Data Privacy Policy

I. Who is the data controller?

The controller in the sense for this website in terms of the European Data Protection Regulation (GDPR) is Realtime Technologies GmbH, Ackerstraße 29, Berlin, Germany. You can find further information in our imprint.

You can also contact Realtime Technologies’ data protection officer using the following contact information:

ISiCO GmbH, Am Hamburger Bahnhof 4, 10557 Berlin, Germany, e-mail: privacy@kayzen.io

The data protection officer can be contacted at the above postal address and at the e-mail address given above (keyword: “attn. data protection officer”). We expressly point out that, if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, we therefore request that you first contact us directly via this e-mail address.

II. How we use your data

• General use of the website

When you visit our website, your browser automatically transmits certain information to us. This information includes the HTTP header information, especially your IP address, the accessed page or file, the time and date of your request, the previous accessed website or file, the access status/HTTP status code, browser, operating system, language and browser version as well as cookies stored on the terminal device of the domain accessed (‘network data’).

We use this data to enable you to retrieve the content of our website, to ensure the functionality, stability and security of our systems and to maintain our website in general for administrative purposes. The connection data is also stored in internal logfiles for the purposes described above, temporarily and limited in content to what is absolutely necessary, in order to find the cause and take action in the event of repeated or criminal requests that endanger the stability and security of our website. The legal basis for this data processing is Art. Art. 6 para. 1, letter b GDPR.

The logfiles are generally stored for a few days and then anonymised. Exceptionally, individual logfiles and IP addresses are kept longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.

• Contact

If you contact us, e.g. via our contact form, we only process your personal data, e.g. name, e-mail address, phone number (‘contact data’) and the content of the conversation (‘communication data’), for communication with you. The legal basis for this is Art. Art. 6 para. 1 letter b GDPR, insofar as your information is required to answer your enquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 letter f GDPR due to our legitimate interest that you contact us and that we can answer your enquiry. 

We only make promotional telephone calls if you have given your consent for this. If you are not an existing customer, we will only send you promotional e-mails on the basis of your consent. In these cases, the legal basis is Art. 6 para. 1 letter a GDPR in conjunction with. § 7 para. 2 no. 1 or 2 UWG (German Act against Unfair Competition, German: Gesetz gegen den unlauteren Wettbewerb). 

The contact and communication data will be deleted after we have completed processing your request, unless we need your request to fulfill other contractual or legal obligations.

• Newsletter
  

You can subscribe to our newsletter, with which we will regularly inform you about news on our products and campaigns. You can also unsubscribe from our newsletter at any time. The corresponding unsubscribe link is included in every newsletter. For this purpose, it is also sufficient to send a message to the contact details provided above or in the newsletter. The following data such as e-mail address, the time of registration and the IP address used for registration (‘subscription data’) are stored during your active subscription and a limited time after you unsubscribe from the newsletter. The storage serves the sole purpose of being able to send you the newsletters and to be able to prove your registration. The legal basis for this processing is your consent in accordance with Art. 6 Para. 1 letter a GDPR. 

Our newsletters use standard market technologies that enable the measurement of interactions with the newsletters (e.g. opening the email or activating links, ‘interaction data’). We use this data in pseudonymised form for general statistical evaluations and to optimize and further develop our content and customer communication. This is done by means of small graphics embedded in the newsletters (so-called pixels) that establish a connection to the server of the pixel when the e-mail is opened. Furthermore, we use links that first register a click on the link and then redirect to the desired target page. Our newsletter serves to share content relevant to our customers and to better understand what interests our readers. Your interaction data is stored until you unsubscribe from the newsletter. If you do not wish to have your user behavior analyzed, you can unsubscribe from the newsletter at any time (see above), or permanently deactivate the display of graphics and the output of HTML content in your email programme and do not click on any links.

The legal basis for the newsletter tracking is your consent in accordance with Art. 6 para. 1 letter a GDPR. Access to the information in the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TDDDG. 

• Job Applications, Talent Pool and Active Sourcing

You can use our Career Portal to apply for open positions. The corresponding data is collected for the purpose of applicant selection and the possible establishment of an employment relationship. In order to accept and process your application, we collect personal data, e.g., your first and last name, your e-mail address, application documents (e.g., certificates, CV), the earliest possible date you can start work and your salary expectations, LinkedIn profile name (‘applicant data’). Furthermore, we will use your given LinkedIn profile name in the application to consider your public and freely accessible data within the application process, where applicable. The legal basis for processing your applicant data is Art. Art. 6 para. 1 letter b and Art. Art. 88 para. 1 GDPR in conjunction with Section Art. 26 para. 1 sentence 1 BDSG (German Federal Data Protection Act, German: Bundesdatenschutzgesetz). 

We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we store your application data for as long as it is required for the employment relationship and to the extent that legal regulations justify an obligation to store it. 

If we reject your application, we will store your application data for a maximum of three months after rejecting your application, unless you give us your consent to store it for a longer period. 

