Data privacy statement

Contact information

website operator
pludoni GmbH
Pillnitzer Landstraße 73 b
01326 Dresden
info@pludoni.de

data security
0351/28792370
datenschutz@pludoni.de 

Categories of affected persons

Users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

Purpose of processing

  • Provision of the online offer, its functions and contents
  • Answering contact requests and communication with users
  • Security measures

The types of processed data

  • Meta and communications data (e.g. device information, IP addresses) 
  • Usage data (e.g. logdata, access times) 
  • Inventory data (e.g. names, addresses)
  • Contact data (e.g. e-mail)
  • Content data (e.g. entered texts, images)

Receipients of data

The recipients of the data can be divided into the following categories: 
  • Internal systems of pludoni GmbH (website usage, log data analysis)
  • Employees of pludoni GmbH who advise on the use of the product (contact form)
  • Selected employees of pludoni GmbH (application)
  • Subcontractors of pludoni GmbH (hosting)

Determination of access data and log files

Each time you access our website, usage data is transmitted to us and our web host / IT service provider via your Internet browser and stored in log data (server log files). These stored data include, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 para. 1 lit. f DSGVO out of justified interest in ensuring the trouble-free operation of our website and to improve our services. 

Security measures

In compliance with Art. 32 DSGVO, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in consideration of the state of technology, the implementation costs and the type, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons. 

Such measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure the exercise of data protection rights, deletion of data and response to data breaches. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 DSGVO). 

Cookies

"Cookies" are small files that are stored on users' computers. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users revisit an online offering after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the responsible party that operates the online offering (otherwise, if they are only the responsible party's cookies, they are referred to as "first-party cookies").

In addition to the distinction between temporary and permanent, cookies can be divided into required and non-required. All cookies that are necessary to enable the technical operation of a website are considered necessary. Non-required cookies are used, for example, to enable analyses of the usage behavior of visitors to a website (profiling, tracking).

We use a required and temporary session cookie for the following purposes:
  •  Security measures of the contact form (e.g. prevention of cross site scripting attacks).

We process these cookies according to Art. 6 para.1 lit. f DSGVO for the legitimate interest in the above purposes.

You have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can prevent the storage of cookies and transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of the website to their full extent.

You can find out how to manage (including disabling) cookies on the main browsers by following the links below:

Chrome browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Cooperation with subcontractors

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is required pursuant to Art. 6 Para. 1 lit. b DSGVO for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). 

If we engage third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 DSGVO. 

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. 

According to legal requirements in Germany, data is stored in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

Your rights as data subject

As a data subject, you have the following rights:

  • Information: You have the right to request confirmation as to whether data concerning you is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 of the GDPR. 
  • Accuracy: In accordance with Art. 16 of the GDPR, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected. 
  • Deletion: In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data. 
  • Transfer: You have the right to request that the data concerning you, which you have provided to us, be received in accordance with Art. 20 DSGVO and to request its transfer to other data controllers. 
  • Complaint: you have the right to complain to the supervisory authority in accordance with Art. 77 DSGVO if you consider that the processing of your personal data is not lawful. 
  • Withdrawal of consent: You have the right to revoke given consents pursuant to Art. 7 (3) DSGVO with effect for the future.
  • Objection: If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) lit. f DSGVO, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation.

To exercise your rights under the GDPR, please send an email with your request to: datenschutz@pludoni.de.

Relevant legal bases

According to Art. 13 DSGVO we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following is valid: 
  • The legal basis for the obtaining of consents is Art. 6 para. 1 lit. a and Art. 7 DSGVO
  • The legal basis for the processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO
  • The legal basis for the processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO
  • The legal basis for the processing in order to preserve our legitimate interests is Art. 6 para. 1 lit. f DSGVO
  • In cases where essential interests of the affected person or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as general legal basis.

Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Analysis software used

To analyze the use of the website, we use only internal systems and no external software.

Transfers to third countries

We do not process data in countries outside the European Union (EU) or the European Economic Area (EEA).

Video conferencing, online meetings, webinars and screen sharing

We use platforms and applications of other providers (hereinafter referred to as "third-party providers") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting the third-party providers and their services, we observe the legal requirements.
In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual as well as vocal contributions and entries in chats and shared screen contents.
If users are referred to the third-party providers, or their software or platforms, in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Microsoft Teams

We use the "Microsoft Teams" tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service of Microsoft Corporation. When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting". 
 

