Privacy Policy

Status: November

With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European Data Protection Regulation (GDPR). This privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

  1. Controller

    Controller in the sense of the GDPR is 

    Recyda GmbH
    Kaiser-Joseph-Straße 254
    79098 Freiburg im Breisgau

    info@recyda.com

  2. Data Protection Officer

    You can reach our data protection officers as follows:

    secjur GmbH

    Steinhöft 9

    20459 Hamburg

    Phone: +49 40 228 599 520

    E-mail: dsb@secjur.com

    You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection and the exercise of your rights.

  3. Definition

    This privacy policy is based on the terminology of the GDPR. For your convenience, we would like to explain some important terms in this context in more detail:

    • Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
    • Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    • Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
    • Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data for the provision of the website and the creation of the log files

If you use this website for purely informational purposes without otherwise transmitting data to us (e.g., by registering or using the contact form), we collect via server log files technically necessary data that are automatically transmitted to our server, including:

The temporary storage of data is necessary for the course of a website visit in order to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis of the processing is thus Art. 6 para. 1 p. 1 lit. f GDPR, in order to guarantee the provision, security and stability of our website.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored directly and exclusively accessible to administrators.

For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from the server provider Webflow Inc. 398 11th St., Floor 2 San Francisco, California 94103-4881 (web host). The personal data is thereby transferred to the USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Webflow is certified under the EU-U.S. Data Privacy Framework. 

Date and time of access 

  1. IP address 
  2. Host name of the accessing computer 
  3. Website from which the website was accessed; websites accessed via the website 
  4. Visited page on our website; Amount of data transferred 
  5. Information about the browser type and version used 
  6. Operating system 
  7. Access status (e.g., whether the web page could be accessed without problems or whether you received an error message) 
  8. Use of website functions 
  9. Entered search terms 
  10. Access frequency of the individual web page 
  11. Data volume transferred 
  12. Other websites that you visit starting from this website, either by clicking on a link on this website or by directly entering the domain in the input bar in the same window of your browser
  13. Email services and web hosting

    We use web hosting services from Webflow, for the sending, receiving as well as storing of emails, e.g., at the provision of our web store or contact form, we use Amazon Web Services, Inc. (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109). The personal data is thereby transferred to the USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Amazon is certified under the EU-U.S. Data Privacy Framework.

    For these purposes, the addresses of the recipients and senders as well as further information regarding the email dispatch (e.g., the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that emails are generally not sent encrypted on the Internet. As a rule, emails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the emails between the sender and the reception on our server. The legal basis for the provision of these services is our legitimate interest pursuant to Art. 6(1) s. 1 lit. f GDPR to ensure the provision, security and stability of the email service.

  14. Content Delivery Network (CDN)

    We use a content delivery network (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet. This means that the website is not hosted on a single server, but is delivered via a network of geographically distributed, possibly interconnected servers. The server used is the one closest to you as the user. As a result, the CDN processes all of the aforementioned personal data that is required to provide the website.

    The legal basis for the use of a CDN are our legitimate interests according to Art. 6(1) s. 1 lit. f GDPR to provide you with the best and fastest connection, from which you as a user also benefit.

    As CDN we use the provider server provider Webflow Inc. 398 11th St., Floor 2 San Francisco, California 94103-4881 (web host). The personal data is thereby transferred to the USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Webflow is certified under the EU-U.S. 

    We also use Amplify as part of the AWS cloud (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109). The personal data is thereby transferred to the USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Amazon is certified under the EU-U.S. Data Privacy Framework.

  15. Registration, login and user account

    You can also create a customer account in which we store your data for further purchases. Please refer to the app privacy policy for further information. 

  16. Contact form

    Through our website you have the possibility to contact us via the " book a demo". In the course of contacting you and responding to your inquiry, we process the following personal data from you:

    • [First and last name
    • Company
    • E-mail address
    • Date and time of the request
    • IP address
    • Communication content, if applicable]

    If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6(1) s. 1 lit. b GDPR. Otherwise, for the protection of our legitimate interests pursuant to Art. 6(1) s. 1 lit. f GDPR to respond to customer/contact inquiries. 

    We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.

    The provision of our contact form takes place via HubSpot Germany GmbH (Adresse: HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland). The personal data can thereby transferred to the USA (Hubspot Inc.). USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. HubSpot is certified under the EU-U.S. 

  17. Job applications
    1. On the website

      If you apply to our company, we process your application data exclusively for purposes related to the processing of your application. By submitting an application exclusively via email, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data will be collected:

      • Name (first as well as last name)
      • Email address
      • Application Documents

    You also have the option of providing us with documents such as a cover letter, your resume and references. These may contain further personal data such as date of birth, address, etc.

    In addition, we offer you the opportunity to be included in our "applicant pool". You must give your prior consent to this inclusion. With your consent, we will store your data in our applicant pool for six months after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for an apprenticeship or internship.

