Privacy statement

Privacy statement

This Privacy Statement is valid until May 24th. As from May 25th, the Privacy Statement listed at the end of this page will apply.

Privacy Statement

Purpose of Data Collection
StepStone aims to assist you with your life long career development. StepStone offers you an excellent career development service, wherever you are in your career, whatever your next step will be. We are committed to establishing a long term relationship, delivering a range of services available to you 24 hours a day, 7 days a week that will help you to take control of your career, your life and your future. 

StepStone wishes to make your job search as easy as possible. You can apply for job vacancies or use the services in your StepStone account. Our CV database and our Job Agent both aim at informing you about job offers or at establishing the contact between you and the potential employer.

One of the fundamentals of the relationship with StepStone – in fact of any relationship – is trust. With StepStone, you can trust we are 100% committed to protecting your privacy. Our goal is to offer you, the user, a secure and risk free service. We will use our best efforts to ensure that the information you submit to us remains confidential, and is used only for the purposes described on our site. 
If you feel however that we are not abiding by the terms of this statement or data protection regulations, please contact our customer services department:

StepStone NV/SA
Koningsstraat 47 Rue Royale
1000 Brussels
Tél: 02 209 98 00
or by e-mail to info@stepstone.be
We will contact you as soon as possible.

1. What information do we collect from candidates on our website, how do we use these and what should you bear in mind?

1.1 StepStone account
For a StepStone account as well as our hereafter listed services you can register either directly by inserting your data on our website or by using facebook connect. For further details regarding the registration through facebook connect we refer to section 10.1.

If you create a StepStone account we will store your email address so that we can send you the StepStone Services (Job Agent, Newsletter, Career Information and requests for your CV). If you do not wish to receive emails from StepStone on your own email address you can receive emails in your personal StepStone Mailbox in and view them online at any time. This Mailbox is exclusively designed for corresponding with the StepStone Services and cannot be used for private email correspondence. If you wish to use the StepStone Mailbox you will have to enter your email address so that we can send you your login details in case you have forgotten them.
If you register for a StepStone account and also wish to enter your CV, we will ask you for person related data. Stored together with your CV, these personal data contains email, name, address, phone number, mobile phone number, photo, sex, citizenship, and date of birth (“personal user data”). The personal user data are treated in strict confidence and are not forwarded to employers unless you create an active, public CV (s.b. item 2) or have given your explicit consent. Furthermore, you have the possibility of forwarding these data to a potential employer – provided that you have explicitly authorised this.
Due to technical reasons we have to request certain personal data (email address, sex, name, zip-code, date of birth) when you register for a StepStone account. However, you do not have to fill in any further personal data, except for an active email address, as long as you do not wish to enter a CV. When you create your CV we ask for several obligatory information, which you can identify by an asterisk. The provision of any other personal user data is completely optional and voluntary. We may also use your personal data in order to send you offers from potential employers through other ways of communication than email. Furthermore we will store the date of your last visit of StepStone as part of your my StepStone account. The last visit e.g. refers to the date of your registration, and last use of StepStone services like your login to the My StepStone account, clicking of links in the StepStone newsletter or jobagent or the use of a StepStone CV.  

1.2 Job Agent
You need a StepStone account in order to use the Job Agent. If you do not have a StepStone account already, a new account will be created when you register the first time. If you register for the Job Agent, you will receive regular information on listings which match a profile that has been defined by you in advance. Accordingly we are not only sending you job ads published on the StepStone website, but also such job ads from selected partners.
Of course we will not disclose your personal profile and details to such partners.

1.3 CVs
StepStone is a Career website and we give you the possibility of placing your CV in our database. If you wish to create your CV – i.e. a summary of your education, your professional experience and skills – with the StepStone CV Center you will have to disclose your personal user data. In order to draw up a CV you need a StepStone account. If you do not have one already, a new account will be created when you draw up a CV the first time.
As a job seeker you have three ways of using StepStone’s CV database:

1.3.1 Inactive CV
You can use your CV stored in our database to attach applications if you apply online to one of the job offers on the StepStone sites. You can attach active as well as currently inactive CV’s. Inactive CV’s are not disclosed and are not searchable. They are just a form of electronically stored support of your application. The data contained therein will not be disclosed, in any form, to any third parties. However, the CV will be forwarded to potential employers as a link not as a snapshot. Therefore, any changes you make later to your CV will also change the version that has been forwarded to a potential employer. Of course, we cannot exclude that the employer enters and stores your CV as a snapshot in his databases. 

1.3.2 Partial Active CV 
You can activate only one part of your CV. This means that although you activate your general profile, the section with your personal user data remains deactivated. Employers thus have the possibility of reading and selecting that part of the CV without the personal user data section, using certain criteria in order to fill their vacancies. Employers will also see the date of your last visit at StepStone (s. 1.1) and the last date when you amended your CV. However, employers have no access to your personal user data (Name, Address, e-mail, Phone number). Only the year of birth and your sex, as far as you have voluntarily provided this information, will be attached to the partial active CV and will be disclosed to the employer if he reads your partial active CV. All other content, entered outside the boxes for your personal user data, can be seen by the employer. Please bear this in mind if you enter details about former or current employers or if you use the free text boxes.
Important Notice: Only StepStone has access to your user data in the personal user section and we will under no circumstances forward these to employers. Employers always see the non-personal part of this CV (i.e. excluding the personal user data section). If an employer is interested in you he can only contact you via StepStone. The employer will only have access to your indentity if you authorise a disclosure in each individual case.
You can deactivate your partial active CV at any time to prevent access. It will however remain in the system so that you can use it for attaching to your online applications.
Of course, you can also remove your CV completely from the system at any time. Naturally we accept no liability for the confidential treatment of your data by employers. Please keep this in mind when you enter personal information into the visible section of your CV or if you disclose personal information to an employer.

1.3.3 Active public CV
You can also activate and publish your CV. This means that your personal user data (email, name, address, telephone number and as far as voluntarily provided by you also, sex and date of birth) is fully visible to employers, who are logged in to StepStone’s CV Center. Such employers will have the possibility of reading and selecting the public CV and may also search for a public CV using certain personal data. Employers will also see the date of your last visit at StepStone (s. 1.1) and the last date when you amended your CV. Please bear this in mind if you decide to publish your CV.
You can deactivate your public CV at any time or choose the partial active CV option to prevent access to your CV. If you choose the partial active CV option, section 2.1.2 will apply. If you choose to deactivate the CV, it will however remain in the system so that you can use it for attaching to your online applications, section 2.1.1 will apply. Of course, you can also remove your CV completely from the system at any time.
Naturally we can accept no liability for the confidential treatment of your data by employers. Please keep this in mind when you publish your CV.

1.4 Channels
Selected active or partial active CV’s may – also in abbreviated form – be published in StepStone Channels and the part which is active may be accessed by everyone.

1.5 CV Agent
Active CV’s may be provided by email link to potential employers on their request if they match certain criteria defined by the potential employer. Depending on your settings the respective CV will be sent in the partial active version (excluding your personal user data) or public.

1. 6 Newsletter
In order to receive newsletters you need a StepStone account. If you do not have one already, a StepStone account will be created by registering for the newsletter for the first time. You can subscribe to various newsletters we offer regarding different subjects. In case you have not objected we can further send you email-newsletter regarding StepStone services which are similar to StepStone services that you already use. You may at any time object free of charge to all of StepStone’s newsletters. We will inform you about your right of objection when we collect your email-address and in the respective newsletter. 
Should you no longer wish to receive our email messages, please click the unsubscribe link located within each message and/or contact us at info@stepstone.be. Additionally you can view and change settings in your StepStone account.

1.7 Application History
In order to enable you to track your applications via StepStone and to adapt our services to your needs we store your applications via StepStone in a history that can be accessed via your StepStone account. If you do not yet have a StepStone account in case of an application we create one for you. 

If you attach a CV and/or a cover letter to your application sent via the StepStone application form we store the CV and cover letter to the application for you. 

If you apply directly via a website of the recruiting company which you have reached via StepStone we may ask you for your email address when we forward you to the external website. If you provide your email address to us, we will additionally store the relevant position as an application. 

We use the stored applications to provide you with your application history in your MyStepStone account and to optimize further StepStone services you use, for example in order to provide you with information about even better fitting vacant jobs as part of a JobAgent (s. section 1.2 above) you subscribed to. Additionally we may use the stored applications in strictly anonymized form in order to make the StepStone services more fitting to market needs.
Information from CVs and cover letters attached to an application and stored in your MyStepStone account can be used by StepStone to prefill fields if you create a StepStone CV as per section 1.3 above.

1.8. Box number job offers

If you reply to a job with a box number you therewith give us your consent to forward your covering letter and all data included therein to the customer of that box number. We are entitled but not obliged to forward your cover letter. We do not check the content of your message on a regular basis. However, we are entitled to do so. We will not forward your covering letter if we discover that it contains illegal content as defined below. Furthermore we will accept any lock flags for particular companies, if you have given us the detailed and correct name (name and legal form of the company) and address. Due to the time consuming research involved we cannot accept lock flags for a whole group or organisation. As an exception we will, however, accept such lock flags that define every single company of such group or organisation giving the detailed name, address and legal form.
We do not forward any additional data apart from your covering letter (e.g. data from your CV), there is no matching with the personal data you have entered into our system.

1.9. With whom do we share your personal data?
The partial active and the public CV can be accessed by potential employers (normally employers or recruiters) within the StepStone CV Center. It can also be forwarded by email or print to interested recruiters in order to increase the reach and response rates. The StepStone CV Center can be reached directly via the StepStone websites or via simple or qualified links with StepStone’s cooperation partners on the Internet. Our websites are accessible worldwide through the internet. The potential employer could be located outside Belgium or even outside the EU which could involve a transmission of data outside the EU. Only in case of public CV’s your personal user data in your CV will be disclosed without further request within the CV Center. If you have chosen the option of partial active CV, you may decide in each individual case and after you have been informed about the recipient whether you would like your personal user data to be disclosed to a potential employer who requests this information. Once your personal user data has been disclosed to a potential employer we cannot prevent misuse of such disclosed data. Also, StepStone cannot avoid that individuals other than employers, recruiters or HR consultants use the CV database.
If you have entered a partial active or active CV it is possible that your profile is contacted by email for other purposes or by other companies. 
In order to establish an international element to our data base, we are planning to implement the StepStone CV Center in other countries of the StepStone Group enabling these to access the data. Further information about these companies is available at www.stepstone.com or at the end of this Privacy Statement.

