Cookies and Privacy Settings & Policy

Cookies and Privacy Settings
Privacy Policy
Privacy Policy
  • Cookies and Privacy Settings
  • Privacy Policy

Privacy Policy

This Privacy Policy informs you about the nature, scope and purpose of processing personal data (hereinafter referred to as “Data”) within our online services and the associated websites, functions and contents, as well as external online presences, e.g. our Social Media Profile. (hereinafter referred to jointly as “Online Services”). With respect to the terminology used, e.g. “personal data” or their “processing”, we refer to the definitions in Art. 4 of the EU General Data Protection Regulation (EU-GDPR).

Responsible

Name/company name: PrepLounge GmbH
Street No.: Hohenzollernring 26
Postal code, town, country: 50672, Köln, Deutschland
Commercial register/no.: HRB 75534
Managing Director: Valentine Alexi
Telephone number: +49 221 1686 9859
Email address: contact@preplounge.com

Data Protection Officer

Name: Leonard Ewerbeck
Email address: privacy@preplounge.com

Types of Processed Data:

  • Master data (e.g. names, addresses).
  • Contact data (e.g. e-mail, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Contract data (e.g. contract subject matter, term, customer category).
  • Payment data (e.g. bank account details, payment history).
  • Utilization data (e.g. visited websites, interest in contents, access times).
  • Metadata/communication data (e.g. device information, IP addresses).
  • Optional Application data for the use of recruiting services (e.g. curriculum vitae, certificates, references).

Processing Special Categories of Data (Art. 9 Subsection 1 GDPR):

  • No special categories of data are processed.

Categories of the Persons Affected by the Processing:

  • Customers / interested parties / suppliers.
  • Visitors and users of the online services.

In the following, we will also refer to the data subjects jointly as “Users”.

Purpose of the Processing:

  • Provision of the online services, their contents and functions.
  • Provision of contractual performance, service and customer maintenance.
  • Answering of contact inquiries and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

 

As of: Aug 7, 2023

1. Relevant Legal Foundations

On the basis of Art. 13 GDPR, we are notifying you about the legal foundations of our data processing. Insofar as the legal foundations are not referred to in the Privacy Policy, the following applies: The legal foundation for obtaining consents is Art. 6 Subsection 1 lit. a and Art. 7 GDPR, the legal foundation for processing in fulfillment of our services and the performance of contractual measures, as well as answering inquiries, is Art. 6 Subsection 1 lit. b GDPR, the legal foundation for processing in fulfillment of our legal obligations is Art. 6 Subsection 1 lit. c GDPR, and the legal foundation for processing for the preservation of our legitimate interests is Art. 6 Subsection 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Subsection 1 lit. d GDPR serves as the legal foundation.

2. Changes and Updates to the Privacy Policy

We request that you inform yourself about the content of our Privacy Policy on a regular basis. We adapt the Privacy Policy, as soon as the changes to the data processing performed by us make this necessary. We will inform you, as soon as a cooperation action on your part (e.g. consent) or another individual notification becomes necessary.

3. Security Measures

  1. On the basis of Art. 32 GDPR, in consideration of the state-of-the-art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and the seriousness of the risk for the rights and freedoms of natural persons, we will arrange for appropriate technical and organizational measures, in order to guarantee a protection level, which is commensurate with the risk; these measures particularly include the assurance of confidentiality, integrity and availability of data by checking the physical access to the data, as well as the relevant access, the entry, disclosure, assurance of availability and their separation. Furthermore, we have set up procedures, which guarantee the exercising of rights by the data subjects, deletion of data and responding to endangering of the data. Furthermore, we already take the protection of personal data into consideration for the development/selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data-protection-friendly default settings (Art. 25 GDPR).
  2. When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do our best to protect your data and to close security gaps as far as we can. An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.
  1. Zu den Sicherheitsmaßnahmen gehört insbesondere die verschlüsselte Übertragung von Daten zwischen Ihrem Browser und unserem Server.