    Your application will only be processed and noted by the relevant contacts at our company. The legal basis for processing of your data is the initiation of a contract pursuant to Art. 6(1) s.1 lit. b GDPR, which is based on your request. If we obtain your consent (e.g., for inclusion in our applicant pool), this constitutes the legal basis for this storage pursuant to Art. 6(1) s. 1 lit. a GDPR. 

    If you receive an offer of employment with us as part of the application process and accept it, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.

    If we are unable to offer you employment, we will retain the data you have provided for up to six months after any rejection for the purpose of answering any questions you may have in connection with your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. 

  18. Presence in social networks (social media)

    We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing activities. In the following, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles.

    When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data and about the type, scope and purpose of their use by the operator of the respective social network, please refer to the following statements.  

    1. Instagram

      When you visit our Instagram profile, certain information about you is processed. We can only view the information stored in your public Instagram profile (such as your profile picture or information you share on a public Instagram profile), and only if you have such a profile and are logged into it while visiting our Instagram page. 

      In addition, the operator of the platform, Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland (Meta), provides us with anonymized statistics and insights for our Facebook/Instagram page, which help us gain insights into the types of actions people take on our page (Page Insights). These Page Insights are created based on certain information about people who have visited our page. 

      The processing of your personal data in connection with the operation of our Facebook/Instagram profile is carried out on the basis of a balance of interests pursuant to Art. 6(1), s. 1 lit. f GDPR in order to offer you a timely and supportive information and interaction option with and about us. Furthermore, the processing serves our legitimate interest to evaluate the types of actions taken on our Instagram profile and to improve our profile based on these findings. The legal basis for this processing is therefore Art. 6(1) s. 1 lit. f GDPR. If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6(1) s. lit. b GDPR.

      Processing of Page Insights is carried out by Meta and us as joint controllers. We cannot attribute the information obtained via Page Insights to individual Facebook/Instagram profiles that interact with our Instagram profile. We have entered into a joint controller agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details about the processing of personal data to create Page Insights and the agreement entered into between us and Meta are available here. In relation to this data processing, you have the option of asserting your data subject rights (see "Your rights as a data subject") against Meta as well. Further information on this can be found in Meta's Privacy Policy. Meta offers the possibility to object to data processing; you can find information on this and opt-out options here in your account.

      Please note that according to the meta data protection regulations, user data is also processed in the U.S. or other third countries. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework.

    2. LinkedIn

      When you visit our LinkedIn company profile, certain information about you is processed. In the case of direct messages to us or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your username.

      In addition, the operator of the platform, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn), processes personal data when you visit our LinkedIn company profile, follow this page or engage with the page, to provide us with statistics and insights in anonymized form. This provides us with insights into the types of actions that people take on our site (Page Insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, such as whether you are a follower of our LinkedIn company profile. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. 

      The processing of your personal data in connection with the operation of our LinkedIn company profile is carried out on the basis of a balancing of interests pursuant to Art. 6(1) s. 1 lit. f GDPR in order to offer you an up-to-date and supportive information and interaction option with and about us. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company profile and to improve our company profile based on these findings.

      This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have reached an agreement with LinkedIn on processing as joint controllers, which specifies the distribution of data protection obligations between us and LinkedIn. The agreement is available here. Accordingly, the following applies:

      • LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details to exercise your rights in connection with the processing of personal data in the context of the Page Insights. In such a case, we will forward your request to LinkedIn.
      • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.

      In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research as well as for purposes of advertising, customer support, analysis and security. LinkedIn is the sole controller for the processing of personal data when visiting our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are described in LinkedIn's data policy. Further information about the processing of personal data by LinkedIn can be found here .

      Please note that in accordance with the LinkedIn Privacy Policy, personal data may also be processed by LinkedIn in the U.S. or other third countries.

  19. Plugins and embedded functions and content

    We use social plugins from various social media platform providers (providers) on our website. When you call up one of our websites that contains such a plugin, your browser establishes a direct connection with the servers of the provider in question. The content of the plugin is transmitted by the provider directly to your browser and integrated by it into the website. 

    By integrating the plugins, the provider receives the information that you have accessed the corresponding page of our website. In the process, various usage data (such as the URL called up and the IP number of the user) are forwarded to the third-party provider and the latter may set cookies that identify the user. If you are logged in to the respective provider, the provider has the possibility to assign this information to your account. Based on this data, content or advertising can be offered tailored to you. Information on this and on the available setting options can be found on the following websites: 

    The legal basis for the processing of the data is your consent pursuant to Art. 6(1) lit. a GDPR . We integrate the plugin in each case via the so-called "two-click solution". When you visit our website, no personal data is transferred to the plugin owner. Only when you give your consent via the integrated pre-switch button, a data flow from our website to the respective provider starts. 

  20. Cookie banner

    When you visit our website or a sub-website for the first time and it contains cookies, you will be shown a "cookie banner". There you will be informed about the individual cookies that we use. You can find out about each individual cookie with regard to the name, the provider, the purpose of the processing and the storage period. 

