Avenga Germany GmbH
50667 Cologne, Germany
+49 (0) 221 84 630 0
Fax: +49 (0) 221 84 630 165
Thorsten May (CEO)
(hereinafter referred to as »Avenga Germany«)
Data Protection Officer (DPO):
1. Information on data processing, legal bases and terminology
1.2. The terms used, such as ‘personal data’ or their ‘processing’, refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of the users processed in the context of this online offer includes usage data (the visited websites of our online offer, access times), communication data (device IDs, IP addresses, location data, browser type and version, operating system used, website, from You visit us), content data (entries in the contact form) as well as applicant data (name, contact details, subject areas, application documents).
1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, prospects, applicants and other visitors to our online offer. The terms used, such as “users” are to be understood gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if we have a legal permit. That is, especially if the data processing for the provision of our contractual services (eg processing of orders) as well as online services is required or required by law, the consent of the user exists, as well as our legitimate interests (ie interest in the analysis, optimisation and economic Operation and security of our online offer within the meaning of Art. 6 (1) lit. GDPR, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of the services of third-party providers).
1.6. Please note that the legal basis for the consent is Art. 6 para. 1 lit. a. and Art. 7 GDPR. The legal basis for processing for the purpose of fulfilling our services and implementing contractual measures is Art. 6 para. 1 lit. b. GDPR. The legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c. GDPR and the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f. GDPR.
2. Safety measures
2.1. We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
2.2 .The security measures include in particular the encrypted transmission of data between your browser and our server.
3. Disclosure of data to third parties and third parties
3.1. A transfer of data to third parties is only within the scope of legal requirements. We only pass on the data of the users to third parties if, for example, on the basis of Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f. GDPR for efficient and effective operation of our business operations.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with applicable law.
3.4. Avenga is a group of companies, see: https://www.avenga.com/about/about-us/. Within this cooperation, marketing activities can be carried out by one partner for the entire group. For this purpose, data may be processed outside the EU, e.g. in Ukraine or the USA. Contracts were signed between the partners for processing personal data in compliance with EU security guidelines.
4. Collection of access data and log files
4.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which our website is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address (anonymised) and the requesting provider.
4.2. Log File information is stored for security reasons (eg to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted. Data whose further retention is required for evidential purposes are excluded from the erasure until the final clarification of the incident.
4.3. For the hosting of our website we use a service provided by Avenga Germany GmbH, Bahnhofsvorplatz 1, 50667 Cologne. As part of the hosting, the IP address of the user (anonymous) in the form of log files to the Avenga Germany GmbH transferred, where it will be deleted after 2 months at the latest. It processes the data on our behalf in accordance with Art. 28 (3) sentence 1 GDPR.
5. Cookies and reach measurement
5.1. Cookies are information transmitted by our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
5.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
5.5. Our cookies usage can differ depending on the browser, device or network settings, as follows:
1. Functional cookies, cookies on user behaviour and analysis technologies
|CookieMessageClosed||Store cookie banner information
|NearestLocation||set language of Avenga office near to you
2. Third party cookies
|_ga (Google)||Differentiation from users||2 years|
|_gat (Google)||Google property ID||1 minute|
|_gid (Google)||Differentiation from users||1 day|
|_gac_<property-id> (Google)||Differentiation of users in Google campaigns||1 minute|
|AMP_TOKEN||Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service||1 day|
|__cfduid (HubSpot)||Security cookie from Cloudflare, the CDN provider of Hubspot||30 days|
|__hssc (Hubspot)||Tracking of session||30 minutes|
|__hstc (Hubspot)||contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit) and session no.||13 month|
|hubspotutk (Hubspot)||Tracking the identity of a visitor to deduplicate contacts||13 month|
|_pxhd (Hubspot)||Sessioncookie from Zoominfo, Service provider of Hubspot||session|
|connect.sid (Hubspot)||Sessioncookie from Zoominfo, Service provider of Hubspot||session|
|visitorId (Hubspot)||Sessioncookie from Zoominfo, Service provider of Hubspot||session|
|UserMatchHistory (LinkedIn)||Feed and Insight Tag||30 days|
|bcookie (LinkedIn)||Optimize reach of advertising on LinkedIn||2 years|
|bscookie (LinkedIn)||Optimize reach of advertising on LinkedIn||2 years|
|lang (LinkedIn)||Language in session||Session|
|lidc (LinkedIn)||Optimize reach of advertising on LinkedIn||1 day|
|lissc (LinkedIn)||Optimize reach of advertising on LinkedIn||1 year|
|li_sugr (LinkedIn)||Identification of the browser||3 month|
|BizographicsOptOut (LinkedIn)||Determining the opt-out status for third-party tracking||10 years|
|_guid (LinkedIn)||Browser identification for interaction with Google Ads||1 year|
|li-oatml (LinkedIn)||Indirect identifier for conversion tracking, retargeting, analysis||1 month|
|li_fat_id (LinkedIn)||Indirect identifier for conversion tracking, retargeting, analysis||1 month|
