With the following information, H2UB GmbH (hereinafter “we”, “us” or “our”) would like to give you an overview of the collection and processing of personal data when using our website and our social media page on LinkedIn. If we are referencing “GDPR” this means the European Union General Data Protection Regulation 2016/679 and if we are referencing “TDDDG” this means the German Telecommunications-Digital-Services-Data-Protection-Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz).
1. Who is the responsible controller and what are the contact details?
The following entity is responsible for any processing of personal data associated with this website and the respective LinkedIn Company Page:
H2UB GmbH
Jakob-Funke-Platz 2
45127 Essen (Germany)
E-Mail: info@h2ub.com
Telephone: +49 151 14358595
If you have any questions about this privacy policy or want to assert your privacy rights, feel free to reach out to info@h2ub.com at any time.
2. What do we process your data for and on what legal basis when using our website?
2.1 Server log files
If you use our website for information purposes only, i.e. if you do not transmit information to us in any other way, we collect data that your browser automatically transmits to our server. If you visit our website, we therefore collect the following data:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website the request is coming from
- Browser
- Operating system
- Language and version of the browser software.
For security reasons, this data is stored in server log files for a maximum of 14 days and is deleted automatically after expiration of this retention period. If data must be retained longer than 14 days for reasons of proof, it will not be deleted until the incident has been finally clarified.
The legal basis for the data processing described is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in processing the server log files to ensure the security of the website and to investigate cases of misuse. In particular, we may use such data to investigate and stop denial-of-service attacks on our website.
2.2 Cookies
Cookies are small text files that are stored on your device and assigned to the browser you are using and that allows web servers to record users’ browsing activities and remember their submissions, preferences, and login status as they navigate.
We usually do not use cookies on our website. If any, we only use cookies if this is absolutely necessary for us to provide a digital service on our website and these are usually so-called session cookies. These cookies store a session ID, with which various requests from your browser can be assigned to one joint session. Session cookies are deleted when you log out or close the browser. You may configure your browser to refuse accepting such kind of cookies but you may not be able to use all the functions of this website when doing so.
Legal basis for the processing activities associated with such cookies is Art. 6 para. 1 sentence 1 lit. f GDPR and § 25 para. 2 TDDG. We have a legitimate interest in the storage of the aforementioned cookies for the technically error-free and user-friendly design of the services. Some of the services listed below also use their own (third-party) cookies. The legal basis for these cookies follows the legal basis for the data processing described there.
2.3 Contact via e-mail or contact form
When you contact us by e-mail, contact form or LinkedIn, the data you provide (your e-mail address, your name, the content of your message, any other data shared by you) will be processed by us in order to answer your questions. We delete the data arising in this context when it is no longer necessary to answer your request, or restrict processing if there are statutory retention obligations.
To the extent your inquiry concerns an existing contract or the initiation of a contractual relationship between us, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. In case of any other inquiry, the legal basis is our legitimate interest in answering your inquiry in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
2.4 SendinBlue / Brevo
You have the option of subscribing to a newsletter on our website. We utilize the processor Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter “Sendinblue”) for sending newsletters. For this purpose, we usually only need an e-mail address and your first name.
In addition to sending the newsletter, we also measure its success, i.e. the newsletters contain a so-called web-beacon, a small pixel that is retrieved when the newsletter is opened. The information obtained with the help of the web beacon is used to determine your reading behavior based on your location and access time. Through this performance measurement, we also know whether you have opened the newsletter, when you opened the newsletter, which links were clicked and which e-mail provider, browser and e-mail client you use. This data is not evaluated individually, but only in aggregated form, i.e. we try to find out in general (and not specifically related to you) what reading habits and interests the newsletter subscribers have.
Please note that we are using the so-called double opt-in procedure when registering for our newsletter and that we log this registration for the newsletter in order to be able to prove the registration process in accordance with the legal requirements. This includes saving the time of registration and confirmation as well as the IP address.
To ensure being able to provide this proof even after you have unsubscribed from the newsletter, we will store your email address and the registration data for up to three years after you have unsubscribed. All other data will be deleted from our servers as well as from Sendinblue’s servers automatically after you unsubscribe.
Except for the registrations procedure, your personal data is processed based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time, for example via the “unsubscribe” link in each newsletter. The legal basis for the processing of personal data for the purpose of the registration process via double opt-in is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in defending against claims by data subjects and authorities.
You may find more information about Sendinblue’s processing at https://de.sendinblue.com/informationen-newsletter-empfaenger/.
2.5 Matomo analysis tool
We use the web analysis software Matomo. This service allows web analysis by creating statistical analysis and evaluating user behaviour based on pseudonymized user profiles. Such web analysis is used by us to evaluate the flow of visitors on our website and enables us to identify when our website and its content are used most frequently and which areas require further optimization.
