Privacy Statement Website Leapsome

1. Introduction and scope

Protecting your personal data is very important to us at Leapsome.

This privacy statement explains how we collect and use your data when you visit our website or interact with us via social media channels. Additionally, you can find more information on the legal grounds that we process your data on, which recipients we disclose data to and regarding your respective rights and how you can exercise them.

This privacy statement applies exclusively to your use of the Leapsome website or if you interact with us via social media channels.

We may change this privacy statement at any time to comply with regulatory requirements or to adapt to changed internal processes. Therefore, we kindly ask you to check our privacy statement regularly.

2. General Information regarding Data Processing

2.1 Leapsome as Data Controller

The responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

Leapsome GmbH ("we/us" or "Leapsome")

Brunnenstraße 153

10115 Berlin

privacy@leapsome.com

We are registered with the commercial register at the local court of Charlottenburg under HRB 187546 B, represented by the managing directors Kajetan von Armansperg and Jenny von Podewils.

We understand that our website may be visited by users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. It is our understanding that by complying with the GDPR - the so-called “privacy gold standard” – we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.

2.2 Data Protection Officer

You can reach our appointed data protection officer:

by mail at:

Leapsome GmbH

- Data Protection Officer -

Brunnenstraße 153

10115 Berlin

Germany

or by e-mail at:

privacy@leapsome.com

2.3 Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR):

You have the right to request information about whether we process your personal data and to receive a copy of that data.

Right to Rectification (Art. 16 GDPR):

You have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR):

Also known as the "right to be forgotten," you can request that we delete your data under certain conditions (e.g., if the data is no longer necessary for the original purpose).

Right to Restriction of Processing (Art. 18 GDPR):

You can ask us to suspend the processing of your data (e.g., while we verify the accuracy of your data).

Right to Data Portability (Art. 20 GDPR):

You have the right to receive your data in a structured, commonly used, and machine-readable format, or to have it transferred directly to another controller.

Right to Withdraw Consent (Art. 7(3) GDPR):

If you have given us your consent to process your data, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

RIGHT TO OBJECT (Art. 21 GDPR):

1. Objection to Direct Marketing (Art. 21(2) GDPR): You have the right to object at any time to the processing of your personal data for direct marketing purposes (including profiling related to such marketing). If you object, we will no longer process your data for these purposes. No reasons are required.

2. Objection based on specific grounds (Art. 21(1) GDPR): You have the right to object to processing based on our "legitimate interests" (Art. 6(1)(f) GDPR) on grounds relating to your particular situation. In this case, we will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

How to Exercise Your Rights?

To exercise these rights, please contact us at privacy@leapsome.com. We usually respond within one month.

Right to Lodge a Complaint (Art. 77 GDPR)

If you believe that our processing of your data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

2.4 Processing of Data, Purpose, and Legal Basis

We process your personal data in compliance with the GDPR and the German Federal Data Protection Act (BDSG). Depending on the specific processing activity (described in detail below), we rely on one of the following legal bases under Art. 6(1) GDPR:

Consent (Lit. a): You have given us clear permission to process your data for a specific purpose (e.g., subscribing to our newsletter or accepting tracking cookies).
Performance of a Contract (Lit. b): The processing is necessary to provide our services to you or to take steps at your request prior to entering into a contract (e.g., processing a demo request or onboarding a new B2B client).
Legal Obligation (Lit. c): We are required by law to process or retain your data (e.g., tax and commercial retention laws for invoices).
Legitimate Interests (Lit. f): Processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests. We use this basis for activities like ensuring website security, B2B direct marketing, and product improvement.

Note on "Legitimate Interests": Whenever we rely on Art. 6(1)(f) GDPR, we have conducted a balancing test to ensure your rights are protected. You have a specific right to object to this processing (see "Your Rights" above).

