Privacy Policy

Last Update: 08/2023

We New Work SE as operator of onlyfy ((hereinafter referred to as “we,” “us,”, “onlyfy“) inform you about

Who is responsible for data processing?

New Work SE is responsible for data processing within the meaning of data protection law. Our contact details are: Am Strandkai 1, 20457 Hamburg, Germany
Email: datenschutzbeauftragter@new-work.se

Our data protection officer

Our data protection officer is Christian Schmidt, Strandkai 1, 20457 Hamburg, Germany,
Email: datenschutzbeauftragter@new-work.se

Website Encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser address bar. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

Your data protection rights

Right to withdraw:

You may withdraw your consent for the processing of your personal data at any time effective for the future. This shall not affect the lawfulness of processing that has taken place until your withdrawal.

Right of access:

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If this is the case, you shall have a right of access to this personal data as well as to further information, e.g. the purposes of the processing, the categories of personal data processed, the recipients, and the envisaged period for which the personal data will be stored and/or the criteria used to determine that period.

Right to rectification:

You have the right to obtain rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

Right to erasure:

You have the right to request that we delete personal data concerning you immediately if one of the following reasons applies: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; You revoke your consent on which the processing was based in accordance with Art. 6 Paragraph 1 Letter a or Art. 9 Paragraph 2 Letter a EU GDPR and there is no other legal basis for the processing; You object to the processing in accordance with Art. 21 (1) EU GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) EU GDPR; the personal data have been unlawfully processed; the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject. Upon your request, we are obliged to delete the relevant data immediately. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.

Right to restriction of processing:

You are entitled to request a restriction in the processing of your personal data if the accuracy of the personal data is disputed by you, for a period of time that enables the person responsible to verify the accuracy of the personal data. If the processing is unlawful and you refuse to delete the personal data and instead request that we restrict the use of the personal data, we will comply with the request. The processing is also restricted if we no longer need your personal data for processing purposes, but you need them to assert, exercise or defend your own legal claims, or you object to the processing in accordance with Art. 21 Para. 1 EU- DSGVO have filed as long as it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons. You will be informed by us before the restriction is lifted.

Right to data portability:

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another person in charge without hindrance from us, to whom the personal data was provided. The prerequisite is that a) the processing is based on consent pursuant to Art. 6 Para. 1 Letter a) EU GDPR or Art. 9 Para. 2 Letter a) EU GDPR or on a contract pursuant to Art. 6 Para. 1 Letter b) EU-DSGVO and b) the processing is carried out using automated procedures. When exercising the right

Cookies

Our website uses cookies, which are small text files stored on your hard drive, assigned to the browser used by you, and through which certain information flows to the site that sets the cookie.

Our website uses transient and persistent cookies:

Transient cookies are automatically erased when you close your browser. They include in particular session cookies. These store a session ID with which different requests from your browser can be assigned to the common session. This means that your computer can be recognised again when you return to our website. The session cookies are erased when you log out or close the browser.

Persistent cookies are automatically erased after a specified period of time which can differ depending on the cookie. The period of time that the individual cookies are stored can be found in the list below.

Our website uses first-party cookies and third-party cookies

In addition to the first-party cookies set by us, third-party cookies from other service providers are also used. We notify you of the use of third-party cookies and of the cooperation with external service providers that render services such as web tracking or reach measurement on our behalf further below in this Privacy Policy.

Within the scope of consent management (cookie banner), we give you the option of deciding whether cookies should be set as part of our offering in accordance with your specifications. You have the option of changing the decision made there at any time, and of providing or withdrawing your consent at a later date.

Your cookie History:

 

The legal basis for processing personal data using cookies as required for technical reasons is Article 6 (1) (f) GDPR. Otherwise, we base processing on Article 6 (1) (1) (a) GDPR (“Consent”).

As a user you have complete control over the use of cookies. You can disable or restrict the transmission of cookies by changing your browser settings. Cookies that have already been stored can be erased at any time.

