PRIVACY POLICY

Protecting your privacy when processing personal data is an important concern for us.

When you visit our website or our sub-domain solutions.knowis.com (hereinafter collectively referred to as the “website”) our web server stores the following information by default: the IP address of your Internet Service Provider, the website you visited before visiting our website, the web pages that you visited on our website, and the date and duration of the visit. 

This information is required for the technical provision of the website and is absolutely necessary to securely operate the servers. This data is not personally analyzed. If you submit information to us using a contact form, this information will be stored on our servers during backups. Your data will be treated as strictly confidential and will not be forwarded to third parties. 

By completing the registration form on our website you are agreeing to receive emails from knowis AG. You may withdraw this consent at any time.  

All interested parties and visitors to our website can contact us with questions about data protection at: 

MTG-Consulting GmbH

Herrn Marc Utry

Data Protection Officer DSB-TUEV

Franz-Mayer-Straße 16a

93053 Regensburg

datenschutz@knowis.de

Definitions

The data protection declaration of knowis AG is based on the terms used by the European guideline and regulation provider when the general data protection regulation (GDPR) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance. 

We use the following terms, among others, in this data protection declaration: 

Personal Information 

Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). Identifiable is a natural person who can be identified directly or indirectly, especially by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. 

Person concerned / Data subject 

Data subject is any identified or identifiable natural person whose personal data are processed by the responsible person for processing. 

Processing 

Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, data capturing, organization, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction. 

Restriction of processing 

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing. 

Profiling 

Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, especially to analyze or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person. 

Pseudonymization 

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Responsible person or responsible person for processing 

The responsible person or responsible person for processing is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the responsible person or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States. 

Processor 

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the responsible person. 

Recipient 

Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data under Union law or the law of the Member States within the framework of a specific investigation mandate shall not be regarded as recipients. 

Third person 

A third person is a natural or legal person, authority, institution or other body except for the concerned person, the responsible person, the data processor, and the persons authorized to process the personal data under the direct responsibility of the data processor or the responsible person. 

Acquiescence 

Consent shall mean any informed and unequivocal expression of will voluntarily given by the person concerned in the particular case in the form of a declaration or other clear affirmative act by which the person concerned indicates his or her consent to the processing of personal data concerning him or her. 

Data collection when visiting our website

If our website is used for informational purposes only, for example if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (“server log files”). If you access our website we collect the following data, which we technically require in order to display our website: 

  • Web page visited 
  • Date and time accessed 
  • Volume of data sent in bytes
  • Source/referrer from which you were directed to the web page  
  • Browser used 
  • Operating system used 
  • IP address used (in anonymized form, if applicable) 

Processing is carried out pursuant to Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not forwarded or otherwise used. However, we reserve the right to review the server log files at a later date should specific evidence of illegal use arise. 

Rights of data subjects

Right to confirmation

Every data subject shall have the right granted by the European legislator of directives and regulations to require the responsible person for processing to confirm whether personal data concerning him/her are being processed (Art. 15 GDPR). If a data subject wishes to exercise this right of confirmation, he or she may contact our data protection officer or another employee of the data controller at any time. 

Right to information

Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to obtain, at any time and free of charge, information from the controller concerning the personal data relating to him/her stored and a copy of that information (Art. 15 GDPR). Furthermore, the European regulator has granted the data subject the following information: 

  • the processing purposes 
  • the categories of personal data to be processed 
  • the recipients or categories of recipients to whom the personal data have been or are still being disclosed, especially recipients in third countries or international organizations 
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration 
  • the existence of a right of rectification or deletion of personal data concerning him or her or of a restriction on processing by the controller or of a right of opposition to such processing 
  • the existence of a right of appeal to a supervisory authority 
  • if the personal data are not collected from the data subject: All available information about the origin of the data 
  • the existence of automated decision-making, including profiling in accordance with Art. 22 (1) and Art. 22 (4) GDPR, and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject 

Furthermore, the data subject has a right of access to information whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information on the appropriate guarantees in connection with the transfer. 

If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the data controller at any time. 

Right to rectification

Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to request the immediate correction of inaccurate personal data concerning him/her (Art. 16 GDPR). Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. 

If a data subject wishes to exercise this right of rectification, he may contact our data protection officer or another employee of the controller at any time. 

Right to erasure (Right to be forgotten)

Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to require the data controller to request that the personal data concerning him/her be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary (Art. 17 GDPR): 

  • the personal data have been collected or otherwise processed for such purposes for which they are no longer necessary 
  • the data subject withdraws his or her consent on which the processing was based pursuant to Art. 6 (1a) GDPR or Art. 9 (2a) GDPR and there is no other legal basis for processing 
  • the data subject objects to processing under Art. 21 (1) GDPR and there are no overriding legitimate grounds for processing or the data subject objects to processing under Art. 21 (2) GDPR 
  • the personal data have been processed unlawfully. 
  • the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject. 
  • The personal data was collected in relation to services offered by the information society in accordance with Art. 8 (1) GDPR. 

If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored at knowis AG deleted, he/she can contact our data protection officer or another employee of the data controller at any time. The data protection officer of knowis AG or another employee will arrange for the request for deletion to be complied immediately. 

If the personal data have been made public by knowis AG and our company is obliged to delete the personal data in accordance with Art. 17 (1) GDPR, knowis AG will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other persons responsible for data processing who process the published personal data, that the person concerned has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other persons responsible for data processing, insofar as processing is not necessary. The data protection officer of knowis AG or another employee will take the necessary steps in individual cases. 

Right to restriction of processing

Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to require the controller to restrict the processing if one of the following conditions is met (Art. 18 GDPR): 

  • the accuracy of the personal data is disputed by the data subject for a period which enables the data controller to verify the accuracy of the personal data. 
  • the processing is unlawful, the data subject refuses to delete the personal data and instead requests a restriction on the use of the personal data. 
  • the data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims. 
  • the data subject has lodged an objection to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the data subject outweigh those of the data subject. 

