Data Protection

1. General Information regarding Data Processing

1.1 DONE!Berlin as Data Controller

The responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

DONE!Berlin GmbH ("we/us" or "DONE!Berlin")

Kienberger Allee 4 

12529 Schönefeld

Germany

consultant@doneberlin.com/ datenschutz@doneberlin.com

We are registered with the commercial register at the local court of Cottbus HRB 17397 CB, represented by the managing directors Janet Haupka und Marie Kanellopulos.

We understand that our website may be visited by users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. It is our understanding that by complying with the GDPR - the so-called “privacy gold standard” – we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.

1.2 Data Protection Officer

We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our data protection management system. More information about Simpliant can be found at http://www.simpliant.eu.

You can reach our appointed data protection officer:

by mail at:

DONE!Berlin GmbH 

- Data Protection Officer -

 Kienberger Allee 4 

12529 Schönefeld

Germany

or by e-mail at:

datenschutz@doneberlin.com

1.3 Your Rights

In accordance with the statutory provisions, you as the data subject have the following rights:

  • the right to access,
  • the right to rectification or erasure,
  • the right to restriction of processing, and
  • the right to data portability.

If you have provided us with your personal data based on a consent, you could withdraw the consent at any time with effect for the future.

You may object to the processing of your personal data, if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.

To exercise these rights named above you may contact us at any time, for example by sending an email to datenschutz@doneberlin.com. You also have the right to lodge a complaint with a supervisory authority.

1.4 Processing of Data, Purpose, and Legal Basis

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The legal basis for all our processing activities is based on Art. 6 (1) GDPR. You will receive further information in the context of the presentation of the individual processing activities.

1.5 Storing and Deleting Data

The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

1.6 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data will be transferred in encrypted form. 

1.7 Transmission to Service Providers

We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. 

1.8 Data Processing by Third Parties / Data Processing outside the EU

We may use third party service providers that process your data for the purposes mentioned in this privacy policy. We process your personal data by using third party providers in the EU and the USA, where data protection standards applicable in the EU are ensured. For more information, please refer to our overview of processing activities below.

1.9 Profiling and automated Decision Making

We do not use automated decision-making including profiling when processing data concerning our website or app.

2. Data processing on our Website

2.1 Server Logs / Web Server Security

Nature and purpose of data processing:

We collect data on each visit to our website https://www.doneberlin.com/ ("Website") (so-called Server log files), which include the name of the Website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of device as well as name and version of the operating system, if a mobile end device is being used.

We use these server log files to ensure a trouble-free connection, usability, and functionality of our website and to evaluate the system safety and stability.

Legal basis:

When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.

Recipients:

The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

2.2 Agency Services

Nature and purpose of data processing:

We process data of our customers within the scope of our contractual services. Our services include but are not limited to the conceptual and strategic consulting, planning of campaigns, development of and consulting on design, managing of campaigns and general processes/handling, analyzing of data, training, planning of administration and communication and employer and employee branding.

We may process data such as customer names or addresses, contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), contract data (e.g. subject of contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. within the scope of evaluating and measuring the success of marketing measures). 

Data subjects include our customers and our customers’ employees. The purpose of the processing is the provision of contractual services, billing, and the provision of our customer service.

Legal basis:

The legal basis of the processing is Art. 6 sec. 1 lit. b GDPR regarding the provision of contractual services and otherwise Art. 6 sec. 1 lit. f GDPR, our legitimate interest being the optimization of our communications and services.

Recipients:

The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

2.3 Careers at DONE! – Recruiting for DONE!

Nature and purpose of data processing:

We will process your data through the careers section of the Website, if you apply for an open position at DONE!Berlin. In order to submit your application, you need to provide your name, email address, as well as your resume and/or CV. We may also ask for additional information to assist us with our recruitment process and in the event, you are offered a job. Such data may include date of birth, telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us. You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at DONE!Berlin or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.

In particular, we use your data:

  • To get in touch with you, communicate with you, update you and to facilitate your application,
  • To respond to your questions or concerns,
  • To carry out vetting of staff members (where required); this may involve our collection and use of sensitive personal information including information obtained from criminal background checks about offenses or alleged offenses and information relating to any proceedings for offenses committed or allegedly committed,
  • To assist in any disputes, claims, or investigations relating to your application, or
  • To comply with our legal, regulatory, and professional obligations.

