsruhe
Email: privacy@thingsthinking.net
In some cases, we use contract processors within the meaning of Art. 28 GDPR to process your personal data. Such service providers who are bound by our instructions are only used if they meet a high level of information security and thus also data protection standards.
Your personal data will not be processed for the purpose of automated decision-making (including profiling) in accordance with Art. 22 (1) GDPR.
Please note that if you do not provide us with your personal data, you will not be able to use all functions and services provided via the website or any of the tools we use. For the processing of your personal data, the basic rule is that we only process your data if this is required by law or contract or if you have given us your consent. In some cases we may process your personal data because we have a legitimate interest in doing so.
We use the encryption technology “Transport Layer Security” or “TLS” for short on our website. This is a protocol that transmits data over an encrypted connection on the Internet. The encryption protects the data from unauthorized access by third parties and from manipulation or forgery. In addition, TLS allows authentication and verification of the identities of the recipient and sender.
The provider of our website automatically processes data in so-called server log files, which your browser automatically transmits when you access our website. This includes the following data:
The data is processed in order to be able to display the website to you and to ensure the security and stability of the technology systems used. It cannot be ruled out that the data will be processed in order to provide law enforcement authorities with the necessary information for law enforcement purposes in the event of a cyber attack or to assert our civil claims.
We have a legitimate interest in data processing within the meaning of Article 6 (1) (f) GDPR. We legitimately have an interest in a secure and stable website and in asserting our civil claims and successful criminal prosecution.
The data is stored in the log files of the IT system of the host of our website. The data will be deleted as soon as the purpose of the processing has been fulfilled or can no longer be fulfilled. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.
If you contact us, we will process the data you have provided. Depending on the means of communication used (e.g. e-mail or telephone), this relates to personal data such as your name and contact details.
We process your personal data in order to be able to process your request, which you communicated to us when you contacted us.
The processing can be based on different legal bases depending on the case. For example, Article 6 (1) (b) GDPR applies if your request relates to a contract concluded with us. In any case, we have a legitimate interest in processing your contact request within the meaning of Article 6 (1) (f) GDPR.
The data will be deleted as soon as the purpose of the processing has been fulfilled or can no longer be fulfilled. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.
We use the “HubSpot” service for the purposes described below. The provider is HubSpot Inc., a software company from the USA with a branch in Ireland, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. (hereinafter “HubSpot”).
Before we present the processing purposes, please note the following fact: It cannot be ruled out that personal data will be transmitted to the USA when using HubSpot. From the point of view of the European Union (“EU”), the USA does not offer an adequate level of protection for the processing of personal data in line with EU standards. According to the judgment of the European Court of Justice (“ECJ”) of July 16, 2020, Az. C-311/18 (also known as “Schrems II”), the previously applicable EU-US Privacy Shield cannot guarantee an adequate level of protection. For example, there is a risk that your personal data will be disclosed to US intelligence services due to the so-called CLOUD Act (“Clarifying Overseas Use of Data Act”). Consider this fact before you agree to the use of Google cookies and thus trigger the transfer of your personal data to the USA. To protect your personal data, the security of any transmission to the USA is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of data protection comparable to that in the EU.
HupSpot’s privacy policy can be found at the following links: https://legal.hubspot.com/privacy-policy and https://legal.hubspot.com/security.
We look forward to hearing from you. For this purpose we provide you with a contact form on our website. If you use the contact form, the personal data you provide will be transmitted to us. In addition, other personal data is processed in particular:
-General-
We process your personal data in order to process your request and to be able to contact you for the purpose of direct marketing.
-On the Occasion of Events-
At events or other occasions where we meet you, we offer to continue to stay in touch with you. In order to be able to contact you afterwards, we offer a contact form where you can enter your contact details. We will only use this data to contact you again if you have expressed interest in semantha or our team.
The processing of your personal data is based on your consent, which we ask for before the sending process. Depending on the content of your request, the processing can also be based on other legal bases. For example, Article 6 (1) (b) GDPR applies if your request relates to a contract concluded with us.
The data will be deleted as soon as you revoke your consent. If the processing of your personal data is not (only) based on your consent, but also serves, for example, the fulfillment of a contract, we will delete your data when the purpose of the processing has been fulfilled, can no longer be fulfilled and there is no longer a retention period. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.
