We care about your privacy and don't use unnecessary or third-party cookies.
Privacy Policy

PRIVACY POLICY

1. Introduction

This Privacy Policy explains how your personal information is collected, used, processed and disclosed by Who Moves Operations GmbH (collectively, "Who Moves," "we," "our" or "us") when you access or use our website and our other products and services (collectively, the "Services") or otherwise interact with us.

This Privacy Policy may be revised by us from time to time. If we make changes, we will notify you by changing the date at the beginning of the policy accordingly. We may also provide you with additional policies, such as by adding a statement to our home page or by means of a notice about our services. We encourage you to review the Privacy Policy each time you access our Services or otherwise interact with us to stay informed about our information practices and the choices available to you.

2. Data Collection On This Website

2.1 Responsible for data collection

Who Moves Operations GmbH

Am Thyssenhaus 1-3

45128 Essen

Person authorized to represent the company: Deniz Ates

E-mail address: hello@whomoves.de

Phone: +49 176 82283220

2.2 Purposes and legal bases of processing and duration of storage

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

2.2.1 In general, the types of data we process include inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text input, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), and others. The categories of data subjects we collect include, among others, those of customers, employees, interested parties, and in particular job applicants and business and contractual partners. The main purposes of the processing are the provision of contractual services and customer service, contact requests and communications, office and organizational procedures, as well as the management and response to requests, the organization of application procedures and interviews, and in the context of the provision of all types of personnel services.

2.2.2 Relevant legal bases of the GDPR, on the basis of which we process your personal data, are mainly consent (Art. 6 para. 1 p. 1 lit. a) GDPR), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR), a legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR) or legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR**).**

Particularity in the recruiting process Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from customers and applicants within the scope of the service, so that the controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Art. 9 (2) letter b. GDPR, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. GDPR or for purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, according to Art. 9 para. 2 lit. h. GDPR. In the case of notification of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. GDPR. If you consent to data processing based on your consent, we process your personal data on the basis of Art. 6 (1) a GDPR or Art. 9 (2) a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR.

2.2.3 Storage of your data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also contain further information on the retention and deletion of data that has priority for the respective processing operations, such as job applications.

2.3 General notes

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR. These are explained separately below under "Your rights as a data subject". You can also read how to exercise these rights there. In addition to the data protection regulations of the GDPR, the BDSG contains, in particular, special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

2.4 Withdrawal of your consent

Many data processing operations are only possible with your express consent. You can withdrawal consent you have already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the revocation.

2.5 Security

We take appropriate organizational, technical and administrative measures to protect information within our company in accordance with legal requirements. Unfortunately, there is no guarantee that data transmission or storage systems are 100% secure. If you have reason to believe that the security of your account has been compromised, please notify us immediately at the address listed in the "Contact Us" section. To protect your data transmitted via our online service, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

3. Data Processing During General Use Of Our Platforms And Services

3.1 General access to our webpage

Each time our platforms are called up, we automatically collect data and information from the calling device and store this data and information in the server's log files.

Types of data processed: Usage data (e.g. browser types, web pages visited (referrers), interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); operating system and Internet service provider and other similar data and information that serve to avert danger in the event of attacks on our information technology systems. Data subjects: Customers and potential customers; applicants; interested parties; users (e.g. website visitors, users of online services); business and contractual partners. Purposes of processing: provision of our online offer and user-friendliness; provision of contractual services in recruiting and customer service; marketing. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

3.1.2 Contact form

When contacting us (in particular via the contact form on our homepage at https://whomoves.de/organizations#contact-form or also by e-mail, telephone or via social media) as well as in the context of existing user and business relationships, your information will be processed to the extent necessary to respond to the contact requests and any requested measures.

Types of data processed: contact data (e.g. e-mail, telephone numbers, company name); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); inventory data (e.g. names, addresses) and contract data (e.g. subject matter of contract, term, customer category). Data subjects: Customers and potential customers; applicants; interested parties; users (e.g. website visitors, users of online services); business and contractual partners. Purposes of processing: contact inquiries and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form); providing our online offer and user experience; providing contractual services in recruiting and customer service; marketing. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer requests via various messengers, such as Slack or Teams.

