Privacy Policy

Overview

The protection of personal data and the responsible handling of information are important and special concerns for us.

We process personal data only in accordance with legal requirements, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

This privacy policy contains information about how we process personal data in case you visit our website (see section 2), apply as a Tech Candidate (see section 3), or apply for a job with us (see section 4).

This privacy policy also contains information on recipients of your personal data within (see Section 5) and outside the EEA (see section 6), deletion of your personal data and retention periods (see section 7), your rights as a data subject (see section 8), and automated decision making (see section 9).

1. Controller and Data Protection Officer

Controller pursuant to Art. 4 No. 7 GDPR: Futurepath GmbH, Lützowufer 6-9, 10785 Berlin, mail@futurepath.io.

Data Protection Officer: Dr. Sebastian Heep, PLANIT // LEGAL, Jungfernstieg 1, 20095 Hamburg, mail@planit.legal.

2. Website Visit

When you visit our website (www.futurepath.io), we process personal data to enable your use (Usage Data) to the extent described in section 2.1. In addition, personal data may be processed for web tracking and other purposes as described under section 2.2, and for our contact form, as described under section 2.3. Please find below information on the legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.

2.1 Data Processing to Enable the Use of the Website

Usage Data includes your IP address and information on start, end, your use of the website and identification data (e.g. your login data when you log into a secure area). It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process this data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

2.2 Cookies and Web Tracking

When you visit our website, information in the form of cookies may be stored on your device. A cookie is a small text file that is sent from a web server to your browser and stored on your device. When you revisit our website, cookie data are transmitted to our web server again. We may them, for example, in order to recognise you again and take your individual settings into account when displaying the website. Cookies can be categorised as first party cookies (deployed by us) and third-party cookies (deployed by third parties). We further categorise cookies as follows:

Type:

Description:

Category 1: technically necessary cookies
These cookies are technically necessary to provide the website functionality. We may not provide the website without deploying such cookies.
Category 2: functional cookies
These cookies serve to create the most pleasant surfing experience possible on our website, with a maximum of individual usage conformity (e.g. enabling a login across sessions, a high surfing speed through search suggestions or the storage of individual page settings such as language or text size, etc.).
Category 3: performance cookies
These cookies serve to continuously optimise our website and lead to a continuously improved surfing experience (e.g. by evaluating the use of website functions offered, reporting display errors, etc.). They track information how our website is used.
Category 4: Targeting and social network cookies
Some of these cookies allow you to connect to your social networks and share content. Others helps to better individualise advertising by adapting to your interests.
Category 2 to 4 cookies may be deployed to process your activities on our website and is processed in pseudonymous usage profiles (web analysis). We only use this information for the aforementioned purposes (functionality and optimisation of the website, interest based advertising) and for statistical analysis. In addition to cookie based web tracking, there is non-cookie based web tracking using other means such as your individual device settings to recognize you when revisiting our website.

Legal basis for deploying technically necessary cookies (category 1) is our legitimate interest in providing our website under Art. 6(1)(f) GDPR. Legal basis for deploying category 2 to 4 cookies and web tracking is your consent under Art. 6(1)(a) GDPR. When you first visit our website or, if necessary, again at a later point, we will display a respective banner and (i) inform you about the use of category 2 to 4 cookies and web tracking and (ii) ask for your consent, if we use cookies of category 2 to 4. If you click on “Allow Cookies”, you express your consent. You are not obliged to give consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. You can send the revocation to one of the addresses mentioned in section 1 (e.g. by e-mail or by post). You can restrict your consent to cookies deployment in whole or in part by configuring your browser settings and deactivating cookies in whole or in part. In addition, you can install a browser plugin. Plugins offer the possibility to prevent web analyses - e.g. AdBlock, Ghostery, NoScript or uBlock Origin (please refer to the data protection information of the respective plugin provider).

In addition, some web providers are members of industry associations whose websites allow to centrally prevent the use of web tracking. Please find below reference to the websites of these associations for expressing your choices in regard to web tracking and processing data in pseudonymous profiles.

