Privacy Policy
WALKING BRANDS GmbH
Hallerstraße 76
20146 Hamburg
Phone: +4904080792110
Mail: walkthisway@walkingbrands.de
Website: www.walkingbrands.de
Data Protection Officer:
Thilo Noack
Shared IT Professional GmbH und Co. KG
Email: thilo.noack@shared-it.de
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the WALKING BRANDS GmbH. Use of the WALKING BRANDS GmbH website is generally possible without providing any personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to WALKING BRANDS GmbH. By means of this data protection notice, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled.
Terminology
The data protection information of WALKING BRANDS GmbH is based on the terms used in the GDPR – the General Data Protection Regulation. It should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
As the controller, the WALKING BRANDS GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Definitions
Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for processing may be, in particular, in accordance with Article 6(1)(a) – (f) GDPR:
– The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
– processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
– processing is necessary for compliance with a legal obligation to which the controller is subject
– processing is necessary in order to protect the vital interests of the data subject or of another natural person
– processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
– processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Information about the collection of personal data
Below we provide information about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behavior.
Collection of personal data when you visit our website
When you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred
– Website from which the request originates
– Browser
– Operating system and its interface
– Language and version of the browser software
After a technical evaluation, this data is deleted immediately. This data collection serves to safeguard our legitimate interests in the correct presentation of our website offer, which predominate in the context of a balancing of interests, as well as compliance with the EU General Data Protection Regulation in terms of security and confidentiality in accordance with Art. 6 Para. 1 lit. f) GDPR.
Cookie consent tool
We use the Borlabs cookie consent tool from the provider Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany, to obtain effective user consent for cookies and cookie-based applications requiring consent.
By integrating this consent tool, a banner is displayed to users when they access the page, in which consent for certain cookies and/or cookie-based applications can be given by ticking a box. The tool blocks the setting of all cookies requiring consent until the respective user gives their consent by ticking the box. This ensures that such cookies are only set on your end device if you have given your consent. So that the cookie consent tool can clearly assign page views to individual users and individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected when our website is accessed by the cookie consent tool, transmitted to the server of the cookie consent tool provider and stored there. This data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Another legal basis for the data processing described is Art. 6 para. 1 lit. c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
By using our website, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases in which such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 TDDDG (Telecommunications Digital Services Data Protection Act)
Telecommunications Digital Services Data Protection Act (TDDDG)
The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent in accordance with Section 25 TDDDG. This consent is requested when the website is accessed.
According to Section 25 TDDDG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exemption rule of Section 25 (2) TDDDG and therefore do not require consent.
Please note that the legal basis for the downstream processing of personal data then results from the GDPR. The relevant legal bases for the processing of personal data on this website can be found further on in this privacy policy.
Use of cookies
In addition to the aforementioned data, cookies or similar technologies such as pixels (hereinafter generally referred to as “cookies”) are used on your computer when you use and visit our website. Cookies are either small databases that are stored by your browser on your end device to store certain information, or image files such as pixels. The next time you visit our website with the same device, the information stored in cookies is subsequently sent back either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”).
Through the stored and returned information, the respective website recognizes that you have already accessed and visited it with the browser of your end device. We use this information to optimize the design and display of the website according to your preferences. Only the cookie itself is identified on your end device. Any further storage of personal data will only take place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.
This website uses the following types of cookies, the scope and function of which are explained below:
• Strictly necessary cookies (type a)
• Functional and performance cookies (type b)
• Cookies requiring consent (type c)
Strictly necessary cookies (type a)
Strictly necessary cookies ensure functions without which you cannot use our websites as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies is sent back to our website.
Strictly necessary cookies are used, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and therefore do not have to re-enter your login details each time you access a new page.
The use of strictly necessary cookies on our website is possible without your consent. For this reason, strictly necessary cookies cannot be deactivated or activated individually. However, you have the option of deactivating cookies in your browser at any time (see below)
Functional and performance cookies (type b)
Functional cookies enable our website to store information you have already provided (such as your registered name or language selection) and to offer you improved and more personalized functions based on this. These cookies only collect and store anonymized information so that they cannot track your movements on other websites.
Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality. These cookies help us, for example, to determine whether and which subpages of our website are visited and what content users are particularly interested in. In particular, we record the number of visits to a page, the number of sub-pages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which the access is made, as well as the proportion of mobile devices that access our websites. We also record movements, “clicks” and scrolling with the computer mouse in order to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offering. The IP address of your computer transmitted for technical reasons is automatically anonymized and does not allow us to draw any conclusions about the individual user.
You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.
Legal basis: Art. 6 para. 1 lit. f) GDPR
Cookies requiring consent (type c)
Cookies that are neither strictly necessary (type a) nor functional or performance cookies (type b) will only be used with your consent.
We also reserve the right to use information that we have obtained by means of cookies from an anonymized analysis of the usage behavior of visitors to our websites in order to show you specific advertising for certain of our products on our own websites. We believe that you as a user benefit from this because we display advertising or content that we assume, based on your surfing behavior, matches your interests and you are thus shown less randomly scattered advertising or certain content that may be of less interest to you.
Marketing cookies originate from external advertising companies (third-party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Opt-out for marketing cookies
You can also manage cookies used for online advertising via the tools developed in many countries as part of self-regulation programs, such as https://www.aboutads.info/choices/ based in the USA or http://www.youronlinechoices.com/uk/your-ad-choices based in the EU.
Legal basis: Art. 6 para. 1 lit. a) GDPR
Management and deletion of all cookies
In addition, you can set your Internet browser to generally prevent cookies from being stored on your end device or to ask you each time whether you agree to the setting of cookies. Once cookies have been set, you can also delete them at any time. You can find out how all this works in detail in the help function of your browser.
The cookies and third-party requests described above are placed on your device by the following services through our website:
Google Analytics 4 (GA4)
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which can be used to analyze the use of websites.
When using Google Analytics 4, so-called “cookies” are used. Cookies are databases that are stored on your end device and enable your use of a website to be analyzed. The information collected by cookies about your use of the website (including the IP address transmitted by your device, shortened by the last digits, see below) is usually transmitted to a Google server, where it is stored and processed. This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there. GA4 also offers server-side tracking, which enables us to pseudonymize user data on our own server and only then transmit it to Google.
When using Google Analytics 4, the IP address transmitted by your end device when using the website is automatically collected and processed only in pseudonymized form, so that the information collected cannot be directly linked to a person. This automatic pseudonymization is carried out by shortening the last digits of the IP address transmitted by your device by Google within member states of the European Union (EU) or other signatory states to the Agreement on the European Economic Area (EEA).
Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activity and usage behavior and to provide us with other services relating to your use of the website and the Internet. The abbreviated IP address transmitted by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted.
Google Analytics 4 enables us to recognize the so-called “demographic characteristics” of a user via browser fingerprints. This enables us to evaluate information about the age, gender and interests of website users across all devices on the basis of an evaluation of interest-based advertising and with the help of third-party information. This makes it possible to determine and differentiate between user groups of the website for the purpose of target group-optimized marketing measures. However, data collected via the “demographic characteristics” cannot be assigned to a specific person and therefore not to you personally. This data collected via the “demographic characteristics” function is stored for two months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the terminal device used by you for the use of the website, will only take place if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the “cookie consent tool” provided on the website.
We have concluded a so-called order processing contract with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.
In order to ensure compliance with the European level of data protection even in the event of a data transfer from the EU or the EEA to the USA and possible further processing there, the provider has certified itself for the Trans Atlantic Data Privacy Framework. You can view the certification under the following link: https://www.dataprivacyframework.gov/s/participant-search
If the DPF should fall, the standard contractual clauses can be used as the legal basis. You can view these here: (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).
Further legal information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites.
Google Double Click
This website uses the online marketing tool DoubleClick from Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google). DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and makes a purchase there.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on the advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.
