Privacy Policy
Note: If you have any questions regarding Haiilo’s security, you can email security@haiilo.com.
In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour, etc. Privacy policy for the Haiilo website
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.
I. Data processing when using the website
1. Contact form
If you contact us via the contact form or request a demo, the personal data you provide (your name, email address, telephone number (optional), company name, and the content of your message) will be transmitted to us and stored for the purpose of processing your inquiry. In addition, your IP address as well as the date and time of submission will be recorded and stored. This is necessary in order to prevent misuse of the contact form and to safeguard the security of our systems.
The legal basis for the processing of personal data transmitted in connection with the contact form is Article 6(1)(a) GDPR.
We further reserve the right to use your contact details, beyond the handling of your inquiry, in order to provide you with information regarding our products and events from time to time. The legal basis for such processing is our legitimate interest pursuant to Article 6(1)(f) GDPR.
Your data will be deleted once it is evident that there is no longer any interest in further contact, and in any event no later than after three contact attempts. Personal data additionally collected during the transmission process will be deleted at the latest within seven days.
2. Newsletter
To subscribe to our newsletter, all you need to do is enter your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. We also store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the analyses, we link the data mentioned in II.1. and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you have taken on our website.
The legal basis is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
You can object to this tracking at any time by contacting us. The information will be stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your email programme by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
II. Data processing in the background
When you visit our website for the first time, you will be asked to select your privacy settings and to select or deactivate the various tags/trackers and analysis tools. Only the tools labelled as ‘essential’ are necessary for visiting the website. If you agree to the use of the other tools in this respect, the legal basis for data processing is based on § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR.
The website uses the following cookies:
Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your device to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you use and do not have an automatic expiry date. If you do not wish Flash cookies to be processed, you must install an appropriate add-on.
1. Website functionalities
a) WordPress
Our website is powered by WordPress, a content management platform (CMS) provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. WordPress provides us with an easy way to create, manage and display content on our website.
WordPress automatically collects and processes usage data to ensure and improve the functionality of the website. This includes data such as IP address, browser type, pages visited and other technical information generated when using the website. WordPress also sets cookies to improve the user experience, e.g. by saving login information or preferences.
The data collected by WordPress is processed on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR to ensure the technical functionality and performance of our website. If WordPress uses cookies or other tracking technologies, the processing is based on your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for the duration of the session.
WordPress (Automattic) may transfer data to the USA. Automattic is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. Automattic also uses standard contractual clauses to ensure the security and protection of personal data when it is transferred to third countries.
Further information on data processing by WordPress and Automattic can be found in Automattic's privacy policy at:
https://automattic.com/privacy/
b) Leadfeeder
We use the provider Leadfeeder to set a cookie that identifies the IP address of devices that visit the website so that multiple users coming from the same IP address can be addressed again.
The cookie is stored for a period of one year.
The legal basis is your consent according to § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR.
The data is stored for one year.
You can find more information about this provider here
https://www.leadfeeder.com/privacy/
c) Cloudflare
Our website uses Cloudflare, a service provided by Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare provides a content delivery network (CDN) that improves the loading speed of our website and at the same time protects our website from malicious attacks. Cloudflare also provides an additional layer of security by filtering traffic between our users and our website.
Cloudflare automatically processes data to optimise the performance and security of our website. This includes the collection and processing of IP addresses, browser types, geographical locations, referrer information and other technical data required to provide and optimise the service. DDoS attacks and other security threats are also identified and defended against. Cloudflare also stores caches of website content to improve loading times.
The data collected by Cloudflare is processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to ensure the security and performance of our website.
The data is stored for one hour.
Cloudflare may transfer data to the USA. Cloudflare is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. Standard contractual clauses can also be used as an additional security measure.
Further information on data processing and data protection at Cloudflare can be found in Cloudflare's privacy policy at:
https://www.cloudflare.com/de-de/privacypolicy/
2. Web Analytics
a) Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, which are text files placed on your device, to help the website analyse how users use the site.
The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. We use Google Analytics exclusively with activated IP anonymisation (‘anonymizeIp’), whereby your IP address is shortened by Google within the EU or the EEA before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
We use Google Analytics to evaluate user behaviour in order to improve our website and make it more user-friendly.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your Google account under ‘My data’, ‘Personal data’.
