Privacy Policy
Privacy Notice (short version)
The following privacy notice shall provide you with a general overview about the collection, processing and use (hereinafter together referred to as “processing”) of your personal data. For more information regarding our processing activities, please view our complete Privacy Policy.
What kind of data do we process?
  1. While using the eyeo.com website (by default):
    • IP address (stored separately)
    • Date and time of access
    • Browser name/version
    • URL of previously visited webpage
    • Amount of data sent
    • Language preferences
  2. When applying for a job:
    • Name
    • Email address
    • CV and all other data voluntarily uploaded / shared by you
  3. When subscribing to a newsletter (voluntarily):
    • Name
    • Email address
How do we collect data?
  • Log files
  • Data entered by user into the job application form
  • Newsletter sign up form
How and why do we process your data?
  • For technical purposes, such as, but not limited to, preventing security attacks
  • Evaluating your application for recruitment purposes
  • If requested by you, to inform you about our products by sending you newsletters
How long do we keep data?
  • Website logs for 30 days.
  • Application data for six (6) months after rejection of a candidate.
  • Email addresses for newsletter services for no more than two (2) months after unsubscription.
What is the legal basis of data processing?
We process your personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU laws and German national data protection laws.
Our values
We collect as little data as possible. As far as anonymous or pseudonymous use is possible we anonymize or pseudonymize your data.
What rights do you have?
  • Receive and access information about the personal data stored by us about you.
  • Rectify inaccurate personal data and restrictive details.
  • Receive all your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller.
  • Request erasure of your data, unless such data needs to be retained for legal purposes.
  • Object to the processing of your data.
  • Withdraw your consent at any time, when you have provided us with your consent to the processing of your personal data.
  • Lodge a complaint with the respective supervisory authority.
Questions?
Contact our Data Protection Officer, Dr. Judith Nink, at  or phone +49 (0) 221 / 65028 598.

Privacy Policy (long version)

Your protection and data confidentiality is of utmost importance to us (“eyeo” “we” “our”). We take the protection of your personal data very seriously and collect as little data as possible. Nevertheless, some personal data are necessary to provide our website and/or our application tools for candidates. This privacy policy shall inform you about the personal data we collect and how exactly that data is processed. We gather and use personal data firmly within the provisions of the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU Laws and German national data protection laws. In the following text we will inform you about the specific data, the scope and purpose of the collection and use of personal data by us when using eyeo.com, the legal basis for such collection and processing as well as your rights to protect your personal data.

Who is responsible for the data collection and processing (contacts)?

Our values

The legal person responsible for the collection, processing and/or use of personal data in connection with eyeo.com (“Controller”) is:

eyeo GmbH
Lichtstraße 25
50825 Cologne
Germany

Data Protection Officer

If you have any queries relating your personal data, please do not hesitate to contact our Data Protection Officer:

Dr. Judith Nink

Phone: +49 (0) 221 / 65028 598

Email:

Fax: +49 (0) 221 / 65028 599

What is personal data?

The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information includes, for example, details such as name, postal address, email address or telephone number but also nicknames, certificates and information about your interests.

What kind of Data do we collect and process and how?

Automatically collected and processed information:

Website logs

While using eyeo.com website, we are automatically recording website logs and thereby collecting the following data for technical and for security reasons:

  • IP address (stored separately)
  • Date and time of access
  • Browser name/version [1]
  • URL of previously visited webpage [2]
  • Amount of data sent

This data is stored purely for technical reasons and cannot be linked to any individual person. We do not combine website log data with any other information about you.

[1] For more information, please refer to https://tools.ietf.org/html/rfc7231#section-5.5.3.

[2] For more information, please refer to https://tools.ietf.org/html/rfc7231#section-5.5.2.

Information you give us on a voluntary basis:

Application data

If you are applying online for a job at eyeo you need to fulfil our online application form. In order to evaluate your application properly we need at least your name, email address and a CV. On a voluntary basis you may further add a telephone number, a cover letter, additional documents, such as, but not limited to certificates, a website and additional information about you.

We collect and process those data for the sole purpose of managing eyeo’s recruitment related activities as well as for organizational planning purposes. Consequently, eyeo may use your personal data in relation to the evaluation and selection of applicants including for example setting up and conducting interviews and tests, evaluating and assessing the results thereto and as is otherwise needed in the recruitment processes including the final recruitment.

Newsletter

We provide you with a newsletter service free of charge. We use the newsletter to inform you about new products, updates on our products and to send you general information about eyeo. We need your email address in order to send you the newsletter. You can enter your email address at eyeo.com. We will store and use your email address solely to send you the newsletter.

Each newsletter contains information on how to unsubscribe (‘right to withdraw your consent’) from your subscription at any time with immediate effect.