No cookies are used for this purpose, i.e. we are using Matomo cookieless. Moreover, the IP address transmitted by you is shortened before it is saved so that the data generated cannot be used to identify you personally. We therefore do not know your actual identity by using Matomo, but only the information stored in the user profile.
We process the following types of data when using Matomo:
- User IP address (2 bytes)
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded
- Links to an outside domain that were clicked
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user)
- Location of the user: country, region, city, approximate latitude and longitude
- Main Language of the browser being used
- User Agent of the browser being used
Matomo is managed by and runs on servers of our digital agency Trendsformers Group GmbH, Grasstraße 13, 45356 Essen, who is acting as our processor. The data is not passed on to any other third parties.
The legal basis for this processing is our legitimate interest in the statistical analysis for optimization and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR.
If you do not agree to this processing, you can stop the Matomo web analysis by clicking on the following link:
This stores a cookie on your device that prevents further analysis. Please note that you must click the above link again if you delete the cookies stored on your device.
3. What applies to our Company Page on LinkedIn?
We have a Company Page on LinkedIn, which can be found here: https://www.linkedin.com/company/h2ub/. For this purpose, we use the services of the technical platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”).
In principle, LinkedIn is solely responsible for the processing of personal data when you use LinkedIn or visit our LinkedIn Company Page. Further information on the processing of personal data by LinkedIn can be found at https://de.linkedin.com/legal/privacy-policy.
LinkedIn does not transmit any personal data to us and your personal data will not be stored by us. When you access our LinkedIn Company Page, however, LinkedIn processes some data specifically in the context of our Company Page and makes this data available to us in an aggregated and anonymized form that is neither linked specifically to you nor stored by us outside of LinkedIn (hereinafter “Page Insights”).
Such Page Insights include
- the number of visitors and followers our Company Page has gained and the percent of change;
- a total breakdown of who’s currently following or visiting our Company Page, using demographics like location, seniority, job function, industry, company size data and employment status;
- how visitors and followers interact with our LinkedIn Company Page, e.g. how many people have seen our posts and have marked, shared or commented on them.
The processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We use this data to make our LinkedIn presence more attractive and interesting for you. For example, we can use knowledge of the number of interactions to tailor our activities on our LinkedIn Company Page even more to our target group. These purposes justify a legitimate interest in the processing required for this purpose. The legal basis for our processing is therefore Art. 6 para. 1 lit. f GDPR.
We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between LinkedIn and us. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. In such agreement, LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ) or reach LinkedIn via the contact details in LinkedIn’s Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details set forth under section 1 to exercise your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.
We do not transfer your data to countries outside the European Union. Please note, however, that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. According to LinkedIn’s information, LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.
4. What are the recipients of your data?
Within our company, only those departments that absolutely need your personal data to fulfill the above-mentioned purposes will have access to it. The aforementioned data may also be processed by processors who operate or maintain our website and systems. In addition, the data will be transmitted to the service providers expressly mentioned in section 2 and 3 above and we have a data processing agreement in place with such service providers to the extent they act as processors for us.
5. Is data transferred to countries outside the European Union?
Unless we expressly refer to a transfer of your data to countries outside the European Union in section 2 or 3, your personal data will not be transferred to countries outside the European Union.
6. What rights do you have?
- Right of access. You have the right to access the personal data that we process about you in order to check it and get an idea of how we use your data.
- Right to rectification, erasure, and restriction. Under certain circumstances, you have the right to request that we correct, restrict, or delete your personal data.
- Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to transmit it directly from us to third parties, insofar as this is technically feasible and provided that the personal data was provided by you and is processed based on your consent or because of a contract with you.
- Right to withdraw. You have the right to withdraw any consent you may have given. Please note that this withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6 para. 1 GDPR. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or where processing is required for the establishment, exercise or defence of legal claims.
- Right to lodge a complaint. If you are of the opinion that our data processing violates European data protection law, you may lodge a complaint with a supervisory authority. The competent authority for this is, for example, the supervisory authority of the federal state in which you are resident. A list of all state data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. You may also contact the state Data Protection Authority for North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen) that is responsible for us.
7. When do you delete my personal data?
Where possible, we have informed you of the specific retention period or the time of deletion in sections 2 and 3 above. In any other case, the storage period is determined by us according to the following criteria: We process and store your personal data for as long as this is necessary for the purposes for which it was collected. If the processing of your personal data is no longer necessary for us, in particular because our legitimate interests have been fulfilled, we will delete it, unless its further processing or archiving is required for legal reasons. These legal reasons include, for example, retention obligations under commercial and tax law (as further set forth in the German Commercial Code and the German Fiscal Code). The data retention periods specified in such laws are generally two to ten years.
8. Is there an obligation to provide personal data?
You are neither legally nor contractually obliged to provide us with personal data. Without this data, however, we may not be able to offer all the functionalities of the website in some cases.
9. Does automated decision-making or profiling take place?
We do not carry out any automated decisions or other profiling measures, unless expressly stated in section 2 or 3 above.
July 2024