Data Protection Privacy Policy

The protection of your personal information, e.g., when you visit our website, when you contact us and when you enter into a contractual relationship with us regarding our services is of the utmost importance to us.

Below you will find information on what data we collect when you visit our homepage, when you fill out our web forms or use other functions on our website, and how and for what purpose we process this data. We collect, process and use personal information only in accordance with the following principles and in compliance with the applicable legal provisions.

Questions about privacy in connection with our website and the services offered through our website can be directed to us using the contact information in section 1, directly below.

1.   Responsible party and data protection officer

This privacy information applies to the data being processed by:

  eGroup People & Culture GmbH

  Address:                           Hauptstraße 8, 10827 Berlin

  Email:                              apply@egroup.io

  Phone:                              +49 30 609 851 750

  (hereinafter also referred as “eGroup” or “we”).

You can contact data protection officer here: Email:                           dataprivacy@egroup.io

2. Collection and storage of personal data and the nature and intended use

1.   Hosting

This website is hosted by Webflow's Content Delivery Network (CDN). This is a service of Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

The Webflow CDN makes duplicates of a website's data available on various Webflow servers distributed around the world. This results in faster website loading time, higher reliability, protection against brute force attacks and increased protection against data loss. A large part of the elements and the source code of this website are retrieved from the Webflow CDN when the page is called up. Through this retrieval, your IP address is transferred anonymously to Webflow's servers in other EU countries and stored there for 24 hours. This anonymous storage for 24 hours serves as protection against brute force attacks. Tracking or other processing of this data does not take place. The use of the Webflow CDN is in the interest of a higher reliability of the website, increased protection against data loss, protection against brute force attacks and a better loading speed of this website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

We have concluded an Order Processing Agreement with Webflow on the basis of Art. 28 GDPR in conjunction with the EU standard contractual clauses. The current privacy policy of Webflow can be found here.

Our hoster Webflow Inc. uses Amazon Cloudfront as Content Delivery Network (CDN), a service of Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. When using Amazon Cloudfront, data is not stored centrally on a single server, but is made available within a server network by the server that can guarantee the fastest loading time for the end user. This ensures fast loading times as well as increased downtime protection. Some of the images and videos embedded on this website are obtained from Amazon Cloudfront when the page is accessed. By calling up this page, information about your usage (such as IP address) is transmitted to Amazon's servers and stored there. Due to the increased downtime, the low loading times and the required Webflow development platform, which is only reasonably possible in the context of using Cloudfront, the data storage is based on a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. You can find out more information about the data protection measures of Amazon Web Services here.

The privacy policy is available here.

Amazon Web Services Inc., based in the USA, uses the standard contractual clauses defined by the European Commission, which are intended to ensure compliance with the level of data protection applicable in the EU.

2. While visiting our website.

When you visit our website, the browser used on your end device automatically transmits information to the server of our platform. This information is temporarily stored in a so-called log file. The following information is recorded without requiring any action on your part:

·       the IP address of the requesting end device,

·       the date and time of access,

·       the name and URL of the retrieved file,

·       the website from which access is made (so-called referrer URL),

·       the browser used and, if necessary, the operating system of your computer and the name of your Internet access provider.

The above-listed data will be processed by us for the following purposes:

·       to ensure a smooth connection of the website,

·       to guarantee a user-friendly experience of our website,

·       to evaluate system safety and stability,

·       for other administrative purposes.

The data is stored in server log files in a format that allows the identification of the persons concerned, for a maximum period of 24 hours, unless a security-relevant event occurs (e.g., a DDoS attack). When a security-relevant event occurs, server log files are stored until the security-relevant event has been eliminated and fully resolved.

The legal basis for data processing is our legitimate interest, which results from the above listed purposes for data collection. Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person. The provision of this data is not required by law or contract or necessary for the conclusion of a contract. You are not obligated to provide us with any personal information. If you choose to not provide such information, it will not be possible to access our website.

3.   When contacting us

We offer you the option of contacting us via a contact form which you can find by clicking on "Apply" at the top of our website. You will need to provide us with your name, e-mail address, telephone number and a curriculum vitae. Further application documents may be provided/uploaded voluntarily.

The contact form is implemented as a so-called iFrame from a web server operated independently of our hoster (see above 2.1 and 2.2.). This means that the data entered there is not routed via our hoster's servers and is not stored there at any time.

You can send us an Email to apply@egroup.io using your preferred Email server. When doing so, it is necessary to provide your name, a valid Email address and a description of your problem so that we know who the request comes from and can appropriately address it. Additional information e.g., as in the application form may be provided voluntarily. You can also reach us via Facebook (@workinberlin.de) and WhatsApp (+49 170 5882877).

