When you visit our website or our sub-domain solutions.knowis.com (hereinafter collectively referred to as the “website”) our web server stores the following information by default: the IP address of your Internet Service Provider, the website you visited before visiting our website, the web pages that you visited on our website, and the date and duration of the visit.
This information is required for the technical provision of the website and is absolutely necessary to securely operate the servers. This data is not personally analyzed. If you submit information to us using a contact form, this information will be stored on our servers during backups. Your data will be treated as strictly confidential and will not be forwarded to third parties.
By completing the registration form on our website you are agreeing to receive emails from knowis AG. You may withdraw this consent at any time.
All interested parties and visitors to our website can contact us with questions about data protection at:
MTG-Consulting GmbH
Herrn Marc Utry
Data Protection Officer DSB-TUEV
Franz-Mayer-Straße 16a
93053 Regensburg
The data protection declaration of knowis AG is based on the terms used by the European guideline and regulation provider when the general data protection regulation (GDPR) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:
Personal Information
Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). Identifiable is a natural person who can be identified directly or indirectly, especially by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Person concerned / Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the responsible person for processing.
Processing
Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, data capturing, organization, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling
Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, especially to analyze or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person.
Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Responsible person or responsible person for processing
The responsible person or responsible person for processing is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the responsible person or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
Processor
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the responsible person.
Recipient
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data under Union law or the law of the Member States within the framework of a specific investigation mandate shall not be regarded as recipients.
Third person
A third person is a natural or legal person, authority, institution or other body except for the concerned person, the responsible person, the data processor, and the persons authorized to process the personal data under the direct responsibility of the data processor or the responsible person.
Acquiescence
Consent shall mean any informed and unequivocal expression of will voluntarily given by the person concerned in the particular case in the form of a declaration or other clear affirmative act by which the person concerned indicates his or her consent to the processing of personal data concerning him or her.
If our website is used for informational purposes only, for example if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (“server log files”). If you access our website we collect the following data, which we technically require in order to display our website:
Processing is carried out pursuant to Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not forwarded or otherwise used. However, we reserve the right to review the server log files at a later date should specific evidence of illegal use arise.
Right to confirmation
Every data subject shall have the right granted by the European legislator of directives and regulations to require the responsible person for processing to confirm whether personal data concerning him/her are being processed (Art. 15 GDPR). If a data subject wishes to exercise this right of confirmation, he or she may contact our data protection officer or another employee of the data controller at any time.
Right to information
Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to obtain, at any time and free of charge, information from the controller concerning the personal data relating to him/her stored and a copy of that information (Art. 15 GDPR). Furthermore, the European regulator has granted the data subject the following information:
Furthermore, the data subject has a right of access to information whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information on the appropriate guarantees in connection with the transfer.
If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the data controller at any time.
Right to rectification
Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to request the immediate correction of inaccurate personal data concerning him/her (Art. 16 GDPR). Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a data subject wishes to exercise this right of rectification, he may contact our data protection officer or another employee of the controller at any time.
Right to erasure (Right to be forgotten)
Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to require the data controller to request that the personal data concerning him/her be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary (Art. 17 GDPR):
If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored at knowis AG deleted, he/she can contact our data protection officer or another employee of the data controller at any time. The data protection officer of knowis AG or another employee will arrange for the request for deletion to be complied immediately.
If the personal data have been made public by knowis AG and our company is obliged to delete the personal data in accordance with Art. 17 (1) GDPR, knowis AG will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other persons responsible for data processing who process the published personal data, that the person concerned has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other persons responsible for data processing, insofar as processing is not necessary. The data protection officer of knowis AG or another employee will take the necessary steps in individual cases.
Right to restriction of processing
Any person concerned by the processing of personal data shall have the right granted by the European legislator of directives and regulations to require the controller to restrict the processing if one of the following conditions is met (Art. 18 GDPR):
If one of the above mentioned conditions is fulfilled and a data subject wishes to request the restriction of personal data stored by knowis AG, he can contact our data protection officer or another employee of the data controller at any time. The data protection officer of knowis AG or another employee will initiate the restriction of the processing.
Right to data portability
Any data subject shall have the right granted by the European legislator to receive personal data relating to him/her provided by the data subject to a data controller in a structured, current and machine-readable format (Art. 20 GDPR). It shall also have the right to transmit such data to another data controller without obstruction by the controller to whom the personal data have been made available, provided that the processing is based on the consent provided for in Art. 6 (1a) GDPR or Art. 9 (2a) GDPR or on a contract in accordance with Art. 6 (1b) GDPR and that the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller.
Furthermore, in exercising his right to data transferability pursuant to Art. 20 (1) GDPR, the data subject has the right to obtain that the personal data be transferred directly by a data controller to another data controller, provided this is technically feasible and provided that the rights and freedoms of other persons are not affected thereby.
To assert the right to data transferability, the person concerned can contact the data protection officer appointed by knowis AG or another employee at any time.
