Privacy policy

Last updated on April, 2022

Hier finden Sie eine deutsche Version zum Datenschutz

We (si:cross GmbH) would like to inform you about the processing of your personal data.

Table of Contents

  1. A. Who is responsible for data processing?

  2. B. Informational visit to our websites

    1. 1. Logfiles

    2. 2. Use of cookies and similar technologies

    3. 3. Use of Google Analytics

    4. 4. Google reCAPTCHA

    5. 5. Hosting

  3. C. e-Mail Newsletter

  4. D. Data processing in the context of business communication

    1. 1. General communication

    2. 2. Audio and video conferencing

  5. E. Use of the si:cross applications

    1. 1. Description of the data processing

    2. 2. Purpose and legal basis of the data processing

    3. 3. Recipient of the data

    4. 4. Retention period

  6. F. Social Media Profiles

  7. G. Applicants

    1. 1. Scope of data processing

    2. 2. Purpose of the data processing

    3. 3. Legal basis of the data processing

    4. 4. Recipients of the data

    5. 5. Retention period

  8. H. General information

    1. 1. Are personal data transferred to a third country?

    2. 2. Does automated decision making (including profiling) take place?

  9. I. Your rights

A. Who is responsible for data processing?

The controller (Art. 4 No. 7 EU General Data Protection Regulation, GDPR) for data processing is:

si:cross GmbH
Virchowstr. 2, 66119 Saarbrücken
Telefon: +49 151 168 111 75 E-Mail: info@sicross.com

You can reach our data protection officer at:

Arthur Liebhardt
Virchowstr. 2, 66119 Saarbrücken Telefon: +49 172 308 84 76 E-Mail: arthur@sicross.com

B. Informational visit to our websites

1. Logfiles

You can visit our websites without telling us who you are. For technical reasons, however, we automatically collect data that your browser transmits to our server (log files). This is the following data:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access Status/HTTP Status Code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

The storage of the IP address for the duration of the session is necessary in order to be able to display our websites to you. The processing of the other data serves in particular to ensure the permanent functionality and security of our websites and information technology systems.

The legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest in processing the data is to achieve the aforementioned purposes.

The log files are stored for a period of 30 days and then deleted, unless they have to be kept for longer in exceptional cases to follow up an identified attack.

2. Use of cookies and similar technologies

We also use cookies on our websites. Cookies are small text files that are automatically downloaded and stored on your PC or mobile device. The use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site or when you close the browser.

The German Telecommunications Telemedia Data Protection Act (TTDSG) came into force on 1 December 2021. Insofar as this applies to the cookies and comparable technologies used by us, we obtain your express consent via our cookie banner in accordance with Section 25 (1) of the TTDSG or there is a technical necessity in accordance with Section 25 (2) No. 2 of the TTDSG with regard to ensuring the permanent functionality and security of our websites and information technology systems. As far as personal data is concerned, we also rely on the legal basis of the GDPR for further/subsequent processing, regularly also on your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR as well as Art. 6 para. 1 sentence 1 lit. f GDPR.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

3. Use of Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end device.

Furthermore, Google Analytics can record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to augment the data sets collected and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Section 25 (1) TTDSG, Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Mehr Informationen zum Umgang mit Nutzerdaten bei Google Analytics finden Sie in der Datenschutzerklärung von Google: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing agreement

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Retention period

Data stored by Google at user and event level that are linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

4. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

5. Hosting

Our website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We use the following hoster: RAIDBOXES GmbH, Hafenstraße 32, DE – 48153 Münster, Germany.

In order to ensure data protection-compliant processing, we have concluded a data processing agreement with our hoster.

C. e-Mail Newsletter

You can subscribe to an e-mail newsletter (“Newsletter”) on our website. To subscribe to our newsletter, you must provide us with your e-mail address. To verify your e-mail address, we use the so-called double opt-in procedure. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you confirm this, we will store your data until you unsubscribe from the newsletter. The storage serves the sole purpose of being able to send you the newsletter.

The legal basis is your express consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

You can revoke your consent and unsubscribe from the newsletter at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to info@sicross.com or by sending a message to the contact details given in the imprint.

We use the services of MailChimp to send the newsletter. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. If you enter data for the purpose of receiving newsletters (e.g. email address), this data is stored on MailChimp’s servers in the USA.

