Data Privacy

Information Requirements (pursuant to Articles 13 and 14 of the GDPR)

As of May 25, 2018, the General Data Protection Regulation (GDPR) adopted by the European Union is directly applicable.

We hereby wish to inform you of the following:
The controller responsible for the processing of your data is:

senswork Inc.
2109 West Market Street, Suite 141
Johnson City, TN 37604
Phone: +1 423.283.8550
Email: info@senswork.us

You can contact our Data Protection Officer / the person responsible for data protection at: datenschutz@itago.de

To process your request, we require various details, including personal data from you.

We take the protection of your data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations, and only within the scope of our legal mandate or the fulfillment of a contract, or within the scope of your consent (if applicable).

If you do not provide the required data, you must expect that your request cannot be processed or that a contract cannot be concluded with you.

Your data will be stored by the responsible body for as long as necessary to fulfill the task, in compliance with the respective statutory retention periods.

You also have the right to access the data stored about you (Art. 15 GDPR). If incorrect data has been processed, you have the right to rectification (Art. 16 GDPR). In exceptional cases, you may request the erasure or restriction of processing, as well as object to the processing (Art. 17, 18, and 21 GDPR). If you have consented to the data processing or a contract for data processing exists and the data processing is carried out using automated means, you may have a right to data portability (Art. 20 GDPR). If you wish to exercise these rights, the controller will verify whether the legal requirements are met.

You may lodge a complaint with a supervisory authority at any time, e.g., with the competent supervisory authority of the federal state where you reside or with the authority responsible for us as the controller.

For Bavaria:
A list of supervisory authorities (for the non-public sector) with addresses can be found at:
https://www.lda.bayern.de/media/veroeffentlichungen/flyer_baylda_organisation_de.pdf

A list of supervisory authorities (for the public sector) with addresses can be found at:
https://www.bfdi.bund.de

For all other federal states (except Bavaria):
A list of supervisory authorities (for the non-public sector) with addresses can be found at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have consented to the processing of your data by means of a corresponding declaration, you may revoke your consent to data processing at any time with future effect. This does not affect the lawfulness of the processing up to the time of revocation. However, it may then no longer be possible to process your request.

If you would like further information regarding the purpose and legal basis of data processing, potential additional recipients, retention periods, or criteria for deletion, you may obtain this information from the responsible party in writing or verbally.

Your Data Subject Rights

You may exercise the following rights at any time using the contact details provided for our Data Protection Officer:

Pursuant to Art. 15 GDPR, you have the right to obtain information about your personal data processed by us (e.g., processing purposes, recipients, retention period).
Pursuant to Art. 16 GDPR, you have the right to have inaccurate personal data corrected or incomplete personal data completed.
Pursuant to Art. 17 GDPR, you have the right to have your personal data erased, provided that no legal retention obligations or other legal grounds prevent this.
You have the right, pursuant to Art. 18 GDPR, to restrict the processing of your personal data under the statutory conditions.
You have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that such processing is based on legitimate interests.
You have the right to data portability under Article 20 of the GDPR, provided that the processing is based on your consent or a contract. If you have given us your consent, you may revoke it at any time with future effect.

You may file a complaint with the supervisory authority responsible for you at any time. Your competent supervisory authority depends on the state where you reside, work, or where the alleged violation occurred. A list of supervisory authorities (for the private sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Purposes of data processing by the controller and third parties

We process your personal data only for the purposes specified in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those specified. We will only disclose your personal data to third parties if: The basis for data processing is Article 6(1)(f) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

You have given your explicit consent,
processing is necessary for the performance of a contract with you,
processing is necessary to comply with a legal obligation,
processing is necessary to safeguard legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.

Collection of General Information When Visiting Our Website

When you access our website, general information is automatically collected via a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, and similar details. This information does not allow any conclusions to be drawn about your identity.

This information is technically necessary to correctly deliver the website content you have requested and is inevitably generated when using the Internet. It is processed in particular for the following purposes: The processing of your personal data is based on our legitimate interest arising from the aforementioned purposes for data collection. We do not use your data to draw conclusions about your identity. The recipients of the data are only the controller and, where applicable, processors.

