Valid: 25 May 2018
This Privacy Statement will inform you about the type, the scope of and the purposes for the collection and use of personal data on this website.
The responsible party is COMATCH GmbH, Gormannstraße 22, 10119 Berlin, Germany, registered at the Charlottenburg Local Court under HRB 162116 B, represented by the managing directors Dr. Christoph Hardt and Dr. Jan Schächtele (“we/us/our“) as the operator of an online platform at www.comatch.com and its related services (“COMATCH” or “website”).
Should you have any questions about privacy protection, feel free to contact us at any time by telephone at +49-(0)30-40365690 (during regular business hours, Monday to Friday from 9am to 6pm) and by email at firstname.lastname@example.org.
In addition, we have appointed Prof. Thomas Jäschke of the DATATREE AG, Heubestraße 10, 40597 Düsseldorf, Germany, as our external data protection officer who can be contacted by telephone at +49-(0)211-93190700 (during regular business hours, Monday to Friday from 9 AM to 6 PM) and by email at email@example.com.
A. What are personal data?
B. What personal data are collected when using COMATCH’s services?
C. How is the collected data used, disclosed and, if applicable, transferred to third parties?
D. What cookies, services, offers and third-party web tools are used?
E. Is data transferred to countries outside of the EU?
F. Your rights: Information, revocation, changes, corrections and updates, deletion, processing restriction, data portability and the right to submit objections
G. Data protection and applicability
H. Privacy statement applicability and changes
What are personal data?
Personal data is defined as information through which a person may be identified, i.e., that can be traced to a specific person. This includes one’s name, email address and telephone number, but also data on one’s preferences, hobbies, memberships or viewed websites.
We only collect, use or transfer personal data provided to us if permitted by law or if users consent to the data collection.
What personal data are collected when using COMATCH’s services?
Data collected when visiting our website
We (respectively the web space provider) collect data on every visit to our website (so-called server log files) (“access data“). Access data includes:
Name of the visited website, the file, the time and date of the visit, the amount of data transmitted, a report of successful access, your browser type and version, your operating system, the referrer URL (last visited page), IP address and the requesting provider
and when using a mobile device, additionally:
Country code, language, device name, operating system name and version
We will use these access data for statistical evaluations for the operation, safety and optimization of COMATCH offers. However, we reserve the right to subsequently review access data if specific indications create justified suspicions of unlawful use. We process data on the basis of Art. 6 (1) Letter c of the General Data Protection Regulation (GDPR) and Art. 6(1) Letter f of the GDPR and pursue our (and our commissioned third parties’) legitimate interests in quality assurance.
Data collected when contacting us
When contacting us (e.g., by email), your data will be saved to process your inquiry and for any subsequent questions. This will be done on the basis of your consent based on Art. 6(1) Letter a. of the GDPR or to execute your request based on Art. 6(1) Letter b of the GDPR.
Data collected during registration
When registering for our website, we will collect certain “user information” to provide our services: Name, address, telephone number, email address, gender
In addition, when registering as a consultant, “profile data” will be collected:
Date of birth and other non-public personal data on your training and professional experience
Furthermore, when creating a consultant user profile, additional optional data, such as willingness to travel and work preferences, may be collected and saved which the user may review, change or delete at any time in the user profile.
User data collected as part of the registration and other profile data will be used in the operation of COMATCH and the provision of its services and those of the website www.comatch.com. Any user information and profile data collected by us will only be used or published by us insofar as doing so is specified by us in our consultant terms and/or this Privacy Statement. This is done on the legal basis of Art. 6(1) Letter b of the GDPR or, if data is provided voluntarily, the user’s consent (Art. 6(1) Letter a of the GDPR).
The services provided by us after successful registration are not offered to persons under 18 years of age. Therefore, no personal information on visitors younger than 18 years of age is intentionally collected during registration.
Consultant payment data
After registration and for the purpose of payment processing to consultants, we will collect the following “payment data“: Bank account number/Bank sort code or IBAN, BIC, account holder’s name, tax number
This payment data will only be collected, saved and used by us for billing and payment transactions of fees to which consultant users are entitled in accordance with the regulations of the contract between COMATCH and the consultant. The user may review, change or delete this data on his user profile at any time. This is done on the legal basis of Art. 6(1) Letter b of the General Data Protection Regulation.
How is the collected data used, disclosed and, if applicable, transferred to third parties?