You can prevent participation in this tracking process in various ways:
By setting your browser software accordingly – suppressing third-party cookies means that you will not receive ads from third-party providers; by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain (https://www.google.de/settings/ads); by deactivating interest-based ads from providers that are part of the “About Ads” self-regulation campaign (via the link http://www.aboutads.info/choices). This setting will be deleted if you delete your cookies; by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers (plug-ins available at the link http://www.google.com/settings/ads/plugin). We would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can find information on the third country transfer taking place under “Third country transfer”. Further information on DoubleClick by Google can be found at https://www.google.de/doubleclick and http://support.google.com/adsense and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy.
The provider has been certified for the Trans-Atlantic Data Privacy Framework (TADPF, DPF for short) in order to guarantee the prevailing level of data protection in the EU. You can find detailed information at (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).
Legal basis: Art. 6 para. 1 lit. a) GDPR
Hotjar
The Hotjar analysis software is used on this website. The use of Hotjar enables us to analyze user behavior on the website more precisely and to further optimize it. The information collected (mouse pointer movements, clicks, scrolling movements) is transmitted anonymously to Hotjar. Information entered is made unrecognizable on our website and before the data is transmitted to Hotjar. Hotjar, for its part, uses this information to create reports that are made available to us for analysis and evaluation.
In order to be able to analyze users and their use of our website across pages, Hotjar stores a cookie on the user’s computer. The cookie has a lifespan of up to 365 days. This can be prevented in the Hotjar settings
The legal basis here is Art. 6 para. 1 lit. a) GDPR.
Hotar’s registered office: 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe. Hotjar privacy policy : https://www.hotjar.com/legal/policies/privacy
Google Tagmanager
The Google Tag Manager allows marketers to manage website tags via an interface. However, the tag manager itself, which uses the tags, works without cookies and does not collect any personal data. The tag manager merely triggers other tags. Corresponding explanations for these respective third-party providers can be found in this privacy policy. However, the Google Tag Manager does not use this data. If you have set or otherwise deactivated cookies, this will be observed for all tracking tags used with the Google Tag Manager, i.e. the tool will not change your cookie settings.
In order to ensure compliance with the European level of data protection even in the event of a data transfer from the EU or the EEA to the USA and possible further processing there, the provider has certified itself for the Trans Atlantic Data Privacy Framework. You can view the certification under the following link: https://www.dataprivacyframework.gov/s/participant-search
The legal basis is Art. 6 para. 1 lit. a) GDPR.
Albacross
We use Albacross, a software as a service provider from Sweden (Kunsgatan 26, 111 35 Stockholm), to analyze website access in order to better address and identify customers. By giving your consent, you agree to the processing of personal data on behalf of Albacross Nordic AB (“Albacross”). Data and information contained in the cookies stored on your end devices, which are considered personal data, are processed by Albacross Nordic AB. Albacross Nordic AB offers lead identification and generation as well as the placement of advertisements on websites. The purpose of processing personal data is to enable Albacross to include data in its database about companies. The data that Albacross collects and uses for this purpose is information about the IP address you used to visit our website, as well as technical information that enables Albacross to distinguish different visitors from the same IP address. Albacross stores the domain from the form input in order to associate the IP address with your employer.
Further information on the processing of personal data can be found in the Albacross Privacy Policy (https://albacross.com/privacy-?policy/). You can withdraw your consent to this processing at any time. The revocation can either be sent to us or by contacting Albacross directly.
The legal basis here is Art. 6 para. 1 lit. a) GDPR.
Seobility
We use the Seobility tool from Seobility GmbH, Munich, Germany, on our website to support the search engine optimization (SEO) of our website. Seobility enables us to analyze and optimize our online presence, in particular by performing website crawls and on-page analyses, monitoring keyword rankings, backlink analysis and optimizing content and keywords. Among other things, technical information on the page structure, meta data, loading times and internal links are analyzed. The following data is processed when Seobility is used: Information about website content accessed (e.g. URL, meta data, structural information), technical errors and loading times as well as SEO-relevant structural features. As a rule, personal data of website visitors is not processed, unless the analysis results in personal data in individual cases (e.g. IP addresses when analyzing loading times or crawler access).
The processing of personal data is carried out on the basis of Art. 6 para. 1 lit. a) GDPR.
