This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as the "online offer"). Regarding the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). In addition, we will inform you below about the third-party components used by us for optimisation purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.
Responsible Content Provider
MetaDesign GmbH
Leibnizstraße 65, 10629 Berlin
E-mail address: mail.ber@metadesign.de
Managing Director: Leyser, Daniel
Link to the imprint: https://metadesign.com/de/impressum
Contact Data Protection Officer: yusuf.tuncay-eberl@publicisresources.com
Exercising your rights at any time using the contact details provided by our data protection officer or by using the following LINK to the request for information form.
You can exercise the following rights at any time:
- Information about your data stored by us and its processing (Art. 15 GDPR),
- Rectification of inaccurate personal data (Art. 16 GDPR),
- Deletion of your data stored by us (Art. 17 GDPR),
- Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Objection to the processing of your data by us (Art. 21 GDPR) and
- Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
Type of Data Processed
- Inventory data (e.g., names, addresses)
- Contact details (e.g., e-mail, telephone numbers)
- Content data (e.g., text inputs, photographs, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").
Purpose of processing
Provision of the online offer, its functions and contents, answering contact requests and communication with users, security measures, reach measurement/marketing.
Relevant legal bases
In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art. 6 (1) (b) GDPR, the legal basis for processing for the fulfilment of our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 (1) (f) GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
Security measures
In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, availability and separation.
Cookie Consent Management Platform (general)
We use a Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle scripts and cookies used correctly and securely. The software automatically creates a cookie pop-up, scans and controls all scripts and cookies, provides you with cookie consent required by data protection law and helps us and you to keep track of all cookies.
As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time we visit our website, and we can also prove your consent if required by law.
You have the right and the possibility to withdraw your consent to the use of cookies at any time. This can be done either through our cookie management tool or through other opt-out features in the relevant section of this Privacy Policy or the browser you are using.
OneTrust (CMP)
We use One Trust, a consent management tool, on our website. The service provider is the US company OneTrust, 1200 Abernathy Rd. Suite 700 Atlanta, Georgia 30328. You can find out more about the data processed through the use of OneTrust in the Privacy Policy on https://www.onetrust.com/privacy/.
Right to object
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection can be made in particular to processing for direct marketing purposes.
Cookies and the right to object to direct marketing
"Cookies" are small files that are stored on users' computers. Different information may be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie can be used to store, for example, the contents of a shopping cart in an online shop or a login status. "Persistent" or "persistent" is the term used to describe cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. Likewise, such a cookie can store the interests of the users, which are used for reach measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller operating the online offer (otherwise, if they are only their cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and provide information about this in our privacy policy.
If you as a user do not want cookies to be stored on your computer, you are asked to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ . Furthermore, the storage of cookies can be achieved by deactivating them in the settings of the browser. Please note that it may not be possible to use all the functions of this online offer.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a statutory permission (e.g. if a transfer of the data to third parties, such as lettershops, is necessary for the performance of the contract in accordance with Art. 6 (1) (b) GDPR), you have consented, a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data based on a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
Transfer to third countries
We only transfer or process data to countries outside the EU/EAA (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. The processing of personal data in third countries such as the USA, where many service providers have their server locations, may mean that personal data is processed and stored there.
We therefore expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google) may mean that data may not be processed and stored anonymously. In addition, US government authorities may have access to individual data. In addition, it may happen that collected data is linked to data from other services of the same provider, if you have a corresponding user account.
Deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Contact
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user's information will be processed for the purpose of processing the contact request and its processing in accordance with Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f. (legitimate interests on our part) GDPR. The user's information may be stored in a customer relationship management system ("CRM system") or comparable request organization. Your data will be deleted provided that your request has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as e.g. in the event of any subsequent contract execution.
Collection of access data
We, or our hosting provider, collect data based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum period of 7 days and then deleted. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Google AdWords and Conversion Measurement
We use the online marketing process Google "AdWords" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads within our online offering in a more targeted manner in order to only present ads to users that potentially match their interests.
We also receive an individual "conversion cookie". The information obtained with the help of the cookie is used by Google to compile conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.
The data of the users is processed pseudonymously within the framework of the Google advertising network. This means that Google does not store and process the name or e-mail address of the users, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the USA.
The use of Google AdWords requires your consent, which we have obtained with our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent represents the legal basis for the processing of personal data as it may occur when collected by web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of Google Site Kit, we can detect errors on the website, identify attacks and improve profitability. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). However, we only use Google Site Kit if you have given your consent.
