PRIVACY POLICY

The following privacy policy explains the extent to which we store, process, and use the personal information that we collect when you visit our website.

Who is responsible?

TRACK GmbH (Bernhard-Nocht-Str. 113, 20359 Hamburg, Germany) is responsible for this website. For further information about our company and persons authorized to represent and act on TRACK’s behalf, please visit About this website.

What information is collected and stored?

1. SUBJECT MATTER AND SCOPE
We take the protection of your personal data very seriously. With this Privacy Policy, we would like to inform you about which personal data we collect and how and for what purposes it is processed.

This Privacy Policy applies to visits to our website and to various other data processing operations, for example also when you visit our social media pages, when you contact us, when we work with you as a customer or as a supplier or when you apply to work for us as an employee or as a freelancer.

We always treat your personal data in accordance with the statutory data protection regulations and this Privacy Policy.

2. CONTROLLER AND DATA PROTECTION OFFICER
The Controller is TRACK GmbH, Bernhard-Nocht-Straße 113, 20359 Hamburg, Germany, Tel.: +49 40 33 959–0, e-mail: [email protected].

If you have any questions about data protection, you can contact our data protection officer at any time by e-mail at [email protected].

3. VISITING OUR WEBSITE
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your end device.

Ensuring the confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct errors on the websites.

For these purposes, the following data is logged:

  • IP address of the calling computer
  • Operating system of the calling computer
  • Browser version of the calling computer
  • Name of the retrieved file
  • Date and time of the retrieval
  • Amount of data transferred
  • Referring URL

This data is regularly deleted automatically after a few days.

Our websites are hosted by a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.

4. CONTACTING US
If you contact us to request information or documents, the information you provide will be stored for the purpose of processing the request.

We need the information requested in a contact form on the website to process your enquiry, to address you correctly and to send you a reply.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is to communicate with interested parties, visitors and customers.

If the contact or communication is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the legal basis for the processing is Art. 6 (1) lit. b) GDPR.

Enquiries and orders are stored in our CRM system. The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or interested party relationship or if a conflicting interest of the customer outweighs this, we will delete the data in question, provided that there are no statutory retention obligations to the contrary.

The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the marketing of our services.

5. CUSTOMER AND SUPPLIER DATA
We process the data of our prospective customers, customers, service providers and suppliers within the framework of the provision of our contractual services. In doing so, we may process inventory data (for example, name, address), contact data (for example, email address, telephone number), content data (for example, photos, videos), contract data (for example, subject matter of the contract, term), payment data and data collected in the course of providing the service and/or processed to provide the service. This data is regularly stored in our CRM system (see also above under “Contacting us”).

The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR.

6. NEWSLETTER
6.1 Registration for our newsletter
On our website, you can register to receive a newsletter by e-mail. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this Privacy Policy.

In order to verify that a registration for the sending of a newsletter is made by the actual owner of an e-mail address, we use the so-called “double opt-in” procedure. In this process, after registration of an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link are also transmitted to us.

The registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the above contact details.

The legal basis for the processing of data after registration for the newsletter is your consent pursuant to Art. 6 (1) lit. a) GDPR.

6.2 Newsletter analysis
A statistical analysis of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.

The legal basis for this analysis is your consent pursuant to Art. 6 (1) lit. a) GDPR.

6.3 Newsletter service provider
We use an external service provider as a data processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request.

7. COOKIES
Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies may be small files or other types of information storage. Information is stored in cookies that is related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain immediate knowledge of your identity.

When you visit our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are necessary for the display of the website with a content management system (e.g., TYPO3), which are used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.

The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of our website.

We also use non-essential cookies, for example to collect additional information about the interests of visitors to our websites or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.

The legal basis for the processing of personal data using such non-essential cookies is your express consent, which we ask you to give when you visit our website before non-essential cookies are set.

8. GOOGLE TAG MANAGER
We use Google Tag Manager on our website. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used, and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

9. WEB ANALYTICS
We use web analytics services on our website or on parts of the website to record how our website is used by its visitors and to optimize the website and its presentation.

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Cookies are set as part of Google Analytics. In addition, data is transmitted to Google servers in the USA. Within the scope of IP anonymization, the collected IP address of the user is shortened by Google within the European Economic Area before being transmitted to the USA. Only in exceptional cases, in the event of technical faults in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses will not be merged with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link, which informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data processing by Google can be found in Google’s Privacy Policy: https://www.google.com/policies/privacy.