Right to withdraw consent previously granted
You have the right pursuant to Art. 7 (3) GDPR to withdraw consent previously granted to the processing of your data at any time with future effect. In the event of a withdrawal of consent the affected data will be erased without delay, unless further processing may be legally carried out without consent. Withdrawing consent does not affect the lawfulness of any processing carried out on the basis of your consent before its withdrawal.
Right to lodge a complaint
Without prejudice to any other administrative or judicial remedies, if you are of the opinion that the processing of your personal data infringes the GDPR you have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular with a supervisory authority in the member state of your habitual residence, place of work or place of the alleged infringement.
Pursuant to Art. 55 GDPR, the responsible supervisory authority for knowis AG is:
Data Protection Authority for Bavaria (Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 27 (Schloss)
91522 Ansbach, Germany
Tel.: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de
Right to object to processing
Pursuant to Art. 21 (1) GDPR you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of a legitimate interest of the controller pursuant to Art. 6 (1) (e) or (f) GDPR. This also applies to any profiling based on this provision. The controller will no longer process the personal data unless they can provide compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or unless the processing is carried out for the establishment, exercise or defense of legal claims. Collecting data to display the website and storing data in log files is absolutely necessary to operate the website.
If your personal data is processed for the purposes of direct marketing you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling to the extent this is carried out in conjunction with direct marketing.
If you object to processing for the purpose of direct marketing your personal data will no longer be processed for this purpose.
You can communicate your objection to processing to us by telephone, email, fax or to the postal address found at the beginning of this Privacy Policy. No particular format is required.
Automated individual decision-making including profiling
Any person data subject to the processing of personal data shall have the right granted by the European legislator of directives and regulations not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is admissible under Union or Member State law to which the data controller is subject and that such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (3) with the express consent of the data subject (Art. 22 GDPR).
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, knowis AG shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data controller, to state his own position and to challenge the decision.
If the data subject wishes to assert rights relating to automated decisions, he/she may contact our data protection officer or another employee of the controller at any time.
We use HubSpot on our website.
HubSpot is an integrated software solution we use to cover various aspects of our online marketing. This includes:
This software uses methods including statistical analysis and evaluating logged user behavior to assist us with optimizing and better coordinating our marketing strategy.
This Privacy Policy and the content of our website are stored on servers of our software partner, HubSpot. We may use them to get in contact with visitors to our website and to determine which goods or services they are interested in.
Data may be transmitted to the USA as part of the processing that involves HubSpot. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR and our legitimate interest in accordance with Art. 6 (1) (f) GDPR. If you do not want the stated data to be collected and processed via HubSpot you can refuse to give your consent or withdraw your consent at any time with future effect. The basis for processing by HubSpot is a Data Processing Agreement entered into by the controller and HubSpot.
Personal data is stored for as long as it is required for the purpose of processing. The data is erased as soon as it is no longer required for achieving these purposes.
All data collected by us is subject to this Privacy Policy. We use all collected data solely for the purpose of optimizing our marketing.
HubSpot is a software company from the USA with a branch office in Ireland.
Contact:
HubSpot
1 Sir John Rogerson's Quay
Dublin 2
Ireland
Tel.: +353 1 5187500.
More information can be found in HubSpot's Privacy Policy: https://legal.hubspot.com/privacy-policy
More information about the EU data protection law that applies to HubSpot can be found here: https://legal.hubspot.com/dpa
More information about the cookies used by HubSpot can be found here: https://legal.hubspot.com/cookie-policy
We collect your personal data in order to be able to provide content that you can download from our website. The personal data transmitted to the controller when providing digital content depends on the entry fields used. The processing of data from the entry fields is solely carried out to enable us to offer digital content, to prevent the misuse of digital content and to safeguard the security of our IT systems. The data is only stored for as long as is necessary to fulfill the purpose. The legal basis for this is Art. 6 (1) (a) GDPR. The consent to the storage of personal data that the data subject grants us via the information provided in entry fields when requesting digital content may be withdrawn by email from the email address used to receive the digital content.
It is also possible to withdraw consent at any time, for example by email or by informing the controller in another manner.
You can get in contact with us via different contact forms. The personal data transmitted to the controller via the contact form depends on the respective entry fields used. Personal data entered into the entry fields of the contact form is solely used to process your query. Other personal data is processed as part of sending your message to prevent the misuse of the contact form and ensure the security of our IT systems. We may store your telephone number to allow us to call you back and to avoid the misuse of the service offered. No further personal data will be stored. The data is only stored for as long as is necessary to fulfill the purpose. The legal basis for this is Art. 6 (1) (a) GDPR.
The data subject has the right to withdraw enter their consent to the processing of their personal data at any time. If the user has contacted us, for instance by email, they may object to the storage of their personal data at any time. In such a case, the conversation can no longer be continued.
All personal data that was stored for the purpose of maintaining contact is then erased.
You may request an appointment for an online demonstration. We use the data collected for this to contact you and to mutually agree on an appointment date, and to carry out and follow up on this appointment. The personal data transmitted to the controller when agreeing to an online demonstration depends on the entry fields used. Personal data entered into the entry fields of the contact form is solely used to process your query. Other personal data is processed as part of sending your message to prevent the misuse of the contact form and ensure the security of our IT systems. We may store your telephone number to allow us to call you back and to avoid the misuse of the service offered. No further personal data will be stored.
