Privacy Statement

This privacy policy informs the users of this website about the nature, scope, and purpose of the collection and use of personal data by the operator of the website https://www.comatch.com.

We take your data protection very seriously and always treat your personal data confidentially and in accordance with legal regulations. Due to new technologies and the constant development of this website, changes can be made to this privacy policy. Therefore, we recommend that you consult our privacy policy at regular intervals.

Status of the data protection declaration: 10/11/2022

Joint responsibility

In March 2022, COMATCH GmbH and Malt Community SA merged. As a platform operator, we and Malt Community SA are jointly responsible for the data processing that takes place via the platform on www.comatch.com.

Responsible bodies and data protection officers

Responsible persons within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) are:

Malt Community (“Platform Operator”)
Wilhelmstr. 118
10963 Berlin
Email: [email protected]
T +49 (0) 30 40 36 56 90

Data protection officer:
Prof. Dr Thomas Jäschke
DATATREE AG
Märkische Strasse 212-218 44141 Dortmund
Email: [email protected]
T +49 231 54380-300		Malt Community SA
241 rue Saint Denis,
75002 Paris
Email: [email protected]
T +33 (0) 1 82 83 15 11  

Data Protection Officer
Elise Latify
241 rue Saint Denis,
75002 Paris, France
Email: [email protected]
T +33 (0) 1 82 83 15 11  

With this data protection declaration, we would like to create the necessary transparency for data processing when visiting www.comatch.com and in this way also comply with our obligation to provide information. If we have not been able to do so, please do not hesitate to contact us using the contact options above. We are at your disposal for all questions regarding data protection, which concern our website and our range of services, or for the exercise of your personal rights.

Joint Responsibility Agreement

Since we are jointly responsible with Malt Community SA for the data processing that takes place via the platform, we have concluded an agreement in accordance with Art. 26 GDPR, which specifies which of the responsible authorities are responsible for the data protection obligations, in particular with regard to the processing of inquiries from data subjects (see also E. Rights of the data subject) and the procedure for data protection violations.

We, COMATCH GmbH, are responsible for the data processing that take place during a purely informative visit to our platform, as well as for the processes that take place during registration on the platform. Furthermore, we are also responsible for the necessary technical and organisational measures to ensure the secure operation of our platform and the protection of the data stored there.

In order to expand and improve our range of services, we and Malt Community SA compare our databases, including your personal data, that you have entered into your profile. Malt Community SA can also use your entered data as a registered freelancer in our COMATCH network to offer you suitable and interesting jobs. Our registered companies can also obtain profiles of registered freelancers through Malt Community SA if the professional skills match the requirements of the company.

The data processing of your personal data by Malt Community SA takes place only if you have registered in our COMATCH network and exclusively for the above-mentioned purpose in the sense of mediation between freelancers and companies in accordance with your consent from Art. 6 para. 1, lit. a of the GDPR.

For more information about the data protection regulations of Malt Community SA, please visit https://www.malt.de/about/privacy/policy.


A. What constitutes personal data?

B. What personal data is collected for using the services of COMATCH?

C. How is the collected data used, disclosed and, if necessary, transmitted to third parties?

D. Which third-party cookies, services, websites and web tools are used?

E. Your rights: information, revocation, changes, corrections and updates, deletion, restriction of processing, data portability and right to lodge a complaint

F. Data security and scope of application

G. Validity and changes to this privacy policy


A. What constitutes personal data?

Personal data is information that can identify someone, i.e. information that can be traced back to a particular individual. This includes, for example, name, email address or telephone number, but also data about hobbies, memberships or websites viewed.

We will only collect, use and pass on personal data if this is permitted by law or if the user consents to their data being collected.


B. What personal data is collected for using the services of COMATCH?

Data collected when visiting the website

When using the website solely for information purposes, i.e. if you do not register or otherwise provide us with information, we collect only the following data in order to be able to transfer the website to your computer:

  • the IP address
  • the date and time of the request
  • the time zone difference to Greenwich Mean Time
  • the content of the request (specific page)
  • the access status / HTTP status code
  • the volume of data transferred on any occasion
  • the website from which the request comes
  • the browser, its user interface, the language and version of the browser software
  • In this case, the data is not stored on a server log file.

Data collected when contacting us

When you contact us (for example, by email), the information which you provide is saved in order to process the enquiry and to deal with any follow-up questions. We also process data about you for the purpose of establishing and maintaining business contacts and acquiring new customers. This is done on the basis of your consent (Art. 6 para. 1 lit. a GDPR), for the purpose of processing your request (Art. 6 para. 1 lit. b GDPR) or due to our legitimate interest in customer acquisition.