When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request.

The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.

You may prevent the use and storage of cookies as well as prevent Google from recording and processing the data generated by the cookies and pertaining to your use of the website (including your IP address). Simply download and install a browser plug-in available at the following link, and select the appropriate settings on your browser software:

https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, especially for mobile devices, you can prevent Google Analytics from recording and processing information by clicking the following link. An opt-out cookie is created that prevents the future recording of your visits to this website. Deactivate Google Analytics  http://tools.google.com/dlpage/gaoptout?hl=en

You can find further information about the Google Analytics Terms of Use and Privacy Policy at https://policies.google.com/privacy

Do you want to change your preference regarding the analysis of your interaction with this website?


10.
YOUTUBE
YouTube videos are embedded on our website. These are provided, via a plugin, by Google Ireland Ltd. in Ireland (“YouTube”).

We use the “extended data protection settings” for embedded YouTube videos, this means that YouTube does not set any cookies.

Nevertheless, when you visit a website with the YouTube plugin, a connection to YouTube is inevitably established and your IP address is transmitted to YouTube in the process.

When using YouTube, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request.

Further information on data protection at YouTube can be found in YouTube’s Data Protection and Security Centre:

https://support.google.com/youtube/topic/2803240?hl=de&ref_topic=6151248

The legal basis for this data processing when using YouTube is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the integration of videos and the associated optimization of the interactivity of our website and our customer interactions.

11. SOCIAL MEDIA BUTTONS
Social media buttons of various social media networks (e.g., Xing, LinkedIn and Instagram) are integrated on our website.

If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policies of the providers of the social media networks.

The legal basis for the integration and use of the social media buttons is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the marketing of our offers and our website.

12. SOCIAL MEDIA PAGES (“FANPAGES”)
We maintain a publicly accessible profile on various social media networks, for example Facebook, YouTube and/or LinkedIn (“social media pages” or “fan pages”).

If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, please refer to the privacy policies of the respective social media network. We do not have any further information on this.

We will be happy to provide you with information on the appropriate safeguards for the transfer of data to third countries in accordance with Art. 46 GDPR at any time upon request.

You can assert your data subject rights in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the presence and marketing of our products and services on the Internet.

13. FONTS
In order to display the content of our website correctly and graphically appealing across browsers, we use font libraries on this website. Calling up font libraries automatically triggers a connection to the operator of the respective library. In this process, your personal data is processed by the operator of the respective library, on the one hand your IP address for the provision of the font, and on the other hand partly for licensing reasons of the respective font, if the number of visits to the website has to be recorded. You can prevent the use of such libraries and the associated data transfer by installing a JavaScript blocker (e.g. www.noscript.net).

When using font libraries, there may be a transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request.

The legal basis for this data processing when using such libraries is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

14. JOB APPLICATIONS

14.1 Active Sourcing
We carry out so-called active sourcing measures to identify promising potential employees on the external labor market and actively contact potential applicants and employees. The purpose of data processing is recruitment, e.g. by individually drawing the attention of promising candidates to job vacancies in our company.
We collect the following categories of data for active sourcing: Surname, first name, gender, contact details, education, professional experience, qualifications, salary data, application data, non-professional experience and interests and other information resulting from public profiles on social networks, in particular LinkedIn and Xing, and/or from other publicly accessible sources on the internet.
All personal data processed in the context of active sourcing is collected from generally/publicly accessible sources on the Internet, in particular from social networks such as LinkedIn and Xing.
The legal basis for the collection and processing of publicly accessible data in the context of active sourcing is the Controller’s legitimate interest in identifying, approaching and recruiting the best possible employees for the company.

14.2 Application Process
We collect and process personal data from applicants for the purpose of carrying out the application process.
If we conclude an employment contract with an applicant, the data transmitted will be processed for the purpose of implementing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be deleted immediately after the end of the application procedure, provided that there is no overriding legitimate interest in deletion, such as the defense against claims or the preservation of evidence in accordance with equal treatment and anti-discrimination laws.
The legal basis for this storage and processing is the implementation of pre-contractual measures.

14.3 Talent Pool
If the applicant has consented to a longer storage of his/her data, we will store the data submitted as part of the application in our talent pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, contact the applicant in this regard. After this period, the data will be deleted.
Such consent to the storage of application data in our talent pool can be withdrawn at any time for the future. To do so, please send us an email to [email protected].
The legal basis for the storage of application documents in our Talent Pool is, where applicable, the explicit consent of the applicant, which can be revoked at any time.

