With the following privacy notes, we would like to inform you about how we handle your personal data in detail.
A description of how we process personal data when using our website is available in our privacy policy.
Who we are
All references to ‘we’, ‘us’ or ‘the company’ in this Privacy Notice refer to the following organisation:
Virtual Identity AG
Grünwälder Straße 10-14
79098 Freiburg
Germany
+49 761 20758-400
info@virtual-identity.com
https://www.virtual-identity.com
Austria
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Austria
How to contact our data protection officer
The contact details of our designated data protection officer are as follows:
DataCo GmbH
Sandstr. 33
80335 Munich
Germany
+49 89 452459-900
Your rights
You have the following rights under the GDPR:
- right to be informed about how your data is used;
- right of access to your personal data;
- right to correction or rectification of your data;
- right to request deletion of your data;
- the right to object to the processing of your data;
- the right to data portability.
Should you wish to exercise the above rights, please send an email to the following email address: datarequests@virtual-identity.com
In most cases, we will respond to any requests to exercise your rights free of charge and within one month, if not before.
Further information on your right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out in the public interest or based on our legitimate interests.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
The objection can be made without any formalities.
Further information on your right to withdraw consent
In addition, if you have consented to the processing of your personal data, you may revoke your consent at any time. Please note, however, that the lawfulness of the data processing that took place until the revocation is not affected in this case.
Information on publication on the Internet
If personal data has been made publicly accessible and you revoke your consent, we as the responsible body are only obliged to inform other recipients. This does not affect the obligation of these recipients to delete personal data. You can take direct action against other controllers who process your personal data and request deletion. Information posted on the Internet may never be completely deleted, even if it has been deleted from the original page. In any case, the providers of the main search engines are informed of the request for deletion, so that the personal data can at least no longer appear in search queries without further ado. We would like to point out that photos and/or videos on the Internet can be accessed by anyone. Despite all technical precautions, it cannot be ruled out that such persons may continue to use the photos and/or videos or pass them on to other persons. We are not liable for third parties using the photos for other purposes, including in particular by downloading and/or copying photos.
Your right to complain
If you are unhappy with any aspect of this privacy notice, or how your personal data is being processed, please contact our data protection officer.
You also have the right of appeal to a supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg. You can reach this authority at:
Address:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Postal address:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart
Phone: +49 711/615541-0
Fax: +49 711/615541-15
E-mail address: poststelle@lfdi.bwl.de
For Applicants
When you submit a job application to us, we act as the data controller of the personal data processed in relation to your application. This means that we are responsible for deciding how we collect, use and store information about you regarding your application.
Personal data we collect to assess your suitability for the position
As part of the application process, we will only process data that is related to your application. This includes the following (‘Application File Data’):
- Personal Identification Information: Includes your fist name, last name, title and academic degrees
- Contact Information: Your address, email address, and phone numbers.
- Certificates
- Career Information / Curriculum Vitae: Employment history, qualifications, cover letter, interview notes, work portfolio and/or results from any assessments or tests.
- Optional application video
- Third party references
- Any additional personal data which you voluntarily share with us during the course of email communications or provided in your CV like optional photograph, date of birth etc.
- Optional Bank account data for reimbursement of travel expenses.
Personal data processed when accessing application forms on our website (‘Application Form Metadata’)
In order to ensure the secure and efficient operation of our website, the following personal data is automatically processed:
- Information about the browser type and the version used
- The user’s operating system
- Date and time of access
- Websites from which the user’s system accessed our website
- Websites the user’s system accessed through our website
- Online user activity data (e.g. pseudonymised user ID, interactions with website etc.)
