We take data protection seriously and handle data responsibly. Below, we have compiled the necessary information regarding the use of our website. Please note: The use of contact data published as part of the imprint obligation by third parties for sending unsolicited advertising and information materials is hereby expressly prohibited. The website operators expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.
Website Privacy Policy and Information for Data Subjects pursuant to Articles 13 and 14 of the EU General Data Protection Regulation
General Information
Details of the Responsible Entity:
Company: 390° GmbH
Legal Representatives / Managing Directors: Philip Günther, Kassian A. Goukassian
Address: Lerchenstraße 28, 22767 Hamburg
General Data Processing Information
1. Access Data / Server Log Files
390° collaborates with the web hosting provider Host Europe. This host collects data on every access to the website (so-called server log files). Logs for certain services on the server are automatically recorded. All log files are rotated daily. Logs from the previous day are archived and available for the specified retention period.
– Access Log File
Contains: All accesses to your website, i.e., client, URL of the request, IP address, date and time of the request, type of service used, retention period: 60 days
– Error Log File
Contains: Error messages from PHP, CGI, and the web server itself, retention period: 7 days
– MySQL Slow Query Log
Contains: MySQL queries running longer than 2 seconds, retention period: 7 days
2. Affected Data
Personal data is only collected if you provide it to us voluntarily. No additional personal data is collected beyond this. Any processing of your personal data beyond the scope of statutory permissions will only occur based on your explicit consent.
Processing Purpose:
Contract execution
Categories of Recipients:
Public authorities when required by overriding legal provisions, e.g., tax authorities, social security agencies.
External service providers or other contractors, e.g., for data processing and hosting, payroll accounting, travel expense accounting, insurance services.
Other external entities if the data subject has given consent or if transmission is permissible due to overriding interests.
Third-Country Transfers:
No processors outside the European Union are used.
Data Storage Duration:
The duration of data storage is governed by statutory retention obligations and is generally 10 years.
Specific Information about the Website
Integration of Third-Party Services and Content
This website integrates third-party content, such as videos from YouTube and Facebook. This always requires that the providers of this content (hereinafter referred to as "third-party providers") collect the user's IP address. Without the IP address, they cannot send the content to the user's browser. The IP address is therefore necessary for displaying this content. We strive to use only content whose providers use the IP address solely for content delivery. However, we have no influence if third-party providers store the IP address, e.g., for statistical purposes.
Website Tracking
This website partially uses cookies to make the offer more user-friendly, effective, and secure. Cookies are small text files stored on your computer by your browser, enabling analysis of your website usage. You can prevent the storage of the cookies listed below by adjusting your browser settings; however, this may limit your ability to fully use all website functions.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there. On behalf of the website operator, Google uses this information to evaluate your website usage, compile reports on website activities, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. You can prevent cookie storage by adjusting your browser settings; however, this may limit your ability to fully use all website functions. Additionally, you can prevent the collection of data generated by the cookie (including your IP address) and its processing by Google by downloading and installing the browser plugin available at the following link. Only anonymized IP addresses are used and processed to exclude direct personal traceability.
Use of Hotjar
This website uses the web analytics service Hotjar, operated by Hotjar Ltd., based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). Hotjar is a website analytics tracker for data analysis, website usage, and performance measurement, e.g., tracking how far users scroll or which buttons they click. The tool also allows direct feedback from website users, providing valuable insights to make our websites faster and more user-friendly. Hotjar offers users the option to prevent tracking by using a "Do Not Track" header, ensuring no data about the website visit is recorded. This setting is supported by all common browsers in their latest versions. Your browser sends a request to Hotjar to disable tracking for the respective user. If you use our website with different browsers or devices, you must enable the "Do Not Track" header for each browser/device separately. Detailed instructions for your browser can be found at: https://www.hotjar.com/opt-out. Hotjar’s privacy policy is available at: https://www.hotjar.com/privacy.
Use of SalesViewer® Technology
This website uses SalesViewer® technology from CONCEPTPARTNER® GmbH to collect and store data for marketing, market research, and optimization purposes. Usage profiles can be created under a pseudonym from this data using tracking scripts that collect company-related data. The data collected with this technology is not used to personally identify website visitors without their explicit consent and is not merged with personal data about the pseudonym holder. You can object to data collection and storage at any time with future effect by visiting https://www.salesviewer.com/opt-out to prevent tracking by SalesViewer® on this website. An opt-out cookie will be placed on your device. If you delete cookies in this browser, you must click the link again.