We use the “Hubspot” e-mail marketing service to send newsletters. With the Hubspot service, the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter, such as your e-mail address, is generally stored on Hubspot’s servers in Germany. Our newsletters sent with Hubspot enable us to analyze the behavior of the newsletter recipients. Among other things, it can be analyzed here how many recipients have opened the newsletter and how often which link in the newsletter was clicked.
By analyzing the newsletter campaigns, we are able to better control our newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients.
The processing of your personal data is based on your consent, which means that the legal basis is Article 6 (1) (a) GDPR. You can revoke your consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected. If you do not wish HubSpot to carry out an analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter.
The personal data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted both from our servers and from the servers of HubSpot after you have canceled the newsletter.
We offer a live chat feature on our website that allows you to start an online conversation with us. When using the chat function, the personal data you provide will be transmitted to us. This may include the following data, for example:
We process your personal data in order to process your request. If you allow us to do this during the conversation, we will store your contact details and your request in our CRM system so that we can continue to process your request individually and in a targeted manner.
The processing of your personal data using the chat function is based on your consent, which is obtained automatically before the start of the chat. Depending on the content of your request, the further processing of your data can also be based on other legal bases. For example, Art. 6 Para. 1 lit b GDPR applies if your request is aimed at concluding a contract.
If the data processing is only based on your consent because you only use the chat function for information purposes, we will delete your data as soon as you revoke your consent and there are no other legal grounds to prevent deletion. You can address the revocation to privacy@semantha.de . In any case, the data will be deleted as soon as the purpose of the processing has been fulfilled. The exact time of deletion is to be determined for each individual case. In any case, the storage will be terminated if civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.
We offer you the opportunity to receive a white paper free of charge. If you take advantage of this, you also consent to your personal data being processed for marketing purposes.
We process the data you provide in the form, on the one hand, to send you the requested whitepaper and, on the other hand, to contact you subsequently for marketing purposes.
The legal basis for the processing is based on your consent Art. 6 I lit. a DSGVO.
We will delete the data as soon as you revoke your consent and there are no other legal grounds for deletion. You can address the revocation to privacy@semantha.de. In any case, the data will be deleted as soon as the purpose of the processing has been fulfilled. The exact time of deletion is to be determined for the individual case. In any case, the storage will be terminated as far as civil claims according to § 199 BGB (German Civil Code) are statute-barred or a criminal prosecution is no longer possible due to the occurrence of the statute of limitations according to §§ 78, 79 StGB (German Criminal Code).
Within the scope of this processing activity, we use the Hubspot tool, which is why we refer to the above explanations as a supplement.
We use the web analytics service “Google Analytics” on our website. The provider is Google Ireland Limited (hereinafter “Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies (“Google cookies”), which enable an analysis of your use of the website. To do this, Google stores cookies in your browser that contain a randomly generated user ID in order to recognize you on future visits. In this way, the recorded data enable the evaluation of pseudonymous user profiles.
During your visit to our website, the following data is recorded, among other things:
You can prevent the storage of cookies by declaring that you reject the use of Google cookies via the consent tool when you visit our website. You can also prevent Google cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the Google cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link (http://tools.google.com/dlpage/gaoptout?hl=de) Download and install the available browser plugin. You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when you visit this website:
In joint responsibility with Google, the above information is used to evaluate your use of our website in order to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Cookies are only used if you agree. To comply with your consent, we have implemented a cookie layer on our website. If you click on “OK” on this, you give us your consent to set cookies. The legal basis for the processing is Article 6(1)(a) GDPR.
If you agree to the use of Google cookies, your personal data will be processed in the USA, among other places. From the point of view of the European Union (“EU”), the USA does not offer an adequate level of protection for the processing of personal data in line with EU standards. According to the judgment of the European Court of Justice (“ECJ”) of July 16, 2020, Az. C-311/18 (also known as “Schrems II”), the previously applicable EU-US Privacy Shield cannot guarantee an adequate level of protection. For example, there is a risk that your personal data will be disclosed to US intelligence services due to the so-called CLOUD Act (“Clarifying Overseas Use of Data Act”). Consider this fact before you agree to the use of Google cookies and thus trigger the transfer of your personal data to the USA.