Ensuring a smooth connection to the website,
Ensuring a seamless user experience on our website,
Evaluating system security and stability, and
For other administrative purposes.

We may statistically analyze anonymous information of this kind to optimize our website and the underlying technology.

Cookies

We use cookies on our website. These are small text files that are stored on your device when you visit our site. Cookies cannot transmit viruses or malware, but they contain information that enables user recognition.

A distinction is made between so-called transient cookies, which are automatically deleted as soon as you close your browser, and persistent cookies, which remain stored beyond the respective session and enable us to recognize you when you visit our website again.

In addition, a distinction is made between technically necessary and technically non-necessary cookies.

A list of the cookies used is available upon request.

Non-technically necessary cookies (analytics and marketing cookies)

In addition to technically necessary cookies, we also use—provided you have given your consent—technically non-essential cookies. These are used in particular to analyze user behavior on our website and to optimize and personalize our content and offers.

Analytics cookies, for example, enable us to statistically evaluate the use of our website and thereby continuously improve our offerings. Marketing cookies are used to display relevant content or advertising to you and to measure the effectiveness of marketing measures.

These cookies are used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect or adjust your cookie settings accordingly.

Further information on the cookies used and your settings options can be found in our cookie banner or in the cookie settings on our website.

Use of Google Analytics

We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.

Nature and Purpose of Processing
Google Analytics uses cookies and similar technologies to analyze and evaluate the use of our website. In doing so, information about your usage behavior is processed to generate reports on website activity and to optimize our online offering and our marketing measures.

During your visit, the following data in particular may be processed: IP anonymization is enabled by default, so that your IP address is truncated within the EU or the EEA. This significantly limits the possibility of direct personal identification. No directly identifying data such as name or address is processed.

Pages visited and interactions (e.g., clicks, scrolling behavior, time spent on site)
Goals achieved (e.g., contact requests, newsletter subscriptions, purchases)
Approximate location data (country and city)
Technical information (browser, operating system, device, screen resolution)
Referrer URL (source of your visit)
Truncated IP address
A randomly generated user ID (User ID)

Legal Basis
Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR via our cookie banner.

Recipients / Data Processing
Google processes the data as a data processor on our behalf. We have entered into a data processing agreement with Google in accordance with Art. 28 GDPR.

Retention Period
The data collected via Google Analytics is automatically deleted after a specified retention period (typically 14 months). Aggregated data may remain stored beyond this period.

Transfer to Third Countries
A transfer of data to the United States cannot be ruled out. Google LLC is certified under the EU-US Data Privacy Framework (DPF). An adequacy decision pursuant to Art. 45 GDPR therefore applies to data transfers to the United States.

Withdrawal of Consent
You may withdraw your consent at any time with future effect by adjusting your cookie settings.

Alternatively, you can prevent Google Analytics from collecting your data by: Please note that disabling cookies may limit the functionality of our website.

Installing the browser add-on to disable Google Analytics:
https://tools.google.com/dlpage/gaoptout
Rejecting the relevant cookies via our cookie banner

Profiling
Pseudonymous user profiles are created using Google Analytics. These are used to analyze user behavior and tailor our website to your needs.

Google Ads (Conversion Tracking and Remarketing)

We use the services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website, specifically Google Ads for displaying advertisements as well as conversion tracking and remarketing functions.

Nature and Purpose of Processing
As part of Google Ads, we use what is known as conversion tracking. If you arrive at our website via an ad placed by Google, a cookie is set on your device. These cookies allow us to recognize whether a user arrived at our website via an ad and performed certain actions (e.g., purchases or contact requests).

The information collected in this process is used exclusively to generate anonymous conversion statistics. We do not receive any information that can be used to personally identify individual users.

In addition, we use remarketing features of Google Ads. These allow us to display interest-based ads to visitors of our website on other websites within the Google advertising network.

As part of cross-device remarketing, Google may—provided you are logged into your Google account and have given your consent—link your usage behavior across different devices. This allows personalized ads to be displayed on multiple devices.

Processed Data
When using Google Ads, the following data in particular may be processed: Your identity is not directly identified.

Pages visited and interactions (e.g., conversions)
Truncated IP address
Technical information (browser, operating system, device)
Referrer URL (source of your visit)
Cookie IDs and pseudonymous user identifiers
Cross-device information, if applicable, for logged-in Google users

Legal basis
Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR via our cookie banner.

