Controller of the processing of personal data is:
You can reach our data protection officer under the following contact information:
Humanitec GmbH, Datenschutzbeauftragter, Wöhlertstraße 12-13, 10115 Berlin/Germany;
telephone: +49 30 25779605
We process personal data provided by you or generated by us. For further information, see section II.
Generally, we process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for various purposes. In principle, the following can be considered as the purposes of the processing: the processing for the initiation of contractual relationships and the performance of contracts (Art. 6 (1) lit. b GDPR), for the protection of legitimate interests (Article 6 (1) lit. f DSGVO), based on your consent (Article 6 (1) lit. a GDPR) and/ or statutory provisions (Art. 6 (1) lit. c GDPR).
For further information, see section II.
There is no legal or contractual obligation to provide us with personal data. We only ask you to provide us with the data necessary for our services. Without this personal data, we may not be able to offer you our services.
We process data only as long as it is necessary in relation to the initial specified, explicit and legitimate purpose.
Additionally, we are subject to various filing and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and documentation specified there are up to ten years.
In light of possible legal claims, the processing period is also determined by statutory time limitations, which can be up to thirty years according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular time limitation is three years.
Every data subject has the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). To exercise those rights, you can contact us under the contact information given in section I. 1. or 2.
In addition, if you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy. The competent supervisory authority for Humanitec is: Berliner Beauftragte für Datenschutz und Informationsfreiheit
On our Website we may link to other websites by third parties.
Such websites by third parties are governed by the provisions and privacy policies of the respective third party offering the content behind those links. We do not actively check such links and external content unless required by applicable laws. If you discover wrong and/or inappropriate content please inform us, for example via email to email@example.com and we will delete and change such links immediately.
Kindly notice that when you click these links, you may be connected to such external service and your data may be processed outside the European Economic Area (EEA).
In order to ensure the best possible protection of your data, the Website is offered via a secure SSL connection.
In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”). A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.
We collect data about each visit of our Website (so-called server logfiles) (“Access Data”). Access Data includes the following: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, User's operating system, referrer URL (the previously visited page), IP address and the requesting provider
When using a mobile device Access Data also contains: Country code, language, device name, operating system and version name
We use this Access Data for statistical analysis for the purpose of operation, security and optimization of our Website. We anonymize Access Data before processing it for statistical analysis. However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications. This data is stored because this is the only way to prevent the misuse of our Website and Software and, if necessary, allow us to investigate any potential crimes committed. As a matter of principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.
This data processing is based on Art. 6 (1) f. GDPR and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.
In case the anonymization of IP-addresses is active on a website, the user’s IP-address will be truncated inside the European Union or the European Economic Area. Only in exceptional cases the user’s full IP-address will be transmitted to a server of Google in the US and truncated there. IP-anonymization is active on our websites.
On behalf of us, Google will process this data in order to analyze your use of our websites, to generate reports on website activity and to render further services regarding the use of our websites. The IP-address transmitted by your browser will not be associated with other data in possession of Google.
You can prevent the storage of cookies by modifying your browser setting to decline cookies. Furthermore, you can prevent the collection and following procession of data by Google through this cookie by downloading a browser-plugin through the following link: tools.google.com/dlpage/gaoptout/.
Preventing storage of cookies may prevent you from taking full advantage of our websites.
You can find further information about terms and conditions as well as data protection on www.google.com/policies/privacy/.
The processing of personal data through Google Analytics is based on Article 6 (1) lit. f GDPR. Purpose and our legitimate interest are analysis of the use of our websites as well as improved functionality.
When you subscribe to our newsletter we process your email address based on your explicit consent Article 6 para. 1 subpar. 1 lit. a GDPR to provide you with regular information about us.
To send and personalize our newsletters, we use HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA (“HubSpot”).
HubSpot enables us to measure and evaluate the behavior of our newsletter recipients. This includes the opening, click, bounce, delivery, unsubscription and conversion rates. This evaluation is carried out through pixel-tags, which collect information such as the IP address, browser type/version, email client and time of retrieval. In this way, it is also possible to track who opens the email and clicks on the links it contains. The evaluation of the user behaviour is carried out for the purpose of measuring the success of the email campaigns and improving our our offer.
The data you provide will be transferred to a HubSpot server in the USA and stored there.
The revocation of your consent is possible at any time, e.g. via a link at the end of each newsletter. Alternatively you can send us an email with your revocation request.
