Lionstep Data Protection Declaration

I.               Person responsible, scope of application

This data protection declaration provides information about the type, scope, and purpose of our processing of personal data (hereinafter “data”) within our website www.lionstep.com (“website”) and our desktop app (“app”; website and app together hereinafter referred to as “online offer”).

 

Responsible

Lionstep AG
Dufourstrasse 101
8008 Zurich (Switzerland)

Contact the appointed data protection officer at: datenschutz@lionstep.com.

 

Representatives within the European Union

Thomas The Startup Lawyers
Oranienburger Str. 23
10178 Berlin

Our online offer provides further information.

II.      General information on data processing

1.      Scope of the processing of personal data

We process us er personal data only insofar as it is necessary for the provision of a functional online offer and for the provision of the services we offer. The processing of user personal data takes place upon user consent or based upon legal provisions that permit data processing.

Users have the right to revoke consent at any time without giving reasons and with no effect on future consent.

We also process personal data for statistical and market analysis purposes. In this context, statistics are created and evaluated in anonymous form on, but not limited to: industry affiliation, location, and market area of the website visitors. Details on the personal data we collect are to be found in this data protection declaration.

Additional data protection information may apply to special services (e.g. sending newsletters) for which you will be informed at the beginning of the use of the respective service.

2.       Data storage and deletion

In principle and unless otherwise stated, personal data is stored until the purpose of collection and storage no longer applies. As per your consent, data can also be stored until your consent is revoked.

Data may be stored as provided by the European or national legislator in Union regulations, laws, or other provisions to which we are subject. Such is the case, for example, with invoice data, which generally must be stored for at least 10 years.

The processing of data stored on the basis of such a statutory provision shall be restricted accordingly, i.e. the data shall no longer be processed for purposes other than for which it was collected. Data will also be blocked or deleted upon expiration of the storage period as prescribed by the aforementioned standards, unless there is a need to continue storing the data for the performance or conclusion of a contract.

3.      Use of processors

In the performance of the services offered by us, we use external service providers who, among other things, also process your personal data exclusively on our behalf. Our external service providers include but are not limited to: payment service providers, accounting service providers, newsletter delivery service providers, CRM service providers (including live chat providers, customer satisfaction, and customer support service providers), hosting service providers, and technical service providers (e.g. for troubleshooting or securing user consent). With all such processors, we have – if required by law – concluded agreements pursuant to Art. 28 GDPR on the processing of personal data on behalf users.

4.      Transfer to third countries

Unless otherwise stated, all data processing operations take place within the EU or EEA countries.

Data processing operations carried out by third party service providers established outside the EU or EEA affiliated countries may be carried out in part or in full within the countries of the respective establishment or in accordance with the respective data protection provisions.

Any transfer of personal data outside the EU or the EEA will take place only on the basis of an adequacy decision by the European Commission, or in accordance with standard contractual clauses of the European Commission. A list of current adequacy decisions is available on the European Commission’s website.

III.    Use of data in general form in the provision of the website and creation of log files

When you access our website, we automatically store usage-related data about the usage process. This includes in particular your IP address, the URLs visited, the length of stay, the operating system and browser used, and the amount of data transferred.

The collection of this data ensure the availability of our website. Collected data is also used to analyze, store, and evaluate user behavior anonymously and to continuously improve and develop the website service. For further details on the systems used in this process, please refer to the sections on cookies and social media, below.

We store your IP address in the log files to the extent necessary for security purposes. In addition, we hash your IP address to anonymize your connection and/or device.

The aforementioned purposes are also our legitimate interest, which justifies the data processing pursuant to Art. 6 Par. 1 lit. f) GDPR.

The basis of the processing adheres to Art. 6 (1) (f) GDPR.

IV.    Data processing during the creation of a profile

  1. Creation of a user profile as an employer

Within our app you have the possibility to create a profile to publish job advertisements and find suitable candidates. For this purpose, the following data is required: name, surname, company (for legal entities), contact details (including email address and password, telephone number), postal address, billing address, registration data, company and job descriptions. Further data may be provided on a voluntary basis.

We require the above-mentioned data to ensure that the user profile functions as intended and can be assigned to you only. The collection and processing of personal data in this context is justified by the service contract we conclude with you. If you do not provide us with this data, we will be unable to create a user profile for you and provide our associated services.

The basis of the processing adheres to Article 6(1)(b) GDPR.

2. Creation of a user profile as candidate

Within our app, you have the option to create a profile to view job postings and participate in application processes. For this purpose, you are required to provide the following data: name, surname, contact details (including email address and password, telephone number), postal address, photo, CV (including date of birth) and other information relevant to the application (e.g. degree title, special knowledge and skills, professional experience, etc.). You may volunteer further data.

If you create a user profile with us via your LinkedIn account (log-in via LinkedIn), we collect the information you provide on LinkedIn and connect you to your user profile on Lionstep.

We require the above-mentioned data to ensure that the user profile functions as intended and is assigned to you only. In addition, we can consider you for suitable job advertisements only on the basis of this data and allow you to participate in application procedures accordingly. The collection and processing of personal data in this context is justified by the user contract we conclude with you. If you do not provide us with this data, we will be unable to create a user profile for you and provide our associated services.