4. How long do we store your data?

At some points in this privacy policy, we inform you about how long we or the companies that process your data on our behalf will store your data. In the absence of such information, we store your data until the purpose of the data processing no longer applies, you object to the data processing or revoke your consent to the data processing and provided that no statutory retention obligations prevent deletion. However, in the event of an objection to processing or a revocation of consent granted, we may continue to process your data if at least one of the following conditions is met:

  1. We have compelling legitimate grounds for continuing data processing that override your interests, rights and freedoms (only applies if you object to data processing; if the objection is directed against direct marketing, we cannot provide legitimate grounds).
  2. The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
  3. We are required by law to retain your data (e.g. § 257 HGB, 147 AO).

In this case, we will delete your data as soon as the requirement(s) cease to apply.

4. Cooperation With Processors and Third Parties

  1. Insofar as we disclose data to other persons and companies within the scope of our processing (processors or third parties), send data to these or otherwise grant them access to data, this only occurs on the basis of legal permission (e.g. if sending of the data to third parties, such as payment service providers is required for contract fulfillment in accordance with Art. 6 Subsection 1 lit. b GDPR), if you have consented, a legal obligation prescribes this or on the basis of our legitimate interests (e.g. for the use of authorized representatives, web hosting services etc.).
  2. Insofar as we commission third parties with the processing of data on the basis of a so-called “Data Processing Agreement”, this occurs on the basis of Art. 28 GDPR.

5. Transmissions to Third Countries

Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose it within the scope of using third-party services or if disclosure/transmission of data occurs to third parties, this only occurs, if it is required for fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process, or have the data processed, in a third country if the specific preconditions of Art. 44 et seqq. GDPR exist. I.e. the processing occurs, e.g. on the basis of specific guarantees, such as the observance of officially recognized specific contractual obligations (so-called “standard contractual clauses”) or accaptance of the transaction by the user in accordance with article 49 paragraph 1 sentence 1 lit. GDPR.

6. Rights of the Data Subjects

  1. You have the right to request a confirmation about whether relevant data are processed and to receive information about these data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR.
  2. In accordance with Art. 16 GDPR, you have the right to request the completion of the data relating to you or correction of the inaccurate data relating to you.
  3. On the basis of Art. 17 GDPR, you have the right to request that relevant data are deleted immediately, or alternatively, on the basis of Art. 18 GDPR, to request a restriction to the processing of the data. You can request data deletion by sending an email to contact@preplounge.com or by deleting your account in your profile settings under "Login and Security". 
  4. You have the right to request the receipt of the data relating to you, which you provided to us on the basis of Art. 20 GDPR and request that it be sent to other responsible parties.
  5. Furthermore, in accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.

7. Cancellation Right

If you read in this privacy statement that we have legitimate interests for the processing of your data and therefore base this on Art. 6 (1) sentence 1 lit. f) GDPR, you have the right to object to this in accordance with Art. 21 GDPR. This also applies to profiling based on the aforementioned provision. The requirement is that you cite reasons for the objection that arise from your particular situation. A statement of reasons is not required if the objection is directed against the use of your data for direct marketing.

The consequence of the objection is that we may no longer process your data. This only does not apply if one of the following conditions exists:

  • We can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms.
  • The processing serves the assertion, exercise or defense of legal claims.

The exceptions do not apply if your objection is directed against direct marketing or profiling related to it.

8. Right to Object

You may object to the future processing of the data relating to you on the basis of Art. 21 GDPR at any time. The objection may specifically be made against processing for the purpose of direct marketing.

9. Cookies and the Right to Object to Direct Marketing

We set temporary and permanent cookies, i.e. small files, which are stored on the devices of the users (for an explanation of the definition and the function, please refer to the last section of this Privacy Policy). In part, the cookies have the purpose of security or are required for operating our online services (e.g. for the display of the website) or to store the user decision for the confirmation of the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which the users are informed during the course of the Privacy Policy.

