Privacy Policy
Last Updated January 30, 2024
Privacy Policy – for data management on our websites and in connection with the beVisioneers: The Mercedes-Benz Fellowship application
1. PURPOSE OF THE POLICY
The DO School Fellowships gGmbH (Strassenbahnring 18, 20251 Hamburg, Germany, hereafter referred to as “we” or “us”) manages the personal data of those who apply to participate in beVisioneers: The Mercedes-Benz Fellowship. Additionally, as the operator of this website and of accounts on different social media platforms, we process your personal data while you use this website or our social media websites or while you use those websites to communicate or interact with us. The purpose of this Privacy Policy is to provide information on how we process your personal data and to inform you about your rights under the General Data Protection Regulation (“GDPR”).
2. THE DATA CONTROLLER’S NAME AND IT’S DATA PROTECTION OFFICER
The Controller (company mainly responsible for ensuring compliance when processing personal data) for the data processing activities described in this Privacy Policy is:
The DO School Fellowships gGmbH
Address:
Straßenbahnring 18,
20251 Hamburg / Germany
Represented by: Florian Hoffmann and Katherin Kirschenmann.
For any questions or comments regarding privacy, please contact our Data Protection Officer under privacy@bevisioneers.world.
In some cases, we and other companies are jointly responsible for the processing of personal data and are therefore so-called joint controllers (Art. 26 (1) Sentence 1 GDPR). Within the descriptions of the different data processing activities below, we indicate the joint controllers in case there is a joint controllership.
3. PERSONAL DATA MANAGEMENT WHEN USING THIS WEBSITE
Within this section, we inform you about different types of data processing activities occurring when you visit this website or interact with our website or provide data to us on the website.
3.1 Logfiles
When you visit our web pages, you transmit data (so called logfiles) to web servers (out of technical necessity) via your internet browser. The following data is processed during a connection for communication between your Internet browser and servers used for websites:
- date and time of the request;
- name of the requested file;
- page from which the file was requested;
- access status;
- web browser;
- used operating system;
- IP address;
- amount of data transferred.
For technical security reasons, especially to defend us against attempted attacks on servers, we store this data for 14 days. In case we find a suspicious activity, we will store the data longer and at least until the suspicion has been fully assessed. The data processing of logfiles is based on our legitimate interests (Art. 6 (1) f GDPR) in processing the technical necessary data and using it for detecting suspicious activities on our website and for the establishment, exercise or defense of legal claims in case we do indeed detect a suspicious activity. We also process logfiles to fulfill our obligation to ensure an appropriate level of security for the data processing (Art. 6 (1) c GDPR in conjunction with Art. 32 (1) GDPR).
3.2 Contact with us
On our website, you are provided with different options to contact us. When you contact us, we will process the data part of your communication for answering to your question or request. This data processing is either based on pre-contractual necessity in terms of Art. 6 (1) b GDPR (in case your request is aimed at concluding a contract with us in the future) or on our legitimate interest (Art. 6 (1) f GDPR) in answering your questions and request and using the data needed for this. Mandatory fields in contact forms are marked as such via a “*”.
In line with German legal retention periods, we will store communication with you for 6 years if the communication is a so-called “business letter”. This is based on our obligation to retain business letters for 6 years (Art. 6 (1) c GDPR in conjunction with Sec. 147 German Federal Tax Code and Sec. 257 German Federal Commercial Code). In other cases, we store the communication until it is no longer needed for managing our relationship with you. 3.3 Our newsletter
On our website, you may sign up for our newsletter. In case you sign up, we will use the data provided by you for sending you newsletters based on your consent (Art. 6 (1) a GDPR and Sec. 7 German Federal Act Against Unfair Competition). Based on your consent, we also analyze your use of the newsletter (if you opened it or not and if you clicked on links in the newsletter e.g.) to improve the newsletter and better understand how you are using our newsletter. We will keep using the data to send you newsletters and analyze your use of our newsletters until you revoke your consent. After you signed up for the newsletter on our website, we will send you an email with a request to confirm that you which to receive the newsletter. After you click on “subscribe me to the list”, we will start sending you newsletters and start analyzing your usage of the newsletter.
For sending newsletters, we cooperate with our service provider HubSpot, Inc. (25 First Street, Cambridge, MA 02141, USA, “HubSpot”) which is a recipient of the personal data processed in connection with the newsletter. Since HubSpot is located in the USA, data transfers to the USA occur. Those data transfers are based on the adequacy decision of the European Commission and the self-certification under the Data privacy Framework of HubSpot (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active).
3.4 Posting comments and sharing information
On our website, we have different information sections. For example, we show interviews we did and share insights on our mentors and fellows. As a visitor of our website, you are invited to comment the information shown to you in different sections of the website. When you are providing us a comment, we will afterwards publish your name provided and comment underneath the relevant information section on which you commented. Publishing your comment is based on our legitimate interests (Art. 6 (1) f GDPR) in sharing your comments with our community and other website visitors if you decide to provide a comment. If you no longer want your comment to be shown, please reach out to us via email to info@bevisioneers.world.
If you like, you may also share the information shown on our website on different social media websites. To make this easier, we provide buttons on our website. After clicking on one of those buttons, you are redirected to the relevant social media platform. Please note that providers of social media platforms will receive information on your visit of our website and content that you are sharing when you are using the share buttons. For further details, please have a look at the privacy policy of the provider of the relevant social media platform that you are sharing content on.