The data is only stored for as long as is necessary to fulfill the purpose. The legal basis for this is Art. 6 (1) (a) GDPR.
When you visit our website we may store information on your device in the form of cookies. Cookies are small text files that are transferred by a web server to the browser of your device and stored there. Only the IP address is stored. The information stored in the cookies allows you to be automatically recognized on your next visit to our website, which can make it easier for you to use our website.
There are different types of cookies used for various purposes. The following types of cookies are used on the website of knowis AG:
More information about the cookies used on our website can be found in the table below.
| Name | Purpose | Expiry date | Domain | Provider |
| __cfruid | This cookie is part of the services provided by Cloudflare (such as load distribution, providing website content and providing a DNS connection for website operators) | End of the browser session |
.www.knowis.com |
Cloudflare, Inc. |
| __hs_opt_out | This cookie is used by the opt-in privacy policy guideline to remember not to ask the visitor to accept cookies again. This cookie is placed when you give visitors the choice to opt out of cookies. It contains the string "yes" or "no". | 6 months | .knowis.com | HubSpot 25 First Street Cambridge MA 02141 USA Privacy Policy |
| __hs_initial_opt_in | This cookie is used to prevent banners from always being displayed when visitors are browsing in strict mode. It contains the string "yes" or "no". | 7 days | .knowis.com | Cloudflare, Inc. 101 Townsend St. San Francisco CA 94107 USA Privacy Policy |
| __cf_bm | This cookie is placed by Hubspot’s CDN provider and is a necessary cookie for bot protection. | 30 minutes | .hubspot.com | Cloudflare, Inc. 101 Townsend St. San Francisco CA 94107 USA Privacy Policy |
| JSESSIONID | The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. | End of the browser session | .nr-data.net | New Relic Inc. 188 Spear St. Suite 100 San Francisco CA 94105 USA Privacy Policy |
| Name | Purpose | Expiry date | Domain | Provider |
| __hssrc | Whenever the HubSpot software changes the session cookie, this cookie is also placed. It determines whether the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value "1" when present. | End of the browser session |
knowis.com |
HubSpot |
| hubspotutk |
This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor. |
6 months | .knowis.com | HubSpot 25 First Street Cambridge MA 02141 USA Privacy Policy |
| __hstc | The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increases for each subsequent session). | 6 months | .knowis.com | HubSpot 25 First Street Cambridge MA 02141 USA Privacy Policy |
| __hssc | This cookie keeps track of sessions. This is used to determine if the HubSpot software should increase the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increases with each pageView in a session), and session start timestamp. | 30 minutes | .knowis.com | HubSpot 25 First Street Cambridge MA 02141 USA Privacy Policy |
| li_gc | This cookie is used to store guests' consent to the use of non-mandatory cookies. | 6 months | .linkedin.com |
Linkedin |
| lidc | This cookie facilitates the selection of the data centre. | 24 hours | .linkedin.com |
Linkedin |
| bcookie | This cookie is a browser identifier. This uniquely identifies devices accessing LinkedIn in order to detect misuse of the platform. | 1 year | linkedin.com |
Linkedin |
| bscookie | Used for remembering that a logged in user is verified by two factor authentication and has previously logged in | 1 year | www.linkedin.com |
Linkedin |
| UserMatchHistory | This cookie is used to synchronize the IDs of LinkedIn Ads. | 30 days | linkedin.com |
Linkedin |
|
ln_or |
Used to determine whether Oribi analyses can be performed for a particular domain |
1 day |
.linkedin.com |
Linkedin |
|
AnalyticsSyncHistory |
This cookie is used to store when synchronization with the cookie "lms_analytics cookie" has taken place. |
30 days |
.linkedin.com |
Linkedin |
Legal basis
The legal basis for the use of essential cookies which are necessary for the operation of the website is Art. 6 (1) (f) GDPR. If non-essential cookies are used, the legal basis is your consent pursuant to Art. 6 (1) (a) GDPR. Please note that not accepting cookies may restrict the functionality of our website.
Opting out
If you do not want your computer to be recognized on your next visit, you may also reject the use of cookies by changing your browser settings under “Reject cookies”. Please see the instruction manual of your respective browser for further instructions. If you reject the use of cookies this may, however, restrict the use of some of the areas of our website.
You can change your cookies settings on our website at any time by using the following cookie button.
On the website of knowis AG, users are given the option to subscribe to our company’s newsletter. The functions of the newsletter are provided by HubSpot. The personal data transmitted to the controller when subscribing to the newsletter depends on the entry fields used.
knowis AG uses the newsletter to inform its clients and business partners about the company's offerings on a regular basis. Our company’s newsletter may only be received by the data subject if (1) the data subject has provided a valid email address and (2) the data subject has registered for the newsletter to be sent to them. For legal reasons, a confirmation email is sent to the email address entered for a data subject the first time it is entered, as part of a double opt-in procedure. This confirmation email serves to check whether the owner of the email address as the data subject has authorized receipt of the newsletter. The corresponding legal basis for the processing of personal data is Art. 6 (1) (a) GDPR.