The receiving e-mail server is also operated independently of our hoster and exclusively in the European Union.

In the event that your enquiry concerns a contract to which you are a contractual party, or concerns the implementation of pre-contractual actions, the data processing will be carried out in accordance with Article 6 (1)(b) GDPR. For all other inquiries, data processing for the purpose of establishing contact is based on a balance of interests (Article 6 (1)(f) GDPR). In this case our legitimate interest is the processing of your request.

If you are interested in our job-offers we store your information in order to find a suitable offer for you or to be able to send you such offers in the future based on the interests you have expressed.

You can find more information about applicant data protection at eGroup People & Culture here.

The personal information collected by us in the course of contacting you will be deleted in accordance with the legal requirements after the inquiry you have made has been completed.

3.   Information Disclosure

1.   In General

We have entered into data processing agreements with technical service providers which we use for the operation and maintenance of our website, as well as with the providers of tracking and web analysis tools listed in sections 2, 5 and 6 of this privacy policy, who process the data on our behalf for the purposes of user analysis and statistical evaluation. Service providers who process personal information on our behalf outside of the European Union (so-called third countries) will only be used if an adequacy decision by the European Commission or suitable or adequate safeguards are in place for this third country with respect to the recipient. Beyond that, we do not transfer or share your personal information with third parties, except for the purposes listed below. We will only disclose your personal information to third parties if the following is applicable:

·       you have provided your explicit consent,

·       the disclosure of information is necessary to protect our legitimate interests or the legitimate interests of a third party and there is no reason to assume that you have an interest worthy of protection in not disclosing your data,

·       in the event that there is a legal obligation for disclosure, and

·       a disclosure is legally permissible and required for the processing of contractual relationships.

2.   Data transfer to third countries

Service providers who process personal data on our behalf outside the European Union (so-called third countries) will only be used without your consent in accordance with Article 49 (1)(a) GDPR if an adequacy decision by the European Commission or suitable guarantees have been obtained from the recipient for this third country. If you consent to the transfer of your personal data to third countries, we will transfer your data to the USA in connection with the following services without suitable data protection guarantees:

Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, California, 94103, USA (for web hosting only, see 2.1 and 2.2 above).

The transfer of personal data to third countries that do not offer an adequate level of data protection (in particular to the USA) carries the risk that the data may be processed for the purposes of third parties without your knowledge and that the data may not be protected against access by third parties. In particular, there may be governmental access in the USA, for example, within the scope of intelligence investigation powers according to Section 702 FISA and Executive Order 12 333.

4.   Security

On our website we use the common TLS (Transport Layer Security) procedure in connection with an encryption level that corresponds to the respective state-of-the-art technology. The actual level of encryption also depends on the browser you use. You can determine whether an individual page of our website is being transmitted in encrypted form by the key or lock symbol in the lower status bar of your browser.

We have also taken technical and administrative security precautions to protect your personal information against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers working for us are subject to the valid data protection laws. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly revised. Please make sure that you have the latest version.

5.   Rights of the individuals affected

You have the following rights:

1.   to request information about your personal information processed by us;

2.   to immediately demand the correction of incorrect or incomplete personal information stored by us;

3.   to request the deletion of your personal information stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (if we have published your personal information, we are obligated, taking into account the available technology and implementation costs, to take reasonable measures, including technical measures, to inform the data controllers who process the personal data that you have requested the deletion of all links or of copies or replications of such personal information)

4.   to demand the restriction of the processing of your personal information if the accuracy of such information is disputed by you, if the processing is unlawful but you refuse to have it deleted and we no longer need the information, but in the case when you need the data for the assertion, exercise or defense of legal claims or have filed an objection to the processing

5.   to receive the personal information that you have provided to us in a structured, common and machine-readable format or to request its transfer to another responsible party;

6.   to revoke your consent towards us at any time. As a result, we are no longer allowed to continue the data processing that was based on this consent in the future and

7.   to complain to a regulatory agency. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our registered office.

6.   Right to Appeal

If your personal information is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data for reasons relating to your particular situation or direct marketing. In the latter case, you have a general right to appeal, which will be implemented by us without indicating any specific circumstances.

If you wish to make use of your right to cancel or to appeal you can simply send an eMail to dataprivacy@egroup.io.

7.   Applicant Data Protection  

If you want to become a member of the EGROUP PEOPLE & CULTURE team, your personal data transmitted in the context of this will of course be subject to special data protection regulations. You can find out how we handle these data here.

8.   Privacy Policy Updates

This privacy policy represents the current status.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to amend this privacy statement. The current privacy statement can be accessed and printed out at any time by clicking here.

Status: 02/28/2022