2.5 Storing and Deleting Data

General Principle (Storage Limitation)

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected or as required by law. Once the purpose has been fulfilled, your data will be deleted or anonymized in accordance with regulatory requirements.

Statutory Retention Periods (German Law)

As a company based in Germany, we are subject to statutory retention obligations under the German Commercial Code (Handelsgesetzbuch - HGB) and the Fiscal Code (Abgabenordnung - AO). Even if you request deletion, we may be required by law to keep certain data:

10 Years: Accounting documents, invoices, booking vouchers, and financial records (e.g., invoices we sent you, payment records) (§ 147 AO).
6 Years: Commercial and business letters (e.g., emails, contract offers, support tickets that result in a business transaction) (§ 257 HGB).

Specific Retention Examples

To give you a clearer understanding, here are examples of how long we keep data:

Contact Requests (Demo / Sales Inquiries):

Prospects: If you request a demo or pricing information but do not become a customer, we retain your data for 3 years (based on the standard limitation period under German Civil Code, §§ 195, 199 BGB) to track our business history and prevent legal disputes, unless you object sooner.
Simple Inquiries: If you send a general inquiry (e.g., "Where is your office?"), we delete the email immediately after the conversation has ended and the matter is resolved.

Marketing & Newsletter Data:

We process your data for newsletters until you object the processing or withdraw your consent (unsubscribe).
Important: Even after you unsubscribe, we store your email address on a "Suppression List" (Blocklist). This is necessary to ensure we technically respect your wish not to be contacted in the future (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest).

Webinar & Event Participants:

We retain registration data for the duration of the event and a follow-up period (e.g., sending slides or recordings).
If you opted into further marketing during registration, we move your data to our general marketing database (see above). If not, we delete the participant list 6 months after the event closes.

Cookies and Analytics:

Session Cookies: Are deleted automatically when you close your browser.
Persistent Cookies (e.g., Google Analytics, LinkedIn Insights): The storage period depends on the specific cookie (ranging from 24 hours to 2 years). You can view and manage these specific durations at any time in our Cookie Consent Manager.

Social Media Interactions:

Messages you send us directly via platforms (e.g., LinkedIn InMail, Twitter DMs) are deleted by us 3 years after the end of the year in which the conversation finished, consistent with our record-keeping for business correspondence.
Note: We have no influence over how long the social media platform itself (e.g., LinkedIn/Microsoft, Meta) retains your data.

Server Log Files:

We limit storage to up to 30 days for security and debugging purposes, after which they are automatically deleted.

Legal Holds (Defense of Claims)

We reserve the right to retain data for a longer period if it is necessary for the establishment, exercise, or defence of legal claims (Art. 17(3)(e) GDPR). This applies specifically if we are involved in a legal dispute with you or anticipate such a dispute based on concrete evidence.

2.6 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form.

2.7 Recipients of Personal Data and International Data Transfers

To provide our website and marketing services, we share your data with selected third parties. We strictly limit this transfer to what is necessary and legally permitted.

Categories of Recipients

We share data with the following categories of recipients which act as service providers ("Processors"), who act strictly upon our instructions and are contractually bound to data protection standards (Art. 28 GDPR) or other recipients (“Controllers”):

Hosting & Infrastructure: Providers who host our website and databases (e.g., AWS, Google Cloud).
Marketing & CRM Tools: Platforms we use to manage leads, newsletters, and customer relationships (e.g., HubSpot).
Analytics Providers: Tools that help us understand website usage (e.g., Google Analytics).
Professional Advisors: Lawyers, tax advisors, or auditors, where necessary for our legal compliance.

International Data Transfers (Third Countries)

We process data primarily within the European Union (EU) / European Economic Area (EEA). However, some of our service providers (particularly software and cloud providers) are based in the USA or other countries outside the EEA.

