Privacy Policy

Protecting your privacy is crucial for our business and we at commercetools are committed being a responsible, trustworthy custodian of our personal information. With this Privacy Policy we want you to better understand how we collect, use, protect, and share your personal data.  It describes the manner in which we collect, use, maintain, and may disclose personal data, within the contexts of visiting our websites, using our offerings through our website, and managing our relationships with prospects, customers, partners, suppliers, and other business partners.

As used in this Privacy policy, "personal data" or "personal information" means information relating to an identified or identifiable individual. This includes, for example, name, address, email address, business contact information or information collected through interactions with us via our websites or through other channels. Personal information is also referred to as "information about you."

In the following, the terms "user," "customer," "you" and "your" refer to the individuals whose personal data we may process or use and may occasionally be used interchangeably.

 

Summary of Contents                                                            

I. Name and contact details of the Controller

II. Contact details of the Data Protection Officer

III. Privacy policy for visitors to our website

1. Purposes for which the personal data are processed as well as the legal basis for the processing

1.1 Processing of access data

1.2 Cookies and related technologies

1.2.1 General

1.2.3 Technically necessary cookies

1.2.3 Cookies require consent such as analysis and tracking cookies and related technologies (e.g. tracking scripts)

1.2.4 Data processing in connection with our contact form

1.2.5 Newsletter registration

1.2.6 Download of white papers and other publications

1.2.7 Registering for a trial version

1.2.8 Event registration and online events

1.2.9 Usage and registration for the Training Center

2. Automated decision making including profiling

3. Data transfer to a third country

4. Categories of recipients of the personal data

5. Period for which the personal data will be stored or criteria used to determine that period

6. Privacy notices for all third-party services implemented on our websites

6.1 Privacy notice on the use of Google Analytics

6.2 Privacy notice on the use of Google Tag Manager

6.3 Privacy notice on the use of Google Fonts API/ gStatic API

6.4 Privacy notice on the use of Doubleclick.net by Google

6.5 Privacy notice on the use of Google Audiences

6.6 Privacy notice on the use of Google Dynamic Remarketing

6.7 Privacy notice on the use of LinkedIn Analytics and LinkedIn Ads

6.8 Privacy notice on the use of Youtube

6.9 Privacy notice on the use of Facebook Custom Audience

6.10 Privacy notice on the use of Facebook Connect

6.11 Privacy notice on the use of Hotjar

6.12 Privacy notice on the use of the live chat "Drift

6.13 Privacy notice for the use of AppNexus

6.14 Privacy notice for the use of HubSpot

6.15 Privacy notice on the use of Oktopost

IV. Privacy policy for our customers, prospective customers and partners

1. Purposes for which the personal data are processed as well as the legal basis for the processing

1.1 Handling of inquiries and preparation of offers (Art. 6 (1) lit. f GDPR)

1.2 Implementation and execution of contracts (Art. 6 (1) lit. f GDPR)

1.3 Implementation of marketing activities

2. Obligation to provide the data

3. Automated decision making including profiling

4. Data transfer to a third country

5. Recipients of data and data sources

5.1 Categories of recipients of the personal data

5.2 Data sources

6. Period for which the personal data will be stored or criteria used to determine that period

7. Security

V. Privacy policy for our suppliers and business partners

1. Purposes for which the personal data are processed as well as the legal basis for the processing

2. Obligation to provide the data

3. Automated decision making including profiling

4. Data transfer to a third country

5. Recipients of data and data sources

5.1 Categories of recipients of the personal data

5.2 Data sources

6. Period for which the personal data will be stored or criteria used to determine that period

VI. Privacy policy for applicants

1. Privacy notice for processing in connection with an access of our career portal at https://boards.greenhouse.io/commercetools

1.1 Processing of access data

1.2 Cookies and related technologies

1.3 Privacy notices for all third-party providers on our career portal

1.3.1 Privacy notice on the use of Greenhouse

1.3.2 Privacy notice on the use of Google reCaptcha

2. Privacy notice for processing in connection with the recruiting process by submitting an application

2.1 EU/EEA/German Applicants

2.1.1 Personal data we use regarding the recruiting process

2.1.2 Sources from where we collect personal data

2.1.3 Purpose for processing personal data

2.1.4 To whom personal data will be passed on

2.1.5 Transfer of personal data outside the European Union and European Economic Area

2.1.6 Automated decision-making, profiling

2.1.7 Storage of personal data

2.2 UK Applicants

2.2.1 Personal data / information we use regarding the recruiting process

2.2.2 Sources from where we collect personal data / information

2.2.3 Purpose and legal basis for processing personal data / information

2.2.4 Use of your personal data / information

2.2.5 To whom personal data will be passed on

2.2.6 Transfer of personal data / information outside your jurisdiction

2.2.7 Storage of personal data / information

2.2.8 Your rights

2.2.9 Complaints

2.2.10 Information related to children

2.3 US Applicants

2.3.1 Personal data / information we use regarding the recruiting process

2.3.2 Sources from where we collect personal data / information

2.3.3 Purpose and legal basis for processing personal data / information

2.3.4 Use of your personal data / information

2.3.5 To whom personal data will be passed on

2.3.6 Transfer of personal data / information outside your jurisdiction

2.3.7 Storage of personal data / information

2.3.8 Your rights

2.3.9 Information related to children

2.4 Australian Applicants

2.4.1 Personal data / information we use regarding the recruiting process

2.4.2 Sources from where we collect personal data / information

2.4.3 Purpose and legal basis for processing personal data / information

2.4.4 Use of your personal data / information

2.4.5 To whom personal data will be passed on

2.4.6 Transfer of personal data / information outside your jurisdiction

2.4.7 Storage of personal data / information

2.4.8 Your rights

2.4.9 Complaints

2.4.10 Information related to children

2.5 Singapore Applicants

2.5.1 Personal data / information we use regarding the recruiting process

2.5.2 Sources from where we collect personal data / information

2.5.3 Purpose and legal basis for processing personal data / information

2.5.4 Use of your personal data / information

2.5.5 To whom personal data will be passed on

2.5.6 Transfer of personal data / information outside your jurisdiction

2.5.7 Storage of personal data / information

2.5.8 Your rights

2.5.9 Complaints

2.5.10 Information related to children

VII. Information on your data subject rights

1. Data subject rights according to Chapter III of the GDPR

2. Rights under the California Consumer Privacy Act (CCPA)

3. Right to lodge a complaint with a supervisory authority

I. Name and contact details of the Controller

commercetools GmbH
Adams-Lehmann-Str. 44
80797 Munich
Email: info@commercetools.com
Phone: +49 (89) 99 82 996-0 

(hereinafter "commercetools", "we", "us").

However, the data controller may vary depending on the offer or the purpose of the processing and another of our commercetools Group companies may accordingly be the controller. You can find a list of our commercetools Group companies here.

We have concluded a joint controllership between commercetools GmbH and Frontastic GmbH. Please find the privacy notice regarding the joint controllership here.

II. Contact details of the Data Protection Officer

If you have general questions about data protection, please contact us:

privacy@commercetools.com

If you have any inquiries concerning the processing of personal data of individuals within Europe, you can also contact our Data Protection Officer directly:

Holzhofer Consulting GmbH
Martin Holzhofer
Lochhamer Str. 31
82152 Planegg

Email: info@commercetools.com

Phone: +49 (89) 99 82 996-0

III. Privacy policy for visitors to our website

The following information on data protection is to be provided pursuant to Art 13 et seq. GDPR where personal data are collected from the data subject on our website.

commercetools generally operates several websites, including but not limited to commercetools.com or modern-commerce-day.com (hereinafter "the websites") and would like to inform you in the following sections of this Privacy Notice, among other things, about the extent to which information about you is processed through the websites and the purposes for which such information is used.

The websites also include various subdomains (e.g. docs.commercetools.com) or other domains, many of which are covered by this Privacy Notice. Websites not covered by this Privacy Notice are governed by their own privacy policies.

1. Purposes for which the personal data are processed as well as the legal basis for the processing

1.1 Processing of access data

For technical reasons, we process a limited amount of data (so-called connection data) each time you access our website. This data is technically necessary to establish and execute a connection between your terminal device and our servers. This data is processed in the main memory of the web server for the duration of the connection:

The following data or data categories are collected:

  • IP address

  • Source port of the calling device or a gateway (e.g. firewall or proxy).

  • Timestamp (date and time) of the retrieval

  • Amount of data transferred

  • Message whether the retrieval was successful (using HTTP error code)

  • Message why a retrieval failed, if applicable (using HTTP error code).