4. OUR SOCIAL MEDIA WEBSITES
We have websites on different social media platforms. When you visit such websites or interact with the website or reach out to us while using a social media platform, we and the operator of the respective social media platform process personal data regarding you. In this section, we inform you about the relevant data processing and the responsibilities of social media platform operators and our responsibilities per social media platform separately. For some data processing activities, we and the operator of a social media platform are joint responsible for the processing of personal data (Art. 26 (1) Sentence 1 GDPR). Further details are indicated per website and social media platform separately below.
4.1 Our LinkedIn account
We have a website, which is operated on the platform of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland hereinafter “LinkedIn”), in order to present ourselves as a company and, for example, to get in touch with applicants and interested parties. To be able to offer our website on the LinkedIn platform, we use the technical platform and services of LinkedIn. For some types of data processing activities, we and LinkedIn are both jointly responsible under data protection laws (see under “Joint controllership between us and LinkedIn”). Other data processing we inform you about occurs solely under our responsibility (see under “Data processing by us under our own responsibility”).
The data collected about you will be processed by LinkedIn and transferred by LinkedIn to countries outside the EU and the EEA. LinkedIn provides information about how data is transferred by LinkedIn from the EU, the EEA and Switzerland and the United Kingdom at the following URL and there also mentions its certification under the Data Privacy Framework: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de. Data transfers to the U.S. are based on LinkedIn’s adequacy decision and certification under the Data Privacy Framework and on the Standard Contractual Clauses concluded with LinkedIn as part of the data protection agreement, which can be accessed at the following URL: https://www.linkedin.com/legal/l/dpa.
Joint controllership between us and LinkedIn (“Page Insights”)
Together with LinkedIn, we are jointly responsible for the processing of so-called “Insights data” in accordance with Art. 26 (1) Sentence 1 GDPR, insofar as such data is used for the creation of so-called “Page Insights”. LinkedIn and we have concluded an agreement as part of our joint controllership, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum (so-called “Page Insights Joint Controller Addendum”). The agreement relates to such data processing that is done in connection with a visit to or interaction with our LinkedIn page, but only insofar as this data is also (subsequently) processed for “Page Insights”. “Page Insights” include analysis services that help us to better understand interactions with our pages. The purpose of data processing is to compile aggregated statistics for us as the webpage operator.
When you visit our LinkedIn page, follow us or interact with our LinkedIn page in any way, LinkedIn uses information about this to create “Page Insights”. Furthermore, information from your LinkedIn profile (position in the company, country, industry, professional experience, company size, employment status) is also used for “Page Insights”. LinkedIn informs you under “2.8 Insights That Do Not Identify You” in LinkedIn’s privacy policy, which you can access here: https://www.linkedin.com/legal/privacy-policy. When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is stored on your device.
The processing of the data of visitors of our LinkedIn page is done to provide this page and to statistically evaluate the use of our page. This evaluation is anonymized for us. The legal basis for data processing is Art. 6 (1) f GDPR. The legitimate interests with regard to the processing of personal data when visiting our LinkedIn page and the creation of “Page Insights” are: communication and interaction with interested parties and applicants; dissemination of information on us as a company and our vacancies; anonymized evaluation and presentation of the use of the LinkedIn page in aggregate statistics.
LinkedIn assumes responsibility for the provision of “Page Insights” in accordance with the requirements of the GDPR and fulfills all applicable obligations under the GDPR with regard to the processing of data for the creation of “Page Insights”. This means including (but is not limited to) Art. 12 to Art. 22 GDPR and Art. 32 to Art. 34 GDPR. In particular, LinkedIn ensures that you are informed about the data processed and supports you in exercising your rights as a data subject. If you wish to exercise a data subject right to which you are entitled under the GDPR, we would like to point out that it would certainly be more effective for you to contact LinkedIn directly. Should you nevertheless require assistance, please do not hesitate to contact us. The respective responsibilities, in particular with regard to the protection of data subject rights, between us and LinkedIn can be found in the “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum).
LinkedIn provides you with more details on exercising these rights under “5.5 Contact information” in LinkedIn’s privacy policy, which is available at the following URL: https://www.linkedin.com/legal/privacy-policy.
Data processing by us under our own responsibility
In addition, we are solely responsible for certain data processing on our LinkedIn page. This is the case when our employees communicate with LinkedIn users. We process the following personal data: profile name and data provided by the user in the conversation history and data visible in the LinkedIn profile, e.g. for processing inquiries.
The processing is carried out for the purpose of answering your inquiries, communicating with you and publishing information about available job offers, products and services from us. The legal basis for processing is, on the one hand, Art. 6 (1) b GDPR if a contract with the LinkedIn user is initiated (e.g. an employment contract or the start of an application process) or such a contract is concluded. In other cases, on the other hand, the legal basis is Art. 6 (1) f GDPR. The legitimate interest consists in the effective provision of information to LinkedIn users, applicants and interested parties and communication with these persons.
4.2 Our Facebook and Instagram accounts
We operate a so-called fan page on Facebook and have a website on the “Instagram” platform. These are both websites that are offered on the platforms of Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, “Facebook”). We operate these two websites to present ourselves as a company and, for example, to get in touch with interested parties and participants of our beVisioneers: The Mercedes-Benz Fellowship. To offer the websites on the Facebook and Instagram platforms, we use different services provided by Facebook. For some types of data processing activities, we and Facebook are both jointly responsible under data protection laws (see under “Joint controllership between us and Facebook”). Other data processing we inform you about occurs solely under our responsibility (see under “Data processing by us under our own responsibility”).
