In this privacy policy, we inform you about the processing of personal data when using our website. Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, such as your name, telephone number, address or e-mail address. Statistical data that we collect, for example, when you visit our website and that cannot be linked to you personally is not considered personal data.
Privacy policy
In this privacy policy, we inform you about the processing of personal data when you use our website. Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, such as your name, telephone number, address or e-mail address. Statistical data that we collect, for example, when you visit our website and that cannot be linked to you personally is not considered personal data.
Content of this privacy policy
1. responsible person and contact person
The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is
Bridgemaker GmbH
Linienstraße 86
10119 Berlin
Email: [email protected]
If you have any questions about data protection in connection with our products and services or the use of our website, you can also contact our data protection officer at any time. He can be contacted at the above postal address and at the above e-mail address (keyword: "Attn. data protection officer"). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, please contact us directly via this e-mail address first.
2. data processing on our website
2.1 Accessing our website / connection data
Each time you use our website (which is displayed via Webflow), we process connection data that your browser automatically transmits to enable you to visit the website. This connection data comprises the so-called HTTP header information, including the user agent, and includes in particular
- IP address of the requesting device;
- Method (e.g. GET, POST), date and time of the request;
- Address of the requested website and path of the requested file;
- if applicable, the previously accessed website/file (HTTP referrer);
- Information about the browser and operating system used;
- Version of the HTTP protocol, HTTP status code, size of the delivered file;
- Request information such as language, type of content, encoding of content, character sets;
- Cookies stored on the end device for the domain accessed.
The data processing of this connection data is necessary to enable you to visit the website, to ensure the long-term functionality and security of our systems and for the general administrative maintenance of our website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited in content to what is necessary, in order to find the cause and take action in the event of repeated or criminal accesses that jeopardize the stability and security of our website. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, provided that the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling website access and the permanent functionality and security of our systems. However, the automatic transmission of the connection data and the log files developed from it do not constitute access to the information in the end device within the meaning of the implementation laws of the ePrivacy Directive of the EU member states, in Germany § 25 TTDSG. Otherwise, however, it would be absolutely necessary anyway. The log files are stored and then anonymized. In exceptional cases, individual log files and IP addresses are stored for longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.
2.2 Contacting
You have various options for contacting us.
2.2.1 E-mail and contact form
This includes contact via the e-mail addresses given in the legal notice and the contact form. In this context, we process data exclusively for the purpose of communicating with you. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your details are required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in you contacting us and us being able to answer your inquiry. We will only make promotional telephone calls if you have given your consent. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. The legal basis in these cases is Art. 6 para. 1 lit. a GDPR i.V.m. § Section 7 para. 2 no. 1 or 2 UWG. The data collected by us when using the contact form will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 7 "Storage period").
2.2.2 Contact form for Business Model AI
It is also possible to find out more about our AI business model via our website. We also process your personal data for this purpose. We use the following process for this:
- You can register for our waiting list using the contact form. For this purpose, we process your data (first and last name, e-mail address and company)
- You will then receive a confirmation e-mail from us.
- As soon as a place is available, you will receive another e-mail with a link to Typeform (you can find out more about this service provider under 3.4.3). The following data will be processed for this purpose: First name, last name, telephone number, your business problem, URL of the company website, your company name, your e-mail address and optional PDF documents.
- By clicking on "Send", the data entered in Typeform is forwarded to Bridgemaker.
- Bridgemaker then forwards these to OpenAI using the ChatGPT Business tool to perform the service. You can find out more about the ChatGPT Business tool under 2.3.
The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your details are required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in you contacting us and us being able to answer your inquiry. We will only make promotional telephone calls if you have given your consent. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. The legal basis in these cases is Art. 6 para. 1 lit. a GDPR i.V.m. § Section 7 para. 2 no. 1 or 2 UWG. The data collected by us when using the contact form will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 7 "Storage period").
2.3 Use of ChatGPT when using the Business Model - AI service
If you wish to use our artificial intelligence service to find answers to your business problem, your data will be processed in the ChatGPT Business tool as described under 2.2.2. For this purpose, data is forwarded to the service provider OpenAI, which is offered for persons from the European Economic Area and Switzerland by OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, and for all other persons by OpenAI, L.L.C., 3180 18th Street, San Francisco, California 94110, USA. Further information on the ChatGPT Business tool used can be found here: https://openai.com/de/policies/eu-terms-of-use and https://openai.com/enterprise-privacy. Please note that the ChatGPT tool used by the service provider OpenAI is an artificial intelligence. However, the business version of the tool used by us prohibits any training of the tool with your data. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your data is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR, in order to facilitate the provision of the service. We will only contact you for advertising purposes if you have given your consent. The data will be stored by ChatGPT until the purposes have been achieved and there are no (statutory) retention periods to the contrary.
