Transparency
Data protection
Privacy policy
Transparency at a glance
1 General information
The following declaration informs you about what type of personal data we collect as the responsible party, for what purpose, and to what extent this data is made accessible to third parties.
1.1 Responsible body and data protection officer
MORESOPHY GmbH
Hofmannstrasse 9
81379 Munich
Email: info[at] moresophy[dot] com
Telephone: +49 (0) 89 4444 3351 0
Data Protection Officer
Carola Sieling
Technologiewerft GmbH c/o Sieling Law Firm
Gurlittstrasse 24, 20099 Hamburg
Phone: 040/419 239 21
Email: info@technologiewerft.de
1.2 Agreement between joint controllers
This website is jointly provided by the aforementioned companies, which use shared servers and IT services for this purpose and jointly determine the purposes and means of processing personal data. The companies are therefore considered “joint controllers” within the meaning of Art. 4 No. 7 in conjunction with Art. 26 (1) Sentence 1 GDPR.
We have agreed that, in general, the first-named company is responsible for fulfilling our obligations under the GDPR, particularly with regard to data subject rights and information obligations. In specific, specific cases, another company may be responsible if it is most closely related to the process in question.
You can of course address any concerns relating to data protection and your rights as a data subject to any of our companies or your respective contact persons and/or our data protection officer.
1.3 Legal basis for the processing of your personal data
The processing of personal data requires a legal basis, which we would like to present to you below.
For processing of personal data for which we obtain the consent of the data subject, Article 6 paragraph 1 letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also includes processing operations necessary to implement pre-contractual measures.
To the extent that processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 paragraph 1 letter c GDPR serves as the legal basis.
If processing is necessary to protect the legitimate interests of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the aforementioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing. Our company’s legitimate interest lies in conducting our business activities and analyzing, optimizing, and maintaining the security of our online offering.
1.4 Rights of the data subject
You have the right to information about the personal data we have stored about you. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it was not collected from us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
According to legal provisions, you also have the right to correct inaccurate data, restrict processing, request data portability, and delete your personal data. To do so, send us an email with “Data Protection” in the subject line.
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates the statutory provisions.
For reasons related to your particular situation, you may object to the processing of personal data concerning you by us based on Art. 6 (1) (e) or (f) GDPR at any time; this also applies to profiling based on these provisions (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
In the case of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Your objection means that the personal data will no longer be processed for these purposes.
If you have given your consent, you have the right to revoke it at any time. This does not affect the legality of the processing carried out on the basis of your consent until the revocation.
We do not currently carry out any automated decision-making, including profiling.
If you exercise one of the aforementioned rights as a data subject , we will process your personal data collected in this context to respond to your inquiry . Your personal data is processed to fulfill a legal obligation .
In the event of an objection , we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and freedoms , or your personal data is used to assert, exercise or defend legal claims.
1.5 Storage period of personal data
Unless we have provided specific storage instructions, the following applies: We store personal data for the duration of the respective statutory retention period or as long as the purpose for which it was collected exists. After the retention period has expired, the data is routinely deleted unless it is necessary to initiate or fulfill a contract. If user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted as far as possible. Accordingly, the data is blocked wherever possible and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
2 Contractual processing
When you enter into a contractual relationship with us or request one, we generally collect the following data: title, first and last name, email address, address, telephone/mobile number, information necessary for the execution and initiation of the contract.
We need this data to identify you as a contractual partner, execute the contract, contact you, and for billing purposes. Data processing is carried out at your/our request or order and is necessary for the stated purposes for the mutual fulfillment and compliance with the contractual relationship.
We may also process data based on a legitimate interest, e.g., when asserting or defending against claims arising from the contractual relationship. The personal data collected will be stored until the end of the contractual relationship and then deleted, unless we are legally obligated to store it for a longer period due to retention and documentation obligations under tax and commercial law (under the German Commercial Code, the German Criminal Code, or the German Fiscal Code).