The legal basis for the use of Google Analytics is your consent in accordance with Section 25(1) TDDDG, Art. 6(1)(a) GDPR.
The data is stored for a maximum of two years.
Data may be transferred to the USA. Google is certified in accordance with the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
You can find more information here:
https://www.google.com/analytics/terms/de.html https://www.google.com/intl/de/analytics/learn/privacy.html https://www.google.de/intl/de/policies/privacy
b) Hubspot
The website uses Hubspot (Hubspot Inc., 25 First Street, Cambridge MA 02141 USA) for analysis purposes.
This uses so-called ‘web beacons’ and also sets ‘cookies’, which are stored on your computer and enable us to analyse your use of the website. Hubspot analyses the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf to generate reports on the visit and the pages visited. If you subscribe to our newsletter or download documents, we can also use Hubspot to record your visits to our website using your additional personal details (in particular your name/email address) and, if necessary, provide you with targeted information on your preferred topics.
The legal basis for the processing is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data will be stored for a maximum of six months.
Data may also be transferred to servers in the USA and processed there. HubSpot is certified in accordance with the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.
For more information about how Hubspot works, please refer to the Hubspot Inc. privacy policy, available at:
https://legal.hubspot.com/de/privacy-policy
c) Bing Universal Event Tracking
The website uses Bing Ads technology (a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) to collect and store data from which user profiles are created using pseudonyms. This service enables us to track the activities of users on our website if they have reached our website via adverts from Bing Ads. If you reach our website via such an advert, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to store some non-personal data about the use of the website. This includes, among other things, the time spent on the website, which areas of the website were accessed and which ad the user used to access the website. Information about your identity is not recorded.
The legal basis is your consent in accordance with § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR.
The data is stored for one year.
Data may be transferred to servers in the USA. Microsoft is certified in accordance with the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.
Microsoft may also be able to track your usage behaviour across several of your electronic devices through so-called cross-device tracking and is therefore able to display personalised advertising on or in Microsoft websites and apps. You can deactivate this behaviour at https://choice.microsoft.com/de-de/opt-out.
You can find more information about Bing's analytics services at
https://help.bingads.microsoft.com/#apex/3/de/53056/2
You can find more information about data protection at Microsoft and Bing at
https://privacy.microsoft.com/de-de/privacystatement
d) LinkedIn Insight
On our website, we use the ‘LinkedIn Insight Tag’, a tracking technology of the LinkedIn platform (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland). This allows us to show you more relevant adverts based on your interests. We also receive aggregated and anonymous reports from LinkedIn about advertising activities and information about how you interact with our website.
LinkedIn uses cookies for this purpose. The information collected using the cookie is used to compile the aforementioned anonymous statistics and reports and to display adverts based on your interests.
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for a maximum of one year.
You can find more information on data protection at LinkedIn at:
https://www.linkedin.com/legal/privacy-policy
e) 6Sense
Our website uses the services of 6sense Insights, Inc, 450 Mission Street, Suite 201, San Francisco, CA 94105, USA. 6sense is a platform for so-called Account-Based Marketing (ABM) and helps us to address potential business customers (B2B) in a more targeted manner. To do this, 6sense analyses the behaviour of website visitors in combination with firmographic data in order to draw conclusions about company interests.
6sense uses cookies, pixels and other tracking technologies to analyse website visits, user behaviour, IP addresses and company-specific data (e.g. industry or company size). This information helps us to provide relevant content and personalised offers, especially for business users and decision-makers.
The data collected is generally pseudonymised and does not relate to individuals, but to organisations or companies.
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
A transfer of data to the USA cannot be ruled out. 6sense is certified according to the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.
Details on data processing by 6sense and opt-out options can be found in 6sense's privacy policy at: https://6sense.com/privacy-policy/
f) Microsoft Clarity
We use Microsoft Clarity on our website, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Clarity enables us to evaluate anonymized usage data, e.g. mouse movements, click behaviour, scrolling behaviour and interactions with the website. This is done via so-called session replays and heat maps in order to improve the user-friendliness and functionality of our website.
Microsoft Clarity helps us to understand how visitors interact with our website. No direct data such as names or email addresses are collected. The data is processed pseudonymously. IP addresses are shortened and the recordings do not contain any sensitive entries (e.g. in form fields).