3.1.3 Video conferencing, online meetings, webinars and screen sharing

We use platforms and applications of other providers (hereinafter referred to as "communication platforms") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "conference"). When selecting the communication platforms and their services, we observe the legal requirements.

Google Meet: conferencing software; Service provider: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, Irland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://meet.google.com/; Privacy policy: https://cloud.google.com/privacy ; Security notices: https://support.google.com/a/answer/7582940; Standard contractual clauses (ensuring level of data protection for processing in third countries):https://cloud.google.com/terms/data-processing-addendum/

Microsoft Teams: messenger and conferencing software; service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https : //www.microsoft.com/de-de/microsoft-365; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Security notices: https://www.microsoft.com/de-de/trustcenter; Standard contractual clauses (ensuring level of data protection for processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

3.1.4 Online services and web hosting

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. We process this data in order to provide the user with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device. This data is not merged with other data sources.

We currently use hosting by Hetzner: services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany¸ Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz; Order processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Types of data processed: Usage data (e.g., web pages visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status); content data (e.g., entries in online forms). Data subjects: Users (e.g. website visitors, users of online services). Purposes of processing: provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); security measures; server monitoring and error detection. Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR);

We use the Bunny Content Delivery Network (CDN) service to store and provide data that is transmitted to us via a file upload.

Bunny CDN: Content Delivery Network Service provider: BunnyWay d.o.o. Dunajska c. 165, 1000 Ljubljana, Slovenia Website: https://bunny.net/ Privacy policy: https://bunny.net/privacy/ Processed data types: Usage data (e.g. websites visited, operating systems and browsers used); Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status) Data subjects: Users of the platform Purposes of processing: Optimization of loading times, Saving user data (e.g. CVs, profile photos) Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

3.1.5 Customer-Relationship-Management

We use a customer relationship management (CRM) system to maintain and track customer and user relationships. This records customer/user contacts and data that are transmitted through use of the platform or interaction with Who Moves employees.

We currently use the Salesforce Sales Cloud as CRM system. Service provider: SALESFORCE.COM Germany GmbH; Website: https://www.salesforce.com/; Privacy policy: https://www.salesforce.com/company/privacy/; Order processing agreement: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., input in online forms). Data subjects: Users (e.g. website visitors, users of online services), Customers. Purposes of processing: contact inquiries and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form); providing our online offer and user experience; providing contractual services in recruiting, mentoring, coaching and customer service; marketing. Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR)

3.1.6 Email and SMS sending services

We use third-party applications to send emails and SMS messages (hereinafter referred to as "email and SMS delivery services"). These are used for sending notifications and for automating marketing messages (newsletters). Furthermore, these services are used to ensure increased security of the user account through multi-factor authentication. When selecting email and SMS delivery services and their services, we observe the legal requirements.

Sendinblue: E-Mail Marketing Service; Service provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://de.sendinblue.com/; Privacy policy: https://de.sendinblue.com/legal/privacypolicy/, Security notices: https://de.sendinblue.com/sicherheit/.

Messagebird: Omnichannel-Automatisierungsplattform; Service provider: Messagebird B.V., Trompenburgstraat 2C1079 TX Amsterdam, Netherlands; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://messagebird.com/de/; Privacy policy: https://messagebird.com/de/legal/privacy; Standard contractual clauses (ensuring level of data protection for processing in third countries):https://messagebird.com/de/legal/dpa.

3.2 Data processing when using the Who Moves account

3.2.1 Registration, Login and Creation Who Moves Account

You can create a customer account and thereby conclude a contract for a Who Moves account. In the course of registration, you will be provided with the required mandatory data and processed for the purposes of providing the user account on the basis of contractual obligation fulfillment. The processed data includes in particular the login information (email address and password). Within the scope of the contract, you can create a talent profile via your Who Moves account in order to also receive coaching and mentoring services from us. Which personal data is transmitted to us in the process is determined by your respective uploads or your entries in the corresponding input fields. We will automatically analyze any uploaded documents according to structure and content in order to optimize our services for you. You can define the scope of the contractual use of this profile individually.

We store your profile until you delete it or the account contract ends. You can be informed about processes relevant to your customer account, such as technical changes, by e-mail.

Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., input in online forms); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status). Data subjects: Users (e.g., website visitors, users of online services), customers. Purposes of processing: providing contractual services and customer service; security measures; managing and responding to requests; providing our online offer and user experience. Legal bases for processing: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

For more details on the Who Moves account, please see our Terms of Use.

3.2.2 Recruiting and Coaching services

We process your data as a talent or your personal data as a potential employer or their employees within the scope of our services, which include in particular the search for potential talents, contacting them, placing them as well as coaching and mentoring.

We process the information and contact data provided by you as a talent for the purpose of establishing, implementing and, if necessary, terminating a contract for job placement as well as coaching and mentoring. In addition, we may ask you, as a prospective candidate, queries about the success of our placement services at a later date, in accordance with legal requirements. We process your data as a job candidate as well as an employer for the fulfillment of our contractual obligations, in order to be able to process the job placement requests submitted to us to the satisfaction of both parties involved. In doing so, we pseudonymize your data as a job candidate by removing the personal data and providing an ID as a reference. We may log the placement processes in order to be able to prove the existence of the contractual relationship and agreements of the interested parties in accordance with the legal accountability obligations (Art. 5 para. 2 GDPR). Your information will be stored for a period of three to four years in case we need to prove the original request (e.g., to prove authorization to contact job candidates);

Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., e-mail, telephone numbers); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, consent status); applicant data (e.g..e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates, as well as other information provided with regard to a specific position, coaching and mentoring or voluntarily by applicants regarding their person or qualifications). Data subjects: Customers and potential customers; talents/applicants; interested parties; users (e.g. website visitors, users of online services); business and contractual partners. Purposes of processing: contact inquiries and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form); providing our online offer and user experience; providing contractual services in recruiting, mentoring, coaching and customer service; marketing. Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

3.2.3 Relocation services As part of services relating to the relocation of talent, we process your data as a talent or your personal data as a potential employer or your employees.

We process the information and contact details provided by you as a talent for the purposes of establishing, implementing and, if applicable, terminating a relocation contract. In addition, we can ask you as an interested party questions about the success of our relocation service at a later date in accordance with legal requirements. We process your data as an interested party for relocation services and as an employer to fulfill our contractual obligations in order to be able to process the requests we receive for the relocation of employees to the satisfaction of both parties involved. We can log the processes of the relocation services in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with the legal accountability obligations (Art. 5 para. 2 GDPR). Your data will be stored for a period of three to four years if we need to prove the original request (e.g. to be able to prove the authorization to contact the job candidates);

For recruiting through social media platforms (mobile funnel), we use the following service provided to us: Perspective: Mobile Funnel Platform; Service provider: Perspective Software GmbH, Müggelstraße 22, 10247 Berlin; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.perspective.co/, Privacy policy: https://www.perspective.co/privacy-policy

Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Contract data (e.g. subject matter of the contract, duration, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); Prospect data (e.g. personal details, postal and contact addresses, the documents required for the relocation and the information contained therein, such as curriculum vitae, certificates and other personal or qualification information provided by the prospect with regard to the relocation service). Data subjects: Customers and potential customers; interested parties for relocation services; users (e.g. website visitors, users of online services); business and contractual partners. Purposes of Processing: Contact requests and communication; Managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability; Provision of contractual relocation services, mentoring and customer support; Marketing. Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

3.3 Data processing of companies or their employees

Our services for you as a company are aimed at offering entrepreneurs and companies the largest possible selection of suitable talent to successfully fill vacancies. In doing so, we process your personal data (data relating to entrepreneurs is only personal data if the entrepreneur is a natural person) or that of your company employees. The respective companies or entrepreneurs may have a contractual or pre-contractual relationship with us, but in individual cases we may also process data from companies and their employees if no such pre-contractual/contractual relationship exists.

3.3.1 Business services

We process your data as our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners.