  • Referer (web page from which calls were made to our main page or sub-pages)

  • User agent (type of browser you use to access our website and its version)

  • Display screen width and height

  • Language settings of your browser

The IP address, timestamp, HTTP error code, referer and user agent are automatically logged when our websites are accessed in order to ensure the functionality and protection of our websites. Furthermore, the logs serve to optimize the website. Your IP address is only processed in the logs in abbreviated form and is thus anonymized. A creation of user profiles with personal reference is not possible for us with this data.

The processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.  A legitimate interests assessment was carried out and came to the conclusion that the processings are necessary to safeguard our legitimate interests and that these outweigh your interests, fundamental rights and freedoms which require protection of personal data.

1.2 Cookies and related technologies

1.2.1 General

This website partly uses so-called cookies and related technologies (e.g. scripts). Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your terminal device and saved by your browser, for example to "remember" information about you, such as your language settings or login information. These cookies are sometimes set by us and are referred to as first-party cookies. We also use third-party cookies, which come from a different domain than the one of the website you are visiting.

Basically, we distinguish between the following cookie categories:

  • Technically necessary cookies

  • Functional cookies

  • Performance cookies

  • Cookies for marketing purposes

  • Social media cookies

You can also find more information on the individual categories as well as the option to reject each cookie category (with the exception of the technically necessary cookies) and in addition a list of all cookies used in the "Cookie Settings" under the following link:

1.2.2 Technically necessary cookies

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Such cookies are mandatory and technically necessary for the operation of the website and to provide the service requested by the user and can therefore not be disabled.

The processing is based on the legitimate interest pursuant to Art. 6 (1) lit. f GDPR.  A legitimate interests assessment was carried out and came to the conclusion that the processings are necessary to protect our legitimate interests and that these outweigh your interests, fundamental rights and freedoms which require protection of personal data.

1.2.3 Cookies requiring consent such as analysis and tracking cookies and related technologies (e.g. tracking scripts)

Additional advertising, marketing and analysis tools from third-party providers are integrated on our website. These are not technically necessary for the operation of the website, but serve, for example, to record the behavior of the user, to provide him advertising tailored to this or to enable an analysis of the use of our website (e.g. Google Analytics, Hubspot Analytics, Google Dynamic Remarketing, LinkedIn Analytics, Facebook Advertising).

These services become active only after you have explicitly given your consent using the Consent Banner.

An overview of all third-party services integrated on the Website, as well as detailed information on each of these services, can be found under section 6.

1.2.4 Data processing in connection with our contact form

When contacting commercetools via the contact form on the website, the information you provide will only be stored for the purpose of processing and answering the inquiry as well as for possible follow-up inquiries and, if necessary, for further support (unless you would like to subscribe to the newsletter at the same time by ticking the corresponding checkbox).

The following data or data categories are collected and processed in this process:

  • Name, first name

  • E-mail address

  • Name of your company

  • Position/Job Title

  • Phone number

  • Individual message

The legal basis for processing your data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interests assessment was carried out and came to the conclusion that the interests of the data subject do not outweigh our interests in processing. We have a legitimate interest in answering your inquiry, for which the processing of the data and data categories mentioned here is necessary.

1.2.5 Newsletter registration

If you would like to be informed regularly about new products or other interesting topics, commercetools offers to receive a newsletter.

To subscribe to the newsletter, you can register by ticking the appropriate checkbox under the various forms (e.g. contact form, demo registration, whitepaper download). Subsequently, you will receive an activation link to the specified e-mail address, which you must activate to complete the registration (so-called double opt-in procedure).

The legal basis for the processing is Art. 6 (1) lit. a GDPR, i.e. your explicit and voluntary consent in combination with the double opt-in procedure.

You can withdraw your consent at any time and without giving reasons. You have two options to choose from:

You can unsubscribe from future receipt of the newsletter by clicking on the "unsubscribe" button, which can be found in every newsletter.

You can also send an informal email with your unsubscribe request to privacy@commercetools.com.

1.2.6 Download of white papers and other publications

Our websites offer you the opportunity to learn more about our company and download content. In doing so, we ask you to provide us with your contact information and other demographic information about you.

In order to provide you with the download, the following data or categories of data must be provided:

  • First and last name

  • Business email address

  • Name of your company

If you do not wish to subscribe to the newsletter at the same time by ticking the corresponding checkbox, the information you give will only be used to provide the requested whitepaper. The legal basis for processing your data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interests assessment was carried out and came to the conclusion that the interests of the data subjects do not outweigh our interests in processing. We have a legitimate interest in providing users with special content by means of whitepapers, for which the processing of the data and data categories mentioned here is necessary.

1.2.7 Registering for a trial version

You can register for a free 60-day trial on our website.

In order to complete the registration, the following data or categories of data must be provided:

  • Name, first name

  • E-mail address

  • Name of your company

  • Position/Job Title

  • Demand (planned project)

  • Region

The data collected during registration will be processed exclusively for the purpose of providing the offer, i.e. for the implementation of pre-contractual measures with interested parties, unless you wish to subscribe to the newsletter at the same time by ticking the corresponding checkbox. The legal basis for processing your data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interests assessment was carried out and came to the conclusion that the interests of the data subjects do not outweigh our interests in processing. We have a legitimate interest in carrying out pre-contractual measures with interested parties by providing a test access to demonstrate the functionality of our products, for which the processing of the data and data categories mentioned here is necessary.

1.2.8 Event registration and online events

On our website, www.modern-commerce-day.com, we use the third-party service of Bizzabo Inc. located at 31 W 27th St 10th Floor, New York, NY 10001.

Our legitimate interest in using this online platform for online events and event registrations is to improve the quality and availability of our service and event experience. Bizzabo only processes our personal data on our behalf to the extent necessary for the provision of the service. The platform (Bizzabo) may use cookies.

For more information about Bizzabo's privacy policy, please visit https://www.bizzabo.com/privacy and https://www.bizzabo.com/cookie-policy.

1.2.9 Usage and registration for the Training Center

On our website we offer you the opportunity to be provided with training regarding our products and services that we provide you with. This training is available under https://learn.commercetools.com. In regard to the training, we may process the following personal data of you:

  • Name, first name

  • E-mail address

  • Name of your company

  • Position/Job Title

  • Demand (planned project)

  • Region

  • Descriptions / text messages

  • IP address

  • Source port of the calling device or a gateway (e.g. firewall or proxy).

  • Timestamp (date and time) of the retrieval

  • Amount of data transferred

  • Message whether the retrieval was successful (using HTTP error code)

  • Message why a retrieval failed, if applicable (using HTTP error code).

  • Referer (web page from which calls were made to our main page or sub-pages)

  • User agent (type of browser you use to access our website and its version)

  • Display screen width and height

  • Language settings of your browser

If you are not registered for the training services yet you need to register for this training and to create a new account accordingly. In this context the following personal data may be processed:

  • Name, first name

  • E-mail address

  • Name of your company

  • Position/Job Title

  • Demand (planned project)

  • Region

  • Descriptions / text messages

  • IP address

  • Source port of the calling device or a gateway (e.g. firewall or proxy).

  • Timestamp (date and time) of the retrieval

  • Amount of data transferred

  • Message whether the retrieval was successful (using HTTP error code)

  • Message why a retrieval failed, if applicable (using HTTP error code).

  • Referer (web page from which calls were made to our main page or sub-pages)

  • User agent (type of browser you use to access our website and its version)

  • Display screen width and height

  • Language settings of your browser

The data collected during the usage and registration will be processed exclusively for the purpose of providing the training services. The legal basis for processing your data is our contractual relationship pursuant to Art. 6 (1) lit. b GDPR.

Your account, user profile and credentials that are being created will be transferred to and processed for the log-in process by our service provider Auth0, Inc., 10800 Northeast Street, Suite 700, Bellevue, Washington 98004, USA ("Auth0"). Auth0 also provides the service of a so-called "Single Sign On", which means that, in case you have registered several accounts with us, you can log-in with one account that is also valid for the other registered accounts of commercetools. Consequently, there is no need to log-in for each covered account separately when using Auth0. In case you have already registered more than one covered account with us, these covered accounts will be merged by Auth0. The following, but may be not limited to, personal data will be transferred to and processed by Auth0:

  • User profile information

  • Contact information

  • Authentication information

2. Automated decision making including profiling

Automated individual decision-making including profiling according to Art. 22 (1) and (4) GDPR do take place on the part of commercetools GmbH.

3. Data transfer to a third country

Data transfers to countries outside the EU and the European Economic Area ("Third Countries") arise, for example, in the context of the administration, development and operation of IT systems. The transfer takes place only on the basis:

  • of an adequacy decision of the European Commission according to Art. 45 GDPR.

  • of an approved certification mechanism pursuant to Art. 42 GDPR together with legally binding and enforceable obligations of the controller or processor in the third country.

  • of standard data protection clauses adopted by the Commission in accordance with the examination procedure under Article 93 (2) GDPR.

Currently, when using our website, a transfer of personal data to third countries (in particular to the USA) takes place through the use of third-party services (such as Google Analytics) in the following cases:

  • Transfer of data to Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

  • Transfer of data to LinkedIn Corp., 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

  • Transfer of data to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

  • Transfer of data to Hubspot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

  • Transfer of data to Oktopost, Tuval 34, Ramat Gan, 5252244, Israel.

  • Transfer of data to Drift Inc., 222 Berkeley Street Suite 600 Boston, MA 02116 USA.

  • Transfer of data YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.s.

4. Categories of recipients of the personal data

For the processing of personal data for the purposes mentioned here, we use the following categories of recipients as processors pursuant to Art. 28 GDPR:

  • Provider of servers for the purpose of hosting our websites

  • IT service provider to maintain our IT infrastructure

  • External service providers for additional services

  • Marketing and analytics service providers (e.g. Hubspot, Google, LinkedIn)

  • Further processors within the meaning of Art. 28 GDPR in the course of the order processing

 

These service providers process information about you on our behalf and based on our instructions and are contractually bound to comply with applicable data protection laws.

Other recipients are affiliated companies of the commercetools Group. As a global company, we also share your information with affiliates within the Group. You can find a list of commercetools Group companies here.

Your data will also be passed on if we are legally obliged to do so.

5. Period for which the personal data will be stored or criteria used to determine that period

Personal data will only be stored for as long as necessary to fulfill the purposes stated here or as required by the retention periods specified by law. After the respective purpose ceases to apply or after the retention periods have expired, the data will be deleted in accordance with the statutory provisions.

We store your data for advertising purposes until you object to its use, withdraw your consent, or until it is no longer legally permissible to use it.  We store your other data for as long as we need it to fulfill the specific purpose (e.g. to fulfill or process a contract) and delete it when the purpose no longer applies.

All connection data (access logs) are automatically deleted from the web server's memory shortly after the end of the connection. The anonymized access logs are stored for 31 days. In the event that parts of the access logs are required for the purpose of preserving evidence, these are excluded from deletion until the respective incident has been finally clarified.

6. Privacy notices for all third-party services implemented on our websites

6.1 Privacy notice on the use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, such as

  • Browser type/version,

  • Operating system used,

  • Referrer URL (the previously visited page),

  • Host name of the accessing computer (IP address),

  • Time of the server request,

are usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. We have also extended Google Analytics on this website with the code "anonymizeIP".

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

6.2 Privacy notice on the use of Google Tag Manager

This website uses the Google Tag Manager of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Through this service, website tags can be managed via an interface. JavaScript tags and HTML tags are managed with this application, which are used to implement tracking and analysis tools in particular. The data processing serves the purpose of demand-oriented design and optimization of our website. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information about Google Tag Manager, please visit: http://www.google.de/tagmanager/use-policy.html.

6.3 Privacy notice on the use of Google Fonts API/ gStatic API

External fonts such as Google Fonts and gStatic are used on this website for better visual presentation. These are services of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. This establishes a connection with your end device and, among other things, transmits to the server which of our web pages you have visited. The IP address of the browser of your end device is also collected by Google.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information, please visit https://developers.google.com/fonts/faq?tid=331597391040.

6.4 Privacy notice on the use of Doubleclick.net by Google

This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later views the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have viewed up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

In addition, the DoubleClick Floodlight cookies used allow us to understand whether you take certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content you have interacted with on our websites in order to later send you targeted advertising.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information about DoubleClick by Google, please visit www.google.de/doubleclick.

6.5 Privacy notice on the use of Google Audiences

We also use Google Audiences ("GA Audiences") of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"), another web analytics service of Google. Through this service, data is collected and stored, from which pseudonymized usage profiles are created. Through this technology, users who have visited our website can be shown targeted advertising from us on other external pages of the Google Partner Network.

GA Audiences uses, among other things, cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and that enable an analysis of the use of the respective devices. In some cases, the data is analyzed across devices. GA Audiences receives access to the cookies created in the context of the use of Google Analytics. In the course of use, data, such as the IP address and activities of the users, may be transmitted to a server of the company Google LLC and stored there. Google LLC may transfer this information to third parties where required to do so by law, or where such data is processed by third parties.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information on the privacy of your use of GA Audiences, please visit: http://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283/.

6.6 Privacy notice on the use of Google Dynamic Remarketing

We use the remarketing or "similar audiences" function of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. The application serves the purpose of analyzing visitor behavior and visitor interests. Google uses cookies to perform the analysis of website usage, which forms the basis for the creation of interest-based advertisements. The cookies are used to record visits to the website and anonymized data on website usage. No personal data of the website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

You can find more information about Google Remarketing and the associated privacy policy at: http://www.google.com/privacy/ads/.

6.7 Privacy notice on the use of LinkedIn Analytics and LinkedIn Ads

We use on this website "LinkedIn Analytics" as well as "LinkedIn Ads", services of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. ("LinkedIn"). Both services store and process information about your user behavior on our website. Among other things, cookies are used for this purpose, which are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website.

We use LinkedIn Analytics for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user.

We use LinkedIn Ads to serve personalized ads on LinkedIn to visitors of this website. Furthermore, the possibility arises to create anonymous reports on the performance of the ads as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions on our website to their full extent. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out") click here.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

6.8 Privacy notice on the use of Youtube

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also called "framing". When you view a (sub-) page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.

YouTube content is only integrated in "expanded data protection mode". YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. However, when the relevant pages are viewed up, the IP address and other data (e.g. browser used, operating system and its interface, language and version of the browser software, date and time of the query) are transmitted and thus in particular communicated which of our Internet pages you have visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service (e.g. Google+) before accessing the page or are permanently logged in.

As soon as you start the playback of an embedded video by clicking on it, YouTube only stores cookies on your device through the expanded data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information on the handling of user data, please see YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

6.9 Privacy notice on the use of Facebook Custom Audience

We use a "Facebook pixel" on our website from the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). The Facebook pixel can be used to track the behavior of users after they click on a Facebook ad. With the help of the Facebook pixel, we can understand how our marketing measures are received on Facebook and, if necessary, take optimization measures. For this purpose, interest-related advertisements ("Facebook ads") are displayed to users of our website when they visit the Facebook social network or other websites that also use the procedure. Accordingly, we also use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called Facebook "Custom Audiences" or "Look Alike Audiences").

Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge:

By integrating the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or viewed the corresponding web page of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and other identifiers.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Specific information and details about the Facebook Pixel and how it works can also be found in Facebook's help section.

6.10 Privacy notice on the use of Facebook Connect

If a so-called "Facebook Connect Button" is placed on this website, you have the option of logging in to our website with your Facebook user data. In addition, information about your activities on our website can automatically flow into your Facebook profile via Facebook Connect. In this respect, when activating the button, you are given both the opportunity to explicitly consent to accessing your Facebook user data and to consent to the publication of information and activities in your Facebook profile. The use of further data (e.g. contacting you via your email address) only takes place with prior explicit consent. Please note that Facebook receives information about the application or website, including what actions you take, through Facebook Connect. In order to personalize the process of making connections, there is a possibility that in some cases Facebook may receive a limited amount of information prior to authorizing the application or website.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy:

Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.

For more information about Facebook Connect and privacy settings, please see the privacy notices and terms of use of Facebook Inc.

6.11 Privacy notice on the use of Hotjar

Our website uses Hotjar, an analytics software provided by Hotjar Ltd. ("Hotjar"), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe. Hotjar makes it possible to measure and analyze usage behavior on our website in the form of clicks, mouse movements, scroll heights, etc. The information generated by the tracking code and the cookie is transmitted to the Hotjar servers in Ireland and stored there.

The following information is collected:

  • The IP address of your device (collected and stored in an anonymized format)

  • Screen size of your device

  • Device type and browser information

  • Geographical point of view (only the country)

  • The preferred language to display our website

In addition, the following data is logged on our server when Hotjar is used:

  • Referring domain

  • Visited pages

  • Geographical point of view (only the country)

  • The preferred language to display our website

  • Date and time of access to the website

Hotjar will use this information to evaluate your use of our website, generate reports, and provide other services related to website usage and internet evaluation of the website. Hotjar also uses third-party services, such as Google Analytics, to provide services. This third-party company may store information that your browser sends as part of your website visit, such as cookies or IP requests. For more information about how Google Analytics stores and uses data, please see its privacy policy.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

You can find more information about privacy when using Hotjar at: http://www.hotjar.com/privacy/ and at http://www.hotjar.com/legal/policies/privacy/.

6.12 Privacy notice on the use of the live chat "Drift

We use for live chat and as a chatbot the service of Drift.com Inc, 222 Berkeley Street, Suite 600, Boston, MA 02116, USA ("Drift") in order to process user requests faster and more efficiently.

