Privacy statement evelop.me

We are glad that you are interested in our website. The protection of personal data is our first priority. Below you find information about the processing of your personal data and your rights within the use of our website.


1. Controller
The controller responsible for the data processing is:
Kienbaum Consultants International GmbH
Edmund-Rumpler-Straße 5
D-51149 Köln
Telefon: +49 152 09225466
E-Mail: datenschutz@evelop.me


2. Data protection officer
You can contact our data protection officer as follows:

Dr. Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
Adenauerallee 136
D-53113 Bonn
Telephone: 0228/2272260
Contact: https://www.scheja-partner.de/kontakt/kontakt.html

 

3. Rights of the data subject

As data subject you have the following rights in accordance to the General Data Protection Regulation (GDPR) as far as the respective legal requirements are met:  

Access: You have the right to obtain information about your personal data processed by us.

Rectification: You can obtain the rectification of inaccurate personal data concerning you. Furthermore you can obtain the completion of incomplete personal data.

Erasure: In specific cases you can obtain the erasure of your personal data.

Restriction of processing: In specific cases you can obtain restriction of processing of your personal data.

Data portability: If you provided data to us based on a contract or your consent you can demand that you receive the provided data in a structured, commonly used and machine-readable format or that we transmit the data directly to another controller.

Data portability:

If you provided data to us based on a contract or your consent you can demand that you receive the provided data in a structured, commonly used and machine-readable format or that we transmit the data directly to another controller.

Right to object 

Individual right to object:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 subparagraph 1 GDPR, including profiling based on those provisions. We will then no longer process the personal data for those purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

 

Right to object to processing for direct marketing purposes

In some cases we process your data for direct marketing. You have the right to object to the processing of your personal data for those purposes at any time. This applies to profiling as far as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, your personal data will not be processed for those purposes any longer.

Withdrawal of consent: 

If you gave your consent to the processing of your personal data you can withdraw your consent at any time with future effect. The lawfulness of the processing of your personal data until your withdrawal will not be affected. In addition to the options stated under ‘enforcement of your rights’ you can explain your withdrawal according to the respective information concerning ‘exercising the right to object’ in the section ‘Services & Cookies’.

Enforcements of your rights:

To exercise the aforementioned rights please contact datenschutz@evelop.me or by post to the address stated under number 1. When doing so please make sure an unambiguous identification of yourself is possible.

Right of appeal: 

You have the right to lodge a complaint with a data protection supervisory authority, particularly one in the member state of your habitual residence, work place or the place of the suspected violation, if you are of the view that the processing of your personal data is unlawful.

4. Automated individual decision-making, including profiling

Automated individual decision-making, including profiling within the meaning of Art. 22 GDPR does not take place within the use of our service. In case profiling should take place in the context of jointly controlled services, we expressly point out this fact.



5. Details on services, cookies & co.

5.1 Our own services

Functionality: Display of service

Data categories:
Date and time of access, duration of visit, type of device, used operation system,used functions, amount of sent data, type of event, IP address

Purpose(s):
Providing service

Legal basis:
Article 6 section 1 a), b) and f) GDPR

Pursued legitimate interests:
Technical functionality

Recipients or categories of recipients:
Internal departments, processor for the provision of the communication tool Zapier Inc.

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processor (further information: https://www.privacyshield.gov/list)

Storage periods or criteria for their determination:
90 Days

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide, automatic collection by accessing the service

Withdraw of consent, if applicable:
By post to the address stated under number 1 or by email to datenschutz@evelop.me

Source of:
Direct survey when accessing the website


Functionality: Logfiles

Data categories:
IP address of the user, information about the browser type and the used version, host name, point in time of visit, website where the user came from(‘referrer’), name of accessed URL, date and time of access, amount of transferred data UUID, protocol data of usage behavior

Purpose(s):
Statistical evaluations, system security (fraud prevention), error diagnosis

Legal basis:
Article 6 section 1 a), b) and f) GDPR

Pursued legitimate interests:
See purposes

Recipients or categories of recipients:
Internal departments, processor for the optimization of our web service Microsoft Corp.

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processor (further information: https://www.privacyshield.gov/list), Standard contractual clauses pursuant to Art. 46 section 2 GDPR, copy can be requested by using contact information in number 1.