A general objection to the use of cookies for online marketing purposes may be declared with many of the services, particularly in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/. Furthermore, the storage of cookies may be reached by switching them off in the browser settings. Please note that in this case, all functions of the online services may no longer be usable.

10. Deletion of Data

  1. The data processed by us are deleted on the basis of Art. 17 and 18 GDPR or their processing can be restricted. Unless expressly stated otherwise within the scope of this Privacy Policy, the data stored with us are deleted as soon as they are no longer required for their designated purpose and the deletion is not opposed by any statutory retention duties. Insofar as the data are not deleted, because they are required for other and legally admissible purposes, their processing is restricted. I.e. the data are stored and not processed for other purposes. This applies e.g. to data, which must be retained for commercial-law or tax-law purposes.
  2. According to legal provisions, the retention specifically occurs for 6 years in accordance with Section 257 Subsection 1 HGB [German Commercial Code] (trading books, annual financial statement, commercial letters, booking vouchers, etc.), as well as for 10 years in accordance with Section 147 Subsection 1 AO [German Fiscal Act] (accounts, records, management reports, booking vouchers, commercial and business letters, documentation relevant to taxation, etc.).

11. Provision

  1. We process master data (e.g. names and addresses, as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Subsection 1 lit. b. GDPR. The entries marked as being mandatory in online forms are required for the conclusion of the contract.
  2. The registration as a member requires the storage and processing of various biographical and personal data, e.g. first name, educational status, gender, main course of studies, industry interests, degree studies and higher education institution. Optionally, additional biographical data can be entered, which relate to e.g. the curriculum vitae, interests etc. Within the scope of the registration, the required mandatory details are notified to the users. In the future, this list may be extended with reference to the legal foundations referred to in Point 1. After registration, other users of PrepLounge may view their user profile with the details provided by you and interact with you. Furthermore, curriculum vitae and application data may be sent to PrepLounge GmbH. These may be made available to recruiting companies, only after the user’s consent has been obtained. Other users of PrepLounge cannot view this application data. If users have cancelled their user account, their data will be deleted in respect of the user account, unless their retention is necessary for commercial-law or tax-law reasons in accordance with Art. 6 Subsection 1 lit. c GDPR. In the case of a cancelation, the users are responsible for securing their data prior to the end of the contract. We are authorized to irretrievably delete all of the user’s data stored during the term of the contract.
  3. Within the scope of the registration and new logins, as well as the use of these online services, we store the IP address and the time of the respective user action. The storage occurs on the basis of our legitimate interests, as well as those of the users, in respect of protection from misuse and other unauthorized use. Disclosure of these data to third parties does not occur, as a general rule, except if it is required for pursuing our claims or if a legal obligation exists to do so in accordance with Art. 6 Subsection 1 lit. c GDPR.
  4. We process utilization data (e.g. the visited websites of our online services, interest in our products) and content data (e.g., entries in the contact form or user profile) for marketing purposes in a user profile, in order to e.g. display product information for the users, based on their services used so far.
  5. Deletion occurs after the expiration of statutory warranty and comparable duties, the necessity to retain the data is checked every three years; in the case of statutory archiving duties, the deletion occurs after their expiration (end of commercial-code (6 years) and tax-law (10 years) retention duty); details in the customer account remain until their deletion.

12. Making Contact

  1. When making contact with us (via contact form, e-mail or telephone), the user’s details are processed to handle the contact request and for its processing in accordance with Art. 6 Subsection 1 lit. b) GDPR.
  2. The user’s details can be stored in our Customer Relationship Management System (“CRM System”) or comparable request organization.
  3. We delete the requests, if they are no longer required. We check the necessity every two years; we permanently store requests from customers, who have a customer account and refer to the details about the customer account with regard to deletion. In the case of statutory archiving duties, the deletion occurs after their expiration (end of commercial-law (6 years) and tax-law (10 years) retention duty).