1.10. Right of access to, editing and deletion of your CV data:
You have a right of access, information and rectification of your data.
If you wish to edit or delete your data or your CV in the database, simply log in to your StepStone account and use the corresponding functions. You can delete one or more stored CV’s in the menu “CV”; all data stored for the registration with StepStone can be deleted completely in the menu “Your Account”. If you want us to delete your personal data or CV we will be happy to do so on your behalf. Also, we will inform you immediately about your personal password in case you have forgotten it. StepStone is entitled to withdraw its services at any time, or to delete your data in whole or in part without giving further notice. You have no right to claim publication of your data.

It is StepStone’s goal to support you during all and any phases of your career. Our user area is intended as a talent pool in which candidates can make use of our cost free services to optimize their career.
StepStone wants to be your life long partner supporting your career rather than just help you find a one off job like a standard job board.

2. What data do we collect from recruiters in connection with the use of our site and how do we use these?

2.1. Online Ordering
If you order selected products online on our website via the respective form we will collect a spart of the order name and first name oft he contact person, the company name, email address and telephone number, address, VAT number, information about the number of employees and the content of a job ad to be eventually published as well as further information given voluntarily during the order. We use these data to process your order and for the purposes of marketing by us (s. 2.5 below).

2.2 Recruiter Space and Direct Search Database

If you use our recruiter space and/or have access to the Direct Search Database (“CV Database”) Database we will collect and store the Corporate User ID (i.e. based on the user name we will store the identity of the specific user) and the Company ID (i.e. based on the specific user being part of a specific customer, the name of this customer) upon every access. We also collect and store the scope of the individual use, i.e. which CVs have been accessed when.
The data collected and stored in this way will be used in order to prevent abusive use and thus to ensure a correct billing of the services. It will also be used in order to ensure and monitor that the Recruiter Space and the CV Database operate properly at all times and in particular to be able to solve eventually occurring issues for specific customers so that the usage of the Recruiter Space and the CV Database is enabled in its entire scope. Upon entering into the contract and when using the CV Database the customer and the specific user agree to the collection and use of the data in this scope.
Additionally we will use the data collected in strictly anonymized form in order to create stitistics about the general behavior of the customers in the CV Database. This allows StepStone to design the CV Database in a more customer friendly way.

2.3 StepStone Studies

If you want to order a StepStone study for download we will collect email address, company name, ZIP code, country and number of employees as well as voluntarily gender, last and first name, reason for download and further information about your company. This information is used on the one hand to provide you with a downloadlink for the study ordered as well as for purposes of marketing by us as far as legally permitted (s. below 2.5).

2.4 Step by Step

If you use the Step by Step we refer to the data protection policy which is available after redirection to Step by Step. 

2.5 Newsletter

If you register for a newsletter we use your email address in order to send you the newsletter. Furthermore we may send you email newsletter about StepStone services similar to those which you already use if you did not object to the reception of such newsletters. You may object to all kinds of StepStone newsletters at any time free of charge.

3. What other information do we generally collect on our website and how do we use it?

In our Logfiles, we collect and store Internet Protocol addresses (IP addresses) for a limited period, as far as it is necessary for data safety reasons. We also use Internet Protocol addresses to create anonymous statistics, in order to measure the number of visitors to our website (traffic) and about the way our website and services are being used, e.g. about creating, editing and deleting of CVs and we use it for accounting purposes to calculate the number of clicks received via websites of our business partners. But we do not draw up user profiles or link the statistics to personally identifiable information. 

4. Cookies

In order to make a visit to our website more attractive and enable you to use certain functions. we use so called cookies on various pages. These are small text files stored on your device.
Some of the cookies we use are deleted from your device at the end of your browser session (session cookies). Others remain on your device and enable us or our cooperation partners to identify your device when you visit us again (permanent cookies). 
You can set your browser so that you are informed about cookies placed on your device or that you have to consent on a case by case basis or that you decline the acceptance of cookies in general or for specific cases. If you do not accept cookies the functionality of our site might be limited.  
Hereinafter we provide more detailed information about specific cookies.
If you do not accept cookies the functionality of our website might be affected. 

StepStone uses Omniture Site Catalyst, a service provided by Adobe Systems Software Ireland Limited Inc. (“Omniture”). The service uses “cookies”, which are text files placed on your computer, to help the websitewebsite analyze how users use the site. The information generated by the cookie about your use of the websitewebsite (including your IP address) will be transmitted to servers in Ireland from where the information will be forwarded to servers in the United States in anonymised form. Omniture will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Omniture may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Omniture’s behalf. In no case will your IP address be associated with any other data held by Omniture. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Omniture in the manner and for the purposes set out above. You may opt out to the collection of data by Omniture for the future at any time. Further information about opting out is available at http://www.adobe.com/misc/optout.html.

Being an AdWords customer StepStone uses the Google Conversion Tracking. This is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you visit our website via a google ad Google Adwords will place a cookie on yout computer (“Conversion Cookie”) Such cookie will expire after 30 days. It does not allow to identify you as an individual person. Unless the cookie expired upon your visit of certain of our websites we and Google will know that someone clicked a certain ad and was thereby redirected to our website. Every AdWords customer is provided with a different cookie. Therefore cookies cannot be tracked via the website of AdWords customers. The information obtained via the Conversion-Cookie will be used to draw up conversion statistics fort he AdWords customers which chose to use conversion tracking. The AdWords customers will be informed of the total amount of users which have clicked on their ad and were redirected to a site which contains a conversion tracking tag. However, they will not obtain any information by which users could be personally identified. If you do not want to participate in the tracking you may object to the placing of cookies, e.g. via the browser settings which generally deactivates the automatic acceptance of cookies. You may also set your browser so that cookies from “googleadservices.com” are blocked.

By using the technologies of Criteo (“Criteo”) information on surfing habits of visitors of our websites is collected and stored in an anonymized form for marketing purposes. This data will be derived via “cookies” text files stored on your computer. Based on an algorithm Criteo will analyze your surfing habits and will then be able to offer specific product recommendations by personalized ad banners on other websites (so called publishers). In no event these data can be used to personally identify the specific visitor of such website. All data will merely be used in order to improve the respective services; there will be no other use and no transfer of the data to others. You may object to this totally anomymized analysis of your surfing habits by clicking on the following link, thus opting out from the Criteo analysis: http://www.criteo.pro/us/privacy-policy/opt-out. You may obtain additional information on Criteo’s privacy policy at http://www.criteo.com/us/privacy-policy.

In connection with our product Target Ad we cooperate with Aegis Media Belgium NV (“AMNET”). Through the technology of AMNET cookies are stored on your computer. These cookies store information about job advertisements you visited at stepstone.be. Such information, which is provided by us to AMNET, does not contain any personal data. Such information does not allow identifying you as an individual person. Based on these cookies AMNET can provide you with targeted product proposals as personalizes banners on other parties’ websites (so called publishers). Also there such data cannot be used to identify you as an individual person.
You may opt out to the individual advertising by AMNET and will then no longer receive individual advertising by AMNET. In order to deactivate the internet based advertising by AMNET please click here: http://info.evidon.com/pub_info/1454?v=1&nt=1&nw=false.Further information about the AMNET technology is available at the AMNET data protection policy at: http://www.amnetgroup.com/privacy-policy/.
We use a Cookie for the “vote” button in our survey windows, which will be stored on your computer for one week. A separate notice will be displayed for these cookies within the surveys. Apart from that StepStone only uses session Cookies, to make access to our website easier. Such Cookies are deleted as soon as you log out.

5. Illegal Content

Please note that you are solely responsible for all texts entered into our system or sent to us (e.g. for forwarding to box number advertisements). Please ensure that you do not send us any attachments that contain viruses or worms. Personal details provided to StepStone should not contain: information on illnesses, information about pregnancy, any information about ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, health and sexual orientation; defamatory or slanderous information; information having no reasonable relation to the job profile. The information you send us must be accurate and must not infringe copyrights, trademarks or other intellectual property rights, contravene law, competition law or other applicable provisions, official regulations, the rights of third parties in general or public policy (“Illegal Content”). This includes but is not limited thereto that you may not create CVs for third persons without their explicit consent or create CVs for non-existent persons and that photos provided to us must be up to date and display the face of the actual candidate. We point out that you are responsible for keeping your contact details, particularly your e-mail address up to date and ensuring that you can be contacted at the email address provided and that the email address is not transferred to third persons. It is not allowed to create CVs for the purpose of advertising the services of a company but only for the individual jobsearch and for freelancers to offer their personal services on their own account. Please note that you undertake to indemnify us against all claims made against us as a consequence of your failure to prevent Illegal Content appearing in any information you provide.

6. Who is processing your data?

Our website is hosted by StepStone NV, Koningsstraat 47 Rue Royale, B-1000 Brussels/Bruxelles. The servers are maintained by Belgacom Netcenter, Rittwegerlaan 15, 1830 Machelen, Belgium on their premises. These companies are responsible for the processing of your data. As far as StepStone works together with business partners to deliver its services, StepStone may forward your data to these partners if and in so far as this is necessary for technical administration and maintenance of the StepStone products. StepStone will provide information about this in its currently valid Privacy Statement.

7. Right on information and further rights under data protection law

Under data protection laws you have a right to be informed without charge about the data we have stored about you as well as if applicable a right of rectification, blocking or deletion of that data. For the respective rights of candidates we additionally refer to section 1.10 above in this context. 

8. Data Security

We use a variety of methods, such as encryption (SSL), firewalls, intrusion detection software and manual security procedures, to help protect the accuracy and security of your personal information and to prevent unauthorized access or improper use by third parties. The SSL encryption is activated if the key symbol is displayed at the bottom of your browser and if the address starts with “httpS://…”. This means the data transfer is protected by SSL (Secure Locket Layer) with a 128 bit encryption, preventing third parties from illegally accessing your data. If the encryption is not activated you should consider whether you should send confidential information via the internet. Emails are only encrypted if, in addition to the above, you use the StepStone Mailbox, not if you use your own email address.
Please note that this also applies to the personal password required for certain functions on the StepStone pages and the email confirmation you receive after your first registration if you receive these via your own email address. Please note we do not use encryption in our emails. We recommend that users change the password sent to them with a new personal password. You can also change your password at any time in the StepStone account at “Your Account”.We only store personal data that you have entered into your StepStone account. No other person related data will be stored.
Please note that some employment contracts may not permit private use of the Internet during working hours or from your work place. Some employers systematically monitor unauthorised Internet activities on your work place. Although you are connected via a multiple network environment, you should be aware that there is a risk of unwanted access.
Please note that JavaScript™ technology is used on our websites. Interruption of services, withdrawal or changes of services, deletion of data
StepStone does not guarantee or warrant that the services are available at certain times. Disturbances, interruptions or a possible breakdown of the online service cannot be excluded by StepStone. Systematic backups of the servers are carried out regularly. In so far as data have been transferred to StepStone – regardless their form – we recommend that you create your own backup copies. StepStone reserves the right to delete a publication, without reason at any time without notice. The user has no right to claim publication. StepStone reserves the right to change, extend, limit or withdraw its services at any time. Therefore, StepStone shall not be liable for any deleted data or loss of data.