Newsletter

You have the opportunity to subscribe to our newsletter. For you to subscribe, we need only your email address and your surname which will not be passed on to third parties. Only the email address and the surname are required for sending out the newsletter. The provision of any further data is voluntary. We send out newsletters with promotional information, in particular current offers of interest.

The “double opt-in procedure” is used for subscribing to the newsletter. This means that after you have registered, we will send you an email to the email address you have provided, asking you to confirm that you wish to receive the newsletter. This confirmation is required to ensure that no one can subscribe using another person’s email address. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after a month. We also store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data; the logging of the registration procedure is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

The newsletter is sent on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 7 para. 3 no. 3 of the Act against Unfair Competition (UWG). After your confirmation, we will save your email address for the purpose of sending you the newsletter. You can revoke your future consent to the sending of the newsletter and unsubscribe from the newsletter at any time without stating a reason, Art. 7 para. 3 GDPR. You can revoke your consent by clicking on the link provided in every newsletter email, by sending an email to [email protected], or by contacting us in one of the ways listed in the legal notice. Our newsletter does not contain any tracking functions; we do not use “tracking pixels” or individualised links.

Data collected upon registration

If you register with us, the email address and password you enter will be stored. In the following registration steps, the personal data that you provide us with as part of the registration process, e.g. “user information“, including your name, address, telephone number, email address and gender, will be collected and stored.

In addition, additional “profile data” is collected when you register as a consultant, e.g.

your date of birth and other non-public, personal data that describes your education and professional experience.

Furthermore, when you create a user profile as a consultant, data on your willingness to travel and work preferences, for example, may be collected and stored. This can be managed at any time under the menu heading ‘Settings’.

At each step of the registration, you will be asked if you want to save the entered data. If you agree, your data will be stored. You can then cancel the process without deleting the data and continue the registration at a later date without having to re-enter the data. If you do not agree, the data you have entered will not be stored. If you do not complete the registration process, your data will be deleted after six months. If you complete the process, your data will be stored until revoked or for the duration of the statutory retention period (see also F. Your rights).

The user information entered as part of the registration process, along with any further profile data, will be used via www.comatch.com and with our support for the purpose of using our services, in particular for using the website and carrying out COMATCH services. We will only use the user information and profile data that we collect to the extent specified in our Terms and Conditions for Consultants and/or in this Privacy Policy. The legal basis for this is Art. 6 para. 1 lit. b GDPR or, in the case of voluntary information, the user’s consent (Art. 6 para. 1 lit. a GDPR).

The services we offer following a successful registration are not available to persons under the age of 18. Therefore, we do not intentionally collect personal information from visitors to our site who register under the age of 18.

Consultants’ payment details

After registration, we collect within the user profile the following “payment details” from users who are consultants for the purpose of processing their payments: account number/bank code or IBAN, BIC, name of the account holder and tax number.

We collect, store and use these payment details exclusively for the purpose of invoicing and processing the payments of the fee due to consultant users in accordance with the provisions of the contract between COMATCH and the consultant. The user can manage, change or delete these details at any time within their user profile. The legal basis for this is Art. 6 para. 1 lit. b GDPR.


C. How is the collected data used, disclosed and, if necessary, transmitted to third parties?

Use of your data

In general, the information you make available to us is used either to provide our services, to respond to your enquiries or to help us provide you with a better service. The purposes for which we use your data and information include:

  • easier creation and protection of your account
  • recognising you as a user of our system
  • improving our website and services
  • internal research and development purposes within the framework of existing contractual relations with COMATCH
  • custom design to suit your preferences
  • preventing blocked users from re-registering
  • providing the services you have requested
  • sending your profile to the client once you have given your consent
  • sending a welcome email to verify that you own the email address provided when you created the account
  • sending administrative messages such as security, support or maintenance emails
  • answering your enquiries and questions after appropriate contact has been made
  • occasional telephone conversations with you as part of secondary fraud protection or to receive feedback from you and
  • sending emails to registered users with content related to our services, unless the user has objected to this.

The legal basis for this is Art. 6 para. 1 lit. b GDPR or our legitimate interests in quality assurance and marketing under Art. 6 para. 1 lit. f GDPR.

Link to social media websites

The Facebook, Instagram, Xing and LinkedIn link integrated into our website is not integrated via a “social plug-in”. The integrated graphic contains only an http link to our Facebook, Instagram, Xing and LinkedIn pages. When you access our site, no direct connection to the servers from the above-mentioned sites is established.