If you have separately given us your consent in accordance with Art. 6 Para. 1 letter a GDPR, we will store your data submitted as part of the application in our Talent Pool for a further fifteen months after the end of the application process in order to identify any other interesting positions for you and, if necessary, to approach you again. After this period, the data will be deleted. You can withdraw this consent at any time with effect for the future.

For our Career Portal and Talent Pool we use our service provider Greenhouse Software Inc., 228 Park Avenue S, PMB 14744, New York, NY 10003-1502, USA, with which we have concluded a data processing agreement. Furthermore, Greenhouse Software Inc. is certified for the EU-US Data Privacy Framework, so that the transfer to the USA is governed by an adequacy decision according to Art. 45 GDPR.

Sometimes we proactively look for candidates for our open positions online and may then obtain your personal information from sources like LinkedIn or XING or other professional networks where you have published your profile. We may then store some of your data (such as name, link to your profile) in our database and contact you to inform you about our open positions. If there are no open positions at the moment, we ask your consent to store the data in the Talent Pool. The legal basis is Art. 6 Para. 1 letter 7 GDPR where data processing is based on our legitimate interest and Art. 6 Para. 1 letter a GDPR where the data processing is based on your consent.

• Use of cookies and similar technologies 

This website uses various services and applications (‘tools’) that are offered either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the device:

• • Cookies: small text files that your browser stores on your terminal device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually. 
  • Web storage (local storage / session storage): information stored on the device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in local and session storage can also be removed manually.
  • JavaScript: Programming codes (scripts) embedded or called up in the website that, for example, set cookies and web storage or actively collect information from the device or about the user behavior of visitors. JavaScript may be used for ‘active fingerprinting’ and the creation of user profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer work.
  • Pixel: tiny graphics automatically loaded by a service that can make it possible to recognise visitors by automatically transmitting the usual connection data and, for example, to determine whether an email has been opened or a website visited. With the help of pixels, ‘passive fingerprinting’ and the creation of user profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the design is then severely restricted.

The tools are used for the following purposes and categories:

• • Essential: Essential services enable basic functions and are necessary for the proper function of the website. These include especially consent management platforms.
  • Statistics: Statistics services process usage information, enabling us to recognize you as a visitor, to analyze user behavior, to gain insights into how our visitors interact with our website, and to adjust and optimize our website upon our usage evaluations.
  • Marketing: Marketing services are used by third-party advertisers or publishers to display personalized ads, to retarget you, to create audiences, and to evaluate our advertising campaigns. They do this by tracking and recognizing visitors across websites, and by creating usage profiles about your clicked advertisements and interests.
  • External Media: Content from video platforms and social media platforms is blocked by default. If External Media services are accepted, access to those contents no longer requires manual consent. Providers of embedded content and media may track your use of it for personalization and marketing purposes.

The legal basis for Essential tools is Art. Art. 6 para. 1 letter b and f GDPR. The access to and storage of information on the device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG. In this regard, we especially use the Elementor WordPress Page Builder to provide and maintain our essential website functions; this includes the storage of the “elementor” information on your device’s web storage.

The legal basis for Statistics, Marketing and External Media tools is Art. 6 para. 1 letter a GDPR. The access to and storage of information in the device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

The data collected includes in particular:

• network data (e.g. IP address),
• usage data (e.g. visited sites),
• event data (e.g. clicked buttons),
• identifiers
• approximate location data,
• language,
• device data (e.g. information about browser, and operating system, device, resolution).

You can manage your tool selection and withdraw your consent in our consent banner, which you can open with the icon in the lower left corner. There you can also find detailed information about the provider of the tools and our marketing partners, about the specific purposes of the tools, the data processed and the information stored on the device.

III. Transfer of your data

The data we collect about you will only be transferred if there is a legal basis for this in the specific case, in particular if: 

• you have given your explicit consent in accordance with Art. 6 para. 1 letter a GDPR,
• the disclosure pursuant to Art. 6 para. 1 letter f GDPR is necessary to protect our interests or for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• we are legally obliged to disclose your data in accordance with Art. 6 para. 1 letter c GDPR, in particular if this is necessary for legal prosecution or enforcement due to binding requirements (e.g. in the context of tax audits by the tax authorities), official enquiries, court orders and legal proceedings, or
• this is legally permissible and required pursuant to Art. 6 para. 1 letter b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures taken at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centers, software providers (e.g. for logfile management or sending newsletters), IT service providers, help desks, agencies, market research companies and consultancies. If we pass on data to our service providers, they may only use data to fulfill their tasks. Service providers are carefully selected and commissioned by us. 

Furthermore, we share your data with our group companies on the basis of a joint controller agreement to perform jointly determined purposes for our services, including especially the customer management, campaign management, trading management, product development, and analytics. For all aspects regarding this joint processing of data with our group companies, we are your preferred contact point.

We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. 

If there is an adequacy decision by the European Commission (Art. 45 GDPR) for these countries, we base the data transfer on this. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework.