When contacting us (e.g. by email or through the website), we process your name, email address and any personal data disclosed in the message itself.
The processing is based on Art. 6 (1) f. GDPR. Purpose and our legitimate interest is answering your enquiry and, if applicable, follow-up questions.
The web analysis, tracking and targeting tools listed below are necessary for the purposes of our legitimate interests in accordance with Article 6 para. 1 subpar. 1 lit. f GDPR.
Through web analysis, we aim to ensure a needs-based design and the continuous optimisation of our website. At the same time web analysis enables us to statistically track the use of our website and evaluate it for the purposes of optimizing our offer for you.
Conversion tracking tools allow us to measure and analyse the effectiveness of certain measures on our website and on third-party platforms. We have a legitimate interest in making such measurements to target our customer communications. In this context, the user behaviour in connection with marketing measures are recorded and tracked, without disclosing the identity of the user tracked.
Through targeting tools we want to ensure that only certain advertising, based on your actual or assumed interests are displayed to you.
These interests are legitimate within the meaning of Article 6 para. 1 subpar. 1 lit. f GDPR.
The respective catagories of data processed, specific purposes and specific options to opt-out can be found in the corresponding targeting tools, listed hereinafter.
The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information on the browser and operating system used) are generally transferred to servers of Google in the USA and processed there. Google complies with the privacy regulations of the EU-US Privacy Shield and is registered with the US Department of Commerce’s Privacy Shield Program. Thus Google provides guarantees to comply with EU data protection law.
We use Google Analytics based on our legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f DSGVO) in the analysis and optimisation of our online services and the economic operation of this website. Google therefore processes the information on our behalf in order to evaluate the use of the website, compile reports on website activity and provide us with other services relating to website activity and internet usage for market research purposes and to tailor this website to meet our needs.
We have entered into a processor agreement with Google for the use of Google Analytics. Through this agreement, Google assures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.
We Google Analytics exclusively with IP anonymization enabled. This means that Google shortens the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is transmitted to a Google server in the USA and shortened there. The IP address is, by no means, merged with other data held by Google.
We do not use the Universal Analytics with User ID offered by Google.
If necessary, the collected data will be transferred to third parties, if this is required by law or if third parties process the data on behalf of third parties.
The user data collected via cookies will be automatically deleted after 14 months.
You can prevent the installation of cookies by setting the browser software accordingly. However, we would like to point out that in this case not all functions of this website can be used fully.
You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing data by clicking on the following link.
An opt-out cookie will be set to prevent your data from being collected in the future when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
On our website we use Google Ads (Conversion Tracking and Remarketing) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). The service enables us to design, statistically record, optimize and display advertising content according to our needs. In order to ensure the visibility of our offer, we are dependent on such advertising content. Google Ads places a cookie on your computer if you have accessed our website via a Google advertisement. These cookies lose their validity after 90 days. If you visit certain sections of our website and the cookie has not yet expired, Google may recognize that you have clicked on the ad and have been directed to that page.
In addition, we use remarketing pixels to collect and evaluate information about your use of our website. This enables us to address you on other websites with content relevant to you. According to Google, the data collected during remarketing is not merged with any personal data stored by Google. In addition, Google pseudonymises this data. Remarketing data based on tags are stored for 90 days.
The information generated by the cookie and pixel tag about your use of this website, such as click performance on texts and products or interactions with videos, are transmitted to a Google server in the USA and stored there. Google complies with the EU-US Privacy Shield regulations and is registered with the US Department of Commerce’s “US Privacy Shield” program.
Each ads customer receives a different cookie. As a result, cookies cannot be traced beyond the respective ads customer websites. The information collected using the conversion cookie is used to generate conversion statistics for ads customers who have opted for conversion tracking. As an ads customer, we see the total number of users who have clicked on an ad and been directed to a site with a conversion tracking tag. However, we do not receive any information that personally identifies you.
If you do not wish to participate in the tracking method, you can also decline to set a cookie as required for this – for example, by setting your browser to disable the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. You can opt out to the use of the remarketing pixel here.
Our website uses the Google Tag Manager tool from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager is used to manage the Google tools described in this privacy statement. For details regarding these tools, please refer to the information regarding the specific tool.
The Tag Manager tool itself (which implements the tags) is a cookie-free domain. The tool however, triggers other tags that may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it will apply to all tracking tags implemented with Google Tag Manager.