Recipients / Data Processing
The collected data is transmitted to Google and processed there. Depending on the circumstances, Google acts as either a data processor or an independent data controller.

Retention Period
The cookies used generally expire after 30 days. Additionally, data may be stored in aggregated form for a longer period.

Transfer to third countries
A transfer of data to the United States cannot be ruled out. Google LLC is certified under the EU-US Data Privacy Framework (DPF). An adequacy decision pursuant to Art. 45 GDPR therefore applies to data transfers to the United States.

Withdrawal of Consent / Opt-out
You may withdraw your consent at any time with future effect by adjusting your cookie settings.

In addition, you have the following options:

Disabling personalized advertising in your Google Account:
https://adssettings.google.com
Preventing the storage of cookies through appropriate browser settings
Blocking cookies from specific domains (e.g., “googleleadservices.com”)

Please note that if you delete your cookies, any opt-out cookies that have been set will also be removed and must be set again.

Profiling / Remarketing
As part of Google Ads and remarketing, pseudonymous user profiles may be created to display interest-based advertising to you. This is done exclusively based on your consent.

Further Information
Further information on data processing by Google can be found at:
https://policies.google.com/privacy
https://policies.google.com/technologies/ads

Cloudflare (Content Delivery Network)

We use the Content Delivery Network (CDN) provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (“Cloudflare”), to enhance the security and performance of our website.

A CDN is a network of servers distributed worldwide that serves to deliver content to users more quickly and reliably. By using Cloudflare, requests are routed through its servers, which in particular optimizes loading times and provides protection mechanisms against attacks (e.g., DDoS attacks).

Nature and Purpose of Processing
In the context of using Cloudflare, personal data is processed, in particular: Processing is carried out to ensure the stability, security, and efficient delivery of our website.

IP address
Technical connection data
Server log files (e.g., content accessed, date and time of access)

Legal basis
The use of Cloudflare is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in the secure and efficient provision of our online services.

Recipients / Data Processing
Cloudflare is the recipient of your personal data and acts as a data processor on our behalf in accordance with Article 28 of the GDPR.

Retention Period
Data is stored only for as long as necessary to fulfill the stated purposes. Log file data is generally stored for a short period and then deleted or anonymized.

Transfer to third countries
Data processing may also take place on Cloudflare servers outside the EU, particularly in the United States. To safeguard such data transfers, Cloudflare uses the Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Article 46 of the GDPR.

For more information, please visit:
https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

Right to Object
You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. Whether the objection can be accommodated must be assessed through a balancing of interests.

Necessity of Provision
The provision of personal data is neither legally nor contractually required. However, without such processing, the functionality and security of our website cannot be guaranteed.

Further Information
Further information on data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/

HubSpot

We use the services of HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (hereinafter “HubSpot”) on our website. The parent company is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

Nature and Purpose of Processing
HubSpot is an integrated software solution that we use to manage various aspects of our online marketing and customer communication. These include, in particular:

Email marketing
Contact management (e.g., CRM and user segmentation)
Provision of contact forms
Analysis of user behavior on our website
Creation of reports and optimization of our marketing measures

In particular, personal data such as name, email address, IP address, as well as usage and interaction data may be processed.

Legal basis
Processing is carried out depending on the use:

based on your consent pursuant to Art. 6(1)(a) GDPR
or based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in efficient customer communication and the optimization of our online offering

Recipients / Data Processing
HubSpot acts as a data processor on our behalf pursuant to Art. 28 GDPR. We have entered into a corresponding data processing agreement with HubSpot.

Retention Period
Personal data will only be stored for as long as necessary to fulfill the respective purposes or as required by statutory retention obligations.

Data Processing Within the EU
Data processing takes place on servers within the European Union whenever possible. HubSpot provides appropriate data center options for this purpose, ensuring that data is processed primarily within the EU.

Transfer to Third Countries
However, the transfer of data to the United States cannot be completely ruled out, particularly in the context of support or maintenance services. HubSpot, Inc. is certified under the EU-US Data Privacy Framework (DPF). Additionally, Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR are used to ensure an adequate level of data protection.