When we transfer data to a "third country," we ensure an appropriate level of data protection through one of the following mechanisms:

Adequacy Decision (Art. 45 GDPR): We prioritize providers in countries recognized by the EU Commission as safe. For transfers to the USA, we rely on the EU-US Data Privacy Framework (DPF), provided the recipient is certified under this framework.
Standard Contractual Clauses (SCCs) (Art. 46 GDPR): If a provider is not certified under the DPF or is located in a country without an adequacy decision, we sign the EU Standard Contractual Clauses with them. We also implement additional security measures (such as encryption) where necessary or perform a Transfer Impact Assessment to protect your data.

2.8 Profiling and Automated Decision Making

We do not use automated decision-making including profiling when processing data concerning our website.

3.Data Processing on our Website, Marketing, Newsletter, Events, Demos

3.1 Server Logs / Web Server Security

Nature and purpose of data processing:

We collect data on each visit to our website https://www.leapsome.com/ ("Website") (so-called Server log files), which include the name of the Website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of device as well as name and version of the operating system, if a mobile end device is being used.

The collection and storage of server log files is necessary to ensure a trouble-free connection, usability, and functionality of our website and to evaluate the system safety and stability.

We also process your IP address to ensure that connections to our web server are not malicious.

Legal basis:

When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 sec. 1 lit f. GDPR based on our legitimate interest in quality assurance and website security.

Recipients:

The recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the service provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The server log files are automatically deleted after 6 months. Section 2.5 applies accordingly.

3.2 Website Analytics

Nature and purpose of data processing:

This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. For this purpose, your IP address is transmitted to a service provider using analysis cookies. For further information, please refer to Section 5 below.

Legal basis:

The processing is carried out with your consent according to Art. 6 sec. 1 lit. a GDPR.

Recipients:

The recipients of the data are processors in the EU and the United States. For this purpose, we have concluded the necessary data processing agreement under which the service providers are obliged to process the data only in accordance with our instructions.

Storage duration:

The data will be deleted after one year.

For more information and ways to manage your consent please see Section 5 below about cookies.

3.3 Newsletter and other forms of communication

Nature and purpose of data processing:

When registering for our newsletter or other forms of communication you have opted into (e..g, via one of the activities further laid down in 3.6), you have to provide an email address. In our newsletter we inform you about our services and products described on our Website. We also store the IP address, the device name, the mail provider as well as the date of registration. We also analyze how users consume our newsletter. We also enrich the collected data for efficiency, automation, personalisation, improval of customer relationships and data quality.

Legal basis:

The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 sec. 1 lit. a GDPR;Section 7 (2) No. 3 UWG). Art. 6(1)(f) for data enrichment

Recipients:

Transfer to third countries:

Storage duration:

We will process your personal information until your consent is revoked. Section 2.5 applies accordingly.

Revocation of consent:

If you do not want to receive any newsletters or other registered communications by us in the future and/or wish to object to the analysis of your data, please use the "unsubscribe" link in each newsletter or send us an email to privacy@leapsome.com.

3.4 Demo Request

Nature and purpose of data processing:

If you request an appointment for a web demo via our website, you have to provide an email address

We process your work email address and your name for the following purposes:

To provide the requested product demo: We use your email address to schedule, organize, and conduct the product demo you requested. This processing is necessary to organize/schedule and perform the requested demo.
For business insights: We analyze the domain of your work email and use information from thrid parties to better understand your company's potential needs and industry. This helps us to tailor the demo and our future offerings to you and to understand our B2B customers better and provide them with relevant information/demo.
For direct marketing: We will use your email address to send you information about products, relevant insights and services from Leapsome. You can object to this use at any time contacting us under privacy@leapsome.com.

An automated decision-making, including profiling, referred to in Article 22(1) GDPR is not taking place.

Legal basis:

The data processing as described above is based on the necessity to perform the requested demo based on Art. 6(1)(b) GDPR and our legitimate interest regarding the business insights and on (Art. 6(1)(f) GDPR) in connection with § 7 Abs. 3 UWG (applying to German B2B purchase prospects or clients) for direct marketing.