Storage periods or criteria for their determination:
90 Days

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide, automatic collection by accessing the service

Withdraw of consent, if applicable:
By post to the address stated under number 1 or by email to datenschutz@evelop.me

Source of:
Direct survey when accessing the website

Functionality: Registration and log in

Data categories:
Name, email address, password

Purpose(s):
Fulfillment of the registration process and log in in order to use the service evelop.me

Legal basis:
Article 6 section 1 a), b) and f) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Internal departments, only your name is also transferred to our processor Typeform S.L. for your personal address

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processor (further information: https://www.privacyshield.gov/list)

Storage periods or criteria for their determination:
Data will be deleted after the end of the project and 90 Days of inactivity.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
By post to the address stated under number 1 or by email to datenschutz@evelop.me

Source of:
Direct survey by the registration form

Functionality: Appointment booking

Data categories:
IP address, email address, desired date, phone number, name

Purpose(s):
Appointment coordination between user and coach

Legal basis:
Article 6 section 1 a), b) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Internal departments, processor for the provision of the appointment booking functionality Calendly LLC

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Consent pursuant to Article 49 section 1 a) GDPR

Storage periods or criteria for their determination:
Data will be deleted after the end of the project and 90 days of inactivity.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
By post to the address stated under number 1 or by email to datenschutz@evelop.me

Source of:
Direct survey by the appointment booking form


Functionality: User profile

Data categories:
First and last name, address, email address, personal goal

Purpose(s):
User profile setup

Legal basis:
Article 6 section 1 b) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Internal departments

Third country transfer: Adequacy decision (yes/no):
--

Safeguards and access possibilities to those, if applicable:
--

Storage periods or criteria for their determination:
Data will be  deleted after the end of the project and 90 days of inactivity.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
--

Source of:
Direct survey by the user profile setup form

Functionality: Programs and exercises

Data categories:
Information, which user enters in the respective free text and selection fields, whereby, inter alia, users are asked for information about the current employment and living conditions and personal goals, IP address, first name, UUID

Purpose(s):
Provision of various exercises

Legal basis:
Article 6 section 1 b) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Internal  departments, processors for the acquisition of the questionnaires Typeform  S.L., Zapier, Inc. for controlling the programs and exercises as well as  following actions

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processors (further information: https://www.privacyshield.gov/list)

Storage periods or criteria for their determination:
Data will be  deleted after the end of the project and 90 days of inactivity.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
--

Source of:
Direct survey by the questionnaire



Functionality: Communication between coach and user

Data categories:
First name, last name, UUID, email address, events (for example completion of exercises)

Purpose(s):
Information of the respective coaches about coaching relevant user activities, in order to be able to react to these activities

Legal basis:
Article 6 section 1 a), b) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Internal departments, processor for the provision of the communication tool Zapier Inc.

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processors (further information: https://www.privacyshield.gov/list)

Storage periods or criteria for their determination:
Data will be  deleted after the end of the project and 90 days of inactivity.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
By post to the address stated under number 1 or byemail to datenschutz@evelop.me

Source of:
Direct survey with respective activity on the website

Functionality: Newsletter dispatch

Data categories:
Email address, IP address

Purpose(s):
Dispatch of the newsletter

Legal basis:
Article 6 section 1 a) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Internal departments, especially marketing, dispatch via Microsoft Exchange Server (Microsoft Corp), processor for dispatch of the newsletter ActiveCampaign LLC, processor Zapier Inc. for communication with Active Campaign.

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processors (further information: https://www.privacyshield.gov/list) Standard contractual clauses pursuant to Art. 46 section 2 GDPR, copy can be requested by using contact information in number 1.

Storage periods or criteria for their determination:
After unsubscription  from the newsletter

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
Unsubscribe link in every newsletter

Source of:
Direct survey by the newsletter registration form



5.2. Cookies

Our website uses cookies to provide an extensive range of functions,make the usage more comfortable and optimize our offers. Cookies are small text files generated by a web server and stored on your computer during the online visit by your web browser.

We use so-called ‚session cookies‘ which are automatically deleted after upon completion of your browser session.

Furthermore we use persistent cookies which are mostly used to provide permanently recurring settings to you as a website visitor. This enables us to modify our website individually in accordance to your preferences. Persistent cookies also enable us to analyze our visitor’s usage behavior though only within the scope of validity.

In addition to that, further cookies might be used in connection with the integration of specific services by the providers of those services (so-called ‘Third-Party cookies’).

If you do not want cookies to be used you can prevent the storage of cookies on your device with respective configurations of your internet browser. Please bear in mind that the functionality and the range and functions could be restricted by that. Furthermore we will only use specific cookies with your previous consent. Also you can make use of your right to object when it comes to specific cookies. Detailed information about type, scope, purposes, legal bases and options to object to the processing in the context of those cookies you can find in the following tables.

