Privacy State­ment

Valid: 25 May 2018

This Privacy State­ment will inform you about the type, the scope of and the purposes for the collec­tion and use of personal data on this website.

The respon­sible party is COMATCH GmbH, Gormann­straße 22, 10119 Berlin, Germany, regi­stered at the Char­lot­ten­burg Local Court under HRB 162116 B, repre­sented by the mana­ging direc­tors Dr. Chri­stoph Hardt and Dr. Jan Schäch­tele (“we/us/our“) as the operator of an online plat­form at www.comatch.com and its related services (“COMATCH” or “website”).

Should you have any questions about privacy protec­tion, feel free to contact us at any time by tele­phone at +49-(0)30-85767542 (during regular busi­ness hours, Monday to Friday from 9am to 6pm) and by email at info@comatch.com.

In addi­tion, we have appointed Prof. Thomas Jäschke of the DATATREE AG, Heube­straße 10, 40597 Düssel­dorf, Germany, as our external data protec­tion officer who can be contacted by tele­phone at +49-(0)211-93190700 (during regular busi­ness hours, Monday to Friday from 9 AM to 6 PM) and by email at dsb@datatree.eu.

A. What are personal data?
B. What personal data are collected when using COMATCH’s services?
C. How is the collected data used, disc­losed and, if appli­cable, trans­ferred to third parties?
D. What cookies, services, offers and third-party web tools are used?
E. Is data trans­ferred to coun­tries outside of the EU?
F. Your rights: Infor­ma­tion, revo­ca­tion, changes, correc­tions and updates, dele­tion, proces­sing restric­tion, data porta­bi­lity and the right to submit objec­tions
G. Data protec­tion and appli­ca­bi­lity
H. Privacy state­ment appli­ca­bi­lity and changes

What are personal data?

Personal data is defined as infor­ma­tion through which a person may be iden­ti­fied, i.e., that can be traced to a specific person. This includes one’s name, email address and tele­phone number, but also data on one’s prefe­rences, hobbies, memberships or viewed websites.

We only collect, use or transfer personal data provided to us if permitted by law or if users consent to the data collec­tion.

What personal data are collected when using COMATCH’s services?

Data collected when visi­ting our website

We (respec­tively the web space provider) collect data on every visit to our website (so-called server log files) (“access data“). Access data includes:

Name of the visited website, the file, the time and date of the visit, the amount of data trans­mitted, a report of successful access, your browser type and version, your opera­ting system, the referrer URL (last visited page), IP address and the requesting provider

and when using a mobile device, addi­tio­nally:
Country code, language, device name, opera­ting system name and version

We will use these access data for statis­tical evalua­tions for the opera­tion, safety and opti­mi­za­tion of COMATCH offers. However, we reserve the right to subse­quently review access data if specific indi­ca­tions create justi­fied suspi­cions of unla­wful use. We process data on the basis of Art. 6 (1) Letter c of the General Data Protec­tion Regu­la­tion (GDPR) and Art. 6(1) Letter f of the GDPR and pursue our (and our commis­sioned third parties’) legi­ti­mate inte­rests in quality assurance.

Data collected when contac­ting us

When contac­ting us (e.g., by email), your data will be saved to process your inquiry and for any subse­quent questions. This will be done on the basis of your consent based on Art. 6(1) Letter a. of the GDPR or to execute your request based on Art. 6(1) Letter b of the GDPR.

Data collected during regi­stra­tion

When regi­ste­ring for our website, we will collect certain “user infor­ma­tion” to provide our services: Name, address, tele­phone number, email address, gender

In addi­tion, when regi­ste­ring as a consul­tant, “profile data” will be collected:

Date of birth and other non-public personal data on your trai­ning and profes­sional expe­ri­ence

Further­more, when crea­ting a consul­tant user profile, addi­tional optional data, such as willing­ness to travel and work prefe­rences, may be collected and saved which the user may review, change or delete at any time in the user profile.

User data collected as part of the regi­stra­tion and other profile data will be used in the opera­tion of COMATCH and the provi­sion of its services and those of the website www.comatch.com. Any user infor­ma­tion and profile data collected by us will only be used or published by us insofar as doing so is speci­fied by us in our consul­tant terms and/or this Privacy State­ment. This is done on the legal basis of Art. 6(1) Letter b of the GDPR or, if data is provided volun­ta­rily, the user’s consent (Art. 6(1) Letter a of the GDPR).

