Data Protection
Avantgarde Labs
Data Protection Declaration
In the following data protection information, we, Avantgarde Labs GmbH, Theresienstrasse 9, 01097 Dresden, as the controller in accordance with the General Data Protection Regulation (GDPR), explain which personal data (e.g. name, address, email addresses, user behaviour or IP address) we process when you visit our website. Please be aware that by default all data transfers in relation to our website take place via an encrypted connection.
We reserve the right to update our data protection information from time to time so that it always complies with the current legal requirements, or in order to reflect changes to our services. We therefore recommend that you read this data protection information regularly in order to remain up to date on how we protect the personal data we process.
(1) Logging visits to the site
Each time you visit our website, for technical reasons your browser automatically sends the data listed below to our web server. We store these data solely for statistical and technical purposes, for example in order to evaluate the frequency of site visits or to identify disruptions in operation of the server. The legal basis for processing these personal data is the legitimate interests of the controller, in accordance with Article 6(1)(f) GDPR. The listed data collected for these purposes are erased after 7 days.
The following data are recorded and evaluated:
- Request (name of the requested file)
- Browser type and browser version
- Operating system used
- Referrer URL, i.e. the website from which you accessed our website
- IP address
- Data and time of your visit
- The pages within our website that you visited
- Any content entered in forms
(2) Contacting us
When you contact us by email or via a contact form, we store the data you send us (your email address, and your name and phone number if necessary) in order to respond to your query. We will erase the data collected from this process once it is no longer necessary to store them, or we will restrict their processing if legal retention obligations apply.
People under the age of 18 should not send us any personal data without the consent of their parents or legal guardians. We will not request any personal data from children or young people, we will not collect these data, and we will not send these data to third parties.
In general, we use the personal data you provide to us in order to respond to your queries, to process your orders or to give you access to specific information or offers (Article 6(1)(b) GDPR). In order to maintain customer relationships, it may also be necessary for us to use these personal data to inform you of product offers which are useful for your business activities, or in order to better meet the specifications and requirements of our customers (Article 6(1)(f) GDPR).
Only those bodies or staff at Avantgarde Labs who require these data to fulfil our contractual, legal and supervisory obligations and legitimate interests will have access to these data.
If you do not wish to send us your personal data in order to support our customer relationship (in particular for email marketing), we will of course respect this. We will not sell your personal data to third parties or market them to anyone else.
We will only collect, process and use the personal data you provide us via the website for the stated purposes. Your personal data will not be passed on to third parties without your consent.
Logging email correspondence
To ensure appropriate levels of data and system security, and to identify malware, we store log data of email correspondence. When you send an email to one of our addresses, we log the following data: email and IP address of the recipient and the sender, number of recipients, subject, date and time the email was received on the server, file name of any attachments, size of message, risk classification for spam and delivery status. Initially, emails are only checked with an automated system. Only if we suspect a risk to the security of our IT systems will individual emails be checked manually by responsible staff. The processing activities stated here are carried out on the basis of a legitimate interest in the above processing purposes in accordance with Article 6(1)(f) GDPR in conjunction with Recital 49 for the GDPR. The logged data are erased after 30 days.
(3) Use of cookies
Our website uses cookies. These are small text files which are stored on your device with the help of the browser. They do not cause any damage.
Cookies allow us to optimize the information and services provided on our website for the benefit of users. They also allow us to recognize users of this website when they return so that it is easier for them to use our website.
If this is not what you want, you can configure your browser to alert you to the use of cookies so that you can enable them only in individual cases.
Disabling cookies may restrict the functionality of our website.