Integration of YouTube

We have integrated YouTube videos into our website which are stored at http://www.youtube.com and are playable directly from the website. These are all integrated in the “Extended Privacy Mode”, i.e. no data about you as the user is transferred to YouTube if you do not play the videos. Only when you play the videos will the following data be transferred. We have no control over this data transfer.

When you visit the website, YouTube is notified that you have accessed the corresponding subpage of our website. Also transmitted are the IP address, the date and time of the request, the time zone difference to Greenwich Mean Time, the content of the request (specific page), the access status/HTTP status code, the amount of data transmitted on each occasion, the website from which the request comes, the browser, the operating system, its interface and the language, as well as the version of the browser software. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile when using YouTube, you must first log out before clicking the play button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or interest-based design of its website. This type of evaluation is carried out (even for users who are not logged in) to provide interest-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you must contact YouTube if you wish to exercise this right.

With the integration of YouTube, you as a user have the opportunity to access videos and use the functions of YouTube. As a provider, we are aiming to improve our website. The legal basis for the processing of personal data is our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There, you will also find further information on your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.


D. Which third-party cookies, services, websites and web tools are used?

Cookies

We use cookies for authentication, security cookies, cookies for the integrity of the website, location cookies, cookies for the operation of the website and services, analysis and search cookies and cookies for the sending of advertising messages. You can accept, reject or configure cookies when you first log in to the Marketplace and you can change your selection at any time by visiting the “Cookies” section of our Privacy Centre: https://www.comatch.com/privacy/cookies. You can also find a more detailed description of the cookies we set there.

For web analysis we use:

Google Analytics

We use Google Analytics on our website, a service provided by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. This is a web-based analysis tool with which we can analyse the use of our website and make our presence more interest-oriented.

When you visit our website, Google Analytics places a cookie on your device which can be used to recognise your browser and analyse your behaviour. If you access subpages of our website, the personal data collected by Google Analytics includes:

  • your IP address
  • the subpage accessed and time of access
  • source of your visit (i.e. via which website you came to us)
  • technical information (information about your browser, internet provider, device and screen resolution)
  • the achievement of “website goals” (e.g. contact requests, newsletter registrations)

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (TTDSG), but only in the event that you have consented to the selection in our cookie banner.

We would like to inform you that you can revoke your consent in accordance with Art. 7 para. 3 GDPR at any time and without stating reasons with effect for the future. You can revoke your consent by sending an email to [email protected] or by contacting us in one of the ways listed in the legal notice. Alternatively, Google provides a deactivation add-on which can be installed on the usual Internet browsers. You can find the link to the deactivation add-on here: https://tools.google.com/dlpage/gaoptout?hl=en. This add-on ensures that the information about your visit to our website is not transmitted to Google Analytics.

We cannot rule out the possibility that personal data may be transferred outside the jurisdiction of the European Union, e.g. to servers located in the USA. We would also like to specifically point out that an equivalent level of data protection cannot be guaranteed for the USA.

For details on the collection and storage of your personal data and on the nature, scope and purpose of its use by Google Analytics, please refer to Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=en.

LinkedIn Insight Tag

On our website, we use the LinkedIn Corporation’s LinkedIn Insight Tag and the associated conversion tracking technology, as well as the retargeting function of the LinkedIn Ireland Unlimited Company, based in Wilton Place, Dublin 2, Ireland.

When you visit our website, the LinkedIn Insight Tag places a cookie on your device, with which LinkedIn members can be identified and their behaviour analysed. The personal data collected by the LinkedIn Insight Tag includes:

  • your IP address
  • referrer URL and URL
  • time of access
  • technical information (information about your browser, internet provider, device and screen resolution)

This data is encrypted and anonymised within seven days. The anonymised data will be deleted within 90 days. We do not receive any personal data from LinkedIn. We are not necessarily able to comprehend the individual data processing operations and their scope. We can only see summarised reports about the website target group and the display performance in order to achieve a target group-oriented improvement of the user experience when you visit our website.

If you are logged into your LinkedIn account during an online session, LinkedIn will assign your visit to our website to your personal user account. The use of the LinkedIn Insight Tag also enables retargeting of visitors to our website. This retargeting means that we can target visitors to our website with advertising outside of our website.

If you do not agree with LinkedIn assigning the collected data directly to your LinkedIn account, we recommend that you log out of your LinkedIn account, delete your cookies as part of the browser setting and restart the browser. You can also object to collection by the LinkedIn Insight Tag by selecting the advertising settings in your LinkedIn profile. Alternatively, you can use the following link to deactivate the use of the LinkedIn Insight Tag and the use of interest-based advertising on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The use of the LinkedIn Insight Tag is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (TTDSG), but only in the event that you have consented to the selection in our cookie banner.