- Other website usage data as mentioned in our privacy policy
Personal data we collect to confirm your eligibility for employment – Right to work check
Under German employment law, if you are from outside the EU/EEA or Switzerland, we are obligated to ensure that you are legally permitted to work in Germany. To fulfil this requirement, we will process the following personal data (‘Right to Work Data’):
- Photographic identification
- Residence and work permit or other documentation confirming eligibility to work in Germany
- Passport and/or visa copy
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. In particular, we process your personal data for the following purposes and under the following legal bases:
| Purpose | Categories of data | Legal Basis |
|---|---|---|
| Assessing suitability for the position being applied for | Application File Data | Contract – Art. 6 (1)(b) GDPR |
| Enabling you to securely use our online application form | Application Form Metadata | Legitimate interests – Art. 6 (1) (f) GDPR |
| Implementation of pre-contractual measures | Application File Data | Contract – Art. 6 (1)(b) GDPR |
| Inclusion in the talent pool with your consent | Application File Data | Contract – Art. 6 (1)(a) GDPR |
| Verifying your right to work | Right to Work Data | Legal obligation – Art. 6 (1)(c) GDPR and Article 9 (2)(b) GDPR in conjunction with German Act on the Residence, Economic Activity and Integration ofm Foreigners in the Federal Territory (Aufenthaltsgesetz – AufenthG) and German Ordinance on the Employment of Foreigners (Beschäftigungsverordnung – BeschV) |
| Assertion, exercise of defence of legal claims | Application File Data | Legitimate interests – Art. 6 (1)(f) GDPR, Art. 9 (2)(f) GDPR |
| Optionally reimburse travel expenses | Bank account data | Contract – Art. 6 (1)(a) GDPR |
Please note:
- Where your data is processed under the performance of a contract or for a legal obligation, if you do not provide the data requested, we will be unable to advance your application.
- Where we process your personal data under the legitimate interests legal basis, you have the right to object to the processing of your personal data. Whether your objection is successful will depend on a balancing of interests assessment, weighing the legitimate interests in question against your individual rights and interests.
Most of the information we collect about you during the application process is provided directly by you.
In addition to personal data we collect directly from you, we might also collect personal data from the following sources:
- Recruitment agencies
- Reference providers
- Public internet
- Professional social networks (only publicly available data)
- Government bodies and authorities
We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
We use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Personio Privacy Policy | Personio SE & Co. KG | Personio is our HR tool. Data from your application will be stored in their system, when we prepare your employment contract | Germany |
| Join Privacy Policy DPA | JOIN Solutions GmbH | We are using JOIN to publish job advertisements. Users can start their application directly from these ads. | Germany |
| LinkedIn Professional Network Privacy Policy | LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | We use LinkedIn to present our company on the platform, to publish job ads and to find candidates and get in contact with them. | Ireland, USA Third country transfer under EU-U.S. DPF, EU SCCs |
| Microsoft Outlook, Teams, Microsoft 365 Privacy Policy | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. | We use Microsoft Outlook for communicating with you via email and Microsoft Teams for application interviews. | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| Recruitee by tellent Privacy Policy DPA | Recruitee B.V. Keizersgracht 313 1016 EE Amsterdam The Netherlands | Applicant tracking system, matching applicant data with jobs and communicate with applicants. Optionally store contact data in talent pool. Exporting Data to Personio to prepare employment. | The Netherlands |
| Xing Professional Network Privacy Policy | New Work SE Am Strandkai 1 20457 Hamburg | We use Xing to present our company on the platform and to find candidates and get in contact with them. | Germany |
We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.
Affiliated Group entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- If there are outstanding obligations from the contractual relationship
- If a deletion conflicts with contractual, legal or statutory retention periods
- For the assertion, exercise or defence of legal claims
- If this is required for the fulfilment of a legal obligation to which we are subject.
Unsuccessful applications
Insofar as an employment relationship between you and us is not established, your personal data will be deleted from the system no later than six months after the termination of the process.
Should you wish to take part in an application pool, your application file and the personal data contained within will be included in the applicant pool and stored there for a maximum of 12 months from the date of consent, or until the revocation of your consent.
Successful applicants
In the event of employment in our company, your personal data will only be deleted following the termination of your employment. If your personal data may be relevant and necessary to retain for the purpose of the assertion, exercise or defence of legal claims, relevant data will be retained for a further period corresponding to the relevant statutory limitation periods.
For Clients and interested parties
This Privacy Notice sets out how we use personal data for the following individuals:
- Our clients who are individuals, as well as representatives or contact persons of our clients who are legal entities
- Interested parties who are individuals, as well as representatives or contact persons of interested parties who are legal entities
Where we choose, or assess whether to choose, to enter a business relationship with a client or other interested party, we are the controller of any personal data that you give to us for the purpose of enabling that business relationship. This means that we are responsible for deciding how we collect, use and store information about you regarding our relationship.