With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (known as a web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/.

We have concluded a so-called “Data Processing Agreement” with MailChimp, in which we oblige MailChimp to protect our customers’ data and not to pass it on to third parties.

D. Data processing in the context of business communication

1. General communication

When you are in business contact with us, we collect and process personal data that we receive from you and your employees. We may receive this data directly from you or we may have taken it from your email signature, for example. It may be the following data:

  • Name,
  • E-mail address,
  • Telephone and fax number and
  • Further information from the signature

The legal basis for the processing is Art. 6 para. 1 lit. b and f GDPR. Our legitimate interest in data processing in this case is to be able to communicate with you for official/business purposes.

We delete your data after the end of its purpose. We store certain data until the expiry of statutory periods of limitation (regularly three years) and/or statutory retention periods, for example from the German Fiscal Code and the German Commercial Code (regularly up to ten years).

2. Audio and video conferencing

We use third-party video conferencing tools to conduct video and audio conferences, webinars and other types of video and audio meetings. The following categories of data are processed in this context:

  • Inventory data (e.g. names, addresses),
  • Contact details (e.g. e-mail, telephone numbers),
  • Content data (e.g. text input, photographs, videos),
  • Meta/communication data (e.g. device information, IP addresses).

The processing of the data serves to set up and conduct online meetings / video conferences. The processing is carried out on the legal basis of Art. 6 (1) lit. b GDPR or according to Art. 6 (1) lit. f GDPR on the basis of our legitimate interests in efficient and secure communication with our communication partners.

We use the following video conferencing tools:

Google Meet: Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de

Zoom Meetings: Provider is Zoom Video Communications, Inc. Information on data processing: https://explore.zoom.us/de/privacy/ 

We have concluded a contract processing agreement with each of the providers in accordance with Art. 28 GDPR. In order to ensure a sufficient guarantee for any data transfers to the USA or other third countries, the EU standard contractual clauses apply.

E. Use of the si:cross applications

We offer a SaaS application for in-house podcasts (“si:cross” or “application”). The Application can be used via a web browser or a mobile app. If you use the Application as an employee of one of our commercial customers (“Customer”), the Customer is responsible for data processing from a data protection perspective. In this respect, we act as a processor for the commercial customer. 

When you use the application, your personal data will be processed as follows:

1. Description of the data processing

When you use the application via a web browser, log files are automatically collected. This is the following data:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access Status/HTTP Status Code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

If you use the application via a mobile app, the following device information is automatically processed:

  • IP address
  • Device ID
  • Device type
  • Device-specific settings 
  • App settings 
  • App properties, 
  • the date and time of the retrieval,
  • Time zone 
  • the amount of data transferred and 
  • the message whether the data exchange was complete, 
  • Operating system. 

You can also create a personal account and post content (e.g. texts, audio recordings) via the application. In detail, the following data can be collected:

  • First name, last name
  • Business contact details (e-mail address, business telephone number)
  • Username
  • Content data (news, video recordings, audio recordings)

2. Purpose and legal basis of the data processing

We process your personal data to enable you to use si:cross via the web browser or the app. The legal basis is Art. 6 para. 1 lit. b GDPR. Please note that the customer on whose company profile you use si:cross may have other purposes and legal bases for data processing. You will receive further information about this from the customer.

3. Recipient of the data

Your personal data is processed on behalf of the client. The customer therefore has access to your data. In addition, we use subcontractors for the processing of your personal data with whom we have concluded order processing agreements in accordance with Art. 28 GDPR. Find a list of service providers under Sub-Processors.

Data transfer to third countries generally takes place within the EU. However, in the context of hosting by Amazon Web Services, data may be transferred to third countries (e.g. the USA). To ensure a sufficient level of data protection, the EU standard contractual clauses apply in these cases.

4. Retention period

Your personal data will be deleted as soon as it is no longer needed for the above purposes.

F. Social Media Profiles

We operate various social media profiles in order to provide information on the respective social media platforms and to be able to contact you. Please note that cookies may be stored in your browser by the respective platform operator, in which your usage behaviour is stored for market research and advertising purposes. These usage profiles can also be created across devices. The platform operators evaluate these usage profiles in order to display personalised advertising to you. The data processing may also affect persons who are not registered as users with the respective social media platform. The data may also be shared by the platform operators with other companies and transferred to countries outside the EU.