13. Comments and Contributions

  1. If users leave comments or other contributions, their IP addresses are stored for 14 days on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f. GDPR.
  2. This occurs for our security, in the event that someone leaves unlawful content in comments and contributions (insults, banned political propaganda, etc.). In this case, we can be claimed upon ourselves for the comment or contribution and are therefore interested in the identity of the author.
  3. Publicly viewable contributions of this type (e.g. within our Consulting Q&As) also remain in place after the termination of a membership/deletion of the user account with PrepLounge. The authorship of such contributions is anonymized by us. Furthermore, we ensure that they no longer contain any personal data.

14. Collection of Access Data and Logfiles

  1. We collect data on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f. GDPR about any access to the server, on which this service is situated (so-called server logfiles). The access data include the name of the accessed website, file, date and time of the access, transferred data volume, message about successful retrieval, browser type and version, the User’s operating system, referrer URL (the previously visited website), IP address and the requesting Provider.
  2. Logfile information is stored for a maximum term of 14 days for security reasons (e.g. to clarify acts of misuse or fraud) and are deleted thereafter. Data, which needs to continue being retained for evidence purposes, are exempted from deletion until final clarification of the respective incident.

15. Online Presences in Social Media

  1. We maintain online presences within social networks and platforms, in order to communicate with the customers, interested parties and users, who are active there, and inform them about our services. For accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
  2. Unless specified otherwise within the scope of our Privacy Policy, the data of the users are processed, insofar as they are communicated to us within the social networks and platforms, e.g. writing contributions on our online services or sending us messages.

16. Cookies & Reach Measurement

  1. Cookies are items of information, which are transferred from our webserver or third-party webservers to the users’ web browsers and are stored there for retrieval later on. Cookies may be small files or other types of stored information.
  2. We use “session cookies”, which are only filed for the duration of the actual visit to our online presence (e.g. to store your login status or the shopping basket configuration and therefore make the use of our online services possible at all). In a session cookie, a randomly generated unique identification number is filed, a so-called session ID. Furthermore, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted, if they are no longer required.
  3. The users are informed about the use of cookies within the scope of pseudonymous reach measurement, within the scope of this Privacy Policy.
  4. If the users do not want cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of these online services.
  5. You can object to the use of cookies, which have the purpose of reach measurement and marketing, using the deactivation site of the Network Advertising Initiative (https://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).

17. Google Tag Manager

  1. We use the Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage them and display them. The Google Tag Manager itself does not create user profiles, does not place cookies on your device and does not analyze your behavior as a user. However, it records your IP address, anonymizes it and transmits it to Google servers in the USA.

  2. The Tag Manager ensures that other services are only run if the conditions (tags) set in the Tag Manager are met for them. For example, we ensure that tools that require consent are only loaded after you have given your consent. The Tag Manager does not access the data processed by the tools.

  3. The integration of the Google Tag Manager is technically necessary. This is our legitimate interest. If personal data processing could be assumed at all when using Google Tag Manager, this is based on Art. 6 para. 1 lit. f) GDPR.

  4. The Tag Manager is a tag management system for the integration of tracking codes and conversion pixels of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

  5. For more information about the privacy of Google Tag Manager, see: https://policies.google.com/privacy?hl=en&gl=en

  6. On what basis do we transfer your data to the USA? Google complies with the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance/)

18. Google Analytics

  1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information created by the cookie concerning the use of the online services by the user is generally transmitted to a Google server in the USA, where it is stored.
  2. Google will use this information on our behalf, to evaluate the use of our online services by the users, to produce reports concerning the activities within the online services and to produce additional services associated with the use of these online services and the Internet for us. Pseudonymous utilization profiles of the users can be created from the processed data.
  3. We use Google Analytics in order to display the advertisements placed by Google and its partners within marketing services only to those users, who also have shown an interest in our online services or show specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the visited websites), which we send to Google (so-called “Remarketing”, or “Google Analytics Audiences”). With the assistance of the Remarketing Audiences, we also intend to ensure that our advertisements match the potential interest of the users and are not annoying for them.
  4. We only use Google Analytics with activated IP anonymization. However, in the case of activation of IP anonymization on this website, your IP address will be previously abbreviated by Google within Member States of the European Union or in other Member States, which are parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and abbreviated there in exceptional cases.
  5. The IP address sent by the user’s browser within the context of Google Analytics will not be combined with other data of Google. The users can prevent the storage of the cookies with an appropriate setting in their browser software; furthermore, the users can prevent the recording of the data generated by the cookie and their use of the online services to Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
  6. Additional information about use of data by Google, setting and objection options is available on the Google website: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners' sites or apps”), https://policies.google.com/technologies/ads (“Use of data for marketing purposes”), https://adssettings.google.com/authenticated (“Managing information that Google uses for displaying advertising to you”).