- “European Interactive Digital Advertising Alliance“ (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
- “Digital Advertising Alliance“ (DAA): www.aboutads.info/choices/
- “Network Advertising Initiative“ (NAI): http://optout.networkadvertising.org/?c=1

In case you do not consent to cookies deployment or delete cookies from your device, this may affect your ability to use the website or individual functionalities.

Cookies

Category

Controller

Purpose

Retention Period

lang
lidc
UserMatch
History
Functionality, targeting and social networks
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland;
Language settings, web analysis, interest-based advertising
Up to 30 days
MUID
MUIDB
Targeting and social networks
Bing Ads: Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, USA)
Web analysis, interest-based advertising
Up to 12 months
_fbp
_fr
_tr
Targeting and social networks
Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, USA
Web analysis, interest-based advertising
3 months
_ga
_gat
_gcl_au
_gid
1p_JAR
CONSENT
Performance
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis
Up to 24 months
DSID
DIE
AID
ANID
APISID
SAPISID
NID
HSID
SID
SIDCC
SSID
Targeting and social networks
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis, interest-based advertising
Up to 24 months
intercom-id
gtmid
Functionality
Intercom, Inc., a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Anonymous user identification
10 months
Please refer to the below table for information in regard to web tracking services used on our website and the associated providers. In addition, there are links to the privacy policy of the provider and an explanation on how you can prevent web tracking. Typically, in such cases, an “anti-tracking cookie” is stored on your device preventing the collection of usage data from your device by the respective provider. Please note: in case you delete cookies from your device, you may have to set the "anti-tracking cookie" again.

Tool/Provider

Purpose

Link to privacy policy/prevention of processing

Bing Ads: Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, USA)
Web analysis, interest-based advertising
https://privacy.microsoft.com/en-us/privacystatement/Prevention of processing: Via anti tracking cookie (see anti tracking website) or via EDAA website
Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, USA
Web analysis, interest-based advertising
https://www.facebook.com/privacy/explanation Weitere Informationen zum DatenschutzPrevention of processing: Via anti tracking cookie (see privacy policy)
Google Analytics: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis, interest-based advertising
https://www.google.de/intl/de/policies/Prevention of processing: Via anti browser plugin (see add-on) and further information under section 2.3
Google Double-Click, Google AdWords Conversion, Google Dynamic Remarketing: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Web analysis, interest-based advertising
https://www.google.de/intl/de/policies/Prevention of processing: Via anti advertising manager by Google and further information under section 2.
Hotjar: Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta
Web analysis
https://www.hotjar.com/legal/policies/privacyPrevention of processing: Via anti tracking cookie (see https://www.hotjar.com/opt-out)

2.3 Contact Form

We process your personal data when you use our contact form. If you contact us via the contact form provided, your details will be processed in order to respond to your enquiry. Legal basis is either the performing of a contractual obligation or our legitimate interest in providing a contact form (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR).

You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal information, we may not be able to process your request. Otherwise there will be no consequences for you. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

3 Application as a Tech Candidate

If you apply as a Tech Candidate, we process the necessary data to carry out the application process. The legal basis for this is § 26 German Federal Data Protection Code (Bundesdatenschutzgesetz – BDSG) (employed workers and applicants for employment) or Art. 6 (1)(b) GDPR (Freelancers). The easiest way to apply is through our website (Contact Form). This requires your full name, email address, professional field and your CV. You may also provide your website or social media profiles to make further information available to us.

After reviewing the documents and information provided by you, we will get in touch and inform you about the further process. If you are a suitable candidate for one of the advertised open roles, we will invite you to further interviews and testing. For this purpose, we will forward your data to the extent necessary to our testing partner expertlead | Lindentor 196 VV GmbH, as well as freelancers from its network, which will perform such technical interviews or tests. Their employees and community freelancers are obligated to adhere to data protection laws by way of data protection agreements pursuant to Art. 28 GDPR.