If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.

Legal basis:

We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG)

Recipients:

The recipient of the data is a service provider in the EU. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Storage duration:  

We will store your information for 6 months after notification that we could not retain your application for a position at DONE!Berlin.

2.4 DONE! Talent Pool - Recruiting for Clients

Nature and purpose of data processing:

DONE! operates a talent pool which serves to bring talented individuals and parties interested in hiring them together. The TalentPool is technically handled via the myVeeta platform. 

In order to be included in the Talent Pool as a talent (which remains in the sole discretion of DONE!), any interested individual can submit to DONE! its CV and, if applicable, other relevant personal data via LinkedIn or our Website. The talent can create an account with myVeeta in order to manage the applications and also access them at a later date or make any adjustments. 

Legal basis:

The data processing for administering your application data and sharing it with partners as described above is based on your consent (Art. 6 sec. 1 lit. a GDPR).

Recipients:

The TalentPool is technically operated by MyVeeta (Talent Solutions GmbH, Kölblgasse 2, 1030 Vienna - Austria). 

When you register with the talent platform "myVeeta" in the talent pool of DONE!Berlin GmbH, you create a profile with myVeeta. Your data will be collected and processed by Talent Solutions GmbH for this purpose. It is the independent controller for the registration and administration of your profile. However, if Talent Solutions GmbH processes your data as part of the DONE!Berlin GmbH talent pool, it is jointly responsible with DONE!Berlin GmbH for the processing of your data.

For joint processing, DONE!Berlin GmbH and Talent Solutions GmbH have concluded an agreement in accordance with Art. 26 GDPR, in which we have determined who fulfills which data protection obligations. According to this agreement, both companies jointly provide you with the information in this privacy policy.

Talent Solutions GmbH acts as a common point of contact for all data subject enquiries in connection with the joint data processing within the framework of the DONE!Berlin GmbH talent pool. Please direct your enquiries in connection with the "myVeeta" platform and the processing of your data as part of the DONE!Berlin GmbH Talent Pool to privacy@myVeeta.com.In operating the Talent Pool, DONE! may disclose the data submitted by the talents to third parties interested in hiring the respective talent. 

Storage duration/Revocation of consent

You can change, add to or delete your data at any time. Your data will be deleted when you leave our talent pool. By doing so, you also revoke your consent to the storage/use (processing) of your data by us. To change/delete your data, please use your myVeeta access (see myVeeta.com/meinedaten).

2.5 Contacting us

Nature and purpose of data processing:

If you send us an email, your name, email address and other information you may provide, they are processed by us to work on your inquiry or to be able to contact you at a later time for follow-up questions.

Legal basis:

This data is processed only based on our legitimate interest to offer efficient communications channels to the public (Art. 6 sec. 1 lit.  f. GDPR), or based on initiating a or communicating under an existing business relationship (legal basis Art. 6 sec. 1 lit. b. GDPR).

Recipients:

The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

3. Data Processing on our Social Media Pages

We operate pages on the following social media channels:

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data.

When using Facebook, Instagram, or LinkedIn, data may also be processed outside the EU.

3.1 Data Processing and Legal Basis

On our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 sec. 11 lit. a, b GDPR) or based on legitimate interests in improving the services and presentation to the outside world (Art. 6 sec. 1 lit. f GDPR).

3.2 Facebook

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum).

This involves the processing of data in the form of so-called 'page insights', which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at: https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.

3.3 Instagram

When using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum).

This involves the processing of data in the form of so-called 'Instagram Insights' which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.

Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Instagram also uses cookies and similar technologies. For more information, please refer to: http://instagram.com/about/legal/privacy/

As an Instagram user, you can at any time influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/.

Instagram also provides opportunities to contact or exercise rights at:

https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.

4 Changes to our privacy policy

We reserve the right to adapt this data protection policy so that it always complies with the current legal requirements or to implement changes to our services in the data protection policy, e.g., when introducing new services. The current data protection declaration applies to every visit to the website.

Version 1.7 last updated 24.01.2024.