Google Remarketing
DoubleClick by Google, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland), uses cookies to display relevant advertisements. A pseudonymous identification number (ID) is assigned to your browser to track which ads have been shown and accessed. The cookies contain no personal information. The use of DoubleClick cookies enables Google and its partner websites to serve ads based on previous visits to our or other websites. The information generated by the cookies is transmitted to a Google server in the USA and stored there. Google complies with the data protection provisions of the "US Safe Harbor" agreement and is registered with the US Department of Commerce’s "Safe Harbor" program. Google will not merge your data with other data collected by Google.
By using our website, you consent to the processing of data collected about you by Google in the manner and for the purposes described above. You can prevent cookie storage by adjusting your browser settings. Additionally, you can prevent the collection and processing of data generated by cookies by downloading and installing the browser plugin available under the "DoubleClick Deactivation Extension" section at: https://policies.google.com/technologies/ads?hl=de.
Cookies are also used for Google’s remarketing technology or "similar audiences" function to analyze visitor behavior and interests. This technology allows targeted advertising on Google’s partner network for users who have already visited and shown interest in the website. If users have consented to linking their web and app browsing history with their Google account for personalized ads, remarketing is applied across devices. Google Analytics collects authenticated IDs of these users, temporarily linking them with Google Analytics data to create audience segments. Data may be transferred to the USA, where an adequacy decision by the European Commission exists.
Processing is based on Art. 6(1)(f) GDPR, justified by the legitimate interest in targeting website visitors with personalized, interest-based ads when visiting other websites in the Google Display Network. You have the right to object to this processing based on Art. 6(1)(f) GDPR for reasons related to your specific situation. Google users can adjust their ad settings under "My Account" or disable personalized ads. You can permanently disable Google cookies by downloading and installing the plugin at: https://support.google.com/ads/answer/7395996?hl=de Alternatively, you can disable third-party cookies by visiting the Network Advertising Initiative’s opt-out page at: https://www.networkadvertising.org/choices/. Further information on Google Remarketing and its privacy policy is available at: https://www.google.com/privacy/ads/
Use of Facebook Retargeting
Our website integrates remarketing tags from the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA). When you visit our website, these tags establish a direct connection between your browser and the Facebook server. Facebook receives information that you visited our site with your IP address, allowing Facebook to associate the visit with your user account. We can use this information to display Facebook Ads. This function targets website visitors with interest-based advertising on the Facebook social network. When you visit Facebook, personalized, interest-based ads are displayed. Processing is based on Art. 6(1)(f) GDPR, justified by the legitimate interest in the above purpose.
You have the right to object to this processing based on Art. 6(1)(f) GDPR for reasons related to your specific situation. If you do not wish for data collection via Custom Audiences, you can deactivate it here: [link to Facebook Custom Audiences opt-out].
We note that, as the website provider, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information is available in Facebook’s privacy policy at: https://www.facebook.com/about/privacy/ .
Use of Google Tag Manager
We use Google Tag Manager to implement additional plugins on our website. Google Tag Manager does not process personal data itself; data processing occurs through the installed plugins, as noted separately in this privacy policy.
PlugIns
Integration of YouTube
Our website uses the YouTube video platform, a service of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland). YouTube enables the embedding and playback of audio and video files. When you access a page on our website with an embedded YouTube player, a connection to YouTube is established to play the video or audio file, transmitting data to YouTube. We note that, as the website provider, we have no knowledge of the content of the transmitted data or its use by YouTube. Further information is available in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy/
Comment Function in the 390° Blog
When users leave comments in the blog or other posts, their IP addresses are stored for the provider’s security. This is to protect the provider in case illegal content (e.g., insults, prohibited political propaganda) is posted in comments or contributions. In such cases, the provider may be held liable and is therefore interested in the author’s identity.
Use of Gravatar
This website uses the external avatar service Gravatar, operated by Automattic, Inc. (132 Hawthorne Street, San Francisco, CA 94107, USA), to display user images in comments. The email address provided in the comments is transmitted to Gravatar to display any associated user image. The email address is encrypted and sent to Gravatar’s servers, which deliver the images to our website for embedding in comments. Gravatar may store the user’s IP address during this process. Further information on data collection and use by Gravatar is available in their privacy policy at: https://automattic.com/privacy/. If users do not want a Gravatar-linked user image to appear in comments, they should use an email address not registered with Gravatar for commenting.