We use the marketing services “LinkedIn Ads” and “LinkedIn Analytics” of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “Linkedin”). The service enables us to obtain statistical information about visitors to our website. This enables us to tailor and place our content and advertising to meet your needs. The following personal data is usually transmitted to a server in the USA through a pixel tag embedded in our website (so-called LinkedIn Insight Tag).
LinkedIn complies with the EU-US Privacy Shield and is registered with the US Department of Commerce’s US Privacy Shield Program.
The data processed using the embedded insight tag is stored in a cookie. The purpose of the cookie is to enable you to see relevant offers and recommendations that may be of interest to you after you have informed yourself on the website about certain services, information and offers.
You may opt out of LinkedIn’s analysis of your usage patterns and the display of interest-based recommendations here.
An opt-out cookie is set to prevent your information from being collected in the future when you visit this site. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
The processing is carried out on our behalf, based on a data processing agreement we have with HubSpot. This ensures that HubSpot processes the data in accordance with the GDPR and ensures the protection of the data subject’s rights. HubSpot is a US-based software company with a representative in Ireland. However, it cannot be ruled out that the information generated by the cookie about your use of this website is transmitted to and stored by a server of HubSpot in the USA. Therefore, HubSpot is certified under the terms of the EU-US Privacy Shield Framework and is governed by the TRUSTe’s Privacy Seal and the US-Swiss Safe Harbor Framework, which ensures the security of your data.
If you do not want this, you can reject the processing of your data at any time.
This website uses the Twitter online advertising program “Conversion Tracking” and the associated pixel tag technology from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter “Twitter”). This allows us to track your user behaviour when you have viewed or interacted with ads on Twitter. This gives us a better overview of how successful our campaigns on Twitter are and enables us to continually optimize these campaigns.
The pixel tag is loaded to or from your device when you respond to an ad we place on Twitter, for example by clicking a link to our website. In this context, a pixel ID is created and stored in a cookie so that we can temporarily analyze your user behavior. The pixel tag is not used to identify you personally.
Twitter Opt-Out: In connection with the use of Twitter Conversion Tracking, the information collected is also processed on servers of Twitter Inc. in the USA. Twitter is certified under the EU-US “Privacy Shield” data protection agreement and is therefore committed to complying with European data protection regulations.
You can find further information on data protection at Twitter in their Help Center.
This website uses Twitter ads from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107 (USA) (“Twitter”). Twitter Ads enables us by using pixel tags and cookies to implement targeted advertising, re-targeting and conversion measurements for online advertising. In doing so, offers for specific target groups are played out on the basis of a selection of general criteria, such as demographic characteristics, regions or interests. Twitter Ads also allows us to target ads based on your previous website views. For example, advertisements and references to our offers and content may be displayed if you are interested in certain services, information or offers on our website. Only general and technical information about the web sites accessed is evaluated. If you do not wish to be tracked by Twitter in general, you can prevent the storage of cookies at any time by changing your browser settings, which could restrict their function.
Twitter is certified under the EU-US Privacy Shield and is committed to complying with European data protection regulations. Twitter also adheres to the do-not-track setting of your browser. Further information can be found on the Twitter pages.
As a Twitter user, you can also opt out of the data processing described above by unchecking the “Tailor ads based on information shared with advertisers” box next to the “Sponsored Content” heading in your Security and Privacy Settings. More information can also be found on the Twitter’ website.
Alternatively, and with a view to processing using pixel tags, you can opt out by clicking on the following button.
Twitter Opt-Out: You can find further information on data protection at Twitter in their Help Center.
We use the pixel tag of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). Facebook Pixel allows us to see how you react to our Facebook ads, for example, when you click on a link in the ad that leads to our website. This gives us a better understanding of how successful our Facebook campaigns are and enables us to continually improve them. In this context, a pixel ID is created and stored in a cookie so that we can analyze your user behavior until the pixel count expires. The pixel tag is not used for personal identification.
If you do not want us to evaluate your user behavior in connection with Facebook ads, you can, as a Facebook user, object to the collection by the Facebook pixel in the settings for Facebook ads after logging into your account. If you would like to opt out from the data processing with Facebook’s pixel on our website, click here on the opt-out link.
Facebook pixel opt-out: An opt-out cookie is stored on your device. If you delete your cookies, you must opt out again.