19. YouTube

  1. We use the provider YouTube, among others, for the integration of videos. YouTube is operated by YouTube, LLC with headquarters at 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube is represented by Google LLC. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  2. When you visit the website on which the YouTube plugin is embedded, a connection to the YouTube servers is established for the video display. This transmits to the YouTube server which of our Internet pages you have visited.
  3. YouTube is only loaded with your consent, i.e. no data about you as a user is transmitted to YouTube if you have not given your consent. Only with your consent, the videos can be played, and thereby also data is transmitted to the YouTube server, which of our Internet pages you have visited.
  4. If you are logged in to YouTube, YouTube assigns this information to your personal user account. When using the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account as well as other user accounts of the company YouTube LLC and Google LLC. before using our website and deleting the corresponding cookies of the companies.
  5. For more information on the purpose and scope of data collection and processing by YouTube, please see the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/en/policies/privacy. Google also processes your personal data in the USA.
  6. We only use YouTube with your consent, which you can revoke at any time. The corresponding data processing is based on Art. 6 para. 1 lit. a) GDPR. The storage period is 6 months.

20. Facebook Share Button

  1. You have the option to share the content published on our website on Facebook. The websites at www.facebook.com and the services provided on these pages are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
  2. When you click on the Facebook button, a connection is established between your browser and the Facebook server, so that Facebook receives the information that you have visited our site with your IP address. We have no influence on the scope of the collection and further use of data collected by Facebook. According to our knowledge, Facebook receives the information that you have accessed the relevant part of our website. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will learn and store your IP address and possibly other identifiers.
  3. We use the corresponding button to enable you to share the content on Facebook. This is also our legitimate interest in processing the above data and thus based on Art. 6 (1) lit f) GDPR. You can prevent Facebook from processing the above information by not clicking on the button.
  4. It is not excluded that Facebook may also transfer your data to the parent company of Meta Platforms, Inc. based in the USA.
  5. You can find more information from the third-party provider on data protection on the following Facebook website: https://www.facebook.com/about/privacy

