Privacy Policy

Thank you for visiting our website and for your interest in our products and service. The protection of your personal data is important to us. This privacy policy informs you on how we process personal data and what rights you have.

Personal data (“data“) is any information relating to an identified or identifiable person. “Processing” of data means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation”, GDPR) as well as in the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

We only process the data as necessary and for the purpose of providing a functional and user-friendly online presence and website and for the provision of our content and services.

This privacy policy can be accessed and printed out at any time on our website. We reserve the right to amend this privacy policy in compliance with the statutory provisions.

Controller

The Controller for your personal data is

Build.One GmbH
Friedrichstraße 15
70174 Stuttgart
Germany
datenschutz@build.one

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Data Protection Officer

We have appointed a data protection officer to protect your data. If you have any concerns or questions regarding data protection, you can contact our data protection officer directly at any time. He can be reached at the following e-mail address: datenschutz@build.one

Scope of data processing

The data is processed by us or by third parties in the context of website use and for the provision of our service. We only process your data if it is necessary for the stated purposes. Failure to provide the data may have legal disadvantages, such as the loss of legal positions, no response to your enquiry or the impracticability of a contract. As part of our data processing, we use various third-party providers in the areas of hosting, online marketing, mailing services, software and customer/data management (CRM), each of which processes data on our behalf. We have concluded corresponding order processing agreements with these third-party providers, which ensure that an adequate level of data protection is also guaranteed for our order processors (Art. 28 GDPR).

Data security

We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption.

Use of the website / registration

When you use our website, we process the data listed below:

Data / Information	Purpose of processing	Legal basis
Registration data (name, date of birth, user name, telephone number, e-mail, usual place of residence), IP address, date and time of access, access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software.	statistical evaluations for the purpose of optimizing our website, ensuring the stability and operational security of the website	Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest in fraud prevention and quality assurance.
	Fulfilment of legal obligations, for reasons of data security	Art. 6 para. 1 s. 1 lit. c GDPR
	Account creation and management; processing of enquiries, use of the website functions	Art. 6 para. 1 s.1 lit. b GDPR

Cookies

We use so-called cookies on our website. Cookies are small text files that are stored on the terminal device used and are saved by the browser. Cookies serve to make our service more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our services function properly or that you are recognized on your terminal device after successful registration (“necessary” cookies). By placing these necessary cookies, we make it easier for you to have a look on our products and use the services available. We place other cookies to analyse user preferences and thus improve our service (“advanced cookies”). We only place non-essential cookies with your consent. When you visit our website for the first time, a pop-up is displayed (“cookie banner”), in which the individual cookies are described in more detail. There you have the option to allow or reject cookies according to your preferences. We would like to point out that the functionality of this website may be limited if cookies are deactivated.

If personal data is processed when using “necessary” cookies for the legitimate interests of quality assurance and a technically flawless presentation of the website, this is based on Art. 6 para. 1 s. 1 lit. f. GDPR. The processing of personal data when using so-called “extended cookies” is based on your consent (Art. 6 para. 1 s. 1 lit. a GDPR).

Contact and e-mails

If you write to us, send us an e-mail or contact us in any other way, the information from the respective enquiry, including the contact data provided, will be stored by us as follows for the purpose of processing the enquiry and in the event of follow-up questions:

Data / Information	Purpose of processing	Legal basis
Contact details (e.g. name, address) or other data provided in the enquiry	Communication or storage/processing of data in order to establish, execute a contractual relationship	Art. 6 para. 1 s. 1 lit. b. GDPR
	Processing of data based on your consent to respond to the enquiry	Art. 6 para. 1 s. 1 lit. a. GDPR

Newsletter / Newsletter Tracking

With our newsletter we inform you about us and our products. Only your e-mail address is required to register for the newsletter. If you register for the newsletter, your e-mail address will be transmitted to us (or our mail provider) and stored there. After registration you will receive an email to confirm the registration ("double opt-in").

We use the provider Hubspot, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, to send newsletters. Hubspot is a service with which the dispatch of newsletters can be organized and analyzed. For this purpose, we forward your e-mail address and the information whether you have signed up for the newsletter and/or for further product information to Hubspot. With the help of Hubspot, we can analyze our newsletter campaigns. When you open an email sent with Hubspot, a file contained in the email (known as a web beacon) connects to Hubspot servers in the USA. This allows us to determine whether a newsletter message was opened and which links were clicked. In addition, technical information is collected (e.g. time of registration, IP address, browser type and operating system). This information is used for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

Data / Information	Purpose of processing	Legal basis
Contact data (e-mail address, name if applicable), device data (device name, country code if applicable, language, operating system name and version) Connection data (IP address, mail provider)	Product information, advertising communication	Art. 6 para. 1 s. 1 lit. a. GDPR

Plug-ins and similar techniques

On our website, we use so-called pixel tags (invisible graphics, also referred to as "web beacons") and other technologies of the third-party providers listed below for marketing purposes and the provision of our content. The "pixel tags" can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, technical information about the browser and operating system, referring websites, the time of visit and other information about the use of our online service as well as be linked to such information from other sources.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://www.linkedin.com;
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Google Fonts: We integrate the fonts ("Google Fonts") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby the user's data is used solely for the purpose of displaying the fonts in the user's browser.
Website: https://fonts.google.com/;
Privacy Policy: https://policies.google.com/privacy