In connection with the use of Facebook Pixel, the information collected may also be processed on Facebook Inc. servers in the United States. Facebook is certified under the EU-US Privacy Shield and is committed to complying with European data protection regulations.
You can find more information about privacy on Facebook in their help section.
This website also uses Facebook Custom Audiences from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). This is a Facebook marketing service that allows us to display personalized and targeted advertising on Facebook to certain groups of pseudonymous visitors to our website who also use Facebook.
Our website has an integrated Facebook Custom Audience pixel that stores personal information about the use of the website. This includes your IP address, the browser you are using, and the source and target pages. This information is transferred to Facebook servers in the United States. There it is automatically checked whether your browser has saved a Facebook cookie. The Facebook cookie automatically determines whether you belong to the target group relevant to us. If you belong to the target group, we will display corresponding ads on Facebook. During this process, you will not be personally identified by us or Facebook by comparing the data.
Facebook is subject to the EU-US Privacy Shield to ensure an adequate level of privacy.
You may opt out of using the Custom Audiences service on Facebook’s website. After logging in to your Facebook account, you will be taken to the settings for Facebook ads.
We use on our website components (videos) of the company YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”), on the basis of our legitimate interests in accordance with Art. 6 para. 1 subpar.. 1 lit. f DSGVO to make our website more attractive for you.
We use the “enhanced privacy mode” option provided by YouTube to do so.
When you visit a page that has an embedded video, YouTube connects to the YouTube servers and displays the content on the website by notifying your browser.
According to YouTube, in “extended data protection mode”, your data – in particular the pages of our website you have visited and device-specific information including your IP address – will only be transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.
If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your account before you visit our website.
Google complies with the US Privacy Shield and is registered with the US Department of Commerce’s US Privacy Shield program.
You have the right, to
We process your requests for information, correction, deletion, restriction of processing of personal data and data portability pursuant to the GDPR. In doing so we process the following personal data:
The processing of personal data is based on Article 6 (1) lit. c GDPR. Purpose is an effective affected rights management.
We do not use automated decision-making. Regarding profiling, we use the tracking tool Google Analytics. For further information about our use of Google Analytics see section II. 3. – “Google Analytics”.
In some cases we share your personal data with third party controllers (see Article 4 No. 7 GDPR). These are the following controllers:
We use processors (see Article 4 No. 8 GDPR) that process personal data on our behalf. These include the following processors:
Data Processing Purpose: We use Google Analytics to analyze traffic on our Website.
Data Processing outside the EU / Compliance with EU Data Protection Standard: Personal data is anonymized before being transferred outside of the EU/ EEA.
Further Information: You can find further information here: www.google.com/policies/privacy/.
Data Processing Purpose: For processing applications to open positions, we use Personio, HR and applicant management software. Personio GmbH comply with all applicable data protection and privacy laws & regulations in the performance of its obligations under the General Data Protection Regulation. Before submitting application via Personio Application form integration you will be asked to consent with the Privacy Notice.
Further Information: You can find further information here: https://www.personio.com/privacy-policy/
Data Processing Purpose: We use Webflow to build our website.
Further Information: You can find further information here: https://webflow.com/legal/eu-privacy-policy
Data Processing Purpose: This is an integrated software solution and we use HubSpot as a customer relationship management tool (CRM). At the same time, HubSpot produces various reports on our behalf in order to optimize our website. The processing is carried out on our behalf, based on a data processing agreement we have with HubSpot. This ensures that HubSpot processes the data in accordance with the GDPR and ensures the protection of the data subject’s rights. HubSpot is a US-based software company with a representative in Ireland. However, it cannot be ruled out that the information generated by the cookie about your use of this website is transmitted to and stored by a server of HubSpot in the USA. Therefore, HubSpot is certified under the terms of the EU-US Privacy Shield Framework and is governed by the TRUSTe’s Privacy Seal and the US-Swiss Safe Harbor Framework, which ensures the security of your data.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 (1) lit. f GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR).
Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defence of legal claims.
You also have the right to object at any time to processing of personal data concerning you for the purpose of advertising; this also applies to profiling insofar as it is associated with advertising.
Should you decide to object to the processing for advertising purposes, we will stop to process personal data concerning you for these purposes.
The objection is not subject to any form. Ideally, it should be lodged at the bodies mentioned in section I. 1. and 2.