Withdrawal of Consent
If the processing is based on your consent, you may withdraw it at any time with future effect.

Right to object
To the extent that the processing is based on Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data for reasons arising from your particular situation.

Further information
Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy

jQuery CDN

We use the jQuery JavaScript library on our website, which is provided via a Content Delivery Network (CDN). The provider is StackPath, LLC, 2012 McKinney Ave., Suite 1100, Dallas, TX 75201, USA.

A Content Delivery Network (CDN) is a network of servers distributed worldwide that serves to deliver content from our website more quickly and efficiently. This improves the loading speed and stability of our website.

Nature and Purpose of Processing
When you visit our website, a connection is established with StackPath’s servers to load the jQuery library. In particular, your IP address may be transmitted to StackPath during this process.

The processing is carried out for the purpose of technical provision and the optimization of our website’s loading speed and functionality.

Legal basis
The use of jQuery CDN is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in the fast, secure, and efficient provision of our online services.

Recipients
The recipient of the data is StackPath as the provider of the Content Delivery Network.

Retention period
We do not store any personal data ourselves in this context. The retention period at StackPath is governed by their respective privacy policy.

Transfer to third countries
Data processing in the USA cannot be ruled out. The transfer is based on appropriate safeguards pursuant to Art. 46 GDPR, in particular through the use of Standard Contractual Clauses (SCCs).

Mailchimp (Newsletter)

We use the Mailchimp service to send our newsletter; this service is provided by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (hereinafter “Mailchimp”).

Nature and purpose of processing
Mailchimp enables us to send newsletters and communicate with subscribers. In this context, we process the following personal data in particular:

Email address
Name and other voluntary information, if applicable

In addition, we analyze usage behavior in connection with our newsletters to optimize our content and offerings. In particular, the following data may be processed:

Open rates and click behavior
Time of access
Technical information (e.g., IP address, browser, device)

The analysis is generally pseudonymized and serves to improve our communication.

Legal basis
The sending of the newsletter and the associated performance measurement are carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

Recipients / Data processing
Mailchimp is the recipient of your personal data and acts as a data processor on our behalf in accordance with Art. 28 GDPR. We have entered into a corresponding data processing agreement with Mailchimp.

Retention period
Your data will be stored for as long as your consent to receive the newsletter remains in effect. After unsubscribing from the newsletter, your data will be deleted unless there are legal retention obligations.

Transfer to third countries
Data processing may take place in the United States. Mailchimp and Intuit Inc. are certified under the EU-US Data Privacy Framework (DPF). Additionally, Standard Contractual Clauses (SCCs) pursuant to Article 46 of the GDPR are used to ensure an adequate level of data protection.

Withdrawal of Consent
You may withdraw your consent to receive the newsletter at any time with future effect. You will find a corresponding unsubscribe link in every newsletter. Alternatively, you may also contact us directly.

Further Information
Further information on data protection at Mailchimp can be found at: https://www.intuit.com/privacy/statement/

Social Media Presence

We maintain an online presence on social networks to communicate with interested parties and users and to provide information about our services.

In doing so, we use the following platforms, among others:

Meta Platforms Ireland Limited (Facebook, Instagram)
LinkedIn Ireland Unlimited Company (LinkedIn)
Google Ireland Limited (YouTube)

Nature and Purpose of Processing
When you visit our profiles on social networks, personal data may be processed by the respective platform operators. This applies in particular to:

Usage data (e.g., content viewed, interactions, likes)
Communication data (e.g., messages, comments)
Profile data (e.g., username, publicly visible information)
Technical data (e.g., IP address, device information)

Processing is carried out to:

communicate with users
provide content
conduct reach analyses and marketing activities

Joint controllership
For certain processing activities (e.g., Page Insights on Facebook/Instagram), joint controllership may exist with the respective platform operator pursuant to Art. 26 GDPR.

Legal basis
Processing is carried out:

based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in public relations and communication
as well as, where applicable, based on your consent pursuant to Art. 6(1)(a) GDPR

Transfer to third countries
Processing of data outside the EU, particularly in the U.S., cannot be ruled out. The providers mentioned above are generally certified under the EU-US Data Privacy Framework (DPF), which ensures an adequate level of data protection in accordance with Art. 45 GDPR.