Drift enables us and our visitors to conduct a live chat via a chat widget. Drift uses, among other things, cookies and IP address to provide the service and to collect information about our users' behavior on the website and about their end devices. Your data transmitted in the live chat is stored on servers of Drift, Inc. in the USA.

Only after explicit separate consent to the storage and processing in the chat window, you can send us additional data such as your name or email address. We store and process this data so that we can respond to inquiries and answer aborted chats by e-mail.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

The privacy policy of Drift, Inc. (in English) can be found here: https://www.drift.com/privacy-policy/.

6.13 Privacy notice for the use of AppNexus

In some areas of our website, we use AppNexus, a service for displaying usage-based advertising from AppNexus Inc, 28 W. 23rd Street New York, New York, 10010, USA. AppNexus uses, among other things, cookies that allow an analysis of the use of the website in order to display targeted interest-based advertising. In the course of use, your data, such as in particular the IP address and user activities, may be transmitted to a server of AppNexus in the USA and stored there.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information about privacy, please see the AppNexus privacy policy here at https://www.appnexus.com/en/company/platform-privacy-policy-de.

6.14 Privacy notice for the use of HubSpot

Our websites use various services of the company HubSpot for different purposes of our online marketing activities, for example for analysis and communication purposes. HubSpot Inc. is a software company located at 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include in particular:
Email marketing (newsletters and automated mailings, e.g. for providing event notices), social media publishing & reporting (e.g. traffic sources, hits, etc. ), reporting, contact management (e.g. user segmentation & CRM), landing pages, website analytics, web hosting and contact forms.

Hubspot uses web beacons and cookies to help us analyze your use of this website. Specifically, when you contact us, download a whitepaper, register for a trial, register for an event, or submit another form integrated from Hubspot, your activities on this website are associated with your cookie, allowing us to analyze your website usage in more detail (e.g. pages visited, date and time of views, forms completed, documents downloaded). In addition, for some forms, we deliver requested digital resources (e.g. eBooks/whitepapers) to you by e-mail. In this way, we can tailor the user experience on the website as well as external communication even better to the needs of visitors.

An overview of all cookies that are set by HubSpot can be found at: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.

As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:

Geographic location, browser type, navigation information, referral URL, performance data, information about how often the application is used, mobile apps data, HubSpot subscription service credentials, files viewed on site, domain names pages viewed, aggregated usage, operating system version, internet service provider, IP address, device identifier, duration of visit, where the application was downloaded from, operating system, events that occur within the application, access times, clickstream data, device model and version.
This information as well as the content of our website is stored on servers of our software partner HubSpot in the USA.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.


For more information about how Hubspot handles the data it collects and how it protects it, please see Hubspot's Privacy Policy.

6.15 Privacy notice on the use of Oktopost

To publish social media posts and analyze the reach and interaction with them, we use a service provided by Oktopost Technologies Inc, 34 Tuval Street, Tel Aviv, Israel ("Oktopost").

Oktopost collects information for us about whether any of our posts have been shared, liked, commented on or mentioned on social media and whether you are a user who has interacted with our posts on social media. Oktopost will analyze this data for us to create anonymous reports about the reach and usage of our posts. The data is stored pseudonymously and later anonymized. You can object to the collection of your data by Oktopost by configuring your browser to block the storage of cookies.

The information generated by cookies and Goal Tracking technologies is transferred to and stored on an Oktopost server in the USA or other third countries.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA. The legal basis for the further processing of your personal data is your voluntary and informed consent pursuant to Art. 6 (1) lit. a GDPR. You give your corresponding consent via the Consent Banner.

For more information on data processing by Oktopost, please visit Oktopost's website (https://www.oktopost.com/privacy).

IV. Privacy policy for our customers, prospective customers and partners

The following information is to be provided pursuant to Art. 13 et seq. GDPR where personal data are collected from our customers and prospective customers.

Our offer is addressed exclusively to entrepreneurs, tradesmen, freelancers and public institutions. Contracts with consumers according to Sec. 13 of the German Civil Code are not concluded.

1. Purposes for which the personal data are processed as well as the legal basis for the processing

1.1 Handling of inquiries and preparation of offers (Art. 6 (1) lit. f GDPR)

If you are interested in our offered goods and services (e.g. our cloud-based e-commerce platform and related training, consulting, technical support, licenses, maintenance contracts, etc.), we process and store the following data for the purpose of processing your inquiry and preparing an offer when you contact us (e.g. by e-mail, telephone or contact form on our website):

  • Title

  • Name, first name

  • Company/organization and possibly department within the company

  • Position in the company

  • Business address

  • Business phone numbers

  • Business fax number

  • Business email address

  • Individual message

  • Product interest

  • Conversation notes from sales and customer support calls and live chat sessions, if applicable.

We reserve the right to inquire about your decision by telephone or e-mail within 3 months after you have submitted our offer, provided you have not objected to our inquiry.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interests assessment was carried out and came to the conclusion that the processing of your data is necessary to answer your inquiry and if necessary, for further pre-contractual measures and that our interest outweighs your interests or fundamental rights and freedoms to protect your data.

1.2 Implementation and execution of contracts (Art. 6 (1) lit. f GDPR)

In order to implement and fulfill an existing contractual relationship, in particular to provide services owed (e.g. provision of our cloud-based e-commerce platform and associated execution of services such as maintenance and support, consulting and training) and to send you contractual documents, we and any third parties or processors commissioned by us process the following data from you, insofar as you have provided us with this when concluding the contract or in the course of the contractual relationship:

  • Contact details of contact persons and, if applicable, other employees in the company of the business customer

    • Title

    • Name, first name

    • Company/organization and possibly department within the company

    • Position in the company

    • Business address

    • Business phone numbers

    • Business fax number

    • Business email address

  • Further information that is required to process in the context of a project or the handling of a contractual relationship with commercetools or which is provided voluntarily by our contact persons

    • Orders placed (especially products and services ordered)

    • Transacted inquiries

    • Project details

    • Conversation notes from sales and customer support calls and live chat sessions, if applicable.

  • Information collected from publicly available sources, information databases, or credit reporting agencies

For invoicing, monitoring and collection of trade receivables, we process contact details of accounting contacts and other persons entrusted with these processing operations.

If you make use of the offer of our trainings and courses and register for them (e.g. online via our website or by e-mail), we process the following data for the planning and execution of the trainings and, if applicable, for the creation and sending of personalized certificates of participation:

  • Personal data of the training participants

    • Name, first name

    • Company/organization and possibly department within the company

    • Email address

    • Address

  • Personal details of the payer

    • Name, first name

    • Company/organization and possibly department within the company

    • Field of activity

    • Company address

    • Phone number

  • Other information such as: Course date, duration, location, price, date of registration/time stamp.

The training participants are usually employees of our customers and prospective customers.

We also use online video conferencing systems of the respective customer or alternatively our own system for various services, e.g. for technical support or for conducting training/education for customers. The activation of video transmission is the responsibility of the respective participant and is not linked to any advantages or disadvantages in the provision of the service. A recording of the video conferences by us shall only be made upon request and in consultation with all participants. If, in exceptional cases, recording by us is necessary, consent will be obtained from the participants in accordance with Art. 6 (1) lit. a in conjunction with Art. 7 GDPR.

The legal basis for the processing of your data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interests assessment was carried out and came to the conclusion that the interests of the data subjects do not outweigh our interests in the implementation and fulfillment of contracts with our customers. We have a legitimate interest in the implementation and performance of contractual obligations with our customers, for which the processing of the data and data categories mentioned here is necessary.

1.3 Implementation of marketing activities

In the case of an advertising approach, we will only contact you via the communication channels to which you have consented, subject to mailing. For this purpose, we use your data for the following purposes:

  • Quality assurance: In order to continuously improve our performance, our products and our services for you, we conduct surveys on your satisfaction, as well as your experiences from your contractual relationship.

  • E-mail advertising using newsletter

  • Invitations to specific events

  • Communication regarding downloaded whitepapers

The legal basis for the processing is generally Article 6 (1) lit. a GDPR. Pursuant to Article 7 (3) GDPR, you can always withdraw your consent with effect for the future by sending an e-mail to the e-mail address specified in Section VII Section 1.

Without separate consent, the legal basis may also be our legitimate interest for the purpose of direct advertising (in accordance with Article 6 (1) lit. f GDPR in conjunction with Article 95 GDPR, Section 7 (3) German Act against Unfair Competition) provided that your fundamental rights and freedoms do not conflict. In accordance with Art. 21 GDPR, you can always object to data processing on the basis of our legitimate interests with effect for the future by contacting the e-mail address stated in Chapter VII, Section 1.

