Privacy Notice/Policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of Stonebranch. The use of the Internet pages of Stonebranch is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Stonebranch's legal entities. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, Stonbranch has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
 

Table of Contents:

  1. Definitions
  2. Name and Address of the controller
  3. What we need
  4. Why we need it
  5. What we do with it
  6. How long we keep it
  7. What are your rights?

1. Definitions

The data protection declaration of Stonebranch is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

Personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the controller

Controller details for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection can be found in our imprint.

3. What we need

Our Personal Data Protection Policy governs the use and storage of your data. Stonebranch is a Controller of the personal data you (data subject) provide us. We collect the following types of personal data from you:

  • Names
  • Email addresses
  • Countries
  • Phone numbers
  • Cookies
  • Purchase history
  • General connection data and information
    • browser type and version
    • operating system used by the accessing system
    • the website from which an accessing system reaches our
      website (so-called referrers)
    • the date and time of access to the Internet site
    • IP Address
    • the Internet service provider of the accessing system
  • Application documents (e.g. CV, Employment History)

4. Why we need it

We need your personal data in order to provide you with the following services:

  • Collection of contact details. The website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes an e-mail address. If a data subject contacts the controller by e-mail, via a contact form or via chat, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject.
  • Collection of Cookies to recognize website users. This is used to provide more user-friendly services that would not be possible without the cookie setting and to optimize our website with the user in mind. We currently allow the following Cookies on this site. In order to control the usage of these Cookies for your visit on our website, please refer to the Cookie Preferences.
    • Integration Hub: By accepting this privacy policy you accept for www.stonebranch.com as well as www.stonebranch.com/integration-hub/. We use cookies in the Integration Hub to differentiate registered users.
    • Google Analytics: We use Google Analytics to understand how our media campaigns work and how you interact with our website in order to improve the user experience. You can view the Google Privacy Policy here: www.google.com/policies/privacy/. You can opt-out of making your site activity available to Google Analytics by installing the Google Analytics opt-out browser add-on.
    • Zendesk: We use Zendesk on this site for support purposes. For information about Zendesk cookies and how to reject or delete them, please go to https://www.zendesk.com/company/privacy.
    • Twitter: We show certain relevant tweets on our website. You can view the Twitter Privacy Policy here: https://twitter.com/en/privacy.
    • YouTube: We embed videos or insert links to videos from YouTube on our website(s). As a result, when you visit a page with content embedded from or linked to YouTube, you may be presented with cookies from YouTube. You can view the YouTube Privacy Policy here: https://www.youtube.com/yt/about/policies/#community-guidelines.
    • LinkedIn: The LinkedIn Insight Tag creates a unique LinkedIn browser cookie on a visitor’s browser and enables the collection of the following data for that cookie: metadata (such as IP address, timestamp, page events (like page views), and LinkedIn demographic information if there is an active LinkedIn.com member cookie present. For more information see: https://www.linkedin.com/help/linkedin/answer/65521
    • Hubspot: Hubspot tracks visitor and prospect activities on our website by setting cookies on your browser. These cookies are set in order to remember preferences when you return to our site, such as form field values. You can view the Hubspot Privacy Policy here: https://legal.hubspot.com/privacy-policy
    • Wistia: Wistia is a video distribution platform. We use it to broadcast videos presented on our website. Wistia's Privacy Policy is available here: https://wistia.com/privacy.
    • IDG Triblio: We use the IDG Triblio ABM platform. This software provides intent based account information and allows us to run highly-targeted display ads and web personalization. You can visit https://triblio.com/privacy-policy/ for more information.
    • Zoominfo: We use Zoominfo (Zoom Information, Inc.) a B2B contact database to gather business-related information for marketing and sales intelligence. For further details, please visit Zoominfo's privacy center https://www.zoominfo.com/about-zoominfo/privacy-policy
    • Hotjar: We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
    • Eventbrite: We use use EventBrite for event planning, management, and attendee registration. Eventbrite is a third-party event planning, management, and registration tool and its privacy policy can be found here.

