Privacy policy of the Join GmbH

3.3 Cookie Script (join.de, m365.join.de, tourismus.join.de und ki.join.de)

We use the consent tool Cookie Script from the provider Objectis Ltd, Laisves st. 60, LT-05120 Vilnius, Lithuania, to manage your settings and document the consent of users of our services. We process your personal data as follows:

Personal data:

• The choice (accept or decline)
• IP address (last digits after ‘.’ are set to 0)
• Date and time of consent/rejection
• Page on which consent was given/declined
• The browser agent
• Anonymous key
• The key is stored together with the consent status in the browser as a first-party cookie called ‘CookieScriptConsent’ in JSON-encrypted form. This information is later used by the service to remember the selection. The key can also be used as proof of consent. The key is not considered personally identifiable information.

Purposes of the processing:

• Obtaining, managing and documenting consent behaviour

Legal basis:

• Art. 6 para. 1 lit. c GDPR

Recipient of the data:

• Internal departments
• Objectis Ltd

Aufbewahrungsfrist:

• 1 month

Revocation:

• You can change your setting in the cookie settings at any time.

3.4 Microsoft Clarity (join.de, m365.join.de, tourismus.join.de und ki.join.de)

We use Microsoft Clarity. Microsoft Clarity is a Microsoft process that enables user analyses based on a pseudonymised user ID and thus on the basis of pseudonymised data, such as the analysis of data on mouse movements or performance data on certain Internet presentations.

Personal data (pseudonymised form):

• Internet pages visited, interest in content
• Meta/communication data
• Access times
• IP addresses
• Location data
• Cursor and scroll movements

We have made settings to ensure that data collection to and by Microsoft is pseudonymised, in particular in the form of IP masking (pseudonymisation of the IP address).

Purposes of the processing:

• The purposes of processing are tracking, remarketing (measuring the effectiveness of marketing measures), conversion measurement, interest-based marketing and reach measurement.

Legal basis:

• The legal basis for the processing of personal data using Microsoft Clarity is the consent of the user Art. 6 para. 1 lit. a GDPR.

Recipient of the data:

• Internal departments
• Microsoft

Microsoft Clarity is offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, website:https://clarity.microsoft.com; privacy policy: https://privacy.microsoft.com/de-de/privacystatement, there is an opt-out option: https://choice.microsoft.com/de-DE/opt-out.

Transfers to third countries are possible. Microsoft is certified in accordance with the Data Privacy Framework, which is why an adequacy decision applies to transfers to third countries.

Retention period:

• The data is stored for 1 year.

3.5 Google Tag Manager (join.de, m365.join.de, tourismus.join.de und ki.join.de)

We manage website tags (website code) with Google Tag Manager. The Google Tag Manager is used in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in managing and continuously improving our services and reducing your loading time. Google Tag Manager only implements a website code. Google Tag Manager itself does not generate any cookies and does not collect any personal data. It merely integrates the website code that we have stored elsewhere and that can be used to collect data. It is therefore only used to facilitate the management of the respective code, but does not itself access the data processed by the code.

3.6 Google Analytics (join.de, m365.join.de, tourismus.join.de und ki.join.de)

On this website we use Google Analytics to analyse our website. Google Analytics is provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Google is certified in accordance with the Data Privacy Framework, which is why an adequacy decision applies to third country transfers. We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Personal data:

• IP address
• Referrer URL
• Website access (frequency and duration of visit)

Purposes of the processing:

• Analysing the flow of visitors to our website
• Evaluation of website use

Legal basis:

• Art. 6 para. 1 lit. a GDPR

Recipient of the data:

• Internal departments
• Google Ireland Ltd. and Google LLC

Retention period:

• The lifespan of cookies depends on their respective purpose. The purposes and lifespan of the respective cookies can be found in the cookie settings.

Revocation:

• You can change your setting in the cookie settings at any time.

You can find more information about Google Analytics here: https://policies.google.com/privacy

3.7 Google Ads (join.de, m365.join.de, tourismus.join.de und ki.join.de)

We use the Google Ads Conversion service to draw attention to our offers with the help of advertising material (so-called Google Ads) on external websites. We are interested in showing you adverts that are of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website with adverts based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called ‘Google Ads’ or on other websites). The interaction of users on our website is analysed for this purpose. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record visits. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.