9. Links

Our website contains links to other sites. Please be aware that we are not responsible for the privacy practices of these other sites. We encourage our visitors to be aware of this when they leave the StepStone website, and to read the Privacy Statements of each and every website that collects personally identifiable information. This Privacy Statement applies only to information collected on our website. Privacy Statement changes

10. Social Media

To make our websites more attractive to users we cooperate with different social media. 

10.1 Facebook Plug-ins
We cooperate with the social network facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. We use so called plug-ins to integrate facebook into our site. This can be in the form of “facebook connect” or “facebook – share”.
If you click on any such plug-in then your browser will take up a direct connection with the facebook server. Then, you will see a description of the content of such a plug-in (for example the friends-box). In this case, facebook will receive your IP address and other equipment related information. Also, it is possible that a cookie will be placed on your PC that will be deleted when you close the browser. You can choose in your browser setting if you want to allow cookies or not.
This means:
When the plug-in is loaded (when you enter a site that has a plug-in integrated), facebook will receive your IP address and the information that a user with this IP address has visited the internet site of Stepstone. If you are logged-in to facebook at the same time, then facebook can relate your facebook account to your visit to StepStone. That is why you can be shown toyour friends in the plug-in. 
If you do not want Facebook to collect data about your visit to our internet website and to link this with your data stored on Facebook, you need to log off from Facebook before visiting our website.
Purpose and scope of the data collection, further processing and use of that data by facebook as well as your rights and options for your facebook settings to protect your privacy can be found in the facebook privacy declaration at http://www.facebook.com/about/privacy/. 
Facebook-Share:
With the facebook-share button, you can recommend the StepStone service to your friends. They will see that you have visited and recommend a certain site (listing) of StepStone. 
Facebook-Connect:
With the facebook-connect, you can use your facebook account to open or to connect to an existing StepStone account. Upon creation of your StepStone account via facebook we will receive certain account details from facebook (namely: facebook user ID, your email address, first name, last name, birthday, your facebook user groups, your education history, your work history).
We will use these details to pre-fill yourStepStone account. The StepStone account will not be visible to anyone except StepStone. Third parties will only see any of your personal data if you allow this explicitly, e.g. by choosing the option “partial active CV” or “public CV”. 

10.2 Integration of Google +1
We use the Google +1 button which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. When the plug-in is loaded (when you enter a site that has a plug-in integrated), Google will receive your IP address and the information that a user with this IP address has visited the internet site of Stepstone. In order to use Google + 1, you need an account at Google + 1. If you are logged in to your account at Google +1 and click on a button included at StepStone you recommend the content of the site where the button is included. Google stores the information that you clicked this button together with other information about that site. The information that you clicked the button and recommended the site can be displayed in your Google +1 profile or on other pages that use Google +1. 
If you do not want Google to collect data about your visit to our internet website and to link this with your data stored on Google, you need to log off from Google +1 before visiting our website.
Further information about the collection and use of data by Google in connection with Google +1 and your rights relating thereto can be found in the Google privacy statement at http://www.google.com/intl/policies/policies/privacy/.

10.3 Integration of Twitter
We use functionalities of the service Twitter which is provided by Twitter Inc.,1355 Market St, ., Suite 900, San Francisco, CA 94103, USA. When a Twitter plug-in is loaded when you enter a site that has a plug-in integrated), Twitter will receive your IP address and the information that a user with this IP address has visited the internet site of Stepstone. In order to use Twitter, you need an account at Twitter. If you are logged in to your account at Twitter and click on a button included at StepStone you share the content of the site where the button is included with other Twitter-users. Twitter then stores the information that you clicked this button together with other information about that site and provides these information to other Twitter users.
If you do not want Twitter to collect data about you via our internet website and to link this with your data stored on Twitter, you need to log off from Twitter before visiting our website.

Further information about the collection and use of data by Twitter and your rights relating thereto can be found in the Twitter privacy statement at https://twitter.com/privacy.

10.4 LinkedIn
We use the inShare button of the social network LinkedIn. This network is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States betrieben. When an InShare button is loaded (when you enter a site that has a button integrated), LinkedIn will receive your IP address and the information that a user with this IP address has visited the internet site of Stepstone. If you are logged in to your account at LinkedIn and click on a button included at StepStone you share the content of the site where the button is included with other LinkedIn users. LinkedIn then stores the information that you clicked this button together with other information about that site and provides these information to other LinkedIn users.
Further information about the collection and use of data by LinkedIn and your rights relating thereto can be found in the LinkedIn privacy statement at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.

10.5 Share This

We use plugins of the bookmarking service Share This, which is provided by ShareThis Inc. (“ShareThis”), 4009 Miranda Avenue, Suite 200, Palo Alto, CA 94304-1227 USA. When a ShareThis button is loaded (when you enter a site that has a button integrated), ShareThis will receive your IP address and the information that a user with this IP address has visited the internet site of Stepstone. By using ShareThis plugins users can set bookmarks to websites and post, share or recommend links to the respective websites on social networks like Twitter, Facebook oder Google +1. 
If a user is logged in to his account at the respective social network (e.g. Twitter, Facebook oder Google +1) and uses a ShareThis plugin integrated on our website the visit of the user on our website can be related to that user by the respective social network. 
Further information about the collection and use of data by ShareThis and your rights relating thereto can be found in the ShareThis privacy statement at http://sharethis.com/privacy-manifesto.

10.6 Add This
Our website uses so called social plugins of the bookmarking-service AddThis, which is provided by AddThis LLC, Inc. 1595 Spring Hill Rd, Suite 300, Vienna, VA 22182 USA(“AddThis”). The plugins are are usually marked with an AddThis-Logo for example a white plus symbol on orange ground. An overview of the AddThis plugins and their layout can be found at https://www.addthis.com/get/sharing.
If you access one of our sites containing such plugin your browser will establish a direct connection to the servers of AddThis. Thereby AddThis will receive the information you’re your browser has accessed the respective site and will store a cookie to identify your browser on your device. This information (including your IP address) will be transmitted by your browser directly to the servers of AddThis in the USA and stored there. AddThis uses the data to create anonymous user profiles which form the basis of personalized marketing to the visitors of websites using AddThis plugins. 
Purpose and scope of the collection of data and the further processing and use of the data by AddThis can be found in the privacy policy of AddThis at: http://www.addthis.com/privacy/privacy-
policy.

If you want to object to the processing of data by AddThis fort he future you may place a so called opt out cookie which you can download at: http://www.addthis.com/privacy/opt-out. 
You can also completely prevent the download of AddThis plugins by using add ons for your browser such as the script blocker “NoScript” (http://noscript.net/)

11. Miscellaneous

Any changes to our privacy commitment will always be available here on our homepage so that our visitors are always aware of what information we gather, how we might use that information, and whether we will disclose it to third parties. At the bottom of this page you will find links to former versions of our Privacy Statement. If you want to store this Privacy Statement, please press ctrl-s, to print press ctrl-p
In case of any questions or concerns in respect to our obligations under data protection law, please send us an email to info@stepstone.be or contact us at:

StepStone NV/SA
Koningsstraat 47 Rue Royale
1000 Brussels
Tél: 02 209 98 00
or by e-mail to info@stepstone.be

Brussels 04.02.2015

 

Old version

This Privacy Statement is  valid as from May 25th.

StepStone  

Privacy Statement

Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance for StepStone.  

In this document we will inform you about the processing of personal data in connection with the services we offer at www.stepstone.be and other websites or apps (collectively referred to as “Platforms”) that incorporate this Privacy Statement. Personal data comprises all information that relates to an identified or identifiable natural person (Article 4 (1) GDPR). This includes information such as your name, e-mail address, postal address, or telephone number. Information that is not directly associated with your identity, e.g. the number of users of an Internet site, does not fall within this scope. 

  1. Who is responsible for the processing of your personal data? 

The data controller (hereinafter referred to as “StepStone” or “we”) in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is: 

StepStone NV/SA 

Koningsstraat 47 Rue Royale 

1000 Brussels 

Tel: 02 209 98 00 

E-mail: cs@stepstone.be 

 2. Contact details of the data protection officer 

You can contact our data protection by e-mail at dataprotection@stepstone.be 

 

 3. Purposes and legal basis of the data processing and period for which data will be stored 

In the following we inform you about the different purposes for which we process personal data, on which legal basis such processing takes place, and for how long we store the data.  

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR will be the legal basis. This also applies to processing operations required to carry out pre-contractual actions. If processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) (c) GDPR is the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR is the legal basis for processing. 

The personal data of the data subject will be stored for as long as the purpose continues.  

3.1 Data processing in the context of a general use of our Platforms and services 

3.1.1 General access to our Platforms 

With each access to our Platforms, we automatically collect data and information from the accessing device and store this data and information in the log files of the server. We may collect (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (known as referrers), (4) the sub-web pages that are accessed on our website (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to defend any attacks against our IT systems. For security purposes, i.e. to be able to reconstruct an eventual attack against our Platforms, we store such data including the IP address for 14 days and then anonymize or delete such data. The IP address is required during the connection to transfer the contents of our Platform to your device. The legal basis for the processing and storage of the IP address is a legitimate interest as per Article 6 (1) (f) GDPR. The legitimate interest for the transmission of the IP address is that it is required to display the contents of the website; without transmission of the IP address it is not possible to display the content of the Platform. The legitimate interest for the temporary storage are our security interests. 

3.1.2 Optimization of search and recommendation functions 

We may also store information about your usage patterns on our Platforms in order to create statistical models to make our Platforms more user-friendly and, in particular, to optimize the functionalities to search for and recommend suitable job advertisements. In this context we also save your IP address in a pseudonymized form (that means that a natural person can no longer be identified based purely on the information in the statistical model) to exclude automated accesses (bots) to our Platforms when creating the statistical models. Legal basis for this purpose is Art. 6 (1) GDPR. Our legitimate interest is to ensure the functionality of the statistical model to improve our services. The IP address is deleted after one year.  