The data collected about you will be processed by Facebook and transferred by Facebook to countries outside the European Economic Area on the basis of the adequacy decision for the USA and Facebook’s certification under the Data Privacy Framework. The certification of Meta Platforms, Inc. is available at the following URL: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active. Facebook describes in general terms what information it receives, how it is used and how data is transferred in its data policy. There you will also find information on how to contact Facebook and on the settings options for advertisements. Facebook’s data policy, which covers for both the Facebook platform and the Instagram platform, is available at the following link: https://www.facebook.com/about/privacy.
Joint controllership between us and Facebook
Together with Facebook, we are jointly responsible for the processing of so-called “Insights data” in accordance with Art. 26 (1) Sentence 1 GDPR, insofar as this data is used for the creation of so-called “Page Insights”. We and Facebook have concluded an agreement as part of our joint controllership, which can be accessed at the following URL: https://www.facebook.com/legal/terms/page_controller_addendum (so-called “Page Insights Addendum”). The agreement relates to data processing that is done in connection with a visit to or interaction with our Facebook or Instagram page, but only insofar as this data is also (subsequently) processed for “Page Insights”. “Page Insights” include analysis services that help us to better understand your interactions with our pages. The purpose of the data processing is to create aggregated statistics that Facebook makes available to us in aggregated and anonymized form. Facebook provides more information on the processing of “Page Insights” at the following link: https://de-de.facebook.com/help/pages/insights.
The “Information on data for “Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data) lists the data that is collected and used to create “Page Insights”. Basically, this is data that is processed in connection with actions you have taken or that relates to your device or your specific use of a service provided by Facebook. The processing of visitor data is carried out to provide the websites on both platforms and to statistically evaluate the use of our pages. The legal basis for data processing is Art. 6 (1) f GDPR. The legitimate interests with regard to the processing of personal data when visiting our pages and the creation of “Page Insights” are: communication and interaction with interested parties and fellows; dissemination of information about us; anonymized evaluation and presentation of the use of the fan page and Instagram page.
If you wish to exercise a data subject right to which you are entitled under the GDPR, we would like to point out that it would certainly be more effective for you to contact Facebook directly. If you still need help, please do not hesitate to contact us.
The respective responsibilities, in particular with regard to the protection of data subjects’ rights, between us and Facebook can be found in the Page Insights supplement (https://www.facebook.com/legal/terms/page_controller_addendum). Facebook assumes primary responsibility for fulfilling the GDPR obligations for the joint processing of “Insights data”. This includes the fulfillment of the following data subject rights:
- the right of access (Art. 15 GDPR);
- the right to erasure (Art. 17 GDPR);
- the right to restriction of processing (Art. 18 GDPR);
- the right to data portability (Art. 20 GDPR); and
- the right to object (Art. 21 GDPR).
Facebook provides more details on exercising these rights in the “Information on Page Insights data”: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Data processing by us under our own responsibility
We are also solely responsible for certain data processing on the Facebook fan page and Instagram page. This is the case when our employees communicate with Facebook or Instagram users. We process the following personal data: profile name and data provided by the user in the course of the conversation, e.g. to process inquiries.
The processing is carried out for the purpose of answering your inquiries, communicating with you and publishing information about our company. The legal basis for processing is Art. 6 (1) f GDPR. The legitimate interest consists in the effective provision of information to Facebook and Instagram users and interested parties and communication with these persons.
4.3 Our TikTok account
We have an account on TikTok, which is a platform provided by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) and TikTok Information Technologies UK Limited (Kaleidoscope, 4 Lindsey St, Barbican, London EC1A 9HP, United Kingdom) which are both hereinafter jointly referred to as “TikTok” and which are joint controllers for some of the processing of personal data when you visit our TikTok account or view videos posted by us.
We process personal data when you follow our account, like a video or otherwise interact with our account or content posted. We use the platform provided by TikTok to provide content on our fellowship and to inform about activities of our company and to receive statistics on how our content is consumed and how users on TikTok interact with our content and account. TikTok analyzes your usage of our content and interactions with our accounts and videos and provides to us anonymized and aggregated statistics (number of new followers, demographic data such as gender and country). We use such statistics to get a better picture on how users of TikTok use our content and to optimize our content and marketing activities with TikTok. The data processing is based on our legitimate interest (Art. 6 (1) f GDPR) in providing content on the TikTok platform and receiving aggregated and anonymized statistics on the usage of our account and content.
If you contact us using a function on the TikTok platform, we also process your profile name and other data part of the communication. Such data is used to communicate with you and answer questions or request. The data processing is based on our legitimate interest (Art. 6 (1) f GDPR) in communication with you and using the data needed to answer questions or requests.
We only store data that is kept in our TikTok account. How long we will retain such data, depends on the context and purpose of the data processing by us. As a general rule, we will delete data as soon as it I s no longer required for the purposes of processing pursued by us.
Within TikTok’s privacy policy, you can find more information on the data processing done by TikTok. The privacy policy is available under the following URL: https://www.tiktok.com/legal/page/eea/privacy-policy/en. Within this privacy policy and there under the headline “Our Global Operations and Data Transfers” you can find more information on how TikTok shares personal data relating to you and how data is transferred to third countries. Your settings with regard to personalized advertisement can be adjusted by you under the following URL: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data. You can submit any request relating to data protection to TikTok under the following URL: https://privacytiktok.zendesk.com/hc/en-us/requests/new. You may also use this form to request copies of Standard Contractual Clauses entered into by TikTok and service providers of TikTok located in third countries without an adequacy decision oof the European Commission.