Personal data:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
• Surfing behaviour (searched keyword, clicked ad, surfing behaviour on our website)

Legal basis for processing:

• The data processing is carried out in the interest of an appealing presentation of our online offers on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Recipients of the data:

• Internal departments
• Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland: By integrating Ads Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.

Transfers to third countries, in particular to the USA, are possible. Google is certified in accordance with the Data Privacy Framework, which is why an adequacy decision applies to third country transfers.

Retention period:

• Lifespan of cookies: up to 180 days (this only applies to cookies set via this website).

Revocation:

• You can change your setting in the cookie settings at any time.
• You can also deactivate, manage or delete all cookies in your browser.

3.8 Dealfront Leadfeeder (join.de, m365.join.de, tourismus.join.de und ki.join.de)

Purpose of data processing:

We use the technologies of Dealfront (Dealfront Finland Oy as part of Dealfront Group GmbH) to analyse visitors and visitor behaviour on our website. The analysis of visitor behaviour is carried out using first-party cookies from Dealfront.

The results from the analysis of visitors and visitor behaviour should help us to understand which companies (B2B) visit our website and to identify potential customers for sales and to be able to carry out more targeted marketing measures.

IP addresses and session data are collected in order to be able to analyse visitors and visitor behaviour.

At the beginning of the session, the data is compared with an extensive whitelist of known companies. As a result, data is enriched with associated information such as the company name or industry affiliation.

In order to increase the data protection of website visitors, IP addresses are processed by Dealfront in an anonymised manner. The IP addresses and session data are automatically anonymised immediately after collection and comparison with the database.

Only abbreviated values are stored instead of the actual IP addresses and used for the analysis. No actual IP addresses are stored (not even in logs). By anonymising the IP addresses, no connection to external IP address information can be established, making it impossible to identify an individual person.

Personal data:

• IP addresses and session data, which are anonymised immediately after collection and comparison (see above)

Legal basis for processing:

If we process personal data for the collection of data, this is done on the basis of Art:

• 6 para. 1 lit. a GDPR -> with consent via the Consent Manager for the collection of the data

If a match has been made from the anonymised IP addresses and the comparison of these with an extensive whitelist of known companies, we process publicly visible personal data (e.g. contact data published on the Internet) for our marketing and sales measures on the following basis:

• 6 (1) lit. f GDPR -> legitimate interest in sales and marketing when using the data for marketing and sales measures

Recipient of the data:

• internal department
• Dealfront Finland Oy as part of Dealfront Group GmbH

Retention period:

• Two years after collection

Revocation:

• To prevent the processing of personal data, website visitors can install and configure appropriate ad blockers or use no-script plugins in their browser. Consent to the processing of data can be changed at any time via the cookie settings (Consent Manager).
• The deletion of data can be requested by sending a message to pr*****@*******nt.com

   

  .

3.9 Adobe Fonts (join.de, m365.join.de, tourismus.join.de und ki.join.de)

Our website uses so-called web fonts from Adobe Typekit for the standardised display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you access our pages, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. This gives Adobe knowledge that our website has been accessed via your IP address.
The use of Adobe Typekit Web Fonts is necessary to ensure a uniform typeface on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information about Adobe Typekit Web Fonts at: https://www.adobe.com/de/privacy/policies/typekit.html. You can find Adobe’s privacy policy at: https://www.adobe.com/de/privacy/policy.html

4 Newsletter (join.de, m365.join.de, tourismus.join.de und ki.join.de)

In today’s world, information changes at lightning speed. Our newsletter, created especially for you, ensures that you stay informed and get relevant industry trends and innovative solutions delivered straight to your inbox. Whether it’s the latest technologies, industry-leading insights or company news, the Join newsletter brings you all that and more. You can register for our newsletter via our website. Registration for the newsletter is done using the so-called double opt-in procedure. If you have registered with your e-mail address, you will then receive an e-mail to confirm your registration. Registration for the newsletter is voluntary.

Personal data:

• Name
• E-mail address
• IP address
• Date and time of newsletter retrieval

Purposes of the processing:

• Dispatch of newsletters

Legal basis:

• Art. 6 para. 1 lit. a GDPR

Recipient of the data:

• Internal departments

Retention period:

• The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. As soon as you unsubscribe from the newsletter, your data will be deleted immediately.

