This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). Furthermore, we inform you hereafter about the third-party components we use for optimization purposes and to enhance the quality of use, insofar as third parties process data under their responsibility.

Responsible

Saatchi & Saatchi GmbH
Louis-Pasteur-Platz 3
40211 Düsseldorf
E-Mail adress: info@saatchi.de
Managing Directors: Frank-Peter Lortz, Philippe Bordet
Link to the imprint: https://saatchi.de/impressum/
Contact data protection: yusuf.tuncay-eberl@publicisresources.com

Types of data processed

– Inventory data (e.g., names, addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g.,visited websites, interest in content, access times).
– Meta/communication data(e.g., device information, IP addresses).

Categories of affected persons

Visitors and users of the online offering (hereinafter collectively referred to as "users").

Purpose of processing

– Provision of the online offering, its functions, and content.
– Responding to contact inquiries and communication with users.
– Security measures.
– Reach measurement/marketing

Terminology used

The term personal data is defined in the General Data Protection Regulation (hereinafter "GDPR"). According to this, "personal data" means any information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number, or date of birth. Information about how you use this or other websites can also be considered personal data.

Relevant Legal Bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing activities. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR, the legal basis for processing for the fulfillment of our services and carrying out contractual measures as well as responding to inquiries is Article 6(1)(b) of the GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In the case where vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

Security Measures

In accordance with Article 32 of the GDPR, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, transfer, availability, and separation of the data concerned.

Collaboration with Processors and Third Parties

Your data will not be transferred to third parties as a matter of principle unless we are legally obliged to do so. Where external service providers come into contact with your personal data, we have ensured through legal, technical, and organizational measures and through regular checks that they comply with the data protection regulations. Furthermore, these service providers are only permitted to use your data according to our instructions.

If we commission third parties to process data on the basis of a so-called "order processing contract," this is done on the basis of Article 28 of the GDPR.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using third-party services or disclosure/transmission of data to third parties, it will only occur if it is necessary for the fulfillment of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we or the data processors only process data in a third country under the specific conditions outlined in Articles 44 et seq. of the GDPR. This means the processing occurs, for example, based on special guarantees such as the officially recognized establishment of an EU-equivalent data protection level (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called “Standard Contractual Clauses”).

Rights of the Affected Persons

We are happy to inform you whether and which personal data concerning you is processed by us and for which purposes (Art. 15 GDPR). Additionally, under the respective legal conditions, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR), the right to object (Art. 21 GDPR), and the right to data portability (Art. 20 GDPR).

With the following LINK to the information request form, you can exercise your rights at any time.

Regardless of these rights and the possibility of asserting another legal remedy, you have the right at any time to lodge a complaint with a supervisory authority, particularly in the member state of your residence, place of work, or location of the alleged infringement if you believe that the processing of personal data concerning you violates data protection regulations (Art. 77 GDPR).

You have the right to withdraw consent granted under Art. 7(3) GDPR with effect for the future.

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR.

Deletion of Data

The data we process is deleted or its processing is restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and no legal retention obligations stand in the way of its deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Contact

When contacting us (e.g., via contact form, email, telephone, or social media), user information is processed for the purpose of handling the contact request and its processing in accordance with Article 6(1)(b) (within contractual/pre-contractual relationships), Article 6(1)(f) (other inquiries) of the GDPR. We delete the inquiries if they are no longer necessary. The statutory archiving obligations apply.

Collection of Access Data and Logfiles

We, or our hosting provider, collect data on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR about each access to the server on which this service resides (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident is finally resolved.

Weglot

We use the translation service Weglot for our website. The service provider is the French company Weglot SAS, 7 cité Paradis 75010 Paris, France. You can find more information about the data processed by Weglot in the privacy policy at https://weglot.com/privacy/.

Webflow

We use the provider Webflow for hosting and creating our website. Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103. You can learn more about data processing by this provider in the privacy policy at https://webflow.com/legal/eu-privacy-policy.

Online Presence on Social Media

In addition to our website, we are also active on various social media platforms. User data may be processed to allow us to specifically target users who are interested in us through social networks. Furthermore, elements of a social media platform may be directly embedded in our website. This occurs, for instance, when you click on a so-called social button on our website and are directly redirected to our social media presence.

All data collected through a social media platform is also stored on the servers of the providers. Therefore, only the providers have access to the data and can provide you with information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to data processing, you should carefully read the respective company's privacy policy. Also, if you have questions about data storage and data processing or want to assert the right of access, we recommend that you contact the provider directly. Information about specific social media platforms, if available, can be found in the following section.