3.1.3 Application form 

If we provide an application form on our Platforms for job advertisements that are posted on our Platforms, and you complete this without being logged in to a MyStepStone account (see clause 3.2.2 below) and click the button to submit the application, we will submit the information you provide in the application form to the provider who posted the advertisement on our Platform. The legal basis here is your consent in accordance with Art. 6 (1) sentence 1 GDPR.  

3.1.4 Newsletter 

If you register for a newsletter, we use your e-mail address to send you the respective newsletter, in which we regularly inform you about interesting topics. To ensure that you are properly registered for the newsletter, that is, to prevent unauthorized subscriptions on behalf of third parties, we will use a double-opt-in process and send you a confirmation e-mail after your first newsletter subscription; this e-mail will request you to confirm the subscription. The legal basis here is your consent in accordance with Art. 6 (1) sentence 1 a GDPR. In connection with your newsletter registration, we also store your IP address plus the date and time of registration and confirmation, so that we can trace and prove the registration at a later date. The legal basis for this storage is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR, where the legitimate interest is in being able to prove the registration. We will store your email address for sending you the newsletter until you unsubscribe or we stop sending the newsletter to you.  

The newsletters contain what are known as tracking pixels tor the statistical evaluation of our newsletter campaigns. This is a miniature graphic embedded in HTML-formatted e-mails that lets us know if and when you opened an e-mail and which links in the e-mail were accessed. In this context your IP address will be transmitted to our servers, but we will not store the IP address or any other personal data. The legal basis for the use of these tracking pixels is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR, where the legitimate interest is in being able to evaluate and optimize our newsletters. 

You may object to all types of StepStone newsletters at any time. 

3.1.5 Objections to marketing 

If you raise an objection with us against marketing purposes, we may put your personal contact information (name, address, telephone number, fax number, e-mail address) on a blacklist to ensure that we no longer send you any unwanted marketing material. The legal basis is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR, where the legitimate interest is that we can meet our obligations from your objection against marketing. The data will be stored for this purpose until you expressly withdraw the objection to marketing in writing.  

3.1.6 Contact form and e-mail contact 

Our Platforms provide contact forms that can be used to contact us electronically. By clicking the “Send” button, you consent to the transmission to us of the data entered in the input form. In addition, we save the date and time of your contact. Alternatively, contact via the e-mail address provided is possible. In this case, the user’s personal data transmitted along with e-mail and our response will be stored. The personal data voluntarily transmitted to us in this context is used to process your inquiry and to contact you as needed. The legal basis for the transmission of the data is Art. 6 (1) (a) GDPR. The data will be used for this purpose until the specific conversation with you has ended. The conversation will be deemed ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.  

3.1.7 StepStone surveys 

StepStone organizes market surveys from time to time. As part of such surveys we will not collect any personal data, but at the end of the survey we might offer you the opportunity to participate in a competition. In order to participate in the competition you will have to provide us with your e-mail address, which we will only use for the purpose of the competition to notify you if you have won a prize. In particular, the e-mail address will be stored completely separately from your answers to the survey. The legal basis for the storage of your email address is your consent under Art. 6 (1) (a) GDPR. We will store your email address for this purpose until the end of the respective competition. 

3.1.8 StepStone salary planner 

StepStone offers a salary planner. StepStone’s salary planner compares the salary-related details provided by users about the user’s current job position, salary, professional experience, education, age and gender with the same data of other users in an aggregated statistical database and analyzes this comparison in order to present a salary comparison for the user. After entering the above information and an e-mail address, StepStone will send the user an access link to the salary comparison after confirmation via double-opt-in email. The legal basis for this processing is your consent. Consent is deemed given when you click the respective button to receive the StepStone salary planner. We will store the salary planner we created for you for a period of five years. 

We can only provide you with the salary planner if we can statistically analyze all salary related details from all users. Thus, we will also collect the data provided by you under point 3 a to produce the salary comparison under clause 3 a in a statistical database. We will not store any personal data about you that could be linked directly to you. In particular, we will not store your email address in this database. The legal basis for this processing is a legitimate interest of StepStone to provide the salary planner and there is no reason why any of your interests or fundamental rights and freedoms which require protection of personal data override our interest. 

3.1.9 Use of data processors for hosting and securing our platforms, administrative, troubleshooting, and support services 

We use data processors, which we list below, to provide our services. The legal basis for using these data processors is legitimate interest under Art. 6 (1) (f) GDPR. The legitimate interest lies in the execution of our business activities, particularly to provide the services described elsewhere in this Privacy Statement. No conflicting interest is apparent because we have entered into a data processing agreement with the respective processors under Art. 28 GDPR. 

3.1.9.1 Hosting 

We use data processors to host our Platforms and for back-up services, meaning that personal data that is stored on our platforms is transferred to these data processors. These data processors are Amazon Webservices, Inc., 410 Terry Drive Ave North, WA 98109-5210 Seattle, USA (who processes data solely in the EU), StepStone GmbH, Axel-Springer-Str. 65, 10969 Berlin, Germany and StepStone Continental Europe GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany. These data processors will store the data for the same duration as it is stored on our Platforms for the various purposes defined in this Privacy Statement.  

3.1.9.2 Administrative, troubleshooting, and support services 

We use StepStone Services sp. z o.o., ul. Domaniewska 50, 02-672 Warsaw, Poland, for administrative, troubleshooting, and support services, and which may consequently also have access to your personal data. Generally StepStone Services sp. z o.o should not store any personal data. This will only be done in exceptional cases, e.g. if needed to rectify technical issues. In such cases personal data will only be stored to the extent and for the duration that is necessary. 

3.1.9.3 Sending of e-mails and other messages 

For the sending of e-mails and messages through other electronic channels we use the services of Selligent GmbH, Atelierstraße 12, 81671 Munich, Germany, as a data processor, who in turn uses the following subcontractors 

  • Selligent Benelux NV, Kempische Steenweg, 305 box 401 Belgium 
  • Selligent International, Avenue de Finlande 2 box 2, 1420 Braine-L’Alleud, Belgium 
  • Selligent France SA, 20 Place des Vins de France RCS, 75012 Paris, France 
  • Selligent SA, 1420 Braine-l’Alleud, 2 avenue de Finlande, Belgium 
  • Selligent Iberica S.L.U, Caille Enrique Granados 86-88, Planta 3 °, 0008 Barcelona, ​​Spain 
  • Selligent Ltd, Second Floor, 45 Folgate Street, London E1 6GL, United Kingdom 

Accordingly, these parties may also be provided with your personal data in the course of data processing commissioned by us. It will be stored there for a period that is otherwise lawful for purposes under this Privacy Statement, i.e. in particular for the contractual communications in the course of contracts with you or otherwise for promotional communications. 

The legal basis for our use of Selligent is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely the execution of our business purposes in the course of the processes described elsewhere in this Privacy Statement. No conflicting interest is apparent in this respect, in particular due to the fact that we have entered into a data processing agreement with Selligent.  

3.1.9.4 Proxy caching and web application firewall 

We use Akamai Technologies GmbH, Parkring 20-22, 85748 Garching, Germany and Akamai Technologies, Inc., 150 Broadway, Cambridge, 02142 MA, USA as data processors for the purposes of proxy caching and web application firewall services. That means that any visit to our websites is routed through the servers of Akamai, meaning that the user will not be connected directly to our servers but to those of Akamai and Akamai will then request the content from our servers and will deliver it to the user. Proxy caching in this context means that Akamai will cache selected content (but not personal data) for a period of 24 hours, so that this can be delivered faster to you. The web application firewall means that Akamai will try to identify malicious web traffic and will prevent it from accessing our websites. Akamai does not store any personal data, but any dataflows between our servers and the user will be routed through Akamai, so that this can also include personal data. Data transferred to Akamai Technologies, Inc is transferred outside the EU and the EEA. This is permissible under Art. 45 GDPR because Akamai Technologies, Inc is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000Gn4RAAS&status=Active. 

With respect to Akamai, the additional legitimate interest in the context of the legal basis is that we thereby are also implementing technical and organizational measures to protect our Platforms and the personal data stored on them. 

3.1.10 Google Re-Captcha 

In specific cases we use the reCAPTCHA service https://www.google.com/recaptcha/intro/ by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”) based on a legitimate interest (i.e. the interest to ensure the correctness of data, avoidance of automatic registrations / orders by so-called bots, and economical operation of our online offering within the meaning of Art. 6 (1) f) GDPR). 

Google is certified under the Privacy Shield Agreement and thus warrants that it complies with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). 

We use re-Captcha to distinguish whether an input is made by a human or abusively by automated, mechanical processing. The query in this context includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. Your input will be transmitted to Google and analyzed for this purpose.  

For more information about Google reCAPTCHA and Google’s Privacy Statement, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android. html. 

3.1.11 Cookies and similar technology 

We use cookies on our websites. Cookies are text files that are stored on a computer system via an Internet browser. We use such cookies both as a technical means of providing services on our Platforms as well as for analyzing the website behavior of our visitors and on that basis developing a more user-friendly design of our offerings. For this purpose, we may also use other techniques, such as tracking pixels or code in apps. In addition, we may use these cookies or other techniques to target you with interesting job advertisements and other content. For the sake of clarity, we have moved the information on cookies and similar techniques in section 4  of this Privacy Statement. More details can be found there.  

 3.2 Data processing if you register for a Job Agent or a MyStepStone account 

StepStone offers a variety of services for your career development. StepStone aims to support you at all stages of your professional life. In particular, you can subscribe to a Job Agent and can create a MyStepStone account in which we process personal data. In this section 3.2, we inform you about the purpose, the respective legal basis as well as the storage duration of these processing operations. 

3.2.1 Job Agent 

First we offer you the opportunity to enter into a contract to receive a Job Agent. The purpose of data processing in the context of a Job Agent is for us to send you regular e-mails about job vacancies that correspond to a predefined profile or are recommended to you based on your user behavior. Details of the Job Agent can be found in our Terms of Use. The legal basis is Art. 6 (1) (b) GDPR. We store the data under a contract for the use of the Job Agent for the duration of the contractual term, i.e. until you or we terminate your Job Agent. 