Notes and cancellation:

• Your declaration of consent also expressly includes the processing of e-mail interaction data (e.g. opening and click rates) by means of a tracking pixel. Changes and revocation of the declaration of consent can be made with effect for the future via the Preference Centre. The link for this can be found at the end of every email with advertising content.

We use this data exclusively for sending the requested information and offers. Newsletter2Go is used as the newsletter software. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider that has been selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

You can find more information here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/

5 Social Media

5.1 Facebook

Meta (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as Meta) as the operating company of Facebook is solely responsible for the processing of personal data when you visit our Facebook page (hereinafter referred to as Fanpage). We would like to point out that you use our fan page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, liking, sharing). When you visit our fan page, your data will be processed as follows:

Personal data:

• We do not process any personal data when you visit our fan page. In particular, we do not operate the servers on which the content of the fan page and the associated communication are stored and processed.
• If you communicate with us via the fan page, we process your message and can view your user name and your current profile picture.
• When you access our fan page, your IP address is transmitted to Meta. According to Meta, this IP address is anonymised. Meta also stores information about users’ end devices (e.g. as part of the ‘login notification’ function). Meta may also transfer the data to countries outside the European Union. In particular, it is conceivable that some of the personal data collected may also be processed outside the European Union by Meta Platforms, Inc. based in the USA. We ourselves do not pass on any personal data.
• Meta describes which data Meta processes in detail, for what purposes and on what legal basis, and which contact and configuration options exist, in the legal basis for processing data at https://www.facebook.com/about/privacy/legal_bases and in Facebook’s data policy. This applies to all offers of Meta products.
• We do not know how Meta uses the personal data generated from visits to fan pages for its own purposes and to what extent Meta may assign certain data to specific users.

Purposes and legal basis of processing:
We operate the fan page to present content to you so that you can communicate with us or to link you to other interesting online content. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.

Storage period:
We delete the messages transmitted in connection with our fan page as soon as the purpose of the storage is fulfilled, you request us to delete them or the purpose for the storage no longer applies. Messages that are subject to retention periods under commercial or tax law are stored for 6 years.

Processing of page insights:

• Meta provides us with anonymised page summaries for our fan page (so-called page insights). Page insights are an overview of all key figures within a certain period of time. For example, we can learn more about our target group and find out which content is best received.
• We can only use Insights to carry out anonymous analyses based on aggregated data on the use of our fan page. We do not collect any other data from visits to our fan page. This processing of personal data is carried out by Meta and us as joint controllers.
• If you are logged in to Facebook, a cookie with your Facebook ID is stored on your device. This enables Meta to understand that you have visited our fan page and how you have used it.
• If you want to avoid this, you should log out of Facebook or deactivate the ‘stay logged in’ function and delete the cookies on your device. This will delete Facebook information that can be used to directly identify you. This allows you to use our fan page without revealing your Facebook ID. If you access interactive functions on the fan page (‘Like’, comment, share, send messages, etc.), a Facebook login screen will appear. Once you have logged in, you will once again be recognisable to Facebook as a specific user.

Purposes and legal basis of the processing:

• The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in analysing visits to our fan page and improving our fan page based on these findings.
• We have entered into an agreement with Meta on processing as joint controllers, which sets out the distribution of data protection obligations between us and Meta. The agreements with Meta on joint responsibility essentially mean that requests for information and the assertion of other data subject rights, in particular objections, are sensibly asserted directly with Meta. This is because, as the provider of the social network, Meta alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. Should our support nevertheless be required, we can be contacted at any time.
• Your right to assert corresponding claims directly against us remains unaffected.
• Details on the processing of personal data for the creation of Page Insights and the main contents of the agreement concluded between us and Meta can be found in the information on Page Insights.

If you have any further questions regarding the processing of your personal data, please contact Meta’s data protection officer using the form provided or our data protection officer using the contact information above.

Further information can be found in Facebook’s data policy.