We use cookies on our website in connection with the following services:
- Google Analytics
- Borlabs
Web analysis with Google Analytics, Google Ireland Limited
On the basis of your consent in accordance with Article 6(1)(a) GDPR, and with regard to the use of cookies in accordance with Section 25 Para 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 4 No. 11 and Article 7 GDPR, we use the Google Tag Manager to enable Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”). For this purpose, we have concluded a contract with Google for data processing in accordance with Article 28 GDPR. Suitable guarantees to protect data subjects in accordance with Article 46(1) GDPR are also in place in the event that data are sent to the parent company Google LLC – based in the USA – in the form of agreed standard data protection clauses in accordance with Article 46(2)(c) GDPR. Your declaration of consent expressly includes the possibility that data will be sent around the world and processed by other Google LLC group companies. In this regard, we wish to make explicit reference to the risks this may entail, such as the additional difficulty of enforcing your data protection rights as a data subject.
The cookies used by Google Analytics allow usage data (e.g. websites visited, times of visits) and communications data (e.g. IP addresses, device data) to be processed on our behalf.
The Google Tag Manager serves the sole purpose of managing and running the tools (here: Google Analytics) it contains. IP addresses are processed in this context.
IP anonymization
We have enabled IP anonymization on this website. This function means Google will shorten your IP address within Member States of the European Union or in other States party to the Agreement on the European Economic Area before it is sent to the USA. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA before being shortened there. Google will use this information on behalf of the website operator to evaluate your use of the website, to compile reports on website activity, and to provide additional services related to website and internet usage for the website operator.
All personal data which are processed will be erased or fully anonymized after 14 months. For more information about how Google uses data and your options for configuring and objecting to data processing, see the Google Privacy Policy and the Google settings for displaying ads.
Browser plug-in
You can prevent cookies from being stored on your device by choosing the appropriate setting in your browser software; however, please be aware that doing so may restrict the functionality of this website. You can also prevent data generated by the cookie relating to your use of the website (including your IP address) from being collected, sent to and processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?
On the basis of Section 25 Para 2 TTDSG, we only use technically necessary cookies. This technical necessity consists of provision of the website (Borlabs cookie, 30 days, consent management) in compliance with privacy regulations, ensuring user-friendliness (Borlabs cookie, 30 days), and unrestricted technical functionality of the website (Borlabs cookie, 30 days).
(4) Personio, Personio GmbH – Recruiting
In order to provide our job descriptions and to initiate the application process, and on the basis of your consent in accordance with Article 6(1)(a) GDPR and with regard to the use of cookies in accordance with Section 25 Para 1 TTDSG in conjunction with Article 4 No. 11 and Article 7 GDPR, we have embedded a recruiting tool from our service provider Personio GmbH on our website. To provide these services, we have concluded a contract with Personio GmbH for data processing in accordance with Article 28 GDPR.
The recruiting tool is provided via the Personio servers. To ensure the recruiting tool is displayed correctly, Personio uses Google Fonts for the purpose of embedding external fonts. As a result, personal data (e.g. IP addresses) are sent to servers run by Google Ireland Limited and by Google LLC, based in the USA. Your declaration of consent expressly includes the possibility that data will be sent around the world and processed by other Google LLC group companies. In this regard, we wish to make explicit reference to the risks this may entail, such as the additional difficulty of enforcing your data protection rights as a data subject. For more information about how Google processes data, please see the Google Privacy Policy.
Each time this recruiting site is accessed, server logs are automatically recorded on the basis of the legitimate interest in accordance with Article 6(1)(f) GDPR, where Personio GmbH’s legitimate interest is to ensure user-friendliness. Generally, data such as the website domain name, the web browser and web browser version, the operating system, the IP address and the time stamp of access to the software are collected. These access logs are stored for up to 7 days.
Your data are stored at Avantgarde Labs GmbH in accordance with Section 26 Para 1 of the German Federal Data Protection Act. In order to process your application, we require the information indicated as mandatory with the red star. We will store your data until we have made a decision on who to appoint for the advertised job, but for no longer than 6 months. If we wish to store the data for longer, we will seek to obtain new consent from you.
Collection of applicant data
We collect the following mandatory data via our recruiting tool when we advertise a job: name, email address, phone number, availability, CV (document to be uploaded). Optional information, such as expected salary and other documents to be uploaded, can also be provided.