Data / Information	Purpose of processing	Legal basis
Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data	Display of fonts, direct marketing (e.g. by email or mail), tracking (e.g. interest/behavioural profiling, use of cookies), interest-based and behavioural marketing,	Art. 6 para. 1 s. 1 lit. f. GDPR and Art. 6 para. 1 s. 1 lit. a. GDPR

Tools on our website

We use various third-party tools on our website, in particular for the purpose of online marketing. These tools can be used to store user profiles or similar procedures, by means of which relevant information about the user is stored. In addition to the IP address, this information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. The information in the profiles is usually stored in the cookies (see above) or by means of similar procedures. Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedures we use and the network links the users' profiles to the aforementioned data. We ask to note that users may make additional arrangements with the providers, e.g., by giving consent as part of the registration process. In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures. The tools used are:

Google Analytics Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Privacy Policy: https://policies.google.com/privacy
Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de
Settings for the display of advertising: https://adssettings.google.com/authenticated
Google Tag Manager Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer. The Tag Manager does not yet create user profiles or store cookies. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy.
Google Ads and Conversion Measurement We use the online marketing method “Google Ads” to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a so-called “conversion tracking tag”. However, we ourselves do not receive any information that can be used to identify users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacypolicy?lang=de
HubSpot Hubspot Ireland Limited Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland, Privacy Policy: https://legal.hubspot.com/privacy-policy Opt-Out: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

. .

Data / Information	Purpose of processing	Legal basis
Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user's device).	Tracking (e.g., interest/behavior-based profiling), remarketing, visit action evaluation, conversion measurement, reach measurement (e.g., access statistics, returning visitor detection), targeting, cross-device tracking	Art. 6 para. 1 p. 1 lit. a. DSGVO

Social Media

We are represented on the following social media platforms and process user data in this context in order to communicate with users active there or to offer information about us:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Facebook Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional privacy notices: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy notices for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

We point out that user data can be processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the usage behavior and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy policys and information provided by the operators of the respective social media providers. In the case of information requests and the assertion of data rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, don’t hesitate to contact us.

Recruiting / Applications

In the event that you apply for a job with us, we will process certain data about you. This data includes your name, email, address and telephone number, gender, work history, qualifications, country of residence, language skills and any other personal information you provide in your interactions with us. We may also ask for additional information to assist us in our recruitment process and if you are offered a job, an example would be date of birth and employment documents.

Data / Information	Purpose of processing	Legal basis
Name, email, address and telephone number, gender, work history, qualifications, country of residence, language skills and any other personal information you provide in your application or other communications with us.	to be able to contact you and facilitate your application, to offer an online application system linked to our website, to screen employees (this may include, where appropriate, the collection and use of sensitive personal data, including data from background checks, including possible criminal convictions, and information about proceedings for offences committed or alleged to have been committed), to verify your identity and sign contracts with you; this may include the collection and use of sensitive personal data such as your biometric data	We process your personal data for the fulfilment of our contractual or pre-contractual obligations (on the basis of Art. 6 para. 1 s. 1 lit. b. GDPR) or - as far as necessary - in the context of your employment relationship (§ 26 BDSG).
	to keep records where there is a legitimate interest to do so and it appears necessary and proportionate for our legitimate purposes	Art. 6 para. 1 s. 1 lit. f GDPR or - as far as necessary - within the scope of your employment relationship (§ 26 BDSG).
	in order to comply with our legal or regulatory obligations	Art. 6 para. 1 s. 1 lit. c GDPR or § 26 BDSG
	We may also use your non-sensitive and sensitive data with your explicit consent	Art. 6 para. 1 s. 1 lit. a. GDPR, Art. 9 para. 1 s. 1 lit. a. GDPR or § 26 BDSG

To optimize the application process, we use a service called Personio of Personio GmbH, Rundfunkplatz 4, 80335 Munich, to which the aforementioned data is transmitted. The legal basis for the use of Personio is our legitimate interest in efficient and optimised applicant management (Art. 6 para. 1 s. 1 lit. f. GDPR).

Disclosure of data / third country transfers

As a matter of principle, we only pass on your data to third parties if you have consented to this or if there is another legal basis. If we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are met and that your data is processed in the relevant third country in accordance with the European data protection standard. On a regular basis we use the so-called EU standard contractual clauses (SCC) for this purpose, which we conclude with the respective provider. In addition, a case-by-case risk analysis is carried out with regard to the respective third country. This is done to ensure that your data is processed lawfully in the third country in question and, in particular, that access to your data by state authorities is prevented.

Data processing when accessing linked contents

This privacy policy only applies to this website. However, the website may also contain external links or hyperlinks to websites of other providers. They are to be distinguished from our own content. This third-party content does not originate from us, nor do we have any influence on the content of third-party sites. If you are forwarded to other pages via links within the website, please inform yourself on this other website about the respective handling of your data.

Storage and deletion of data

We store your personal data only as long as it is required for the respective processing purpose and limit the storage period to the minimum necessary. In addition, we only store your data if we are entitled or obliged to do so in accordance with statutory retention periods (e.g. in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO)).

Your rights

You have the following rights:

the right to information,
the right to rectification or erasure,
the right to restrict processing,
the right to data transferability,
the right to revoke your consent with effect for the future,
the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 s. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions.

To exercise your above rights, you can send an email to datenschutz@build.one

You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

Updated: September 2021