    • Facebook: Facebook provides us with the evaluations created on the basis of the collected data or further information only in aggregated, anonymized form. Facebook Pixel uses cookies from Facebook Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Irland („Facebook“). The Facebook Pixel enables Facebook to collect information about activities of users of our website. By implementing the Facebook Pixel we enable Facebook to collect personal data. The collection and processing of this data takes place after your consent and is the sole responsibility of Facebook. We have no knowledge of further details of the processing of personal data in the area of data controllership of Facebook. For information about the processing of personal data by Facebook, please refer to the Facebook Privacy Policy: facebook.com/about/privacy/.

    • Reddit: We use Reddit and Reddit Pixel for advertising. Reddit is home to thousands of communities, endless conversation, and authentic human connection. The Reddit Pixel is a tracking pixel that measures actions users take on our website, after interacting with our ads on Reddit. For further details, please see Reddit, Inc. privacy policy.

    • Stack Overflow: We use Stack Overflow and Stack Overflow Pixel for advertising. Stack Overflow is a public platform used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers The Stack Overflow Pixel is a tracking pixel that measures actions users take on our website, after interacting with our ads on Stack Overflow. For further details, please see Stack Exchange, Inc. privacy policy.
  • Collection of a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files and may be used to diagnose technical problems and in the event of attacks on our information technology systems.
  • Collection of application documents you provide to assess your suitability for the role you have applied for. We will use the contact details you provide to us to contact you to progress your application.

5. What we do with it

Your personal data is processed in our main offices located in Germany, Greece and the United States. Hosting and storage of your data takes place via the following.

Stonebranch, as the data controller, utilizes third party data processors that provide several marketing related services for us. Stonebranch has contracts in place with all data processors to ensure that your information is only processed for the intended purpose. Stonebranch also ensures that the third party will provide suitable technical and organizational measures to protect the personal data as required by the applicable law.

The third party processors are:

Entity Name Entity Type and Service Country
Salesforce.com, Inc. Third-party service provider: Salesforce CRM, United States
Hubspot, Inc. Third-party service provider: Hubspot Marketing Automation, Chat United States
Zendesk, Inc. Third-party service provider: Customer Support Software United States
Google, Inc. Third-party service provider: Google Analytics United States
Mediatis AG Third-party service provider: Marketing Agency Germany
Amazon Web Services, Inc. Third-party service provider: Website Hosting United States
Twitter, Inc. Third-party service provider:
Social Media Button		 United States
Facebook, Inc. Third-party service provider: Social Media Button United States
LinkedIn, Inc. Third-party service provider:
Social Media Button, LinkedIn Insight Tag		 United States
Triblio, an IDG Communications, Inc. Company Third-party service provider: Online advertising platform, remarketing United States
Wistia, Inc. Third-party service provider: Video hosting platform United States
Zoom Information, Inc. Third-party service provider: B2B contact database United States
Hotjar Ltd. Third-party service provider:
Analytics		 Ireland
Eventbrite, Inc. Third-party service provider: Online Event Management Platform United States
G2.com, Inc. Third-party service provider: B2B Social Media Review Platform United States
IT Central Station Ltd. Third-party service provider: B2B Social Media Review Platform Israel

6. How long we keep it

We retain personal information only for as long as necessary to carry out the intended functions, and in line with our retention schedule and the respective statutory retention period. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information. Please contact us for more information on our personal data retention schedule.

7. What are your rights?

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through [Data Subject Access Request Form].

In the event that you wish to complain about how we have handled your personal data, please contact the DPO Resources at Stonebranch dpo@stonebranch.com or in writing at

Karl Schleps
Stonebranch GmbH
Europa-Allee 54
60327 Frankfurt am Main
Germany

Our Privacy Team will then look into your complaint and work with you to resolve the matter.

If you still feel your personal data has not been handled appropriately according to the law, you can contact Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany and file a complaint with them.