    With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of cookies that are not necessary. Processed are:

    • Usage data (e.g., web pages visited, time of access)
    • Meta and communication data (e.g., IP address)

    The legal basis for the use of the cookie banner is Art. 6(1) s. 1 lit. f GDPR. We have an overriding legitimate interest in using the cookie banner, which allows us to obtain the legally required consent for the use of cookies that are not necessary and to comply with our duty to provide information regarding cookies

    The cookie banner stores the preferences until you reset or customize them.

    The cookie banner is provided via the provider iubenda s.r.l, Via San Raffaele, 1 - 20121 Milan (Italy).

  21. Matomo

    We analyse the movement of visitors to our website in order to improve our offering. We use the software Matomo, a service provided by InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand). We use Matomo with the following data protection-friendly settings 

    - Pseudonymisation of the IP address to 2 bytes

    - Use of the anonymised IP address for the processing of visits

    - Tracking without cookies 

    - Query parameters are removed from the referral URL

    - Geolocalisation restricted to country level

    We host Matomo ourselves and operate the service locally. No data is passed on to the provider. Further information can be found at https://matomo.org/docs/privacy/

    When individual pages of our website are accessed, the following data is collected 

    - Pseudonymised IP address (the IP address is truncated after two bytes for pseudonymisation) 

    - Time of the visit 

    - URL of the website accessed 

    - Domain of the previously accessed website (the so-called referer, in abbreviated form) 

    - Browser used 

    - Geographical region from which access is made (restricted to country level)

    By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. 

    The legal basis for the processing of personal data is the legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.We have an overriding legitimate interest in improving our website. By analysing and evaluating the data collected, we can measure reach and collect information regarding the use of individual components of abordnetenwatch.de. This enables us to continuously optimise our website and make it more user-friendly. At the same time, we protect your personal data by anonymising your IP address and not using tracking cookies.Personal data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected - but after a maximum of 90 days.

  22. Transfer of personal data

    In the course of our processing of personal data, personal data may be transferred to or disclosed to other recipients. Recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your personal data with the recipients of your personal data.

  23. Data deletion and retention periods

    The personal data processed by us will be deleted in accordance with the legal requirements as soon as your consents permitted for processing are revoked or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. 

    As far as our privacy policy contains further information on the retention and deletion of personal data, thse have priority for the respective processing activities.

  24. Your rights as a data subject

    As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise any of your rights, please contact us via the contact addresses provided above or our data protection officer.

    1. Right of objection 

      You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1) lit. e or lit. f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    2. Right of access to your personal data 

      You have the right to request confirmation as to whether personal data in question is being processed and to information about this personal data, as well as further information and a copy of the personal data in accordance with the legal requirements.

    3. Right to rectification 

      In accordance with the legal requirements, you have the right to request that the personal concerning you be completed or that incorrect personal data concerning you be corrected.

    4. Right to erasure and restriction of processing 

      You have the right to demand that personal data concerning you be deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

    5. Restriction of processing  

      You have the right to demand that we restrict processing if one of the legal requirements is met.

    6. Right to data portability 

      You have the right to receive personal data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another controller.

    7. Right of withdrawal for consents 

      You have the right to revoke any consent you have given at any time.

    8. Complaint to supervisory authority 

      Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

  25. Modification and update of the privacy policy

    We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

    If we continue to develop our website and our offerings or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the current privacy policy at any time here.

27. Marketing Initiative
You can subscribe to free marketing initiatives on our website (e.g. via downloading reports or documents). When you register for marketing initiatives, the data asked in our forms is being transmitted to us. Your personal data will be used to carry out the marketing initiatives, enabling Recyda to send subscribers relevant messages by telephone or in writing. In order to keep our potential customers informed about the development of our products and services, we share the data of potential customers with our sales team, who identify potential customers for our products and services. Purpose of this processing is to send regular marketing emails and product information that we believe will be of interest to our prospects as well as to better understand how our subscribers interact with our marketing initiatives in order to provide better experiences and make our content more relevant.
The legal basis for the processing of data after registration for marketing initiatives by the user is Art. 6 (1) lit. a GDPR if the user has given his consent with double opt-in. As part of the double opt-in procedure, you will then receive an email from us to confirm your registration via a link contained therein. This process serves to prove that you are the owner of the e-mail address provided during registration and that you have consented to receiving marketing materials. We store the date and time of your confirmation and your IP address. The legal basis for the storage of this data is our legal obligation to document your consent, Art. 6 (1) lit. c GDPR, Art. 7 (1) GDPR. The user's personal data is stored for as long as the subscription to marketing initiatives is active. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected and statutory retention periods no longer require the data to be retained.
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. To unsubscribe from receiving such marketing content, either use the corresponding link in the footer of the email or revoke your consent by sending an email to info@recyda.com
-
We use external providers, HubSpot Inc. 25 1ST St Ste 200 Cambridge, MA 02141and Webflow Inc. 398 11th St., Floo 2 San Francisco, CA 94103, to manage your contact data for marketing purposes. This service provider receives your email address and other
necessary data. [The personal data is thereby transferred to the US. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. HubSpot and Webflow are certified under the EU-U.S. Data Privacy Framework.