Within the scope of the business relationship, we may collect the following personal data about our clients or interested parties:
- Personal Identification Information: First name, last name, title
- Contact Information: Email address (business), telephone number (business), Company postal address (business)
- Payment Information:Bank account number, Credit/debit card details, billing address, tax identification numbers and business registration details, purpose and other information relating to financial transactions, maturity of receivables, amount of receivables
- Professional Information: Company name, department, industry, job title
- Photo and Video: photos (optionally, if you provide it), screenshots, video recordings of online meetings, photos or video recordings of meetings or workshops.
- Unincorporated Business Status: For sole traders or partnerships, including details of the business and its operations.
- Contracts and Agreement Details: Documentation of the terms of our financial arrangements with you.
- Legal Claims or Proceedings: Information related to any legal actions involving you that might affect our relationship.
- Compliance Documentation: Data necessary for anti-money laundering (AML) checks, know your customer (KYC) processes, and other regulatory requirements.
- Credit Scores and History: Obtained from credit reference agencies to assess your creditworthiness.
- Account Transactions: Detailed records of transactions including dates, amounts, and descriptions.
- Invoices and Statements: Copies of billing documents sent to or received from you.
- Correspondence: Copies of communications between you and us, including emails, letters, and notes from phone calls.
- Customer Service Records: Details of interactions with our customer service teams, including inquiries, complaints, and feedback.
- All other personal data: provided to us during communication.
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. We may process your personal data for the following purposes and under the following legal bases:
| Purpose | Legal basis |
|---|---|
| Process requests from interested parties | Legitimate interests – Art. 6 (1) (f) GDPR Performance of contract – Art. 6 (1) (b) GDPR |
| Prepare and carry out pre-contractual measures – incl. e.g. preparing and sending offers, agreements or contractual conditions aiming to conclude the contract | Performance of contract – Art. 6 (1) (b) GDPR |
| Establishment, execution and termination of the contractual relationship | Performance of contract – Art. 6 (1) (b) GDPR |
| Invoicing and B2B financial accounting, i.e. all activities related to recording, summarising and reporting various B2B transactions resulting from business operations | Performance of contract – Art. 6 (1) (b) GDPR Compliance with legal obligations – Article 6(1)(c) GDPR |
| Include contact details in our customer relationship management system | Legitimate interests – Art. 6 (1) (f) GDPR |
| Customer management and service – e.g. customer inquiries and communication via email or phone | Legitimate interests – Art. 6 (1) (f) GDPR Performance of contract – Art. 6 (1) (b) GDPR |
| Conduct business surveys to obtain a realistic picture of market requirements and to better understand the business needs | Legitimate interests – Art. 6 (1) (f) GDPR |
| Carry out marketing initiatives like newsletters, whitepaper downloads or invitations to events or webinars | Legitimate interests – Art. 6 (1) (f) GDPR Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Inform about our products and services. Incl. sending (direct) advertising by email or telephone | Legitimate interests – Art. 6 (1) (f) GDPR |
| Assigning receivables | Performance of contract – Art. 6 (1) (b) GDPR |
| Securing debts via guarantees | Performance of contract – Art. 6 (1) (b) GDPR |
| Implementing and managing the debt assignment process | Legitimate interests – Art. 6 (1) (f) GDPR Compliance with legal obligations – Article 6(1)(c) GDPR, where necessary to comply with legal and regulatory obligations |
| Consultation and data exchange with credit agencies to determine credit and default risks | Legitimate interests – Art. 6 (1) (f) GDPR |
| Detecting and preventing fraud | Legitimate interests – Art. 6 (1) (f) GDPR |
| Comply with legal and regulatory obligations. Incl. the transmission of personal data to tax consultant office | Compliance with legal obligations – Article 6(1)(c) GDPR |
| Fulfil post-contractual measures | Performance of contract – Art. 6 (1) (b) GDPR |
| Assert, exercise or defend legal claims | Legitimate interests – Art. 6 (1) (f) GDPR |
We are conducting business surveys to better understand the business needs of interested parties and clients. Participation in these surveys is explicitly voluntary and not associated with any contractual obligations. If you take part in a survey, you give us your consent to process and store your email address and other data you provide in the survey.
Collected data of business surveys is used exclusively to obtain a realistic picture of market requirements and the needs of prospective clients or partners. Individual results and data you provide to us through a survey will not be published in any way.
We might contact you by email, sending you results of the survey, asking further questions or providing you offers, helping you to fulfil your business needs.
Most of the personal data that we process is sourced directly from our clients or interested parties in the course of communication and contractual relationships.
