Privacy Policy

This is the Privacy Policy of ID37 Company GmbH (hereinafter "us/we"). This Privacy Policy is intended to inform you as our customer and as a visitor to our website www.id37.io (the "website") about the nature, scope and purpose of the collection, storage and use (the "processing") of personal data. "Personal data" is all information relating to you personally, e.g. name, address, telephone number, e-mail address, gender, online user behavior, etc. (collectively "data").

1 - Who is the Controller and who can I contact?

We, ID37 Company GmbH, Kollwitzstr. 40, D-10405 Berlin, represented by Cornelia Kirschke and Thomas Staller, are the "Controller" pursuant to Art. 4 (7) of the EU General Data Protection Regulation („GDPR").

Phone: +49 30 61743020
Email: hello@id37.io

2 - Provision of the website and creation of log files

When you visit our website for purely informational purposes, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. Log files contain the following data:

  • IP address of the requesting device,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • The website from which access is made (referrer URL),
  • Browser and operating system of your end device.

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR.

The data is stored in order to ensure a smooth connection setup, correct display and proper operation of the website. The data is also used to ensure a comfortable use and optimization of the website and to ensure the security and stability of our information technology systems. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. The collection of data is absolutely necessary for the provision and operation of the website. There is therefore no possibility for you to object. The data is deleted when it is no longer required for the above-mentioned purposes. Depending on the hosting provider, this usually happens within 7 days and at the latest within 30 days.

3 - Cookies and similar technologies

We use cookies, local storage objects and similar technologies (collectively: "cookies") to make visiting the website attractive and to enable the use of certain functions. Cookies are text files that are stored in your internet browser or by the internet browser on your end device as soon as you access a website. Cookies contain a characteristic string of characters that make the browser to be uniquely identified when the website is called up again. With the help of cookies, the website can adapt its content to your interests more quickly. Cookies usually contain the name of the domain from which the cookie originates, the validity period of the cookie and a randomly generated number. Cookies alone do not allow any conclusions to be drawn about your identity.

Some of the cookies we use are technically strictly necessary for the provision of our website and may be set without your prior consent within the meaning of Section 25 (2) of the German Telecommunications Digital Services Data Protection Act TDDDG ("essential cookies" / "necessary cookies").

If essential cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b) GDPR either to take steps on your request prior to entering into a contract and/or perform the contract, or in accordance with Art. 6 para. 1 lit. f) GDPR to safeguard our legitimate interests in the optimal functionality of the website and a customer-friendly and effective design of the site visit.

___________

In addition to essential cookies, our website only uses cookies for statistical analysis, for marketing purposes and to integrate external media ("non-essential cookies") if you actively consent to this use. If the non-essential cookies process personal data, the legal basis for this is Art. 6 para. 1 lit. a) GDPR following your consent.

When you visit the website for the first time, you will be shown a banner with which you can find out about the name, type, provider, purpose and storage period of the cookies used on our website as well as the nature and scope of any personal data processed by the cookies. On the banner, you can accept the use of non-essential cookies or reject it. The banner can be retrieved at any time by clicking on the "Cookie settings“ link on the website. There you can also revoke your consent to the setting of non-essential cookies.

For the cookie banner, we use the Cookiebot service of the service provider Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark („Cookiebot“). Cookiebot processes your data as described in section 2 in order to provide the functionalities described above. The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR due to our legitimate interest in providing an efficient and lawful solution to manage your consent and refusal to set non-essential cookies, as well as all necessary information about cookies set by us.

We also use the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Tag Manager") to control the cookie banner. Google Tag Manager does not collect any data itself, but it makes it easier for us to integrate and manage other services. If those services process personal data, you will be notified separately in this Privacy Policy.

Please also note that you can set your browser to notify you before a cookie is placed and to give you the choice of generally accepting or rejecting cookies.

4 - Analysis tools and Master finder

We use the web analytics service Plausible Analytics provided by the service provider Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, on our website („Plausible"). According to its own information, Plausible does not process any personal data of visitors to our website and only uses data that is collected anyway during a purely informational visit to a website (see section 2 above). This data is used to generate general reports on the use of our website. Plausible does not use cookies and anonymizes IP addresses of visitors to our website before further processing. Plausible does not create user profiles and does not pass on your data to third parties. It is therefore not possible for us or Plausible draw conclusions about individual visitors. The data is processed exclusively in the EU. For more information about the nature and scope of data processing by Plausible, please visit https://plausible.io/data-policy.