2.4 Applications
You can apply for vacancies via our applicant management system of our processor Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany), which you can access via our careers page. The purpose of data collection is the selection of applicants for the possible establishment of an employment relationship. We collect the following data in particular to receive and process your application:
- First and last name;
- E-mail address;
- Telephone number;
- Application documents (e.g. certificates, CV);
- Date of earliest possible job entry;
- Salary expectations.
Mandatory fields are marked with an asterisk (*). The legal basis for the processing of your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 BDSG. We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we will store your application data for as long as it is required for the employment relationship and insofar as statutory regulations require us to retain it. If we reject your application, we will store your application data for a maximum of six months after rejecting your application, unless you give us your consent to store it for longer. If you have given us your separate consent in accordance with Art. 6 para. 1 lit. a GDPR, we will store your data submitted as part of the application in our pool of applicants for a further twelve months after the end of the application process in order to identify any other interesting positions for you and to contact you again if necessary. After this period, the data will be deleted. You can revoke this consent at any time with effect for the future.
3. use of tools on the website
3.1 Technologies used
This website uses various services and applications (collectively "tools") that are offered either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the end device:
- Cookies: Information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiration date. Cookies can also be removed manually.
- Web storage (local storage / session storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiration date and remains stored unless a mechanism for deletion has been set up (e.g. storage of local storage with a time entry). Information in local and session storage can also be removed manually.
- JavaScript: programming codes (scripts) embedded or called up in the website that, for example, set cookies and web storage or actively collect information from the end device or about the usage behavior of visitors. JavaScript can be used for "active fingerprinting" and the creation of user profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer work.
- Pixel: A tiny graphic automatically loaded by a service that can make it possible to recognize visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of call) and, for example, to determine whether an email has been opened or a website visited. With the help of pixels, "passive fingerprinting" and the creation of user profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the display is then severely restricted.
With the help of these technologies and also by simply establishing a connection on a page, so-called "fingerprints" can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints based on the connection setup cannot be completely prevented manually. Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not work or may not work properly. The tools we use are listed below by category, and we inform you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw this consent. If - even despite the greatest care - the information in the consent banner contradicts the information in this privacy policy, the information in this privacy policy takes precedence.
3.2 Legal basis and revocation
3.2.1 Legal basis
We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG. We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. Data processing using these tools only takes place if we have received your consent for this in advance. If personal data is transferred to third countries (e.g. the USA), we refer you to Section 6 ("Data transfer to third countries"), also with regard to any associated risks. We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent in accordance with Art. 49 para. 1 lit. a GDPR.
3.2.2 Obtaining your consent
We use the Cookiebot tool from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cookiebot") to obtain and manage your consent. This generates a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual or no data processing through optional tools. This banner appears the first time you visit our website and when you call up the selection of your settings again to change them or revoke your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookies or information in Cookiebot's local storage have been deleted or have expired. Your consent or revocation, your IP address, information about your browser, your end device and the time of your visit are transmitted to Cookiebot during your visit to the website. Cookiebot also stores the necessary information on your device to document your consents and revocations. The following cookies are set: "CookieConsent" (1 year). Data processing by Cookiebot is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Cookiebot is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.
3.2.3 Revoking your consent or changing your selection
You can revoke your consent for certain tools, i.e. for the storage and access to information in the end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do so, click on the button on the right-hand side at the end of the website. There you can also change the selection of tools you wish to consent to the use of and obtain additional information on the tools used. Alternatively, you can assert your revocation directly with the provider for certain tools.
3.3 Necessary tools
We use certain tools to enable the basic functions of our website ("necessary tools"). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud and to ensure the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent. The legal basis for necessary tools is the necessity to fulfill our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG. In the event that personal data is transferred to third countries (such as the USA), we refer to Section 6 ("Data transfer to third countries") in addition to the information provided below.