5.2 Instagram

As the operating company of Instagram, Meta (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as Meta) is solely responsible for the processing of personal data when you visit our Instagram page (hereinafter referred to as the fan page). We would like to point out that you use our fan page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, liking, sharing). When you visit our fan page, your data is processed as follows:

Personal data:

• We do not process any personal data when you visit our fan page. In particular, we do not operate the servers on which the content of the fan page and the associated communication are stored and processed.
• If you communicate with us via the fan page, we process your message and can view your user name and your current profile picture.
• When you access our fan page, your IP address is transmitted to Meta. According to Meta, this IP address is anonymized. Meta also stores information about users’ end devices (e.g. as part of the “login notification” function). Meta may also transfer the data to countries outside the European Union. In particular, it is conceivable that some of the personal data collected may also be processed outside the European Union by Meta Platforms, Inc. based in the USA. We ourselves do not pass on any personal data.
• Meta describes which data Meta processes in detail for which purposes and on which legal basis and which contact and configuration options exist in the legal basis for the processing of data at https://www.facebook.com/about/privacy/legal_bases and in Instagram’s privacy policy. This applies to all offers of Meta products.
• We are not aware of how Meta processes the personal data generated from visits to fan pages.

Purposes and legal basis of processing:

• We operate the fan page to present content to you so that you can communicate with us or to link you to other interesting online content. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.

Storage duration:

• We delete the messages transmitted in connection with our fan page as soon as the purpose of the storage is fulfilled, you request us to delete them or the purpose for the storage no longer applies. Messages that are subject to retention periods under commercial or tax law are stored for 6 years.

Processing of page insights:

• Meta provides us with anonymized page summaries for our fan page (so-called page insights). Page insights are an overview of all key figures within a certain period of time. For example, we can learn more about our target group and find out which content is best received.
• We can only use Insights to carry out anonymous evaluations based on aggregated data on the use of our fan page. We do not collect any other data from visits to our fan page. This processing of personal data is carried out by Meta and us as joint controllers.
• If you are logged in to Instagram, a cookie with your Instagram ID is stored on your device. This enables Meta to understand that you have visited our fan page and how you have used it.
• If you want to avoid this, you should log out of Instagram or deactivate the “stay logged in” function and delete the cookies on your device. This will delete Instagram information that can be used to directly identify you. This allows you to use our fan page without revealing your Instagram account. If you access interactive functions on the fan page (like, comment, share, send messages, etc.), an Instagram login screen will appear. After logging in, you will once again be recognizable to Instagram as a specific user.

Purposes and legal basis of processing:

• The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in evaluating visits to our fan page and improving our fan page based on these findings.
• We have entered into an agreement with Meta on processing as joint controllers, which sets out the distribution of data protection obligations between us and Meta. The agreements with Meta on joint responsibility essentially mean that requests for information and the assertion of other data subject rights, in particular objections, are sensibly asserted directly with Meta. This is because, as the provider of the social network, Meta alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. Should our support nevertheless be required, we can be contacted at any time.
• Your right to assert corresponding claims directly against us remains unaffected.
• Details on the processing of personal data for the creation of Page Insights and the main contents of the agreement concluded between us and Meta can be found in the information on Page Insights.

If you have any further questions regarding the processing of your personal data, please contact Meta’s data protection officer using the form provided or our data protection officer using the contact information above.

Further information can be found in Instagram’s privacy policy.

5.3 YouTube

YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, is responsible for our YouTube channel. YouTube LLC is part of the Google Group and is represented by Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit our YouTube channel, your personal data will be processed by YouTube or Google as follows:

Personal data:

• We do not process any personal data when you visit our YouTube channel. In particular, we do not operate the servers on which the content of the channel and the associated communication are stored and processed.
• If you communicate with us via the YouTube channel, we will receive your message including your user name.

Purpose of the processing:

• Presentation of the content published via the YouTube channel
• Communication with users, e.g. by following the channel, commenting on or sharing the content
• Linking to other online content that may be of interest to users of the site

Legal basis:

• Art. 6 para. 1 lit. f GDPR.

In the relationship between us and YouTube, the terms of use for YouTube (including the other terms, guidelines and pages linked therein) specify which of them fulfills which obligations under the GDPR.

Storage period:

• We delete the messages transmitted in connection with our profile as soon as the purpose of the storage has been fulfilled, you request us to delete them or the purpose for the storage no longer applies. Messages that are subject to retention periods under commercial or tax law are stored for 6 years.