We would like to inform you that you can revoke your consent in accordance with Art. 7 para. 3 GDPR at any time and without stating reasons with effect for the future. You can revoke your consent by sending an email to [email protected] or by contacting us in one of the ways listed in the legal notice.

We cannot rule out the possibility that personal data may be transferred outside the jurisdiction of the European Union, e.g. to servers located in the USA. We would also like to specifically point out that an equivalent level of data protection cannot be guaranteed for the USA.

For details on the collection and storage of your personal data and on the nature, scope and purpose of its use by the LinkedIn Insight Tag, please refer to LinkedIn’s privacy policy. Here, you will also find further information on your rights and settings options for protecting your privacy https://de.linkedin.com/legal/privacy-policy?#choices-oblig.

Hotjar

We use Hotjar on our website. This is a web analytics service provided by Hotjar Limited, Level 2, St. Julian’s Business Centre 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta.

When you visit our website, Hotjar places a cookie on your device with which we analyse and statistically evaluate the behaviour of visitors to our website and make our presence more interest-oriented. The personal data collected by Hotjar includes:

  • your IP address
  • the subpage accessed and time of access
  • your preferred language setting
  • location information
  • technical information (information about your device, operating system, browser, incoming or outgoing links and screen size)

The use of Hotjar is based on the consent you have provided us with via your selection in our cookie banner in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG.

We would like to inform you that you can revoke your consent in accordance with Art. 7 para. 3 GDPR at any time and without stating reasons with effect for the future. You can revoke your consent by sending an email to [email protected] or by contacting us in one of the ways listed in the legal notice. You can also terminate analysis of your user behaviour by means of the “opt-out”. By clicking on the https://hotjar.com/opt-out link, a cookie is set on your browser which immediately prevents further analysis. Please note that you must click on the above link again if you delete the cookies stored on your device.

We cannot rule out the possibility that personal data may be transferred outside the jurisdiction of the European Union, e.g. to servers located in the USA. We would also like to specifically point out that an equivalent level of data protection cannot be guaranteed for the USA.

For more information on the purpose and scope of data collection and processing by Hotjar, please refer to the privacy policy. Here, you will also find further information about your rights and settings options for protecting your privacy: https://hotjar.com/privacy.

Google Fonts

We use Google Fonts on our website, a service provided by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Google Fonts enables us to integrate different web fonts on our website.

When you access our website, the required font is loaded from your web browser into the browser cache. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this feature, your computer will use a standard font. These fonts are integrated by accessing a Google server. The personal data collected by Google Fonts includes:

  • your IP address
  • the page you are visiting
  • your preferred language setting
  • technical information (information about your browser, Internet provider, device, screen resolution and operating system)

Google Fonts are used in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (TTDSG), but only in the event that you have consented to the selection in our cookie banner.

We would like to inform you that you can revoke your consent in accordance with Art. 7 para. 3 GDPR at any time and without stating reasons with effect for the future. You can revoke your consent by sending an email to [email protected] or by contacting us in one of the ways listed in the legal notice.

We cannot rule out the possibility that personal data may be transferred outside the jurisdiction of the European Union, e.g. to servers located in the USA. We would also like to specifically point out that an equivalent level of data protection cannot be guaranteed for the USA.

For details on the collection and storage of your personal data and on the nature, scope and purpose of its use by Google Fonts, please refer to Google’s privacy policy: https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. This is an organisational tool that allows us to manage our analysis tags through a single interface.

Google Tag Manager collects data on our website and forwards it to our connected analysis tools. The connected analysis tools store and evaluate this data. Google Tag Manager neither sets cookies nor stores any personal data. The organisational tool simply collects data about how individual tags are used.

Google Tag Manager is used in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (TTDSG), but only in the event that you have consented to the selection in our cookie banner.

We would like to inform you that you can revoke your consent in accordance with Art. 7 para. 3 GDPR at any time and without stating reasons with effect for the future. You can revoke your consent by sending an email to [email protected] or by contacting us in one of the ways listed in the legal notice.

We cannot rule out the possibility that personal data may be transferred outside the jurisdiction of the European Union, e.g. to servers located in the USA. We would also like to specifically point out that an equivalent level of data protection cannot be guaranteed for the USA.

For more information about Google Tag Manager, please visit https://support.google.com/tagmanager/answer/9323295?hl=en. For details on the collection and storage of your personal data and on the nature, scope and purpose of its use by Google Tag Manager, please refer to Google’s privacy policy: https://policies.google.com/privacy.

Processing of your data when you make an application

You can apply for vacancies via our website or send us a speculative application. We process your application data electronically as part of the application process.