We use the data of our (future) contractual partners and employees (first name, last name, and, if applicable, address) to perform comparisons against so-called sanctions lists. Sanctions lists are centrally compiled and maintained lists of individuals, associations, or companies against which government economic or legal restrictions have been imposed. Various regulations oblige us to take measures to prevent support from being provided to business partners, suppliers, and even our (potential) employees if they are included on the lists. We only use the data to ensure that these individuals are not included on any of the sanctions lists. We need this information to fulfill our legal obligations and to avert possible sanctions. This is also in our legitimate interest.
3 Application data
When you apply to us, we receive data from you. We process the data you sent us in connection with your application in order to check your suitability for the position and to carry out the application process. Please note that your data will be accessible to our human resources department and the departments relevant to the position to be filled. For data protection reasons, we ask you to ensure that you only provide the data necessary for your application. The legal basis for the processing of your personal data in application procedures is Section 26 of the Federal Data Protection Act (BDSG) and Article 6 (1) (b) of the GDPR. This permits the processing of data that is necessary in connection with the decision on establishing an employment relationship. Should the data be required for legal proceedings after the application process has been completed, data processing may take place on the basis of the requirements of Article 6 (1) (f) of the GDPR to protect legitimate interests. Our interest then lies in the assertion or defense of claims.
In the event of a rejection, applicant data will be deleted after six months at the latest. If you have consented to the continued storage of your personal data, we will add your data to our applicant pool. The data will be deleted after two years. If you are selected for a position as part of the application process, the data will be stored permanently for the purpose of implementing the employment relationship. You can change or delete your application at any time, and you can revoke any consent you have given at any time.
4 Data processing within the website
4.1 Log files, hosting
The server statistics automatically store data that the browser transmits to us within the scope of our legitimate interest in analysis and for security reasons (so-called “log files”).
These are the following data in detail:
Language and version of the browser software
- operating system used and its interface
Referrer URL (the previously visited page)
- Hostname of the accessing computer (IP address)
Date and time of the server request
Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- amount of data transferred
- Access status/HTTP status code
We generally cannot assign this data to specific individuals. This data is not merged with other data sources. Furthermore, the data is deleted within 7 days after statistical analysis. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
We use hosting services. These serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services to maintain the operation of this online offering.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer.
4.2 Contact
When you contact us by email or via a contact form, we will store your information in order to answer your questions.
As a general rule, data will not be passed on to third parties unless applicable data protection regulations justify a transfer or we are legally obligated to do so. You can revoke your consent at any time with future effect. Upon revocation, your data will be deleted immediately unless there is a legal exception to further processing. Otherwise, your data will be deleted once we have processed your request or the purpose for storage no longer applies, and no other conflicting legal exceptions apply.
4.3 Cookies
Cookies are small text files stored on your device that allow the cookie-setting entity to receive certain information. They are designed to make our website more user-friendly and effective and/or to facilitate your navigation on our website.
We only use non-essential cookies with your consent. You can revoke this consent at any time for future use.
Consent is voluntary, and you can use our website without accepting cookies. You can also configure your browser settings according to your preferences and, for example, reject the acceptance of third-party cookies or all cookies, or delete cookies that have already been saved. If you do not accept cookies, please note that in this case, our service may not function correctly. Unless we provide other information for the individual topics mentioned in this privacy policy or in the cookie banner, the lifespan of cookies is 24 months.
You can find out which function on our website uses cookies in the individual function descriptions in our privacy policy and in the cookie banner.
4.4 Comments and contributions
You can create public comments and other posts on our website. When you submit a comment, it will be displayed for everyone to see in the corresponding post, along with the username you provided, the date, and the time. Any email address you provide will not be published. When you submit a comment, we store your IP address internally in addition to the data you provide. This is because we may be liable for the publication of illegal content and are therefore interested in the identity of the author.
5 Newsletter and information for interested parties
5.1 Newsletter
If you would like to receive the newsletter offered on our website, we require a valid email address from you that allows us to verify that you are the owner of the specified email address or that the owner agrees to receive the newsletter.