Recipients:

The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The data is stored only as long as it is necessary to achieve the purpose. This means it is stored as long as necessary to prepare, post-process and perform the appointment. Section 2.5 applies accordingly.

3.5 Content Download

Nature and purpose of data processing:

In order to make our downloadable content available to you, we collect personal data from you:a work email address, your name and the number of employees in your company. The purpose of the data processing is the personalized delivery of the requested content, data enrichment (with regard to your company) and for subsequent contact for marketing purposes(such as news on related topics, products & services of Leapsome). You can object to the use of your personal data for marketing purposes at any time contacting us under privacy@leapsome.com.

Legal basis:

The data processing as described above is based on the necessity to provide you with the requested content based on Art. 6(1)(b) GDPR and our legitimate interest regarding the business insights and on (Art. 6(1)(f) GDPR) in connection with § 7 Abs. 3 UWG (applying to German B2B purchase prospects or clients) for direct marketing.

Recipients:

Transfer to third countries:

Storage duration:

The data is stored only as long as it is necessary to achieve the purpose. Section 2.5 applies accordingly.

3.6 Contacting us (Chat or Email)

Nature and purpose of data processing:

If you send us an email or contact us via the chat function on our website, your email address and other information you provide are processed by us in order to provide you with an offer regarding our services or to work on your inquiry or to be able to contact you at a later time for follow-up questions.

Legal basis:

Depending on why you contact us your data is processed either only on the basis of our legitimate interest to offer efficient communications channels to the public (Art. 6 sec. 1 lit. f. GDPR), or on the basis of initiating or communicating under a new or an existing business relationship (legal basis Art. 6 sec. 1 lit. b. GDPR).

Recipients:

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

Your personal data will be deleted as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

3.7 Sales Contacts

Nature and purpose of data processing:

When you schedule a demo, download content, take a self-guided tour, register for virtual, in-person or other promotional events including vouchers), participate in event-related activities such as raffles, or contact us in other ways, we store the contact data provided in a structured form to organize our communications with you. Additionally, we may enrich contact data you provide to us with information available through publicly accessible sources or sources which disclose information based on their terms with you (e.g. networks such as LinkedIn).

Legal basis:

The data processing as described above is based on pre-contractual measures (Art. 6 sec. 1 lit. b GDPR) or on our legitimate interests in structuring and monitoring our sales process (Art. 6 sec. 1 lit. f GDPR).

Recipients:

Transfer to third countries:

Storage duration:

3.8 Slack Community

Nature and purpose of data processing:

In order to apply for our Slack community, you have to provide an email address, your name, your LinkedIn Profile URL, your job title and the number of employees in your company. Your personal data will be processed for the purpose of joining and administrating your Slack community account. We may also use the provided data to contact members of our Slack community through other channels, such as LinkedIn, to notify them of posts or events and send direct marketing messages about Leapsome products and services. This may include using third-party tools to automate communication based on the information you provided.You can object to the use of your personal data for marketing purposes at any time.

Legal basis:

The data processing as described above is necessary to perform the requested administrating of your Slack community account based on Art. 6(1)(b) GDPR and our legitimate interest regarding the business insights and on (Art. 6(1)(f) GDPR) in connection with § 7 Abs. 3 UWG (applying to German B2B purchase prospects or clients) for direct marketing.

Recipients:

Transfer to third countries:

Storage duration:

The data is stored for the duration of membership in the community. Users can delete their account at any time. Section 2.5 applies accordingly.

3.9 Refer a Friend

Nature and purpose of data processing:

In order to refer a friend and receive an invitation from our moderators, you have to provide an email address, your name, your friend’s email address and your friend’s name. The process looks like this: The referring user enters their own data and the friend's contact details. The referrer is informed that the friend will be contacted and that they must have the friend's consent for this. Afterwards the friend receives an automatically generated email, informing him/her that they have been referred. This email contains a link through which the friend must explicitly consent to be contacted and further process their data to receive the offer.