21. Google Re/Marketing Services

  1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use the Marketing and Remarketing Services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
  2. The Google Marketing Services allow us to display advertising for and on our website in a more targeted manner, in order to present users only with advertisements, which potentially match their interests. If advertisements are e.g. displayed for products, for which the user has shown an interest on other websites, this is referred to as “Remarketing”. For this purpose, when accessing our website and others, on which Google Marketing Services are active, a Google code is directly executed by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With the aid of these, an individual cookie is stored on the users’ device, i.e. a small file (comparable technologies may also be used, instead of cookies). The cookies may be set by various domains, among others, by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file, it is noted which websites the user visits, which contents he has shown an interest in and which offers he has clicked on, furthermore, technical information about the browser and operating system, linking websites, visit time and other details about the use of the online services. The IP address of the user is also recorded, whereby, within the scope of Google Analytics, we inform you that the IP is abbreviated within the Member States of the European Union or in other Member States, which are parties to the Agreement on the European Economic Area and are only transferred in full to a server of Google in the USA and abbreviated there in exceptional cases. The IP address is not combined with data of the user within other Google services. The information referred to above may also be linked by Google with such information from other sources. If the user subsequently visits other websites, customized advertisements, which match his interests, may be displayed to him.
  3. The users’ data are processed within the scope of the Google Marketing Services pseudonym. I.e. Google does not store and process e.g. the name of e-mail address of the user, but processes the relevant data on the basis of cookies within pseudonymous user profiles. I.e. from Google’s point of view, the advertisements are not managed and displayed for a concretely identified person, but for the cookie-holder, regardless of who this cookie-holder is. This does not apply, if a Google user has expressly allowed the data to be processed without this pseudonymization. The information collected by Google Marketing Services about the users are sent to Google and store on Google’s servers in the USA.
  4. The Google Marketing Services, which we use, include, inter alia, the “Google AdWords” online marketing program. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the cookie have the purpose of creating conversion statistics for AdWords customers, who have chosen conversion tracking. The AdWords customers find out the total number of users, who have clicked on their advertisement and have been forwarded to a website with a conversion tracking tag. However, they do not receive any information, with which users can be personally identified.
  5. On the basis of the Google Marketing Services, we can integrate third-party “DoubleClick” advertisements. DoubleClick uses cookies, with which Google and its partner websites are enabled to place advertisements on the basis of visits by users to this website/other websites on the Internet.
  6. On the basis of the Google Marketing Services, we can integrate third-party “AdSense” advertisements. AdSense uses cookies, with which Google and its partner websites are enabled to place advertisements on the basis of visits by users to this website/other websites on the Internet.
  7. We can also use the “Google Optimizer” service. Within the scope of so-called ”A/B Testing”, Google Optimizer allows us to trace what effect various changes to a website have (e.g. changes to the input fields, the design, etc.). For these test purposes, cookies are filed on the users’ devices. Only pseudonymized user data are processed for this.
  8. Furthermore, we can use the “Google Tag Manager” in order to integrate the Google Analysis and Marketing Services into our website and manage them.
  9. Further information about data use for marketing purposes by Google is available on the overview page: https://policies.google.com/technologies/ads, the Privacy Policy of Google is accessible at https://policies.google.com/privacy.
  10. If you would like to object to interest-related advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.

22. Facebook, Custom Audiences and Facebook Marketing Services

  1. Within our online services, on the basis of our legitimate interests in analysis, optimization and commercial operation of our online services and for these purposes, the so-called “Facebook Pixel” of the Facebook social network is used, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are domiciled in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
  2. Using the Facebook Pixel, it is possible for Facebook to determine the visitors to our online services as a target group for the display of advertisements (so-called “Facebook Ads”. Accordingly, we use the Facebook Pixel display Facebook Ads, which we have placed, only to those Facebook users, who also have shown an interest in our online services or show specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the visited websites), which we send to Facebook (so-called “Custom Audiences”). With the assistance of the Facebook Pixel, we also intend to ensure that our Facebook Ads match the potential interest of the users and are not annoying for them. With the assistance of the Facebook Pixel, we can also trace the effectiveness of the Facebook advertisements for statistical and marketing purposes, by seeing whether users are forwarded to our website after clicking on a Facebook advertisement (so-called “conversion”).
  3. Furthermore, for the use of the Facebook Pixel, we use the additional “extended comparison” function (data, such as telephone numbers, e-mail addresses or Facebook IDS of the users) are used to form target groups (“custom audiences” or “look-alike audiences”), which are sent to Facebook (encrypted)). Additional information about the “extended comparison”: https://www.facebook.com/business/help/611774685654668).
  4. We also use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded at Facebook. The upload procedure occurs in an encrypted form. The upload is exclusively for the purpose of determining recipients of our Facebook advertisements. With this, we intend to ensure that the advertisements are only displayed to users, who have an interest in our information and services.
  5. The processing of data by Facebook occurs within the scope of Facebook’s Data Utilization Policy. Accordingly, general information about the display of Facebook Ads, in the Data Utilization Policy of Facebook: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and its functionality are available in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
  6. You can object to the recording by the Facebook Pixel and the use of your data for displaying Facebook Ads. In order to set which types of advertisements are displayed to you within Facebook, you can access the site set up by Facebook and follow the instructions there for use-based advertising: https://www.facebook.com/settings?tab=ads. The settings occur platform-independently, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
  7. To prevent tracking on our site through the Facebook Pixel please visit our Privacy Settings. Under the tab "Marketing" you can disable the tracking through the Facebook Pixel.
  8. You can also object to the use of cookies, which have the purpose of reach measurement and marketing using the deactivation site of the Network Advertising Initiative (https://optout.networkadvertising.org/) and also the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).