During the newsletter registration, we also store the IP address provided by the Internet service provider (ISP) of the computer used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace the (potential) misuse of a data subject's email address at a later time and serves to legally safeguard the controller. If it is necessary for us to store this data for security reasons, the legal basis for this and the processing of this data is covered by Art. 6 (1) (f) GDPR.
Personal data collected as part of registering for the newsletter will only be used to send our newsletters. Subscribers to the newsletter may be sent information by email if this is necessary to operate the newsletter service or for registration, such as in the event of changes to the newsletter service or in the event of changes to the technical circumstances. No personal data collected as part of registering for the newsletter will be disclosed to third parties. The data subject may unsubscribe from the subscription to our newsletter at any time. The consent granted to us to store the personal data that the data subject provided to us so we can send the newsletter may be withdrawn at any time. Each newsletter contains such an unsubscribe link to withdraw consent. You may also unsubscribe from the newsletter by contacting us directly by email or by informing the controller of this in another manner.
Newsletter tracking
The newsletters of knowis AG contain tracking pixels. Tracking pixels are small graphics that are embedded in emails sent in HTML format, which enable log files to be recorded and analyzed. This allows the success or failure of online marketing campaigns to be statistically evaluated. Using the embedded tracking pixel, knowis AG can determine whether and when an email was opened by a data subject (personalized) and which links in the email were accessed by the data subject (anonymized).
The personal data collected in this manner by the tracking pixel embedded in the newsletter is stored and evaluated in order to optimize the sending of the newsletter and to better adapt the content of future newsletters to the interests of the data subject. This personal data may also be disclosed to third parties if this is required by law or if third parties process this data on our behalf. Unsubscribing from the newsletter is automatically construed as a withdrawal of consent by knowis AG.
The corresponding legal basis for the processing of data is Art. 6 (1) (f) GDPR.
Personal data
As part of the processing of your digital signature, personal data is collected and processed. This includes
Description and purposes of the processing of personal data when submitting a digital signature
knowis AG uses the software inSign to encrypt digital signatures. The software records the biometric data of the digital signature (writing speed, writing direction, writing pauses and, if applicable, pressure) as an advanced signature in accordance with the Signature Act and encrypts it using the asymmetric cryptographic method (so-called RSA cryptosystem). We store and use this data during our contractual relationship with knowis AG employees and third parties for the establishment, execution or termination of this contractual relationship. In order to prevent manipulation, the public and private keys required for this asymmetric encryption process are stored with a notary. For evidence purposes in the event of a dispute about the authenticity of your signature, we can request the decryption of individual data records and the release of the decrypted data records from this notary for the purpose of asserting, exercising and defending legal claims.
On devices with a touch-sensitive screen, e.g. tablets or convertibles, the signature can be made directly on this device. On notebooks and PCs, the signature is captured either in the supplementary inSign app or in a signature web client (also supports Windows phones) for smartphones. Alternatively, the signature on the smartphone can also be browser-based (i.e. without an app).
Recipient of the data
As part of the electronic signature process, we use software from InSign GmbH, Am Bäckeranger 2, 85417 Marzling (inSign). In this context, personal data may be processed in Switzerland. The European Commission has issued an adequacy decision for Switzerland to determine an adequate level of data protection. In addition, the document digitally signed by you will be handed over to the user who requested the signature via the inSign software.
Legal basis for the processing
Before submitting a digital signature in a document, you give your consent to the data processing of your biometric data in the inSign software (Art. 6 (1) (a) GDPR and Art. 9 (2) (a) GDPR in conjunction with Art. 7 GDPR). The time, i.e. date and time of the signature, is printed in the document and an inSign process ID is generated.
Any consent you have given to the processing of your biometric data in the context of submitting a digital signature can be revoked at any time by contacting knowis AG (Art. 7 (3) GDPR). In this case, however, the digital signature is in the future no longer possible.
Please note that the withdrawal of your consent is only effective for the future. Processing that took place before the withdrawal is not affected.
If necessary, we will also process your data beyond the actual use in order to protect our legitimate interests or those of third parties in accordance with Art. 6 (1) (f) GDPR, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail.
This includes, among other things, the assertion of legal claims and defense in legal disputes, ensuring the fulfillment of your claims.
Duration of storage
Documents are manually deleted from the inSign system after the process has been completed or after 30 days. We store your personal data for as long as it is required for the above-mentioned purposes. Any further storage takes place in accordance with the statutory regulations, e.g. due to statutory retention periods or for the assertion, exercise or defense of legal claims.
We use the business-oriented social network LinkedIn as well as linked tools such as the LinkedIn Sales Navigator to actively approach, communicate and initiate business contacts, etc. The social network LinkedIn as well as the LinkedIn Sales Navigator are part of the LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. For the structured collection of contacts, we use the tool Lix from Lix Limited, 98 Bramley Road, London, N14 4HS, United Kingdom.
The data from LinkedIn is only transferred to our CRM system HubSpot after personal or telephone contact or your explicit consent.