Legal basis:

The data processing is based on Art. 6(1)(b) for the referrer (initiating a or communicating under an existing business relationship) and Art. 6(1)(a) for the referred friend).

Recipients:

Transfer to third countries:

Storage duration:

The data is stored for the duration of the contract or deleted after revocation. Section 2.5 applies accordingly.

3.10 Personalized Advertisement

Nature and purpose of data processing:

We use cookie-based technologies that help us deliver more effective and personalized advertising.

This allows us to target visitors to our online offering for the display of advertising (so-called "targeted advertising"). In addition, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (so-called "conversion tracking"). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (so-called "retargeting").

Legal basis:

The processing is carried out with your consent according to Art. 6 sec. 1 lit. a GDPR.

Storage duration:

3.11 Event Registration, Webinars, and Related Marketing

Nature and purpose of data processing:

When you register for our events, webinars, or virtual tours (collectively "Events"), we process the personal data you provide (e.g., name, email address, company name) to organize and conduct the Event. This includes sending you participation links, reminders, and relevant materials and related communications.

Additionally, we use your contact details to: Invite you to future similar events and offers ("Direct Marketing"); allow your participation in optional activities such as raffles or the receipt of vouchers or gifts from us; enrich your profile with publicly available company and behavioral data (e.g., via third-party providers like Clearbit) to better understand your business needs and tailor our communications; Contact you personally via professional networks (e.g., LinkedIn) to facilitate networking or discuss event-related topics.

Legal Basis

Event Participation: The processing of data necessary for conducting the Event is based on Art. 6(1)(b) GDPR (performance of a contract).
Marketing, Raffles, Gifting, LinkedIn Outreach and Enrichment: The processing for direct marketing purposes, raffles, gifting and data enrichment is based on our legitimate interest under Art. 6(1)(f) GDPR. Our legitimate interest lies in maintaining our business relationship with you, optimizing our sales processes, and promoting relevant products and services.

Right to Object: You may object to the processing of your data for marketing and enrichment purposes at any time with future effect by clicking the "unsubscribe" link in our emails or contacting us directly. In this case, your data will no longer be used for these purposes.

Storage duration:
We retain your event registration data for the duration of the event and a subsequent period of 12 months to provide follow-up materials and inform you about similar future events. After this period, if no further interaction has occurred, your data will be deleted. We retain personal data for direct marketing purposes (e.g. for leads and prospects) for 24 months from the last meaningful interaction (e.g., email open, website visit). If no engagement occurs within this period, the data is automatically deleted or anonymized.

Recipients:

Transfer to third countries:

3.12 Event Photography and Videography

Nature and purpose of data processing:

At our events, we may take photographs and make video recordings. We process these recordings which could also contain you to:

Visually document the event for internal reporting and historical archiving.

Conduct public relations work and present our company activities to the public.

Illustrate our articles on our website, intranet, and social media channels (e.g., LinkedIn, Instagram).

Legal basis:

The processing of your personal data in the form of images (and potentially voice in videos) is based on the following legal bases:

Legitimate Interest (Art. 6 para. 1 lit. f GDPR): This is our primary legal basis for overview shots, photos of large groups, photos where individuals appear merely as "accessories" to the location, and photos capturing the general atmosphere of the event. Our legitimate interest lies in the effective communication of our business activities and event documentation. We take care to ensure that your interests do not override ours by avoiding unflattering depictions and offering opt-out mechanisms on-site.
Consent (Art. 6 para. 1 lit. a GDPR): In specific cases—such as posed close-up portraits, individual video interviews, or if you are specifically highlighted for an advertising campaign—we will obtain your explicit consent (e.g., via a checkbox during registration or a written release form).