The services provided by us after successful regi­stra­tion are not offered to persons under 18 years of age. There­fore, no personal infor­ma­tion on visi­tors younger than 18 years of age is inten­tio­nally collected during regi­stra­tion.

Consul­tant payment data

After regi­stra­tion and for the purpose of payment proces­sing to consul­tants, we will collect the follo­wing “payment data“: Bank account number/Bank sort code or IBAN, BIC, account holder’s name, tax number

This payment data will only be collected, saved and used by us for billing and payment tran­sac­tions of fees to which consul­tant users are entitled in accord­ance with the regu­la­tions of the contract between COMATCH and the consul­tant. The user may review, change or delete this data on his user profile at any time. This is done on the legal basis of Art. 6(1) Letter b of the General Data Protec­tion Regu­la­tion.

How is the collected data used, disc­losed and, if appli­cable, trans­ferred to third parties?

Use of your data

Gene­rally, data that you provide to us will either be used to allow us to perform our services, to answer your questions or to help us provide a better service for you. We use your data and infor­ma­tion, among other things, for the follo­wing purposes:

  • easier crea­tion and secu­rity of your account;
  • reco­gni­tion as a user by our system;
  • impro­ve­ment of our website and services;
  • internal rese­arch and deve­lop­ment purposes as part of existing contrac­tual rela­ti­onships with COMATCH;
  • client-specific design to meet your prefe­rences;
  • preven­tion of re-regi­stra­tion by blocked users;
  • perfor­mance of the services requested by you;
  • sending your profile to a client after recei­ving your permis­sion;
  • sending a welcome email to ascer­tain that the email address used to regi­ster the account is yours;
  • sending admi­ni­stra­tive email noti­fi­ca­tions and secu­rity, support or main­ten­ance emails;
  • answe­ring your requests and questions;
  • occa­sional tele­phone conver­sa­tions with you for secon­dary fraud protec­tion or to obtain feed­back from you
  • sending emails to regi­stered users with contents related to our services, insofar as the user does not object.

This is done on the legal basis of Art. 6(1) Letter b of the GDPR or on the basis of our legi­ti­mate inte­rests in quality assurance and marke­ting under Art. 6(1) Letter f of the GDPR.

Disclo­sure and trans­mis­sion of your data to third parties

We will only disc­lose your data and user infor­ma­tion on the website or to third parties as described here­after or subse­quently in this Privacy State­ment.

Links to social networks

If you (i) log into our service using the log-in data of a social network (such as LinkedIn or XING) and/or (ii) link your account to your social network account, we may obtain infor­ma­tion about you from the website of the social network in accord­ance with the usage terms and the privacy policy (“SNS terms”) of the social network. This infor­ma­tion consists of the data that can be viewed on your user profile on the respec­tive social network (i.e., your name, profes­sional expe­ri­ence and exper­tise, etc.) that is trans­mitted to us after you provide your approval.

We may add this infor­ma­tion to the data that we have already collected about you. This infor­ma­tion will be saved and used by us to provide our offers and services. This data proces­sing is performed on the basis of your consent (Art. 6(1) Letter b of the GDPR) or on the basis of a contract with us (Art. 6(1) Letter b of the GDPR).

LinkedIn’s Privacy Policy can be found at: https://www.linkedin.com/legal/privacy-policy XING’s Privacy Policy can be found at: https://www.xing.com/privacy

Other proces­sing, disclo­sure and profiling

The legal basis for data proces­sing when using our offer is gene­rally Art. 6(1) Letter b of the GDPR, i.e., data is processed because it is required for the perfor­mance of a contract between us or to imple­ment pre-contrac­tual measures follo­wing your inquiry.

Further­more, Art. 6(1) Letter a of the GDPR provides the legal basis for the proces­sing of data for certain purposes to which the data subject grants his or her prior consent.