The legal basis for the integration of Plausible on our website and the processing of your data is our legitimate interest in analyzing the use of our website according to Art. 6 para. 1 lit. f) GDPR. Plausible employs anonymous and data-efficient methods, and it does not allow any conclusions to be drawn about you as an individual visitor to our website. Consequently, our interests in this data-efficient form of web analysis regularly outweigh your legal interest in your data not being used for this purpose.

If you have consented to the setting of the corresponding non-essential cookies (see Section 3), we integrate the Google Maps service of the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for address validation and proximity search ("Google Maps"). Google Maps makes it possible to find the Masters registered with us in the vicinity of the address you have entered by entering an address or location on the corresponding subpage of our website ("Master Finder"). The following data is processed by Google Maps and may be transmitted to Google Ireland:

  • IP address of the user,
  • Address data entered, if applicable,
  • Browser information,
  • Operating system,
  • Date and time of address entry.

The legal basis for processing this personal data is Art. 6 para. 1 lit. a) GDPR, as a result of your consent. Google LLC, the parent company of Google Ireland, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. However, under the terms of the EU-US Privacy Framework (DPF), the USA is considered a country with a level of data protection comparable to that of the EU. Google LLC is currently certified under the DPF, which allows for the transfer of personal data to the USA without further ado.

5 - Contact form and other communication channels on our website

Should you choose to contact us by telephone, via the contact form on our website, or by email, we will store your email address, your telephone number (if applicable), the name you have provided, and other contact details for the purpose of processing your inquiry and for further questions. If your request is aimed at entering into a contract, the legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. In other cases, the basis is Art. 6 para. 1 lit. f) GDPR: The legitimate interest lies in processing your request. The data transmitted by you will be deleted after final processing, provided that there are no statutory retention obligations.

Before you can communicate with us via a contact form on our website, you must check a box and confirm that you are not a robot. The purpose of this is to distinguish you from bots and to protect our website from automated spam attacks. For this functionality, we use the ReCaptcha service of the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google ReCaptcha“). The following data is processed by Google ReCaptcha and may be transmitted to Google Ireland:

  • Page that integrates reCAPTCHA
  • Referrer URL (page from the user’s origin),
  • IP address of the user,
  • Settings of the end device (language, browser, location),
  • Time spent on site,
  • Mouse movements and keyboard strokes,
  • Screen and window resolution,
  • Time zone and
  • Installation of browser plugins.

Google LLC, the parent company of Google Ireland, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. However, under the terms of the EU-US Privacy Framework (DPF), the USA is considered a country with a level of data protection comparable to that of the EU. Google LLC is currently certified under the DPF, which allows for the transfer of personal data to the USA without further ado.

If your inquiries in the contact forms on our website are related to the conclusion of a contract or address issues concerning an existing contract, the legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. In other cases, the legal basis is our legitimate interest under Art. 6 para. 1 lit. f) GDPR, which lies in the efficient protection of our website from automated spam attacks by bots. Google ReCaptcha also sets one or more essential cookies (see section 3).

6 - Customer relationship and Newsletter

We collect, store and use the following data if you provide it to us when registering on our website and when using our various online services on the basis of our General Terms and Conditions:

  • Your contact details (first and last name, address, telephone number, e-mail),
  • Personal information (gender, date of birth, nationality, country of residence),
  • Career data (school-leaving qualification, profession, company, sector),
  • If applicable, a profile picture of yourself,
  • Results of your personality profile test,
  • Your click behavior in your user profile after registration. The click behavior is only aggregated and determined without personal reference.

The nature and scope of the data processed depends on the online services selected and used after registering in a user account. Information regarding school-leaving qualifications, profession, company, sector, and telephone number is voluntary and not required for registration on the website or for the use of online services.

We process the aforementioned data for the following purposes:

  • Registration with a user account on ID37,
  • Performing the ID37 personality test and creating the ID37 personality profile,
  • Provision and evaluation of your personal ID37 personality profile,
  • Disclosure of your first and last name and, if applicable, your profile picture to other registered ID37 users in order to be found by other registered users within the ID37 search, provided that you let this online service enabled in your user account,
  • Disclosure of your first and last name and, if applicable, your profile picture, your personality profile and other data to other registered ID37 users for networking in a network and/or in a team, provided you let this online service enabled in your user account,
  • Disclosure of your first and last name, your profile picture and, if applicable, your personality profile and other data to your Master for joint evaluation if you have registered with us at the invitation of a Master and taken the personality test or if you have networked with your Master after taking the ID37 personality test on your own,
  • Use of AI Coach Jay (please note: You will be informed about the processing of your personal data when using AI Coach Jay in a separate Privacy Policy prior to its activation),
  • Communication and further performance of the contract with you, including billing (invoices, reminders, etc.).

