This data protection notice informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as "Online Offer"). With regard to the terminology used, such as "personal data" or its "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).
No data is transferred to third parties without the consent of the data subject or without a legal basis.
Information on the handling of application data in the context of application procedures can be found in the section "Data protection information for applicants".
Orange Hive GmbH
60314 Frankfurt am Main
Laura Geisler, Steven Sasseville, Carsten Scheele
Tel.: +49 (0)69 15 04 66 000
Types of data processed:
- Inventory data (e.g., company name, contact persons, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data entered by the user on the website (e.g., message to Orange Hive).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9 (1) DSGVO):
In principle, no special categories of personal data are processed, unless they are supplied to the processing by users, e.g. entered in online forms.
Categories of data subjects:
- Customers, interested parties and business partners.
- Visitors and users of the website.
Hereafter, we also refer to the data subjects collectively as "users".
Purposes of processing:
- Provision of the online offer, its contents and functions.
- Answering contact requests and communication with users.
1. relevant legal basis
1.1 In accordance with Art. 13 DSGVO, we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the data protection notice, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfill our services and carry out (pre)contractual measures and respond to inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.
2. changes and updates to the data protection notices
We ask you to inform yourself regularly about the content of our data protection notices. We adapt the data protection notices as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
3. security measures
We takesecurity measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access concerning them, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 of the GDPR).
4. cooperation with processors and third parties
1. If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to a third party takes place).For example, if a transfer of data to third parties, such as to payment service providers, is required in accordance with Art. 6 para. 1 lit. b DSGVO for the performance of the contract), you have consented, a legal basis or obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
There is no unauthorized data transfer to third parties without a legal basis.
If we commission third parties with the processing of data on the basis of a "contract processing agreement", this is done on the basis of Art. 28 DSGVO or, in the case of service providers in third countries, in accordance with Art. 44 et seq. DSGVO.
5. transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the special requirements of Art. 44 et seq. DSGVO, if an adequacy decision pursuant to Art. 45 DSGVO or appropriate safeguards pursuant to Art. 46 DSGVO are available.
Due to the declaration of invalidity of the EU-US Privacy Shield (ECJ 16.7.2020), processing in the USA is only possible with your consent pursuant to Art. 6 (1) a DSGVO. A transfer to the USA in the sense of the European data protection level is not guaranteed with declaration of invalidity.
Alternatively or additionally create by the conclusion of the EU standard data protection clauses issued by the European Commission with the receiving entity appropriate guarantees under Art. 46 (2) c) DSGVO and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the website of the European Commission, available here.
6. rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
You have the right, in accordance with Art. 17 DSGVO, to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request its transfer to other data controllers (data portability).
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
7. right of revocation
You have the right to revoke given consents according to Art. 7 (3) DSGVO with effect for the future.
8. right of objection
You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for purposes of direct advertising.
9 Cookies and right to object to direct advertising
Please note that in this case not all functions of this online offer can be used.
10. deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO unless expressly stated in this data protection notice, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and will not be processed for other purposes in the future. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements, data is stored in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) DSGVO (pre-contractual/contractual measures).
The information of inquirers may be stored in our Customer Relationship Management System ("CRM System") or comparable inquiry organization.
Data transmitted via the contact form will be deleted as soon as they are no longer required for their intended purpose or you request us to delete them and the deletion does not conflict with any statutory retention obligations.
12. collection of access data and log files
We collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 10 working days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
The legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interest).
13. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
We use RapidMail to send newsletters. The provider is RapidMail rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany . This service allows us to organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your e-mail address, is stored on RapidMail's servers. Server locations are Germany and Ireland, respectively.
Sending the newsletter with RapidMail allows us to analyze the behavior of the newsletter recipient. The analysis reveals, among other things, how many recipients opened their newsletter and with what frequency links in the newsletter were clicked. RapidMail supports conversion tracking to analyze whether a previously defined action, such as a product purchase, occurred after a link was clicked. Details on data analysis by RapidMail can be found at: https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform.
Data processing is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent with effect for the future is possible at any time. For the revocation, an informal message by e-mail or you unsubscribe via the "unsubscribe" link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation. To send our newsletter, we require a valid e-mail address from you, which we verify beforehand. Supplementary data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
If you do not want RapidMail to analyze your data, you must unsubscribe from the newsletter. To unsubscribe, it is sufficient to send us an informal message by e-mail or to unsubscribe via the "unsubscribe" link in the newsletter.
Data entered to set up the subscription will be deleted from our servers and RapidMail's servers in case of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will still remain with us and will be stored for as long as it is required for the respective purpose. If the purpose ceases to apply and the data also does not need to continue to be stored due to legal retention periods, the data will be deleted.
Details of RapidMail's data protection policy can be found at: https://www.rapidmail.de/datenschutz.
Order processing: In order to fully comply with the legal data protection requirements, we have concluded an order processing agreement with RapidMail.
Data entered to set up the subscription will be deleted in case of unsubscription. Should this data have been transmitted to us for other purposes and elsewhere, it will continue to remain with us and will be stored for as long as is necessary for the respective purpose. If the purpose no longer applies and the data also does not need to continue to be stored due to legal retention periods, the data will be deleted.
15. online presences in social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our data protection information, we process the data of users if they communicate with us voluntarily within the social networks and platforms, e.g., write posts on our online presences or send us messages.
On our website there are links to the social networks facebook, instagram and Behance, through which cookies are set.
The legal basis is Art. 6 para. 1 lit. a DSGVO (consent).
16. data protection information for applicants
The responsible party for all data arising in connection with the application process is Orange Hive GmbH, Lindleystr. 12, 60314 Frankfurt am Main.
You can contact the Orange Hive data protection officer by e-mail to datenschutz[at]orangehive.de, in writing to our postal address with the addition of "the data protection officer" or by telephone at +49 (0)69 15 04 66 000.
Purpose and legal basis of processing
The processing of your data serves to process your application and is based on Art. 88 (1) DSGVO in conjunction with. (in conjunction with) Section 26 of the German Federal Data Protection Act (BDSG), according to which personal data may be processed, among other things, for the purposes of the employment relationship or this is necessary for the decision on the establishment of an employment relationship. In this context, your data will only be forwarded to the specialist departments responsible for the specific application procedure.
Your personal data will initially be stored for the duration of the application process and beyond that for a further 6 months, after which it will be deleted. If your application could be of interest for future job offers, we will store your application data for a further period of 24 months after you have expressly consented to such storage and use.
17 Cookies & Reach Measurement
Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.
We use "session cookies", which are only stored for the duration of the current visit to our online presence. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.
Technically necessary cookies are required so that the website can be used correctly.
The legal basis for the use of marketing cookies is Art. 6 para. 1 lit. a DSGVO (consent).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
For integration and display of video content, our website uses plugins from Vimeo. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
Vimeo can assign your surfing behavior directly to your personal profile. You have the option to prevent this by logging out beforehand.
The use of Vimeo is in the interest of an appealing presentation of our online offers. The legal basis for this is Art. 6 para. 1 lit. a DSGVO (consent).
19. analysis tools & advertising
a) Google Analytics
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Demographic characteristics with Google Analytics
This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
b) Google Maps
The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO). The provision of your personal data is voluntary, based on your consent. If you prevent access, this may result in functional restrictions on the website.
By visiting the website, Google receives information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.
If you do not want the assignment in your profile at Google, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
We do not collect any personal data through the integration of Google Maps.
Google also processes your personal data in the USA. Regarding third country transfer, see also point 5. of this privacy notice.
If you do not want Google to collect, process or use data about you via our website, you can revoke your consent at any time in your cookie settings. If you prevent access, this may result in functional restrictions on the website.
c) Google Tag Manager
On our behalf, Google will use this information for the purpose of evaluating your visit to this website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Tag Manager will be transferred to Google Ireland Limited and will not be merged with other data of Google Ireland Limited.
20. questions to the data protection officer
For information, suggestions and complaints regarding the processing of your personal data, please write us an e-mail or contact our data protection officer directly, who can be reached as follows:
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
61118 Bad Vilbel
T. +49-6101-982 94 22