Privacy statement

Table of contents

1. Name and address of the controller
2. Contact details of the data protection officer
3. General information on data processing
4. Rights of the data subject
5. Provision of the website and creation of log files
6. Use of cookies
7. Newsletter
8. Email contact
9. Contact form
10. Application by email and application form
11. Company appearances
12. Use of company appearances in professional networks
13. Hosting
14. Registration
15. Content Delivery Networks
16. Plugins used

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:

shyftplan GmbH
Ritterstr. 26
10969 Berlin
Germany

info@shyftplan.com
shyftplan.com

2. Contact details of the data protection officer

The data protection officer of the controller is:

DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany

+49 89 7400 45840
www.dataguard.de

3. General information on data processing

1. Scope of the processing of personal data

We process personal data of our users only to the extent necessary to provide a functional website and to provide our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is required by law.

2. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the GDPR serves as the legal basis.

When processing personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (1) (c) GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (1) (d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

3. data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by the controller.

Where that is the case, you have the right to request access to the personal data and the following information from the controller:

• the purposes for which the personal data are processed;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
  
• the existence of a right to correction or deletion of the personal data concerning you, a right to restriction of the processing by the controller or a right to object to this processing;
• the existence of a right of appeal to a supervisory authority;
• all available information about the origin of the data if the personal data is not collected from the data subject;
  
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of your personal data if it is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data.
  
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
• you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
  

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

• The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  
• You object to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21(2) of the GDPR.
• The personal data concerning you has been processed unlawfully.
• The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  
• The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary

• for exercising the right of freedom of expression and information
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  
• for reasons of public interest in the area of public health in accordance with Article 9(2) (h) and (i) as well as Article 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  
• for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to request the data controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

• the processing is based on consent pursuant to Article 6(1) sentence 1 point (a) GDPR or Article 9(2) point (a) GDPR or on a contract pursuant to Article 6(1) sentence 1 point (b) GDPR and
• the processing is carried out by automated means.
  

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, of exercising your right to object by automated means using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. automated decision in an individual case including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

• is necessary for entering into, or performance of, a contract between you and the data controller,
• is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
• is based on your explicit consent.
  

However, these decisions must not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (b) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in points 1 and 3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

5. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system.

The following data is collected:

• Information about the browser type and version used
• The user's operating system
• The user's internet service provider
• The user's IP address
• Date and time of access
• Websites from which the user's system accesses our website
• Websites accessed by the user's system via our website

These data are stored in our system's log files. These data are not stored together with other personal data of the user.

2. Purpose of data processing

The system needs to store the IP address temporarily to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) sentence 1 point (f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. It is possible to store the data for a longer period. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Right to object and to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

6. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data is stored in the cookies and transmitted:

• language settings
• login information

We also use cookies on our website that enable an analysis of the surfing behaviour of users.

In this way, the following data can be transmitted:

• Search terms entered
• Frequency of page views
• Use of website functions
  

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user.

2. purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some of our website's functions cannot be offered without the use of cookies. For these, it is necessary that the browser be recognised even after a page change.

We need cookies for the following applications:

• Adopting language settings
• Log-in information

The user data collected by technically necessary cookies are not used to create user profiles.

We use analysis cookies to improve the quality of our website and its content. These cookies tell us how our website is used, enabling us to constantly optimise our services.

3. legal basis for data processing

The legal basis for the processing of personal data using cookies that are not technically necessary is Art. 6 (1) 1 lit. a GDPR.

The legal basis for the processing of personal data using cookies that are technically necessary is Art. 6 (1) 1 lit. f GDPR.

4. Duration of storage, right to object and opt out

Cookies are stored on the user's computer and transmitted by it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all of the website's functions can be used to their full extent.

If you are using a Safari browser from version 12.1, cookies will be automatically deleted after seven days. This also applies to opt-out cookies that are set to prevent tracking.

7. Newsletter

1. Description and scope of data processing

On our website, you have the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us:

• Email address
  
• IP address of the accessing computer
• Date and time of registration
• Company name
• Number of employees

No data is passed on to third parties in connection with data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. purpose of data processing

The user's email address is collected for the purpose of sending the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

3. legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is the consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user's email address will therefore be stored as long as the newsletter subscription is active.

5. Objection and removal options

The subscription to the newsletter can be cancelled by the user at any time. For this purpose, there is a corresponding link in each newsletter.

This also allows you to revoke your consent to the storage of personal data collected during the registration process.