|U (LinkedIn)||Identification of the browser, LinkedIn Insight tag if the IP address is in an unknown country||3 month|
|snid||Tracking the identity of a visitor to deduplicate contacts||5 years|
|nQ_cookieId||This cookie is used by Albacross to identify the users on the website||1 year|
|nQ_visitId||Albacross Identify user session||1 year|
|uslk_s||Userlike session cookie||session|
|uslk_e||Cookie by Userlike to identify user||1 year|
|_hjClosedSurveyInvites||Cookie that is used to ensure that the same invite does not reappear if it has already been shown.||1 year|
|_hjDonePolls||Cookie that is used to ensure that the same poll does not reappear if it has already been filled in.||1 year|
|_hjMinimizedPolls||Cookie that is used to ensure that the widget stays minimized when the visitor navigates through your site.||1 year|
|_hjShownFeedbackMessage||Cookie that is set when a visitor minimizes or completes Incoming Feedback||1 year|
|_hjid||Cookie that is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.||1 year|
|_hjLocalStorageTest||This cookie is used to check if the Hotjar Tracking Script can use local storage.||session|
|_hjAbsoluteSessionInProgress||This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.||30 Minutes|
6. Google Analytics
6.2. Google provides a guarantee to comply with European privacy legislation: https://cloud.google.com/terms/eu-model-contract-clause
6.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous user profiles of the processed data can be created.
6.4. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address will be sent to a Google server in the US and shortened there.
6.5. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection of data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing a browser plug-in available under the following link: http://tools.google .com / dlpage / gaoptout? hl = en .
6.6. For more information about Google uses data, settings and opposition opportunities can be found on the websites of Google: https://www.google.com/intl/de/policies / privacy / partners ( “How Google uses data when you use websites or apps our partners “), https://www.google.com/policies/ technologies / ads (” Use of data for promotional purposes “), https://www.google.com/settings/ads (” Managing information that Google uses, to show you advertising “).
7.1. When contacting us (via contact form or email), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.
7.3. In order to process contact requests, we use “Salesforce”, which is CRM software by the provider salesforce.com Germany GmbH, Erika-Mann-Str. 3, 80636 Munich, Germany. You can view the provider’s Data Policy here: https://www.salesforce.com/de/company/privacy/.
7.5. Live Support
7.5.1. Via the chat function on our website, users have the opportunity to contact Avenga employees directly, for example to clarify questions regarding open job profiles. The use of the chat does not require the provision of personal data.
7.5.2. For the service mentioned in 7.5.1 we use Userlike, a live chat software of the company Userlike UG (limited liability). Userlike uses “cookies”, text files that are stored on your computer and that enable a personal conversation in the form of a real-time chat on the website with you. The collected data will not be used to personally identify the visitor of this website and will not be merged with personal data about the bearer of the pseudonym.
7.5.3. For internal evaluation and optimization of our service quality, we store the chat logs for a period of 90 days.
8. Embedding third-party services and contents
8.1. On the basis of our legitimate interests (i.e. the interest in the analysis, optimisation and economic operation of our website as defined by Section 6 Subsection 1 lit. f. GDPR), within our website, we use offers of content and services by third-party providers such as embedding possibilities for recommending our website (hereinafter holistically called “contents”). This always presupposes that the third-party providers perceive the users’ IP address, because they could not send the contents to their browser without the IP address. The IP address is thus necessary for the presentation of these contents. We endeavour to only use such contents whose respective provider solely uses the IP address to send out the contents. Furthermore, third-party providers can use so-called pixel tags (invisible graphic images also called “web beacons”) for statistical or marketing purposes. Via the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users’ device and contain, among others, technical information about the browser and operating system, referring websites, time of visit as well as other details on using our website, and can also be associated with such information from other sources.
8.2. The following provides an overview of third-party providers as well as their contents plus links to their Privacy Policies, which contain further information on the processing of data and, partially stated here, possibilities of revocation (so-called “opt-out”):
8.4. Our website uses functions of the network, LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When visiting one of our pages that contains functions of LinkedIn, a connection is established to servers of LinkedIn. LinkedIn is informed that you have visited our web pages with your IP address. If you click on the “Recommend-Button” of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We must point out that we as the provider of the pages receive no knowledge of the content of the transmitted data nor of the use of it by LinkedIn. Data Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
9. Downloading exclusive contents
9.1. Avenga offers registered users the possibility of requesting exclusive editorial contents on the website by e-mail and to download them. In the scope of this registration, we store the user’s name, e-mail address, the company and the telephone number for our own advertising purposes as well as the sending out of these contents as per their express consent as defined by Section 6 Subsection 1 lit. a. and Section 7 GDPR.