2. Obligation to provide the data

The provision of the data specified in section 1.2 is mandatory. If you do not provide us with this information, a contract will not be concluded with us. All other data is provided voluntarily.

3. Automated decision making including profiling

Automated individual decision making including profiling according to Art. 22 (1) and (4) GDPR do take place on the part of commercetools GmbH.

4. Data transfer to a third country

Data transfers to countries outside the EU and the European Economic Area ("Third Countries") arise, for example, in the context of the administration, development and operation of IT systems. The transfer takes place only on the basis:

  • of an adequacy decision of the European Commission according to Art. 45 GDPR.

  • of an approved certification mechanism pursuant to Art. 42 GDPR together with legally binding and enforceable obligations of the controller or processor in the third country.

  • of standard data protection clauses adopted by the Commission in accordance with the examination procedure under Article 93 (2) GDPR.

Currently, in the context of pre-contractual measures and in connection with the conclusion and performance of a contract, data transfers to countries outside the EU and the European Economic Area ("Third Countries") take place in the following cases:

  • In the course of our global sales, marketing and support services, our customer relationship management or in the course of using our central IT services, we transfer data to affiliated companies within the commercetools Group located outside the EU/EEA. You can find a list of commercetools Group companies here.

  • By using third-party providers, data is transmitted to the following service providers in the USA:

    • Salesforce Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA (CRM system)

    • Outreach Corporation, 333 Elliott Ave W #500 Seattle, WA 98119, USA (Sales Engagement Platform)

    • Medallia, Inc., 575 Market St., Suite 1850, San Francisco, CA 94105, USA (CRM system Strikedeck)

    • Google, Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043 , USA (Cloud Platform)

    • HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (Marketing System)

Further information about the third-party services we use:

Salesforce

We use the CRM system of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany, a subsidiary of salesforce.com, Inc. the Landmark at One Market, Suite 300, San Francisco, CA 94105, USA ("Salesforce"), to process personal data related to sales (name, contact information, company, job title, and other information) to track inquiries and sales to our customers or prospective customers. We also use Salesforce to collect information for sales and marketing purposes, to make communications with customers relevant and to understand the performance of our marketing campaigns.

For this purpose, we have concluded a Data Processing Agreement (DPA) with Salesforce. Therefore, the information about you will be processed according to our instructions. We have agreed the European Commission's Standard Contractual Clauses with Salesforce in connection with this.

Outreach

The service providers we use to optimize our relationship with potential customers include Outreach, a customer engagement platform provided by Outreach Corporation, 333 Elliott Ave W #500 Seattle, WA 98119. We have entered into a Data Processing Agreement (DPA) with Outreach. Therefore, information about you will be processed in accordance with our instructions. In addition, we have also agreed to the European Commission's Standard Contractual Clauses with Outreach in connection with this.

More information about Outreach's data security and privacy policies can be found here and here.

Strikedeck

We use the CRM system of Strikedeck (a Medallia company) located at Medallia, Inc., 575 Market St., Suite 1850, San Francisco, CA 94105, USA ("Strikedeck") to process personal data related to our customer relationship with you (name, contact information, company, job title and others). For this purpose, we have entered into a Data Processing Agreement (DPA) with Strikedeck. Therefore, the information about you will be processed according to our instructions. We have also entered into the European Commission's Standard Contractual Clauses with Strikedeck in connection with this.

For more information about Strikedeck's data security and privacy policies, click here and here.

Google

We use the cloud-system of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043 , USA ("Google") to process personal data related to our customer relationship with you (name, contact information, company, job title and others). For this purpose, we have entered into a Data Processing Agreement (DPA) with Google. Therefore, the information about you will be processed according to our instructions. We have also entered into the European Commission's Standard Contractual Clauses with Google in connection with this.

For more information about Google's data security and privacy policies, click here.

HubSpot

We use the application of HubSpot, Inc. mit Sitz in 25 First Street, 2nd Floor, Cambridge, MA 02141, USA ("HubSpot") to process personal data related to our customer relationship with you (name, contact information, company, job title and others). For this purpose, we have entered into a Data Processing Agreement (DPA) with HubSpot. Therefore, the information about you will be processed according to our instructions. We have also entered into the European Commission's Standard Contractual Clauses with HubSpot in connection with this.

For more information about HubSpot's data security and privacy policies, click here.

5. Recipients of data and data sources

5.1 Categories of recipients of the personal data

In order to process personal data for the purposes mentioned here, we use the following categories of recipients as processors pursuant to Art. 28 GDPR:

  • Service provider for hosting and operation of the online video conferencing system and the software for remote maintenance for technical customer support

  • Service provider for hosting servers for the provision of web-based services

  • Service provider for operation of e-mail servers

  • Software service provider, e.g. for CRM systems (Salesforce, Strikedeck, Outreach) 

Other recipients who are not processors:

  • Financial institutions and providers of payment services for settlements as well as processing of payments

  • Lawyers for the defense and enforcement of claims

  • Tax consultant for financial accounting and preparation of balance sheets

  • Debt collection service providers and competent courts in order to collect receivables and enforce claims in court. If personal data (customer and contact data, payment data and data on the claim) is transferred to a debt collection service provider in the event of collection, we will inform you in advance of the intended transfer.

  • Affiliated commercetools Group companies: As a global company, we also share your information with affiliated companies within the commercetools Group. You can find a list of commercetools Group companies here.

In addition, we will only disclose your personal data to third parties if you have given your express prior consent. You have the right to withdraw your consent at any time with effect for the future.

Your data will also be passed on if we are legally obliged to do so.

5.2 Data sources

We process personal data that we have received from prospective customers and customers in the course of our business relationships.

Insofar as it is necessary for the provision of our service, we process personal data that we permissibly obtain from publicly accessible sources (debtor directories, land registers, commercial and association registers, press, Internet) or that we are legitimately provided with by other third parties (a credit agency or an address service provider).

6. Period for which the personal data will be stored or criteria used to determine that period

Personal data will only be stored as long as necessary to fulfill the purposes mentioned here or as required by the retention periods specified by law.

We delete data from inquiries about our products and services in accordance with the statutory retention obligations, which arise primarily from commercial and tax law (in particular §§ 147 AO and 257 HGB).

We store your data for the period of the existing contract and after termination of the contract with you for a period until receipt of the tax assessment notice for the year in which the contract was terminated. In the event that the notice is not final, the data will be stored until the completion of the complete company audit. In addition, we store your data for the duration of the settlement of legal disputes and the assertion, exercise or defense of legal claims. If there are statutory retention periods, we are obliged to store the data until these periods expire. After expiry of the statutory retention periods, which result primarily from commercial and tax law (in particular §§ 147 AO and 257 HGB), we delete this data again.

We store your data for advertising purposes until you object to its use, you withdraw your consent or the use is no longer permitted by law. We store your other data for as long as we need it to fulfill the specific purpose (e.g. to fulfill or process a contract) and delete it after the purpose no longer exists.

7. Security

commercetools takes appropriate technical and organizational measures (TOM) to protect personal data from loss, destruction, manipulation and unauthorized access.

Information about our security measures can be found here.

V. Privacy policy for our suppliers and business partners

The following information is to be provided pursuant to Art. 13 et seq. GDPR where personal data are collected from our suppliers and service providers commissioned by us.

1. Purposes for which the personal data are processed as well as the legal basis for the processing

Implementation and execution of our business relationship with suppliers and business partners (Art. 6 (1) lit. f GDPR)

In order to be able to carry out and maintain the business relationship with suppliers or business partners, in particular to carry out contract preparation and fulfillment, provide communication channels, deliver goods and carry out pre-contractual measures, we and any third parties or processors, process the following data from the supplier or business partner:

  • Contact information of the contact person and, if applicable, other employees at the supplier or business partner's company

    • First name and surname

    • Business address

    • Business phone number

    • Business mobile phone number

    • Business fax number

    • Business email address

  • Payment data, such as information required to process payment transactions or prevent fraud

  • Further information whose processing is required in the context of a project or the handling of a contractual relationship with commercetools, or which is provided voluntarily by our contacts

    • Orders placed

    • Transacted inquiries

    • Project details

  • Information collected from publicly available sources, information databases, or credit reporting agencies

The legal basis for the processing of your data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. A legitimate interests assessment was carried out and came to the conclusion that the interests of the data subjects do not outweigh our interests in the implementation of pre-contractual measures and the implementation and fulfillment of supplier and business partner contracts. We have a legitimate interest in the initiation, implementation and settlement of the business relationship with our suppliers and business partners, for which the processing of the above mentioned data is necessary.

2. Obligation to provide the data

The provision of the data specified in section 1 is mandatory. If you do not provide us with this information a business relationship or a contract with us would not be possible.

3. Automated decision making including profiling

Automated individual decision making including profiling according to Art. 22 (1) and (4) GDPR do not take place on the part of commercetools GmbH.