8. Email contact

1. Description and scope of data processing

On our website, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted by email will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of data processing

If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

3. legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f DSGVO. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Objection and removal options

The user has the option at any time to revoke his consent to the processing of personal data. If the user contacts us by email at info@shyftplan.com, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Under the statutory conditions, the existence of which is to be examined in each individual case, you have the right to receive information about your personal data and to request the correction or deletion of your personal data or the restriction of processing, as well as to object to any kind of processing of your personal data and to receive your personal data in a structured, common and machine-readable format (data transferability). In addition, you have the right to file a complaint with a regulatory authority.

In this case, all personal data stored in the course of establishing contact will be deleted.

9. Contact form

1. Description and scope of data processing

Our website includes a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

At the time the message is sent, the following data is stored:

• Email address
• Surname
• First name
  
• Telephone/mobile phone number
• IP address of the accessing computer
• Date and time of contact
• Company
• Industry
• Position in the company
• Number of employees in the company

Your consent to the processing of the data is obtained as part of the sending process and reference is made to this data protection declaration.

Alternatively, it is possible to contact us using the email address provided. In this case, the user's personal data transmitted by email will be stored.

The data is used exclusively for the purpose of processing the conversation.

2. purpose of data processing

We process the personal data from the input mask solely for the purpose of processing the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of the data is the consent of the user in accordance with Article 6 (1) (a) of the GDPR.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) sentence 1 point f GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) sentence 1 point b GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Right to object and right to erasure

The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us by email at info@shyftplan.com, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Under the statutory conditions, the existence of which is to be examined in each individual case, you have the right to receive information about your personal data and to request the correction or deletion of your personal data or the restriction of processing, as well as to object to any kind of processing of your personal data and to receive your personal data in a structured, common and machine-readable format (data transferability). In addition, you have the right to file a complaint with a regulatory authority.

In this case, all personal data stored in the course of making contact will be deleted.

10. Applications by email and application form

1. Scope of personal data processing

Our website includes an application form that can be used for electronic applications. If an applicant uses this option, the data entered in the input mask will be transmitted to us and stored. These data are:

• First name
• Surname
• Email address
  
• CV
• Cover letter (optional)

As part of the submission process, your consent is obtained for the processing of your data and reference is made to this data protection declaration.

Alternatively, you can also send us your application by email. In this case, we collect your email address and the data you provide in the email.

After sending your application, you will receive an email from us confirming receipt of your application documents.

Your data will not be passed on to third parties. The data will be used exclusively for the processing of your application.

2. purpose of the data processing

The processing of personal data from the application form is used solely to process your application. If you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the application form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 sentence 1 lit. b Alt. 1 GDPR and § 26 para. 1 sentence 1 BDSG.

4. Duration of storage

After completion of the application process, the data will be stored for up to six months. Your data will be deleted at the latest after six months. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions.

5. Objection and removal options

The applicant has the option to object to the processing of personal data at any time. If the applicant contacts us by email, they can object to the storage of their personal data at any time. In such a case, the application can no longer be considered.

With the application confirmation by e-mail, you will receive two links to request a change or deletion of your data. The implementation will take place within 5 working days from receipt of the request. Alternatively, you can request a change or deletion of your data by e-mail to careers@shyftplan.com.

All personal data stored in the course of electronic applications will be deleted in this case.

11. company pages

Use of company pages on social networks

Instagram: Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

On our company page, we provide information and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company page (e.g. comments, posts, likes, etc.), you may make personal data public (e.g. real name or photo of your user profile). However, since we generally or to a large extent have no influence on the processing of your personal data by Instagram, which is jointly responsible for the shyftplan GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for external presentation and advertising of our product as well as for advertising job vacancies.

The publications on our company page may contain the following content:

• Information about products
• Information about services
• Competitions
• Advertising
• Customer contact
• Job vacancies

Each user is free to publish personal data through their activities.

The legal basis for the data processing is Art. 6 (1) (1) (a) GDPR.

The data generated by the company presence is not stored in our own systems.

You can object to the processing of your personal data that we collect in the course of your use of our Instagram company presence at any time and assert your rights as a data subject as set out in IV. of this data protection declaration. To do so, simply send us an informal email to info@shyftplan.com.

You can find more information about the processing of your personal data by Instagram and the corresponding options for objecting here:

Instagram:

Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

On our company page, we provide information and offer Twitter users the opportunity to communicate. If you carry out an action on our Twitter company page (e.g. comments, posts, likes, etc.), you may make personal data public (e.g. real name or photo of your user profile). However, since we generally or to a large extent have no influence on the processing of your personal data by Twitter, which is jointly responsible for the shyftplan GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for external presentation and advertising of our product as well as for advertising job vacancies.

The publications on the company's social media pages may contain the following content:

• Information about products
• Information about services
• Competitions
• Advertising
• Customer contact
• Job vacancies

Each user is free to publish personal data through their activities.