The legal basis for the processing of your data for the purposes mentioned here is Art. 6 para. 1 lit. b) GDPR. The processing takes place upon your request and is necessary for entering into and performance of the user contract, as well as for the provision of our online services in accordance with our General Terms and Conditions.

You may delete your user account and the data stored by us at any time by selecting the corresponding function in your user account (see also Section 8). Please note that we reserve the right to anonymize some of your personal data stored with us before deleting your user account and to aggregate it into anonymous user profiles. This data includes the test result, as well as the data year of birth, gender, nationality, country of residence, and, if available, education. This process anonymizes the data, preventing future association with you.

The legal basis for this is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in using the anonymized data records obtained in this way follows from our need to conduct internal statistical analyses and to further develop our test. Since the data loses its personal reference, our interest in its anonymized or pseudonymized use regularly outweighs the interest of our users in its complete deletion.

If you provide us with your email address for the purpose of sending newsletters via a "double opt-in" procedure ("DOI" for short), we process your first name, last name, and email address for the newsletter mailing. We work with the Brevo service of the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin ("Sendinblue"), and transfer your personal data to them. The legal basis for the processing of this personal data is Art. 6 para. 1 lit. a) GDPR as a result of your consent. You may opt-out from the newsletter at any time and free of charge by following the unsubscribe link included in each newsletter. Once you opt-out, your email address will be immediately deleted from the newsletter distribution list.

7 - Involvement of external service providers

We work with a number of external service providers to enter into and perform contracts with our customers and to manage our company. In this context, we may also share personal data with these service providers. Unless stated separately in this Privacy Policy, the legal basis for the processing of this data is Art. 6 para. 1 lit. b) GDPR, insofar as the involvement of the external service providers is necessary for entering into and performing the contract with you. If the integration of external service providers serves the administration and improvement of our internal processes, this constitutes our legitimate interest in data processing, for which the legal basis is Art. 6 para. 1 lit. f) GDPR.

We exclusively work with external service providers who are either bound to comply with data protection regulations either by professional law or by a data processing agreement. Where data processing may occur in areas outside the EU/EEA without a comparable data protection level, we have entered into a contract with service providers based on the EU standard contractual clauses, ensuring an adequate level of data protection.

In addition to the external service providers identified elsewhere in this Privacy Policy, we work with the following providers and may also transfer your personal data to them:

  • Order and payment processing: Unzer Luxemburg S. A.
  • Hosting and infrastructure: Amazon Web Services (AWS), Webflow
  • Content Delivery Network (CDN) with DNS: Cloudflare
  • Contact and download forms on the website: Typeform
  • IT service provider: Conciso GmbH
  • Newsletter dispatch and newsletter tracking: Brevo
  • Webinar tool: Zoom
  • Appointments: Calendly.

For further information on the service providers and tools we use, please contact us at any time using the contact information provided in section 1.

8 - How long will your data be retained?

We store your data only as long as required by law. Data resulting from your status as a customer of one of our online services is generally retained for 10 years. Invoices are also retained for 10 years in accordance with applicable tax law. Your data is then regularly deleted as soon as they are no longer required for the fulfillment of contractual or legal obligations.

You have the option to delete your user account and the data we have stored about you at any time (see also section 6). This does not apply to data for which we are subject to a statutory retention period.

9 - Your rights

As a data subject, you have the following data protection rights:

  • Art. 15 GDPR: Right to information,
  • Art. 16 GDPR: Right to rectification of inaccurate and completion of incomplete data,
  • Art. 17 GDPR: Right to erasure of your data
  • Art. 18 GDPR: Right to restriction of processing of your data
  • Art. 20 GDPR: Right to data portability
  • Art. 7 para. 3 GDPR: Withdrawal of your consent.

You also have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

______________

Right of objection

If your data is processed by us on the basis of legitimate interests as outlined in Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your data in accordance with Art. 21 GDPR on grounds relating to your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without the need to specify a particular situation.

______________

If you wish to exercise any of these rights, please send an e-mail to hello@id37.io.

We reserve the right to amend or adapt this Privacy Policy at any time, in accordance with the applicable data protection law.

Why ID37ID37 BookNews
World of WorkReferencesProducts
ID37 CampusMaster finderFAQ
Contact
DE
/
EN
© 2021 ID37
PrivacyImprintTerms & ConditionsStandard Revocation Form
Cookie Settings