The basis of the processing adheres to Article 6(1)(b) GDPR.

3. Participation in an application procedure as an employer

Should you choose to activate suitable candidates for your vacancy, the data collected for your profile (a., above) will be disclosed to such candidates. The disclosure enables contact between employers and candidates and is therefore justified by the service contract we have with you.

The basis of the processing adheres to Article 6(1)(b) GDPR.

4. Participation in an application procedure as candidate

Should you wish to particpate in application procedures, the data collected for your profile (b., above) will be disclosed to Lionstep clients who have published a vacancy notice. The disclosure is necessary to enable contact between such clients and candidates and is therefore justified by the contract of use that we have concluded with you.

Should you access a job posting published by us via a link within a social network (e.g. LinkedIn), we collect and store the following information that you have made publicly available on the relevant social network: name, surname, referrer URL, employer and job title, retrieved job posting.

We collect this information to ensure that you do not apply for the same job more than once and that you are not contacted more than once in relation to the same job.

The basis of the processing adheres to Article 6(1)(b) GDPR.

5. Further processing due to legal obligations

We also store and process personal data in connection with your use of our online services, insofar as we are obligated or entitled to do so by relevant statutory provisions. Such is the case, for example, with invoice data relevant for proper accounting.

The basis of the processing adheres to Art. 6 para. 1 lit. c) GDPR.

V.      Data transmission when contacting

When you contact us via the contact form on the website, we collect the following personal data: name, email address, and phone number. Should you contact us via our live chat, we only collect information that you voluntarily provide to us via the chat window.

We use collected data exclusively to respond to your contact. No further processing takes place. Should you do not provide us with this data, we cannot process your request.

The basis of the processing adheres to Art. 6 para. 1 lit. b) GDPR.

VI.    Data Analysis

In order to constantly improve our services, we analyze the data collected from applications, enquiries, job advertisements, etc.

The analyses are carried out for the purpose of business evaluations, marketing, and market research. We may take into account details of information about users, e.g. the services they have used. The analyses serve to increase our user-friendliness, the optimization of our offer and business management. The analyses serve us alone and involve no external service providers. Only anonymous analyses based on aggregated values are disclosed to third parties.

The basis of the processing adheres to Art. 6 (1) (f) GDPR.

VII.  Use of cookies and other trackers

  1. a) Description and scope of data processing

In order to make our online offer and certain functions attractive to operate, we use so-called cookies or other tracking technologies (“trackers”) on various pages. Cookies are small text files that are stored on your terminal device. We use session cookies that are deleted at the end of the browser session, i.e. after you close your browser. Persistent remain on your terminal device to enable us or our partner companies to recognize your browser upon a return visit.

You can set your browser so that you are informed about cookie settings and can determine individual acceptance or exclusion of cookies in certain cases or in general. You can manually delete cookies from your terminal device at any time.

Should you reject cookies, the functionality of our website may be limited. Unless explicitly distinguished, the following refers to cookies and any other tracking technology.

We use cookies in accordance with Art. 6 para. 1 lit. c) GDPR, insofar as is necessary for the fulfilment of a legal obligation to which we are subject, as well as, pursuant to Art. 6 para. 1 lit. f) GDPR, for the protection of our legitimate interests in an optimized presentation of our offer, which prevail in the context of a balancing of interests.

With your consent only and in accordance with Art. 6 (1) a) GDPR, we use additional cookies that allow us to monitor and evaluate user behavior for market analysis purposes. These are third-party cookies that are used when you use our services. Please refer to the following sections for details. Unless otherwise stated, the transfer of your data to third parties in the USA, whose cookies are used via our website, takes place within the framework of the EU-USA Privacy Shield. However, there is currently no adequacy decision by the European Commission for the USA.

Unless explicitly stated otherwise, we use the following cookies and trackers only with your consent. The basis of the processing is therefore Art. 6 (1) a) GDPR.

GOOGLE ANALYTICS

We work with “Google Analytics”. This is a web analysis service of Google Inc. The information generated by the Google Analytics cookie about your use of our website is usually transmitted to a Google server in the USA and stored there.  IP anonymization has been activated on our websites so that the IP address of users is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the unabbreviated IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data, by installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively, you can click on the following link: deactivate Google Analytics. An opt-out cookie will then be set, which prevents the future collection of your data when visiting this website.

For further information on the handling of personal data by Google, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

GOOGLE REMARKETING

Google Ads is an offering of Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com).

As described above, we advertise our offer via Google Ads in the Google search results as well as on the websites of third parties. Insofar as you have given us your consent for this in accordance with Art. 6 (1) p. 1 lit. a GDPR, the so-called remarketing cookie is set by Google for this purpose when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. After the end of the purpose and the end of the use of Google Ads Remarketing by us, the data collected in this context will be deleted. Further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize ads you see on the web. In this case, if they are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define targeting lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target groups.

