Privacy Policy

Last Updated: July 26th, 2021

With the following information, we would like to give you an overview of the collection and processing of personal data when using our website.


1. Who is controller and whom can I contact?

Controller for the processing of personal data on this website is:

Cobrainer GmbH

Lothstrasse 5

80335 Munich

Germany

Tel.: 089 8563 6970

E-mail: info@cobrainer.com


If you have any questions about this privacy policy or wish to exercise your data subject rights, you can contact our data protection officer at privacy@cobrainer.com at any time.

2. What are the purposes of processing and on what legal basis?

2.1 Server Log Files

In case of mere informational use of our website, i.e. if you do not otherwise transmit information to us, we collect the (possibly personal) data that your browser transmits to our server. Accordingly, we collect the following data:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system
  • Language and version of the browser software.

This data is stored in server log files for a few days for security reasons and will be deleted subsequently. If data must be retained for proof purposes, it will not be deleted until the incident has been finally resolved.

The legal basis for the described data processing is Art. 6 para. 1 (f) GDPR. We have a legitimate interest in processing the server log files to ensure the website security and to clarify cases of abuse.


2.2 Cookies

In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and through which the entity that sets the cookie receives certain information.

Our website uses so-called session cookies. These cookies store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. You can configure your browser setting according to your preferences and, for example, refuse to accept all cookies. Please note that in this case you may not be able to use all functions of this  website.

The legal basis for the described data processing is Art. 6 para. 1 (f) GDPR. We have a legitimate interest in storing the aforementioned cookies for the technically error-free and user-friendly design of the services. Some of the services listed below also use their own (third-party) cookies. The legal basis for these cookies follows in each case the legal basis for the data processing described below.


2.3 Contacting us by e-mail or contact form

When contacting us by e-mail or contact form, the data you provide (your e-mail address, your name and telephone number, the content of your message, if any) will be processed by us in order to answer your questions. We delete this data after processing for answering your questions is no longer necessary or restrict the processing if there are legal retention obligations.

The legal basis for this data processing is Art. 6 para. 1 (b) GDPR, as far as a contractual relationship is intended, and our legitimate interest in answering your inquiry according to Art. 6 para. 1 (f) GDPR, as far as other inquiries are concerned.

When contacting us via e-mail and/or contact form, your data will be transferred to servers in the United States of America ("USA"). There is no adequacy decision of the European Commission for the USA, which certifies an adequate level of data protection for the USA. Therefore, by transferring your personal data, there is a risk that US authorities will access it and process it for their own purposes. The appropriate safeguards for the transfer of your data to the USA are provided by so-called EU standard data protection clauses and supplemented measure pursuant to Art. 46 para. 2 (c) GDPR.

If you wish to apply to us, this is regularly done via Personio. In this case, please check out our additional privacy policy at https://cobrainer.jobs.personio.de/.


2.4 Contacting us via chat function (Drift

On our website, we offer the possibility to contact us via a chat function. For this purpose, we use the services of our processor Drift.com, Inc, 222 Berkeley Street, Suite 600, Boston, MA 02116, USA.

In addition to the content of your messages in such chat, the name and contact information you provide (company, e-mail address, telephone number) are processed. In addition, your IP address is processed to determine whether you are contacting us as a representative of a company. The chat also sets a cookie to tell us, in the event of a chat message from you, to which subpage of our website your query arose. Your data, i.e. the message history, your e-mail address and your IP address are automatically deleted after the chat with us ends.

The legal basis for this data processing is Art. 6 para. 1 (b) GDPR, as far as a contractual relationship is intended, and our legitimate interest in answering your inquiry according to Art. 6 para. 1 (f) GDPR, as far as other inquiries are concerned.

When contacting us via chat, your data will be transferred to servers in the United States of America ("USA"). There is no adequacy decision of the European Commission for the USA, which certifies an adequate level of data protection for the USA. Therefore, by transferring your personal data, there is a risk that US authorities will access it and process it for their own purposes. The appropriate safeguards for the transfer of your data to the USA are provided by so-called EU standard data protection clauses and supplemental measures pursuant to Art. 46 para. 2 (c) GDPR.


2.5 Matomo Analytics

We use the analytic software Matomo on our own server.

Matomo uses what are known as cookies. These are text files that are saved on your computer and enables us to analyze the user behavior by pseudonymized user profiles and how our website is used. The following data is processed for this purpose: Abbreviated IP address, the website accessed, HTTP referrer, the subpages accessed, the time spent on the website, the frequency with which the website is accessed.

Our website uses Matomo on its own server, i.e. this data is not transferred to Matomo. In addition, the IP addresses are processed in a shortened form (e.g. 192.168.xxx.xxx), so that the IP address can no longer be linked to you and your computer. Moreover, the IP address transmitted by your browser via Matomo is not merged with other data collected by us.

If you do not agree with this processing, you can stop Matomo by just unchecking the box below or clicking the following this link.

By clicking this link, it sets a cookie on your device that prevents starting Matomo. Please note that you must click the above link again if you delete the cookies stored on your device. The Matomo cookie remains on your device until you delete it.

The legal basis for this processing is our legitimate interest in the statistical analysis of user behavior in order to optimize our website pursuant to Art. 6 para. 1 (f) GDPR.


2.6 Embedded videos (YouTube, Vimeo)

We use videos on our website. These videos are not stored on our own servers, but are uploaded to third-party providers and only embedded on our website. This embedding of the videos results in calls to the servers of these third-party providers. Specifically, these are YouTube LLC, 901 Cherry Avenue, 94066 San Bruno, CA, USA and Vimeo Inc, 555 West 18th Street, New York 10011, USA (hereinafter "YouTube" and "Vimeo" or together "video platform"). We use the video platform in an extended data protection mode, which means that a connection between your browser and the video platform is only established when you start the video by clicking on the corresponding button.