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  •  Data subjects: Communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: contractual performance and service, contact requests and communication, office and organizational procedures.
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

You may have the option of using the chat function in an "online meeting". In this respect, the text entries you make will be processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time through the "Microsoft Teams" applications. 
If we want to record "online meetings", we will transparently inform you in advance and - if necessary - ask for consent. 
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 DSGVO is not used. 

Further links to Microsoft Teams:

  • Imprint: https://www.microsoft.com/de-de/rechtliche-hinweise/impressum
  • Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

Contact Form

Rechtsgrundlage

Consent according to Article 6, paragraph 1a DSGVO.

Purpose of collection

You can send us an e-mail using the contact form. For the purpose of sending the e-mail, it is necessary that the e-mail address you have provided is used. The e-mail address will be deleted after sending.

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)

Deletion of data

After the email is sent, your email is not saved

Categories of affected people
  • User
Categories of personal data
  • Contact information (Name, e-mail, ...)
Categories of recipients of the data
  • Employees of pludoni GmbH

Application form

Rechtsgrundlage

Contractual basis according to Article 6, paragraph 1b DSGVO

Purpose of collection

Job seekers can apply for job advertisements via our portals (https://www.empfehlungsbund.de). All data and files provided during the application process (application data) are processed by our system for the purpose of transmission to the respective company as well as for quality assurance and troubleshooting. All application data is anonymized after 60 days and uploaded files are deleted. Application data from companies that have placed an ad campaign will be anonymized after 60 days or the end of the campaign period. If the application is pre-filled using information from social networks (example: XING resume), all data from these services will also be used exclusively to create the resume and fill out the form. They are not stored permanently.

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)

Deletion of data

Application data anonymized after 14 days. Applications from companies with ad campaigns are anonymized at the end of the term (standard 31 days).

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
  • Job Application data (CV, Intro letter, company, job/position)
Categories of recipients of the data
  • Internal systems of pludoni GmbH
  • Employees of pludoni GmbH
  • Receiving company

Searches Subscribe

Rechtsgrundlage

Consent according to Article 6, paragraph 1a DSGVO.

Purpose of collection

To be informed when new search results are available for one or more search term(s), job seekers can subscribe to search queries. To do so, they must enter their e-mail address and then verify it via a confirmation e-mail. Verified e-mail addresses will receive a maximum of one e-mail per day with new job advertisements. The use of this function can be terminated at any time. An unsubscribe link is included in each e-mail. The e-mail address is stored for the duration of use.

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)

Deletion of data

Storage for the duration of use

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
Categories of recipients of the data
  • Internal systems of pludoni GmbH
Rechtsgrundlage

Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit.f DSGVO (Berechtigte Interessen)

Purpose of collection

wirtschaftlicher Erfolg und die Optimierung unserer Serviceleistung.

Technical and organizational measures

Beim Versenden Ihrer Daten wird eine verschlüsselte Verbindung verwendet (HTTPS).

Deletion of data

Speicherdauer: Conversion-Cookies laufen in der Regel nach 30 Tagen ab und übermitteln keine personenbezogenen Daten.

Verarbeitete Daten: Zugriffsstatistiken, die Daten wie Standorte der Zugriffe, Gerätedaten, Zugriffsdauer und Zeitpunkt, Navigationsverhalten, Klickverhalten und IP-Adressen enthalten. Auch personenbezogene Daten wie Name oder E-Mail-Adresse können verarbeitet werden.

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Application specific data
Categories of recipients of the data
  • Employees of pludoni GmbH

Prefill application form via XING API

Rechtsgrundlage

Consent according to Article 6, paragraph 1a DSGVO.

Purpose of collection

Users of the application form are free to have the form pre-filled with data from their own XING account.
This requires a one-time request to XING, where the person may have to log in. XING responds to this request with a summary of the stored information in JSON format. 
The API endpoint https://dev.xing.com/docs/get/users/me is requested. The information contained in the response can also be found in this link.
The data provided by Xing is requested via an encrypted connection (HTTPS) and is not stored. The processing is carried out for the purpose of pre-filling the application form and is executed as soon as a user presses the button provided for this purpose.

Further information can be found in the XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person

Translated with www.DeepL.com/Translator (free version)

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)

Deletion of data

Data is not stored persistently and is retained for the period of processing (query from XING and pre-filling of the form).

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
Categories of recipients of the data
  • Internal systems of pludoni GmbH
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more