3.2.2 MyStepStone account 

Secondly we offer you the opportunity to enter into a contract for a MyStepStone account, where you can use additional functions and correspondingly define the scope of the contractual use. The purposes of the data processing under this contract are that: 

  • We store the applications you make through our Platforms in your MyStepStone account for you until you delete a stored application.  
  • You can save individual job advertisements in your MyStepStone account,  
  • You can use additional functionalities of a Job Agent (see 3.2.1) 
  • You can administer the StepStone e-mail newsletters 
  • You can create a profile under the contract for your MyStepStone account. Which personal data is transmitted to us in this context depends on your uploads or your input into the relevant fields. We will analyze the content and structure of any uploaded documents in an automated process in order to improve the services we provide to you. You can define the scope of the contractual use of this profile. You can either use it to apply to vacant positions only (including applications to box number advertisements), see below; or you can make the profile accessible partially or fully to potential employers who are StepStone customers and use the StepStone CV database or similar products. In the context of profiles made fully available, we may also use your profile data to find publicly available, business-related social media profiles and link these to your profile. Your profile will be stored until you delete it or the contract for your MyStepStone account is terminated. Please be informed that, as far as you make your profile accessible to recruiters, a recruiter could also be located outside of the EU/EEA. That means that as part of the contract between you and us, it might be necessary, that your profile is accessed from a country that does not have the same level of data protection as the EU or EEA.  
  • If you have created a profile and access a job application form made available on our Platforms for job advertisements published on our Platforms, we will use your profile data to complete this form and, when you click the button to submit the application, we will send the data recorded with the form and make your profile accessible to the recruiter who published the respective job advertisement with us. Again, Please be informed that the respective recruiter might not be located in the EU or EEA, so that as part of the contract between you and us, it might be necessary, that the data is transmitted to or accessed from a country that does not have the same level of data protection as the EU or EEA. 

Further details about the MyStepStone account can be found in our Terms of Use. In connection with the registration of a MyStepStone account and the setting of the various functions, we will also store your respective IP address and the date and time of registration or setting of functions. The legal basis for the storage and use of your personal data in connection with your MyStepStone account is Art. 6 (1) (b) GDPR.  

We store your personal data for as long as necessary to provide the contractually agreed service. The personal data stored by you in your “MyStepStone” account is available to you for the duration of the contract and will be stored by us for this period. The personal data will be erased if you do so in relation to individual data or ask us to do so or if the contract ends, that is, if you or we terminate the contract, further details are available in the terms of use. 

Additionally, we use information provided by you as part of a profile in order to optimize the job search and job recommendations for you and other users of our Platforms using the statistical model described in clause 3.1.2 In this context we store certain parts of your profile which by themselves or in combination with each other cannot be used to identify you along with a pseudonymized user ID in the statistical model. Based solely on this pseudonymized ID you are not identifiable from within the statistical model: an identification would theoretically only be possible by externally pseudonymizing the user ID assigned to your MyStepStone account and then comparing the outcome with all pseudonymized user IDs stored in the statistical model. If we optimize the job search and the job recommendations for you with the statistical model, this is done in the context of your contract via the MyStepStone account on the legal basis of Art. 6 (1) (b) GDPR. If we use the data to generally improve our statistical model and thus also services for other users, this is done on the basis of a legitimate interest under Art. 6 (1) (f) GDPR. By deleting your MyStepStone account, your data will be completely anonymized in the statistical model, as the pseudonymized user ID stored in it will no longer allow any reference to your MyStepStone account. Our legitimate interest is in pursuing our business interests to improve our services. No conflicting interest is apparent, since the data is required during the contract period for achieving the purpose of the contract for the MyStepStone account and identification is no longer possible after the end of the contract.  

3.2.3 Facebook Connect 

With Facebook Connect, you can use your Facebook account to open a new MyStepStone account at StepStone or to connect to a MyStepStone account. If you create a MyStepStone account via Facebook or log in to an existing MyStepStone account via Facebook, we will gain access to your public profile and your e-mail address.  

We use this information to pre-populate or update your MyStepStone account at StepStone and then provide you with the MyStepStone account in accordance with clause 3.2.2.  

Since we use your Facebook data to create a MyStepStone account, the legal basis is the contract for the MyStepStone account pursuant to Art. 6 (1) (b) GDPR, as in described in clause 3.2.2. We will store your personal data for the purposes and period described in point 3.2.2. 

3.3 Data processing about businesses and their employees 

Our services for recruiters aim to provide businesses with a wide selection of suitable candidates. In doing so, we process personal data of businesses (data relating to businesses is only personal data if the business is operated by one or more natural person/s) or employees of such businesses. The respective businesses may be in a contractual or pre-contractual relationship with us, but in some cases we may also process data about businesses and their employees if there is no such pre-contractual relationship. In this section 3.3 we inform you about the purpose, the respective legal basis as well as the retention period of such processing about businesses or their employees as well as the data categories, provided we do not collect the personal data from the data subject. The data will be deleted as soon as it is no longer necessary for the achievement of the purpose, that is, no contract with the customer exists and we no longer intend to enter into a contract with the respective customer and a legitimate interest no longer exists and, moreover, we are no longer obliged to keep records that may contain personal data. 

3.3.1 Data processing for contract management and pre-contractual purposes 

We process personal data for the purpose of contract management, that is, so that we can provide our customers with the contractual services and also for associated pre-contractual purposes. If the customer is a natural person, the legal basis is that the processing is required for the performance of a contract or for the performance of pre-contractual measures pursuant to Art. 6 (1) sentence 1 b GDPR. If we process personal data of employees of the customer, the legal basis is a legitimate interest pursuant to Art. 6 (1) sentence 1 f GDPR. The legitimate interest lies in the conduct of our business and that of the customer. There is no conflicting interest of the data subject because, from the point of view of our customer, we are required to perform the processing in the context of the existing employment relationship with the data subject (section 26 GDPR). We store personal data for this purpose for the term of the contract. 

Furthermore we store accounting records in order to comply with statutory retention periods under Art. 6 of the law of the 17 Juli 1975 regarding the accounting of enterprises and Art. 9 of the Royal Decree of 12 September 1983 executing the law of 17 Juli 1975 regarding the accounting of enterprises for the duration of seven years, whereby the term begins on the 1st January of the year following the finalization of the accounting book. Legal basis for this purpose is Art. 6 Abs. 1 lit. c GDPR. 

3.3.2 Customer services 

We process the personal data of a business or its employees (as a contact person) obtained in connection with a contract with or a request from a prospective customer, including after the end of the contract and, if no contract is entered into, for the purpose of customer services and particularly, in case of a new request of the customer or prospective customer, to be able to recommend suitable services on the basis of the previous contracts or inquiries. The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR. The legitimate interest lies in the execution of our business activities. We store personal data for this purpose for as long as we believe the respective customer might enter into an initial or further contract with us in future, which is the case as long as the customer does not specifically inform us that he or she does not intend to enter into any contract with us under any circumstances. 

3.3.3 StepStone Recruiter Space 

In order to use and manage their contractual services, our customers or their employees can use the StepStone Recruiter Space. In this context, we process such personal data of the respective customer or its employees as was provided by them, as well as the respective contractually agreed or offered services and the manner in which they are utilized. When using our Direct Search Database we also collect and save when which CVs were accessed. In order to prevent abuse and thereby guarantee proper billing and to ensure and verify that the StepStone Recruiter Space and the contractual services are functioning correctly at all times, and in particular to allow our customer service team to solve problems that may arise for specific customers, we will, upon every use of the StepStone Recruiter space, additionally collect and store the Corporate User ID (i.e. the user’s username) and the Company ID (i.e. the name of this customer based on the specific user’s affiliation with a specific StepStone customer).  

If the customer is a natural person, the legal basis is that the processing is required for the performance of a contract or for the performance of pre-contractual measures pursuant to Art. 6 (1) sentence 1 b GDPR. If we process personal data of the customer’s employees, the legal basis is a legitimate interest pursuant to Art. 6 (1) sentence 1 f GDPR. The legitimate interest lies in the conduct of our business and that of the customer. There is no conflicting interest of the data subject because, from the point of view of our customer, we are already required to perform the data processing in the context of the existing employment relationship with the data subject (section 26 GDPR). Personal data will be stored for this purpose for the term of the contract for the use of the StepStone Recruiter Space. 

Additionally, we use the data collected under this section in anonymous form to produce statistics about the general behavior of the customers of the Direct Search Database. This allows us to make the services more customer-friendly. The legal basis is a legitimate interest pursuant to Art. 6 (1) sentence 1 f GDPR. The legitimate interest lies in the execution of our business activities. 

3.3.4 Data processing when publishing advertisement products 

If our customers publish advertising products or company portraits on our Platform, we process personal data of the customer where the customer is a natural person. If our customer specifies an employee’s contact data in an advertisement product, we process this employee’s personal data to provide the relevant data to our users as part of the advertisement on our Platform and to ensure that the advertisement can be found via the search functionality on our Platforms. To increase the reach of the advertisement by submitting it to our co-operation partners, we may, in whole or in part, submit the advertisement content to our co-operation partners who provide the advertisement or a preview on their web site. If the customer is a natural person, the legal basis is that the processing is necessary for the performance of a contract pursuant to Art. 6 (1) sentence 1 b GDPR. If the advertisement contains contact details of employees of the customer, the legal basis is a legitimate interest pursuant to Art. 6 (1) sentence 1 f GDPR. The legitimate interest lies in the conduct of our business and that of the customer. There is no conflicting interest of the data subject because, from the point of view of our customer, we are required to perform the processing in the context of the existing employment relationship with the data subject (section 26 GDPR). We will store the data for this purpose for the contractual term during which the job advertisement is available on our Platforms. 

3.3.5 Online ordering 

If you place an online order on our website, we will collect various information required for the performance of the contract. The legal basis for the processing is Art. 6 (1) sentence 1 b GDPR. The data is stored for the duration of the contract as per above clause 3.3.1. For the handling of payments we use BS PayOne GmbH, Lyoner Straße 9, D-60528 Frankfurt/Main, Germany. PayOne is therefore a recipient of the personal data collected in connection with the payment. The legal basis for the use of PayOne GmbH is the fulfillment of the contract as per Art. 6 (1) sentence 1 b GDPR. The personal data is stored for the duration for the handling of the payment.  

3.3.6 Data processing for general marketing purposes 

We process personal data about our customers as well as other companies and companies that are not in a business relationship with us and in this context, if necessary, also from the respective contact persons for the purpose of direct marketing, as far as legally permitted. If we did not collect this data directly from the respective data subject, we may also collect contact data about the data subject from publicly available sources, in particular the website of the respective company, classified directories, or advertisements of the respective business. In connection with these direct marketing purposes, we can also process information about the previous contracts of our customers and specifics about the business such as industry or size of the business in order to make the advertising as appropriate as possible. The legal basis is a legitimate interest in accordance with Art. 6 (1) sentence 1 f GDPR. The legitimate interest lies in the processing of personal data for the purpose of direct advertising itself (see recital 47 GDPR). The data subjects have the right to object at any time to the processing of personal data concerning them for the purpose of such advertising. You object at any time under the contact details set out in clause 1; in the case of advertising by e-mail, you will also find an opt-out link directly in the respective e-mail. We will store personal data for this purpose as long as we are still interested in entering into a contract with the respective business or until the business objects. 