We process your data in order to fulfill our contractual obligations in the context of the provision of personnel services. These include, in particular, the obligations to provide the agreed personnel services, any updating obligations and remedies in the event of service disruptions. In addition, we process the data for the purpose of safeguarding our rights and for the purpose of the administrative tasks associated with these obligations as well as the company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

We will inform you which data is required for the above-mentioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

In principle, we delete the data after the expiry of statutory warranty and comparable obligations, i.e., in principle after 4 years, unless the data must be retained for statutory archiving reasons. The statutory retention period for documents relevant under tax law and for commercial books, inventories, opening balances, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting records is ten years and for received commercial and business letters and reproductions of sent commercial and business letters six years. The period begins with the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, furthermore the recording was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

3.3.2 Recruiting services: see above under 3.3.2

3.3.3 Client Consulting : In addition, we process your data as our clients, customers, as well as interested parties and other clients or contractual partners (uniformly referred to as "Clients") in order to be able to provide them with our HR consulting services within the scope of individual recruitments as well as in the full-service package. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and customer relationship. If it is necessary for our contractual performance, for the protection of vital interests or required by law, or if we have the consent of the client, we disclose or transfer the client's data to third parties or agents, such as public authorities, subcontractors or in the field of IT, office or comparable services, in compliance with the requirements of professional law;

Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, telephone numbers); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, consent status); applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, as well as other information provided with regard to a specific position or voluntarily by applicants concerning their person or qualifications). Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).

4. Use Of Cookies And Similar Technologies

4.1 General notes

Our internet pages use so-called "cookies". Cookies are small text files, or other memory notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the content accessed or functions used of an online offer. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

Consent notices: We use cookies in accordance with the law. Therefore, we obtain prior consent from you as a user, except where this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is strictly necessary in order to provide the user with a telemedia service (i.e. our online offering) expressly requested by the user. The revocable consent is clearly communicated to the users and contains the information about the respective cookie use.

General information on withdrawal and objection: You can withdrawal the consents they have given at any time and also file an objection to processing in accordance with the legal requirements in Art. 21 GDPR. They can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

We currently only use cookies that are strictly necessary, as they are technically required. These are those that are exclusively required to collect some information on our platforms in order to provide a service requested or desired by you as a user.

Currently, we use Plausible Insights OÜ for tracking the number of visitors. Website: https://plausible.io/. Privacy policy: https://plausible.io/data-policy

Types of data processed: Usage data Data subjects: Users Purposes of processing: Provision of our online offer Legal basis for processing: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

4.2 Cookies and technologies that we use via third-party providers

4.2.1 Plugins and embedded functions and content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

Currently we use Mapbox: We use the map service of the provider Mapbox, Inc. and integrate the maps of the service "Mapbox". The processed data may include, in particular, IP addresses and location data of the users; Service provider: Mapbox Inc Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. Website: https://www.mapbox.com/ ; Privacy policy: https://www.mapbox.com/legal/privacy

Decisive legal bases of the GDPR, on the basis of which we process personal data, are essentially consent (Art. 6 para. 1 p. 1 lit. a) GDPR), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR) , a legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR) or legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR**).**

5. Sharing Of Information

5.1 Transfer of personal data to third parties

In the course of our processing of personal data, your personal data may be transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

5.2 Data processing in third countries

If we process your data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

6. Use By Minors

Who Moves is committed to complying with all applicable laws and regulations regarding the collection, storage and use of personal information from minors under the age of 16.

If you are a parent or guardian and would like to review the information we have collected from your child or have that information changed or deleted, you may contact us as described below. If we determine that a child has provided us with personal information in violation of applicable law, we will delete all personal information we have collected unless we are required by law to retain it and terminate the child's account.

7. Your Rights As Data Subject

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise any of these rights, you can log in to your customer account and edit certain account information or go to hello@whomoves.de to exercise your rights.

Right to withdrawal: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

Right of withdrawal for consents: You have the right to revoke any consent you have given at any time.

Right of access: You have the right to request confirmation as to whether data in question is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements.

Right to rectification: In accordance with the law, you have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified.

Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data relating to you be erased immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.

Right to data portability: You have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.

Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.

Supervisory authority responsible for us:

State Authority for Data Protection and Freedom of Information of North Rhine-Westphalia Kavalleriestr. 2-4 40213 Düsseldorf Telephone: 0211/38424-0 Fax: 0211/38424-999

https://www.ldi.nrw.de/

8. Contact Us

If you have any questions about the processing of your data or this Privacy Policy, please contact Who Moves by email at: hello@whomoves.de.

Because email communication is not always secure, we ask that you do not include credit card or other confidential information in your emails to us.