Your data may be processed on the basis of Art. 6(1) Letter c of the GDPR if proces­sing is required for the fulfill­ment of legal obli­ga­tions to which we or other controller are subject or on the basis of Art. 6(1) Letter e of the GDPR if proces­sing is required for the perfor­mance of a task in the public inte­rest, the respon­si­bi­lity of which has been trans­ferred to us or respec­tively to the controller.

In addi­tion, if data is collected when visi­ting our website or if data is trans­mitted to our share­hol­ders or external service provi­ders, the legal basis for proces­sing is Art. 6(1) Letter f of the GDPR if proces­sing is necessary to safe­guard our or a third party’s legi­ti­mate inte­rests and if these legi­ti­mate inte­rests are not outweighed by your inte­rests or basic rights that require the protec­tion of your personal data. Legi­ti­mate inte­rests are present, e.g., if there is a rele­vant and appro­priate rela­ti­onship between you (or the data subject) and us (or the controller), such as when you are our client or consul­tant.

Your data may be trans­ferred to service provi­ders who have been contracted for data proces­sing, e.g., to print shops for sending print mailings, the news­letter service provider Mail­chimp to distri­bute our news­letter or IT service provi­ders to provide our website, server services and the data­base. Data proces­sing agree­ments are concluded with service provi­ders who are not subject to the US-EU Privacy Shield agree­ment.

Further­more, please note the respec­tive proces­sing descrip­tions laid out in this Privacy State­ment.

No “profiling”, i.e., auto­mated deci­sion-making, will be performed when using our offer. However, third-party provi­ders featured by us may perform such profiling in indi­vi­dual cases. Profiling is performed on the legal basis of Art. 22 of the GDPR and is permitted for the conclu­sion or perfor­mance of a contract or on the basis of legal regu­la­tions.
Please espe­ci­ally note that use of Google, XING and LinkedIn through respec­tive accounts may lead to auto­mated deci­sion-making (“profiling”). On XING and LinkedIn, these settings may be managed on your account network. When using Google, you may object to profiling by activating the follo­wing link: https://adssettings.google.com/authenticated.

What cookies, services, offers and third-party web tools are used?

Cookies

Cookies are small files that allow infor­ma­tion related to the access device of the user (PC, smart­phone, etc.) to be saved on the device. They ensure user-friend­li­ness of websites for you (e.g., by saving log-in data). They also allow statis­tical data on website usage to be collected so that it can be analyzed by COMATCH to offer impro­ve­ment.

Objec­tion: You can control the use of cookies. Most brow­sers have an option to restrict or prevent cookies from being saved. However, please note that usage, espe­ci­ally comfort of use, will be limited without cookies.

When you visit COMATCH, so-called session cookies will be created that will be auto­ma­ti­cally deleted from the user’s computer’s memory after you close your browser window. Session cookies are needed to assign succes­sive access to the site to users acces­sing COMATCH at the same time.

Addi­tio­nally COMATCH uses the follo­wing cookies:

NameLife timePurpose
Sessi­on­Re­su­me­Token1 yearIden­ti­fies users when year-sending veri­fi­ca­tion e-mail while not logged in.
lastUserAgentInfo_unli­mitedDetects when user accesses the appli­ca­tion with diffe­rent browser than last time.
pricing­Tool­Dis­abled1 yearDisables the Pricing Tool, which allows users to get insights into daily rates of inde­pen­dent consul­tants, after usage limit is reached. Tool is then blocked and a login is required.
langunli­mitedStores the preferred user inter­face language of the user.
crc1 yearIden­ti­fies if you have accessed the COMATCH website in response to a marke­ting campaign. The campaign ́s iden­ti­fier (the end of the URL you used to access COMATCH) is saved in this cookie.
UTM-info100 days
useOf­Coo­kiesAgreedunli­mitedThis cookie saves the infor­ma­tion that you have been informed about the usage of cookies on our website / plat­form through the cookie banner.

You may manage online company ad cookies through the US website http://www.aboutads.info/choices/
or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.

General third-party websites

By clicking on a link to another website or loca­tion, you will leave our website and navi­gate to another website; in this case, your personal infor­ma­tion or anony­mous data may be collected by another provider. We do not monitor or review these external websites or their contents and shall not be liable for them or their contents. Please note that the regu­la­tions of these privacy protec­tion guide­lines do not apply to these external websites, their contents or to any data collected after you click on links to such external websites.