Use of your data
Generally, data that you provide to us will either be used to allow us to perform our services, to answer your questions or to help us provide a better service for you. We use your data and information, among other things, for the following purposes:
- easier creation and security of your account;
- recognition as a user by our system;
- improvement of our website and services;
- internal research and development purposes as part of existing contractual relationships with COMATCH;
- client-specific design to meet your preferences;
- prevention of re-registration by blocked users;
- performance of the services requested by you;
- sending your profile to a client after receiving your permission;
- sending a welcome email to ascertain that the email address used to register the account is yours;
- sending administrative email notifications and security, support or maintenance emails;
- answering your requests and questions;
- occasional telephone conversations with you for secondary fraud protection or to obtain feedback from you
- sending emails to registered users with contents related to our services, insofar as the user does not object.
This is done on the legal basis of Art. 6(1) Letter b of the GDPR or on the basis of our legitimate interests in quality assurance and marketing under Art. 6(1) Letter f of the GDPR.
Disclosure and transmission of your data to third parties
We will only disclose your data and user information on the website or to third parties as described hereafter or subsequently in this Privacy Statement.
Links to social networks
We may add this information to the data that we have already collected about you. This information will be saved and used by us to provide our offers and services. This data processing is performed on the basis of your consent (Art. 6(1) Letter b of the GDPR) or on the basis of a contract with us (Art. 6(1) Letter b of the GDPR).
Other processing, disclosure and profiling
The legal basis for data processing when using our offer is generally Art. 6(1) Letter b of the GDPR, i.e., data is processed because it is required for the performance of a contract between us or to implement pre-contractual measures following your inquiry.
Furthermore, Art. 6(1) Letter a of the GDPR provides the legal basis for the processing of data for certain purposes to which the data subject grants his or her prior consent.
Your data may be processed on the basis of Art. 6(1) Letter c of the GDPR if processing is required for the fulfillment of legal obligations to which we or other controller are subject or on the basis of Art. 6(1) Letter e of the GDPR if processing is required for the performance of a task in the public interest, the responsibility of which has been transferred to us or respectively to the controller.
In addition, if data is collected when visiting our website or if data is transmitted to our shareholders or external service providers, the legal basis for processing is Art. 6(1) Letter f of the GDPR if processing is necessary to safeguard our or a third party’s legitimate interests and if these legitimate interests are not outweighed by your interests or basic rights that require the protection of your personal data. Legitimate interests are present, e.g., if there is a relevant and appropriate relationship between you (or the data subject) and us (or the controller), such as when you are our client or consultant.
Your data may be transferred to service providers who have been contracted for data processing, e.g., to print shops for sending print mailings, the newsletter service provider Mailchimp to distribute our newsletter or IT service providers to provide our website, server services and the database. Data processing agreements are concluded with service providers who are not subject to the US-EU Privacy Shield agreement.
Furthermore, please note the respective processing descriptions laid out in this Privacy Statement.
No “profiling”, i.e., automated decision-making, will be performed when using our offer. However, third-party providers featured by us may perform such profiling in individual cases. Profiling is performed on the legal basis of Art. 22 of the GDPR and is permitted for the conclusion or performance of a contract or on the basis of legal regulations.
Please especially note that use of Google, XING and LinkedIn through respective accounts may lead to automated decision-making (“profiling”). On XING and LinkedIn, these settings may be managed on your account network. When using Google, you may object to profiling by activating the following link: https://adssettings.google.com/authenticated.
What cookies, services, offers and third-party web tools are used?
Cookies are small files that allow information related to the access device of the user (PC, smartphone, etc.) to be saved on the device. They ensure user-friendliness of websites for you (e.g., by saving log-in data). They also allow statistical data on website usage to be collected so that it can be analyzed by COMATCH to offer improvement.
When you visit COMATCH, so-called session cookies will be created that will be automatically deleted from the user’s computer’s memory after you close your browser window. Session cookies are needed to assign successive access to the site to users accessing COMATCH at the same time.
Additionally COMATCH uses the following cookies:
|SessionResumeToken||1 year||Identifies users when year-sending verification e-mail while not logged in.|
|lastUserAgentInfo_||unlimited||Detects when user accesses the application with different browser than last time.|
|pricingToolDisabled||1 year||Disables the Pricing Tool, which allows users to get insights into daily rates of independent consultants, after usage limit is reached. Tool is then blocked and a login is required.|
|lang||unlimited||Stores the preferred user interface language of the user.|
|crc||1 year||Identifies if you have accessed the COMATCH website in response to a marketing campaign. The campaign ́s identifier (the end of the URL you used to access COMATCH) is saved in this cookie.|
|useOfCookiesAgreed||unlimited||This cookie saves the information that you have been informed about the usage of cookies on our website / platform through the cookie banner.|
You may manage online company ad cookies through the US website http://www.aboutads.info/choices/
or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.