Usually, we will offer you to participate in a video interview via Google Hangouts (a service by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or Zoom (a service by Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA95113, USA). Please note the privacy policies of these providers. We note that both providers are located outside in the USA and that local data protection standards are not entirely equal to those within the EU. However, in order to guarantee an adequate level of data protection, we have entered into the standard contractual clauses of the EU Commission on the transfer of personal data to third countries with Google and Zoom.

If upon successful completion of the application process we offer you to get to know the hiring managers of the open advertised roles, we will process the necessary data required from you for this purpose. We will store the application files with your documents. Should your application not be successful, we will delete the data received from you within six months; however, we may merely store your name and date of birth for up to two years, in order to recognize repeated applications.

4 Job Applications

When you apply for a job with us directly, we will process the data received from you for the purposes of establishing contact and reviewing your suitability for the position you apply for. The legal basis for this is § 26 BDSG.

If we make you an offer to join us, we will process the necessary data required from you for this purpose. We will store the application files with your documents. Should your application not be successful, we will delete the data received from you within six months. However, we may store your name and date of birth for up to two years, in order to recognize repeated applications.‍

With your consent, we offer you to include you into our applicant pool. This may be helpful in case we do not have a suitable position at the time of your application. In such case, we will contact you once we do have a suitable vacant position. We will store your data for a maximum period of 12 months for this purpose. You may withdraw your consent at any time with effect for the future by writing to “mail@futurepath.io”. In this case we will delete your application from the pool.

Applicant data is also being processed by the provider Personio (Personio GmbH, Rundfunkplatz 4, 80335 München) based on our instructions. For scheduling, we use the service Calendly (Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA) or Google Calendar (a service by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Additionally, applicant data is being processed by the provider Greenhouse Software Inc. (18West 18th Street, 11th Floor New York, NY 10011, USA) based on our instructions. The aforementioned providers are adequately obligated under data protection agreements pursuant to Art. 28 GDPR. Calendly and Google are located in the US; in order to guarantee an adequate level of data protection, we have entered into the EU standard contractual clauses with Calendly, Greenhouse Software- and Google LLC.

Usually, we will offer you to participate in a video interview via Google Hangouts (a service by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or Zoom (a service by Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA95113, USA). Please see section 6 regarding these providers’ transfer to recipients of personal data outside the EEA.

5  Transfer to Recipients of Personal Data in States within the European Economic Area (EEA)

We will transfer personal data to third parties only where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR. In particular, we transferred personal data to the following categories of service providers:

- Providers of accounting, financial institutions, tax and legal advice;
- IT service providers- Providers for data destruction and facility services;
- Providers for application management (see above sections 3 and 4).

In other cases, we transfer personal data to other recipients only if there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.

6 Transfer to Recipients of Personal Data in States outside the European Economic Area (EEA)

If necessary, for our purposes, we may also transfer your data to recipients outside the EEA. This is in particular the case if we have to transfer this data to recipients in third countries for the purposes of contract performance or due to legal obligations.

We only transfer further data to third countries where the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer. To ensure an adequate level of protection for the recipient of data, we in particular use the standard contractual clauses of the EU Commission on the transfer of personal data to third countries, unless an adequacy decision within the meaning of Art. 45(1) GDPR has been taken by the EU Commission. We may transfer your data to the following third countries: USA, states in which interviewers pursuant to section 3 perform their services. We may transfer your data to the following categories of service providers:

- IT services and hosting providers (in particular, Webflow, Inc., 398 11th St., Floor 2, SanFrancisco, CA 94103, United States of America)
- Web analysis
- Services in connection with job/network applications

7 Deletion

We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for Futurepath to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.

For the deletion of data from applications see sections 3 and 4, respectively.

8 Your Rights

As a data subject of the data processing, provided the statutory preconditions are met you have the right to confirmation as to whether personal data relating to you are processed by Futurepath and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).

In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions or complaints about data protection at Futurepath, we recommend that you first contact our data protection officer (see contact details under section 1).

9 No automated individual Decision-Making

We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.

10 Amendment of the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website.

October 2021

Futurepath GmbH