3.3.7  StepStone webinars 

When you register for a StepStone webinar, we collect certain information to enable you to participate in the webinar. The legal basis here is your consent in accordance with Art. 6 (1) sentence 1 a GDPR. We will store the data for this purpose until the webinar has taken place. We use LogMeIn, Inc., 333 Summer Street, Boston, MA 02210 USA to collect the registration data and provide the webinar as a data processor, and this party will be a recipient of your personal data in this context. Data will be transferred to the USA, i.e. into a country outside of the EU or the EEA. The transfer is permitted under Art. 45 GDPR as LogMeIn, Inc., is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The Privacy Shield notice can be accessed at https://www.logmeininc.com/de/legal/privacy-shield. Additionally, we have entered into the standard contractual clauses which are available at https://logmeincdn.azureedge.net/legal/20170201/DPA/LMIDataProcessingAddendum2017.v1SAMPLE.pdf as a sample, so that a transfer is also permitted under Art. 46 (2) (c) GDPR. 

We will also use the information you input to provide you with marketing as described in section 3.3.5, which is included herein by reference.  

3.3.8 Zendesk – Support Tool 

We use a tool provided by Zendesk Inc. 1019 Market Street, 6th Floor 

San Francisco, California 94103, to process customer inquiries. Information such as last name, first name, postal address, telephone number, and email address is recorded on our website in order to answer your questions.  

For more information about Zendesk’s data processing, see Zendesk’s Privacy Policy at http://www.zendesk.com/company/privacy. 

If you contact us by email or via a form, we use the personal data you provide exclusively for processing the specific request. The data and the history of the service request are stored for follow-up questions and subsequent contact. 

Data will be transferred to the USA, i.e. into a country outside of the EU or the EEA. The transfer is permitted under Art. 45 GDPR as Zendesk Inc., is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The Privacy Shield certificate can be accessed at https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active. Additionally, we have entered into the standard contractual clauses which are available at http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087 as a sample, so that a transfer is also permitted under Art. 46 (2) (c) GDPR. 

The ground of processing for the use of Zendek is legitimate interest as per Art. 6 para 1 f GDRP. The legitimate interest is to provide you with an easy to use customer support tool.  

 4. Cookies and similar technology 

We use cookies on our websites. Cookies are text files that are stored on a computer system via an Internet browser. We use such cookies both as a technical means of providing services on our Platforms, for enabling e.g. certain functions, as well as for analyzing the website behavior of our visitors and on that basis developing a more user-friendly design of our offerings. For this purpose, we can also use other techniques, such as tracking pixels or code in apps. In addition, we may use these cookies or other techniques to target you with interesting job advertisements and other content.  

Some of the cookies we use are deleted at the end of the browser session, i.e. when you close your browser (known as session cookies). Other cookies are kept on your end device and enable us or our partner companies to recognize your browser on the next visit (persistent cookies). 

If not specifically stated below, you can view the exact retention period of a given cookie by displaying the cookie in your browser. 

You can set your browser up such that you are notified when a cookie is set and can decide individually whether to accept them or whether you opt out of accepting cookies for specific cases or generally. If you opt out of accepting cookies, the functionality of our website may be limited. We deal with specific cookies or similar technology below. 

4.1 Technically necessary cookies 

We use technical cookies. These are cookies that are merely required to collect certain information on our Platforms to provide a service required or wanted by you as user. This extends to navigation or session cookies that enable smooth navigation and use of the website (and for instance permit access to the restricted area); analysis cookies that are set directly by us to collect aggregated information about the number of users and their behavior; functional cookies that provide you with navigation by certain selected criteria as part of a service optimization (e.g. selected language, purchase of selected products).  

The legal basis for these cookies is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes. 

4.2 Cookies and technologies that we use via third party providers 

We also use cookies or other technology provided to us by external providers in various areas. In the following, we inform you about the respective providers and how you can object to the cookie or the corresponding technology. In general, in the case of websites, you can make an appropriate setting in your browser and in case of our apps you can make the respective setting with the slider for anonymous statistics under “Settings”. 

4.2.1 Criteo 

On our website we use services by Criteo SA, 32 Rue Blanche, 75009 Paris in the framework of our common responsibility as defined under Art. 26 GDPR.  

The purpose of the processing is retargeting, which means that when you have viewed certain offers on the website, we may show you advertising for similar offers from us on websites or other third-party platforms. We designate the scope of the respective advertising campaign in line with the contract with Criteo. The implementation of this advertising campaign, including the decision on which advertisements are delivered where is then the responsibility of Criteo. To that end a code from Criteo is executed on our pages directly by Criteo and what are known as (re)marketing tags (invisible graphics or code, also known as web beacons) are integrated into the website. These are used to store an individual cookie, i.e. a small file on your device (comparable technologies may also be used instead of cookies). This file records which websites the user locates, the content he or she is interested in and which offers he or she has clicked. It also stores technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offering. Criteo may also combine the above information with information from other sources. If the user subsequently visits other websites, tailored advertisements can be displayed depending on his or her interests.  

Further information and means of objecting to this data recording by Criteo can be found in Criteo’s privacy policy: https://www.criteo.com/privacy/.  

Criteo stores the data for 13 months and the cookies set by Criteo expire automatically after 13 months.  

Within the scope of the joint responsibility for the data processing described in this clause 4.1, you can assert your rights under the GDPR against us and Criteo either with us or with Criteo. 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes. 

4.2.2 Trackuity 

On our web pages we use the services of TRACKUITY bvba, registered office at Ridderstraat 15A, 9000 Gent, Belgium 

The purpose of the processing is retargeting, that is, if you have viewed certain offers on our websites, we may display advertisements on similar websites for you on websites or other third-party platforms. For this purpose, individual cookies are stored through our website by Trackuity on your device. Trackuity uses only anonymized data, personal data is not stored. 

For more information, as well as about opting out to tracking through Trackuity, see: https://www.trackuity.com/opt-out 

Legal basis is a legitimate interest in accordance with Art. 6 para. 1 sentence 1 f DSGVO, namely the pursuit of our business purposes and targeted marketing. 

4.2.3 Security analysis techniques from Akamai 

Our websites use web and security analysis techniques from Akamai Technologies, Inc. (“Akamai”). These techniques use cookies, text files and beacons that are stored on your computer and that enable Akamai (i) to perform security analyses and thus prevent unauthorized access to our websites and (ii) to analyze the use of the websites by you. The information generated by the cookies or beacons about the access to our websites, including your IP address and other data from log files, is transferred to Akamai’s servers, some of which are located in the USA, where it is stored and processed. This is permissible under Art. 45 GDPR because Akamai is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000Gn4RAAS&status=Active.  

Akamai will use this information to prevent unauthorized access to the websites, to produce reports about website activity for us, to perform further services associated with the website use and Internet use, and to analyze your use of our websites. Akamai may also pass this data to third parties if Akamai is required to do so by law or if these third parties are processing this data on behalf of Akamai. Akamai will not use the data to identify natural persons. You can prevent the storage of cookies or beacons by making a corresponding setting in your browser software; however, note that if you do so you may not be able to use the full functionality of this website. You can view the precise storage duration of the cookies for yourself by accessing this information via your respective browser. 

For further information on terms of use for the processing of personal data by Akamai and on Akamai’s Privacy Statement, see https://www.akamai.com/de/de/privacy-policies/. 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the protection of our websites. 

4.2.4 Hotjar 

We use Hotjar, a web analytics service of Hotjar Ltd, Level 2, St Julian’s Business Center, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”) in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on https://www.hotjar.com/privacy. 

You can opt-out from the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this link https://www.hotjar.com/opt-out. 

We have a contract processing agreement with Hotjar. The use of Hotjar is based based on a legitimate interest according to Art. 6 para. 1 p. 1 f DSGVO. Our legitimate interest is the user-friendly design of our websites. 

4.2.5 AppSee 

To analyze the usage of our apps, we use the app analysis service AppSee of Shift 6 Ltd. Menorat Hamaor 3, Tel Aviv, Israel. 

The user behavior within the apps is analyzed in order to identify causes of errors and to constantly improve the user experience. Only anonymous data is collected and stored, details of the stored information can be found at https://support.appsee.com/customer/en/portal/articles/2686233-what-types-of-data-does-appsee-capture. A storage of personal data does not take place. To create the anonymized data, your IP address may be processed by Shift 6 and its affiliate US company AppSee Inc. Such processing can also take place in the US or Israel. A transfer of personal data to Israel is allowed under the Adequacy Decision 2011/61 / EU (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32011D0061), as Israel is therefore has a level of data protection that is adequate compared to the EU’ and in the US Appsee Inc is certified under Privacy Shield, and thus in accordance with Commission Implementing Decision (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/? uri = CELEX: 32016D1250 & from = DE) there is an adequate level of data protection. The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TSUAAA4&status=Active 

You will find further information about the privacy of Appsee at: http://www.appsee.com/legal/privacypolicy. 

The legal basis for the use of Appsee is a legitimate interest under Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest is the user-friendly design of our offers. 

You can object to the use of Appsee at any time by changing the setting of the slider for anonymous statistics in the app under “Settings”. 

4.2.6 Fabric Crashlytics 

We use the Fabric Crashlytics service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland to better address technical issues related to our mobile apps. Fabric Crashlytics is an analytics service that collects technical information about the device (such as the operating system and model) and app usage data, specifically related to system crashes and errors. We use this information to collect data on app usage specifically related to system crashes and errors, and to better understand how our users use the app to improve the app. The information collected is available only in anonymous form. A storage of personal data does not take place. Google Ireland Limited may use Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, as a subcontractor. Google Inc. is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Other subcontractors that Google can use can be found here: https://fabric.io/terms/subprocessors. 

For more information, see the Fabric Crashlytics Terms of Use at: https://fabric.io/terms. 

The legal basis for the use of Fabric Craslytics is a legitimate interest under Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest is the user-friendly design of our apps. 

You can opt out of using Fabric Crashlytics at any time by changing the setting of the slider for anonymous statistics in the app under “Settings”. 

4.2.7 Adjust 

We also use the app analysis service Adjust (adjust GmbH, Saarbruecker Str. 38a, 10405 Berlin) to analyze the usage of our apps. The Adjust service has been tested and certified according to the ePrivacyseal (European Privacy Seal) (see https://www.eprivacy.eu/en/customers/awarded-seals/). 