Google Analytics stores cookies in your browser for a period of two years since your last visit.
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can find Google’s data protection information under the following link: https://policies.google.com/privacy?hl=de
Further information on terms of use and data protection can be found https://www.google.de/intl/de/policies/
We use the reCaptcha service from Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043 USA (hereinafter “Google”).
Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you are visiting and on which the Captcha is integrated, the date and duration of the visit, the identification data of the device used Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. Google processes your personal data on its own responsibility. Nevertheless, we will inform you below about data processing by Google as far as possible.
The tool can be used to determine whether a person or a computer makes a specific entry in our contact or newsletter form.
Basis for the use of Google reCAPTCHA is Article 6 Paragraph 1 Sentence 1 lit. f GDPR. There is a legitimate interest on our part in this data processing, to ensure the security of our website and to protect us from automated input (attacks).
Unfortunately, we do not know how long Google actually stores the data.
Your personal data will be transmitted to and processed by Google servers in the USA. It cannot be ruled out that your personal data will be passed on to third parties, please see the explanations above.
You can find Google’s data protection information under the following link: https://policies.google.com/privacy?hl=de
We use the LinkedIn Analytics service from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). The service is a conversion tracking technology and the retargeting function of LinkedIn. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn processes your personal data under its own responsibility. Nevertheless, we will inform you below about data processing by LinkedIn as far as possible.
The technology can be used to show you personalized advertisements on LinkedIn. In order to be able to optimize the advertisements, we receive anonymous reports from Linkedin on the performance of the advertisements and information on website interaction.
Basis for the processing of your personal data is Article 6 Paragraph 1 Clause 1 Letter a GDPR. The processing of your personal data is based on your consent, which you can give or refuse when you visit our website. You can also deactivate data processing at any time under the following link if you are logged in to LinkedIn: https://www.linkedin.com/psettings/enhanced-advertising.
The data will be anonymized within seven days and the anonymized data will be deleted within 90 days.
You can find LinkedIn’s data protection information under the following link: https://www.linkedin.com/legal/privacy-policy
We have not embedded any social media plugins. Instead, to protect your personal data, we only link to the platform of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter “Twitter”) and the Linkedin platform of Linkedin Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
If you follow a link, you will be directed to the respective website of the above-mentioned company. The processing of your personal data on these websites is therefore outside our area of responsibility. For the sake of completeness, however, we would also like to inform you in the case of links within the meaning of Art. 13 DSGVO, as far as this is possible for us:
On our website, we have given you the opportunity to obtain information about our company and our work via various channels and also to comment on it through the links.
Basis for linking is Article 6 Paragraph 1 Clause 1 Letter f GDPR, as we have a legitimate interest in increasing the attractiveness of our website.
As soon as you follow one of the links and thereby leave our website, the website operators of the linked websites take over the processing of your personal data. We cannot make any statements about how long an external company will process your data. For more information on Linkedin’s respective privacy policies, visit: https://www.linkedin.com/legal/privacy-policy.
You can find Twitter’s privacy policy here: https://twitter.com/de/privacy
This website uses cookies. Cookies are small text files with information that are stored by a web server on a device. This enables settings to be saved and a visitor to a website to be recognized. In this way, for example, a website can be made more attractive and user-friendly. We only set non-essential cookies if you have consented to this.
When you visit our website, you will see the Cookie-banner, which asks whether you consent to the use of cookies. In addition, a persistent cookie is set in your browser that saves your decision. You can control the storage and use of cookies by making the appropriate settings in your browser or by subsequently revoking the consent you gave when you accessed our website. If you deactivate the cookies, you may no longer be able to use all the functions of our website – comprehensively.
The tool is used to obtain the legally required consent for the use of cookies and to document this in accordance with data protection regulations.
Basis for the use of the HubSpot Cookie Layer is Article 6 Paragraph 1 Sentence 1 lit. c, f GDPR, because we have a legitimate interest in using such a tool to request the legally required consent.
The HubSpot Cookie-Layer stores your decision for 12 months, after which you will be asked again when you visit our website whether you consent to the use of cookies.