The legal basis for the data processing is Art. 6 (1) (1) (a) GDPR.

The data generated by the company's social media pages are not stored in our own systems.

You can object to the processing of your personal data that we collect when you use our Twitter company page at any time and assert your rights as a data subject as set out in IV. of this data protection declaration. To do so, simply send us an informal email to info@shyftplan.com.

You can find more information about the processing of your personal data by Twitter and the corresponding options for objecting here:

Twitter: 

YouTube: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

On our company page, we provide information and offer YouTube users the opportunity to communicate. If you take an action on our YouTube company page (e.g. comments, posts, likes, etc.), you may make personal data public (e.g. real name or photo of your user profile). However, since we generally or to a large extent have no influence on the processing of your personal data by YouTube, which is jointly responsible for the shyftplan GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for external presentation and advertising of our product as well as for advertising job vacancies.

The publications on the company's social media pages may contain the following content:

• Information about products
• Information about services
• Competitions
• Advertising
• Customer contact
• Job vacancies

Each user is free to publish personal data through their activities.

The legal basis for the data processing is Art. 6 (1) (1) (a) GDPR.

The data generated by the company presence is not stored in our own systems.

You can object to the processing of your personal data that we collect in the course of your use of our YouTube company presence at any time and assert your rights as a data subject as set out in IV. of this data protection declaration. To do so, simply send us an informal email to info@shyftplan.com.

You can find more information about the processing of your personal data by YouTube and the corresponding opt-out options here:

YouTube:

12. Use of company profiles in professional networks

1. Scope of data processing

We use the option of company profiles on professional networks. We maintain a company profile on the following professional networks:

LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

XING: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

We provide information on our page and offer users the opportunity to communicate. The company presence is used for applications, information/PR and active sourcing.

We have no information about the processing of your personal data by the companies jointly responsible for the company's presence. Further information can be found in the data protection declaration of:

LinkedIn:

XING: 

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data public (e.g. real name or photo of your user profile).

2. Legal basis for data processing

The legal basis for the processing of your data in connection with the use of our company website is Art. 6 (1) (1) (f) GDPR.

3. Purpose of data processing

Our company presence serves to inform users about our services. Each user is free to publish personal data through their activities.

4. Duration of storage

We store your activities and personal data published through our company presence until you revoke your consent. In addition, we comply with the legal retention periods.

5. Objection and removal options

You can object to the processing of your personal data that we collect in the context of your use of our company presence at any time and assert your rights as a data subject as stated under IV. of this data protection declaration. To do so, simply send us an informal email to the email address stated in this data protection declaration.

Further information on objection and removal options can be found here:

LinkedIn: 

XING:

13. Hosting

The website is hosted on servers by a service provider contracted by us.

Our service provider is:

Amazon Web Services

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information is:

• Browser type and browser version
• Operating system used
• Referrer URL
  
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website – for this purpose, the server log files must be recorded.

The location of the website server is geographically in Germany.

14. Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

• Email address
• Surname
• First name
• Telephone/mobile phone number
  
• IP address of the accessing computer
• Date and time of registration
• Company
• Industry
• Position in the company
• Number of employees in the company

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Purpose of data processing

User registration is required for the provision of certain content and services, such as for login or for marketing purposes on our website.

3. Legal basis for data processing

The legal basis for the processing of the data is the consent of the user in accordance with Article 6 (1) (1) (a) of the GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

This is the case for the data collected during the registration process if the registration on our website is cancelled or modified.

5. Objection and removal option

As a user, you have the option to cancel the registration at any time. For this purpose, there is a corresponding link in each registration confirmation. You can also change the data stored about you at any time by sending an email to info@shyftplan.com. This also allows you to revoke your consent to the storage of personal data collected during the registration process.

15. Content Delivery Networks

Amazon CloudFront

1. Description and scope of data processing

We use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc., 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront) on our website. A content delivery network (CDN) is a network of regionally distributed servers connected via the internet that are used to deliver content, in particular large media files such as videos. Amazon CloudFront offers web optimisation and security services that we use to improve the loading times of our website and to protect it from misuse. When you visit our website, a connection is established to the Amazon CloudFront servers, for example to retrieve content. Personal data may be stored and evaluated in server log files, in particular the user's activity (in particular which pages have been visited ) and device and browser information (in particular the IP address and operating system).

Further information on the collection and storage of data by Amazon CloudFront can be found here: 

2. Purpose of data processing

The use of Amazon CloudFront features is used to deliver and accelerate online applications and content.

3. Legal basis for data processing

This data is collected on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website – for this purpose, the server log files must be recorded.

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law.

5. Objection and removal options

Information on objection and removal options vis-à-vis Amazon CloudFront can be found at: