Legal & Compliance
🚨 THIS HAS BEEN TRANSLATED
This privacy policy is drafted in German. The English translation is for convenience only. In the event of any discrepancy or conflict between the German version and the translation, the German version shall prevail. The original version can be found here: Datenschutzerklärung
The controller within the meaning of the General Data Protection Regulation (hereinafter GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:
Fürstenfelder Str. 9
80331 München
Deutschland
Tel: 089-244132100
E-Mail: legal@bilendo.de
Website: www.bilendo.de
The Data Protection Officer of the Controller is:
Rechtsanwalt Wolfgang Steger
Zertifizierter Datenschutzbeauftragter DSB – TÜV
Am Neuen Weg 21
82041 Oberhaching
E-Mail: steger@ra-steger.info
Phone: 0178-7714857
With every access to our website, our system automatically collects data and information from the computer system of the accessing computer:
The log files contain IP addresses or other data that allow assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website, or the link to the website to which the user switches, contains personal data. The data is also stored in the log files of our system. The user's IP addresses or other data that enable the assignment of the data to a user are not affected by this. This data is not stored together with other personal data of the user.
The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in the functionality and security of the website).
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
In the case of data collection for the provision of the website, this is the case when the respective session is ended.
In the case of data storage in log files, this is the case after seven days at the latest.
Storage beyond this is possible. In this case, the IP addresses of the users are deleted or anonymized, so that assignment to the accessing client is no longer possible.
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no right of objection on the part of the user.
We use cookies to make our website more user-friendly.
Technically necessary cookies:
Analysis and marketing cookies:
The user data collected in this way is pseudonymized by technical precautions. Therefore, assignment of the data to the accessing user is no longer possible. The data is not stored together with other personal data of the users.
When accessing our website, users are informed about the use of cookies for analysis purposes by an info banner. Furthermore, reference is made to the Cookie Policy and data protection provisions. In this context, a user-side query is made regarding the setting of non-functional cookies. Cookies are actively set and activated by the user. Consent once given to the processing of the personal data used in this context can be revoked at any time subsequently. In this context, a reference is also made to this privacy policy and Cookie Policy.
The legal basis for technically necessary cookies is Section 25 para. 2 no. 2 TDDDG (absolute necessity).
The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again even after a page change. We require cookies for the following applications:
The legal basis for analysis and marketing cookies is Section 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR (consent for access to the end device).
The purpose of using analysis and marketing cookies is the quality of our website and the improvement of its content. Through the analysis and marketing cookies, we learn how the website is used and can thus constantly optimize our offer:
Cookies are stored on the user's computer and transmitted from it to us. Therefore, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.
On our website, there is the option to subscribe to a free newsletter and to download free e-books and whitepapers. When registering for the newsletter or downloading the e-books / whitepapers, the following data from the input mask are transmitted to us:
In addition, the following further data are collected during registration:
For the processing of the data, your consent is obtained as part of the registration process and reference is made to this privacy policy. The newsletter is used exclusively for direct advertising for our own similar goods or services. The data is used exclusively for sending the newsletter.
The legal basis is Art. 6 para. 1 lit. a GDPR (consent).
The collection of the user's e-mail address serves to deliver the newsletter or to deliver the requested media such as e-books or whitepapers as a PDF. The newsletter is sent based on the user's registration on the website.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
The legal basis for sending the newsletter as a result of paid use or services is Section 7 para. 3 UWG.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's e-mail address is therefore stored as long as the newsletter subscription is active.
The newsletter is sent based on the user's registration on the website. The other personal data collected as part of the registration process are generally deleted after a period of seven days.
The newsletter subscription can be canceled by the affected user at any time. For this purpose, a corresponding link can be found in every newsletter. This also enables a revocation of the consent to the storage of the personal data collected during the registration process.
A contact form (chat) is available on our website from time to time, which can be used for electronic contact. If a user takes advantage of this option, the following data entered in the input mask are transmitted to us and stored:
The following data are also stored at the time the message is sent:
For the processing of the data, your consent is obtained when using the website and reference is made to this privacy policy. Alternatively, contact is possible via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail are stored. No data is passed on to third parties in this context. The data is used exclusively for processing the conversation.
The legal basis for contact via the contact form is Art. 6 para. 1 lit. a GDPR (consent).
The processing of personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for contact via e-mail is Art. 6 para. 1 lit. f GDPR. This also includes the necessary legitimate interest in the processing of the data.
If the e-mail contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified and is no longer required in the context of the provision of services.
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. To revoke the consent to processing or to object to storage, you have the option to send a corresponding request to us at any time. Requests for revocation to: 089/24413210-0 or by e-mail to legal@bilendo.de. All personal data stored in the course of contacting us will be deleted in this case.
On our website, there is the option to participate in webinars. The use of "Zoom" is relied upon for the provision and participation in the webinars.
The controller for the data processing during the direct execution of online meetings is Bilendo GmbH. Insofar as you access the Zoom website (e.g., for software download or use of the browser version), Zoom is responsible for the data processing there. Participation in the meeting is alternatively possible directly via the Zoom app with the respective meeting ID and possibly further access data without accessing the website.
Which data is processed depends on what information you provide before or during the online meeting. The minimum information required for participation is your name.
The following categories of data are processed:
The possibility of a software-side "attention monitoring" ("attention tracking") in "Online-Meeting" tools such as Zoom is deactivated.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
We use the service of Zoom Video Communications, Inc. (USA) for conducting telephone conferences, online seminars, video conferences, and webinars (collectively: Online Meetings).
The processing takes place depending on the context on the basis of the following foundations:
Consent, Art. 6 para. 1 lit. a GDPR: For optional recordings, we ask for your consent in advance – if required. In the event of a recording, this will also be displayed to you in the Zoom app.
The purpose of using Zoom is efficient communication and collaboration with (potential) customers, partners, and (future) employees. Insofar as recordings or logging (e.g., chat content or webinar questions) take place, these serve the purpose of documentation or follow-up, if this is necessary. However, this will generally not be the case.
Personal data is generally not passed on to third parties, unless it is explicitly intended for disclosure. Please note that content from Online Meetings often serves to share information with participants or interested parties in order to communicate with them (purpose-bound disclosure). Zoom, as a technical service provider, gains knowledge of the data mentioned above, insofar as this is provided for in the data processing agreement concluded for this purpose in accordance with Art. 28 GDPR.
Zoom is a service of a provider from the USA. This means that the processing of personal data also takes place in a third country. To secure the transfer, we have concluded the EU Standard Contractual Clauses with Zoom in addition to the data processing agreement in accordance with Art. 28 GDPR. These clauses oblige the provider to comply with European data protection standards even when processing in the USA. During registration, reference is made to the data processing by Zoom and its data protection provisions.
We delete personal data as soon as the purpose of storage no longer applies and no legal retention obligations (e.g., from commercial or tax law) prevent erasure. The purpose of storage may in particular continue to exist if the data is still required for contractual performance or in order to be able to check, grant or defend against warranty and possibly guarantee claims. In the case of legal retention obligations, erasure is only considered after the respective retention obligation has expired.
If you are registered as a user with Zoom, reports about meetings (metadata, telephone dial-in, webinar questions/surveys) can be stored with Zoom for a duration of up to one month.
If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You have the right, pursuant to Art. 15 GDPR, to obtain information as to whether we are processing your personal data. If this is the case, you can request details about the following information:
You also have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer. This right of access may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.
You have the right, pursuant to Art. 16 GDPR, to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller shall carry out the rectification without undue delay.
Your right to rectification may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.
Under the following conditions, you can request the restriction of the processing of personal data concerning you, pursuant to Art. 18 GDPR:
Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State be processed.
If the restriction of processing has been restricted according to the above-mentioned prerequisites, you will be informed by the controller before the restriction is lifted. Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.
a. Obligation to Erase
You can request from the controller, pursuant to Art. 17 GDPR, the erasure of personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:
b. Information to Third Parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c. Exceptions
The right to erasure does not exist to the extent that processing is necessary:
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged, pursuant to Art. 19 GDPR, to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about these recipients.
You have the right, pursuant to Art. 20 GDPR, to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability shall not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right, pursuant to Art. 21 GDPR, to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR.
Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right, pursuant to Art. 22 GDPR, not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
However, these decisions shall not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and suitable measures to safeguard your rights and freedoms and legitimate interests have been put in place. In the cases referred to in 1) and 3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right, pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
If you wish to exercise any of your rights, please submit a request for access, rectification, restriction, erasure, notification, data transfer, objection, revocation, automated individual decision-making and/or complaint by e-mail to sar@bilendo.de. You will receive confirmation of receipt of the request within 10 days. An employee will then deal with the processing of your request and contact you for any queries or further information if necessary.
a. Description and Scope of Data Processing
The e-mail address and the personal data of the applicant transmitted with the content of the request are stored. No data is passed on to third parties in this context, unless this is necessary to achieve the concern. The data is used exclusively for processing the request.
b. Legal Basis for Data Processing
The legal basis for the processing of the data transmitted during the submission of an e-mail request is Art. 6 para. 1 lit. c GDPR.
c. Purpose of Data Processing
The processing of personal data serves solely to process your request.
The other personal data processed during the processing of the request serve to prevent misuse of a right to which you are entitled and to ensure the identity of your person.
d. Duration of Storage
The data will be deleted after 24 months as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent via e-mail request, the purpose is achieved when the respective processing of the request is concluded. The processing of the request is concluded when the concern of the requesting person has been finally clarified.
If Bilendo is compelled to disclose information to a law enforcement or government authority, Bilendo will inform the customer or the data subject of the request in a reasonable manner and cooperate with them to enable the customer to obtain a temporary injunction or other appropriate legal remedy, unless Bilendo is legally prohibited from doing so. Bilendo will not voluntarily disclose information about a customer or a data subject to law enforcement or government authorities.
We process applicant data in accordance with legal requirements exclusively for the purpose of carrying out the application procedure. The legal basis is Section 26 BDSG (initiation of the employment relationship) as well as Art. 6 para. 1 lit. b GDPR. Insofar as processing is required for the defense against asserted legal claims arising from the application procedure, it is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in providing evidence).
The application procedure requires applicants to provide us with applicant data. The necessary applicant data are marked, if we offer an online form, otherwise they result from the job descriptions and generally include personal details, postal and contact addresses, and the documents belonging to the application, such as cover letter, resume and certificates. In addition, applicants can voluntarily provide us with additional information.
By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and extent set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application procedure, their processing takes place additionally according to Art. 9 para. 2 lit. b GDPR (e.g., health data, such as severe disability status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application procedure, their processing takes place additionally according to Art. 9 para. 2 lit. a GDPR (e.g., health data, if these are necessary for the professional activity).
Applicants can submit their applications using an online form via the Personio GmbH platform provided on our website. Personio GmbH is a software for human resources management and recruiting based in Munich, Germany. The data is transmitted to us encrypted according to the state of the art. We ask that you refrain from applications via post or e-mail. Regardless of this, we ask you to note that e-mails are generally not sent encrypted and applicants must ensure encryption themselves. We can therefore not assume responsibility for the transmission path of the application between the sender and the receipt on our server and therefore ask you to use exclusively the provided online form via our online portal.
The data provided by the applicants can be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicant's data will be deleted. The applicant's data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation by the applicants, after the expiry of a period of no later than six months, so that we can answer any follow-up questions about the application and meet our burden of proof obligations under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
For our online appointment management, we use the online service of meetergo GmbH, Hansaring 61, 50670 Cologne (hereinafter "meetergo"), which enables applicants to schedule appointments with the HR team by entering their desired appointment and the personal data requested as part of the process (first and last name, contact data such as e-mail address and telephone number) via meetergo. The entered data is stored and processed on the servers of meetergo GmbH. This is done solely for the purpose of processing the appointment request.
The privacy policy of meetergo GmbH applies, which you can find under the following Link. We have concluded a corresponding data processing agreement with meetergo. Data processing takes place on protected servers in Germany.
Contact data will not be passed on to third parties, unless you have given your consent or there is an obligation to do so based on legal provisions and/or official or court orders.
We delete your specified personal data after 6 months, unless your desired appointment is further in the future; in this case, we delete your data within a reasonable period after the desired appointment..
The legal basis for the processing is Art. 6 para. 1 lit. b GDPR, if an employment relationship comes into existence with you, otherwise Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in evaluating whether a certain applicant falls within our personnel requirements for the purpose of realizing our company object.
We use the HubSpot service to process your inquiries for a test account and to manage leads and existing customers. HubSpot Inc. is a US-American company with a branch in Ireland (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 1 5187500).
Your data is collected in this context via a Hubspot form. Personal data such as e-mail address, first name, last name and telephone number are processed here.
The legal basis for processing your test account inquiry is Art. 6 para. 1 lit. b GDPR. To efficiently manage interested parties, we store your data in our CRM system. This is based on our legitimate interest in professional customer communication pursuant to Art. 6 para. 1 lit. f GDPR.
The purposes of the data processing are the documentation, storage, and efficient processing of your inquiries (lead management) as well as CRM support.
Bilendo GmbH uses the data collected by means of the HubSpot service only for the purposes specified above and will not pass this data on to third parties. Further information can be found in the Terms of Service and the Privacy Policy of HubSpot Inc.
A data processing agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with HubSpot as the basis for secure data processing. Through these clauses, Hubspot undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: privacy@hubspot.com or by post to HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, Attn: Privacy.
We use the infrastructure of Amazon Web Services Germany GmbH - a subsidiary of the US-American company Amazon Web Service Inc. for the provision of our application and the setup of your test account. AWS supports us as a cloud computing provider in providing the necessary IT infrastructure.
In the context of the creation and use of the test account, your name and e-mail address as well as the usage data generated by you in the application are processed.
The legal basis for the technical provision of the test account is Art. 6 para. 1 lit. b GDPR. The logging of access to ensure system stability is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The purpose of the processing is the provision and the utilization of the requested Test Account.
Bilendo GmbH uses the data collected by means of Amazon Web Services Germany GmbH only for the purposes specified above and will not pass this data on to third parties. Further information can be found in the Terms of Use and the Privacy Policy of Amazon Web Services Germany GmbH.
A data processing agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with Amazon Web Services Germany GmbH as the basis for secure data processing. Through these clauses, Amazon Web Services Germany GmbH undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: aws-EU-privacy@amazon.com.
To answer inquiries and for communication within the scope of setting up and using your test account, we use services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, +353 1 543 1000) – a subsidiary of Google LLC (USA).
In the course of communication, we process your name, your email address, and potentially your phone number and the content of the communication.
The legal basis for the processing of personal data is Art. 6 para. 1 lit. b and f GDPR for the purpose of fulfilling the request and ensuring stable and secure communication.
Bilendo GmbH uses the data collected by Google Ireland Limited only for the purposes specified above and will not pass this data on to third parties. Further information can be found in the Terms of Use and the Privacy Policy of Google LLC.
As a basis for secure data processing, a Data Processing Agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with Google Ireland Limited. Through these clauses, Google Ireland Limited undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company Google LLC also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: data-access-requests@google.com.
With your consent, you can subscribe to our newsletter, with which we inform you about our current offers and news regarding Bilendo. Registration for our newsletter takes place via the so-called double opt-in procedure. This means that after your registration, we will send an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked. In addition, we store your used IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we store your registration data for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 lit. a GDPR.
Your consent to the sending of the newsletter can be revoked at any time and you can unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter email or by sending a message to the contact details provided in the imprint.
We point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluation, we link the data mentioned above and the web beacons with your email address and an individual ID.
You can object to this tracking at any time by clicking the separate link provided in every email or by informing us via another contact method. The information is stored as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.
When contacting us (e.g., via contact form, email, phone, or social media), the user's information is processed for handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b GDPR. The user's information can be stored in a Customer Relationship Management System ("CRM System") or comparable request organization.
We delete the requests as soon as they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
We use HubSpot, a software from HubSpot Inc., USA, for our sales and customer care activities (e.g., user segmentation & CRM & contact forms). HubSpot Inc. is a US-American company with a branch office in Ireland (HubSpot, 2nd floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 1 5187500).
This software is used in the CRM area and supports Bilendo GmbH in the documentation, storage, and processing of leads and existing customers. The purpose of the data processing is the comprehensive care of leads, prospective customers, and customers. The legal basis for the processing of personal data using the HubSpot service is Art. 6 para. 1 lit. a and f GDPR. Bilendo GmbH uses the data collected by the HubSpot service only for the purposes stated above and will not pass this data on to third parties. Further information can be found in the Terms of Service and the Privacy Policy of HubSpot Inc.
As a basis for secure data processing, a Data Processing Agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with HubSpot. Through these clauses, Hubspot undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: privacy@hubspot.com or by mail to HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, Attn: Privacy.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, as well as technical maintenance services, which we use for the purpose of operating this online offer.
In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers, and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
We use HubSpot, a software from HubSpot Inc., USA, for our sales and customer care activities by offering a communication option as chat/chatbot functions. HubSpot Inc. is a US-American company with a branch office in Ireland (HubSpot, 2nd floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 1 5187500). Personal data may be processed when the chat function is used.
HubSpot collects personal data such as your email address and your signup date. When using the chat services within Bilendo, the following data is therefore collected and processed: contact data (e.g., email address), content data (e.g., text entries), usage data (e.g., visited websites, access times), or meta/communication data (e.g., device information, IP address). HubSpot uses cookies and similar technologies for this purpose. Further information on the use of cookies by Hubspot can be found in the Cookie Policy. We also use HubSpot as a communication medium (sales activities and customer care), for example via email or via messages in our product. As part of our user agreement, HubSpot collects publicly available contact information associated with you, such as your email address, gender, company, job title, photos, website URLs, social networks, etc., to improve your user experience. Further information on the data protection practices of HubSpot.
You must actively consent to the collection of your data and the setting of cookies by HubSpot. All cookies are actively set, on the one hand, by the cookie pop-up. On the other hand, a consent banner is displayed upon first use of the chat.
The purpose of the data processing is the comprehensive care of leads, prospective customers, and customers. The legal basis for the processing of personal data using the HubSpot service is Art. 6 para. 1 lit. a and f GDPR. Bilendo GmbH uses the data collected by the HubSpot service only for the purposes stated above and will not pass this data on to third parties. Further information can be found in the Terms of Use and the Privacy Policy of HubSpot Inc..
As a basis for secure data processing, a Data Processing Agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with HubSpot. Through these clauses, Hubspot undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: privacy@hubspot.com or by mail to HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, Attn: Privacy.
We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of misuse or fraud acts) for a maximum duration of 7 days and is then deleted. Data whose further retention is required for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.
We use, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR), Google Analytics, a web analysis service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer, and to provide other services associated with the use of this online offer and internet usage to us. Pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at this Link.
Further information on data usage by Google, setting, and objection options can be found in the Privacy Policy of Google and in the settings for the display of advertisements by Google.
The users' personal data is deleted or anonymized after 14 months.
As a basis for secure data processing, a Data Processing Agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with Google Ireland Limited. Through these clauses, Google Ireland Limited undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company Google LLC also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: data-access-requests@google.com.
We use, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR), the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google")..
We use the online marketing procedure Google "AdWords" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offer more targeted, to present users only ads that potentially correspond to their interests. If a user, for example, is shown ads for products they have been interested in on other online offers, this is referred to as "Remarketing". For these purposes, when our and other websites where the Google advertising network is active are accessed, a code from Google is executed immediately by Google and so-called (Re)marketing tags (invisible graphics or code, also known as "Web Beacons") are embedded in the website. With their help, an individual cookie, i.e., a small file, is stored on the users' device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, what content they are interested in, and what offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time, and other information about the use of the online offer.
Furthermore, we receive an individual "conversion cookie." The information obtained with the help of the cookie serves Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page provided with a conversion tracking tag. However, we do not receive any information that allows users to be personally identified.
The users' data is pseudonymously processed within the framework of the Google advertising network. This means that Google does not store and process, for example, the users' name or email address, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about the users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.
You can prevent the collection of your data by Google Adwords by clicking on the link at the end of the privacy policy. An opt-out cookie will then be set, which will prevent the collection of your data on future visits to this website. Further information on data usage by Google, setting, and objection options can be found in the Privacy Policy of Google and in the settings for the display of advertisements by Google.
As a basis for secure data processing, a Data Processing Agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with Google Ireland Limited. Through these clauses, Google Ireland Limited undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company Google LLC also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: data-access-requests@google.com.
We use, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR), the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
We use the online marketing procedure Google "Doubleclick" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Double Click is characterized by the fact that ads are displayed in real-time based on the presumed interests of the users. This allows us to display ads for and within our online offer more targeted, to present users only ads that potentially correspond to their interests. If a user, for example, is shown ads for products they have been interested in on other online offers, this is referred to as "Remarketing". For these purposes, when our and other websites where the Google advertising network is active are accessed, a code from Google is executed immediately by Google and so-called (Re)marketing tags (invisible graphics or code, also known as "Web Beacons") are embedded in the website. With their help, an individual cookie, i.e., a small file, is stored on the users' device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, what content they are interested in, and what offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time, and other information about the use of the online offer.
The users' IP address is also collected, whereby this is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is only fully transmitted to a Google server in the USA and shortened there in exceptional cases. The aforementioned information can also be linked by Google with information from other sources. If the user subsequently visits other websites, ads tailored to them based on their presumed interests in their user profile may be displayed to them.
The users' data is pseudonymously processed within the framework of the Google advertising network. This means that Google does not store and process, for example, the users' name or email address, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about the users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.
Further information on data usage by Google, setting, and objection options can be found in the Privacy Policy of Google and in the settings for the display of advertisements by Google.
As a basis for secure data processing, a Data Processing Agreement (can be viewed here) and Standard Contractual Clauses (SCC) have been concluded with Google Ireland Limited. Through these clauses, Google Ireland Limited undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. Furthermore, European data localization takes place.
The company Google LLC also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
Contact: data-access-requests@google.com.
We use, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR), Pendo, a web analysis service provided by "Pendo.io, Inc", 301 Hillsborough St, Suite 1900, 276031 Raleigh, NC, USA. Pendo also has an integration with G2. G2 is a rating portal of "G2.com, Inc.". Pendo processes the name and email address of registered and logged-in Bilendo users for this purpose. This information is exclusively transmitted, stored, and processed on servers in the EU.
Pendo will process this information on our behalf to give users of our online offer the opportunity to rate it. Submitting a rating is voluntary. No information is automatically transmitted to G2. When visiting the G2 page, the G2 privacy policy applies. You can find this here.
Pendo commits to complying with the European General Data Protection Regulation by offering a Data Processing Addendum, including the Standard Contractual Clauses. The DPA, including Standard Contractual Clauses, has been concluded with Pendo. Further information is provided in the Privacy Policy of Pendo.
On our website, we use the LinkedIn Insight Tag for marketing and analysis purposes. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. By using the Insight Tag, we can, on the one hand, access information for the analysis of website use and, on the other hand, display advertising content and retargeting tailored to your interests on other websites. A cookie is set in your browser for this purpose. This is valid for 90 days. The tag collects metadata such as IP address, timestamp, and page events, as well as demographic LinkedIn information, if an active LinkedIn member cookie is present.
If you are registered with LinkedIn, LinkedIn can associate your activities and interactions with our online offer and website with your user account. LinkedIn commits to complying with the European General Data Protection Regulation by offering these Standard Contractual Clauses, a so-called Data Processing Addendum. If you are a member of LinkedIn, you can deactivate the Insight Tag with this Link. You can prevent the collection of your data by setting a general opt-out at the end of the privacy policy.
We maintain an online presence within social networks and platforms to communicate with the customers, prospective customers, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the users' data if they communicate with us within the social networks and platforms, e.g., post contributions on our online presence or send us messages.
We use, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR), content or service offers from third-party providers within our online offer to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "Content").
This always requires that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the display of this content. We endeavor to use only such content whose respective providers only use the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "Web Beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the users' device and contain, among other things, technical information about the browser and operating system, referring websites, visiting time, and other information about the use of our online offer, as well as being linked to such information from other sources.
We integrate the videos of the platform "YouTube" from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Privacy Policy is available here. You can use the Opt-Out function via this link.
As a basis for secure data processing, Standard Contractual Clauses (SCC) have been concluded with Google. Through these clauses, Google undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, has been concluded accordingly and can be viewed here. Furthermore, European data localization takes place. Contact: data-access-requests@google.com.
The company also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
This page uses Google Fonts from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the uniform representation of fonts. Google Fonts is installed locally. No connection to Google LLC servers takes place. Further information on Google Fonts can be found in the Privacy Policy for Google LLC.
We integrate the maps of the "Google Maps" service from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include in particular IP addresses and location data of the users, which are not collected without their consent (usually done as part of the settings of their mobile devices). The data can be processed in the USA. The Privacy Policy is available here. You can use the Opt-Out function via this link.
As a basis for secure data processing, Standard Contractual Clauses (SCC) have been concluded with Google. Through these clauses, Google undertakes to comply with the European data protection level when processing the relevant data, even when storing, processing, and managing data in a third country. The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, has been concluded accordingly and can be viewed here. Furthermore, European data localization takes place. Contact: data-access-requests@google.com.
The company also has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following Link.
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
In addition, we offer you information on data protection notices for Business Partners, as well as for Employees and Applicants.
In addition, we offer information on the subject of data protection notices for Business Partners, and for Employees & Applicants.