Google Analy­tics

COMATCH uses “Google Analy­tics,” a web analysis service of Google LLC, Moun­tain View, CA, USA (“Google”). Google Analy­tics uses so-called “cookies,” text files saved onto the device used and that allow us to analyze how COMATCH is used. The infor­ma­tion on your use of COMATCH, e.g., your browser type/version, opera­ting system, referrer URL (the last visited website), host­name of the acces­sing computer (IP address), time of the server request when using the website gene­rated by the cookie is gene­rally trans­mitted to a Google server in the US where it is stored. However, due to the activa­tion of IP anony­mi­za­tion on COMATCH, IP addresses will be shor­tened by Google within member states of the European Union or in other states party to the European Economic Area Agree­ment. Only in excep­tional cases, will the full IP address be trans­ferred to a Google server in the US and shor­tened there.
IP anony­mi­za­tion is activated on COMATCH. On behalf of COMATCH, Google will leverage this infor­ma­tion to assess the use of COMATCH by its users, compile reports about website activity and to provide addi­tional services related to COMATCH offers. If IP anony­mi­za­tion is not activated, data will be processed on the legal basis of Art. 6(1) Letter f of the GDPR or of the German Tele­media Act [Tele­me­di­en­ge­setz (TMG)] whereby we will pursue our legi­ti­mate inte­rests (or those of third parties commis­sioned by us) in quality assurance or statis­tical analyses of user beha­vior.

Your browser’s IP address that is trans­mitted through Google Analy­tics will not be merged with other Google data. You can prevent cookie storage through their browser settings. However, please note that this may prevent you from using all COMATCH func­tions.

Objec­tion: Further­more, you can prevent the collec­tion of cookie-gene­rated data (inclu­ding your IP address) on your use of the website and the proces­sing of this data by Google by down­loa­ding and instal­ling the browser plugin provided under the follo­wing link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more infor­ma­tion, please see Google’s Privacy Policy: https://policies.google.com/privacy

Google Tag Manager

Our website uses Google Tag Manager of Google LLC, Moun­tain View, CA, USA (“Google”). Google Tag Manager provides a surface for mana­ging website tags. Tags are small code elements on your website for measu­ring user beha­vior, deter­mi­ning the effects of online adver­ti­se­ments and social chan­nels, using remar­ke­ting and focu­sing on target groups and testing, and opti­mi­zing our website. The Tag Manager tool (imple­mented in the tags) is a cookie-free domain. This tool activates other tags that may collect data. Google Tag Manager does not access this data. In case of deac­tiva­tion on the domain or cookie level, the deac­tiva­tion will remain in place for all tracking tags imple­mented through Google Tag Manager. Data will not be provided to other Google products without your consent.

Whenever personal data is processed, proces­sing will be performed on the legal basis of Art. 6(1) Letter f of the GDPR or the German Tele­media Act, whereby we will pursue our legi­ti­mate inte­rests (or those of third parties commis­sioned by us) in quality assurance or statis­tical analyses of user beha­vior.

For more infor­ma­tion, please see Google Site Stats: http://services.google.com/sitestats/en.html

Outbrain

To adver­tise for our website on publisher pages, we use tech­no­logy from the UK-based provider Outbrain. When using this service, cookies from Outbrain will be installed to draw atten­tion to addi­tional contents on our website or on third-party websites on the basis of anony­mized data. This selec­tion of recom­men­da­tions displayed to the user in the widget is based on contents viewed recently by the user. The displayed contents are provided tech­ni­cally by Outbrain. For this, Outbrain collects the follo­wing data: Device source, browser type and the user’s pseud­ony­mized IP address. To anony­mize the IP address, the last octet of the IP address is removed to prevent infe­rences to indi­vi­dual users. COMATCH does not process personal data when using Outbrain.

For more infor­ma­tion, please see Outbrain’s Privacy Policy: https://www.outbrain.com/en/legal/. You may object to this tracking for displaying inte­rest- based recom­men­da­tions at any time. For more infor­ma­tion, please see the section “Outbrain User Types” (inclu­ding deac­tiva­tion and opt out options) in Outbrain’s Privacy Policy: https://www.outbrain.com/en/legal/privacy.