Instagram

We have incorporated functions of Instagram into our website. Instagram is a social media platform owned by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of the Facebook products. Instagram content is embedded on our website. This allows us to display content such as buttons, photos, or videos from Instagram directly on our website. When you access web pages of our web presence that have an integrated Instagram function, data is transmitted to, stored, and processed by Instagram. Instagram uses the same systems and technologies as Facebook, so your data can be processed across all Facebook companies.

The embedded Instagram functions allow us to enrich our content with helpful content from the Instagram world. Instagram also uses the collected data for measurement and analysis purposes. Instagram shares the information received between the Facebook companies with external partners and with individuals you connect with worldwide. The data processing is carried out in compliance with Instagram's own data policy. Your data is distributed across Facebook servers worldwide for security reasons, among others. Most of these servers are located in the USA. You can view further information about Instagram’s data policies at https://help.instagram.com/519522125107875.

LinkedIn

We use functions of LinkedIn on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For aspects related to data protection in the European Economic Area (EEA), the EU, and Switzerland, LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible. LinkedIn processes your data, among other places, in the USA. More information can be found at the following link: https://de.linkedin.com/legal/privacy-policy.

Cookie Consent Management Platform (General)

We use a Consent Management Platform (CMP) software on our website, which facilitates the correct and secure handling of scripts and cookies for both you and us. The software automatically generates a cookie popup, scans and controls all scripts and cookies, offers you the legally required cookie consent, and helps both you and us keep track of all cookies.

Within our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. Your consent declaration is stored so that we do not have to ask you again on each new visit to our website and to allow us to prove your consent if legally necessary.

You have the right and the opportunity to withdraw your consent to the use of cookies at any time. This can be done either via our cookie management tool or through other opt-out functions in the respective section of this privacy policy or in the browser you are using.

One Trust (CMP)

We use OneTrust, a privacy management tool, on our website. The service provider is the U.S. company OneTrust, 1200 Abernathy Rd. Suite 700 Atlanta, Georgia 30328. You can find out more about the data processed through the use of OneTrust in the privacy policy at https://www.onetrust.com/privacy/.

Recruiting Tool (General)

Various companies offer software programs that can significantly simplify the recruitment process. Most systems provide filtering options to search through databases of potential candidates, allowing us to quickly and efficiently find employees who fit our company. Personal data can be transferred, stored, and managed via online forms as well as recruiting tools. We refer here to recruiting tools in addition to the classic application process via email or online form. Further information about the recruiting tools we use can be found below.

For finding suitable candidates and administrating all application documents, we use, while adhering to all legal guidelines, a platform that specializes in application management. So-called recruiting tools typically make the application process easier by allowing the software to handle many administrative tasks and optimize processes within the recruitment procedure. This can sometimes enable us to find suitable employees for our company more quickly. For specific conditions of the recruitment procedures, we refer to the respective job postings.

When you apply to us, you are required to provide us with certain information about yourself so that we can appropriately assess your application. The exact information you supply us depends on the job posting or the required information for the position. Typically, this includes data such as name, address, date of birth, and proof of qualifications necessary for the position. During the application process, not only the usual personal data such as name or address may be transmitted, but information about your health or ethnic origin may also be requested. This is to exercise and comply with rights and obligations in terms of labor law, social security, and social protection. These data are called special category data. Data and applications are sent to us encrypted via the online form of the recruiting tool. Alternatively, you can also send your application to us via email.

The data you submit can be further processed by us for an employment relationship in the case of a successful application. If the application does not meet our expectations, we delete the received data. Also, if you withdraw your application, we will delete this data. If you agree to be included in our applicant pool, we will store the data collected in this context until you leave the pool. The same rules apply for exiting the pool as for withdrawing your consent.

You always have the right and opportunity to withdraw your consent. To address any remaining questions regarding the application and to fulfill our proof obligations, the data will be deleted after a maximum of 6 months. Invoices related to possible travel expense reimbursements are archived due to tax law requirements.

Your consent to join our applicant pool is voluntary and has no impact on the application process. You can withdraw your consent at any time.

iCIMS

We use iCIMS Talent Products. iCIMS, Inc. is a cloud-based human resources and recruitment software company based in New Jersey, USA. You can learn more about the data processed through the use of iCIMS in the privacy policy at https://www.icims.com/legal/privacy-notice-website/.

We reserve the right to change this privacy policy at any time in compliance with applicable data protection regulations.