Your decision about the use of cookies is automatically anonymized and encrypted. There is therefore atransmission of personal data to HubSpot.
How nice that you are interested in our company and want to apply or have already done so. Since we process your personal data as part of the application process, we will inform you below about the data processing that takes place in connection with your application.
The categories of personal data that you provide to us through your application and that we process include:
Applicant master data such as full name, title, nationality, date of birth. Contact details such as address, telephone numbers, e-mail address; Qualification data such as application documents, certificates, proof of work; Special categories such as health data (e.g. severely disabled status), religious affiliation.
You are not always the only ones we receive data from. It is also possible that we obtain your personal data from public networks such as LinkedIn or that we receive it from headhunters.
Sometimes we also work with service providers who support us in the search for potential team members. If the processing of personal data is carried out for us by a third party, we conclude order processing contracts with them and ensure that the service providers work on our instructions. We currently use LinkedIn to post jobs on it. If you use LinkedIn’s application function, LinkedIn will also process your data. You can find LinkedIn’s data protection information here: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
If we receive application documents in paper form, we digitize them and save them then file them in a digital application file. The paper documents will be returned to our relief. If we receive the application documents by e-mail, we also store them in a digital application file. This also applies if you send us the application documents via another digital channel (e.g. via LinkedIn). If the application documents are received directly via the form on the website, the application ends up in our ticket system and is processed there. This means that the persons responsible at thingsTHINKING, i.e. this means first and foremost our HR department and the department responsible for the specific application, check the application. If we are impressed by an application, we will contact you using the contact details you have provided.
If there is no suitable position available, we offer to include you in our talent pool. If you give us your consent, we will move the applicant file to our talent pool and get back to you as soon as a suitable position becomes available.
We process your personal data in order to compare our vacancies with your qualifications. If there is a match, we use the data to get to know you better. For example, we invite you to an interview. If you would not provide us with your data, we would not be able to carry out the application process.
The application process begins upon your request, which is why Art. 6 (1) lit. b, Art. 88 GDPR in conjunction with § 26 BDSG is the legal basis. According to this provision, processing is permissible if it is necessary in connection with the decision to establish an employment relationship. In addition, other laws may apply to processing, such as the General Equal Treatment Act. In the case of the processing of special categories of personal data within the meaning of Art. 9 GDPR, further occupational safety laws must be observed, so the legal basis in such cases is Art. 9 (2) lit. b, Art. 88 GDPR in conjunction with § 26 (3) BDSG. Special personal data can also be processed if you have previously consented to this, Art. 9 (2) lit. b, Art. 88 GDPR in conjunction with § 26 (2), (3) BDSG applies.
If you have given your consent to be included in the Talent Pool, the legal basis for data processing is Art. 6 (1) lit. a, Art. 7, Art. 88 GDPR in conjunction with § 26 (2) BDSG. You can of course revoke your consent at any time. Processing remains permissible until you revoke your consent.
According to Art. 6 (1) lit. f GDPR, we can also have a legitimate interest in processing the data in order to assert our own claims or to ward off third-party claims. This may be necessary in particular after the application process has been completed.
When processing your personal data, we are supported by service providers with whom we have contract processing contracts and who work on our instructions.
We store your data for a maximum of six months, unless a longer period is exceptionally permissible in the event of a legal dispute.
If you have consented to your data being included in our talent pool, we will store the data in our pool for a period of one year. After that, the data will be deleted.
If we enter into an employment relationship with you, your application data will be transferred to our personnel database. From this point on, our data protection information for employees applies, about which we will then inform you separately.
In principle, also with regard to application data, the data will be deleted as soon as the storage is no longer necessary. The exact time of deletion is to be determined for each individual case. In any case, the storage is terminated if civil law claims according to § 199 BGB are statute-barred or criminal prosecution is no longer possible due to the statute of limitations according to §§ 78, 79 StGB.
We use the Zoom and Google Meet services. Zoom is a service of Zoom Video Communications Inc., San Jose Headquarters, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95123 (hereinafter “Zoom”). “Google Meet” is a service provided by Google Ireland Ltd, a service company of Google LLC based in the USA.