Further information on data processing by Seobility can be found in the provider’s privacy policy at: https://www.seobility.net/de/datenschutz/
Microsoft Clarity
We use the Microsoft Clarity tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on our website. Microsoft Clarity enables the analysis of user behavior on our website through functions such as session replays, heat maps and interaction analyses. The purpose of using the tool is to analyze user behavior in order to optimize our website, identify errors and improve the user experience.
The following data is processed when Microsoft Clarity is used: Information about the use of our website (e.g. pages visited, clicks, mouse movements, scrolling behavior), technical information about the end device and browser used (e.g. browser type and version, operating system, screen resolution) and the user’s IP address in anonymized form. Microsoft Clarity uses cookies and similar technologies to enable the analysis. In order to ensure compliance with the European level of data protection even in the event of a data transfer from the EU or the EEA to the USA and possible further processing there, the provider has certified itself for the Trans Atlantic Data Privacy Framework. You can view the certification under the following link: https://www.dataprivacyframework.gov/s/participant-search
Should the DPF fall, the standard contractual clauses can be used as the legal basis. You can view these here: (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).
Further information on data processing by Microsoft Clarity and your rights can be found at: https://privacy.microsoft.com/de-de/privacystatement.
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.
Instagram
We maintain a page on the Instagram platform, which can be accessed via a link on our website. The provider of the platform is Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland.
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page.
The data collected about you in this context will be processed by Instagram Inc. and may be transferred to countries outside the European Union. What information Instagram receives and how it is used is described in general terms by the provider Meta Platforms in its privacy policy. There you will also find information on how to contact Instagram and on the settings options for advertisements. The privacy policy is available at the following link: https://help.instagram.com/519522125107875
How Instagram uses the data from visits to Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties is not conclusively and clearly stated by Instagram and is not known to us.
When you access an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to Instagram, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (for example, as part of the “login notification” function); Instagram may thus be able to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages.
As the provider of the information service, we do not collect and process any other data
no data from your use of our service.
Vimeo
The provider for video hosting on Vimeo is: Vimeo Inc, 555 West 18th Street, New York 10011, USA. Videos can be played automatically when you access one of our pages. This establishes a connection to the Vimeo servers. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
In order to ensure compliance with the European level of data protection even in the event of a data transfer from the EU or the EEA to the USA and possible further processing there, the provider has certified itself for the Trans Atlantic Data Privacy Framework (DPF for short). You can view the certification under the following link: https://www.dataprivacyframework.gov/s/participant-search
Should the DPF fall, the standard contractual clauses can be used as the legal basis. You can view these here: (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors). Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy .
The legal basis here is Art. 6 para. 1 lit. a) GDPR.
LinkedIn
We have integrated a link to the LinkedIn portal on our website. The professional network “LinkedIn” is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We maintain our own company page on LinkedIn. This is used to actively address potential employees in a professional environment. We also share information about our company on this page and present ourselves to the outside world in this way.
Together with LinkedIn, we are responsible for the operation of the site and therefore have a so-called “joint responsibility” towards the user. We have concluded a corresponding agreement with LinkedIn. This sets out the respective responsibilities for fulfilling the obligations under Art. 26 GDPR.
In this context, user data may be processed on systems outside the European Union. LinkedIn has undertaken to comply with the data protection requirements of the EU. Data is only transferred to systems outside the EU if the requirements of Art. 44 et seq. GDPR are complied with. You can find out more at: www.linkedin.com/help/linkedin/answer/62533.
For detailed information on the processing and use of data by us and by LinkedIn, as well as a contact option and your rights in this regard and setting options to protect your privacy, please refer to LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Xing
We have integrated a link to the Xing portal on our website. The professional network “Xing” is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg.
We maintain our own company page on Xing. This serves as an active and contemporary means of addressing potential employees in a professional environment. On this page, we also share information about our company and present ourselves to the outside world in this way.
For detailed information on the processing and use of data by the providers on their pages as well as a contact option and your rights and setting options for protecting your privacy, please refer to Xing’s data protection information: https://privacy.xing.com/en/privacy-policy
Data protection information for applicants
We are delighted that you are interested in us and that you are applying or have applied for a position in our company. We would like to provide you with the following information on the processing of your personal data in connection with your application.