Further information on the processing of your personal data by YouTube or Google can be found here: https://policies.google.com/privacy

5.4 XING

For our XING page, we use the technical platform and services of News Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, as the operator of XING. We would like to point out that you use our XING page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our XING page, your personal data will be processed as follows:

Personal data:

• We do not process any personal data when you visit our XING page. In particular, we do not operate the servers on which the content of the page and the associated communication are stored and processed.
• If you communicate with us via XING, we will receive your message including your name and profile picture.
• When you visit our XING page, XING collects, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the XING pages, with statistical information about the use of the XING page. XING provides more information on this under the following link: https://www.xing.com/terms
• The data collected about you in this context will be processed by XING and may be transferred to countries outside the EU.
• If you are currently logged in to XING as a user, a cookie with your XING ID is stored on your device. This enables XING to track that you have visited this page and how you have used it. This also applies to all other XING pages. If you want to avoid this, you should log out of XING or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, XING information that can be used to directly identify you will be deleted. This allows you to use our XING page without revealing your XING ID. If you access interactive functions on the page (like, comment, share, message, etc.), a XING login screen will appear. Once you have logged in, you will once again be recognizable to XING as a specific user.

You can find out what information XING receives and how it is used in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

5.5 LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is solely responsible for the processing of personal data when you visit our LinkedIn page. When you visit our LinkedIn page, your personal data is processed by LinkedIn as follows:

Personal data:

• We do not process any personal data when you visit our LinkedIn page. In particular, we do not operate the servers on which the content of the profile and the associated communication are stored and processed.
• If you communicate with us via LinkedIn, we will receive your message including your profile.

Processing of page insights
When you visit our LinkedIn page, follow the page or engage with the page, LinkedIn provides us with statistics and insights for our page in anonymized form, which we use to gain insights into the types of actions people take on our page (so-called “Page Insights”). We do not receive any personal data from the Page Insights, nor can we assign the information received to individual accounts. This processing of personal data is carried out by LinkedIn and us as joint controllers.

Purpose of the processing:

• The processing serves our legitimate interest in evaluating visits to our site and improving our site on the basis of these findings.

Legal basis:

• Art. 6 para. 1 lit. f GDPR.

We have entered into a joint controllership agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. Details on the processing of personal data for the creation of Page Insights and the main contents of the agreement concluded between us and LinkedIn can be found here: https://legal.linkedin.com/pages-joint-controller-addendum

Further information on the processing of your personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

6 Service providers, suppliers and customers

Most of our service providers, suppliers and customers name one of their employees as a contact person. However, the effort involved in making arrangements without a designated contact person is disproportionately high and there is a risk of misunderstandings. There is therefore a legitimate interest in this processing. We process the contact details of the contact persons as follows:

Personal data:

• Name
• Company, company address
• Function, position
• Telephone number, fax number
• E-mail address

Purposes of the processing:

• Agreements on commissioned services/deliveries

Legal basis:

• Art. 6 para. 1 lit. f GDPR

Source of the data:

• Notification by the contact person themselves
• Notification by another office of the service provider/supplier/customer

Recipient of the data:

• Management and internal departments

Retention period:

• The data is archived after the order has been fulfilled.
• The data in the archive will be deleted after 10 years.

7 Applicants

Applicants can send us their application in paper form or by e-mail. When you apply to us, we process the following data about you:

Personal data:

• Data that you send with your application
• We process the personal data that we receive from you as part of your application. This is the data that you make available to us as part of your application, in particular by sending us your application documents and the information you provide in interviews.
• The processing of the data is necessary for the application process. Participation in this is not possible without the provision of the data.

Purposes of the processing:

• Decision on recruitment

Legal basis:

• Art. 88 GDPR in conjunction with. §26 BDSG
• Art. 6 para. 1 lit. a GDPR (consent to longer retention of documents)

Recipient of the data:

• Management and internal departments, forwarding to other branches if necessary

Retention period:

• Upon recruitment: 10 years after the end of your employment with us
• Upon rejection: 6 months after rejection (unless you consent to longer retention)

8 Testing the voice agent via ki.join.de

Purpose of data processing:

We provide a test function for the voice agent on our website. Personal data is collected for testing the voice agent.

In addition, the call is recorded to improve quality if consent has been given.

