Data Protection

Privacy Policy

1. General Information regarding Data Processing1.1 DONE!Berlin as Data ControllerThe responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:DONE!Berlin GmbH ("we/us" or "DONE!Berlin")Schivelbeiner Str. 5 10439 Berlinconsultant@doneberlin.comWe are registered with the commercial register at the local court of Charlottenburg under HRB 201558 B, represented by the managing directors Janet Haupka und Marie Kanellopulos.We understand that our website may be visited from users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. It is our understanding that by complying with the GDPR - the so-called “privacy gold standard” – we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.1.2 Data Protection OfficerWe have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our data protection management system. More information about Simpliant can be found at http://www.simpliant.eu.You can reach our appointed data protection officer:by mail at:DONE!Berlin GmbH - Data Protection Officer -Schivelbeiner Str. 510439 BerlinGermanyor by e-mail at:datenschutz@doneberlin.com1.3 Your RightsIn accordance with the statutory provisions, you as the data subject have the following rights:the right to access,the right to rectification or erasure,the right to restriction of processing, andthe right to data portability.If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future.You may object to the processing of your personal data, if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.To exercise these rights named above you may contact us at any time, for example by sending an email to datenschutz@doneberlin.com. You also have the right to lodge a complaint with a supervisory authority.1.4 Processing of Data, Purpose, and Legal BasisWe process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).The legal basis for all our processing activities is based on Art. 6 (1) GDPR. You will receive further information in the context of the presentation of the individual processing activities.1.5 Storing and Deleting DataThe duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.1.6 Data SecurityFor the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data will be transferred in encrypted form. 1.7 Transmission to Service ProvidersWe use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. 1.8 Data Processing by Third Parties / Data Processing outside the EUWe may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. For more information, please refer to our overview of processing activities below.1.9 Profiling and automated Decision MakingWe do not use automated decision-making including profiling when processing data concerning our website or app.
2. Data processing on our Website2.1 Server Logs / Web Server SecurityNature and purpose of data processing:We collect data on each visit to our website https://www.doneberlin.com/ ("Website") (so-called Server log files), which include the name of the Website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of device as well as name and version of the operating system, if a mobile end device is being used.We use these server log files to ensure a trouble-free connection, usability and functionality of our website and to evaluate the system safety and stability.Legal basis:When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.Recipients:The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.2.2 Agency ServicesNature and purpose of data processing:We process data of our customers within the scope of our contractual services. Our services include but are not limited to the conceptual and strategic consulting, planning of campaigns, development of and consulting on design, managing of campaigns and general processes/handling, analyzing of data, training, planning of administration and communication and employer and employee branding.We may process data such as customer names or addresses, contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), contract data (e.g. subject of contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. within the scope of evaluating and measuring the success of marketing measures). Data subjects include our customers and our customers’ employees. The purpose of the processing is the provision of contractual services, billing, and the provision of our customer service.Legal basis:The legal basis of the processing is Art. 6 sec. 1 lit. b GDPR regarding the provision of contractual services and otherwise Art. 6 sec. 1 lit. f GDPR, our legitimate interest being the optimization of our communications and services.Recipients:The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.2.3 Careers at DONE! – Recruiting for DONE!Nature and purpose of data processing: We will process your data through the careers section of the Website, if you apply to an open position at DONE!Berlin. In order to submit your application, you need to provide your name, email address, as well as your resume and/or CV. We may also ask for additional information to assist us with our recruitment process and in the event, you are offered a job. Such data may include date of birth, telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us. You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at DONE!Berlin or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.
In particular, we use your data: To get in touch with you, communicate with you, update you and to facilitate your application; To respond to your questions or concerns; To carry out vetting of staff members (where required); this may involve our collection and use of sensitive personal information including information obtained from criminal background checks about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed, To assist in any disputes, claims or investigations relating to your application, or To comply with our legal, regulatory, and professional obligations.
If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities. Legal basis: We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG) Recipients: Recipient of the data is a service provider in the EU. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement. Storage duration:  We will store your information for 6 months after notification that we could not retain your application for a position at DONE!Berlin.
2.4 DONE! Talent Pool - Recruiting for ClientsNature and purpose of data processing:DONE! operates a talent pool called DONE!&Friends (the “Talent Pool”) which serves to bring talented individuals and parties interested in hiring them together.In order to be included in the Talent Pool as a talent (which remains in the sole discretion of DONE!), any interested individual can submit to DONE! its CV and, if applicable, other relevant personal data via LinkedIn or our Website.Legal basis:The data processing for administering your application data and sharing it with partners as described above is based on your consent (Art. 6 sec. 1 lit. a GDPR).Recipients:The recipients of the data are service providers in the EU. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.In operating the Talent Pool, DONE! may disclose the data submitted by the talents to third parties interested in hiring the respective talent. Storage duration: We will process your personal information until your consent is revoked.Revocation of consent:If you do not want to be part of the DONE! Talent Pool please send us an email to datenschutz@doneberlin.com. 2.5 Contacting usNature and purpose of data processing:If you send us an email, your name, email address and other information you provide are processed by us in order to work on your inquiry or to be able to contact you at a later time for follow-up questions. Legal basis:This data is processed only on the basis of our legitimate interest to offer efficient communications channels to the public (Art. 6 sec. 1 lit.  f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 sec. 1 lit. b. GDPR).Recipients:The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
3. Data Processing on our Social Media PagesWe operate pages on the following social media channels:Facebook: www.facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to: https://www.facebook.com/policy.php, Instagram: www.instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to: http://instagram.com/about/legal/privacy/; LinkedIn: www.linkedin.com or mobile app by LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please refer to: https://www.linkedin.com/legal/privacy-policyXing: www.xing.com or mobile app by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, please refer to: https://privacy.xing.com/en/privacy-policy/general-information
When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data. When using Facebook, Instagram, or LinkedIn, data may also be processed outside the EU.
3.1 Data Processing and Legal BasisOn our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 sec. 11 lit. a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 sec. 1 lit. f GDPR).3.2 FacebookFacebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at: https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.3.3 InstagramWhen using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'Instagram Insights' which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.Instagram also uses cookies and similar technologies. For more information, please refer to: http://instagram.com/about/legal/privacy/As an Instagram user, you can at any time influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides opportunities to contact or exercise rights at:https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.
4 Changes to our privacy policyWe reserve the right to adapt this data protection policy so that it always complies with the current legal requirements or to implement changes to our services in the data protection policy, e.g., when introducing new services. The current data protection declaration applies to every visit of the website.
Version 1.6 last updated 28.11.2022.