If you wish to exercise one of your data subject’s rights, it is certainly more promising to contact TikTok directly. TikTok has access to all the relevant data. If you still need our help, feel free to reach out to us.
4.4 Our YouTube account
We have an account on the platform YouTube, which is provided by Google. If you are accessing YouTube videos from the European Economic Area or Switzerland, the controller for the data processing is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), and in case you access a video from the UK, Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is the controller. Both companies are hereinafter referred to as “Google”.
We process personal data when you follow our account, like a video or otherwise interact with our account or content posted. We use the platform provided by Google to provide content on our fellowship and to inform about activities of our company and to receive statistics on how our content is consumed and how users on YouTube interact with our content and account. Google analyzes your usage of our content and interactions with our accounts and videos and provides to us anonymized and aggregated statistics (the number of profile or content clicks, and the viewing time of a particular video). We use such statistics to get a better picture on how users of YouTube use our content and to optimize our content and marketing activities with Google. The data processing is based on our legitimate interest (Art. 6 (1) f GDPR) in providing content on YouTube and receiving aggregated and anonymized statistics on the usage of our account and content.
If you contact us using a function on YouTube, we also process your profile name and other data part of the communication. Such data is used to communicate with you and answer questions or request. The data processing is based on our legitimate interest (Art. 6 (1) f GDPR) in communication with you and using the data needed to answer questions or requests.
We only store data that is kept in our YouTube account. How long we will retain such data, depends on the context and purpose of the data processing by us. As a general rule, we will delete data as soon as it I s no longer required for the purposes of processing pursued by us.
Within Google’s privacy policy, you can find more information on the data processing done by Google when you use YouTube services. The privacy policy is available under the following URL: https://policies.google.com/privacy?hl=en#infochoices. Within this privacy policy and there under the headline “Data transfers”, you can find more information on how Google shares personal data relating to you and how data is transferred to third countries. Data transfers to the USA take place on the basis of the adequacy decision for the USA and the self-certification of Google under the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).
Your settings with regard to data privacy can be managed under the following URL: https://myaccount.google.com/intro/privacycheckup?utm_source=pp&utm_medium=Promo-in-product&utm_campaign=pp_intro&hl=en. Within its privacy policy, Google also explains how you can exercise data subject’s rights towards Google. If you wish to exercise one of your data subject’s rights, it is certainly more promising to contact Google directly. Google has access to all the relevant data. If you still need our help, feel free to reach out to us.
4.5 Our X (formerly know as Twitter) account
We have a website on the platform “X” (formerly Twitter). X is a service offered to us by Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, “Twitter”). We use our website on the platform provided by Twitter to communicate with customers, interested parties and users active there and to inform them about our company and the fellowship.
We would like to point out that when you visit our website on the platform, personal data is processed by Twitter, among others, for market research and advertising purposes. Twitter describes in the Privacy Policy how data is processed by Twitter and how you can exercise your rights as a data subject vis-à-vis Twitter. This Privacy Policy is available at the following URL: https://twitter.com/en/privacy. Twitter also provides further information on data protection at the following URL: https://help.twitter.com/en/rules-and-policies/data-processing-legal-bases.
Twitter provides us with anonymized and aggregated user data in the form of statistical evaluations. Our legal basis with regard to this data processing is Art. 6 (1) f GDPR. Our legitimate interest consists of the effective provision of information to users of X and communication with the users and forwarding data to Twitter to obtain aggregated usage statistics. We are responsible for data processing when users contact our employees on X or otherwise engages with our website (for example, liking or sharing a tweet). We process the profile name and any data contained in the course of the conversation in order to respond to an inquiry. The processing is carried out for the purpose of answering your inquiries, interacting and communicating with you and to publish information about events, products and our company. The legal basis for processing is Art. 6 (1) f GDPR. The legitimate interest consists in the effective provision of information to users, fellows and interested parties on X and communication with these persons.
We would like to point out that in case of requests for data and the assertion of user rights, these can be asserted most effectively with Twitter. Twitter has access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us. Twitter provides information on how you can access the data Twitter processes about you at the following URL: https://help.twitter.com/en/managing-your-account/accessing-your-x-data. You can adjust your Twitter settings under the following URL: https://twitter.com/i/flow/login?redirect_after_login=%2Fsettings%2Fprivacy_and_safety.
Twitter transmits personal data to service providers who help Twitter to process personal data. Twitter provides a list of service providers at the following URL: https://privacy.twitter.com/de/subprocessors. If data is transferred to third countries through the involvement of service providers or other companies based outside the European Economic Area, Twitter has entered into Standard Contractual Clauses for international data transfers. You can request the Standard Contractual Clauses implemented by Twitter for data transfers done by Twitter at the following URL: https://help.twitter.com/forms/privacy.
5. THE APPLICATION PROCESS
One the website available under https://applications.bevisioneers.world/, you may apply to become a fellow of the beVisioneers: The Mercedes-Benz Fellowship via using the relevant form provided on the website. We are the controllers for the data processing occurring on this website and therefore mainly responsible to ensure an adequate level of data protection. However, we provide the website where you can apply for the fellowship with the help of our service provider DreamApply OÜ (Pärnu mnt 102b, 11312, Tallinn, Estonia, “DreamApply”). DreamlyApply is therefore a recipient of the data processed on the application website.