Usage data and logfiles

When you use our website solely for informational purposes, i.e. if you do not register or otherwise provide us with information, our system automatically records data and information that your browser sends to our server (usage data):

The data is temporarily stored in our system’s log files. This data is not stored together with other personal data.

The legal basis for temporarily storing the data is Article 6 (1) (f) GDPR.

Temporary storage of data by the system is necessary in order for us to provide our website to you. The user’s IP address in particular must remain stored for the duration of the session for this purpose.

The data is stored in log files in order to ensure the functionality of the website. The data is also used to ensure that our information technology systems stay secure. These purposes also represent our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.

The data will be erased once it is no longer required to achieve the purpose for which it was collected. This is the case once the respective session has ended where data is collected for the purposes of providing the website. This is the case after 14 days at the latest where data is stored in log files.

The collection of data for provision of the website and storage of data in log files are mandatory for the purposes of operating the website. The visitor to the website therefore has no right to object in this case.

Overview of our cookies

Information for prospective customers and interested parties who send us data as part of a query

Contact forms

If you use our contact form to obtain advice from our e-recruiting specialists, we collect the data you enter there (first and last name, e-mail address, telephone number, company, any personal information from the optional message to us). Data that you send to us this way will be processed by us electronically in our system (see section “Data processing systems”) for the purposes of answering and processing your query. We invoke Article 6 (1) (b) GDPR as the legal basis for this (implementation of pre-contractual steps for product queries).

Via e-mail

If you communicate with us via e-mail, e.g. via office@prescreen.io, you transmit data such as your sender address, information contained in the content or your signature (e.g. your position and contact details), general data such as the time of dispatch, and specific data which you may send in an attachment (e.g. your CV in the case of applications). Data that you send to us this way will also be processed electronically in our system (see section “Data processing systems”) for the purposes of answering and processing your query. We provide this channel of communication to enable you to contact us quickly by electronic means. The legal basis in these cases is Article 6 (1) (f) GDPR. Our legitimate interest is to ensure an efficient and effective service.

Via telephone

If you speak with one of our employees by telephone, we record certain traffic and communication data, such as the telephone number used or the duration of the call. Our employees are also required to record the content of the conversation briefly in our system (see section “Data processing systems”). The legal basis in these cases is Article 6 (1) (f) GDPR. The purpose and our legitimate interest in this data processing is to provide a more efficient service (e.g. to forward information regarding your matter within the company and to be able to give you the best possible advice when you call us again).

Via post

If you contact us by post, we collect details on your sender address and the content of the document. The documents you send are also stored digitally in some cases for faster processing. We also invoke Article 6 (1) (f) GDPR as the legal basis for this.

Via personal contact, e.g. at trade fairs

You may also contact us at events, presentations, or trade fairs and leave your details with us there, e.g. in the form of a business card. We digitise the data collected this way by transferring it to our CRM system (see section “Data processing systems”). The associated content of the discussion may be logged in a report. We invoke Article 6 (1) (b) or Article 6 (1) (f) GDPR as the legal basis for this. Our legitimate interest is in being able to give you the best possible advice in any subsequent discussions.

Contact for the purposes of downloading whitepapers, case studies, and webinars

You must register with us before you can receive free downloads via e-mail. We collect the data you enter there (first and last name, e-mail address, telephone number, company, any personal information from the optional message to us). Data that you send to us this way will be processed by us electronically in our system (see section “Data processing systems”) for the purposes of processing your query. We use this data to send you the requested download via e-mail. In return for this free service, we may contact you via e-mail or telephone to provide you with information about our products and services. We invoke Article 6 (1) (b) GDPR as the legal basis for this.

Review and enhancement of data

In order to be able to answer queries in the best possible way and to verify and update our database, we may supplement personal data through research and enhancements (e.g. by adding a salutation to a letter or allocating a position or department). We will only use publicly accessible sources as our sources for this. The legal basis for this data processing is Article 6 (1) (f) GDPR.

Duration of the storage

We will store your data for as long as required to process a request. This does not apply to data that we are not yet allowed to erase due to our statutory obligations (e.g. documents that must be kept in accordance with tax or commercial law), and data that is required to safeguard legitimate interests, e.g. to assert claims.