We collect data from clients or interested parties in the following manners:
- Requests and data sent via the contact form on our website
- Requests and data sent via messages to our employees, e.g. via email, LinkedIn messages and other communication channels
- Requests at trade fairs or other events where data is passed on to our employees with the aim of establishing contact
- Individual registration for events on our website
- Individual research about potential interested parties in business directories, contact information on websites, and professional networks
- Querying of the personal data after concluding a contract with us from the persons themselves, or receipt of personal data via an employee of the client company. This could also concern employees of service providers used by a client’s company.
- Entry of employees’ personal data by an administrative assistant of the client in project management, collaboration and communication platforms.
In addition, in some circumstances we will collect personal data from third-party agencies or publicly available sources like business directories or websites to fulfil the purposes for processing your personal data outlined in this Chapter of this Privacy Notice.
We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
External recipients of your personal data may be in particular:
- Freelancers
- Data processors
- Data destruction providers
- Potential business partners in the context of a (future) due diligence review
- Regulatory Authorities e.g. courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control) and law enforcement
- Settlement partners
- Banks, payment providers and other financial or credit institutions
- Credit reference agencies
- Debt Collection agencies
- Legal, professional and tax consultants
- Accounting Offices
- Insolvency practitioners
- Parcel and postal service providers
- Logistics and warehouse providers
- Auditors
- Other creditors
Additionally, we use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Adobe Photoshop, Premiere, Illustrator and Creative Cloud File Storage | Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland Adobe Inc., 345 Park Avenue, San Jose, CA 95110 | We use Adobe apps and cloud services for image and video processing. Depending on the contract and project, personal image data could be shared with Adobe. Also giving you access to such assets, personal data might be shared with Adobe. | Ireland, USA Third-country transfer under EU-U.S. DPF, EU SCCS |
| Docusign Electronic Signature Platform | Docusign International (EMEA) Limited, 5 Hanover Quay Ground Floor Dublin 2 Ireland Docusign Inc., 221 Main Street, Suite 800, San Francisco, CA 94105 Docusign Germany GmbH, | We use Docusign services to manage contractual documents and qualified electronic signatures. Personal data, required to sign a contract, is shared with DocuSign. | Ireland, USA, Germany Third-country transfer under EU SCCs |
| Figma, collaborative UI design platform Privacy Policy | Figma, Inc. 760 Market St FL 10 San Francisco, CA 94102 | We use Figma to collaboratively develop UI/UX designs, concepts and prototypes. Giving you access to such artifacts on Figma.com, personal data might be shared with Figma. | USA, Third-country transfer under EU-U.S. DPF, EU SCCs |
| Jotform, business survey platform | Jotform LTD 25 Cabot Square London E14 4QZ | We are conducting business surveys to obtain a realistic picture of market requirements and to better understand the business needs of interested parties and clients. | UK Third country transfer under EU SCCs |
| LinkedIn Professional Network | LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | We use LinkedIn to present our company, post content and give you the opportunity get in contact with us or to download whitepapers. | Ireland, USA Third country transfer under EU-U.S. DPF, |
| Project Management Software ClickUp Privacy Policy | Mango Technologies, Inc. dba ClickUp, 350 Tenth Ave Suite 500, San Diego, CA 92101 | Project Management and all project related processes | USA, Third country transfer under EU SCCs |
| Microsoft Teams, Microsoft 365 Privacy Statement | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. | We use Microsoft Teams and other Microsoft 365 services and applications for email communication, online meetings, cloud storage and other business processes | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| Miro Collaboration Board Privacy Policy | RealtimeBoard, Inc. dba Miro 201 Spear Street Suite 1100 San Francisco, CA 94105 | We use Miro boards to work collaboratively on projects, concepts and sharing ideas in online meetings. | USA, The Netherlands, Third country transfer under EU-U.S. DPF, EU SCCs |
| Zoho CRM | Zoho Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands | We use Zoho CRM to manage our clients’ contact data and relationship information. | The Netherlands Third country transfer under EU SCCs |
We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.
Affiliated Group Entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- If there are outstanding obligations from the contractual relationship
- If a deletion conflicts with contractual, legal or statutory retention periods
- For the assertion, exercise or defence of legal claims
- If this is required for the fulfilment of a legal obligation to which we are subject.