Facebook Share Button
This website uses social plugins from Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). When you access pages containing such a plugin, data about your visitor behavior is automatically transmitted to Facebook’s servers. The website operator has no influence over the nature and extent of the data collected and transmitted to Facebook. If you are logged into Facebook, it can associate the visit with your Facebook account. Further information on Facebook’s data protection is available at: http://www.facebook.com/policy.php.
This website uses social plugins from LinkedIn (LinkedIn, 2029 Stierlin Court, Mountain View, CA 94043, USA). When the "in" button is activated, a connection to LinkedIn’s servers is established. The content of the "in" button is transmitted directly to your browser and embedded in the website. Your IP address may be transmitted to LinkedIn in the USA. For the purpose and scope of data collection, further processing, and use by LinkedIn, as well as your rights and privacy settings, refer to LinkedIn’s privacy policy at: http://www.linkedin.com/legal/privacy-policy. If you are a LinkedIn member and do not want LinkedIn to collect data about you via the activated "in" button and link it to your LinkedIn account, you must log out of LinkedIn before visiting our website.
This website uses social plugins from XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). When the "XING" button is activated, a connection to XING’s servers is established, and the XING Share Button functions (e.g., calculation/display of the counter value) are loaded. XING does not store personal data or IP addresses from your visit to this website, nor does it evaluate your usage behavior through cookies related to the "XING Share Button." Current data protection information for the "XING Share Button" is available at: https://www.xing.com/app/share?op=data_protection.
This website uses social plugins from Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). When you access a page containing such a button, your browser establishes a direct connection to Twitter’s servers. The content of the Twitter buttons is transmitted directly to the user’s browser. The provider has no influence over the extent of data collected by Twitter via this plugin and informs users based on its knowledge. According to this, only the user’s IP address and the URL of the respective website are transmitted with the button but are not used for purposes other than displaying the button. Further information is available in Twitter’s privacy policy at: http://twitter.com/privacy.
This website uses social plugins from the Pinterest social network, operated by Pinterest Inc. (808 Brannan Street, San Francisco, CA 94103, USA). When you access a page containing such a plugin, your browser establishes a direct connection to Pinterest’s servers. The plugin content is transmitted directly to your browser and embedded in the page. Pinterest receives information that your browser accessed the corresponding page, even if you do not have a Pinterest profile or are not logged in. This information (including your IP address) is transmitted to a Pinterest server in the USA and stored. If you are logged into Pinterest, it can directly associate your visit to our website with your Pinterest profile. Interacting with plugins, e.g., clicking the "Pin it" button, transmits this information to Pinterest’s servers, where it is stored and published to your contacts. For the purpose, scope, and further processing of data by Pinterest, as well as your rights and privacy settings, refer to Pinterest’s privacy policy at: https://about.pinterest.com/de/privacy-policy. To prevent Pinterest from associating data with your profile, log out of Pinterest before visiting our website. You can also prevent Pinterest plugins from loading using browser add-ons like "NoScript" http://noscript.net/.
Tumblr
This website uses social plugins from Tumblr (Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA). When you access a page containing such a button, your browser establishes a direct connection to Tumblr’s servers. The content of the Tumblr buttons is transmitted directly to the user’s browser. The provider has no influence over the extent of data collected by Tumblr via this plugin and informs users based on its knowledge. According to this, only the user’s IP address and the URL of the respective website are transmitted with the button but are not used for purposes other than displaying the button. Further information is available in Tumblr’s privacy policy at: http://www.tumblr.com/policy/de/privacy.
This website integrates plugins from the social network Reddit (Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA). Reddit plugins are identifiable by the orange Reddit smiley logo. When you click the Reddit share button while logged into your Reddit account, you can link our website’s content to your Reddit profile. Reddit can associate the visit with your user account. We note that, as the website provider, we have no knowledge of the content of the transmitted data or its use by Reddit. Further information is available in Reddit’s privacy policy at: https://www.reddit.com/help/privacypolicy. To prevent Reddit from associating your visit with your account, log out of Reddit before visiting our website.
Information on further data processing procedures
Affected Data
Data provided for contract execution; additional data processed based on your explicit consent, if applicable.
Processing Purpose:
Contract execution, e.g., offers, orders, sales, invoicing, quality assurance.
Categories of Recipients:
- Public authorities when required by overriding legal provisions.
- External service providers or contractors, e.g., for data processing, hosting, shipping, transport, logistics, printing, and call centers.