We only process applicants’ data in order to fulfil our (pre)-contractual obligations within the framework of the application process in accordance with Art. 6 para. 1 lit. b GDPR in conjunction with § 26 of the Federal Data Protection Act (new) (BDSG (Neu)). In order to guarantee that your application will only be processed by the authorised person within our company, we request that you use the intended application platform or the contact address on our “Careers” page. In the event of your application being rejected, your documents will be deleted or destroyed immediately, and when destroying the documents, we will always observe the legally stipulated minimum level of security.

In exceptional cases, there will be no immediate deletion if, for legal reasons, we need to store your personal data for longer (e.g. due to a duty of proof within the meaning of the General Equal Treatment Act (AGG)) or until the conclusion of legal proceedings. The legal basis for this arises from Art. 6 para. 1 lit. f GDPR in conjunction with § 24 para. 1 no. 1 of the Federal Data Protection Act (BDSG). Our legitimate interest lies in any legal defence we may have to mount.

We will only keep your application for a longer period of time in order to contact you again at a later date about career prospects with us if you have previously given us your consent in accordance with Art. 6 para. 1 lit. a GDPR.

We would like to inform you that you can revoke your consent in accordance with Art. 7 para. 3 GDPR at any time and without stating reasons with effect for the future. You can revoke your consent by sending an email to [email protected] or by contacting us in one of the ways listed in the legal notice.

In the event of your application being accepted and an employment contract being subsequently concluded, we will store the personal data you submitted as part of your application for the usual administrative and organisational purposes. The legal basis for this arises from Art. 6 para. 1 lit. b GDPR in conjunction with § 26 of the Federal Data Protection Act (new) (BDSG (Neu))

External service providers

For the operation of this website, we use the services of a service provider specialising in web hosting. We will provide you on request with a detailed overview of the service providers we have included. Data is not passed on to other service providers.


E. Your rights: information, revocation, changes, corrections and updates, deletion, restriction of processing, data portability and right to lodge a complaint

You can exercise your rights to data protection at any time and without incurring any cost. We will examine and answer each request individually. For your data protection concerns, you can contact both responsible persons at any time or directly to our data protection officer: [email protected].

You have the following rights based on the processing of your personal data:

Right to information in accordance with Art. 15 GDPR

You have the right to receive information at any time, free of charge, about whether we are processing personal data relating to you.

Right to rectification in accordance with Art. 16 GDPR

You have the right, within the scope of Art. 16 GDPR, to request from us without delay the correction of inaccurate personal data and/or the completion of incomplete personal data relating to you.

Right to deletion in accordance with Art. 17 GDPR

You have the right, within the scope of Art. 17 GDPR, to request the immediate deletion of your personal data. Statutory retention periods which prevent deletion must be taken into account.

Right to restriction in accordance with Art. 18 GDPR

You have the right, within the scope of Art. 18 GDPR, to request the restriction of data processing relating to you.

Right to data portability in accordance with Art. 20 GDPR

You have the right, within the scope of Art. 20 GDPR, to receive the personal data which you provided and which relates to you in a structured and machine-readable format and to transfer this data to another controller.

Right of objection in accordance with Art. 21 GDPR

You have the right, within the scope of Art. 21 GDPR, to object at any time to the processing of personal data relating to you for reasons arising from your particular situation, provided that the processing is based on an overriding interest or your data is used for the purpose of direct advertising.

Revocation in the event of consent in accordance with Art. 7 para. 3 GDPR

If you have provided your personal data on the basis of consent, you have the right to revoke this consent for the future at any time and without stating a reason in accordance with Art. 7 para. 3 GDPR. We would like to point out that the revocation of consent does not affect the legality of the processing carried out on the basis of the consent prior to the revocation.

Right to lodge a complaint in accordance with Art. 77 GDPR

Furthermore, if you believe that the processing of your personal data by COMATCH GmbH is unlawful, you have the right to contact a data protection supervisory authority informally at any time, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

The supervisory authority responsible for us:

The Berlin Commissioner for Data Protection and Freedom of Information

Maja Smoltczyk
Friedrichstr. 219
10969 Berlin


F. Data security

COMATCH strives to ensure the security of your personal data. We (and our external service providers) use a number of industry standard security technologies and procedures to protect your personal information from unauthorised access, use or disclosure. When we offer our services and, in particular, when you enter sensitive information (e.g. account information) in your profile, we (or our external service providers) will encrypt the transmission of said information using Secure Sockets Layer Technology (SSL).


G. Validity and changes to this privacy policy

You can view and print out the data protection regulations at any time on the website at https://www.comatch.com/privacy.

We are entitled to amend these data protection regulations in compliance with the current rules.