Links to social media

COMATCH is connected to various social networks, i.e., Face­book, Twitter, XING and LinkedIn, through links. Activating such buttons will forward you to the COMATCH page on the respec­tive social network where data will only be processed by the servers of the respec­tive social network.

Is data trans­ferred to coun­tries outside of the EU?

When using our offer, your data may be trans­ferred to third coun­tries, i.e., states outside of the EU, due to the featured third-party service provi­ders.

Services on websites that process data outside of the EU

When using our website, data may be trans­ferred outside of the EU through our website when visi­ting or using COMATCH. This espe­ci­ally applies to services of Google. The US compa­nies that offer Google services are certi­fied under the EU-US Privacy Shield agree­ment and there­fore guarantee adhe­rence to data protec­tion in accord­ance with EU stan­dards.

Other external provi­ders who process data outside of the EU

If you regi­stered on our website as a consul­tant or client, data will be trans­ferred outside of the EU, e.g., to process client inqui­ries or internal commu­ni­ca­tion, through the use of cloud and hosting services, CRM services or external service part­ners acting on our behalf and who support us with the perfor­mance of our busi­ness activi­ties and with the provi­ding of our website (legal basis: Art. 6(1) Letters b and f of the GDPR).

We use the news­letter tool Mail­chimp to send you infor­ma­tion by email. Mail­chimp is certi­fied under the EU-US Privacy Shield agree­ment. In addi­tion, we concluded a data proces­sing addendum to ensure adhe­rence to EU data protec­tion regu­la­tions.

We use Pipe­d­rive as a CRM tool. According to its own state­ment, Pipe­d­rive will be certi­fied under the EU-US Privacy Shield agree­ment in 2018. In addi­tion, we concluded a data proces­sing addendum to ensure adhe­rence to EU data protec­tion regu­la­tions.

Your rights: infor­ma­tion, revo­ca­tion, changes, correc­tions and updates, dele­tion, proces­sing restric­tion, data porta­bi­lity and the right to object

Revo­ca­tion

You have the right to revoke your consent for the future use, proces­sing and transfer of your data at any time which you may exer­cise by contac­ting us at info@comatch.com if proces­sing is performed on the basis on your consent.

In case of revo­ca­tion, we will no longer process data saved on you (or the data subject) and will delete this data without delay. However, this does not apply if we can demon­strate reasons for the proces­sing that outweigh your inte­rests, rights and free­doms or if the proces­sing serves the esta­blish­ment, exer­cise or defense of legal claims.

We will there­fore continue to use this data, e.g., if it is needed for the execu­tion of a contrac­tual rela­ti­onship.

Right to infor­ma­tion

You have a legal right to infor­ma­tion about the personal data saved on you at any time. To exer­cise this right to infor­ma­tion, please contact us at info@comatch.com.

However, the right to infor­ma­tion espe­ci­ally does not apply to data saved only because it may not be deleted due to legal or statu­tory storage requi­re­ments or to data that is only used for data protec­tion or data protec­tion control purposes and where provi­ding this infor­ma­tion would require dispro­por­tio­nate effort or to proces­sing for other purposes excluded by suitable tech­nical and orga­ni­za­tional measures.

Correc­tion and comple­tion of data

You have the right to demand the correc­tion of inac­cu­rate personal data saved on you. In cons­i­de­ra­tion of the proces­sing purposes, you also have the right to demand the comple­tion of incom­plete personal data—including through an addi­tional state­ment. To exer­cise these rights, please contact us at info@comatch.com.

Dele­tion (“right to be forgotten”)

You have the right to the dele­tion of any personal data saved by us without delay. To exer­cise this rights, please contact us at info@comatch.com.

Please also see the follo­wing sections “Proces­sing restric­tion” and “Storage dura­tion of personal data; Storage period limi­ta­tion” below.

Proces­sing restric­tion

You or the data subject have the right to restric­tion of the proces­sing of the personal data saved by us. To exer­cise this right, please contact us at info@comatch.com.