Below you will find information on what data is collected, used, and stored by us on LinkedIn.
Description and scope of the processing of personal data
For users based in the EU, processing is carried out via LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland.
We would also like to point out that LinkedIn processes data in the US. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR.
Social networks can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence on LinkedIn triggers numerous processing operations relevant to data protection. In detail:
If you are logged into your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account on LinkedIn. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside LinkedIn. If you have an account on LinkedIn, the interest-based advertising may be displayed on all devices on which you are or have been logged in. Please also note that we cannot track all processing on LinkedIn. Further processing operations may therefore be carried out by LinkedIn. For details, please refer to LinkedIn's terms of use and privacy policy.
Please refer to LinkedIn's data protection information to find out which specific data is collected and how it is used:
Purpose and legal basis of the processing
We use the social network for our own presentation of the company, to initiate business contact with potential customers and to present our company and our products and services.
The processing is carried out in accordance with Art. 6 (1) (b) GDPR for the implementation of pre-contractual measures. The analysis processes initiated by LinkedIn may be based on deviating legal bases to be specified by LinkedIn (e.g. consent within the meaning of Art. 6 (1) (a) GDPR). The legal basis for processing your data in our CRM tool is described in the section "HubSpot".
Duration of storage and right to object
We refer to the privacy notices of the LinkedIn Unlimited Company regarding the duration of storage and the right to object.
Description and scope of the processing of personal data
The processing of data is carried out by Lix Limited
98 Bramley Road, London, N14 4HS, United Kingdom.
Lix analyses the data you provide on LinkedIn and provides it to us in an aggregated and structured form. We then use this data to contact you via LinkedIn as described above.
Please refer to the Lix privacy policy to find out what specific data is collected and how it is used:
Terms of Service - Lix (lix-it.com)
You can also find a list of data that can be exported from Lix here: What data can I export from LinkedIn? | Lix Knowledge Base (lix-it.com)
Purpose and legal basis of the processing
Lix analyses the data you provide on LinkedIn and provides it to us in an aggregated and structured way. We then use this data to contact you via LinkedIn as described above. The basis for the processing by Lix is a contract for commissioned processing by the controller and Lix Limited. The processing is carried out in accordance with Art. 6 (1) (b) GDPR for the implementation of pre-contractual measures.
Duration of storage
After the end of the purpose and the end of the use of Lix by us, the data collected in this context will be deleted.
Right of objection
The right to object to the processing of your data within our company includes any data on Lix. This may be your professional contact details, which you make public via the social network LinkedIn.
We use the ticketing system Zendesk, a customer service platform provided by Zendesk Inc.,
Zendesk Inc.
989 Market Street Suite 300
San Francisco, CA 94102, USA,
to process customer queries and to improve our services and make them more transparent. In addition, users are able to post queries or suggestions in the community of the Zendesk ticket system or answer existing posts. First name, surname, company and email address will be collected in Zendesk for this purpose. First names and surnames are also visible to other users of our service center.
knowis AG has contractually agreed that the storage location in data centers is within the European Union wherever possible. Data may still be transferred to the USA. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR. If the data is processed to perform contractual obligations the legal basis for this processing is Art. 6 (1) (b) GDPR. The data is erased as soon as it is no longer required for the respective purpose, i.e. there is no longer a legitimate interest and we are not otherwise obligated to store documents that may contain your personal data.
In addition, cookies will be placed with the assistance of Zendesk. These cookies include cookies that are technically necessary to guarantee the technical functionality of the website and to protect the website against attacks from bots.
Further information can be found in Zendesk's Privacy Notice at: https://www.zendesk.de/company/agreements-and-terms/privacy-notice/
More information about the cookies used by Zendesk can be found here: https://support.zendesk.com/hc/en-us/articles/4408824378650
We use virtual web conferencing to organize virtual meetings where the participants’ words and also potentially the image of the participants are transmitted via microphone and web cam to all participants, hereinafter referred to as “video conferencing”. We use the Microsoft Teams software for this. Microsoft Teams is a service provided by the Microsoft Corporation.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
A Data Processing Agreement has been entered into with this service provider pursuant to Art. 28 GDPR.
Processing data as part of video conferencing
We use Microsoft Teams to hold video conferences.
We process both user data (such as name, email address and telephone number) as well as content data (such as date and time of participation, screen contents and files shared, chat content) as part of video conferencing. This is carried out to be able to implement (pre)contractual measures with you and to carry out internal and external meetings. Video conferences will only be recorded with prior express permission.
The legal basis for processing the data here may be Art. 6 (1) (a), (b) or (f) GDPR.
All data in Microsoft Teams is stored on the servers of Microsoft in the EU as a general rule.
knowis AG has contractually agreed that the storage location in data centers is within the European Union wherever possible. However as part of processing by Microsoft the data may be transferred to the USA (such as for support activities). The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR.
If the Microsoft Teams website is accessed then Microsoft is responsible for the data processing. This website must only be accessed when downloading Microsoft Teams. If you use Microsoft Teams directly via a web browser without downloading it, you do not need to access the website.