When you first enter our website, we ask you to confirm the country from which you are accessing our application website. This is done via a Cookie. When you apply to become a fellow of the beVisioneers: The Mercedes-Benz Fellowship, you are asked to answer various questions and to provide information about you and your project and other aspects relevant for evaluating your application. You are also asked to provide documents. For example, an ID document used for verifying your identity. Mandatory information to be provided by you is marked as such with “*”. Mandatory information to be provided by you is processed by us based on your pre-contractual request to enter into a fellowship contract with us (Art. 6 (1) b GDPR) and our legitimate interest (Art. 6 (1) f GDPR). There are the following legitimate interests: getting to know meaningful information about you and your project and other aspects relevant for evaluating your application and understanding your motives for your application and to verify your identity and to develop the application process in the future based on feedback from applicants.
After evaluating your application, we will reach out to you (using the contact details provided by you) and will inform you about the result of your application. We might also send you a notification reminding you that you still need to provide certain information to us to finalize your application. On the application platform, you are also requested to make and submit a video for your application.
In case you do not get accepted, we will store data provided by you within the application process for 2 years and use the data within this time frame to allow you to apply for the next program without the need to provide us all data again. Additionally, you may sooner delete your account used for your application via using the “Data protection” settings in your account on the application platform. After you have filed a deletion request, we will assess your request and delete the data necessary within one month after we have received your request.
If you are selected as a fellow, we will continue using information you provided for the management of the fellowship program. As a fellow, you enter into a fellowship contract with us. In “Annex to the Fellowship Agreement – Privacy Policy” you are provided with further information on how information from your application is used during and after your participation in the fellowship program.
6. SERVICES BASED ON COOKIES AND SIMILAR TECHNOLOGIES
Within this section, we are informing you about the processing of personal data occurring when we use service (based on your consent) to analyze your user experience (category “Statistics”) or to store preferences (category “Preferences”) or for our marketing activities (category “Marketing”). These services are based on cookies and similar technologies. For details on the use of cookies please see our Cookie Policy. In the following, we are informing you about each service used separately.
6.1 Consent management platform
The cookie banner on our website and the associated sub-pages and options to choose are integrated by us with the help of our service provider Complianz B.V. (Kalmarweg 14-5, 9723JG Groningen, The Netherlands, “Complianz”). Under applicable German laws, we are required to ask for consent for the use of cookies to the extent they are not necessary for the provider of a website to provide a website service expressly requested by a user. To request consent and store the information on consents provided and denied, we use the services offered by Complianz. With the help of this service, we store information on the options you have chosen. The processing of personal data and use of cookies is based on our obligation to ensure that we have consent for the cookie tools which are not strictly necessary to provide this website or a function explicitly requested by a website visitor (Art. 6 (1) c GDPR in conjunction with Sec. 25 German Federal Telecommunications Telemedia Data Protection Act). Additionally, the data processing is done to ensure we can fulfill our obligation to be able to demonstrate that consent was provided (Art. 6 (1) c GDPR in conjunction with Art. 7 (1) GDPR) and to pursue our legitimate interest (Art. 6 (1) f GDPR) in being able to establish, exercise and defend legal claims associated with our cookie usage on our website.
We store information on your consent provided for as long as the consent is valid and after that for 3 years to pursue our legitimate interest (Art. 6 (1) f GDPR) in being able to establish, exercise and defend legal claims associated with our cookie usage on our website. The cookies used for storing your options chosen, have a lifetime of one year.
6.2 Verifying you are not a robot (reCAPTCHA)
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, “Google”). The purpose of reCAPTCHA is to verify whether data entered on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The data processing is based on our legitimate interest (Art. 6 (1) f GDPR) in ensuring that we are not subject to automatic spam and that only real humans submit a message to us and in fulfilling our obligation to ensure an adequate level of data protection (Art. 6 (1) c GDPR in conjunction with Art. 32 (1) GDPR) when providing contact forms and other areas where website visitors my enter information. The cookies set are based on Sec. 25 (2) No. 2 German Federal Telecommunications Telemedia Data Protection Act and expire 6 months after they have been set.
Google transfers the data to the USA. Such data transfers are based on the adequacy decision of the European Commission and Google LLC.’s self-certification under the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active). We do not store any personal data connected with the use of Google reCAPTCHA, but Google does so. For more information on Google’s processing of personal data please click on the privacy policy shown in the reCAPTCHA window or visit the following URL: https://www.google.com/intl/de/policies/privacy/.
6. 3 Facebook Pixel
On our websites, with your consent (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act) provided in the cookie banner, we use the tool “Facebook Pixel”, which is provided by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, “Facebook”). We use Facebook Pixel to measure the effectiveness of the advertising ads we place on the “Facebook” platform. With the help of Facebook Pixel, we integrate marketing pixels at various points on our website that help us to recognize how website visitors use our website. We place advertisements on the “Facebook” platform and record with the help of the pixel integrated on our web pages that you have reached our website bevisioneers.world or an associated sub-page after clicking on an advertisement on the “Facebook” platform. Within our Facebook profile, we are also informed of an anonymized statistical evaluation of the use of the ads by members of the platforms.