If one of the above mentioned conditions is fulfilled and a data subject wishes to request the restriction of personal data stored by knowis AG, he can contact our data protection officer or another employee of the data controller at any time. The data protection officer of knowis AG or another employee will initiate the restriction of the processing.

Right to data portability

Any data subject shall have the right granted by the European legislator to receive personal data relating to him/her provided by the data subject to a data controller in a structured, current and machine-readable format (Art. 20 GDPR). It shall also have the right to transmit such data to another data controller without obstruction by the controller to whom the personal data have been made available, provided that the processing is based on the consent provided for in Art. 6 (1a) GDPR or Art. 9 (2a) GDPR or on a contract in accordance with Art. 6 (1b) GDPR and that the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller. 

Furthermore, in exercising his right to data transferability pursuant to Art. 20 (1) GDPR, the data subject has the right to obtain that the personal data be transferred directly by a data controller to another data controller, provided this is technically feasible and provided that the rights and freedoms of other persons are not affected thereby. 

To assert the right to data transferability, the person concerned can contact the data protection officer appointed by knowis AG or another employee at any time. 

Right to withdraw consent previously granted

You have the right pursuant to Art. 7 (3) GDPR to withdraw consent previously granted to the processing of your data at any time with future effect. In the event of a withdrawal of consent the affected data will be erased without delay, unless further processing may be legally carried out without consent. Withdrawing consent does not affect the lawfulness of any processing carried out on the basis of your consent before its withdrawal. 

Right to lodge a complaint

 Without prejudice to any other administrative or judicial remedies, if you are of the opinion that the processing of your personal data infringes the GDPR you have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular with a supervisory authority in the member state of your habitual residence, place of work or place of the alleged infringement. 

Pursuant to Art. 55 GDPR, the responsible supervisory authority for knowis AG is: 

Data Protection Authority for Bavaria (Bayerisches Landesamt für Datenschutzaufsicht) 
Promenade 27 (Schloss)  
91522 Ansbach, Germany 

Tel.: +49 (0) 981 53 1300  
Fax: +49 (0) 981 53 98 1300 
 
Email: poststelle@lda.bayern.de  

Right to object to processing

Pursuant to Art. 21 (1) GDPR you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of a legitimate interest of the controller pursuant to Art. 6 (1) (e) or (f) GDPR. This also applies to any profiling based on this provision. The controller will no longer process the personal data unless they can provide compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or unless the processing is carried out for the establishment, exercise or defense of legal claims. Collecting data to display the website and storing data in log files is absolutely necessary to operate the website. 

If your personal data is processed for the purposes of direct marketing you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling to the extent this is carried out in conjunction with direct marketing. 

If you object to processing for the purpose of direct marketing your personal data will no longer be processed for this purpose. 

You can communicate your objection to processing to us by telephone, email, fax or to the postal address found at the beginning of this Privacy Policy. No particular format is required. 

Automated individual decision-making including profiling

 Any person data subject to the processing of personal data shall have the right granted by the European legislator of directives and regulations not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is admissible under Union or Member State law to which the data controller is subject and that such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (3) with the express consent of the data subject (Art. 22 GDPR). 

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, knowis AG shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data controller, to state his own position and to challenge the decision. 

If the data subject wishes to assert rights relating to automated decisions, he/she may contact our data protection officer or another employee of the controller at any time. 

HubSpot

We use HubSpot on our website. 

HubSpot is an integrated software solution we use to cover various aspects of our online marketing. This includes: 

  • Content management (website and blog) 
  • Email marketing (newsletter and automated mailings, such as providing downloads)
  • Social media publishing & reporting  
  • Reporting (such as traffic sources, access etc.) 
  • Contact management (such as user segmentation) 
  • Landing pages and contact forms 

This software uses methods including statistical analysis and evaluating logged user behavior to assist us with optimizing and better coordinating our marketing strategy.  

This Privacy Policy and the content of our website are stored on servers of our software partner, HubSpot. We may use them to get in contact with visitors to our website and to determine which goods or services they are interested in. 

Data may be transmitted to the USA as part of the processing that involves HubSpot.  The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR and our legitimate interest in accordance with Art. 6 (1) (f) GDPR. If you do not want the stated data to be collected and processed via HubSpot you can refuse to give your consent or withdraw your consent at any time with future effect. The basis for processing by HubSpot is a Data Processing Agreement entered into by the controller and HubSpot. 

Personal data is stored for as long as it is required for the purpose of processing. The data is erased as soon as it is no longer required for achieving these purposes. 

All data collected by us is subject to this Privacy Policy. We use all collected data solely for the purpose of optimizing our marketing. 

HubSpot is a software company from the USA with a branch office in Ireland. 

Contact: 

HubSpot 
1 Sir John Rogerson's Quay 
Dublin 2 
Ireland 
Tel.: +353 1 5187500. 

More information can be found in HubSpot's Privacy Policy: https://legal.hubspot.com/privacy-policy  

More information about the EU data protection law that applies to HubSpot can be found here: https://legal.hubspot.com/dpa  

More information about the cookies used by HubSpot can be found here: https://legal.hubspot.com/cookie-policy 

Offering digital content

We collect your personal data in order to be able to provide content that you can download from our website. The personal data transmitted to the controller when providing digital content depends on the entry fields used. The processing of data from the entry fields is solely carried out to enable us to offer digital content, to prevent the misuse of digital content and to safeguard the security of our IT systems. The data is only stored for as long as is necessary to fulfill the purpose. The legal basis for this is Art. 6 (1) (a) GDPR. The consent to the storage of personal data that the data subject grants us via the information provided in entry fields when requesting digital content may be withdrawn by email from the email address used to receive the digital content.  