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for one year.
Data may be transferred to servers in the USA. Microsoft is certified in accordance with the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.
Further information on data processing by Microsoft Clarity can be found at:
Microsoft's privacy policy:
https://privacy.microsoft.com/de-de/privacystatement
g) G2 Conversion Tracking
We use G2 Conversion Tracking, a service provided by G2, Inc, 100 N. Lasalle St., Suite 700, Chicago, IL 60602, USA. G2 Conversion Tracking allows us to track which users have performed a specific action on our website after visiting G2 review pages, such as making a purchase or registering for an offer.
Through G2 Conversion Tracking, we collect anonymized data about how users interact with the G2 reviews and requests built into our website. G2 sets cookies to determine whether a user has completed a conversion after clicking on an ad or filling out a form on our website. We use the data obtained to measure the effectiveness of our marketing campaigns and to optimize them in a targeted manner.
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for two weeks.
Data may be transferred to the USA. G2 is certified in accordance with the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.
Further information on data processing by G2 and how conversion tracking works can be found in G2's privacy policy at: https://www.g2.com/privacy
h) Gartner Conversion Tracking
We use Gartner Conversion Tracking, a service of Gartner, Inc, 56 Top Gallant Road, Stamford, CT 06902, USA. Gartner Conversion Tracking enables us to measure the impact of our marketing activities by tracking which users have taken a specific action on our website after interacting with Gartner content (such as reports or reviews), such as making a purchase or signing up for a product.
Gartner Conversion Tracking uses cookies and similar technologies to track whether a user has completed a conversion after viewing Gartner content. This data helps us to evaluate and optimize the effectiveness of our advertising campaigns by tracking how users arrive at our website after interacting with Gartner content and what actions they take there.
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
Data may be transferred to the USA. Gartner ensures that an adequate level of data protection is guaranteed, among other things by concluding standard contractual clauses.
Further information on data processing by Gartner and how conversion tracking works can be found in Gartner's privacy policy at: https://www.gartner.com/en/privacy-policy
i) VWO (Visual Website Optimizer)
We use VWO (Visual Website Optimizer) on our website, a service for performing A/B testing, conversion optimization and user analytics, provided by VWO Technologies Pvt. Ltd, 13th Floor, Tower A, DLF Cyber City, Gurugram, Haryana 122002, India. VWO helps us to improve the user experience on our website by conducting tests and analysis to find out which content or design elements are best received by our visitors.
VWO uses cookies and similar tracking technologies to collect data on how users interact with our website. This includes information such as clicks, mouse movements, scrolling behavior and other actions on the page. VWO helps us to test different versions of our website to increase conversion rates and improve the user experience. All data is usually anonymized and processed on an aggregated level.
The legal basis for this is your consent in accordance with Section 25(1) TDDDG, Art. 6(1)(a) GDPR.
The data is stored for a period of 6 months.
VWO may transfer data to countries outside the European Union, including India. VWO ensures that appropriate safeguards are in place to ensure the protection of your data, for example by concluding standard contractual clauses.
Further information on data processing by VWO and the privacy policy can be found on the VWO website at: https://vwo.com/privacy-policy/
j) Snowplow Analytics
Our website uses Snowplow Analytics, a service for collecting and analyzing usage data, which is operated by Snowplow Analytics Ltd, 86-90 Paul Street, London EC2A 4NE, United Kingdom. Snowplow helps us analyze user behavior on our website and make data-driven decisions to improve the user experience and optimize our marketing efforts.
Snowplow collects and processes anonymized data about visitors' behavior on our website, such as clicks, page views, time spent on the site and interactions with certain elements of the site. This data is used to create statistical analyses and reports that help us to improve the user experience and optimize the performance of our website and campaigns. No directly identifiable personal data is collected without your express consent.
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data collected by Snowplow may be transferred to third countries, including the USA. Snowplow takes appropriate measures to ensure the protection of the data, for example by concluding standard contractual clauses or other suitable security measures.