Our newsletter

Our website gives you the option of subscribing to our newsletter, which provides regular updates on news from the Prescreen HR magazine, events, and information regarding Prescreen’s services and products.

We use the double-opt-in process for registrations to our newsletter. This means that once you have registered, we will send an e-mail to the e-mail address you provide in which we ask you to confirm that you wish to receive the newsletter. If the e-mail address is not confirmed within one week, it will be automatically erased. We also store your IP address and the times of the registration and confirmation. The purpose of this procedure is to ensure that there is evidence of your registration, and to resolve any potential misuse of your personal data.

The legal basis is Article 6 (1) (1) (f) GDPR to the extent that we store data in order to ensure that there is evidence of your registration, and to resolve any potential misuse of your personal data. We store your e-mail address with your consent. The legal basis is Article 6 (1) (1) (a) GDPR.

You may withdraw your consent to receive the newsletter and cancel the newsletter at any time. You can exercise your right to withdraw by clicking on the link provided in each newsletter e-mail, by sending an e-mail to datenschutz@onlyfy.com, or by sending a message to the contact details provided in the Legal Notice.

Information for customers and other business partners

In the case of customers and other business partners, we process personal data primarily for the initiation, establishment, and processing of contractual and pre-contractual relationships.

We collect the following information in particular for this:

Data processing is necessary in accordance with Article 6 (1) (b) GDPR for steps prior to entering into a contract, proper implementation of the contractual relationship, reciprocal fulfilment of the obligations from the contractual relationship, and to terminate the contractual relationship.

If necessary, we may process your data beyond the actual fulfilment of the contract in order to safeguard legitimate interests, e.g. for the assertion of legal claims and as a defence in legal disputes. The legal basis in these cases is Article 6 (1) (f) GDPR.

In addition, we process personal data for the purposes of fulfilling statutory retention obligations (e.g. under commercial and tax law) in accordance with Article 6 (1) (c) GDPR.

We also process the data stated above in order to carry out customer surveys, marketing campaigns, market analyses, competitions, or similar campaigns and events. The legal basis in these cases is Article 6 (1) (f) GDPR. You have the right to object to processing (in particular to the sending of direct marketing).

Your personal data will be erased provided that this is no longer required to fulfil the purpose of the storage, and no legal retention obligations or the assertion of legal claims prevent it from being erased.

Data processing systems / service providers used

We commission service providers for the following services: contract management, newsletter distribution, customer feedback/satisfaction surveys, webinar and web meeting hosting, support request processing, ticket system, e-mail system, ERP software, CRM system.

If we provide data to service providers, e.g. for processing, they may only use said data to carry out their duties. We meticulously screen and select service providers who are contractually bound to follow our instructions and have suitable technical and organisational measures in place to protect the rights of data subjects. The legal basis for this processing of personal data are Article 6 (1) a) (separate consent) of the EU GDPR, Article 6 (1) b) (processing necessary for the performance of a contract) of the EU GDPR, Article 6 (1) f) (processing based on the weighing of interests) of the EU GDPR, and Article 6 (1) c) (processing necessary for compliance with a legal obligation) of the EU GDPR.

Our legitimate interest is to receive efficient support from these service providers while reducing the level of in-house resources needed to provide data processing systems.

Third countries

Data is transferred to third countries, but only in compliance with the legally regulated conditions of admissibility.

If the transfer of data to a third country is not for the performance of our contract with you, if we do not have your consent, if the transfer is not necessary for the establishment, exercise or defence of legal claims, and if no other exemption applies, we will only transfer your data to a third country if an adequacy decision pursuant to Article 45 EU GDPR or if appropriate safeguards pursuant to Article 46 EU GDPR are available.

As a rule, we provide appropriate safeguards in accordance with Article 46 EU GDPR as well as an adequate level of data protection.
Copies of the EU standard data protection clauses are available on the European Commission website.

Automated decision making including profiling

A decision-making based solely on automated processing – including profiling – does not take place.