5.2.1. First Party Cookies

Name: Session Cookie

Data categories:
Date and time of interaction, device type, used operation system, if applicable

Purpose(s):
With the help of the Cookie can be detected that the user is logged in.

Legal basis:
Article 6 section 1 b), f) GDPR

Pursued legitimate interests:
See purposes

Recipients or categories of recipients:
Internal departments

Third country transfer: Adequacy decision (yes/no):
- -

Safeguards and access possibilities to those, if applicable:
- -

Cookie validity/storage period:
The Cookie remains stored until the user deletes it in the browser.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
--

Source of:
Direct survey when accessing the website

Name: Google Analytics

Data categories:
Online-tags (including Cookie identifiers), hardware identifiers, browser type /version, used operating system, referrer-URL (the previously visited website), time of the server request

Purpose(s):
Analysis of the  usage behavior for improvement of the service as well as marketing purposes

Legal basis:
Article 6 section 1 a) GDPR

Pursued legitimate interests:
--

Recipients or categories of recipients:
Google LLC

Third country transfer: Adequacy decision (yes/no):
USA; no

Safeguards and access possibilities to those, if applicable:
Privacy-Shield-Certification of the processor (further information: https://www.privacyshield.gov/list)

Cookie validity/storage period:
The Cookie remains stored until the user deletes it in the browser.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide

Withdraw of consent, if applicable:
By post to the address stated under number 1 or by email to datenschutz@evelop.me

Source of:
Direct survey when/after consent was granted

5.3. Services jointly controlled with Third-Parties

Regarding some processing activities, we and a third-party are acting together as joint controllers. On the one hand, this can be the case with regard to third party-services that we integrate on our website, or vice versa,in case we integrate our services into the service of a third-party, e.g. asocial media platform. Detailed information on categories, scope, purpose,legal basis and the exercise of your rights as a data subject in conjunction with these services can be found in the following explanations. Information regarding the data processing activities undertaken by the respective third-party can be found in that their party’s privacy policy. You can exercise your rights as a data subject either towards us or directly towards the third-party. The third-party may often be able to react faster to the processes he is responsible for, which is why we recommend direct contact with him.

5.3.1. Facebook Fanpage

We control functionalities of our Facebook Fanpage [https://www.facebook.com/ evelop.me/] jointly with Facebook Ireland Limited, 4 Grand Canal Square Dublin 2, Ireland and Facebook Inc., Facebook Headquarters, 471 Emerson St., Palo Alto, CA 94301-160,USA (contact the Data Protection Officer). This concerns only/mainly the Facebook-service “Page-Insights”, through which we are only provided with statistical data about the usage of our Fanpage by users/visitors like you. We have entered into a contract with Facebook Ireland Limited which covers the responsibilities regarding this jointly controlled service. You can access the main contents of the contract here.

The privacy policies of the other joint controllers responsible for the Facebook Fanpage, especially regarding the data processing in relation with the service “Page-Insights”, can be found under the links Data Policy (Facebook Ireland) and Data Policy(Facebook Inc.). For further information go to: 1. Controller, 2. Data protection officer, 3. Rights of the data subject.

Furthermore, we process personal data on our Facebook Fanpage as follows:

Functionality: Interactions by/with users

Data categories:
Date and time of the interaction, type of the device, used operation system, type and content of the interaction (e.g. likes, direct messages, comments), profile name and picture.

Purpose(s):
Interacting with users, improving of usability,receiving and processing inquiries, complaints or other feedback.

Legal basis:
Article 6 section 1 b) and f) GDPR.

Pursued legitimate interests:
See purposes

Recipients or categories of recipients:
Internal departments. Regarding the recipients of the joint controller, we refer to their data policy.

Third country transfer: Adequacy decision (yes/no):
We do not transfer your data to a third country. We point out, that the joint controller Facebook Inc. has its seat in a third country without an adequacy decision. Regarding the data transfer to a third country by our joint controller we refer to their data policy.

Safeguards and access possibilities to those, if applicable:
- -

Storage periods or criteria for their determination:
If there are no legal obligations: after termination of the user relationship, after complete answer of the direct message, after the removal of the commented article,if applicable deletion of illegal content. Regarding the retention by the joint controller we refer to their data policy.

Duty to provide personal data and possible consequences of failure to provide:
No duty to provide