Your Rights
You may exercise your rights (e.g., access, erasure, objection) both with us and with the respective platform operators. However, since data processing is primarily carried out by the platform operators, we recommend contacting them directly.

Meta (Facebook and Instagram)

We maintain online presences on the Facebook and Instagram platforms. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Nature and Purpose of Processing
When you visit our profiles, Meta processes personal data (e.g., IP address, usage data, interactions) to provide content, analyze usage, and display personalized advertising.

We receive anonymized statistics on the use of our pages via so-called “Insights.”

Joint controllership
We share joint controllership with Meta for the processing of Page Insights in accordance with Article 26 of the GDPR.

Legal basis
Processing is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR in public relations and communication.

Transfer to third countries
Processing in the U.S. cannot be ruled out. Meta is certified under the EU-U.S. Data Privacy Framework (DPF).

Further information: https://www.facebook.com/privacy/policy/

LinkedIn

We operate a company page on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Nature and Purpose of Processing
When you visit our LinkedIn page, personal data (e.g., IP address, usage data, interactions) is processed. LinkedIn provides us with anonymized usage statistics (“Page Insights”).

Joint Control
We share joint control with LinkedIn for the processing of Insights data in accordance with Article 26 of the GDPR.

Legal basis
Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Transfer to third countries
Processing outside the EU cannot be ruled out. LinkedIn is certified under the EU-US Data Privacy Framework (DPF).

Further information: https://privacy.linkedin.com/de-de

YouTube (Social Media Presence)

We maintain an online presence on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC.

Nature and purpose of processing
When you visit our YouTube channel, personal data (e.g., IP address, usage behavior, interactions) is processed by YouTube.

Legal basis
Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Transfer to third countries
Processing in the United States cannot be ruled out. Google is certified under the EU-US Data Privacy Framework (DPF).

Further information: https://policies.google.com/privacy

International Data Transfers

If we transfer personal data to third countries (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or have it processed there, this is done exclusively in accordance with legal requirements.

Subject to express consent or a transfer required by contract or law (see Art. 49 GDPR), data processing in third countries takes place only if an adequate level of data protection is ensured. This is particularly the case where an adequacy decision by the EU Commission (Art. 45 GDPR), through the use of the EU Commission’s standard contractual clauses (Art. 46 GDPR), or where suitable safeguards such as certifications or binding internal data protection policies are in place (Arts. 44–49 GDPR).

Further information on international data transfers can be found on the European Commission’s information page:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de

Trans-Atlantic Data Privacy Framework (TADPF)

Under the so-called “EU-US Data Privacy Framework” (DPF), the European Commission has determined that certain companies in the US provide an adequate level of data protection. A list of certified companies and further information can be found on the U.S. Department of Commerce website:

https://www.dataprivacyframework.gov/

Additional information is also provided by the European Commission:

In this privacy policy, we inform you which of the service providers we use are certified under the Data Privacy Framework.

Applicant Data Protection

Factorial (HR Software)
We use the software solution from Factorial HR (hereinafter “Factorial”) to manage our employee and applicant data.

Nature and Purpose of Processing
Factorial is used to organize and manage HR processes. These include, in particular: In doing so, personal data such as name, contact details, contract data, application documents, and other employment-related information may be processed.

Management of employee data
Time tracking and absence management
Applicant management
Document management

Legal basis
Processing is carried out: Recipients / Data processing

in accordance with Art. 6(1)(b) GDPR (for the implementation of pre-contractual measures and employment relationships)
in conjunction with § 26 BDSG (data processing in the employment context)
and, where applicable, on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR

Recipients / Data processing
Factorial acts as a data processor on our behalf pursuant to Art. 28 GDPR. We have entered into a corresponding data processing agreement with Factorial.

Retention period
Personal data is stored only for as long as necessary for the respective purposes or as required by statutory retention obligations.

Transfer to third countries
Data processing generally takes place within the European Union. A transfer to third countries only occurs in compliance with legal requirements (e.g., standard contractual clauses pursuant to Art. 46 GDPR)

Further information
Further information on data protection at Factorial can be found at: https://factorialhr.de/datenschutz

Data Privacy

Privacy Policy