It is also possible to withdraw consent at any time, for example by email or by informing the controller in another manner. 

Contact form

You can get in contact with us via different contact forms. The personal data transmitted to the controller via the contact form depends on the respective entry fields used. Personal data entered into the entry fields of the contact form is solely used to process your query. Other personal data is processed as part of sending your message to prevent the misuse of the contact form and ensure the security of our IT systems. We may store your telephone number to allow us to call you back and to avoid the misuse of the service offered. No further personal data will be stored. The data is only stored for as long as is necessary to fulfill the purpose. The legal basis for this is Art. 6 (1) (a) GDPR.  

The data subject has the right to withdraw enter their consent to the processing of their personal data at any time. If the user has contacted us, for instance by email, they may object to the storage of their personal data at any time. In such a case, the conversation can no longer be continued. 

All personal data that was stored for the purpose of maintaining contact is then erased. 

Web demo

You may request an appointment for an online demonstration. We use the data collected for this to contact you and to mutually agree on an appointment date, and to carry out and follow up on this appointment. The personal data transmitted to the controller when agreeing to an online demonstration depends on the entry fields used. Personal data entered into the entry fields of the contact form is solely used to process your query. Other personal data is processed as part of sending your message to prevent the misuse of the contact form and ensure the security of our IT systems. We may store your telephone number to allow us to call you back and to avoid the misuse of the service offered. No further personal data will be stored. 

The data is only stored for as long as is necessary to fulfill the purpose. The legal basis for this is Art. 6 (1) (a) GDPR.  

Cookies

When you visit our website we may store information on your device in the form of cookies. Cookies are small text files that are transferred by a web server to the browser of your device and stored there. Only the IP address is stored. The information stored in the cookies allows you to be automatically recognized on your next visit to our website, which can make it easier for you to use our website. 

There are different types of cookies used for various purposes. The following types of cookies are used on the website of knowis AG: 

  • Essential cookies: These are necessary cookies that do not require your consent and provide basic functions as well as being necessary for the proper functioning of the website. 
  • Marketing/tracking cookies: Tracking cookies provide an opportunity to collect data about users’ behavior and thus improve the functioning of the website.  
  • First-party cookies: These cookies are placed by the website the user visits. Only this website can access information from the cookies. 
  • Third-party cookies: These are cookies that exist on our website but originate from a different domain. We have no control over these cookies. If you wish to learn more about this please visit the website of the respective third party. 

More information about the cookies used on our website can be found in the table below. 

Essential cookies
Name Purpose Expiry date Domain Provider
__cfruid  This cookie is part of the services provided by Cloudflare (such as load distribution, providing website content and providing a DNS connection for website operators) End of the browser session 

.www.knowis.com
.solutions.knowis.com 

Cloudflare, Inc.
101 Townsend St.
San Francisco
CA 94107
USA
Privacy Policy 

__hs_opt_out  This cookie is used by the opt-in privacy policy guideline to remember not to ask the visitor to accept cookies again. This cookie is placed when you give visitors the choice to opt out of cookies. It contains the string "yes" or "no".  6 months .knowis.com  HubSpot
25 First Street
Cambridge
MA 02141
USA
Privacy Policy
__hs_initial_opt_in This cookie is used to prevent banners from always being displayed when visitors are browsing in strict mode. It contains the string "yes" or "no".  7 days .knowis.com Cloudflare, Inc.
101 Townsend St.
San Francisco
CA 94107
USA
Privacy Policy 
__cf_bm This cookie is placed by Hubspot’s CDN provider and is a necessary cookie for bot protection. 30 minutes .hubspot.com Cloudflare, Inc.
101 Townsend St.
San Francisco
CA 94107
USA
Privacy Policy 
JSESSIONID The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application.  End of the browser session .nr-data.net New Relic Inc.
188 Spear St.
Suite 100
San Francisco
CA 94105
USA
Privacy Policy

 

Tracking cookies
Name Purpose Expiry date Domain Provider
__hssrc Whenever the HubSpot software changes the session cookie, this cookie is also placed. It determines whether the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value "1" when present.  End of the browser session 

knowis.com

HubSpot
25 First Street
Cambridge
MA 02141
USA
Privacy Policy

hubspotutk

This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. 

It contains an opaque GUID to represent the current visitor. 

6 months .knowis.com  HubSpot
25 First Street
Cambridge
MA 02141
USA
Privacy Policy
__hstc The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increases for each subsequent session). 6 months .knowis.com HubSpot
25 First Street
Cambridge
MA 02141
USA
Privacy Policy
__hssc This cookie keeps track of sessions. This is used to determine if the HubSpot software should increase the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increases with each pageView in a session), and session start timestamp. 30 minutes .knowis.com HubSpot
25 First Street
Cambridge
MA 02141
USA
Privacy Policy
li_gc  This cookie is used to store guests' consent to the use of non-mandatory cookies.   6 months .linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy 

lidc  This cookie facilitates the selection of the data centre.  24 hours  .linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy 

bcookie  This cookie is a browser identifier. This uniquely identifies devices accessing LinkedIn in order to detect misuse of the platform.  1 year  linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy 

bscookie  Used for remembering that a logged in user is verified by two factor authentication and has previously logged in 1 year  www.linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy 

UserMatchHistory  This cookie is used to synchronize the IDs of LinkedIn Ads.  30 days  linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy 

ln_or 

Used to determine whether Oribi analyses can be performed for a particular domain

1 day 

.linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy

AnalyticsSyncHistory 

This cookie is used to store when synchronization with the cookie "lms_analytics cookie" has taken place. 