3.3.1 Google reCAPTCHA
- Our website uses the Google reCAPTCHA service, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google") for all other persons.
reCAPTCHA prevents automated software (so-called bots) from carrying out abusive activities on the website, i.e. it checks whether the entries made actually originate from a human being. For this purpose, reCAPTCHA uses JavaScript and stores cookies and information in the local storage on your end device. In particular, the following data is processed:
Referrer URL (address of the page from which the visitor came); - IP address;
- Cookies set by Google;
- Snapshot of the browser window;
- Input behavior of the user (e.g. answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user, number of mouse clicks);
- Technical information: Browser type, browser plug-ins, browser size and resolution, date, language setting, display instructions (CSS) and scripts (JavaScript).
For this purpose, the following cookies can be used and read by reCAPTCHA: "_GRECAPTCHA" (6 months). In addition, the following cookies are also integrated and stored in local storage to distinguish between humans and robots: "rc::d-15#", "rc::a" (permanent), "rc::b" (for the duration of the session), "rc::c" (for the duration of the session), "rc::f" (permanent). Google also reads the cookies from other Google services such as Gmail, Search and Analytics. If you do not want this assignment to your Google account, you must log out of Google before accessing a page where we have integrated Google reCAPTCHA. This data is sent to Google in encrypted form. Google's evaluation decides in which form the captcha is displayed on the page. The use of reCAPTCHA is statistically analyzed. According to Google, your data will not be used for personalized advertising. The legal basis is the necessity to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR, for example in the context of registering a user account, using a contact form or subscribing to a newsletter. Google reCAPTCHA is used to protect IT security, ensure the stability of our website and prevent misuse. In some cases, the data may also be processed on servers in the USA. In the event that personal data is transferred to the USA or other third countries, this is done on the basis of Art. 49 para. 1 sentence 1 lit. b GDPR to enable the fulfillment of a contract with you or the implementation of pre-contractual measures. For further information, please refer to section 6 ("Data transfer to third countries").
Further information can be found here:
- in Google's privacy policy: https://policies.google.com/privacy;
in the Google terms of use: https://policies.google.com/terms
3.4 Analysis tools
To improve our website, we use optional tools to recognize visitors and to statistically record and analyze general usage behavior based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is aggregated and enables us to track the usage habits of our visitors. This helps us to adapt and optimize the design of our website and make the user experience more pleasant. Unless otherwise stated, the legal basis for the analysis tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see 3.2.3: "Withdrawing your consent or changing your selection". In the event that personal data is transferred to third countries (such as the USA), your consent also expressly extends to the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
3.4.1 Google Analytics 4
Our website then uses the service Google Analytics 4 ("Google Analytics"), which is offered for persons from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). Google Analytics uses JavaScript and pixels to read information on your end device and cookies to store information on your end device. This serves to analyze your usage behavior and improve our website. We will process the information obtained to evaluate your use of the website and to compile reports on website activity for the website operator. The data collected in this context may be transmitted by Google to a server in the USA for analysis and stored there. As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning to automatically analyze and enrich the data. This is done in particular for forecast metrics on the future behavior of visitors based on structured event data, such as predicted sales, purchase probability and churn probability. The forecast metrics can also be used for forecast target groups. You can find out more about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions if there is not enough data available to optimize the analysis and reports. Information on this can be found at: https://support.google.com/analytics/answer/10710245. The data analyses are automated with the help of artificial intelligence or on the basis of specific, individually defined criteria. You can find out more at: https://support.google.com/analytics/answer/9443595.
We have made the following data protection settings for Google Analytics:
- IP anonymization (shortening of the IP address before evaluation);
- Automatic deletion of old visit logs by limiting the storage period to 2 months;
- No resetting of the retention period for new activity;
- Deactivation of the recording of precise location and position data;
- Deactivation of the recording of precise device data;
- Deactivated advertising function (including target group remarketing by GA Audience);
- Deactivated remarketing;
- Deactivated cross-device and cross-page tracking (Google Signals);
- Disabled data sharing with other Google products and services, benchmarking, technical support, account manager.
The following data is processed by Google Analytics:
- IP address;
- User ID, Google ID (Google Signals) and/or device ID;
- Referrer URL (previously visited page);
- Pages accessed (date, time, URL, title, duration of visit);
- Events (e.g. scrolling activity, downloaded files, clicked links to other websites, interaction with videos and forms, search queries);
- if applicable, achievement of certain goals (conversions);
- Technical information: Operating system; browser type, version and language; device type, make, model and resolution;
- Approximate location (country and, if applicable, city, based on anonymized IP address).