For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. This obligation also arises from the law, e.g. § 14 UstG or other regulatory and legal obligations. Without this data, we will generally not be able to conclude and execute the contract with you.
For Event participants
This Privacy Notice sets out how we use personal data for the following individuals:
- All individuals who register for and/or attend in-person events
- All individuals who register for and/or attend online events and webinars
When we process your personal data for purposes related to our events, we are the controller of any personal data that you give to us. This means that we are responsible for deciding how we collect, use and store information about you.
If you sign up to participate in an event or webinar organised by us, we ask you to provide certain information so that we can process your interest in the event, provide you with relevant updates, and facilitate and confirm your attendance.
Specifically, we may collect the following information:
- Personal Identification Information: First name, last name, title
- Contact information: Email address, phone number, postal address
- Professional Information: Job title, affiliated organisation, industry
- Accessibility requirements: Information on disabilities or any special assistance needed
- Interest in our products and services: Information regarding your interests in relation to the products, services, or topics related to the event.
During events and webinars, we may collect the following information:
- Photographs and recordings: Photos, video, screenshots or livestream recordings captured during the event
Following events and webinars, we offer the opportunity to provide feedback:
- Opinions and feedback: Responses to post-event surveys or feedback forms, including satisfaction ratings, suggestions for improvement, and descriptions of personal experiences.
- Interest in related products and services: A record of whether you would like to receive communications regarding future events and products or services related to the event topic.
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. In particular, we process your personal data for the following purposes and under the following legal bases:
| Purpose | Categories of data | Legal basis |
|---|---|---|
| Registering your interest and facilitating your participation in our events |
| Legitimate interests – Art. 6 (1) (f) GDPR |
| Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR | |
| Marketing our related products and services to you |
| Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Sharing event content on password-protected websites with all registered participants of the event and/or posting on online channels for marketing purposes |
| Legitimate interests – Art. 6 (1) (f) GDPR Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Collecting feedback to enhance the quality of future events |
| Legitimate interests – Art. 6 (1) (f) GDPR |
| Sharing your information with partners providing services required to organize and hold the event. |
| Legitimate interests – Art. 6 (1) (f) GDPR |
We only transfer your personal data to external parties if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers to support the delivery of our events. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
We use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Amazon Web Services | Amazon Web Services EMEA SARL 38 avenue John F. Kennedy, L-1855, Luxemburg | We use Amazon Web Services to host our website which is based on WordPress. All data submitted in the event registration process will be processed by servers and cloud services hosted via AWS. | Ireland, USA, Third country transfer under EU-U.S. DPF, |
| Instagram Social Network | Meta Platforms Ireland Limited ATTN: Privacy Operations Merrion Road Dublin 4 D04 X2K5, Ireland | We use Instagram to present our company and give you the opportunity get in contact with us. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent | Ireland, USA, Third country transfer under EU-U.S. DPF, |
| LinkedIn Professional Network | LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | We use LinkedIn to present our company and give you the opportunity get in contact with us or to download whitepapers. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent | Ireland, USA Third country transfer under EU-U.S. DPF, |
| Microsoft Teams, Microsoft 365 | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland | We use Microsoft Teams and related Microsoft 365 services to host our online events. | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| QFlow for events, check-in Privacy Policy | Wiretouch Ltd. 71a Church Road Hove, East Sussex BN3 2BB, England | We use Qflow from Wiretouch Ltd. for event check-in | United Kingdom, Third country transfer under EU SCCs |
| Zoho CRM | Zoho Corporation GmbH Trinkausstr. 7 40213 Düsseldorf, Germany Zoho Corporation B. V. Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands | We use Zoho CRM to manage our clients’ contact data and relationship information. This applies to clients and interested parties only. | The Netherlands Third country transfer under EU SCCs |
| Xing Professional Network | New Work SE Am Strandkai 1 20457 Hamburg | We use Xing to present our company and give you the opportunity get in contact with us. For marketing purposes, we may post event content like photographs, audio and video recordings on professional and social networks – if you gave us your consent | Germany |
We would like to point out that we have no influence on the data collection and its further use by the providers of the professional and social networks. Further information on objection and removal options towards the providers of social networks can be obtained directly from these providers.
We also may share event content like photographs, audio and video recordings on a password-protected website with all registered participants of the particular event.
Affiliated Group entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- if there are outstanding obligations from the contractual relationship
- if a deletion conflicts with contractual, legal or statutory retention periods.