Using Microsoft Teams is subject to Microsoft's Privacy Statement.
Microsoft's Privacy Statement can be found here: https://privacy.microsoft.com/en-us/privacystatement
Microsoft's Service Agreement can be found here: https://www.microsoft.com/en-us/servicesagreement/
Various external links are embedded in our website. Simply clicking on these links may transfer data to the operator of the website. We are not responsible for the content or the processing of data by the external website.
There are also links on our website to various social media providers. These are unrelated to social media plug-ins but are rather merely links to our social media accounts. These accounts, like this website, are both operated by knowis AG. Clicking on one of these links will usually transfer your IP address to the operator of the respective platform. If you use one of these services and are logged into your social media account, information regarding your browsing habits may also be collected by the operator of the respective social media platform. It is necessary to transfer your IP address to the operator of the accessed website for technical reasons, a requirement that applies to all websites.
The corresponding legal basis for the processing of data is Art. 6 (1) (f) GDPR.
External links have been placed for the following social media channels:
If we process data in a third country (outside of the European Union or the European Economic Area) or if data is processed as part of using services from third parties or as part of disclosing/transferring data to a third party, this will only take place in order to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or as permitted on the grounds of our legitimate interests.
Apart from statutory or contractual powers, we will only process data in a third country if the particular requirements of Art. 44 et seq. GDPR are met. This means that processing is based on the existence of specific safeguards, such as the officially recognized confirmation of a level of data privacy comparable with that of the EU or officially recognized contractual obligations (standard contractual clauses).
Accessing websites from third-party providers through links provided on our website means that data will be transferred to and processed in the USA. The Court of Justice of the European Union has assessed the USA to be a country that does not have an adequate level of data protection in comparison to EU standards. There is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without being able to seek redress. It is also generally difficult to enforce your rights as the data subject.
If you wish to avoid such data processing, do not access any of these links placed on the website.
The protection of your personal data during processing over the course of the entire application process is an important concern for us. In the following, we inform you in detail about the handling of your data (Art. 13 & 14 GDPR).
The responsible body according to Art. 4 Para. 7 GDPR is:
knowis AG
Dr.-Gessler-Str. 8
93051 Regensburg
Phone: +49 941 409 249 0
E-mail: info@knowis.de
You can contact our Data Protection Officer at:
E-mail: datenschutz@knowis.de
The subject of data protection is personal data (Art. 4 No. 1 GDPR). These are individual details about personal or factual circumstances, such as name, address, e-mail address, or telephone number, which you provide to us as part of the application process:
The following data is collected when you apply through the integrated web form on the careers page (fields in the form marked with an asterisk (*) are mandatory fields and shall be filled in):
The data transmitted as part of your application will be sent via TLS encryption.
Within the scope of our possibilities, we also use social networks to become aware of potential candidates. If it turns out in the course of a mutual contact that we would like to get to know you better, we will obtain your consent before we transfer your data from the respective social network (e.g. LinkedIn, Xing or Stackoverflow) to our Personio application system. We transfer the data either manually by hand or with the help of the Personio Active Sourcing browser extension developed by Personio. Personio's privacy policy can be found here.
Your personal data is stored electronically and used exclusively for the purpose of processing your application:
During the application process only authorized HR employees, the respective department, and the Management Board have access to your relevant data. Your data will be used exclusively by a restricted group of persons. We will not disclose your personal data in any form to third parties or persons commissioned by us unless we are obliged to disclose it under mandatory statutory regulations (e.g. to government institutions).
On the basis of a separate agreement on the processing of personal data, your personal data will be collected, processed, and used on our behalf by the companies:
as part of commissioned data processing in accordance with Art. 28 GDPR in accordance with the relevant legal requirements. However, this does not involve the transmission of your personal data to third parties in the sense of data protection law. We remain responsible to you under data protection law.
The general statutory retention and deletion periods apply. We delete or anonymize your data as required by the relevant legal provisions within 6 months of the conclusion of the respective staffing procedure. In the case of anonymization, the data is only available to us as so-called metadata for statistical evaluations without a direct reference to persons (for example, the proportion of applications from women or men, number of applications per period, etc.).
Your records will be deleted according to the statutory provisions as set out in our deletion concept. Our company will then no longer be able to access and use your personal data. If, however, an employment relationship is established, we will transfer the relevant data to the personnel file.
Our storage location is restricted to data centers in the European Union. Therefore, data is not processed outside the European Union (EU). However, from a technical point of view, we cannot completely rule out routing or support services outside the European Union at the Microsoft processor. A secure level of data protection will be ensured by the conclusion of amended EU standard contractual clauses and through technical-organizational measures. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR.
Every person concerned has the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to object in accordance with Art. 21 GDPR.
You can determine which information you provide to us. You are responsible for all of the content of your online application, such as photos, and you must ensure compliance with legal requirements, such as trademarks, copyrights, personal rights, or other rights of third parties.
According to Art. 20 GDPR you have the right to data portability and according to Art. 77 GDPR the right to complain to a data protection supervisory authority.