What is the legal basis?

We process personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the applicable German national data protection laws:

Processing is necessary for taking steps prior to enter into a contract (Art. 6 (1) b GDPR)

All data you provide us with in connection with your application (more information about the purposes you will find here>) is necessary for the sole purpose of hiring new employees and therefore evaluating and selecting applicants including for example setting up and conducting interviews and tests, evaluating and assessing the results thereto and as is otherwise needed in the recruitment processes including the final recruitment (meaning taking steps prior to enter into an employment contract). If you don’t send us your application data your application cannot be taken into account.

Collection and processing is necessary for compliance with a legal obligation to which the controller is subject – Art. 6 (1) c GDPR

Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of a EU Member State.

Processing is necessary for the purposes of eyeo’s legitimate interests (Art. 6 (1) f GDPR)

The collection and processing may be necessary for the purposes of our legitimate interests. We collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Preventing such overloads of our systems and any security issues by denial of service attacks is in your and our vital interest and therefore we use the website logs.

We use website log data (with anonymized IP addresses) for analyzing purposes to help us improve our website.

Processing is based on your consent (Art. 6 (1) a GDPR)

When subscribing for our newsletter (more information on purposes), you provide us with your consent, which legitimizes the use of your email address in accordance and to the extent of your consent.

Do we disclose any personal data?

We will not transfer your personal data to third parties as a matter of course without letting you know in advance or asking for your prior permission. We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:

  • If required for legal proceedings/investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and/or abusive behaviour. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offences entailing fines and the German finance authorities.
  • As part of the further development of our business it may happen that the structure of eyeo GmbH changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions customer information may be shared with the transmitted part of the company. In the event of a transfer of personal information eyeo GmbH will ensure that it is done in accordance to this Privacy Policy and the German data protection laws.
  • For support purposes we are working with a service provider, PlatinPower.com GmbH, Mündender Straße 31, 34123 Kassel, Germany (“PlatinPower”). PlatinPower will only access and process any of your personal data to the extent required for support purposes and only under our instructions. This is be safeguarded by a data processing agreement.

International data transfers

For the following services we are using non-EU/EEA service providers. We have carefully selected these external service providers and review regularly to ensure that your privacy is preserved. The service providers provide sufficient guarantees to ensure an adequate level of data protection and may only use the personal data for the purposes stipulated by us and in accordance with our instructions. We also contractually require the service providers to treat your personal data solely in accordance with this Privacy Policy and the European data protection laws:

  • For job applications we use external service providers to host the online application for you. Greenhouse collects some information on its website, such as anonymous usage statistics, by using cookies, server logs, and other similar technology. For more information, please refer to Greenhouse’s Privacy Policy. When clicking on the “Apply now” button you will be automatically forwarded to the job application tool, which is provided and hosted by Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011 (“Greenhouse”). Your job application information, including all documents provided by you, is stored at Greenhouse, in order to enable them to fulfil their contractual obligations. In order to ensure an adequate level of data protection, we have entered into the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can request a copy by contacting .

Data Retention

Detailed website logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.

Application data will be deleted six (6) months after rejection of a candidate. Data of hired candidates will be kept until the end of the employmentship.

Email addresses for newsletter services will be deleted at least two (2) months after you have unsubscribed.

What rights do you have?

In compliance with the GDPR and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:

Information, access, rectification and restriction rights

You have the right to receive, upon request, information about the personal data stored by us about you and information about how we collect and process your personal data. Where that is the case, you have the right to gain access to such personal data stored by us. You have the right to request from us the rectification of inaccurate personal data, if any. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. You also have the right to request restriction of processing.

Data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit those data to another controller.

Erasure of your data

You have the right to demand from us the erasure of your personal data, where – inter alia – one of the following grounds applies:

  • If we no longer need your personal data for the aforementioned purposes.
  • If you withdraw your consent on which the collection and processing is based on Article 6 (1) a GDPR and where there are no other legal grounds for collection and processing.
  • If you object to the collection and processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for collection and processing.

Please note, if data needs to be retained for legal purposes we will restrict the respective data.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes the GDPR.

Right to object to the processing of your data

You have the right to object at any time to the collection and/or processing of your personal data on grounds relating to your particular situation, where collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR)>.

Right to withdraw your consent at any time

You have the right to withdraw your consent at any time, if you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes. The withdrawal of your consent does not affect the lawfulness of processing based on the consent before its withdrawal.

How to exercise your rights

To exercise your rights, please contact us via or mail to:

eyeo GmbH
Lichtstraße 25
50825 Cologne
Germany

Changes to this Privacy Policy

This Privacy Policy can be changed from time to time. The respective current version is available at: https://eyeo.com/privacy

June 2018