- Other external entities if the data subject has given consent or if transmission is permissible due to overriding interests.
Third-Country Transfers:
No processors outside the European Union are used.
Data Storage Duration:
The duration of data storage is governed by statutory retention obligations and is generally 10 years.
Contact Data Details
Contact data are personal data required to enable communication between 390° GmbH and the user. The following data is transmitted and stored when using the contact form on our website:
- Name (required field)
- Email address (required field)
- Subject
- Phone number
- Message
Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email is stored. No data is passed on to third parties in this context; the data is used exclusively for processing the conversation.
The legal basis for processing data transmitted via email or the contact form is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR.
Data is deleted as soon as it is no longer required for the purpose of its collection, i.e., when the conversation with the user is concluded, as indicated by the circumstances.
Users can revoke their consent to the processing of personal data at any time. If a user contacts 390° via email, they can object to the storage of their personal data by including the following statement in the email:
"I object to the storage of my personal data sent via this email. I understand that continuing the conversation will not be possible."
In such cases, all personal data stored during the contact will be deleted.
Handling of Personal Data in the Application Process
Affected Data:
When visiting the 390° job page, the following data is processed by the Recruitee software used by 390°: Traffic source, HTTP requests and responses, cookies, date, and time of use.
All personal data provided in the application form, including but not limited to:
- Full name, email address, phone number, photo, cover letter, resume, LinkedIn profile, Indeed profile, and the job applied for.
- Status, scheduling, and notes regarding your application, email communication.
Processing Purpose:
Conducting the application process.
Categories of Recipients: - Public authorities when required by overriding legal provisions.
- External service providers: 390° uses Recruitee software for efficient application processing.
Third-Country Transfers:
No processors outside the European Union are used.
Data Storage Duration:
Application data is generally deleted 180 days after the decision is communicated, unless consent for longer storage in the applicant pool is given.
Applicants can revoke their consent to the processing of personal data or request data changes at any time. In such cases, the stored personal data will be deleted or modified.
Applications via Indeed or LinkedIn require processing of personal data to enable the "Apply with LinkedIn" and "Apply with Indeed" functions. LinkedIn and Indeed may use cookies. Their privacy policies are available at:
https://www.linkedin.com/legal/privacy-policy
Processing of Employee Data
Affected Data:
Data provided for contract execution; additional data processed based on your explicit consent, if applicable.
Processing Purpose:
Contract execution within the employment relationship.
Categories of Recipients:
- Public authorities when required by overriding legal provisions, e.g., tax authorities, social security agencies.
- External service providers or contractors, e.g., for data processing, hosting, payroll accounting, travel expense accounting, insurance services.
- Other external entities if the data subject has given consent or if transmission is permissible due to overriding interests.
Third-Country Transfers:
No processors outside the European Union are used.
Data Storage Duration:
The duration of data storage is governed by statutory retention obligations and is generally 10 years.
Processing of Supplier Data
Affected Data:
Data provided for contract execution; additional data processed based on your explicit consent, if applicable.
Processing Purpose:
Contract execution, e.g., inquiries, purchasing, quality assurance.
Categories of Recipients:
- Public authorities when required by overriding legal provisions.
- External service providers or contractors, e.g., for data processing, hosting, accounting, payment processing.
- Other external entities if the data subject has given consent or if transmission is permissible due to overriding interests.
Third-Country Transfers:
No processors outside the European Union are used.
Data Storage Duration:
The duration of data storage is governed by statutory retention obligations and is generally 10 years.
Additional Information and Contacts
You can exercise your rights to access, correction, deletion, restriction of processing, objection to processing, or data portability at any time. Contact us via email or letter at: https://www.390.de/impressum/. You also have the right to lodge a complaint with a data protection supervisory authority.
Employees and service providers commissioned by the provider are obligated to maintain confidentiality and comply with the provisions of the Federal Data Protection Act and other professional data protection regulations.
Changes to the Privacy Policy
We reserve the right to amend the privacy policy to adapt to changed legal situations or changes in the service or data processing. However, this only applies to statements regarding data processing. If user consent is required or parts of the privacy policy include provisions of the contractual relationship with users, changes will only be made with user consent.
Users are requested to regularly review the content of the privacy policy.
Data Security
We use the widespread SSL (Secure Socket Layer) procedure for website visits, with the highest encryption level supported by your browser, typically 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page is transmitted encrypted by the closed key or lock symbol in your browser’s status bar.
We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