When using the app, Adjust collects installation and usage data on our behalf. We use this anonymous information to understand how our users interact with our app. Adjust uses your anonymized IDFA or Android ID as well as your anonymized IP and MAC address. It is not possible to identify you. A storage of personal data does not take place accordingly. 

For more information, see Adjust’s Privacy Policy: https://www.adjust.com/privacy-policy/. 

The legal basis for the data analysis and use of Adjust is a legitimate interest (ie interest in the analysis, optimization and economic operation of our apps) in the sense of Art. 6 (1) (f) GDPR for the purposes of our own Market research, advertising purposes and the optimization and user friendly design of the apps. There is no apparent conflicting interest, especially since we have concluded a data processing agreement with Adjust. 

You can opt out of using Adjust at any time by changing the setting of the slider for anonymous statistics in the app under “Settings”. 

4.2.8 Firebase 

In our apps we use technology from Google Firebase (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, “Google”) with various functionalities. 

Firebase Analytics enables the analysis of the use of our apps. This completely aonymized information about the use of our app is collected and transmitted to Google and stored there. Google uses the advertising ID of the device. Google will use this information to evaluate the use of our app and to provide us with other services related to the use of apps. In Device Settings, you can restrict the use of the Advertising ID (iOS: Privacy / Advertising / No Ad Tracking, Android: Account / Google / View). Google Analytics for Firebase (Google Inc.). We also use Firebase Remote Config, which allows us to run A / B tests and customize the behavior and appearance of the app without having to download a new version. Personal data is not stored. 

Google Inc. is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Subcontractors that Google can use can be found here: https://firebase.google.com/terms/subprocessors. 

The legal basis for the use of data analysis and the use of Firebase is a legitimate interest (ie interest in the analysis, optimization and economic operation of our apps) within the meaning of Art. 6 (1) (f) GDPR). 

You can opt-out of using Firebase at any time by changing the setting of the slider for anonymous statistics in the app under “Settings”. 

4.2.9 Adform 

For the purposes of online marketing (specifically, bid optimization, audience extensiton, statistical analysis of location data, visitor analysis and user behavior and delivery of advertisements), we use services provided by Adform ApS, Hovedvagtsgade 6, 1103 Copenhagen K, Denmark. Adform can use cookies in this context. Personal data will not be stored, your IP address will be anonymised by Adform. You may object to the use of Adform and its cookies at any time by following this link: https://site.adform.com/datenschutz-opt-out/. 

Adform uses AdmantX s.p.a. Via Nuova Poggioreale, 11 80123 Napoli – Italy as data processor so that AdmantX s.p.a. might have receive personal data. 

Legal basis for the use of Adform is a legitimate interest within the meaning of Art. 6 para. 1 f DSGVO. The legitimate interest lies in making our services user-friendly and addressing potential customers in a target group-oriented manner. 

4.2.10 Facebook Pixel 

The “Facebook Pixel” from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, is used within our website. This means that what are termed tracking pixels are integrated into our pages. When you visit our pages, the tracking pixel creates a direct link between your browser and the Facebook server. 

This provides Facebook with the information from your browser for instance that our page was accessed by your device. If you are a Facebook user, Facebook can allocate the visit to our pages to your user account. Please note that as the provider of the pages we are not informed about the content of the data transferred or its use by Facebook. We can merely choose which segments of Facebook users (age, interests) our advertising is to be shown to. 

By accessing the pixel on your browser, Facebook can also identify whether displaying an advertisement on Facebook was successful, e.g. if it resulted in an online sale being completed. This enables us to record the effectiveness of Facebook advertisements for statistical and market-research purposes. 

Please click here if you wish to opt out of data recording via Facebook Pixel: https://www.facebook.com/settings?tab=advertisements#_=_. Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance page via the following link: http://www.aboutads.info/choices/. 

Transfer of data to the USA is permissible under Art. 45 GDPR because Facebook is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.  

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the targeted marketing of our services. 

4.2.11 Google Remarketing 

Our websites use the remarketing or “similar audiences” function from Google Inc. (“Google”). This enables us to target the visitors to our websites with advertising by displaying personalized, interest-driven advertisements to the users of the website when they visit other websites in the Google Display network. Google uses cookies to perform the analysis of the website use, on the basis of which the interest-driven advertisements are generated. No personal data of the website visitors is stored. If you then visit another website in the Google Display network, you will be shown advertisements that are highly likely to relate to product and information areas you have previously accessed.  

You can permanently deactivate the use of cookies by Google by clicking the following link and downloading and installing the plug-in provided there: https://www.google.com/settings/advertisements/plugin. Alternatively, you can deactivate the use of cookies from third-party providers by accessing the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and the implementing the additional information about opting out as set out there. For further information on Google Remarketing and Google’s Privacy Statement, click: http://www.google.com/privacy/advertisements/. 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the targeted marketing of our services. 

4.2.12 Google Conversion Tracking 

On the grounds of our legitimate interests (i.e. interest in the analysis, optimization, and economical operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use the marketing and remarketing services (for short: “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). 

Google is certified under the Privacy Shield Agreement and thus warrants that it complies with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). 

The Google Marketing Services enable us to display advertisements for and on our website in a more targeted manner to so that users are only shown advertisements that they may be interested in. If a user sees e.g. advertisements for products that he or she was interested in on other websites, this is referred to as “remarketing”. For this purpose, when our websites and other websites are accessed on which Google Marketing Services are active, Google directly executes a Google code and what are termed (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. These are used to store an individual cookie, i.e. a small file on the user’s device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites the user searches for, the content he or she is interested in and which offers he or she has clicked. It also stores technical information on the browser and operating system, referring websites, time of visit, and other information on the use of the online offering. Similarly, the user’s IP address is recorded, whereby in the context of Google Analytics we state that the IP address is shortened in within Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user’s data within other Google offerings. Google may also combine the above information with information from other sources. If the user subsequently visits other websites, tailored advertisements can be displayed depending on his or her interests. 

The user’s data is processed in a pseudonimyzed form as part of the Google Marketing Services. This means that Google stores and processes e.g. not the user’s name or e-mail address, but instead processes the relevant data based on the cookie within pseudonymized user profiles. This means that, from Google’s perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, irrespective of who the holder of this cookie is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information about the user collected by Google Marketing Services is transferred to Google and stored on Google’s servers in the USA. 

The Google Marketing Services deployed by us include the “Google AdWords” online advertising program. Google AdWords supplies every AdWords customer with a different “conversion cookie”. This means that cookies cannot be traced via the websites of AdWords customers. The information obtained using the cookie enables conversion statistics for AdWords customers to be produced who have opted for conversion tracking. The AdWords customers are notified of the total number of users who clicked their advertisement and were forwarded to a page containing a conversion tracking tag. However, they are not given any information that could be used to personally identify users. 

We may involve third parties on the basis of the “DoubleClick” Google marketing services. DoubleClick uses cookies that enable Google and its partner websites to place advertisements on the basis of users’ visits to this website and other websites on the Internet. 

Additionally, we may deploy the “Google Tag Manager” to integrate and manage the Google analytics and marketing service within our website. 

For further information on data usage for marketing purposes by Google, refer to the overview page: https://www.google.com/policies/technologies/advertisements; Google’s privacy policy can be accessed at https://www.google.com/policies/privacy. 

If you would like to opt out of interest-driven advertising from Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/advertisements/preferences. 

4.2.13 Optimizely 

Our websites use Optimizely, a web-analytics service from Optimizely Inc. (631 Howard Street, Suite 100, San Francisco, CA 94105, United States) for the simplification and performance of A/B tests to further develop this website. The information generated by a cookie about your use of the website is usually transferred to one of Optimizely’s servers in the USA and stored there. The cookie generated by Optimizely has a term of ten years.  

Transfer of data to the USA is permissible under Art. 45 GDPR because Optimizely is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TNkWAAW&status=Active . 

Your opt-out option: You can deactivate tracking by Optimizely at any time by following the instructions at https://www.optimizely.com/opt_out. 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes. 

4.2.14 Tealium Audience Stream 

We use the “Tealium Audience Stream”, a service by Tealium Inc., 11085 Torreyana Road, San Diego, CA 92121, USA (Tealium) within our website. This collects and stores data that we use to create pseudonymized user profiles. On our behalf, Tealium will use this information to structure your use of the website in line with your needs automatically and in real time and to display advertising. For this purpose, information including the following is collected: viewed and clicked advertisements, articles, advertising, visitor numbers, subject matter of the page, etc. 

The pseudonymized user profiles are not merged with personal data about the bearer of the pseudonym without consent, which must be provided separately. Similarly, the IP address transmitted by your browser is not merged with the usage profiles. 

Cookies are used is used to create the usage profiles, or similar technology for mobile end devices. The information generated by the cookie about your use of this website is stored exclusively in Germany. You can prevent the storage of the cookies by making a corresponding setting in your browser software; however, please note that if you do so you may not be able to use all functions of this website fully. 

You may opt out of the data collection and storage for the purposes of web analysis and the placement of advertisements with future effect by following the instructions on http://tealium.com/de/privacy/. 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes. 

4.2.15 Tealium iQ (Tag Management System) 

This website uses a Tag Management System (TMS), a service from Tealium Inc., 11085 Torreyana Road, San Diego, CA 92121, USA (Tealium), for the dynamic customization of parts of the website. To enable this functionality, a cookie called utag_main is set. The TMS is needed for us to provide our services and can therefore not be deactivated. The cookie has a term of twelve months. 

Data transferred to Tealium is transferred to the USA and thus to a country outside the EU and the EEA. This is permissible under Art. 45 GDPR because Tealium is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TSaYAAW&status=Active 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes. 

4.2.16 Adobe Analytics 

We use Adobe Analytics, a web-analytics tool from Adobe Systems Software Ireland Limited, that enables us to optimize our services in line with your requirements.  

Adobe Analytics uses cookies that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transferred to servers of the service in Ireland where it is anonymized. It is then transferred to servers in the USA for further processing, where it is stored. Adobe uses this information to evaluate your use of the website to compile reports on website activities for the website operators and to provide further services connected with the use of the website and the Internet.  

No personal data is stored because of the anonymization. 

As a user of our websites you of course have the option to block cookies at any time in your browser settings. You can opt out of any future recording of your user behavior on the Platform at any time; click the following link for instructions on how to deactivate cookies on your computer: https://www.adobe.com/privacy/opt-out.html. 

The legal basis for processing this data is a legitimate interest under Art. 6 (1) (f) GDPR. The legitimate interest as defined by Art. 6 (1) (f) GDPR that we are pursuing by processing the data described above is our interest in structuring our offerings in a user- and demand-driven manner. No conflicting interest is apparent, especially because you may opt out at any time. 