30 days

 .linkedin.com 

Linkedin 
1000 W. Maude Avenue 
94084 Sunnyvale 
USA 

Privacy Policy 

 

Legal basis

The legal basis for the use of essential cookies which are necessary for the operation of the website is Art. 6 (1) (f) GDPR. If non-essential cookies are used, the legal basis is your consent pursuant to Art. 6 (1) (a) GDPR. Please note that not accepting cookies may restrict the functionality of our website.

Opting out

If you do not want your computer to be recognized on your next visit, you may also reject the use of cookies by changing your browser settings under “Reject cookies”. Please see the instruction manual of your respective browser for further instructions. If you reject the use of cookies this may, however, restrict the use of some of the areas of our website. 

You can change your cookies settings on our website at any time by using the following cookie button.  

Subscription to our newsletter

On the website of knowis AG, users are given the option to subscribe to our company’s newsletter. The functions of the newsletter are provided by HubSpot. The personal data transmitted to the controller when subscribing to the newsletter depends on the entry fields used. 

knowis AG uses the newsletter to inform its clients and business partners about the company's offerings on a regular basis. Our company’s newsletter may only be received by the data subject if (1) the data subject has provided a valid email address and (2) the data subject has registered for the newsletter to be sent to them. For legal reasons, a confirmation email is sent to the email address entered for a data subject the first time it is entered, as part of a double opt-in procedure. This confirmation email serves to check whether the owner of the email address as the data subject has authorized receipt of the newsletter. The corresponding legal basis for the processing of personal data is Art. 6 (1) (a) GDPR. 

During the newsletter registration, we also store the IP address provided by the Internet service provider (ISP) of the computer used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace the (potential) misuse of a data subject's email address at a later time and serves to legally safeguard the controller. If it is necessary for us to store this data for security reasons, the legal basis for this and the processing of this data is covered by Art. 6 (1) (f) GDPR. 

Personal data collected as part of registering for the newsletter will only be used to send our newsletters. Subscribers to the newsletter may be sent information by email if this is necessary to operate the newsletter service or for registration, such as in the event of changes to the newsletter service or in the event of changes to the technical circumstances. No personal data collected as part of registering for the newsletter will be disclosed to third parties. The data subject may unsubscribe from the subscription to our newsletter at any time. The consent granted to us to store the personal data that the data subject provided to us so we can send the newsletter may be withdrawn at any time. Each newsletter contains such an unsubscribe link to withdraw consent. You may also unsubscribe from the newsletter by contacting us directly by email or by informing the controller of this in another manner. 

Newsletter tracking 

The newsletters of knowis AG contain tracking pixels. Tracking pixels are small graphics that are embedded in emails sent in HTML format, which enable log files to be recorded and analyzed. This allows the success or failure of online marketing campaigns to be statistically evaluated. Using the embedded tracking pixel, knowis AG can determine whether and when an email was opened by a data subject (personalized) and which links in the email were accessed by the data subject (anonymized). 

The personal data collected in this manner by the tracking pixel embedded in the newsletter is stored and evaluated in order to optimize the sending of the newsletter and to better adapt the content of future newsletters to the interests of the data subject. This personal data may also be disclosed to third parties if this is required by law or if third parties process this data on our behalf. Unsubscribing from the newsletter is automatically construed as a withdrawal of consent by knowis AG. 

The corresponding legal basis for the processing of data is Art. 6 (1) (f) GDPR. 

Digital Signatureprocess with inSign

Personal data

As part of the processing of your digital signature, personal data is collected and processed. This includes

  • e-mail address
  • First name and surname
  • Mobile phone number, if applicable (for the transmission of a separate password)
  • Biometric data of the signature provided (writing speed, writing direction, writing pauses and, if applicable, pressure)

Description and purposes of the processing of personal data when submitting a digital signature

knowis AG uses the software inSign to encrypt digital signatures. The software records the biometric data of the digital signature (writing speed, writing direction, writing pauses and, if applicable, pressure) as an advanced signature in accordance with the Signature Act and encrypts it using the asymmetric cryptographic method (so-called RSA cryptosystem). We store and use this data during our contractual relationship with knowis AG employees and third parties for the establishment, execution or termination of this contractual relationship. In order to prevent manipulation, the public and private keys required for this asymmetric encryption process are stored with a notary. For evidence purposes in the event of a dispute about the authenticity of your signature, we can request the decryption of individual data records and the release of the decrypted data records from this notary for the purpose of asserting, exercising and defending legal claims.

On devices with a touch-sensitive screen, e.g. tablets or convertibles, the signature can be made directly on this device. On notebooks and PCs, the signature is captured either in the supplementary inSign app or in a signature web client (also supports Windows phones) for smartphones. Alternatively, the signature on the smartphone can also be browser-based (i.e. without an app).

Recipient of the data

As part of the electronic signature process, we use software from InSign GmbH, Am Bäckeranger 2, 85417 Marzling (inSign). In this context, personal data may be processed in Switzerland. The European Commission has issued an adequacy decision for Switzerland to determine an adequate level of data protection. In addition, the document digitally signed by you will be handed over to the user who requested the signature via the inSign software.

Legal basis for the processing

Before submitting a digital signature in a document, you give your consent to the data processing of your biometric data in the inSign software (Art. 6 (1) (a) GDPR and Art. 9 (2) (a) GDPR in conjunction with Art. 7 GDPR). The time, i.e. date and time of the signature, is printed in the document and an inSign process ID is generated.

Any consent you have given to the processing of your biometric data in the context of submitting a digital signature can be revoked at any time by contacting knowis AG (Art. 7 (3) GDPR). In this case, however, the digital signature is in the future no longer possible.

Please note that the withdrawal of your consent is only effective for the future. Processing that took place before the withdrawal is not affected.

If necessary, we will also process your data beyond the actual use in order to protect our legitimate interests or those of third parties in accordance with Art. 6 (1) (f) GDPR, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail.