If Avantgarde Labs GmbH enters into an employment contract with an applicant, the data they have provided are stored for the purpose of managing the employment relationship in compliance with the legal regulations. If we do not enter into an employment contract with an applicant, the application documents will be erased 6 months after informing them of our decision, unless they have given us their consent in accordance with Article 6(1)(a) GDPR to retain evidence for 2 years. You can withdraw your consent at any time without giving a reason via the contact details indicated above. Click here for more information about how we process data in the application process.
(5) HubSpot
Our website uses the HubSpot service provided by HubSpot, Inc., based in the USA. The contractual partner for our company is HubSpot Germany GmbH, based in Berlin, and the personal data are primarily processed in a data centre in Germany.
HubSpot is an integrated software solution which we use to cover various aspects of our online marketing, including contact management (e.g. user segmentation and CRM), landing pages, email marketing and contact forms.
Our contact service allows users of our website to contact us in relation to queries by providing their contact details. These data, as well as the content of our website, are stored on our software partner HubSpot’s servers.
All data we collect are subject to these data protection regulations. We use all the data we collect solely for the purpose of optimizing our marketing activities.
More information about HubSpot’s Privacy Policy »
In the course of optimizing our marketing activities, HubSpot allows us to collect and process the following data:
– Geographical position
– Browser type
– Navigation information
– Referrer URL
– Performance data
– Data on how often the application is used
– Mobile app data
– Login data for the HubSpot subscription service
– Files shown on site
– Domain names
– Pages viewed
– Aggregated usage
– Operating system version
– Internet service provider
– IP address
– Device identification
– Duration of visit
– Where the application was downloaded from
– Operating system
– Events which occur during usage
– Access times
– Clickstream data
– Device model and version
The legal basis for the data processing is your consent in accordance with Article 6(1)(a) GDPR and with regard to the use of cookies in accordance with Section 25 Para 1 TTDSG in conjunction with Article 4 No. 11 and Article 7 GDPR. If you do not wish HubSpot to collect and process the above data, you can refuse consent or withdraw your consent at any time with effect for the future. The personal data will be stored for as long as required in order to fulfil the purpose of processing. The data will be erased as soon as they are no longer required for this purpose.
For processing personal data as described above, we have concluded a contract with HubSpot for data processing in accordance with Article 28 GDPR. Suitable guarantees to protect data subjects in accordance with Article 46(1) GDPR are also in place in the event that data are sent to third countries as defined by data privacy laws in the form of agreed standard data protection clauses and following a data transfer impact assessment in accordance with Article 46(2)(c) GDPR. Your declaration of consent expressly covers the possibility that data will be sent around the world and processed by other HubSpot group companies and subcontractors. In this regard, we wish to make explicit reference to the risks this may entail, such as the additional difficulty of enforcing your data protection rights as a data subject.
For more information about how HubSpot processes data, please see the company’s Privacy Policy.
(6) Use of service providers to provide our website
To provide our website, we use service providers which may process personal data on behalf of Avantgarde Labs GmbH or which may have access to personal data. We have concluded data processing contracts in accordance with Article 28 GDPR with all of these service providers. In addition to the service providers mentioned above, this refers to Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, www.hetzner.com (hosting).
(7) Your rights as a data subject and contacting the Data Protection Officer
Data subjects have the right to request access to their personal data at any time, if necessary to request rectification, erasure or restriction of processing of these data, and to object to data processing. They also have a right to data portability for their benefit. In addition, if data are processed on the basis of a data subject’s consent, the data subject can withdraw their consent with effect for the future at any time. To exercise your rights, contact our Data Protection Officer, the Dresden Institute for Data Protection, at datenschutz@avantgarde-labs.de (visit www.dids.de for more contact details). In accordance with Article 77 GDPR, you also have a right to lodge a complaint with a supervisory authority if you suspect that your personal data have been processed in a way which infringes data protection regulations.