When the Facebook Pixel is activated, your browser automatically establishes a connection with the Facebook server and your IP address is recorded. Due to our integrating the Facebook Pixel and your consent to the use of Facebook Pixel, Facebook receives the information that you have clicked on one of our ads or called up the corresponding web page of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Facebook uses the data obtained through our integration of Facebook Pixel for its own purposes. Facebook describes in general terms in its data policy what information it receives, how it is used and how data is transferred. There you will also find information on how to contact Facebook and on the setting options for advertisements. Facebook’s data policy is available at the following link: https://www.facebook.com/about/privacy.
Because we use Facebook Pixel in automatic advanced matching mode, we also share information you provide to us on our website with Facebook to optimize the effectiveness of our online tracking. For example, if you enter information like your name, email address and gender and telephone number in a webform on our website, we share this information in a hashed format with Facebook to help Facebook to better associate your website visit on our website with you. Under the following URL, Facebook provides more information on the automatic advanced matching mode: https://www.facebook.com/business/help/611774685654668?id=1205376682832142.
The retention period of data processed using Facebook Pixel is 90 days from the time you give your consent.
Information collected using Facebook Pixel is transferred to the USA based on the adequacy decision of the European Commission and the self-certification of Meta Platforms, Inc. (1601 Willow Road, 94025 Menlo Park, California, USA). The certification of Meta Platforms Inc. is available at the following URL: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active.
You can revoke the consents you have given (pursuant to Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act and Art. 6 (1) a GDPR) at any time with effect for the future by deactivating Facebook Pixel in the cookie banner or by reversing the activation of Facebook Pixel via your browser settings. When you log in to Facebook, you can manage your advertising settings at the following URL:
In addition, you can manage your settings via the NAI (Network Advertising Initiative) deactivation page https://optout.networkadvertising.org/?c=1. Alternatively, you can also disable cookies via the Digital Advertising Alliance website by using the following link http://optout.aboutads.info/?c=2#!/.
6.4 TikTok Pixel
Based on your consent provided in the cookie banner (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act), we use the TikTok Pixel on our website. The TikTok Pixel is a TikTok Advertiser Tool from the two providers TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey St, Barbican, London EC1A 9HP, United Kingdom (both are hereinafter jointly referred to as “TikTok”). For some types of data processing activities, we and TikTok are both jointly responsible under data protection laws (see under “Joint controllership between us and TikTok”). Other data processing occurs solely under TikTok’s responsibility (see under “Data processing by TikTok under TikTok’s own responsibility”).
The TikTok Pixel allows us to understand and track visitors’ activity on our website and use this data for improving our marketing activities on the TikTok platform. The TikTok Pixel collects and processes information about the users of our website and the devices they use (so-called event data). Event data collected through the TikTok Pixel is used for targeting our advertisements and improving ad delivery and personalized advertising on the TikTok platform. For this purpose, the event data collected on our website by means of the TikTok Pixel is transmitted to TikTok. TikTok uses the data to display targeted and personalized advertising to TikTok users and to create interest-based user profiles. The cookies set in connection with TikTok Pixel have a maximum duration of 1 year and 1 month. We use the TikTok Pixel in a standard mode where we share the least amount of data on our website visitors as it is possible while using TikTok Pixel. Under the following URL, TikTok provides more information on the standard mode used by us: https://ads.tiktok.com/help/article/data-sharing-tiktok-pixel-partners?lang=en.
TikTok also receives your IP address and other information about your device, such as the marketing identifier, the device used, the website visited and the time. TikTok uses this data to identify the users of our website and to link their actions to a “TikTok” user account. TikTok processes this data under its own responsibility from the time of transmission. Information on how TikTok processes the information collected with the TikTok pixel can be found under the following URL: https://www.tiktok.com/legal/page/eea/privacy-policy/en.
When we use the TikTok Pixel based on your consent, there are data transfers to countries outside the European Economic Area occurring. Namely, transfers of data to Singapore (TikTok Pte. Ltd) and the US (TikTok Inc.). For this purpose, we entered into Standard Contractual Clauses with the two TikTok companies. These clauses can be found under the following URL and there under “PART B: EUROPEAN ECONOMIC AREA (EEA) AND THE UNITED KINGDOM” and “2.3 (a)” and under Annex I and II: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.
Data collected via TikTok Pixel are stored for one year and one month after you have provided your consent in our cookie banner. You may revoke your consent via changing the settings in the cookie banner after clicking on “Manage consent” on the bottom right of our website. You can manage your ads settings in your TikTok account as described by TikTok under the following URL and there under “Your ad controls” and under “Managing data usage for ads in different regions”: https://www.tiktok.com/privacy/ads-and-your-data/en.
Joint controllership between us and TikTok
Some data processing activities occurring when we use the TikTok Pixel based on your consent are carried out by us and TikTok as so-called joint controllers in the sense of Art. 26 (1) Sentence 1 GDPR. The following processing activities are subject to a joint controllership between us and TikTok:
- collection and transmission of Event Data by TikTok and transmission of data from our website to TikTok;
- use of Event Data for measurement of our marketing activities and creating a report by TikTok.
Since there is more than one controller, we want to inform you about our and TikTok’s responsibilities for data processing occurring in form of a joint controllership. We and TikTok agreed on the responsibilities of each party within a joint controllership arrangement. This arrangement can be found under the following URL and there under “PART B: EUROPEAN ECONOMIC AREA (EEA) AND THE UNITED KINGDOM” and “3. Joint Controller Terms”: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms. The allocation of responsibilities can be found under the link and there in the table under “4.1” and under “4.2”.