Further information on data processing by Snowplow and opt-out options can be found in Snowplow's privacy policy at: https://snowplowanalytics.com/privacy/
k) Segment
Our website uses Segment, a service for collecting and managing user data, which is operated by Segment.io, Inc, 101 Spear Street, Suite 1000, San Francisco, CA 94105, USA. Segment helps us to integrate various data sources and to collect, process and analyze user data in a central platform in order to improve the user experience and optimize our marketing activities.
Segment collects anonymized usage data, such as page views, interactions with various website elements and other behavioral data. This data is used to create custom reports and analytics that help us improve the user experience, provide personalized content and measure the effectiveness of our marketing campaigns. Segment ensures that the data is processed in pseudonymized form to protect the privacy of users.
The legal basis for this is your consent in accordance with Section 25(1) TDDDG, Art. 6(1)(a) GDPR.
Segment may transfer data to third countries, including the USA. Segment is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. In other cases, Segment uses standard contractual clauses to ensure the security of the transferred data.
Further information on data processing by Segment and the privacy policy can be found at: https://segment.com/legal/privacy/
3. Social Media
a) Social-Media-Plug-ins
Our website uses social media plug-ins from the providers Facebook (Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA), X (Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA), LinkedIn (LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, California 94085, USA), Instagram (Instagram, LLC, 1601 Willow Road, Menlo Park, CA 94025, USA - subsidiary of Facebook, Inc.) and YouTube (YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA - subsidiary of Google LLC)
These plug-ins allow users to share content directly on social networks or connect to our social media channels.
When you access a page on our website that contains such a plug-in, your browser establishes a direct connection to the servers of the respective provider. As a result, the provider receives information that you have visited our website with your IP address. If you are logged into your social media account at the same time, the provider can assign the visit to your account. If you interact with the plug-ins (e.g. by clicking on “Like”, ‘Share’ or “Tweet”), this information is transmitted directly to the provider and stored there. If you do not want the provider to assign this data, you must log out of your social media account before visiting our website.
The legal basis for this is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The providers are based in the USA. Personal data may therefore be transferred to the USA. The respective providers are certified in accordance with the EU-U.S. Data Privacy Framework (for Facebook and Instagram) or by other suitable guarantees (e.g. standard contractual clauses), which ensures an adequate level of data protection.
You can find further information on data processing and the providers' privacy policies in the privacy policies of the respective social media platforms:
https://www.facebook.com/privacy/explanation
https://twitter.com/de/privacy
https://www.linkedin.com/legal/privacy-policy
https://policies.google.com/privacy
b) Integration of YouTube videos
On our website, we embed videos from the YouTube platform, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The integration of YouTube videos serves the user-friendly presentation of multimedia content and the improved communication of information about our offers and services. The videos are either embedded directly or can be accessed via a link.
Where possible, we use YouTube's “extended data protection mode”. According to YouTube, this mode means that no information about visitors to the website is stored unless you actively watch the video. Data is only transmitted to YouTube when the video is played.
When you play a YouTube video, your IP address, information about the browser and end device used, referrer URL (the previously visited page), time and date of access and time and date of access are transmitted to YouTube/Google. YouTube also sets cookies.
If you are logged in to Google, YouTube can assign the information to your personal profile. You can prevent this by logging out of Google before playing the video.
The legal basis is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
As YouTube is a Google service, your data may be transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
Further information on the processing of personal data by YouTube can be found in Google's privacy policy at: https://policies.google.com/privacy
4. Online-Werbung
a) Google Adwords Conversion
This website uses conversion tracking from Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you access our website via a Google ad, Google Ads will place a cookie on your device. This cookie loses its validity after 30 days and is not used for personal identification. If you visit certain pages of this website while the cookie is still active, Google and we can recognize that a user has clicked on an ad and has been redirected to our site.
Conversion tracking is used to statistically evaluate and measure the success of our Google ads. This tells us the total number of users who clicked on our ad and were redirected to a page with a conversion tag. However, we do not receive any information with which users can be personally identified.
The legal basis for the processing of your data is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for a maximum of two years.
Data may be transferred to the USA. Google is certified in accordance with the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
You can find more information about Google Conversion Tracking and Google's privacy policy at:
https://policies.google.com/privacy
https://support.google.com/google-ads/answer/1722022
b) Remarketing
This website uses the remarketing function of Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The remarketing function allows us to target visitors to our website on other websites within the Google advertising network with personalized advertising based on their interests.