General third-party websites
By clicking on a link to another website or location, you will leave our website and navigate to another website; in this case, your personal information or anonymous data may be collected by another provider. We do not monitor or review these external websites or their contents and shall not be liable for them or their contents. Please note that the regulations of these privacy protection guidelines do not apply to these external websites, their contents or to any data collected after you click on links to such external websites.
COMATCH uses “Google Analytics,” a web analysis service of Google LLC, Mountain View, CA, USA (“Google”). Google Analytics uses so-called “cookies,” text files saved onto the device used and that allow us to analyze how COMATCH is used. The information on your use of COMATCH, e.g., your browser type/version, operating system, referrer URL (the last visited website), hostname of the accessing computer (IP address), time of the server request when using the website generated by the cookie is generally transmitted to a Google server in the US where it is stored. However, due to the activation of IP anonymization on COMATCH, IP addresses will be shortened by Google within member states of the European Union or in other states party to the European Economic Area Agreement. Only in exceptional cases, will the full IP address be transferred to a Google server in the US and shortened there.
IP anonymization is activated on COMATCH. On behalf of COMATCH, Google will leverage this information to assess the use of COMATCH by its users, compile reports about website activity and to provide additional services related to COMATCH offers. If IP anonymization is not activated, data will be processed on the legal basis of Art. 6(1) Letter f of the GDPR or of the German Telemedia Act [Telemediengesetz (TMG)] whereby we will pursue our legitimate interests (or those of third parties commissioned by us) in quality assurance or statistical analyses of user behavior.
Your browser’s IP address that is transmitted through Google Analytics will not be merged with other Google data. You can prevent cookie storage through their browser settings. However, please note that this may prevent you from using all COMATCH functions.
Objection: Furthermore, you can prevent the collection of cookie-generated data (including your IP address) on your use of the website and the processing of this data by Google by downloading and installing the browser plugin provided under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Google Tag Manager
Our website uses Google Tag Manager of Google LLC, Mountain View, CA, USA (“Google”). Google Tag Manager provides a surface for managing website tags. Tags are small code elements on your website for measuring user behavior, determining the effects of online advertisements and social channels, using remarketing and focusing on target groups and testing, and optimizing our website. The Tag Manager tool (implemented in the tags) is a cookie-free domain. This tool activates other tags that may collect data. Google Tag Manager does not access this data. In case of deactivation on the domain or cookie level, the deactivation will remain in place for all tracking tags implemented through Google Tag Manager. Data will not be provided to other Google products without your consent.
Whenever personal data is processed, processing will be performed on the legal basis of Art. 6(1) Letter f of the GDPR or the German Telemedia Act, whereby we will pursue our legitimate interests (or those of third parties commissioned by us) in quality assurance or statistical analyses of user behavior.
For more information, please see Google Site Stats: http://services.google.com/sitestats/en.html
To advertise for our website on publisher pages, we use technology from the UK-based provider Outbrain. When using this service, cookies from Outbrain will be installed to draw attention to additional contents on our website or on third-party websites on the basis of anonymized data. This selection of recommendations displayed to the user in the widget is based on contents viewed recently by the user. The displayed contents are provided technically by Outbrain. For this, Outbrain collects the following data: Device source, browser type and the user’s pseudonymized IP address. To anonymize the IP address, the last octet of the IP address is removed to prevent inferences to individual users. COMATCH does not process personal data when using Outbrain.
Links to social media
COMATCH is connected to various social networks, i.e., Facebook, Twitter, XING and LinkedIn, through links. Activating such buttons will forward you to the COMATCH page on the respective social network where data will only be processed by the servers of the respective social network.
Is data transferred to countries outside of the EU?
When using our offer, your data may be transferred to third countries, i.e., states outside of the EU, due to the featured third-party service providers.
Services on websites that process data outside of the EU
When using our website, data may be transferred outside of the EU through our website when visiting or using COMATCH. This especially applies to services of Google. The US companies that offer Google services are certified under the EU-US Privacy Shield agreement and therefore guarantee adherence to data protection in accordance with EU standards.
Other external providers who process data outside of the EU
If you registered on our website as a consultant or client, data will be transferred outside of the EU, e.g., to process client inquiries or internal communication, through the use of cloud and hosting services, CRM services or external service partners acting on our behalf and who support us with the performance of our business activities and with the providing of our website (legal basis: Art. 6(1) Letters b and f of the GDPR).