4.2.17 ScoreCard Research Beacon 

Our websites use ScorecardResearch Beacon, a service by Full Circle Studies, Inc., 11950 Democracy Drive, Reston, VA 20190, USA. Among other things, ScorecardResearch Beacon uses cookies that are saved on your computer and enable an analysis of your use of the website. During use, data such as in particular the IP address and users’ activities may be transmitted to a server of Full Circle Studies, Inc. and stored there. Full Circle Studies, Inc. may transfer this information to third parties to the extent that this is prescribed by law or where third parties process the data. You may prevent the collection and forwarding of personal data (in particular your IP address) and the processing of the data by deactivating JavaScript in your browser or installing a tool such as NoScript (www.noscript.net). You can find further information on data protection when using ScorecardResearch Beacon under the following link: http://www.fullcirclestudies.com/privacy.aspx. You can access an opt-out option under the following link: http://www.scorecardresearch.com/optout.aspx
 
You IP address is transferred to the USA and thus to a country outside the EU and the EEA. This is permissible under Art. 45 GDPR because Tealium is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000PC0qAAG&contact=true 

The legal basis for processing this data is a legitimate interest under Art. 6 (1) (f) GDPR. The legitimate interest as defined by Art. 6 (1) (f) GDPR that we are pursuing by processing the data described above is our interest in structuring our offerings in a user- and demand-driven manner. No conflicting interest is apparent, especially because you may opt out at any time. 

4.2.18 Lead Forensics 

For the purposes of marketing and optimization, the products and services of the company LeadForensics (http://www.leadforensics.com) are used in the B2B area of ​​our websites. The head office of LeadForensics is located at Communication House 26 York Street, London, W1U 6PZ United Kingdom. Lead Forensics identifies details of your organization including phone number, web address, SIC code, a description of the company. In the process, Lead Forensics shows the actual course of your visit to this website, including all the pages that you visited and viewed and how long you spent on this page. Under no circumstances will the data be used to personally identify an individual visitor. A storage of personal data does not take place. As far as IP addresses are collected, these will be anonymized immediately after collection. On behalf of us, Lead Forensics will use the information collected to evaluate your visit to the website, to compile reports on website activity and to provide other services related to website activity and internet usage to us. If you do not agree, you can object to the collection, processing and storage of data at any time with a view to the future by clicking on the following link: http://lfwebproxy.westeurope.cloudapp.azure.com:5000/?clientID= 99483 

Legal basis is a legitimate interest within the meaning of Art. 6 para. 1 f DSGVO. The legitimate interest lies in the fact that we want to tailor our services to the target group and to pursue target group-oriented marketing. 

4.2.19 Use of the SalesViewer® technology 

On our websites the SalesViewer® technology from SalesViewer® GmbH, Nikolaistr. 2 44866 Bochum is used to collect and store data for marketing, market research and optimization purposes in the course of data processing.  

This data is used to produce anonymous usage profiles. To this end, what is termed a tracking script is deployed during your visit to our website, the purpose of which is to collect company-related data. Unless the data subject has provided specific consent, the data collected using this technology is not to identify the visitor personally and is not merged with personal data about the holder of the anonymized data. The tracking script provides SalesViewer® GmbH with your IP address. 

No personal data is stored. 

You may opt out of the data collection and storage at any time with future effect by clicking this link http://www.salesviewer.com/opt-out. This will prevent recording by SalesViewer® within this website in future. An opt-out cookie for this website will be stored on your device. If you delete the cookies in this browser, you need to click the link again. 

The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes for the demand-driven structuring of our offerings. No conflicting interest is apparent, especially because you may opt out at any time and no personal data is stored. 

5. Rights of the data subject 

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller: 

5.1 Right of access 

You may request confirmation from us as to whether we process personal data relating you.  

If such processing is taking place, you can request the following information from us: 

(1) the purposes for which the personal data is being processed; 

(2) the categories of personal data that are being processed; 

(3) the recipient or categories of recipient to whom the personal data concerning you has been or will be disclosed; 

(4) the envisaged period for which the personal data concerning you will be stored or, if no concrete information about this is possible, criteria used to determine that period; 

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right restrict the processing of the data by the controller or a right to object to this processing;  

(6) the existence of a right to lodge a complaint with a supervisory authority; 

(7) any available information about the origin of the data if the personal data was not collected from the data subject; 

(8) the existence automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and the intended effects of such processing for the data subject. 

You have the right to request information about whether the personal data in question will be transferred to a third country or an international organization. In this context you can ask to be notified of the suitable safeguards in accordance with Art. 46 GDPR in the context of the transfer. 

This right to information may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes. 

5.2 Right to rectification 

You have a right to rectification and/or completion vis-à-vis the data controller if the personal data concerning you that is being processed is incorrect or incomplete. The data controller must perform the rectification without undue delay. 

Your right to rectification may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes. 

5.3 Right to restriction of processing 

If the following conditions are met, you can demand that the processing of the personal data concerning you is restricted: 

(1) if you contest the accuracy of the personal data relating to you for a duration that enables us to review the accuracy of the personal data; 

(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request a restriction of the use of the personal data; 

(3)  if we no longer require the personal data for the purposes of the processing, but you need it to establish, exercise, or defend legal claims, or 

(4) if you have objected to the processing in accordance with Art. 21 (1) GDPR and it has not yet been verified whether our legitimate reasons override yours. 

If the processing of the personal data concerning you has been limited, this data – with the exception of being stored by you – may only be processed with your consent or for the purpose of establishing, exercising, or defending legal claims or to protect the rights of another natural or legal or on grounds of a compelling public interest of the EU or a Member State. 

If a restriction of processing has been imposed in accordance with the above conditions, we will notify you before the restriction is lifted. 

Your right to restrict processing may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes. 

5.4 Right to erasure 

5.4.1 Erasure obligation 

You may request that we erase the personal data concerning you without undue delay, and we are obliged to erase this data without undue delay where one of the following grounds applies: 

(1) The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed. 

(2) You withdraw your consent upon which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and no other legal ground for the processing applies.  

(3) You object to the processing in accordance with Art. 21 (1) GDPR and no overriding legitimate grounds for the processing apply, or you raise an objection to the processing under Art. 21 (2) GDPR. 

(4) The personal data concerning you has been processed unlawfully. 

(5) The erasure of the personal data concerning you is required in order to comply with a legal obligation under EU law or the law of the Member States to which we are subject.  

(6) The personal data concerning you is collected in the context of information society services pursuant to Art. 8 (1 ). 

5.4.2 Information to third parties 

If we have published the personal data concerning you and we are obliged to delete it under Art. 17 (1) GDPR, we will take reasonable steps (including in terms of technical feasibility), taking account of the available technology and implementation costs, in order to notify the responsible data controller who is processing the data that you as a data subject have requested from them the erasure of all links to this personal data or copies or replications of this personal data. 

5.4.3 Exceptions 

There is no right to erasure if the processing is necessary 

(1) for the exercise of the right to the freedom of expression and information; 

(2) to satisfy a legal obligation that requires the data to be processed under the law of the EU or the Member States to which the data controller is subject, or to perform a task that is carried out in the public interest or in the exercise of official authority vested in the data controller; 

(3) on grounds of the public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR; 

(4) for archiving purposes in the public interest, academic or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, provided the right specified under section a) is likely to render impossible or seriously impair the achievements of the objectives of this processing or 

(5) to establish, exercise, or defend legal claims. 

5.5 Right to data portability 

You have the right to the receive the personal data concerning you that you have provided to us in structured, commonly used, and machine-readable format. Further, you have the right to transmit this data to a different data controller without hindrance from us, provided 

(1) the data processing is based on consent under Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and 

(2) the processing is being performed using automated means. 

Further, in exercising this right you also have the right to have the personal data concerning you transferred directly from one data controller to another data controller, where technically feasible. This must not adversely affect other people’s rights and freedoms. 

The right to data portability does not apply to the processing of personal data that is required for a task that is performed in the public interest or the exercise of official authority vested in us. 

5.6 Right to object 

You have the right to object, on grounds relating to your specific situation to object, at any time to the processing of the personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to any profiling based on those provisions.  

In this case we will stop processing the personal data concerning you unless we can provide compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the data is being processed for the purpose of establishing, exercising, or defending legal claims. 

If the personal data concerning you is being processed for the purpose of conducting direct marketing, you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to any profiling connected to such direct marketing. 

If you object to the data processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes. 

In the context of the use of information society services and Directive 2002/58/EC notwithstanding, you may exercise your right to object using automated means using technical specifications. 

Where personal data is processed for statistical purposes pursuant to Art. 89 (1) GDPR, you, on grounds relating to your specific situation, have the right to object to personal data concerning your being processed. 

Your right to object may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying statistical purposes. 

5.7 Right to withdraw the declaration of consent under data-processing law 

You have the right to withdraw your declaration of consent under data-processing law at any time. Withdrawing the consent has no bearing on the lawfulness of any processing performed up to the point of the revocation. 

5.8 Automated decision in individual cases including profiling 

You have the right not to be subject to a decision that is based solely on automated processing – including profiling – that produces legal effects on you or is similarly significantly affects you. This does not apply if the decision  

  1. is necessary for the entering into or performing a contract between you and the data controller, 
  1. is authorized under legal provisions of the EU or the Member States to which the data controller is subject and these legal provisions contain adequate measures for safeguarding your rights and freedoms as well as your legitimate interests or 
  1. is made with your explicit consent. 

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and adequate safeguards to protect the rights and freedoms as well as your legitimate interests are in place. 

As regards the cases stated in (1) and (3), we take adequate measures to your rights and freedoms as well as your legitimate interests, which include at least the right to have a person intervene on the data controller’s side, to present your own point of view, and to challenge a decision. 

5.9 Right to lodge a complaint with a supervisory authority 

Notwithstanding any other administrative or judicial legal remedy, you have the right to lodge a complaint with a supervisory authority in the Member State of your place of residence, your workplace, or the place of the alleged breach if you are of the opinion that the processing of the personal data concerning you breaches the GDPR.  

The supervisory body to which the complaint was submitted will notify the complainant of the status and outcomes of the complaint including the option of a judicial remedy under Art. 78 GDPR. 

6. Amendment of the Privacy Statement; amendment of purpose 

We reserve the right to amend this Privacy Statement in consideration of stipulations under data-protection law. You will always be able to locate the current version here or another corresponding, easily locatable point of our website or appIf we are intending to process your data for other purposes, i.e. those for which it was collected, we will notify you about this in advance in compliance with the statutory provisions.  

 [Version Date2442018]