Which of your data do we process? And for what purposes?
We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.
What is the legal basis for this?
The legal basis for the processing of your personal data in this application procedure is Art. 6 para. 1 lit. b) GDPR. Accordingly, the processing of data is permitted if it is necessary for the performance of a contract or in order to take steps prior to entering into a contract.
Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion of or defense against claims.
How long will the data be stored?
Applicants’ data will be deleted after 6 months in the event of rejection.
In the event that you have consented to your personal data being stored for a longer period, we will transfer your data to our applicant pool. There the data will be deleted after two years.
If you have been accepted for a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
To which recipients will the data be forwarded?
Your application data will be reviewed by the HR department after we receive your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The next steps are then agreed. Within the company, only those persons have access to your data who need it for the proper course of our application procedure.
Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the fulfillment or initiation of a contract.
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
Contact possibility via the website
The website of the WALKING BRANDS GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties. If you contact us, the necessary data will be stored with your consent. Art. 6 para. 1 lit. a) or lit. b) GDPR serve as the legal basis.
Data processing when using WhatsApp
We offer our customers the option of contacting us via the WhatsApp messenger service. If you contact us via the WhatsApp messenger service, you automatically send us your mobile number. This will not be assigned to your customer data and will not be used by us for further contact.
Legal declarations (such as offers, contracts or contract amendments) are not made via WhatsApp and cannot be accepted. Our customer service is at your disposal for the above-mentioned inquiries. The provider is responsible for data processing by WhatsApp. The WhatsApp terms of use and privacy policy apply: www.whatsapp.com/legal . The legal basis is Art. 6 para. 1 lit. a) or lit. b) GDPR.
Children
Our services are generally aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.
Rights of the data subject
Right to information
According to the GDPR, every data subject affected by the processing of personal data has the right to receive information free of charge at any time from the controller about the personal data stored about them and a copy of this information. Furthermore, the data subject has the right to obtain the following information
– The categories of personal data being processed
– The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
– The duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
– The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
The right to object to such processing
The right to lodge a complaint with a supervisory authority
If the personal data are not collected from the data subject: All available information about the origin of the data
Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
Right to rectification
Any person affected by the processing of personal data has the right under the GDPR to demand the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Right to erasure (right to be forgotten)
Under the GDPR, any person affected by the processing of personal data has the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the following grounds applies and insofar as the processing is not necessary:
– The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
– The data subject withdraws consent on which the processing is based according to
Art. 6 para. 1 lit. a) GDPR, or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground for the processing
– The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
– The personal data has been processed unlawfully.
– The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
– The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by WALKING BRANDS GmbH, he or she may, at any time, contact any employee of the controller. An employee of WALKING BRANDS GmbH shall promptly ensure that the erasure request is complied with immediately.
If the personal data has been made public by WALKING BRANDS GmbH and our company, as the controller, is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, WALKING BRANDS GmbH shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.
Right to restriction of processing
Under the GDPR, any data subject affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies:
– The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
– The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
– The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the WALKING BRANDS GmbH, he or she may at any time contact any employee of the controller. The employee of the WALKING BRANDS GmbH will arrange the restriction of the processing.
Right to data portability
Under the GDPR, any person affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format that is easy to read. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to
Art. 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
Right to object
Any person concerned by the processing of personal data has the right, granted by the European legislator, to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
The WALKING BRANDS GmbH shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If the WALKING BRANDS GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the WALKING BRANDS GmbH to the processing for direct marketing purposes, the WALKING BRANDS GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the WALKING BRANDS GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may contact any employee of the WALKING BRANDS GmbH. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.
Automated decisions in individual cases, including profiling
Any person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or is based on the data subject’s explicit consent.
If the decision is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or it is based on the data subject’s explicit consent, the WALKING BRANDS GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
Right to withdraw consent under data protection law
Under the GDPR, any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the controller at any time.
Legal validity
If parts or individual formulations of this text do not, no longer or do not completely correspond to the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.
The data protection declaration of the WALKING BRANDS GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy policy:
a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.