We receive information from the platform operator, in particular statistical evaluations, about visits to our social media profile. This may also involve personal data. The processing of your personal data when visiting one of our social media profiles is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information option to improve our external presentation and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR. If you have given a platform operator your consent to data processing, the legal basis is Art. 6 para. 1 lit. a GDPR.

Further information on the scope, purpose and legal basis of data processing on social media platforms and on your rights vis-à-vis the platform operator can be found here:

Facebook

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy: https://www.facebook.com/privacy/explanation/ 

Instagram

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy: https://help.instagram.com/ 

Twitter

Provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Privacy policy: https://twitter.com/de/privacy

LinkedIn

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy policy: https://www.linkedin.com/legal/privacy-policy

G. Applicants

You can apply to us in response to our published job offers or on your own initiative. In the following, we will show you which data is processed in this process.

1. Scope of data processing

During the application process we process the following categories of data:

  • Private contact and identification data: e.g. surname, first name, academic degree, gender, email address, address and telephone number.

  • Data on your professional qualifications, e.g. school-leaving and educational qualifications, language skills, as well as your place of study or training, certificates 

  • If you send us your CV, we will process the data provided in it, such as photos of you or possibly the existence of a driving licence.

  • If applicable, other data provided by you as part of the application process

Your application documents will be sent to the contact person named in the job advertisement and will be forwarded internally to other partners and employees responsible for the application process.

2. Purpose of the data processing

We process your data in order to check whether you are eligible for employment with us as part of the applicant selection process.

3. Legal basis of the data processing

The legal basis for data processing is Section 26 (1) BDSG and Article 6 (1) b GDPR (contract initiation). Information that you provide voluntarily and that goes beyond what is required is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to respond to your application in the best possible way. If you provide information in individual cases for which we have no legal basis for processing, we will not process it.

4. Recipients of the data

Internally, only those persons have access to your data who need it for the stated purposes. These are primarily the responsible partners, responsible HR employees and all persons who are necessarily involved in the applicant selection process.

5. Retention period

If an employment relationship is established with you, we will process your data for the purposes of the employment relationship in accordance with a separate data protection declaration, which you will then receive from us.

In the event that no employment relationship is established with you, we generally store your data for a period of six months from the time you receive the rejection. Your application documents will then be deleted.

H. General information

1. Are personal data transferred to a third country?

We generally process your data in the European Union or the European Economic Area. Only in exceptional cases do we transfer data to countries outside the European Union or the European Economic Area (“third country”). We only transfer personal data to a third country if the special requirements of Art. 44 ff. GDPR are fulfilled. This means that the processing of your data then only takes place on the basis of an adequacy decision of the EU Commission regarding the level of data protection in the respective third country or special guarantees. We ensure these adequate guarantees by concluding so-called “standard contractual clauses”. This is a set of contracts recognised by the European Commission for the transfer of data to third countries. 

2. Does automated decision making (including profiling) take place?

No, you will not be subject to a decision which produces legal effects vis-à-vis you or similarly significantly affects you and which is based exclusively on automated data processing (Art. 22 GDPR).

I. Your rights

You can assert your following rights against us at any time free of charge at info@sicross.com:

  • If you have given us your express consent to the processing of your personal data, you can revoke this consent at any time free of charge with effect for the future. Your revocation has no effect on the lawfulness of the processing of your personal data that has taken place up to that point and on the lawfulness of such processing for which another legal basis exists.
  • You can request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details. You may also request that we provide you with a copy of the data we hold about you;
  • In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or completion of your personal data stored by us;
  • In accordance with Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • You can demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, insofar as the processing is unlawful but you object to its deletion, insofar as we no longer require the data but you need it to assert, exercise or defend legal claims or insofar as you have objected to the processing in accordance with Art. 21 GDPR;
  • Pursuant to Art. 20 GDPR, you may receive your personal data which you have provided to us and which we process based on your consent or for the performance of a contract, in a structured, common and machine-readable format or, within the scope of what is technically feasible, request that it be transferred to another controller (right to data portability);
  • You can complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.

Right of objection
If we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.