After you provide your email address, we will send you a confirmation email to the address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm this within 24 hours, your data relating to the newsletter will be automatically deleted. If you confirm your wish to receive the newsletter, we will store your email address until you unsubscribe from the newsletter.
We only send newsletters with your consent or legal permission.
You can revoke your consent to the storage of your data, your email address, and their use for sending the newsletter at any time. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If a user has only subscribed to the newsletter and then canceled their subscription, their personal data will be deleted.
We work with a shipping service provider.
Newsletter service: CleverReach and HubSpot
The newsletter is sent via CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, referred to as the “shipping service provider.” You can view the shipping service provider’s privacy policy here: https://www.cleverreach.com/de/datenschutz/.
We also use HubSpot’s services to organize our newsletter. Further information can be found in Section 7.
5.2 Information to existing customers
If you, as our contractual partner, have entered into a contract for our services, we will offer you further information about our own similar services via the email address provided upon conclusion of the contract (Section 7 III of the German Unfair Competition Act). You may object to this transmission at any time.
These mailings are based on our legitimate advertising interest.
6 Transfer of data: General and contractual purpose
We share data with third parties if this is necessary to fulfill the contract and/or if we are legally obligated and/or authorized to do so in individual cases. The data is typically shared with contracted service providers, including those responsible for hosting, operation, maintenance, and support of IT systems, communications systems, and disposal. In addition, your data may also be transferred to postal or delivery services, your bank, tax advisors/auditors, and lawyers.
7 Sharing of data: Tools within the scope of the operation of the website and online services
In some cases, we use external service providers with your consent or based on our legitimate interests with regard to the analysis, optimization, and economic operation of our online offering. If you have given your consent to tools that are not necessary for the operation of the website, you can change these settings at any time. Our service providers are listed below.
If your data is to be used for other purposes, we will inform you in advance and will only use the data if you have previously expressly given your further consent.
7.1 Service providers
With your consent, we use services for the optimization and economic operation of our online offering for which Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) is responsible.
Google LLC is certified under the Data Privacy Framework, so that possible measures have been taken to ensure compliance with European data protection law.
7.1.1 Google Maps
This website contains content from Google Maps. We would like to display this embedded map material to help you find the locations shown/mentioned more easily. Our cooperation with Google for this processing is based on a joint controllership agreement pursuant to Art. 26 GDPR, which you can find here: https://privacy.google.com/intl/de/businesses/mapscontrollerterms
By visiting the website, the third-party provider receives the information that you have accessed the corresponding subpage of our website. Furthermore, the data automatically sent via your browser, such as your IP address, is transmitted to Google Maps in the USA and stored there. The provider may save this data as a usage profile and use it for advertising and market research purposes. If you are logged in to Google at the same time, this data will be directly assigned to your account. If you do not wish to be assigned to your profile, you must log out before activating the button.
Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how Google uses it. Detailed information on the purpose and scope of data collection and processing by Google Maps can be found in the provider’s privacy policy at http://www.google.de/intl/de/policies/privacy/ .
7.1.2 Google reCaptcha
To protect against misuse, we use the Google reCaptcha identification service on our website. The reCaptcha query is used to distinguish whether the entries in the online form were made by a human or abusively through automated machine processing. The query includes sending your IP address and other data required by Google for the reCaptcha service to Google. This data is transmitted to Google servers in the USA, where it is stored and processed. Google may pass the collected data on to third parties. We would like to point out that as the provider of the pages we have no knowledge of the content of the transmitted data or its use by Google. The privacy policy of the company Google applies to this data. In the respective reCaptcha window you will find a corresponding link to the current privacy policy of Google Inc. under “Privacy Policy”. You can also access this at https://www.google.com/intl/de/policies/privacy/.
You can avoid the corresponding data collection by not using the reCaptcha function. Please note that in this case, no requests can be sent.
7.1.3 Google YouTube
We use YouTube, a service provided by Google, to embed videos.