Remarketing enables us to display targeted advertising to users on other websites that is related to content or products on our website. For this purpose, cookies are set on our website through which Google recognizes that you have visited our site. Google uses this information to display interest-based advertisements.
The legal basis is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for a maximum of two years.
Data may be transferred to the USA. Google is certified in accordance with the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
Further information can be found in Google's privacy policy: https://policies.google.com/privacy
c) Doubleclick by Google
This website uses functions of DoubleClick by Google, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ad more than once.
DoubleClick assigns a pseudonymous identification number (ID) to your browser, which is used to check which ads were displayed in which browser. This allows the effectiveness of individual advertisements to be measured and optimized in a targeted manner. In addition, DoubleClick can use cookie IDs to record so-called “conversions” that are associated with ad requests - for example, if a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and takes an action there (e.g. makes a purchase).
The legal basis for the processing is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The data is stored for a maximum of one year and twenty-four weeks.
Data may be transferred to the USA. Google is certified in accordance with the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
We have no influence on the scope and further use of the data collected by Google through the use of this tool.
You can find more information about DoubleClick by Google at
https://www.google.de/doubleclick
https://support.google.com/adsense/answer/2839090
https://www.google.de/intl/de/policies/privacy
d) Microsoft Advertising (formerly Bing Ads)
This website uses Microsoft Advertising, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising uses Universal Event Tracking (UET) tags to track users who have reached our website via an ad in the Bing search or the Microsoft advertising network.
With the help of the UET tag, we can track how users interact with our website after they have clicked on one of our ads. This allows us to evaluate the effectiveness of our advertising campaigns and place targeted advertising. Microsoft uses cookies for this purpose, which are used to assign a pseudonymous ID. Users are not personally identified in this process.
The legal basis for the processing is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
Data may be transferred to the USA. Microsoft is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
Further information on data processing by Microsoft can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement
e) Reddit Ads
Our website uses functions of the online advertising service “Reddit Ads”, operated by Reddit Inc, 548 Market St. #16093, San Francisco, CA 94104, USA. With the help of this service, we can target our advertising measures to user groups that have certain interests on Reddit or have interacted with our advertising on Reddit (so-called “targeting”).
The integration of Reddit Ads serves the purpose of increasing the efficiency of our marketing measures and displaying advertising that is relevant to you. Reddit collects pseudonymous information about your use of our website and can link this with data from its own network in order to display personalized advertising.
The legal basis for the processing is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The processing may lead to a transfer of personal data to the USA. Reddit is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
You can find more information on data processing by Reddit in Reddit's privacy policy at: https://www.redditinc.com/policies/privacy-policy
III. Other data processing
1. Recruitment
a) (Online) application procedure
To manage our application process, we use Workable, a service provided by Workable Software Limited, 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom. Workable supports us in publishing job advertisements, managing applications and communicating with applicants.
When you apply for a job with us, your personal data (e.g. name, contact details, CV, cover letter and other information provided by you) will be collected and processed via the Workable platform. The data processing is carried out exclusively for the purpose of carrying out the application process, assessing your suitability for the advertised position and communicating with you as part of the selection process.
Your data is processed in accordance with Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures (application procedure). If special categories of personal data within the meaning of Art. 9 GDPR are processed (e.g. health data), this is done on the basis of your express consent in accordance with Art. 9 para. 2 lit. a GDPR.
Your personal data will only be stored for as long as is necessary to carry out the application process or for as long as there are statutory retention obligations. Longer storage (e.g. for consideration in a talent pool) will only take place with your express consent.
The processing may lead to a transfer of personal data to the USA. Workable is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
You can find out more about data processing by Workable in the provider's privacy policy at: https://www.workable.com/privacy
b) Outreach
We use outreach measures to actively approach potential applicants. This involves proactively contacting people who are potentially eligible to work for our company based on their qualifications and professional experience.
In the course of outreach, we process in particular name, contact details (e.g. email address, LinkedIn profile), professional background, qualifications and specialist knowledge and publicly visible content on professional networks or platforms, insofar as these are publicly available or provided to us by platforms.
The data generally comes from publicly accessible sources, e.g. professional social networks (e.g. LinkedIn, XING), career sites or online CVs. In individual cases, recommendations may also be made by third parties.