The personal data collected will be used for sales activities of Join GmbH with your express consent. If you have given your consent, we will contact you by telephone after you have used the test function.

You can avoid the collection of data by not using the test function of the voice agent.

Personal data:

• Telephone number
• Contact details (name, email address)
• Information that you transmit via voice agent

When using the test function of the voice agent, we ask you not to transmit any sensitive categories of personal data (such as: ethnic origin, political opinion, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, data on sex life or sexual orientation).

Legal basis for processing:

If we process personal data in this context, this is done on the basis of Art:

• 6 para. 1 lit. a GDPR -> consent
• Order processing contracts have been concluded with subcontractors.

Recipient of the data:

Intern:

• Internal department

External:

• Eleven Labs Inc, 169 Madison Ave #2484, New York, NY 10016, United States
  Purpose: Hosting AI-supported speech synthesis services
• Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland
  Purpose: Telephony
• Microsoft Ireland Operations Limited, One Microsoft Place, D18 P521 Dublin, Ireland
  Purpose: LLM (Large Language Model) Service
• Google Cloud – Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland
  Purpose: LLM (Large Language Model) Service
• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
  Purpose: System hosting

When using the service, data is transferred to third countries.

Retention period:

90 days after collection

Revocation:

The revocation of consent and the deletion of data can be requested by e-mail to da*********@**in.de.

9 Laura – AI assistance

Purpose of processing:

Personal data is processed in order to deal with your enquiry.
In addition, the conversation is recorded for quality improvement purposes, provided that express consent has been given.
You can avoid data being collected by the AI assistant ‘Laura’ by not using the AI assistant ‘Laura’ service and contacting us by email.

Personal data:

• Contact details (name, email address, telephone number)
• as well as all information that you voluntarily provide to us in conversation with the AI assistant Laura
• Voice data (speech-to-text)

We ask that you do not submit any sensitive categories of personal data (such as ethnic origin, political opinion, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sex life or sexual orientation).

Recipients of the data:

Internal:

• Internal department

External:

• Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, United States
  Purpose: Hosting AI-powered speech synthesis services
• Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland
  Purpose: Telephony
• Microsoft Ireland Operations Limited, One Microsoft Place, D18 P521 Dublin, Ireland
  Purpose: LLM (Large Language Model) service
• Google Cloud - Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland
  Purpose: LLM (Large Language Model) service
• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
  Purpose: System hosting

The use of the AI assistant ‘Laura’ involves data transfer to third countries.

When transferring data to third countries outside the European Economic Area (e.g. the USA), we ensure that an adequate level of data protection is guaranteed by means of appropriate safeguards, in particular standard contractual clauses in accordance with Art. 46 GDPR.

Automated decision-making:

The AI assistant ‘Laura’ uses automated processes for conversation processing, but no automatic individual decisions with legal effect or comparable significance are made (Art. 22 GDPR).

Retention period:

• 90 days after collection.

Withdrawal:

Withdrawal of consent and deletion of data can be requested by emailing da*********@**in.de.

10 Video surveillance

Visitors to Join GmbH can be video-monitored in the entrance area.

Personal data:

• Video recordings

Purpose of processing:

• Video surveillance is carried out for your protection, primarily to prevent criminal offenses and to exercise domiciliary rights, if necessary to assist in the prosecution of criminal offenses committed by law enforcement authorities.

Legal basis:

• Art. 6 para. 1 lit. f GDPR
• § 4 para. 1 sentence 1 no. 2, 3 BDSG

Recipients:

• Authorized employees
• Authorities entitled to receive information after prior written request

Retention period:

• 7 days, in the case of detected criminal offenses, data is retained until the conclusion of the criminal prosecution.

11 Your rights

You have the following rights with regard to the processing of your personal data:

• Information about the personal data stored about you (Art. 15 GDPR)
• Correction of incorrect data (Art. 16 GDPR)
• Erasure, if this is permitted by law (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Receipt of your data in a structured, commonly used and machine-readable format (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR) by email to: ko*****@**in.de
• Complaint to a supervisory authority (Art. 77 GDPR)
• Some processing operations are based on your consent (e.g. for processing a request). In these cases, you have the right to withdraw your consent at any time with effect for the future.

Last Update: September 2025