- for the assertion, exercise or defence of legal claims
- if this is required under European or national law for the fulfilment of a legal obligation to which we are subject.
For Service Providers and Suppliers
This Privacy Notice sets out how we use personal data for the following individuals:
- Our suppliers, vendors and service providers who are individuals
- Representatives or contact persons of our suppliers, vendors and service providers who are legal entities
For ease of reference, all the above categories of individuals are collectively referred to as ‘suppliers’ throughout this Chapter of this Privacy Notice.
Where we choose, or assess whether to choose, to enter a business relationship with a supplier, we are the controller of any personal data that you give to us for the purpose of enabling that business relationship. This means that we are responsible for deciding how we collect, use and store information about you regarding our relationship.
We process personal data from suppliers and service providers. This is necessary for business operations. The following data is processed in this context:
- Personal Identification Information: First name, last name, title
- Contact Information: Email address (business), telephone number (business), Company postal address (business)
- Professional Information: Company name, department, industry, job title
- Photo and Video: portrait photo (optionally, if you provide it yourself), video recordings of online meetings, photos and video recordings of meetings or workshops.
- Payment Information: Bank account number and/or Credit/debit card details, billing address, tax identification numbers and other business registration details, purpose and other information relating to financial transactions, maturity of receivables, amount of receivables
- Service Delivery Information: Service descriptions, contractual agreements, delivery schedules, service preferences
- Quality Assurance and Feedback: Opinions, feedback on services provided, complaints, suggestions for improvement
- Compliance and Due Diligence Information: Information related to compliance with laws and regulations
- All other personal data: provided to us during communication
We only process your personal data when we have a lawful basis and a legitimate purpose for doing so. We may process your personal data for the following purposes and under the following legal bases:
| Purpose | Legal basis |
|---|---|
| Due diligence & supplier selection | Legitimate interests – Art. 6 (1) (f) GDPR |
| Establishment, execution and termination of a contractual relationship | Performance of contract – Art. 6 (1) (b) GDPR |
| Supplier onboarding | Performance of contract – Art. 6 (1) (b) GDPR/td> |
| Performance of orders | Performance of contract – Art. 6 (1) (b) GDPR |
| Effecting and managing payments | Performance of contract – Art. 6 (1) (b) GDPR |
| Evaluating supplier performance | Legitimate interests – Art. 6 (1) (f) GDPR |
| Audits & Record-keeping | Legitimate interests – Art. 6 (1) (f) GDPR Compliance with legal obligations – Article 6(1)(c) GDPR, where necessary to comply with legal and regulatory obligations |
| Freelancers: Inclusion in our talent pool with your consent | Consent – Art. 6(1)(a) GDPR |
| Consultation and data exchange with credit agencies to determine credit and default risks | Legitimate interests – Art. 6 (1) (f) GDPR |
| Market and opinion research, provided that you have not objected to the use of data for this purpose | Legitimate interests – Art. 6 (1) (f) GDPR Consent – Art. 6 (1) (a) GDPR, Art 9(2)(a) GDPR |
| Comply with legal and regulatory obligations. Incl. the transmission of personal data to tax consultant office | Compliance with legal obligations – Article 6(1)(c) GDPR |
| Claim and manage post-contractual measures | Performance of contract – Art. 6 (1) (b) GDPR |
| Assert, exercise or defend legal claims | Legitimate interests – Art. 6 (1) (f) GDPR |
Most of the supplier personal data that we process is sourced directly from our suppliers.
We collect data from suppliers or service providers in the following manners:
- Receipt of personal data directly from the data subject via establishment of contact by suppliers or service provider
- Receipt of personal data directly from the data subject via establishment of contact by Virtual Identity
In addition, in some circumstances we will collect supplier personal data from third-party agencies or publicly available sources like business directories or websites for the purpose of supplier due diligence and evaluation.
We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
Service providers
As with most organisations, we use service providers which help us to manage our relationship with you and provide value to you in our projects. When we use these service providers, it is necessary for us to share your personal data with them. If we use a service provider for data processing, we remain responsible for the protection of your data. We have concluded agreements with all our service providers to whom we make your data available, obliging them to treat your data confidentially and to process it only in the context of providing the service.