Google Analytics sets the following cookies for the specified purpose with the respective storage duration:
- "_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors through a user ID;
- "_ga_[GA-ID]" (2 years): Retention of the information of the current session;
- "_gac_gb_[GA-ID]" (90 days): Storage of campaign-related information and, if applicable, link to Google Ads Conversion Tracking;
- IDE" if applicable (390 days): Recognition and differentiation of visitors by means of a user ID, recording of interaction with advertising, display of personalized advertising.
You can find more information about Google Analytics 4 cookies at: https://support.google.com/analytics/answer/11397207?hl=de.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. Further information can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245.
3.5 Marketing tools
We also use optional tools for advertising purposes ("marketing tools"). Some of the access data collected when you use our website is used to create usage profiles, which in particular store your usage behavior, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analyzing and evaluating this access data, we are able to show you personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. We also analyse your usage behaviour in order to recognize you on other sites and to address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads). Marketing tools also include optional social network tools that are used to share posts and content via these networks ("social media plugins"). The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give via the consent banner or with the respective tool itself by individually allowing its use via a banner (overlay) placed above it. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see 3.2.3: "Withdrawing your consent or changing your selection". In the event that personal data is transferred to third countries (such as the USA), your consent also expressly extends to the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
In the following section, we would like to explain these technologies and the providers used for this in more detail. The data collected may include in particular
- the IP address of the device;
- the information of a cookie and in local or session storage;
- the device identifier of mobile devices (e.g. device ID, advertising ID);
- Referrer URL (previously visited page);
- Pages accessed (date, time, URL, title, duration of visit);
- Downloaded files;
- Clicked links to other websites;
- if applicable, achievement of certain goals (conversions);
- Technical information: Operating system; browser type, version and language; device type, make, model and resolution;
- Approximate location (country and city if applicable).
However, the data collected is stored exclusively under a pseudonym, so that no direct conclusions can be drawn about individuals.
3.5.1 HubSpot
Our website uses services of the provider HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("Hubspot") to integrate cookies via "gstatic" or Google reCAPTCHA. .
The following cookies are stored in local storage to distinguish between humans and robots:
- "rc::d-15#" (permanent): Distinction between human and robot;
- "rc::a" (permanent): Distinction between human and robot;
- "rc::b" (for the duration of the session): Distinction between human and robot;
- "rc::c" (for the duration of the session): Distinction between human and robot;
- "rc::f" (permanent): Distinction between humans and robots.
For further information on cookies, please refer to the HubSpot website: https://knowledge.hubspot.com/de/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser and the Cloudfare website: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded an order processing contract with HubSpot. The data collected in this context may be transmitted by HubSpot to a server in the USA and stored there. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with HubSpot (Implementing Decision (EU) 2021/914, Module 2) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. For further information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy.
3.5.2 Typeform
Our website uses the Typeform service provided by Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain ("Typeform"). Typeform is used to provide appealing forms and surveys, which we use, for example, to obtain information about you, to register for e-mail notifications or to conduct surveys on specific topics. We have marked mandatory fields accordingly. As soon as you click on the send button, your data will be transmitted to us and Typeform. In particular, Typeform uses scripts that access information on your end device and cookies that are stored on your end device. Your data is stored on servers in the USA.
The following data is processed by Typeform:
- IP address;
- Your data entered in the form;
- Technical information about your device, your browser, your operating system and your selected language;
- Access information about the accessed page, the previously visited page and the time of the visit;
- Usage data by evaluating information, in particular from cookies and scripts.
Typeform sets and reads the following cookies:
- "AWSALBTG" (7 days) and "AWSALBTGCORS" (7 days): Registers which server cluster is serving the visitor. This is used in connection with load balancing to optimize the user experience;
- "ld:#:$diagnostics" (permanent): Monitoring website performance for statistical purposes;
- " visitorId" (2 years): Retention of the user status across page requests.
- "cookie_support" (for the duration of the session): Storage of your selection as to whether you accept or reject analysis cookies.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded an order processing contract with Typeform. If Typeform uses processors that are based outside the EU or that transfer data to third countries (such as the USA) or store it there, Typeform has concluded appropriate guarantees such as standard contractual clauses. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. Further information can be found in Typeform's privacy policy: https://admin.typeform.com/to/dwk6gt/.