This includes, among other things, the assertion of legal claims and defense in legal disputes, ensuring the fulfillment of your claims.

Duration of storage

Documents are manually deleted from the inSign system after the process has been completed or after 30 days. We store your personal data for as long as it is required for the above-mentioned purposes. Any further storage takes place in accordance with the statutory regulations, e.g. due to statutory retention periods or for the assertion, exercise or defense of legal claims.

Sales activities on LinkedIn

We use the business-oriented social network LinkedIn as well as linked tools such as the LinkedIn Sales Navigator to actively approach, communicate and initiate business contacts, etc. The social network LinkedIn as well as the LinkedIn Sales Navigator are part of the LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. For the structured collection of contacts, we use the tool Lix from Lix Limited, 98 Bramley Road, London, N14 4HS, United Kingdom.

The data from LinkedIn is only transferred to our CRM system HubSpot after personal or telephone contact or your explicit consent.

Below you will find information on what data is collected, used, and stored by us on LinkedIn.

LinkedIn (including LinkedIn Sales Navigator)

Description and scope of the processing of personal data

For users based in the EU, processing is carried out via LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland.

We would also like to point out that LinkedIn processes data in the US. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. 

Social networks can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence on LinkedIn triggers numerous processing operations relevant to data protection. In detail:

If you are logged into your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account on LinkedIn. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside LinkedIn. If you have an account on LinkedIn, the interest-based advertising may be displayed on all devices on which you are or have been logged in. Please also note that we cannot track all processing on LinkedIn. Further processing operations may therefore be carried out by LinkedIn. For details, please refer to LinkedIn's terms of use and privacy policy.

Please refer to LinkedIn's data protection information to find out which specific data is collected and how it is used:

User Agreement | LinkedIn

LinkedIn Privacy Policy

Purpose and legal basis of the processing

We use the social network for our own presentation of the company, to initiate business contact with potential customers and to present our company and our products and services.

The processing is carried out in accordance with Art. 6 (1) (b) GDPR for the implementation of pre-contractual measures. The analysis processes initiated by LinkedIn may be based on deviating legal bases to be specified by LinkedIn (e.g. consent within the meaning of Art. 6 (1) (a) GDPR). The legal basis for processing your data in our CRM tool is described in the section "HubSpot".

Duration of storage and right to object

We refer to the privacy notices of the LinkedIn Unlimited Company regarding the duration of storage and the right to object.

Lix

Description and scope of the processing of personal data

The processing of data is carried out by Lix Limited

98 Bramley Road, London, N14 4HS, United Kingdom.

Lix analyses the data you provide on LinkedIn and provides it to us in an aggregated and structured form. We then use this data to contact you via LinkedIn as described above.

Please refer to the Lix privacy policy to find out what specific data is collected and how it is used:

Terms of Service - Lix (lix-it.com)

You can also find a list of data that can be exported from Lix here: What data can I export from LinkedIn? | Lix Knowledge Base (lix-it.com)

Purpose and legal basis of the processing

Lix analyses the data you provide on LinkedIn and provides it to us in an aggregated and structured way. We then use this data to contact you via LinkedIn as described above.  The basis for the processing by Lix is a contract for commissioned processing by the controller and Lix Limited. The processing is carried out in accordance with Art. 6 (1) (b) GDPR for the implementation of pre-contractual measures.

Duration of storage

After the end of the purpose and the end of the use of Lix by us, the data collected in this context will be deleted.

Right of objection

The right to object to the processing of your data within our company includes any data on Lix. This may be your professional contact details, which you make public via the social network LinkedIn.

Zendesk

We use the ticketing system Zendesk, a customer service platform provided by Zendesk Inc., 

Zendesk Inc. 
989 Market Street Suite 300 
San Francisco, CA 94102, USA, 

to process customer queries and to improve our services and make them more transparent. In addition, users are able to post queries or suggestions in the community of the Zendesk ticket system or answer existing posts. First name, surname, company and email address will be collected in Zendesk for this purpose. First names and surnames are also visible to other users of our service center. 

knowis AG has contractually agreed that the storage location in data centers is within the European Union wherever possible. Data may still be transferred to the USA.  The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. If the data is processed to perform contractual obligations the legal basis for this processing is Art. 6 (1) (b) GDPR. The data is erased as soon as it is no longer required for the respective purpose, i.e. there is no longer a legitimate interest and we are not otherwise obligated to store documents that may contain your personal data.  

In addition, cookies will be placed with the assistance of Zendesk. These cookies include cookies that are technically necessary to guarantee the technical functionality of the website and to protect the website against attacks from bots. 

Further information can be found in Zendesk's Privacy Notice at: https://www.zendesk.de/company/agreements-and-terms/privacy-notice/  

More information about the cookies used by Zendesk can be found here: https://support.zendesk.com/hc/en-us/articles/4408824378650  

Holding virtual meetings

We use virtual web conferencing to organize virtual meetings where the participants’ words and also potentially the image of the participants are transmitted via microphone and web cam to all participants, hereinafter referred to as “video conferencing”. We use the Microsoft Teams software for this. Microsoft Teams is a service provided by the Microsoft Corporation. 

Microsoft Corporation 
One Microsoft Way 
Redmond, WA 98052-6399 
USA 

A Data Processing Agreement has been entered into with this service provider pursuant to Art. 28 GDPR.  

Processing data as part of video conferencing 

We use Microsoft Teams to hold video conferences. 

We process both user data (such as name, email address and telephone number) as well as content data (such as date and time of participation, screen contents and files shared, chat content) as part of video conferencing. This is carried out to be able to implement (pre)contractual measures with you and to carry out internal and external meetings. Video conferences will only be recorded with prior express permission. 

The legal basis for processing the data here may be Art. 6 (1) (a), (b) or (f) GDPR. 