23. Amazon Partner Program

  1. On the basis of our legitimate interests (i.e. interests in the commercial operation of our online services within the meaning of Art. 6 Subsection lit. f. GDPR), we are participants in the partner program of Amazon EU, which has been designed in order to provide a medium by which advertising cost refunds can be earned with the placement of advertisements and links to Amazon.de. Amazon uses cookies, in order to trace the origin of the orders. Among other things, Amazon can identify that you have clicked the partner link on this website.
  2. You can obtain additional information about the use of data by Amazon in the Privacy Policy of the company: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&language=en_GB&nodeId=3312401.

24. Newsletter

  1. With the following details, we are informing you about the contents of our newsletter, as well as the registration, delivery and statistical evaluation procedure and your objection rights. By subscribing to our newsletter, you are declaring your consent to the receipt and the described procedures.
  2. Content of the newsletter: We only send newsletters, e-mails and additional electronic messages with marketing information (hereinafter referred to as “newsletter”) with the consent of the recipient or legal permission. Our newsletters contain for example information about new cases, exciting jobs, relevant events and selected employers. Insofar as its contents are concretely described within the scope of registration, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our products, offers, campaigns and our company.
  3. Verification and logging: Successful registration for our newsletter only takes place if the e-mail address of the recipient has been verified beforehand. I.e. after the registration, you receive an e-mail, in which you are requested to confirm your registration. This confirmation is necessary, so that no one can login with third-party e-mail addresses. The registrations for the newsletter are logged, in order to verify the registration process in accordance with the legal requirements. This includes storing the time of registration and the time of confirmation, as well as the abbreviated IP address. The changes to your data stored with the E-mail Service Provider are also logged.
  4. E-mail Service Provider: The delivery of the newsletter occurs using Mailjet GmbH, Rankestr. 21, 10789 Berlin, hereinafter referred to as “E-mail Service Provider”. The Privacy Policy of the E-mail Service Provider can be viewed here: https://www.mailjet.com/privacy-policy/.
  5. Furthermore, according to its own information, the E-mail Service Provider may use these data in a pseudonymized form, i.e. without allocation to a user, for optimization or improvement of its own services, e.g. for technical optimization of the delivery and the display of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the E-mail Service Provider does not use the data of our newsletter recipients, in order to write to them itself or disclose the data to third parties.
  6. Success measurement – the newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved by the E-mail Service Provider’s server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, is collected. This information is used for the technical improvement of the service on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or the access times. For the statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our aim or that of the E-mail Service Provider, to monitor individual users. In fact, the purpose of the evaluations is for us to identify the reading habits of our users and to adapt our contents to them or send different contents in accordance with the interests of our users.
  7. The delivery of the newsletter and the success measurement occur on the basis of a consent from the recipient in accordance with Art. 6 Subsection 1 lit. a, Art. 7 GDPR in conjunction with Section 7 Subsection 2 No. 3 UWG [German Fair Trade Practices Act] or on the basis of legal permission in accordance with Section 7 Subsection 3 UWG.
  8. The logging of the registration procedure occurs on the basis of our legitimate interests in accordance with Art. 6 Subsection 1 lit. f GDPR and serves to verify the consent in the receipt of the newsletter.
  9. Cancellation/revocation – You may cancel the receipt of our newsletter at any time, i.e. revoke your consents. You can find a link to cancel the newsletter at the end of every newsletter.