However, you may only enforce your right to proces­sing restric­tion if the follo­wing requi­re­ments are met:

  • The accu­racy of the personal data is conte­sted by the data subject for a dura­tion that allows the controller to review the accu­racy of the personal data;
  • Proces­sing is unla­wful and the data subject rejects the dele­tion of the personal data and instead demands its restric­tion;
  • The controller no longer needs the personal data for proces­sing purposes, but for the esta­blish­ment, exer­cise or defense of legal claims; or
  • The data subject objects to the proces­sing before it has been deter­mined whether the controller’s legi­ti­mate inte­rests outweigh those of the data subject.

If you enforced a proces­sing restric­tion, we will notify you accord­ingly before lifting the restric­tion.

In certain cases, proces­sing may be restricted instead of deleting the data. See espe­ci­ally “Dele­tion (‘Right to Be Forgotten’)” above.

Right to data porta­bi­lity

You have the right to receive the data you provided to us in a struc­tured, commonly used and machine-read­able format. To exer­cise this right to infor­ma­tion, please contact us at info@comatch.com.

Further­more, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, if the proces­sing is based on consent or on a contract to which the data subject is party and if the proces­sing is performed through auto­mated means. When exer­ci­sing your right to data porta­bi­lity, you have the right to have personal data trans­mitted directly from one controller to another if tech­ni­cally feasible.

However, this right does not apply if the rights and free­doms of another person will be impaired or to proces­sing required for the perfor­mance of a task in the public inte­rest or in the exer­cise of offi­cial autho­rity vested in the controller.

Right to object

You have the right to submit a complaint to a compe­tent super­vi­sory autho­rity of your choice. In Germany, the compe­tent super­vi­sory autho­ri­ties are the data protec­tion autho­ri­ties speci­fied by the laws of the respec­tive federal states.
For a list of data protec­tion autho­ri­ties, please see: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html (German) or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Our compe­tent super­vi­sory autho­rity is:
Berliner Beauf­tragte für Daten­schutz und Infor­ma­ti­ons­frei­heit [Berlin Data Protec­tion and Freedom of Infor­ma­tion Officer]
Fried­rich­straße 219 | 10969 Berlin | Germany
Tel.: +49-(0)30-138-89-0 | Email: mailbox@datenschutz-berlin.de

Storage dura­tion of personal data; storage period limi­ta­tion

We will gene­rally only save your personal data for as long as required for the perfor­mance of the contract or respec­tive purposes and limit the storage dura­tion to the abso­lutely necessary minimum.

In case of longer contrac­tual rela­ti­onships, such as when using our offer, these storage periods may vary, but are gene­rally limited to the dura­tion of the contrac­tual rela­ti­onship or to the legally required storage periods (e.g., under the German Commer­cial Code [Handels­ge­setz­buch (HGB)] or the German Fiscal Code [Abga­ben­ord­nung (AO)] for inven­tory data. Storage dura­tion criteria include whether the data is up to date, whether there is a contrac­tual rela­ti­onship with us or if an inquiry was already processed or if a process has already been completed and whether legal storage periods apply to the respec­tive personal data.

Data protec­tion and appli­ca­bi­lity

Data protec­tion

COMATCH is very concerned about the secu­rity of your personal data. We (and our external service provi­ders) use a number of stan­dard indu­stry secu­rity tech­no­lo­gies and proce­dures to protect your personal infor­ma­tion from unaut­ho­rized access, use or disclo­sure. Princi­pally when offe­ring our services and espe­ci­ally if you enter sensi­tive infor­ma­tion (e.g., account infor­ma­tion) onto your profile, we (or our external service provi­ders) will encrypt this infor­ma­tion using the Secure Sockets Layer (SSL) tech­no­logy.

Data of our COMATCH services will be exclu­si­vely saved and processed on servers in the European Union (EU), unless other infor­ma­tion is provided to the user.

Privacy state­ment appli­ca­bi­lity and changes

Our Privacy State­ment may be viewed on and printed from our website at any time at https://www.comatch.com/en/privacy/.

We may change this Privacy State­ment under adhe­rence to appli­cable regu­la­tions.

By using our services, you agree to our use of cookies to optimize your user experience. In our privacy statement you will find information how to object the use of cookies.