If the processing of data takes place on the basis of your personal consent, you are entitled according to Art. 7 GDPR to revoke your consent to the use of personal data at any time. Send this revocation by email to karriere@knowis.de. Please note that the revocation will only take effect in the future. Processing that takes place before the revocation is not affected.
If you cannot be offered a suitable position at the time of your application, you have the opportunity to give your consent to the collection, processing, and use of your data in the talent pool even after the completion of the application process. This is done to establish contact for professional purposes and for possible consideration in the event of a later placement. You agree to this use separately by email.
If you give your consent, the data will be stored for a further 6 months, beyond the legally permissible 6 months after the recruitment process has been completed. Your data will therefore be stored in the company for a maximum of 12 months after the recruitment process has been completed.
Thank you for your interest in our LinkedIn company page. We would like to give you an overview of the data that we collect, use and store there.
For users based in the EU, processing takes place via LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland.
We would also like to point out that LinkedIn processes data in the USA. The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR.
Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on LinkedIn triggers numerous data protection-related processing operations. In detail:
If you are logged in to your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on LinkedIn. In this case, this data is recorded, for example, using cookies that are stored on your device or by registration of your IP address. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside LinkedIn. If you have an account on LinkedIn, the interest-based advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot trace all processing operations on LinkedIn. Therefore, further processing operations may be carried out by LinkedIn. Details can be found in the LinkedIn Terms of Use and Privacy Policy.
Please refer to LinkedIn's data protection information to find out which specific data is collected and how it is used:
https://www.linkedin.com/legal/privacy-policy
We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by LinkedIn may be based on different legal bases that must be provided by LinkedIn (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
After the purpose and at the end of our use of LinkedIn, the data collected in this context will be deleted.
The right to object to the processing of your data within our company includes any data within the social network LinkedIn. This can be, for example, chat histories in the context of professional contact.
Thank you for your interest in our presence on Xing, a platform of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. We would like to give you an overview of the data that we collect, use and store there.
Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on Xing triggers numerous data protection-related processing operations. In detail:
If you are logged in to your Xing account and visit our social media presence, Xing can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on Xing. In this case, this data is recorded, for example, using cookies that are stored on your device or by registration of your IP address. With the help of the data collected in this way, Xing can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of Xing. If you have an account on Xing, interest-based advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot track all processing operations on Xing. Xing may therefore carry out further processing operations. Details can be found in Xing's terms of use and data protection provisions.
Please refer to Xing's data protection information to find out which specific data is collected and how it is used:
We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by Xing may be based on different legal bases that Xing must provide (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
After the purpose and at the end of the use of Xing by us, the data collected in this context will be deleted.
The right to object to the processing of your data within our company includes any data within the social network Xing. This can be, for example, chat histories in the context of professional contact.
Thank you for your interest in our presence on StackOverflow, a platform of Stack Exchange Inc. 110 William Street, 28th Floor, New York, NY 10038 US. We would like to give you an overview of the data that we collect, use and store there.
We would also like to point out that StackOverflow processes data in the United States. Due to the invalidity of the Privacy Shield Agreement, there is an increased risk associated with data processing.
Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presence on StackOverflow triggers numerous data protection-related processing operations. In detail:
If you are logged in to your StackOverflow account and visit our social media presence, StackOverflow can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account on StackOverflow. In this case, this data is recorded, for example, using cookies that are stored on your device or by registering your IP address. With the help of the data collected in this way, StackOverflow can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of StackOverflow. If you have an account on StackOverflow, the interest-related advertising can be displayed on all devices on which you are, or were, logged in. Please also note that we cannot track all processing processes on stack overflow. Therefore, further processing operations may be carried out by StackOverflow. Details can be found in the StackOverflow terms of use and data protection provisions.
Please refer to StackOverflow's data protection information to find out which specific data is recorded and how it is used:
Privacy Policy - Stack Overflow
We use the social network for our own presentation of the company, for initial professional contact with potential applicants, and for advertising vacancies.
The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in contact options with potential employees and customers. The analysis processes initiated by StackOverflow may be based on different legal bases that have to be provided by Stack Overflow (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
After the purpose and at the end of the use of Stack Overflow by us, the data collected in this context will be deleted.
The right to object to the processing of your data within our company includes any data within the Stack Overflow social network. This can be, for example, chat histories in the context of professional contact.
We reserve the right to amend this privacy policy to always comply with the current legal requirements or reflect changes in the application process or similar. The present privacy policy will then apply for a renewed visit to the recruiting page or a renewed application.
You can find the current privacy policy at https://www.knowis.com/privacy-policy.
The recruiting site is operated by Personio GmbH, a company based in Germany that provides personnel administration and applicant management software (Legal Notice | Personio). For more information on data protection please click here: Privacy Policy | Personio. The data transmitted as part of your application will be encrypted using TLS and stored in a database. knowis AG is solely responsible for this data as defined by Art. 4 No. 7 GDPR, which runs this online application process. Personio is merely the operator of the software and this recruiting page and, in this context, is a processor according to Art. 28 GDPR. The basis for the processing by Personio is a contract for the order processing between the responsible body and Personio.