All data in Microsoft Teams is stored on the servers of Microsoft in the EU as a general rule. 

knowis AG has contractually agreed that the storage location in data centers is within the European Union wherever possible. However as part of processing by Microsoft the data may be transferred to the USA (such as for support activities). The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. 

If the Microsoft Teams website is accessed then Microsoft is responsible for the data processing. This website must only be accessed when downloading Microsoft Teams. If you use Microsoft Teams directly via a web browser without downloading it, you do not need to access the website. 

Using Microsoft Teams is subject to Microsoft's Privacy Statement. 

Microsoft's Privacy Statement can be found here: https://privacy.microsoft.com/en-us/privacystatement  

Microsoft's Service Agreement can be found here: https://www.microsoft.com/en-us/servicesagreement/  

External links

Various external links are embedded in our website. Simply clicking on these links may transfer data to the operator of the website. We are not responsible for the content or the processing of data by the external website.  

There are also links on our website to various social media providers. These are unrelated to social media plug-ins but are rather merely links to our social media accounts. These accounts, like this website, are both operated by knowis AG. Clicking on one of these links will usually transfer your IP address to the operator of the respective platform. If you use one of these services and are logged into your social media account, information regarding your browsing habits may also be collected by the operator of the respective social media platform. It is necessary to transfer your IP address to the operator of the accessed website for technical reasons, a requirement that applies to all websites. 

The corresponding legal basis for the processing of data is Art. 6 (1) (f) GDPR. 

External links have been placed for the following social media channels: 

Transfers to third countries

If we process data in a third country (outside of the European Union or the European Economic Area) or if data is processed as part of using services from third parties or as part of disclosing/transferring data to a third party, this will only take place in order to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or as permitted on the grounds of our legitimate interests.  

Apart from statutory or contractual powers, we will only process data in a third country if the particular requirements of Art. 44 et seq. GDPR are met. This means that processing is based on the existence of specific safeguards, such as the officially recognized confirmation of a level of data privacy comparable with that of the EU or officially recognized contractual obligations (standard contractual clauses). 

Accessing websites from third-party providers through links provided on our website means that data will be transferred to and processed in the USA. The Court of Justice of the European Union has assessed the USA to be a country that does not have an adequate level of data protection in comparison to EU standards. There is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without being able to seek redress. It is also generally difficult to enforce your rights as the data subject.  

If you wish to avoid such data processing, do not access any of these links placed on the website. 

Application process

The protection of your personal data during processing over the course of the entire application process is an important concern for us. In the following, we inform you in detail about the handling of your data (Art. 13 & 14 GDPR).

Responsible Body

The responsible body according to Art. 4 Para. 7 GDPR is:

knowis AG
Dr.-Gessler-Str. 8
93051 Regensburg

Phone: +49 941 409 249 0
E-mail: info@knowis.de

You can contact our Data Protection Officer at:

E-mail: datenschutz@knowis.de

Personal Data and Earmarking

The subject of data protection is personal data (Art. 4 No. 1 GDPR). These are individual details about personal or factual circumstances, such as name, address, e-mail address, or telephone number, which you provide to us as part of the application process:

  • Personal master data (e.g., applicant name, address, date of birth)
  • Communication data (e.g., telephone, e-mail)
  • Results of selection processes (e.g., tests, interviews)
  • Process data (e.g., status, dates)

The following data is collected when you apply through the integrated web form on the careers page (fields in the form marked with an asterisk (*) are mandatory fields and shall be filled in):

  • Salutation
  • Name (first and last name)
  • Email address
  • Query "What are you interested in?"
  • Salary expectation
  • Channel, how you became aware of us
  • Social media profiles (LinkedIn/Xing)
  • Message

The data transmitted as part of your application will be sent via TLS encryption.

Within the scope of our possibilities, we also use social networks to become aware of potential candidates. If it turns out in the course of a mutual contact that we would like to get to know you better, we will obtain your consent before we transfer your data from the respective social network (e.g. LinkedIn, Xing or Stackoverflow) to our Personio application system. We transfer the data either manually by hand or with the help of the Personio Active Sourcing browser extension developed by Personio. Personio's privacy policy can be found here.

Your personal data is stored electronically and used exclusively for the purpose of processing your application:

  • to decide on the establishment of an employment relationship (Art. 6 Para. 1 lit. b GDPR, Art. 88 GDPR, § 26 BDSG )
  • to fulfill legal obligations (Art. 6 Para. 1 lit. c GDPR)
  • to defend against asserted legal claims (Art. 6 Para. 1 lit. f GDPR)
  • for further processing in the event of an employment relationship (Art. 88 GDPR, § 26 BDSG)

Use of Data

During the application process only authorized HR employees, the respective department, and the Management Board have access to your relevant data. Your data will be used exclusively by a restricted group of persons. We will not disclose your personal data in any form to third parties or persons commissioned by us unless we are obliged to disclose it under mandatory statutory regulations (e.g. to government institutions).

Commissioned Data Processing

On the basis of a separate agreement on the processing of personal data, your personal data will be collected, processed, and used on our behalf by the companies:

  • Microsoft
  • Personio

as part of commissioned data processing in accordance with Art. 28 GDPR in accordance with the relevant legal requirements. However, this does not involve the transmission of your personal data to third parties in the sense of data protection law. We remain responsible to you under data protection law.

Deletion

The general statutory retention and deletion periods apply. We delete or anonymize your data as required by the relevant legal provisions within 6 months of the conclusion of the respective staffing procedure. In the case of anonymization, the data is only available to us as so-called metadata for statistical evaluations without a direct reference to persons (for example, the proportion of applications from women or men, number of applications per period, etc.).

Your records will be deleted according to the statutory provisions as set out in our deletion concept. Our company will then no longer be able to access and use your personal data. If, however, an employment relationship is established, we will transfer the relevant data to the personnel file.