4. Data transfer to a third country

Data transfers to countries outside the EU and the European Economic Area ("Third Countries") arise, for example, in the context of the administration, development and operation of IT systems. The transfer takes place only on the basis:

  • of an adequacy decision of the European Commission according to Art. 45 GDPR.

  • of an approved certification mechanism pursuant to Art. 42 GDPR together with legally binding and enforceable obligations of the controller or processor in the third country.

  • of standard data protection clauses adopted by the Commission in accordance with the examination procedure under Article 93 (2) GDPR.

Currently, in the context of pre-contractual measures and in connection with the conclusion and performance of a contract with suppliers and business partners, data transfer to countries outside the EU and the European Economic Area ("Third Countries") takes place in the following cases:

  • In the course of our global sales, marketing and support services, our customer relationship management or in the course of using our central IT services, we transfer data to affiliated companies within the commercetools Group located outside the EU/EEA. You can find a list of commercetools Group companies here.

5. Recipients of data and data sources

5.1 Categories of recipients of the personal data

In order to process personal data for the purposes mentioned here, we use the following categories of recipients as processors pursuant to Art. 28 GDPR:

  • Service provider for hosting servers for the provision of web-based services

  • Service provider for operation of e-mail servers

  • Software service provider e.g. for sales, marketing and support services

Other recipients who are not processors:

  • Financial institutions and providers of payment services for billings as well as processing of payments

  • Lawyers for the defense and enforcement of claims

  • Tax consultants for financial accounting and preparation of balance sheets

  • Credit bureaus and scoring providers for credit reports, for assessing the risk of default

  • Affiliated commercetools Group companies: As a global company, we also share your information with affiliated companies within the commercetools Group. You can find a list of commercetools Group companies here.

In addition, we will only disclose your personal data to third parties if you have given your express prior consent. You have the right to withdraw your consent at any time with effect for the future.

Your data will also be passed on if we are legally obliged to do so.

5.2 Data sources

We process personal data that we have received from prospective customers and customers in the course of our business relationships.

Insofar as it is necessary for the provision of our service, we process personal data that we permissibly obtain from publicly accessible sources (debtor directories, land registers, commercial and association registers, press, Internet) or that we are legitimately provided with by other third parties (a credit agency or an address service provider).

6. Period for which the personal data will be stored or criteria used to determine that period

Personal data will only be stored as long as necessary to fulfill the purposes mentioned here or as required by the retention periods specified by law.

We store your data for the period of the existing contract and after termination of the contract with you, for a period until the completion of the tax audit of the last calendar year in which you were our supplier or business partner. In addition, we store your data for the duration of the settlement of legal disputes and the assertion, exercise or defense of legal claims. If there are statutory retention periods, we are obliged to store the data until the expiry of these periods. After expiry of the statutory retention periods, which result primarily from commercial and tax law (in particular §§ 147 AO and 257 HGB), we delete this data again.

VI. Privacy policy for applicants

1. Privacy notice for processing in connection with an access of our career portal at https://boards.greenhouse.io/commercetools

The following information is to be provided pursuant to Art. 13 et seq. GDPR when collecting personal data on https://boards.greenhouse.io/commercetools (hereinafter "career portal").

Note: If you are interested in one of the job offers on our career site (https://commercetools.com/de/karriere/jobs) and therefore click on it, you will automatically be redirected to a (sub-) domain of our service provider Greenhouse. Greenhouse provides our career portal, which you can use to apply for a job with us (for more information on the service provider Greenhouse, see section 1.3.).

1.1 Processing of access data

For technical reasons, a limited amount of data (so-called connection data) is processed each time you access the Greenhouse career portal. These data (so-called log files) are technically necessary to establish and execute a connection between your terminal device and the servers of our career portal. The data is processed in the main memory of the web server for the duration of the connection:

The following data or data categories are collected:

  • IP address

  • Source port of the calling device or a gateway (e.g. firewall or proxy).

  • Timestamp (date and time) of the retrieval

  • Amount of data transferred

  • Message whether the retrieval was successful (by means of HTTP error code)

  • Message why a retrieval failed, if applicable (using HTTP error code).

  • Referer (web page from which calls were made to our main page or sub-pages)

  • User agent (type of browser you use to access our website and its version)

  • Display screen width and height

  • Language settings of your browser

The IP address, timestamp, HTTP error code, referer and user agent are automatically logged when the career portal is called up in order to ensure the functionality and protection of the website. Furthermore, the logs serve to optimize the website. A creation of user profiles with personal reference is not possible with this data.

The processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.  A legitimate interests assessment was carried out and came to the conclusion that the processing operations are necessary to protect our legitimate interests in providing and optimizing the content and informational functions of the career portal accessed by you in a user-friendly manner and in ensuring the security of the IT infrastructure used to provide the career portal and that these interests outweigh your interests, fundamental rights and freedoms that require the protection of personal data.

1.2 Cookies and related technologies

Greenhouse sometimes uses so-called cookies and related technologies (e.g. scripts) on the career portal. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make the offer more user-friendly, effective and secure. Cookies are small text files that are stored on your terminal device and saved by your browser, for example, to "remember" information about you, such as your language settings or login information.

Since these cookies are not set by us, they are so-called third-party cookies. These originate from a domain other than that of the commercetools website you originally visited. These cookies can be set either directly by the service provider Greenhouse or by another third-party provider (e.g. Google).

An overview of all third-party services integrated on the career portal, as well as detailed information on each of these services, can be found below under section 1.3.

1.3 Privacy notices for all third-party providers on our career portal

1.3.1 Privacy notice on the use of Greenhouse

So that we can offer you the best possible services during an application process, we use the Greenhouse recruiting tool. Our career portal is therefore technically implemented overall via the service provider Greenhouse Software Inc. (110 Fifth Avenue, 3d Fl., New York, NY 10011 USA), which processes your data on our behalf as a processor pursuant to Art. 28 GDPR. For this purpose, we have entered into a Data Processing Agreement (DPA) with Greenhouse. Therefore, the information about you will be processed according to our instructions. We have also agreed the European Commission's Standard Contractual Clauses with Greenhouse in connection with this.

Your personal data will be transferred to Greenhouse Software Inc. 110 Fifth Avenue, 3d Fl., New York, NY 10011 USA for the purposes of this processing.

You can find detailed information about data protection and data security at Greenhouse under the following links:

https://www.greenhouse.io/privacy-policy 

https://www.greenhouse.io/security-and-performance

1.3.2 Privacy notice on the use of Google reCaptcha

On our career portal, the reCAPTCHA function of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") is implemented. This function is primarily used to distinguish whether an entry is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in determining individual ownership on the Internet and the prevention of abuse and spam. In the context of the use of Google reCAPTCHA, there may also be a transmission of personal data to the servers of Google LLC. in the USA.

For more information about Google reCAPTCHA, please visit https://www.google.com/intl/de/policies/privacy/.

2. Privacy notice for processing in connection with the recruiting process by submitting an application

2.1 EU/EEA/German Applicants

2.1.1 Personal data we use regarding the recruiting process

In order to carry out the recruiting process we process personal data that is necessary for this purpose. In this regard, the personal data may consist of the following:

  • Personal master data (e.g. first name, surname, title, address, birthday, phone number, e-mail, location, social security number, tax code)

  • Job / application related data (e.g. position applied to, cover letter, qualifications, certifications, former activities, certificates of employment, interview protocols)

  • Communications data (e.g. e-mails, IP-address, login-data)

  • Special categories (e.g. health data)

2.1.2 Sources from where we collect personal data

We collect personal data from you during the application process.

2.1.3 Purpose for processing personal data

We process personal data from you for the purpose to carry out the recruiting process. In this context, if located in Germany, personal data may be processed that is necessary for the decision to enter into an employment relationship with you, pursuant to § 26 sec. 1 Bundesdatenschutzgesetz (BDSG).

Moreover, we may process personal data from you in relation to the recruiting process that you are providing to us based on a voluntary consent, pursuant to Article 6 sec. 1 lit. a General Data Protection Regulation (GDPR), § 26 sec. 2 BDSG (§ 26 sec. 2 BDSG if located in Germany). This can be in particular the case regarding the integration of your personal data in respect of our talent pool. Furthermore, we may process special categories of personal data from you in relation to the recruiting process that you are providing to us based on a voluntary explicit consent, pursuant to Article 9 sec. 2 lit. a GDPR. You can revoke this declaration of consent at any time without giving reasons, with effect for the future. Please send your revocation by email to jobs@commercetools.de in order to exercise your revocation right. From the receipt of your revocation declaration, we will process your personal data no longer than required by the provisions of law on retention of records.