In essence: TikTok is mainly responsible for ensuring data subject’s rights under Art. 15 to Art. 20 GDPR. You may also in principle contact us to exercise your rights but it is more promising to contact TikTok directly. We are responsible for informing you about the arrangement entered into by TikTok and the data processing occurring on our website. All other GDPR obligations (including the right to object under Art. 21 GDPR) are fulfilled both by TikTok and us as set out in the arrangement between TikTok and us.
Data processing by TikTok under TikTok’s own responsibility
Any data processing occurring after the data have been collected by or transmitted to TikTok and after they have been used to measure our marketing activities and create related reports, is done by TikTok in its sole own responsibility. Further information on how TikTok processes personal data, including the legal basis TikTok relies on and the ways to exercise data subject rights against TikTok, can be found under the following URL: https://www.tiktok.com/legal/page/eea/privacy-policy/en.
6.5 HubSpot
With the consent (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act) you provide within the cookie banner, we use tracking services provided by HubSpot, Inc. (25 First Street, Cambridge, MA 02141, USA, “HubSpot”). Via the help of HubSpot cookies, we count how many times you have visited our website. We store a user token, a user ID, the first timestamp of the first visit, the last timestamp of the last visit, the current timestamp for the current visit and the number of page views. This helps us to understand how you are using our website. The cookies set in connection with tracking service have a maximum duration of 6 months.
Via the help of the cookie called “__cf_bm” we protect our website from bots. This cookie is necessary for the provision of the website and therefore set without your consent. This cookie is set based on Sec. 25 (2) No. 2 German Federal Telecommunications Telemedia Data Protection Act and has a duration of 1 day. The processing of personal data is based on our legitimate interest (Art. 6 (1) f GDPR) to protect our website form bots and our obligation to ensure and adequate level of data protection (Art. 6 (1) c GDPR in conjunction with Art. 32 (1) GDP).
Since HubSpot is located in the USA, data transfers to the USA occur. Those data transfers are based on the adequacy decision of the European Commission and the self-certification under the Data privacy Framework of HubSpot (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active).
6.6 LinkedIn Insight-Tag
With the consent (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act) you provide within the cookie banner, we use conversion tracking on our websites with the help of LinkedIn Insight Tag. This service is provided by LinkedIn Ireland Unlimited Company (Wilton Plaza, Gardner House 4,5,6 Dublin 2, Ireland, “LinkedIn”). We use the service offered by LinkedIn to measure the effectiveness of the advertisements we place on the “LinkedIn” platform. With the help of Insight Tag, we include a tag in various places on our website that helps us to recognize how website visitors use our website. We place advertisements on the “LinkedIn” platform and record with the help of the tag embedded on our web pages that you have visited our website bevisioneers.world or an associated sub-page after clicking on an advertisement. Within our LinkedIn profile, we are also provided with an anonymized statistical evaluation of the use of the ads.
The direct identifiers of the members of LinkedIn are removed within seven days after granting your consent to pseudonymize the data. This remaining pseudonymized data will be deleted within 90 days after you have given your consent.
LinkedIn is informed when you click on an ad placed by us that you have visited our websites, whereby your IP address is also collected. In addition, time stamps and so-called “events” (e.g. page views) are stored. This enables us to statistically evaluate the use of our website in order to optimize it and our advertisements on the “LinkedIn” platform. Please note that the data may be stored and processed by LinkedIn, so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. Further information on this can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy.
The data collected about you will be processed by LinkedIn and transferred by LinkedIn to countries outside the EU and the EEA. LinkedIn provides information about how data is transferred by LinkedIn from the EU, the EEA and Switzerland and the United Kingdom at the following URL and there also mentions its certification under the Data Privacy Framework: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de. Data transfers to the U.S. are based on the adequacy decision and LinkedIn’s certification under the Data Privacy Framework and on the Standard Contractual Clauses concluded with LinkedIn as part of the data protection agreement, which can be accessed at the following URL: https://www.linkedin.com/legal/l/dpa.
You can revoke the consents you have given at any time with effect for the future by deactivating LinkedIn Insight-Tag in the cookie banner or by reversing the activation of LinkedIn Insight-Tag via your browser settings. You can also prevent LinkedIn from analyzing your usage behavior and displaying interest-based recommendations via https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
6.7 Google Analytics
If you have given us your consent (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act), this website uses Google Analytics, a web analytics service provided by Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”). Google Analytics uses persistent and third-party cookies. This website uses Google Analytics in a way that IP addresses are processed in a shortened form. The information generated by Google Analytics cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Since we are using Google Analytics 4 on this website, your IP address will be shortened by Google. Google provides further information on Google Analytics 4 under the following URL: https://support.google.com/analytics/answer/12017362?hl=en&ref_topic=2919631&sjid=12422493986519619859-EU. Furthermore, with the help of Google Analytics, we also set a cookie that remembers whether and, if so, when you have given consent for collection by Google Analytics.
Data transfers to the USA take place on the basis of the adequacy decision for the USA and the self-certification of Google under the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).
Google Analytics enables the creation of statistics on website usage and its sources. Google will use this information to evaluate the use of our online offer in order to compile reports about the activities within this online offer. In doing so, pseudonymous user profiles are created from the processed data. The maximum retention period agreed with Google for user and event data linked to cookies, user IDs and advertising IDs is up to 1 year and one month from the time you give your consent. We use Google Analytics for statistical purposes, such as tracking how many users clicked on a particular item or piece of information.