25. Integration of Services and Third-Party Contents

  1. Within our online services, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use content or services of third-party providers, in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as “contents”). This always presupposes that the third-party providers of these contents perceive the IP address of the users, as they could not send the contents to their browser without the IP address. Therefore, the IP address is required for the presentation of these contents. We endeavor to only use such contents, whose respective providers only use the IP address for delivering the contents. Furthermore, third-party providers can also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags”, information can be evaluated, such as the visitor traffic on the pages of these websites. The pseudonymized information can furthermore be stored in cookies on the device of the user and, among other things, contain technical information about websites linking to the browser and operating system, visit time and other details about the use of our online services, as well as being associated with such information from other sources.
  2. The following description provides an overview of third-party providers and their contents, in addition to links to their data protection policies, which contain additional information about processing data and, partly objection opportunities already referred to here (so-called opt-out):
    • If our customers use the payment services of third parties (e.g. PayPal or Sofort), the terms and conditions and data protection policies of the respective third-party providers apply, which are retrievable within the respective websites or transaction applications.
    • External fonts of Google, LLC., https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts occurs by accessing a server at Google (as a rule, in the USA). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
    • Maps of the “Google Maps” services of the third-party provider, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
    • Functions of the Instagram service are integrated within our online services. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link to the contents of our website with your Instagram profile by clicking the Instagram button. This way, Instagram can allocate your visit to our website to your user account. We point out that as a vendor of the website, we receive no knowledge about the content of the data sent or their use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.
    • Within our online services, we use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our web pages is accessed, which contains LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. With the assistance of the LinkedIn Insight Tag, we can specifically analyze the success of our campaign within LinkedIn or determine target groups for this on the basis of the interaction of the users with our online services. If you are registered with LinkedIn, it is possible for LinkedIn to allocate your interaction with our online services to your user account. Also, if you click on the “Recommend Button” of LinkedIn and are logged into your account with LinkedIn, it is possible for LinkedIn to allocate your visit to our website to you and your user account. Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
    • Within our online services, functions of the service or the Twitter platform can be integrated (hereinafter referred to as “Twitter”). Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions are comprised of the display of our contributions within Twitter, within our online services, linking to our profile with Twitter and the option to interact with the contributions and functions of Twitter, as well as measuring whether users reach our online services through the advertisements, which we have placed with Twitter (so-called conversion measurement). Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://twitter.com/personalization.
    • We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our web pages is accessed, which contains Xing functions, a connection is established to Xing servers. Storage of personal data does not occur during the course of this, as far as we are aware. In particular, IP addresses are not stored and user behavior is not evaluated. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
    • Within our online offer, functions of the service or platform TikTok can be integrated (hereinafter referred to as "TikTok"). TikTok is an offer of Tiktok Technology Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland. The functions include the display of our posts within TikTok within our online offer, the link to our profile at TikTok as well as the possibility to interact with the posts and the functions of TikTok, as well as to measure whether users reach our online offer via the advertisements placed by us at TikTok (so-called conversion measurement). Privacy policy: https://www.tiktok.com/legal/page/eea/new-privacy-policy/en-EN 
    • Web analysis and optimization with the assistance of the Hotjar service, the third-party provider, Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. With Hotjar, movements on the websites can be traced, on which Hotjar is used (so-called heatmaps). For example, it is identifiable, how far users scroll and which buttons the users click on and how frequently. Furthermore, technical data, such as the selected language, system, monitor resolution and browser type, are recorded. At least temporarily during the visit, user profiles of the users can be created during the course of this. Furthermore, using Hotjar, it is also possible to obtain feedback directly from the users of the website. In this way, we obtain valuable information, in order to make our website even faster and more customer-friendly. Privacy Policy: https://www.hotjar.com/privacy. Opt-out: https://www.hotjar.com/opt-out.
How likely are you to recommend us to a friend or fellow student?
0 = Not likely
10 = Very likely
You are a true consultant! Thank you for consulting us on how to make PrepLounge even better!