4. online presence in social networks
We maintain online presences in social networks in order to communicate with customers and interested parties and to inform them about Bridgemaker news. User data is generally processed by the relevant social networks for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. Cookies and other identifiers are stored on users' computers for this purpose. Based on these user profiles, advertisements are then placed within the social networks and on third-party websites, for example. As part of the operation of our online presence, we may have access to information such as statistics on the use of our online presence provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our online presence (e.g. likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed via it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presence and to optimize it for our audience. Please refer to the list below for details and links to the social network data that we can access as the operator of the online presence. The collection and use of these statistics is generally subject to joint responsibility. Where this applies, the corresponding contract is listed below. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective user information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
- If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can take place, for example, via direct messages or posted contributions. The content of communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 Para. 1 lit. b GDPR.
- The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The links below will also provide you with further information on the respective data processing and the options to object.
- We would like to point out that data protection requests can be made most efficiently to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:
- Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Operation of the Facebook fan page under joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights addendum regarding the controller): https://www.facebook.com/legal/terms/page_controller_addendum
- Information on the processed Page Insights data and how to contact us in the event of data protection inquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy policy: https://www.facebook.com/about/privacy/
- Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Instagram Business account on the basis of an agreement on joint processing of personal data (so-called Page Insights addendum regarding the controller): https://www.facebook.com/legal/terms/page_controller_addendum
- Information on the processed Page Insights data and how to contact us in the event of data protection inquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy policy: https://help.instagram.com/519522125107875
- Opt-out (declaration): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE
- Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Privacy policy: https://policies.google.com/privacy
- Opt-out: https://www.google.com/settings/ads.
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
- Privacy policy: https://twitter.com/de/privacy
- Opt-out: https://twitter.com/personalization.
- Xing/Kununu (New Work SE, Am Strandkai 1, 20457 Hamburg)
- Privacy policy/ opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Operation of the LinkedIn company page under joint responsibility on the basis of an agreement on the joint processing of personal data (so-called Page Insights Joint Controller Addendum): https://legal.linkedin.com/pages-joint-controller-addendum
- Information on the processed Page Insights data and how to contact us in the event of data protection inquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5. disclosure of data
- The data collected by us will only be passed on if:
you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR, - the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official inquiries, court orders and legal proceedings, or
- this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.
Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us. A current list of the service providers we use are Slicemedia and Magic Design. In addition, data may be passed on in connection with official inquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.
6. data transfer to third countries
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations. Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfillment of the contract or for the implementation of pre-contractual measures. If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. If your consent is obtained via the cookie banner, you will also be informed of this. If your personal data is transferred to a company in the USA that is currently certified under the EU-U.S. Data Privacy Framework of June 10, 2023, the transfer in this case will be based on the adequacy decision for the USA pursuant to Art. 45 GDPR.
7. storage period
In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the end of the statutory limitation period for evidence purposes for civil law claims or due to statutory retention obligations. For evidence purposes, we retain contract data for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period. Even after this time, we still have to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.
8. your rights, in particular revocation and objection
You are entitled to the data subject rights formulated in Art. 7 para. 3, Art. 15 - 21, Art. 77 GDPR at any time if the respective legal requirements are met:
- Right to withdraw your consent (Art. 7 (3) GDPR);
- Right to object to the processing of your personal data (Art. 21 GDPR);
- Right to information about your personal data processed by us (Art. 15 GDPR);
- Right to rectification of your incorrect personal data stored by us (Art. 16 GDPR);
- Right to erasure of your personal data (Art. 17 GDPR);
- Right to restriction of processing of your personal data (Art. 18 GDPR);
- Right to be informed about the recipients on request (Art. 19 p. 2 GDPR);
- Right to data portability of your personal data (Art. 20 GDPR);
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
To assert your rights described here, you can contact us at any time using the contact details given above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the relevant legal requirements are met, we will comply with your data protection request. Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims beyond this period. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 para. 2 GDPR.
You have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will be implemented by us even without giving reasons. If you wish to exercise your right of revocation or objection, simply send an informal message to the above-mentioned contact details.
Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.
9. changes to the privacy policy
We occasionally update this privacy policy, for example when we adapt our website or when legal or regulatory requirements change.
Version: 2.0 / Status: February 08, 2024