We use Zoom and Google Meet to conduct video conferences and/or webinars (hereinafter both “online meetings”). Various types of personal data are processed in the process. The specific scope of data processing depends, among other things, on which data you make available to us. In any case, we process the following data in particular:
As a rule, the online meeting is held based on your consent, which we obtain via a form that is linked to Zoom. Zoom will then send you a participation link. In addition, you will receive another e-mail in which we ask again whether we may also contact you for marketing purposes after the webinar. The legal basis for the processing of personal data is therefore Art. 6 I lit. a GDPR.
The data is stored for as long as it is necessary to provide the technical service, this is usually only necessary until the end of the online meeting. In exceptional cases, the storage is terminated if any civil law claims according to § 199 BGB have become statute-barred or criminal prosecution is no longer possible due to the statute of limitations (§§ 78, 79 StGB).
We store the data that you have provided to us as part of the registration for the webinar in order to receive our newsletter or to be contacted by us for marketing purposes until you withdraw your consent or unsubscribe from our newsletter. Details can be found in our privacy policy for our newsletter.
Personal data processed in connection with participation in “online meetings” are generally not passed on to third parties, with the exception of the service providers Zoom and Google, unless they are intended to be passed on.
If you agree to participate in an online meeting, your personal data will be processed in the USA, among other places. From the point of view of the European Union (“EU”), the USA does not offer an adequate level of protection for the processing of personal data in line with EU standards. According to the judgment of the European Court of Justice (“ECJ”) of July 16, 2020, Az. C-312/18 (also known as “Schrems II”), the previously applicable EU-US Privacy Shield cannot guarantee an adequate level of protection. For example, there is a risk that your personal data will be disclosed to US intelligence services due to the so-called CLOUD Act (“Clarifying Overseas Use of Data Act”). Consider this fact before you agree to participate in the online meeting and thus trigger the transfer of your personal data to the USA.
You can find Zoom’s data protection information under the following link: https://blog.zoom.us/de/zoom-privacy-policy/
You can find Google’s data protection information under the following link: https://policies.google.com/privacy?hl=de
We draw your attention to the fact that you can share not only personal data but also content during the meeting. You are responsible for this. Therefore, make sure that you do not share any content that
By registering for the webinar, you declare that you indemnify us from all third-party claims that can be attributed to illegal participation in the webinar.
When processing your personal data, you have the following rights under the GDPR.
You have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
You have the right to request confirmation from the person responsible as to whether personal data relating to you are being processed. If this is the case, you have a right to information about the information specified in Art. 15 GDPR.
You have the right to demand that the person responsible immediately rectify or complete the incorrect or incomplete personal data concerning you.
Under the conditions of Art. 17 GDPR, you have the right to demand that the person responsible delete personal data relating to you immediately.
In accordance with Art. 18 GDPR, you have the right to request the person responsible to restrict data processing.
You have the right to be informed by the person responsible about which recipients your personal data has been disclosed to and which recipients the person responsible has informed about the correction, deletion or restriction of processing.
In accordance with Art. 20 GDPR, you have the right to receive from the person responsible the personal data that you have provided to the person responsible in a structured, common and machine-readable format. In accordance with Art. 20 GDPR, you also have the right to transmit this data to another person in charge, without hindrance by the person in charge to whom the personal data was provided, insofar as this is technically feasible.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6. (1) lit e or f GDPR takes place to file an objection; this also applies to profiling based on these provisions. If personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or similar way significantly affected.
Without prejudice to any other legal remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates this regulation.
R+V has been the insurance expert in the Volksbanken Raiffeisenbank cooperative financial group since 1992.
Die Mercedes-Benz Group AG ist ein börsennotierter deutscher Hersteller von Personenkraftwagen und Nutzfahrzeugen, der auch Mobilitäts- und Finanzdienstleistungen anbietet.
Behr-Hella Thermocontrol GmbH is a company founded in 1999 for the development and manufacture of air conditioning control units for automobiles and other vehicles.
BLOG
Success stories with our clients
City of Heilbronn has central incoming mail processed using AI
Compliance management: methods, tools and trends
Legal clarity at the push of a button: Volksbank checks interest rate clauses with AI
CV matching: The best applicants with one click
Did you know? Interesting facts or figures about artificial intelligence