Where the European Commission has not issued an adequacy decision for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations (Art. 46 GDPR).

Where this is not possible, we base the transfer of data on exceptions to Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your explicit consent, you will also be informed of this.

IV. Online presence in social networks

We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services. 

• Processing for advertising purposes of the social network providers

The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.

For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection information of the respective social network. The following links will also provide you with further information on the respective data processing and the options to object. 

• Processing for statistics

As part of the operation of our online presences, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country) as well as data on interaction with our online presences (e.g. likes, subscription, sharing, viewing of images and videos) and the posts and content distributed via them. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presence and optimise it for our audience. Please see the list below for details and links to the social network data that we, as operators of the online presences, can access. The collection and use of these statistics is usually subject to joint responsibility. Where applicable, the relevant agreement is listed below.

The legal basis for data processing is Art. 6 para. 1 letter f GDPR, based on our legitimate interest in effective information and communication with users, and Art. 6 para. 1 letter b GDPR, in order to stay in contact with and inform our customers, as well as to carry out pre-contractual measures with interested parties. 

• Access to publicly available information

Where you have an account with the social network, it is possible that we may see your publicly available information (e.g. profile name) and media (e.g. pictures and videos) when we access your profile. In addition, the social network may allow us to contact you. This may be, for example, via direct messages or via posted articles. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network as a messenger and platform service. For this processing, we refer to the data protection information of the respective social network.

• Processing of publicly available information

As soon as we transfer or process personal data from you into our own systems, we are independently responsible for this. The processing is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 para. 1 letter b GDPR or to pursue our legitimate interests in accordance with Art. 6 para. 1 letter f GDPR in order to contact customers.

• Data subject rights

We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.

• Our online presences

Below is a list of information about the social networks on which we operate online presences:

• • Facebook (USA and Canada: Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Meta Platforms Ireland Ltd, Serpentine Avenue, Block J, Dublin 4, Ireland).
    • agreement on joint processing of personal data: https://www.facebook.com/legal/terms/page_controller_addendum
    • Information on the processed data and the contact option for data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
    • Privacy policy: https://www.facebook.com/about/privacy/
    • Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com .
  • Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
    • Privacy policy: https://policies.google.com/privacy
    • Opt-Out: https://www.google.com/settings/ads .
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
    • agreement on joint processing of personal data: https://legal.linkedin.com/pages-joint-controller-addendum
    • Information on the processed data and the contact option for data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
    • Privacy policy: https://www.linkedin.com/legal/privacy-policy
    • Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

V. Storage period

We store your personal data only as long as it is necessary for the fulfillment of the purposes for which we have collected your data. Thereafter, we delete your data immediately, unless we need your data as evidence for civil law purposes or until the statutory retention periods expire  or there is another legal basis under data protection law for the continued processing of your data in the specific individual case. 

We are obliged to store your contractual data for evidence purposes for three years after the end of the year in which our business relationship with you ends. Any claims become statute-barred at the earliest time permitted under the statutory limitation period. 

However, for accounting or other legally prescribed purposes, it may be necessary for us to store your data for longer. We may be obliged to do so due to legal documentation obligations, e.g. in Germany according to the German Commercial Code (HGB) or the German Fiscal Code (AO). The periods specified there for the retention of documents are two to ten years.

VI. Your rights

You have the rights of data subjects set out in Art. 7 para. 3, Art. 15 – 22 GDPR at any time if the respective legal requirements are met:

• You have the right to obtain information about the processing of your personal data by us at any time. We will explain the data processing to you and give you an overview of the personal data we store about you (Art. 15 GDPR). 
• If your personal data stored with us is incorrect or no longer up to date, you have the right to have this data corrected (Art. 16 GDPR).
• You also have the right to have your data deleted (Art. 17 GDPR). If deletion is not possible due to other legal requirements, your data will be blocked so that it is only available for the legally prescribed purposes. 
• You also have the right to restrict the processing of your personal data (Art. 18 GDPR) if, for example, you dispute the accuracy of the data. 
• You also have the right to data portability (Art. 20 GDPR), i.e. we will provide you with a digital copy of your personal data stored with us upon request.
• You have the right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including, where applicable, the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR).

Right of withdrawal (Art. 7 Para. 3 GDPR):

You have the right to withdraw your consent at any time. This means that we will no longer process the data based on this consent in the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Right of objection (Art. 21 GDPR):

General objection: If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. 

Objection for direct marketing: If it is a matter of objecting to the processing of data for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

Assertion of your rights:

If you wish to exercise your right of withdrawal or objection, it is sufficient to send an informal message to the above contact details.

Finally, you have the right to complain to any data protection supervisory authority. You can assert this right, for example, with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your enquiries regarding the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for a longer period if there are grounds for asserting, exercising or defending legal claims. The legal basis is Art. 6 para. 1 letter f GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 para. 2 GDPR.

VII. Changes to the privacy notice

From time to time, we may update this privacy notice, for example, if we make changes to our website or if legal or regulatory requirements change.

Version: 2.0 / Status: November 2024