You can also prevent or restrict the installation of cookies by using the appropriate settings of your Internet browser. At the same time, you can delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.
The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
To learn more about data processing by Google, we recommend that you read Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de.
Matomo (On-Premise)
We use the privacy-friendly analysis program Matomo On-Premises on our website. In the on-premises version, Matomo is installed on our own server. This means that we act as the operator of the software and any data that we may collect from you is stored directly by us. Data processing thus remains entirely in our hands. The service provider is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.
If you would like to know more about data processing by Matomo On-Premises, please feel free to contact us. We also recommend Matomo's privacy policy on https://matomo.org/privacy-policy/.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
JW Player Videos
Plugins from the video portal JWPlayer, LongTail Ad Solutions, Inc. d/b/a JW Player 2 Park Avenue, 10th Floor New York, NY 10016, USA are integrated into our websites. Every time you visit a page that offers one or more JWPlayer video clips, a direct connection is established between your browser and our local server. Information about your visit and your IP address will be stored there.
Use of Facebook Social Plugins
So-called social plug-ins from the company Meta Platforms Inc. are built into our website. You can recognize these buttons by the classic Facebook logo, such as the "Like" button (the hand with a thumbs up) or by a clear "Facebook plug-in" marking. A social plug-in is a small part of Facebook that is integrated into our site. Each plug-in has its own function. The most used features are the well-known "Like" and "Share" buttons.
The following social plug-ins are offered by Facebook:
- "Save" button
- Like, Share, Send, and Quote
- Page Plug-in
- Comments
- Messenger Plug-in
- Embedded posts and video players
- Group Plug-in
See https://developers.facebook.com/docs/plugins for more information on how to use each plug-in. We use the social plug-ins on the one hand to offer you a better user experience on our site, and on the other hand because Facebook can use them to optimize our advertisements.
If you have a Facebook account or have visited https://www.facebook.com/ before, Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our site or interact with social plug-ins (e.g. the "Like" button).
The information received will be deleted or anonymized within 90 days. According to Facebook, this data includes your IP address, which website you visited, the date, time, and other information related to your browser.
In order to prevent Facebook from collecting a lot of data during your visit to our website and linking it to Facebook data, you must log out of Facebook during your visit to the website.
If you are not logged in to Facebook or do not have a Facebook account, your browser will send less information to Facebook because you have fewer Facebook cookies. Nevertheless, data such as your IP address or which website you visit can be transmitted to Facebook. We would like to point out that we do not know exactly what the exact content of the data is. However, according to our current state of knowledge, we try to inform you as best as possible about the data processing. You can also read about how Facebook uses the data in the company's data policy under https://www.facebook.com/about/privacy/update.
Within our online offer, functions and contents of the Xing service, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Xing. If the users are members of the Xing platform, Xing can assign the access to the above-mentioned content and functions to the users' profiles there. Xing's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
If you have consented to your data being processed and stored by integrated elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated elements if you have given your consent.
Recruiting Tool
Online job applications / publication of job advertisements We offer you the opportunity to apply to us via our website. In the case of these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of processing the application process. The legal basis for this processing is § 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) GDPR.
If an employment contract is concluded after the application process, we will store the data you provide during your application in your personnel file for the purpose of the usual organisational and administrative process – of course, in compliance with the further legal obligations. The legal basis for this processing is also § 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) GDPR.
If an application is rejected, we will automatically delete the data transmitted to us two months after the rejection has been announced. However, the data will not be deleted if the data is not available due to legal provisions, e.g. due to the burden of proof under the AGG, require a longer storage of up to six months or until the conclusion of legal proceedings.
The legal basis in this case is Art. 6 para. 1 lit. f) GDPR and § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in legal defence and enforcement. If you expressly consent to a longer storage of your data, e.g. for your inclusion in an applicant or prospective candidate database, the data will be further processed on the basis of your consent. The legal basis is then Art. 6 para. 1 lit. a) GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) GDPR by declaration to us with effect for the future.
iCIMS
We use iCMIS Talent Products. iCIMS, Inc. is a New Jersey, USA-based cloud-based staffing and recruitment software company. You can find out more about the data processed using iCIMS in the privacy policy on https://www.icims.com/legal/privacy-notice-website/.
Changes to our privacy policy:
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your return visit.
Status of the privacy policy: December 2024