We use the newsletter tool Mailchimp to send you information by email. Mailchimp is certified under the EU-US Privacy Shield agreement. In addition, we concluded a data processing addendum to ensure adherence to EU data protection regulations.
We use Pipedrive as a CRM tool. According to its own statement, Pipedrive will be certified under the EU-US Privacy Shield agreement in 2018. In addition, we concluded a data processing addendum to ensure adherence to EU data protection regulations.
Your rights: information, revocation, changes, corrections and updates, deletion, processing restriction, data portability and the right to object
You have the right to revoke your consent for the future use, processing and transfer of your data at any time which you may exercise by contacting us at firstname.lastname@example.org if processing is performed on the basis on your consent.
In case of revocation, we will no longer process data saved on you (or the data subject) and will delete this data without delay. However, this does not apply if we can demonstrate reasons for the processing that outweigh your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.
We will therefore continue to use this data, e.g., if it is needed for the execution of a contractual relationship.
Right to information
You have a legal right to information about the personal data saved on you at any time. To exercise this right to information, please contact us at email@example.com.
However, the right to information especially does not apply to data saved only because it may not be deleted due to legal or statutory storage requirements or to data that is only used for data protection or data protection control purposes and where providing this information would require disproportionate effort or to processing for other purposes excluded by suitable technical and organizational measures.
Correction and completion of data
You have the right to demand the correction of inaccurate personal data saved on you. In consideration of the processing purposes, you also have the right to demand the completion of incomplete personal data—including through an additional statement. To exercise these rights, please contact us at firstname.lastname@example.org.
Deletion (“right to be forgotten”)
You have the right to the deletion of any personal data saved by us without delay. To exercise this rights, please contact us at email@example.com.
Please also see the following sections “Processing restriction” and “Storage duration of personal data; Storage period limitation” below.
You or the data subject have the right to restriction of the processing of the personal data saved by us. To exercise this right, please contact us at firstname.lastname@example.org.
However, you may only enforce your right to processing restriction if the following requirements are met:
- The accuracy of the personal data is contested by the data subject for a duration that allows the controller to review the accuracy of the personal data;
- Processing is unlawful and the data subject rejects the deletion of the personal data and instead demands its restriction;
- The controller no longer needs the personal data for processing purposes, but for the establishment, exercise or defense of legal claims; or
- The data subject objects to the processing before it has been determined whether the controller’s legitimate interests outweigh those of the data subject.
If you enforced a processing restriction, we will notify you accordingly before lifting the restriction.
In certain cases, processing may be restricted instead of deleting the data. See especially “Deletion (‘Right to Be Forgotten’)” above.
Right to data portability
You have the right to receive the data you provided to us in a structured, commonly used and machine-readable format. To exercise this right to information, please contact us at email@example.com.
Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, if the processing is based on consent or on a contract to which the data subject is party and if the processing is performed through automated means. When exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another if technically feasible.
However, this right does not apply if the rights and freedoms of another person will be impaired or to processing required for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to submit a complaint to a competent supervisory authority of your choice. In Germany, the competent supervisory authorities are the data protection authorities specified by the laws of the respective federal states.
For a list of data protection authorities, please see: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html (German) or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Our competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Data Protection and Freedom of Information Officer]
Friedrichstraße 219 | 10969 Berlin | Germany
Tel.: +49-(0)30-138-89-0 | Email: firstname.lastname@example.org
Storage duration of personal data; storage period limitation
We will generally only save your personal data for as long as required for the performance of the contract or respective purposes and limit the storage duration to the absolutely necessary minimum.
In case of longer contractual relationships, such as when using our offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or to the legally required storage periods (e.g., under the German Commercial Code [Handelsgesetzbuch (HGB)] or the German Fiscal Code [Abgabenordnung (AO)] for inventory data. Storage duration criteria include whether the data is up to date, whether there is a contractual relationship with us or if an inquiry was already processed or if a process has already been completed and whether legal storage periods apply to the respective personal data.
Data protection and applicability
COMATCH is very concerned about the security of your personal data. We (and our external service providers) use a number of standard industry security technologies and procedures to protect your personal information from unauthorized access, use or disclosure. Principally when offering our services and especially if you enter sensitive information (e.g., account information) onto your profile, we (or our external service providers) will encrypt this information using the Secure Sockets Layer (SSL) technology.
Data of our COMATCH services will be exclusively saved and processed on servers in the European Union (EU), unless other information is provided to the user.
Privacy statement applicability and changes
Our Privacy Statement may be viewed on and printed from our website at any time at https://www.comatch.com/en/privacy/.
We may change this Privacy Statement under adherence to applicable regulations.