9.2. To process registrations, we use”MailChimp”, a marketing automation platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the marketing automation platform’s data protection provisions here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp complies with EU data protection laws: https://mailchimp.com/legal/data-processing-addendum/.
9.4. Avenga uses Hubspot, a service of Hubspot Inc., on its websites for analysis purposes. Hubspot is headquartered in the USA and and complies with EU data protection laws: https://legal.hubspot.com/dpa. “Cookies” or similar technologies (such as “web beacons”) are used, which are stored on your computer and enable us to analyze your use of our website. Hubspot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of Avenga in order to generate reports about the visit and the pages visited on the Avenga website. If you have registered on our website, Hubspot allows us to link a user’s visits to Avenga websites to personal data (above all name/email address) on the basis of a consent given, thus recording personal data and informing users individually and purposefully about preferred topics. For the same purpose, we link approved personal data with further information from freely accessible sources. Further information about the functionality of Hubspot can be found in the Hubspot Inc. data protection declaration under: http://legal.hubspot.com/de/privacy-policy.
10. Regulations for applicants
10.1. By submitting your application via our website, you agree to the processing of your personal data as part of the recruiting process. This includes name, address, date of birth, phone number, e-mail address and any other data from the CV or other attachments.
10.2. Application for a job in Germany: Controller of data is Avenga Germany GmbH, Bahngofsvorplatz 1, 50667 Cologne, Germany. During the process, the data is stored in our applicant management system Talention, a software of TFI GmbH, Delphiplatz 1, 42119 Wuppertal, Germany.
10.3. Application for a job in Poland: Depending on the particular recruitment process your data controller might be one of the following companies:
a. AVENGA IT Professionals Sp. z o.o. with the registered office is in Wrocław, 66 Gwiaździsta street, 53-413 Wrocław, KRS: 0000210937
b. ITK Inwestycje Sp. z o.o. with the registered office in Warsaw, 26 Przyokopowa, 01-208 Warsaw, KRS: 0000654511
c. Avenga Poland Sp. z o.o. with registered office in Cracow, 22 Gen. Zielińskiego, 30-320 Cracow, KRS: 0000518453 Contact on your personal data is available on firstname.lastname@example.org. After registration of your CV in the system you will receive detailed information clause and request for submitting consents.
10.4. Application for a position in Ukraine or the USA: During the process, the application data is first sent by e-mail to CoreValue and then stored in our applicant management system Corebase. This is hosted and managed by CoreValue, Heroiv UPA St, 73, Lviv, Lviv Oblast, Ukraine, 79000.
10.5. If the application procedure is followed by the conclusion of an employment contract, the data transmitted by the applicant may be stored in the personnel file for the purpose of the usual organisational and administrative process in compliance with the legal regulations of relevant company from the Avenga Group.
10.6. If the conclusion of the application process does not follow the conclusion of a contract of employment, the applicant’s data will be stored for 2 months and then deleted completely. In case when you agreed for the data processing for future recruitment process your data will be stored until your consent withdrawal.
11. Inclusion in the talent pool
11.1. For candidates who are not candidates in a specific application process Candidates or their profile does not fit into a current vacancy (hereinafter referred to as “candidates” ), there is the possibility of inclusion in a relationship database of Avenga (hereinafter referred to as “talent pool” ). The type of database depends on your data controller. You will be specifically asked for a consent to be included in the talent pool by your respective data controller.
11.2. The processing of these data takes place in accordance with the explicit consent of the candidate in accordance with Art. 6 para. 1 lit. a. and Art. 7 GDPR.
12. Deletion of data
12.1. The data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the users’ data are not deleted because they are required for legally permitted purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of users who must be kept for commercial or tax reasons.
12.2. Applicable only for Avenga Germany: According to legal requirements the storage takes place for 6 years according to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 Abs. 1 AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant for taxation, etc.).
13. Right of revocation
13.1. Users can revoke future processing of their personal data according to statutory regulations at any time. The revocation may, in particular, be directed towards processing for purposes of direct marketing.
Rules for general equal treatment
For easier readability, a gender-specific representation, such as employee, is dispensed with. Appropriate terms apply in the sense of equal treatment, of course, for all genders.
The Company is fully committed to providing equality to individuals fairly and irrespective of age, disability, gender, gender reassignment, marital or civil partnership status, pregnancy or maternity, race including colour, ethnic or national origins and nationality, religion or belief or sexual orientation We aim to create a working environment that is free from discrimination and harassment in any form, in which all staff, customers and suppliers are treated with dignity and respect.