We do not process any personal data with respect to such embedded videos. Controller of any processing that may take place during watching such embedded videos is the respective video platform. Further information on this processing of your data by YouTube can be found at https://www.youtube.com/t/privacy_at_youtube and by Vimeo at https://vimeo.com/privacy .


2.7 Translation of the website (Weglot)

We use the translation service Weglot on our website which is provided by our processor Weglot SAS, 138, rue Pierre Joigneaux in Bois-Colombes 92270, France.

Weglot is loaded automatically when you visit the website so that you can change the language via the language icon in the footer of the website. This establishes a direct connection between your browser and the Weglot server for the duration of your visit to this website, whereby Weglot processes your IP address and the subpage you visit.

The processing of the data is based on our legitimate interest in an understandable presentation of the website in the language of the respective user (Art. 6 para. 1 (f) GDPR).


2.8 Cookie consent tool

To obtain your consent for cookies and similar technologies, we use the consent management tool provided by our processor Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich ("Cookie consent tool"). The Cookie consent tool identifies which cookies are used by our website and whether you have given or revoked your consent to their use. This allows us to prevent cookies and similar technologies from being used if you have not given consent. The cookie set by the Cookie consent tool stores the setting of your preferences and has a lifetime of one year.


The legal basis for this data processing is Art. 6 para. 1 (f) GDPR, as we have a legitimate interest in being able to comply with the legal requirements of the GDPR and the ePrivacy Directive through technical measures.


2.9 LinkedIn Insight Tag

We use LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn Tag"), to perform detailed campaign reportings and to gain information about our website visitors in order to track conversions and/or retarget our website visitors.

This LinkedIn Tag collects the following data: page views on our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to track user across devices) hashed. Users' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is deleted within 90 days.

LinkedIn Tag transfers your data to countries outside the European Union and the European Economic Area (so-called “third countries”). For some of these third countries, in particular the United States of America (hereinafter "USA"), no adequate level of data protection has been determined by the European Commission. These third countries therefore do not offer data protection law that is comparable to that of the European Union. The appropriate guarantees for the transfer of such data to the third countries are achieved by concluding so-called EU standard data protection clauses and supplemental measures pursuant to Art. 46 para. 2 (c) GDPR.

LinkedIn Tag does not share any personal data with us, but only provides reports and notifications (in which you are not identified) about website audience and ad performance. Thus, we do not have access to the above data from you.

You can find more information on data protection in the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.

The legal basis for such processing is your consent according to Art. 6 para. 1 (a) GDPR.

3. What are the recipients of my personal data?

Within our company, your personal data will only be accessed by those departments that absolutely need it to fulfill the above-mentioned purposes. The aforementioned data may also be processed by processors who operate or maintain our website and systems. In addition, the data will be transmitted to the providers expressly mentioned in section 2. Such processing is governed by a contract as set out in Art. 28 GDPR, to the extent that such provider is acting as a processor for us.

4. Do you transfer my personal data to countries outside the European Union?

In section 2, we refer specifically to the transfer of your data to countries outside the European Union for specific services. In addition, our website is hosted by processors (currently Webflow and Uberspace), that use servers in the United States of America ("USA").

There is no adequacy decision of the European Commission for the USA, which certifies an adequate level of data protection. Therefore, by transferring your personal data, there is a risk that US authorities will access it and process it for their own purposes. The appropriate safeguards for the transfer of your data to the USA are provided by so-called EU standard data protection clauses and supplemental measures pursuant to Art. 46 para. 2 (c) GDPR.

5. Which data subject rights do i have?
  • Right of access. You have the right to access the personal data we have stored about you in order to review it and to get an idea of how we use your data.
  • Right to rectification, erasure and restriction. Under certain circumstances, you have the right to request that we rectify, restrict or erase your personal data.
  • Right to data portability. You have the right to receive your personal data from us in a structured, common and machine-readable format and to transfer it directly from us to third parties, where technically feasible.
  • Right of withdrawal. You have the right to withdraw any consent you may have given. Please note that this withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal. Consents that you have given us during your first visit to our website can be withdrawed at any time under the following link: LINK.
  • Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 para.1 GDPR. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests.
  • Right to complain. If you believe that our data processing violates European data protection law, you can lodge a complaint with a supervisory authority. A list of all supervisory authorities within Germany and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. For example, you can contact the Bavarian Data Protection Authority (BayLDA).

6. When will my personal data be erased?

As far as possible, we have informed you of the specific retention period and the period for which the personal data will be stored in section 2 above. Otherwise, the retention period is determined by us by the following criteria: We process and store your personal data as long as necessary in relation to the purposes for which they were collected. If the processing of your personal data is no longer necessary for us, in particular because contractual obligations or our legitimate interests have been fulfilled, it will be erased by us, unless its further processing or archiving is required for legal reasons. These legal reasons include, for example, retention obligations under commercial and tax law (e.g. German Commercial Code and the German Fiscal Code). The periods specified there for the retention of data are generally two to ten years.

7. Do I have an obligation to provide my personal data?

You are under no legal or contractual obligation to provide us your personal data. However, without this data we are in some cases not able to offer all functionalities of the website.

8. Am I subject to a decision based on automated processing, including profiling?

No automated decisions or other profiling measures are carried out by us, unless expressly indicated in section 2.