15. FREELANCER DATABASE
With the registration in our freelancer database, we collect and process the information provided during registration in order to find, contact and inquire about suitable freelancers for specific projects. In some cases, we also ask for data that serve the quick and unproblematic processing of an order (e.g. bank account details). We also process concrete inquiries and orders in the freelancer database.

The data requested as mandatory fields are required for the project-related selection of suitable freelancers. All other information is voluntary. The freelancer data is only made available to those persons and departments in our company who make the decision on the assignment of a freelancer or are involved in it. These may also be employees of affiliated companies.

We store the data for as long as an assignment as a freelancer is potentially a possibility. If the freelancer is no longer interested in a potential future assignment, we will of course delete the data from our freelancer database immediately upon request. In this case, please contact us at [email protected].

The legal basis for the processing of the data in the freelancer database is Art. 6 (1) lit. b) GDPR, the processing for the performance of a contract or for the implementation of pre-contractual measures.

16. VIDEO CONFERENCES AND WEBINARS
If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter “video conferences”) organized by us, we process your personal data in the course of your participation.

When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.

If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.

To enable participation in the video conference, data from your terminal’s microphone and any terminal video camera and, if you share your screen, information from this “screenshare” is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.

Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained.

You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them.

Insofar as personal data of our employees is processed, § 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing, insofar as German law is applicable to the processing of employee data.

If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest is in the effective implementation of video conferences.

Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar).

Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1) f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences.

We use one or more service providers as processors for the implementation of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR.

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request.

17. AGE RESTRICTION
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.

18. RECIPIENTS OF DATA
Within our company, your data will be received by those internal departments or organizational units that need it to fulfil their tasks, where applicable to fulfil contracts with you, to process data with your consent or to protect our (overriding) legitimate interests.

Data will only be passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, e.g., on the basis of Art. 6 (1) lit. b) GDPR for contractual purposes or to protect our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR in the effective performance of our business operations.

Insofar as we use service providers or third-party providers in the context of providing the website and/or providing our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data.

If, in the course of providing the website and/or our services, we use content or tools from service providers or third-party providers whose registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. The transfer of data to third countries only takes place if either an adequate level of data protection, consent or other legal permission, in particular appropriate safeguards in accordance with Art. 46 GDPR, exists.

19. YOUR RIGHTS
You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and a right to correction, blocking or deletion of this data. You also have the right to restrict processing and to object to processing.

You also have the right to have your data that we process automatically handed over to you or to a third party in a common, machine-readable format.

To exercise your rights, please contact us using the contact details above.

You also have the right to lodge a complaint with the competent data protection supervisory authority.

20. WITHDRAWAL OF CONSENT
Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. To do so, it is sufficient to send us an informal message by e-mail using the contact details provided above. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

21. RIGHT TO OBJECT
INSOFAR AS YOUR DATA IS PROCESSED TO PROTECT OUR LEGITIMATE INTERESTS, AS EXPLAINED IN THIS PRIVACY POLICY, YOU MAY OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE. TO DO SO, PLEASE CONTACT US USING THE CONTACT DETAILS PROVIDED ABOVE.

IN PRINCIPLE, YOU ONLY HAVE THIS RIGHT TO OBJECT IF THERE ARE GROUNDS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT TO OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR THESE PURPOSES UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF THE PROCESSING IS FOR THE PURPOSES OF DIRECT MARKETING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN NO LONGER BE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, REGARDLESS OF THE GROUNDS FOR THE OBJECTION.

22. MANDATORY DATA
The provision of personal data is not required by law or contract, nor are you obliged to provide personal data, however, the provision of personal information is necessary for the conclusion of a contract in that certain information is mandatory in order to conclude (and perform) a contract.

23. AUTOMATED DECISION MAKING
We do not use automated decision-making including profiling.

24. RETENTION AND DELETION
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the storage periods provided for by law.

If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

25. DATA SECURITY
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, enquiries or payment data that you send to us.

26. CHANGES TO THIS PRIVACY POLICY
We reserve the right to amend this Privacy Policy from time to time so that it always complies with the current legal requirements or in order to implement changes to our services in the Privacy Policy, e.g. when introducing new services. The new Privacy Policy will then apply to your next visit.