2.1.4 To whom personal data will be passed on

Your personal data will be processed mainly within our human resources department. However, it can be the case that your personal data will be shared with the relevant departments, depending on the position you have applied to, within our company in order to carry out the recruiting process. Furthermore, your personal data may be passed on to certain service providers for the recruiting management, hosting and maintenance services.

2.1.5 Transfer of personal data outside the European Union and European Economic Area

We transfer personal data during the recruiting process outside the European Union (EU) and the European Economic Area (EEA). In this regard we particularly transfer personal data to the United States of America (US). There is currently no adequate decision from the EU Commission applicable for the US. Personal data that is processed outside the EU and EEA may not be covered by the same level of data protection as applicable in the EU and EEA. For this reason, we have entered into data processing agreements and the standard contractual clauses provided by the EU Commission with our service providers in countries outside the EU and EEA. In this regard, these measures provide an appropriate guarantee for the processing of your personal data outside the EU and EEA.

2.1.6 Automated decision-making, profiling

In respect of our recruiting process, we do not exercise any automated decision-making nor profiling.

2.1.7 Storage of personal data

Your personal data will be stored as long as it is necessary for the completion of the recruiting process. In principle, where no employment relationship has been established, we will store your personal data for up to six months after completion of the recruiting process due to evidence purposes in order to protect us against possible legal claims.

In cases where you revoke your declaration of consent for the processing of personal data we will stop processing your personal data from the point of your revocation and we will delete your personal data in accordance with the provisions of the applicable laws on retention of records.

2.2 UK Applicants

2.2.1 Personal data / information we use regarding the recruiting process

In order to carry out the recruiting process we process personal data / information that is necessary for this purpose. In this regard, the personal data / information may consist of the following:

  • Personal master data / information (e.g. first name, surname, title, address, birthday, phone number, e-mail, location, social security number, tax code)

  • Job / application related data / information (e.g. position applied to, cover letter, qualifications, certifications, former activities, certificates of employment, interview protocols)

  • Communications data / information (e.g. e-mails, IP-address, login-data)

  • Special categories (e.g. health data)

2.2.2 Sources from where we collect personal data / information

We collect personal data from you during the application process.

2.2.3 Purpose and legal basis for processing personal data / information

We process personal data / information from you for the purpose to carry out the recruiting process. In this context, personal data / information may be processed that is necessary for the decision to enter into an employment relationship with you. Furthermore, we process personal data / information from you that you have provided us voluntarily including your consent for us to process it. In addition, your provided personal data / information may be of particular importance to us, and we have a specific legitimate interest under law to process it or we may have a legal obligation to process it or where necessary to protect the vital interests of you or any person.

If the collection or processing is based on your consent, you may withdraw your consent at any time to the extent permitted by applicable law. Please send your revocation by email to jobs@commercetools.de in order to exercise your revocation right.

2.2.4 Use of your personal data / information

We process your personal data / information in accordance with the following:

  • Processing your application

  • Assessing your qualifications and capabilities

  • Conducting reference checks

  • Communicating with you regarding your application

  • Complying with or monitoring compliance with any applicable law or regulation

  • Enforcing our terms and conditions

  • Cooperating with law enforcements

  • Conducting background checks consistent with applicable law

If we are going to enter into an employment relationship with you, personal data / information we collect linked with your application may be incorporated into our human resources system and used to manage the onboarding process.

2.2.5 To whom personal data will be passed on

We may share personal data / information of you with our affiliates that are involved in the particular recruiting process. If your personal data / information will be shared the personal data / information will be shared on a need- to-know basis. We may also share personal data / information with approved third-party service providers to facilitate the services they provide to us, including hosting and operating our careers site and recruiting management.

2.2.6 Transfer of personal data / information outside your jurisdiction

We may transfer personal data outside your jurisdiction regarding the recruiting process. In this regard we may transfer personal data to the EU as well as US.

2.2.7 Storage of personal data / information

Your personal data will be stored as long as it is necessary for the completion of the recruiting process. In principle, where no employment relationship has been established, we will store your personal data for up to six months after completion of the recruiting process due to evidence purposes in order to protect us against possible legal claims.

In cases where you revoke your declaration of consent for the processing of personal data we will stop processing your personal data from the point of your revocation and we will delete your personal data in accordance with the provisions of the applicable laws on retention of records.

2.2.8 Your rights

You have the right at any time to exercise your rights, which include:

  • Right to information of your personal data / information

  • Right to rectification of your personal data / information

  • Right to erasure of your personal data / information

  • Right to restriction of processing of your personal data / information

  • Right to data portability of your personal data / information

  • Right to object the processing of your personal data / information

In order to enforce your rights please contact us.

2.2.9 Complaints

You also have the right to complain to your local data protection authority. In the UK this is the Information Commissioner’s Office whose contact details are accessible here: https://ico.org.uk/ and for complaints please see here: https://ico.org.uk/make-a-complaint/.

2.2.10 Information related to children

Our career site is not intended for minors in any jurisdiction. It is required that you prove you are over the age of majority in your jurisdiction regarding our recruiting process.

2.3 US Applicants

2.3.1 Personal data / information we use regarding the recruiting process

In order to carry out the recruiting process we process personal data / information that is necessary for this purpose. In this regard, the personal data / information may consist of the following:

  • Personal master data / information (e.g. first name, surname, title, address, birthday, phone number, e-mail, location, social security number, tax code)

  • Job / application related data / information (e.g. position applied to, cover letter, qualifications, certifications, former activities, certificates of employment, interview protocols)

  • Communications data / information (e.g. e-mails, IP-address, login-data)

  • Special categories (e.g. health data)

As permitted with applicable law, we may ask questions about race/ethnic origin, gender, veteran status and disability of our applicants, for the monitoring of equal employment opportunity compliance. Furthermore, we may ask about criminal records following a conditional offer of employment, where permitted by applicable law.

If you provide us with personal information of a reference or any other individual as part of your application, it is your responsibility to obtain consent from that individual prior providing the information to us. By providing that personal information, you are affirming that you have obtained such consent from the individual.

2.3.2 Sources from where we collect personal data / information

We collect personal data from you during the application process.

2.3.3 Purpose and legal basis for processing personal data / information

We process personal data / information from you for the purpose to carry out the recruiting process. In this context, personal data / information may be processed that is necessary for the decision to enter into an employment relationship with you. Furthermore, we process personal data / information from you that you have provided us voluntarily including your consent for us to process it. In addition, your provided personal data / information may be of particular importance to us, and we have a specific legitimate interest under law to process it or we may have a legal obligation to process it or where necessary to protect the vital interests of you or any person.

If the collection or processing is based on your consent, you may withdraw your consent at any time to the extent permitted by applicable law. Please send your revocation by email to jobs@commercetools.de in order to exercise your revocation right.

2.3.4 Use of your personal data / information

We process your personal data / information in accordance with the following:

  • Processing your application

  • Assessing your qualifications and capabilities

  • Conducting reference checks

  • Communicating with you regarding your application

  • Complying with or monitoring compliance with any applicable law or regulation

  • Enforcing our terms and conditions

  • Cooperating with law enforcements

  • Conducting background checks consistent with applicable law

If we are going to enter into an employment relationship with you, personal data / information we collect linked with your application may be incorporated into our human resources system and used to manage the onboarding process.

2.3.5 To whom personal data will be passed on

We may share personal data / information of you with our affiliates that are involved in the particular recruiting process. If your personal data / information will be shared the personal data / information will be shared on a need- to-know basis. We may also share personal data / information with approved third-party service providers to facilitate the services they provide to us, including hosting and operating our careers site and recruiting management.

2.3.6 Transfer of personal data / information outside your jurisdiction

We may transfer personal data / information outside your jurisdiction regarding the recruiting process. In this regard we may transfer personal data / information to the EU.

2.3.7 Storage of personal data / information

Your personal data will be stored as long as it is necessary for the completion of the recruiting process. In principle, where no employment relationship has been established, we will store your personal data for up to six months after completion of the recruiting process due to evidence purposes in order to protect us against possible legal claims.

In cases where you revoke your declaration of consent for the processing of personal data we will stop processing your personal data from the point of your revocation and we will delete your personal data in accordance with the provisions of the applicable laws on retention of records.

2.3.8 Your rights

You have the right at any time to exercise your rights, which include:

  • Right to information of your personal data / informationRight to rectification of your personal data / information

  • Right to erasure of your personal data / information

  • Right to restriction of processing of your personal data / information

  • Right to data portability of your personal data / information

  • Right to object the processing of your personal data / information

In order to enforce your rights please contact us.

2.3.9 Information related to children

Our career site is not intended for minors in any jurisdiction. It is required that you prove you are over the age of majority in your jurisdiction regarding our recruiting process.