Recipients of Data and Third-Country Transfer
Within our company, the departments responsible for communications and marketing have access to the data. Additionally, data may be transferred to:

Service Providers: Professional photographers or agencies commissioned by us to document the event. These are contractually bound to process data only according to our instructions.

Social Media Platforms: If we publish images on social networks (e.g., LinkedIn, Facebook, Instagram), data is transmitted to the operators of these platforms. Please note that these platforms may process data on servers located in the USA (a "third country"). Where we have control, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses); however, we have no influence over the further processing of data by the platform operators once published.

Storage Duration

Images and recordings are stored as long as they are necessary for the purposes of our public relations work and documentation.

General Documentation: Images are typically kept in our archive permanently for historical company records unless you object to their processing.

Published Material: Photos published on social media or our website remain public until the publication is removed (e.g., because the content is outdated or upon your request).

Specific Rights regarding Images/Video
In addition to your general rights under the GDPR, the following applies specifically to our event documentation via photo/video:

Right to Object (Art. 21 GDPR): For processing based on Legitimate Interest (Art. 6(1)(f)), you have the right to object at any time. If you see a photo of yourself in our publications that you wish to have removed, please contact us. We will delete the photo or blur your image immediately, provided there are no compelling legitimate grounds for us to continue processing (e.g., legal claims).
Right to Withdraw Consent (Art. 7(3) GDPR): For processing based on Consent (Art. 6(1)(a)), you can withdraw your consent at any time with effect for the future. This will not affect the lawfulness of processing based on consent before its withdrawal.

3.13 Co-Hosted Webinars and Events

Nature and purpose of data processing

From time to time, we host webinars or events jointly with third-party partners ("Co-Hosts"). When you register for such a co-hosted event, the following applies:

a. Participation and Logistics

To organize and deliver the webinar (e.g., sending you the Zoom link, reminders, and the recording), we process your registration data (Name, Email, Job Title, Company).

Legal Basis: Performance of a Contract (Art. 6(1)(b) GDPR) – your registration is the contract to attend the event.

b. Sharing Data with Co-Hosts

On the registration form, we will list the specific Co-Host(s) involved in that event. If you give your explicit consent (checkbox: [ ] "I agree to Leapsome sharing my contact details with [Partner 1] and [Partner 2] for their own marketing purposes. You can withdraw your consent at any time. For more details, see our Privacy Notice.”), we will share your registration data with the Co-Host so they can contact you regarding their own products and services or other webinars etc..

Legal Basis: Consent (Art. 6(1)(a) GDPR).
Optional: If you do not consent to share your data, you can still attend the webinar. The sharing of data is optional.

Independence of the Co-Host Once we have securely transferred your data to the Co-Host based on your consent, the Co-Host becomes an independent Data Controller for any further processing.This means the Co-Host is solely responsible for complying with applicable laws regarding their marketing communications to you.

Specific Rights regarding Co-Hosted Webinars and Events
If you wish to withdraw your consent or opt-out of the Co-Host’s marketing in the future, please contact the Co-Host directly or use the "unsubscribe" link in their emails.

4. Cookies

Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.

You can find more information on cookies that we use here.

5. Data Processing on our Social Media Pages

We operate pages on the following social media channels:

Facebook

www.facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to: https://www.facebook.com/policy.php

www.linkedin.com or mobile app by LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please refer to:

https://www.linkedin.com/legal/privacy-policy

Twitter

www.twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please refer to:

https://twitter.com/en/privacy

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data.

When using Facebook, LinkedIn or Twitter data may also be processed outside the EU.

5.1 Data Processing and Legal Basis

On our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 sec. 1 lit. a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 sec. 1 lit. f GDPR).

5.2 Facebook

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at: https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.

6. Changes to our privacy statement

We reserve the right to adapt this privacy statement so that it always complies with the current legal requirements or to implement changes to our services in the privacy statement, e.g., when introducing new services. The current data protection declaration applies to every visit of the website.

‍

Version [V. 1.9, last updated March, 2026].