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here [https://www.privacyshield.gov/list]. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

You can revoke your consent at any time with effect for the future by deactivating

the remarketing cookie via this link [https://adssettings.google.com/authenticated?hl=nl]. In addition, you can obtain information from the Digital Advertising Alliance [https://www.aboutads.info/] about the setting of cookies and make settings for this.

FACEBOOK PIXEL

Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.

With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (“Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (“Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook Pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (“conversion”).

The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook’s data usage policy: https://www.facebook.com/policy. For specific information and details about the Facebook Pixel and how it works, see Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

You can withdraw your consent to the Facebook Pixel collecting and using your data to display Facebook Ads. In addition, to set what types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions there for the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform independent, meaning that they are applied to all devices, such as desktop computers or mobile devices.

You can also opt out of the use of cookies for reach measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

FACEBOOK CUSTOM AUDIENCES RETARGETING

Furthermore, we use the remarketing function “Custom Audiences” of Facebook Inc.. This allows users of the website to be shown interest-based advertisements when visiting the social network Facebook or other websites that also use this procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website more interesting for you.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page of our website or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and other identifying features.

Deactivation of the “Facebook Custom Audiences” function is possible via the settings in the cookie banner and for logged-in users at https://www.facebook.com/settings/?tab=ads#_möglich.

HOTJAR

Hotjar is a service provided by Hotjar ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.

We use the services of Hotjar to better understand the needs of our users and to optimize the offer on this website. With the help of these technologies, we get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and what they don’t like, etc.) and this helps us to align our offer with our users’ feedback. Hotjar uses cookies and other technologies to collect information about our users’ behavior and their devices (in particular, device IP address (collected and stored anonymously only), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website). This information is stored in a pseudonymized user profile. The information is neither used by these services nor by us to identify individual users or merged with other data about individual users. You can find further information in the respective data protection declarations: https://www.hotjar.com/legal/policies/privacy

You can also object to the storage of a user profile and information about your visit to our website by these services, as well as to the setting of tracking cookies on other websites, via this link: https://www.hotjar.com/legal/compliance/opt-out.

LINKEDIN

LinkedIn is a service of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. We use this service to analyze user behavior on our websites and thus to understand which content or offers are particularly popular. This enables us to continually improve our service and adapt it to the preferences of our users. When calling up our online offer, a cookie or similar “code-snippet” from LinkedIn is stored on the user’s end device. This allows us to track the user’s interaction with our website and the content available there.

You can find further information in the respective data protection declarations of these providers:

https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-tracking-ubersicht?lang=de and https://www.linkedin.com/legal/privacy-policy

  1. b) Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted by the user to our site or to the aforementioned third parties. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. Should cookies be deactivated for our website, use of all website functions to their full extent may no longer be possible. Individual cookie storage and lifetimes can be found in the respective linked data protection declarations of the third-party providers.

VIII. Newsletter

With the following information, we declare the contents of our newsletter and your rights of objection. We send newsletters, emails and other electronic notifications with promotional information (“newsletter”) only with the consent or legal permission of the recipient.

The newsletter is sent upon consent and in accordance with Art. 6 Para. 1 lit. a GDPR.

Once we have collected your email address as part of the purchase of our services, we may opt to send you email newsletters for offers similar to those services you have purchased from us unless you have opted out of receiving such newsletters. The basis for this under German law is Section 7 (3) UWG.

You can opt out of or revoke your consent to receiving newsletters from us at any time without incurring any costs other than the transmission costs according to the basic rates (i.e. the costs of your Internet provider, for example). We will inform you about your right to opt out when collecting the email address and in the respective newsletter. We provide a link to cancel the newsletter at the end of each newsletter.

IX.    Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access – you have the right to request information about the personal data we process or store.

Right to rectification – you have the right to request that we correct or complete inaccurate or incomplete data relating to you.

Right to erasure – you have the right to request that we erase your data in certain circumstances.

Right to restrict processing – you have the right to ask us to restrict the processing of your data in certain circumstances.

Right to object – you have the right to object to the processing of your personal data in certain circumstances.

Right to data portability – you have the right to request that we disclose or release your personal data to another data controller or to you in certain circumstances.

Your right of appeal – you may lodge a complaint with a data protection authority.

You have the right to object at any time, without giving reasons, to the processing of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is related to such direct marketing.

Should you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

X.      Changes to this privacy policy

Due to the dynamic development of the Internet, new technologies and possibilities are constantly evolving. To allow you to benefit from these opportunities and technologies, we reserve the right to change this policy in the future if or as we introduce new or additional services or change or expand existing services or service elements.

To the extent that the change to the data protection policy affects only the use of data in general terms and not the use of data in the context of a user profile, any new data protection policy will apply from the date it is updated on the Lionstep website.

A change to the policy that relates to the use of data already collected and stored for the purpose of sending newsletters will only be made if it is reasonable for you to do so. If and insofar as changes to the data protection declaration relate to the use of the data already collected and used for sending newsletters, we will notify you in good time by email, on our website, or in another form. In said notification, we will inform you of your right to object and designate a period of objection. Should you do not object within the designated period, you will be deemed to have accepted the amended data protection policy.