The processing of personal data in the context of outreach serves the legitimate interest (Section 6 (1) (f) GDPR) of our company in identifying and approaching qualified talent for vacancies. The aim is to inform potential applicants about career opportunities and to enter into an initial exchange with them.
If there is no further communication or application, the data collected as part of the outreach will be deleted after 6 months at the latest. If an application process is initiated, the corresponding data protection regulations for applicants apply.
c) Talent-Pool
When you register for our talent pool, we process your personal data using Workable software, a service provided by Workable Software Limited, 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom, to inform you about future vacancies and career opportunities in our company. Participation in the talent pool is voluntary and is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
We store the data provided by you as part of the application or talent pool registration, e.g. name, contact details, CV, qualifications, interests and, if applicable, details of previous applications to us.
The data is processed exclusively for the purpose of contacting you in connection with suitable job vacancies and for carrying out the corresponding application process.
Your data will be stored in our talent pool for a maximum of 24 months or until you withdraw your consent. After this period has expired, your data will be deleted unless there is a legal obligation to retain it or you have expressly consented to further storage.
You can find out more about data processing by Workable in the provider's privacy policy at: https://www.workable.com/privacy
2. Advertising to publicly accessible contact data
In order to inform you about events or new products, we may from time to time send you advertising to your publicly accessible contact details. For this purpose, we use publicly available data such as name, job position, e-mail address and company address, which we obtain from public networks such as LinkedIn. Your data will be processed by us on the basis of the legitimate interest of direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. We delete the data if there is clearly no interest in contacting you, but at the latest after three contacts.
If you do not wish to receive advertising from Haiilo GmbH via these channels, you can object to the further use of your data for advertising purposes at any time by sending a message in text form to Haiilo GmbH, Gasstraße 6a, 22761 Hamburg or by e-mail to dpo@haiilo.com.
3. Public events organized by Haiilo
The data collected by Haiilo when you register for a public event will be processed for the planning and implementation of the event and for communication following the event.
In particular, your first and last name, your e-mail address, your job title and your company will be stored.
The data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.
For registration, we may use the ticket booking and registration platform “Eventbrite” from Eventbrite, Inc, 95 Third Street, 2nd Floor, San Francisco, California, 94103, USA. You can find further data protection information about this provider at:
https://www.eventbrite.de/help/de/articles/460838/datenschutzrichtlinien-von-eventbrite/
We use the video conferencing service “Zoom” from Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113 to register for and conduct online events. You can find further data protection information about this provider at https://explore.zoom.us/de/privacy/
The data provided during registration will be deleted no later than six months after inactive communication.
At Haiilo's public events, photos and/or film recordings (including sound) of the face-to-face event or recordings of the online event may be made. The recordings may be published on Haiilo's website and social media channels. The publication takes place in connection with the respective or comparable event. The processing is based on Haiilo's legitimate interest in visually documenting the event it has organized and informing about future events (Art. 6 para. 1 lit. f GDPR).
The photo and film recordings will be deleted after two years at the latest.
4. Use of Gong.io
We use the services of Gong.io Ltd, 265 Cambridge Ave, Suite, 60717, Palo Alto, CA 94306, USA, to record and analyze our sales calls. In addition to the recording of the conversation (audio & video), the name, e-mail address, time of the conversation, IP address and the type of web browser used for this conversation are processed and stored for 12 months. Cookies are used to help us assign the recordings and details we collect to the relevant persons.
The legal basis is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
The processing may result in the transfer of personal data to the USA. Gong.io is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
You can find more information on how Gong.io works in the privacy policy of Gong.io Ltd. at: https://www.gong.io/privacy-policy/
IV. Contact
Haiilo GmbH, Gasstraße 6, 22761 Hamburg, Germany (see our legal notice) is the controller pursuant to Art. 4 (7) GDPR and the contact for asserting your rights under the GDPR. You can reach our data protection officer at dpo@haiilo.com or at our postal address with the addition “the data protection officer”.
V. Your rights
If personal data is processed by us as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to withdraw this data protection consent in accordance with Art. 7 III GDPR.
Please contact our data protection officer to assert your rights as a data subject with regard to the processed data.
VI. Right of complaint
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the place of the alleged infringement.
The supervisory authority with which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.