External recipients of your personal data may be in particular:
- Freelancers
- Data processors
- Data destruction providers
- Potential business partners in the context of a (future) due diligence review
- Regulatory Authorities e.g. courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control) and law enforcement
- Settlement partners
- Banks, payment providers and other financial or credit institutions
- Credit reference agencies
- Debt Collection agencies
- Legal, professional and tax consultants
- Accounting Offices
- Insolvency practitioners
- Parcel and postal service providers
- Logistics and warehouse providers
- Auditors
- Other creditors
Additionally, we use the following service providers:
| Service | Provider | Reason why your data is shared | Location of data processing |
|---|---|---|---|
| Adobe Photoshop, Premiere, Illustrator and Creative Cloud File Storage | Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland Adobe Inc., 345 Park Avenue, San Jose, CA 95110 | We use Adobe apps and cloud services for image and video processing. Depending on the contract and project, personal image data could be shared with Adobe. Also giving you access to such assets, personal data might be shared with Adobe. | Ireland, USA Third-country transfer under EU-U.S. DPF, EU SCCS |
| Docusign Electronic Signature Platform | Docusign International (EMEA) Limited, 5 Hanover Quay Ground Floor Dublin 2 Ireland Docusign Inc., 221 Main Street, Suite 800, San Francisco, CA 94105 Docusign Germany GmbH, | We use Docusign services to manage contractual documents and qualified electronic signatures. Personal data, required to sign a contract, is shared with DocuSign. | Ireland, USA, Germany Third-country transfer under EU SCCs |
| Figma, collaborative UI design platform Privacy Policy | Figma, Inc. 760 Market St FL 10 San Francisco, CA 94102 | We use Figma to collaboratively develop UI/UX designs, concepts and prototypes. Giving you access to such artifacts on Figma.com, personal data might be shared with Figma. | USA, Third-country transfer under EU-U.S. DPF, EU SCCs |
| Project Management Software ClickUp Privacy Policy | Mango Technologies, Inc. dba ClickUp, 350 Tenth Ave Suite 500, San Diego, CA 92101 | Project Management and all project related processes | USA, Third country transfer under EU SCCs |
| Microsoft Teams, Microsoft 365 Privacy Statement | Microsoft Ireland Operations, Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. | We use Microsoft Teams and other Microsoft 365 services and applications for email communication, online meetings, cloud storage and other business processes | Ireland, USA, Germany Third country transfer under EU-U.S. DPF, EU SCCs |
| Miro Collaboration Board Privacy Policy | RealtimeBoard, Inc. dba Miro 201 Spear Street Suite 1100 San Francisco, CA 94105 | We use Miro boards to work collaboratively on projects, concepts and sharing ideas in online meetings. | USA, The Netherlands, Third country transfer under EU-U.S. DPF, EU SCCs |
| Recruitee by tellent Privacy Policy DPA | Recruitee B.V. Keizersgracht 313 1016 EE Amsterdam The Netherlands | Freelancers: If you give us your consent, we store your contact data in our talent pool to contact you in the future. | The Netherlands |
Affiliated Group Entities
In addition to service providers, we may share your personal data with affiliated entities within our corporate group for internal administrative purposes, including for centralised IT, HR management, accounting and business operations.
For organizational purposes we may share data with our subsidiaries:
Virtual Identity GmbH
Schönbrunner Straße 213-215
A-1120 Wien
Virtual Identity Sociedade Unipessoal Lda
Rua do Pinheiro Manso 34
4100-304 Porto
International Data Transfers
If your data is transferred to recipients outside the EU, we ensure that this is done in the most data protection-friendly way possible. We make sure your data is given the same level of protection, either because that country has a comparable data protection standard (Adequacy), or by using appropriate safeguards like EU Standard Contractual Clauses (EU SCCs) in accordance with Art. 46 (2) (c) GDPR.
We do not store your personal data longer than it is necessary for the purpose for which it was collected. We will delete your personal data as soon as the purposes for storing no longer apply, you object to the use of your personal data, or you revoke your previously given consent. However, your personal data may also be stored beyond this, in the following cases:
- If there are outstanding obligations from the contractual relationship
- If a deletion conflicts with contractual, legal or statutory retention periods
- For the assertion, exercise or defence of legal claims
- If this is required for the fulfilment of a legal obligation to which we are subject.
For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. This obligation also arises from the law, e.g. § 14 UstG or other regulatory and legal obligations. Without this data, we will generally not be able to conclude and execute the contract with you.
This notice was created with the support of DataGuard.