The whistleblowing system of knowis AG is used to receive and process reports of (potential) violations of laws or guidelines in a confidential and secure manner. We use your information on a specific matter to detect and prevent misconduct. Below we inform you in detail about the handling of your data (Art. 13 & 14 GDPR).
Data and Data Categories
Personal data is collected and processed as part of the processing of your notification. This includes
Purpose Limitation
We store your personal data in order to check and document the report and to be able to contact you if necessary. This includes, among other things, confirmation of receipt of your report, feedback on the measures we have taken or if we have any questions about the matter you have reported.
Recipients of the data
All data provided by you will be treated as strictly confidential and will only be made available to persons who process the specific circumstances.
Recipients within knowis AG
Recipients outside of knowis AG
Your personal data will not be passed on to recipients outside knowis AG. However, it is possible that we may forward your personal data to
In certain cases, it may be necessary for the data subject to be informed, unless there is an exception under data protection law
Commissioned Data Processing
On the basis of a separate agreement on the processing of personal data, your personal data will be collected, processed, and used on our behalf by the companies:
as part of commissioned data processing in accordance with Art. 28 GDPR in accordance with the relevant legal requirements. However, this does not involve the transmission of your personal data to third parties in the sense of data protection law. We remain responsible to you under data protection law.
With your consent, a personal meeting can also take place by means of video and audio transmission (in accordance with Section 16 (3) of the Whistleblower Protection Act) following a verbal report of a whistleblower. This meeting takes place in the form of a virtual meeting, which is conducted with the help of Microsoft Teams. You can find more information regarding the handling of your personal data in the privacy policy under the section "Holding virtual meetings".
knowis AG has contractually agreed that the storage location in data centers is within the European Union wherever possible. However as part of processing by Microsoft the data may be transferred to the USA (such as for support activities). The data transfer takes place on the basis of the EU-U.S. Data Privacy Framework adequacy decision in accordance with Art. 45 GDPR.
Microsoft's Privacy Statement can be found here: Microsoft Privacy Statement – Microsoft privacy
Legal Basis for the processing
We process your personal data insofar as this is necessary to fulfill legal obligations, in particular in the case of reports of matters relevant to criminal, competition and labor law. The legal basis for processing is Art. 6 (1) (c) GDPR or Art. 9 (4), if health data is involved, in conjunction with Section 10 of the Whistleblower Protection Act. In addition, we base the processing of your personal data on the legitimate interest in the detection and prevention of grievances and the associated prevention of damage and liability risks for the company in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. In addition, data processing may be based on Section 26 (1) BDSG insofar as it serves to detect criminal offenses in the employment relationship.
Duration of Storage
In accordance with Section 11 (5) of the Whistleblower Protection Act, the personal data required to clarify and conclusively assess a report will be deleted after 3 years. The documentation may be retained for longer in order to meet the requirements of this Act or other legal provisions as long as this is necessary and proportionate (see Section 11 (5) of the Whistleblower Protection Act).
Rights of access and rectification, right to object
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to object under Art. 21 GDPR.
You can decide for yourself which information you make available to us. You have the right to data portability in accordance with Art. 20 GDPR and the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR.
We have implemented technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers who work for us are subject to an obligation to adhere to all valid data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transferred. This means that the data cannot be misused by third parties. Our security precautions are subject to an ongoing improvement process and our Privacy Policy is constantly updated. Please ensure you are reading the most up to date version.
The storage periods for personal data are calculated using the respective legal basis, the purpose of processing and, if applicable, the respective statutory retention period (e.g. retention periods under commercial or fiscal law).
Personal data processed on the basis of express consent pursuant to Art. 6 (1) (a) GDPR will be stored until the data subject withdraws their consent.
Existing statutory retention periods for data that is processed within the scope of legal transactional or quasi-legal transactional obligations on the basis of Art. 6 (1) (b) GDPR will be routinely erased after the retention period has expired, provided it is no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in storing the data.
Personal data processed on the basis of Art. 6 (1) (f) will be stored until the data subject exercises their right to object to processing pursuant to Art. 21 (1) GDPR unless we can provide compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Personal data processed for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR will be stored until the data subject exercises their right to object to processing pursuant to Art. 21 (2) GDPR.
Unless otherwise indicated by other information in this Policy on specific processing situations, stored personal data will also be erased if the data is no longer required for the purposes for which it was collected or processed in other ways.
We reserve the right to make changes to this Privacy Policy if required by new technology. Please ensure you are reading the most up-to-date version. If fundamental changes are made to this Privacy Policy we will publish them on our website.
DO YOU HAVE ANY QUESTIONS OR WOULD LIKE TO HAVE A PERSONAL CONVERSATION?
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec sapien lacus, fermentum ac nisi sit amet, luctus ultrices odio.
knowis is a specialized software vendor located in Regensburg, Germany. Founded in 2004, the mission is to develop highly flexible and agile solutions, particularly with regard to managing and automating complexity.
Dr.-Gessler-Str. 8
93051 Regensburg
Germany
Phone: +49 (941) 409 249 - 0
Email: info(at)knowis.de