Data Transfer to Third Countries

Our storage location is restricted to data centers in the European Union. Therefore, data is not processed outside the European Union (EU). However, from a technical point of view, we cannot completely rule out routing or support services outside the European Union at the Microsoft processor. A secure level of data protection will be ensured by the conclusion of amended EU standard contractual clauses and through technical-organizational measures. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR.

Right of Access and Correction, Right to Object

Every person concerned has the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to object in accordance with Art. 21 GDPR.

You can determine which information you provide to us. You are responsible for all of the content of your online application, such as photos, and you must ensure compliance with legal requirements, such as trademarks, copyrights, personal rights, or other rights of third parties.

According to Art. 20 GDPR you have the right to data portability and according to Art. 77 GDPR the right to complain to a data protection supervisory authority.

If the processing of data takes place on the basis of your personal consent, you are entitled according to Art. 7 GDPR to revoke your consent to the use of personal data at any time. Send this revocation by email to karriere@knowis.de. Please note that the revocation will only take effect in the future. Processing that takes place before the revocation is not affected.

Talent Pool

If you cannot be offered a suitable position at the time of your application, you have the opportunity to give your consent to the collection, processing, and use of your data in the talent pool even after the completion of the application process. This is done to establish contact for professional purposes and for possible consideration in the event of a later placement. You agree to this use separately by email.

If you give your consent, the data will be stored for a further 6 months, beyond the legally permissible 6 months after the recruitment process has been completed. Your data will therefore be stored in the company for a maximum of 12 months after the recruitment process has been completed.

LinkedIn

Thank you for your interest in our LinkedIn company page. We would like to give you an overview of the data that we collect, use and store there. 

Description and Scope of the Processing of Personal Data

For users based in the EU, processing takes place via LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland.

We would also like to point out that LinkedIn processes data in the USA. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. 

Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on LinkedIn triggers numerous data protection-related processing operations. In detail:

If you are logged in to your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on LinkedIn. In this case, this data is recorded, for example, using cookies that are stored on your device or by registration of your IP address. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside LinkedIn. If you have an account on LinkedIn, the interest-based advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot trace all processing operations on LinkedIn. Therefore, further processing operations may be carried out by LinkedIn. Details can be found in the LinkedIn Terms of Use and Privacy Policy.

Please refer to LinkedIn's data protection information to find out which specific data is collected and how it is used:

https://www.linkedin.com/legal/privacy-policy

Purpose and Legal Basis of the Processing

We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.

The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by LinkedIn may be based on different legal bases that must be provided by LinkedIn (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Duration of Storage

After the purpose and at the end of our use of LinkedIn, the data collected in this context will be deleted.

Right to Object

The right to object to the processing of your data within our company includes any data within the social network LinkedIn. This can be, for example, chat histories in the context of professional contact.

Xing

Thank you for your interest in our presence on Xing, a platform of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. We would like to give you an overview of the data that we collect, use and store there.

Description and Scope of the Processing of Personal Data

Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on Xing triggers numerous data protection-related processing operations. In detail:

If you are logged in to your Xing account and visit our social media presence, Xing can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on Xing. In this case, this data is recorded, for example, using cookies that are stored on your device or by registration of your IP address. With the help of the data collected in this way, Xing can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of Xing. If you have an account on Xing, interest-based advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot track all processing operations on Xing. Xing may therefore carry out further processing operations. Details can be found in Xing's terms of use and data protection provisions.

Please refer to Xing's data protection information to find out which specific data is collected and how it is used:

Privacy at XING 

Purpose and Legal Basis of the Processing

We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.

The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by Xing may be based on different legal bases that Xing must provide (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Duration of Storage

After the purpose and at the end of the use of Xing by us, the data collected in this context will be deleted.

Right to Object

The right to object to the processing of your data within our company includes any data within the social network Xing. This can be, for example, chat histories in the context of professional contact.

Stackoverflow

Thank you for your interest in our presence on StackOverflow, a platform of Stack Exchange Inc. 110 William Street, 28th Floor, New York, NY 10038 US. We would like to give you an overview of the data that we collect, use and store there.

We would also like to point out that StackOverflow processes data in the United States. Due to the invalidity of the Privacy Shield Agreement, there is an increased risk associated with data processing.

Description and Scope of the Processing of Personal Data

Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on StackOverflow triggers numerous data protection-related processing operations. In detail:

If you are logged in to your StackOverflow account and visit our social media presence, StackOverflow can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on StackOverflow. In this case, this data is recorded, for example, using cookies that are stored on your device or by registering your IP address. With the help of the data collected in this way, StackOverflow can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of StackOverflow. If you have an account on StackOverflow, the interest-related advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot track all processing processes on stack overflow. Therefore, further processing operations may be carried out by StackOverflow. Details can be found in the StackOverflow terms of use and data protection provisions.

Please refer to StackOverflow's data protection information to find out which specific data is recorded and how it is used:

Privacy Policy - Stack Overflow 

Purpose and Legal Basis of the Processing

We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.

The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by StackOverflow may be based on different legal bases that have to be provided by Stack Overflow (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Duration of Storage

After the purpose and at the end of the use of Stack Overflow by us, the data collected in this context will be deleted.

Withdrawal of Consent

The right to object to the processing of your data within our company includes any data within the Stack Overflow social network. This can be, for example, chat histories in the context of professional contact.

Final Provisions

We reserve the right to amend this privacy policy to always comply with the current legal requirements or reflect changes in the application process or similar. The present privacy policy will then apply for a renewed visit to the recruiting page or a renewed application.

You can find the current privacy policy at https://www.knowis.com/privacy-policy.