You can revoke the consents you have given (pursuant to Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act and Art. 6 (1) a GDPR) at any time with effect for the future by downloading and installing the plugin available at the following link: tools.google.com/dlpage/gaoptout. In addition, you can change your settings at (https://adssettings.google.com/anonymous?hl=en-GB&sig=ACi0TCgjQOtZZmsnhor-F-jUaLKUXPozB-azrbC60G1nlIid6ZBXp9mJfsSLCyW2C06i4JsWIeRrQw2CyV7laWP2gtjISjDTv8QM7RXXbZBM5xM64a1uc) or via the NAI (Network Advertising Initiative) deactivation page https://optout.networkadvertising.org/?c=1. Alternatively, you can also disable cookies via the Digital Advertising Alliance website by using the following link http://optout.aboutads.info/?c=2#!/.
6.8 DoubleClick
If you have given us your consent (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act), this website uses a cookie associated with the service “DoubleClick”, which is provided to us by Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”). Via DoubleClick, we can analyze our marketing activities across different Google services. DoubleClick sets a cookie which expires after one and a half month after you provided your consent. With the help of this cookie, we can associate event data and other data collect via other marketing tools and analyze it together within the Google marketing platform.
The cookie also helps Google to show relevant ads to you, to improve campaign performance reports and to prevent you from seeing the same ad more than once. Google uses a cookie ID to record which ads are shown in which browser and can thereby prevent them from being shown more than once. In addition, DoubleClick uses cookie IDs to record so-called conversions that are related to ad requests. The cookies used in connection with DoubleClick services have a maximum duration of 1 year and one month.
Data transfers to the USA take place on the basis of the adequacy decision for the USA and the self-certification of Google under the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).
You can revoke the consents you have given (pursuant to Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act and Art. 6 (1) a GDPR) at any time with effect for the future by changing your setting in the cookie banner. In addition, you can change your settings at (https://adssettings.google.com/anonymous?hl=en-GB&sig=ACi0TCgjQOtZZmsnhor-F-jUaLKUXPozB-azrbC60G1nlIid6ZBXp9mJfsSLCyW2C06i4JsWIeRrQw2CyV7laWP2gtjISjDTv8QM7RXXbZBM5xM64a1uc) or via the NAI (Network Advertising Initiative) deactivation page https://optout.networkadvertising.org/?c=1. Alternatively, you can also disable cookies via the Digital Advertising Alliance website by using the following link http://optout.aboutads.info/?c=2#!/.
6.9 YouTube videos
On our website, we integrated videos via services of YouTube. YouTube is operated by Google. If you are accessing YouTube videos from the European Economic Area or Switzerland, the controller for the data processing is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), and in case you access a video from the UK, Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is the controller. Both companies are hereinafter referred to as “Google”.
Before you can view a YouTube video embedded on our website, we ask you if you agree to the use of cookies for marketing purposes with a massage shown before you click on the video. If you view videos embedded via YouTube, Google sets cookies that are used to show the video and used for marketing purposes. The cookie used to show the video is a session cookie that expires after you close the window in your browser in which you visited our website. The cookie used for marketing purposes expires after 6 months. In case you are logged into your Google account, Google will attribute your view of the video on our website to your Google account. Via clicking on the video after having been shown the consent notice, you consent (Art. 6 (1) a GDPR and Sec. 25 (1) German Federal Telecommunications Telemedia Data Protection Act) to the use of marketing cookies provided by Google. You may revoke your consents provided with affect for the future by deleting the cookies in your browser and reloading the website.
Within Google’s privacy policy, you can find more information on the data processing done by Google when you use YouTube services. The privacy policy is available under the following URL: https://policies.google.com/privacy?hl=en#infochoices. Within this privacy policy and there under the headline “Data transfers”, you can find more information on how Google shares personal data relating to you and how data is transferred to third countries. Data transfers to the USA take place on the basis of the adequacy decision for the USA and the self-certification of Google under the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).
Your settings with regard to data privacy can be managed under the following URL: https://myaccount.google.com/intro/privacycheckup?utm_source=pp&utm_medium=Promo-in-product&utm_campaign=pp_intro&hl=en. Within its privacy policy, Google also explains how you can exercise data subject’s rights towards Google. If you wish to exercise one of your data subject’s rights, it is certainly more promising to contact Google directly. Google has access to all the relevant data. If you still need our help, feel free to reach out to us.
7. DATA PROTECTION RIGHTS
As a data subject, you are entitled to certain data protection rights under the GDPR if certain conditions are met. There are the following data protection rights:
- Art. 15 GDPR: right to access to data;
- Art. 16 GDPR: right to rectification;
- Art. 17 GDPR: right to erasure;
- Art. 18 GDPR: right to restriction of processing;
- Art. 20 GDPR: right to data portability;
- Art. 21 GDPR: right to object;
- Art. 7 Para. 3 GDPR: right to withdraw consent given at any time without affecting the legitimacy of processing based on consent before its withdrawal;
- Art. 77 GDPR: right to lodge a complaint with a supervisory authority.
In case we process data relating to you for direct marketing purposes and based on our legitimate interests (Art. 6 Para. 1 f GDPR), you may object to the processing and, as a result of your objection, we will not process the data for direct marketing purposes anymore.
To make use of one of these rights, please contact our data protection officer under privacy@bevisioneers.world and indicate that you are an applicant and whether or not you were chosen as a participant of the fellowship program.
8. CHANGE OF THIS PRIVACY POLICY
This privacy policy may be changed from time to time in accordance with the factual circumstances of the data processing activities.
January 2024