2.4 Australian Applicants

2.4.1 Personal data / information we use regarding the recruiting process

In order to carry out the recruiting process we process personal data / information that is necessary for this purpose. In this regard, the personal data / information may consist of the following:

  • Personal master data / information (e.g. first name, surname, title, address, birthday, phone number, e-mail, location, social security number, tax code)

  • Job / application related data / information (e.g. position applied to, cover letter, qualifications, certifications, former activities, certificates of employment, interview protocols)

  • Communications data / information (e.g. e-mails, IP-address, login-data)

  • Special categories (e.g. health data)

2.4.2 Sources from where we collect personal data / information

We collect personal data from you during the recruiting process.

2.4.3 Purpose and legal basis for processing personal data / information

We process personal data / information from you for the purpose to carry out the recruiting process. In this context, personal data / information may be processed that is necessary for the decision to enter into an employment relationship with you. Furthermore, we process personal data / information from you that you have provided us voluntarily including your consent for us to process it. In addition, your provided personal data / information may be of particular importance to us, and we have a specific legitimate interest under law to process it or we may have a legal obligation to process it or where necessary to protect the vital interests of you or any person.

If the collection or processing is based on your consent, you may withdraw your consent at any time to the extent permitted by applicable law. Please send your revocation by email to jobs@commercetools.de in order to exercise your revocation right.

2.4.4 Use of your personal data / information

We process your personal data / information in accordance with the following:

  • Processing your application

  • Assessing your qualifications and capabilities

  • Conducting reference checks

  • Communicating with you regarding your application

  • Complying with or monitoring compliance with any applicable law or regulation

  • Enforcing our terms and conditions

  • Cooperating with law enforcements

  • Conducting background checks consistent with applicable law

If we are going to enter into an employment relationship with you, personal data / information we collect linked with your application may be incorporated into our human resources system and used to manage the onboarding process.

2.4.5 To whom personal data will be passed on

We may share personal data / information of you with our affiliates that are involved in the particular recruiting process. If your personal data / information will be shared the personal data / information will be shared on a need- to-know basis. We may also share personal data / information with approved third-party service providers to facilitate the services they provide to us, including hosting and operating our careers site and recruiting management.

2.4.6 Transfer of personal data / information outside your jurisdiction

We may transfer personal data / information outside your jurisdiction regarding the recruiting process. In this regard we may transfer personal data / information to the EU.

2.4.7 Storage of personal data / information

Your personal data will be stored as long as it is necessary for the completion of the recruiting process. In principle, where no employment relationship has been established, we will store your personal data for up to six months after completion of the recruiting process due to evidence purposes in order to protect us against possible legal claims.

In cases where you revoke your declaration of consent for the processing of personal data we will stop processing your personal data from the point of your revocation and we will delete your personal data in accordance with the provisions of the applicable laws on retention of records.

2.4.8 Your rights

You have the right at any time to exercise your rights, which include:

  • Right to access your personal data / information

  • Right to have your personal data / information being corrected

  • Right to withdraw your consent for processing your personal data / information

In order to enforce your rights please contact us.

2.4.9 Complaints

If you think your personal data / information has been mishandled you can contact us at any time and we will review your complain and, if appropriate, we will act accordingly in order to stop / correct the mishandling.

2.4.10 Information related to children

Our career site is not intended for minors in any jurisdiction. It is required that you prove you are over the age of majority in your jurisdiction regarding our recruiting process.

2.5 Singapore Applicants

2.5.1 Personal data / information we use regarding the recruiting process

In order to carry out the recruiting process we process personal data / information that is necessary for this purpose. In this regard, the personal data / information may consist of the following:

  • Personal master data / information (e.g. first name, surname, title, address, birthday, phone number, e-mail, location, social security number, tax code)

  • Job / application related data / information (e.g. position applied to, cover letter, qualifications, certifications, former activities, certificates of employment, interview protocols)

  • Communications data / information (e.g. e-mails, IP-address, login-data)

  • Special categories (e.g. health data)

2.5.2 Sources from where we collect personal data / information

We collect personal data from you during the recruiting process.

2.5.3 Purpose and legal basis for processing personal data / information

We process personal data / information from you for the purpose to carry out the recruiting process. In this context, personal data / information may be processed that is necessary for the decision to enter into an employment relationship with you. Furthermore, we process personal data / information from you that you have provided us voluntarily including your consent for us to process it.

If the collection or processing is based on your consent, you may withdraw your consent at any time to the extent permitted by applicable law. Please send your revocation by email to jobs@commercetools.de in order to exercise your revocation right.

2.5.4 Use of your personal data / information

We process your personal data / information in accordance with the following:

  • Processing your application

  • Assessing your qualifications and capabilitiesConducting reference checks

  • Communicating with you regarding your application

  • Complying with or monitoring compliance with any applicable law or regulation

  • Enforcing our terms and conditions

  • Cooperating with law enforcements

  • Conducting background checks consistent with applicable law

If we are going to enter into an employment relationship with you, personal data / information we collect linked with your application may be incorporated into our human resources system and used to manage the onboarding process.

2.5.5 To whom personal data will be passed on

We may share personal data / information of you with our affiliates that are involved in the particular recruiting process. If your personal data / information will be shared the personal data / information will be shared on a need- to-know basis. We may also share personal data / information with approved third-party service providers to facilitate the services they provide to us, including hosting and operating our careers site and recruiting management.

2.5.6 Transfer of personal data / information outside your jurisdiction

We may transfer personal data / information outside your jurisdiction regarding the recruiting process. In this regard we may transfer personal data / information to the EU.

2.5.7 Storage of personal data / information

Your personal data will be stored as long as it is necessary for the completion of the recruiting process. In principle, where no employment relationship has been established, we will store your personal data for up to six months after completion of the recruiting process due to evidence purposes in order to protect us against possible legal claims.

In cases where you revoke your declaration of consent for the processing of personal data we will stop processing your personal data from the point of your revocation and we will delete your personal data in accordance with the provisions of the applicable laws on retention of records.

2.5.8 Your rights

You have the right at any time to exercise your rights, which include:

  • Right to access your personal data / information

  • Right to have your personal data / information being corrected

  • Right to withdraw your consent for processing your personal data / information

In order to enforce your rights please contact us.

2.5.9 Complaints

If you think your personal data / information has been mishandled you can contact us at any time and we will review your complain and, if appropriate, we will act accordingly in order to stop / correct the mishandling.

2.5.10 Information related to children

Our career site is not intended for minors in any jurisdiction. It is required that you prove you are over the age of majority in your jurisdiction regarding our recruiting process.

VII. Information on your data subject rights

1. Data subject rights according to Chapter III of the GDPR

You have the right to request from us access to personal data (Art. 15 GDPR) and the rectification of inaccurate personal data (Art. 16 GDPR). Furthermore, you have the right to obtain the erasure of personal data (Art. 17 GDPR) concerning your person, the right to restriction of processing (Art. 18 GDPR) and the right to receive (Art. 20 GDPR) the personal data provided to us by you, in a structured, commonly used and machine-readable format.

In addition, you have the right to object at any time to the use of your data based on public or legitimate interests (Art. 21 GDPR).

Where the processing is based on your given consent you can withdraw the consent (Art. 7 Sec. 3 GDPR) at any time. Upon receipt of your withdrawal of consent, we will no longer use or process the data concerned for purposes mentioned in your consent.

If you wish to exercise your data subject rights, please send your request by e-mail to privacy@commercetools.com or by mail to the address mentioned in chapter I (Name and contact details of the controller).

2. Rights under the California Consumer Privacy Act (CCPA)

If you live in California and have a business relationship with us, in addition to any other rights provided herein, you may request a list of the third parties to whom we have disclosed information about you for their marketing purposes. You may make such a request once per year. To exercise your rights, you may email us at privacy@commercetools.com or write to us at the address provided here. We will respond to you within 30 days.

You may also request that we provide you with an accounting of your personal data held by commercetools. You may also request that commercetools delete your personal data. You may also make such requests to privacy@commercetools.com. Upon verification of your identity and within 45 days, we will provide you with a paper copy of your personal information via the United States Postal Service.

commercetools will not discriminate against any end user who exercises his or her rights under the California Consumer Privacy Act. commercetools does not sell your personal information as those terms are defined in the California Consumer Privacy Act.

3. Right to lodge a complaint with a supervisory authority

Furthermore you have the right to lodge a complaint with a supervisory authority. The Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, P.O. Box 1349, 91504 Ansbach, e-mail: poststelle@lda.bayern.de, telephone: +49 (0) 981 180093-0, is generally responsible for us.

Alternatively, you can approach the supervisory authority that is locally responsible for you.

 

Effective Date: March 2022

This Privacy Policy is subject to ongoing review and commercetools reserves the right to make changes at any time. Such changes will be published accordingly on this website.