Operator of the Recruiting Site

The recruiting site is operated by Personio GmbH, a company based in Germany that provides personnel administration and applicant management software (Legal Notice | Personio). For more information on data protection please click here: Privacy Policy | Personio. The data transmitted as part of your application will be encrypted using TLS and stored in a database. knowis AG is solely responsible for this data as defined by Art. 4 No. 7 GDPR, which runs this online application process. Personio is merely the operator of the software and this recruiting page and, in this context, is a processor according to Art. 28 GDPR. The basis for the processing by Personio is a contract for the order processing between the responsible body and Personio.

 

Whistleblowing System

The whistleblowing system of knowis AG is used to receive and process reports of (potential) violations of laws or guidelines in a confidential and secure manner. We use your information on a specific matter to detect and prevent misconduct. Below we inform you in detail about the handling of your data (Art. 13 & 14 GDPR). 

Data and Data Categories 

Personal data is collected and processed as part of the processing of your notification. This includes 

  • Your name, if you disclose it  
  • Your contact details, if you provide them to us  
  • Personal data of possible data subjects you name in your report or  
  • the facts you describe 

Purpose Limitation 

We store your personal data in order to check and document the report and to be able to contact you if necessary. This includes, among other things, confirmation of receipt of your report, feedback on the measures we have taken or if we have any questions about the matter you have reported. 

Recipients of the data 

All data provided by you will be treated as strictly confidential and will only be made available to persons who process the specific circumstances. 

Recipients within knowis AG 

  • Dedicated Wwhistleblowing officer according to Chapter 2 
  • If necessary, employees of other departments who are entrusted with the clarification of the facts. 

 Recipients outside of knowis AG 

Your personal data will not be passed on to recipients outside knowis AG. However, it is possible that we may forward your personal data to 

  • Law firms or auditing companies, if we rely on their support in the implementation of clarification measures and in the assessment of legal consequences.  
  • Law enforcement, financial and other authorities, insofar as legal provisions or orders from state bodies make this necessary. 

In certain cases, it may be necessary for the data subject to be informed, unless there is an exception under data protection law 

Commissioned Data Processing 

On the basis of a separate agreement on the processing of personal data, your personal data will be collected, processed, and used on our behalf by the companies:  

  • Microsoft 

as part of commissioned data processing in accordance with Art. 28 GDPR in accordance with the relevant legal requirements. However, this does not involve the transmission of your personal data to third parties in the sense of data protection law. We remain responsible to you under data protection law. 

With your consent, a personal meeting can also take place by means of video and audio transmission (in accordance with Section 16 (3) of the Whistleblower Protection Act) following a verbal report of a whistleblower. This meeting takes place in the form of a virtual meeting, which is conducted with the help of Microsoft Teams. You can find more information regarding the handling of your personal data in the privacy policy under the section "Holding virtual meetings". 

knowis AG has contractually agreed that the storage location in data centers is within the European Union wherever possible. However as part of processing by Microsoft the data may be transferred to the USA (such as for support activities). The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. 

Microsoft's Privacy Statement can be found here: Microsoft Privacy Statement – Microsoft privacy

Legal Basis for the processing 

We process your personal data insofar as this is necessary to fulfill legal obligations, in particular in the case of reports of matters relevant to criminal, competition and labor law. The legal basis for processing is Art. 6 (1) (c) GDPR or Art. 9 (4), if health data is involved, in conjunction with Section 10 of the Whistleblower Protection Act. In addition, we base the processing of your personal data on the legitimate interest in the detection and prevention of grievances and the associated prevention of damage and liability risks for the company in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. In addition, data processing may be based on Section 26 (1) BDSG insofar as it serves to detect criminal offenses in the employment relationship. 

Duration of Storage 

In accordance with Section 11 (5) of the Whistleblower Protection Act, the personal data required to clarify and conclusively assess a report will be deleted after 3 years. The documentation may be retained for longer in order to meet the requirements of this Act or other legal provisions as long as this is necessary and proportionate (see Section 11 (5) of the Whistleblower Protection Act). 

Rights of access and rectification, right to object 

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to object under Art. 21 GDPR. 

You can decide for yourself which information you make available to us. You have the right to data portability in accordance with Art. 20 GDPR and the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR. 

Security

We have implemented technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers who work for us are subject to an obligation to adhere to all valid data protection laws. 

Whenever we collect and process personal data, it is encrypted before it is transferred. This means that the data cannot be misused by third parties. Our security precautions are subject to an ongoing improvement process and our Privacy Policy is constantly updated. Please ensure you are reading the most up to date version. 

Storage periods for personal data

The storage periods for personal data are calculated using the respective legal basis, the purpose of processing and, if applicable, the respective statutory retention period (e.g. retention periods under commercial or fiscal law). 

Personal data processed on the basis of express consent pursuant to Art. 6 (1) (a) GDPR will be stored until the data subject withdraws their consent. 

Existing statutory retention periods for data that is processed within the scope of legal transactional or quasi-legal transactional obligations on the basis of Art. 6 (1) (b) GDPR will be routinely erased after the retention period has expired, provided it is no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in storing the data. 

Personal data processed on the basis of Art. 6 (1) (f) will be stored until the data subject exercises their right to object to processing pursuant to Art. 21 (1) GDPR unless we can provide compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. 

Personal data processed for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR will be stored until the data subject exercises their right to object to processing pursuant to Art. 21 (2) GDPR. 

Unless otherwise indicated by other information in this Policy on specific processing situations, stored personal data will also be erased if the data is no longer required for the purposes for which it was collected or processed in other ways. 

Changes to this privacy policy

We reserve the right to make changes to this Privacy Policy if required by new technology. Please ensure you are reading the most up-to-date version. If fundamental changes are made to this Privacy Policy we will publish them on our website. 

DO YOU HAVE ANY QUESTIONS OR WOULD LIKE TO HAVE A PERSONAL CONVERSATION?

Contact us