These videos are stored on www.youtube.com and can be played directly from our site. YouTube uses cookies to collect and statistically analyze data. YouTube uses cookies, among other things, to collect reliable video statistics, prevent fraud, and improve user-friendliness. The information generated by the cookie about your use of this website (including your IP address) is transmitted to and stored by YouTube on servers in the United States. Your IP address cannot be assigned to you unless you are logged in to YouTube or another Google service before accessing the page, or are permanently logged in. If you do not want this to happen, you must log out of your YouTube account and your other Google accounts.
Through the YouTube cookies, we receive statistical values for the retrieval of individual videos embedded in the website without any reference to the respective user.
The embedded YouTube videos are used within the scope of the permitted use by YouTube, which all users must accept. If you see any copyright infringement, please report this directly to YouTube. We use embedded YouTube videos in extended privacy mode. This means that YouTube does not store cookies for a user who displays a website with an embedded YouTube video player but does not click on the video to start playback. If the YouTube video player is clicked, YouTube may store cookies on the user’s computer. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or how it is used by YouTube. For more information about YouTube’s official privacy policy, please see https://www.google.de/intl/de/policies/privacy/ and https://support.google.com/youtube/answer/171780?hl=de .
7.1.4 Google Web Fonts
Google Web Fonts are used to visually enhance the display of various information on this website. The web fonts are transferred to the browser’s cache when the page is accessed so that they can be used for display purposes. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font. No cookies are set for the website visitor when the page is accessed.
Data transmitted in connection with the page visit is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. This transmits which of our websites you have visited. The IP address of the browser on the device used by visitors to these websites is also stored by Google. This data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
You can configure your browser so that fonts are not loaded from Google servers. Information about Google Webfonts’ privacy policy can be found at: https://developers.google.com/fonts/faq#Privacy General information on data protection can be found in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/
7.2 HubSpot
We use HubSpot as a CRM, also for marketing and customer service. HubSpot is a platform developed by the US software company HubSpot Inc. with an office in Ireland (2nd Floor, 30 North Wall Quay, Dublin 1, Ireland). EU standard contractual clauses have been agreed with HubSpot, and HubSpot is certified under the Data Privacy Framework, thus taking possible measures to ensure compliance with European data protection law.
HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include:
Email marketing (newsletter organization), reporting (e.g. traffic sources, accesses, etc.), contact management (e.g. user segmentation & CRM).
If, in addition to our customer relationships, we use HubSpot to evaluate access and traffic on our website for marketing purposes, using HubSpot pixels and your personal data such as IP addresses, this will only be done with your consent. Further information can be found at: https://knowledge.hubspot.com/de/ads/hubspot-ads-privacy-features
More information about HubSpot’s privacy policy: https://legal.hubspot.com/privacy-policy
More information from HubSpot regarding security regulations https://legal.hubspot.com/security
7.3 Real Cookie Banner
This website uses the Real Cookie Banner as a consent management solution from devowl.io GmbH, Tannet 12, 94539 Grafling. This is a technically necessary cookie to store your cookie consent. The Real Cookie Banner does not process any personal data.
This is where the consent you gave when you entered the website is stored. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
7.4 Vimeo
With your consent, plug-ins from the video portal Vimeo, operated by Vimeo, LLC, 555 West 18th Street, New York 10011, USA, are integrated into our website. EU standard contractual clauses have been agreed with Vimeo, so that possible measures to ensure compliance with European data protection law have been taken.
If you have given your consent, each time you visit a page that offers one or more Vimeo video clips, a direct connection will be established between your browser and a Vimeo server in the USA. Information about your visit and your IP address will be stored there. Interactions with Vimeo plug-ins (e.g., clicking the start button) also transmit this information to Vimeo and store it there.
If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your member data stored by Vimeo, you must log out of Vimeo before visiting this website.
The privacy policy for Vimeo with further information on the collection and use of your data by Vimeo can be found at http://vimeo.com/privacy .
8 Data storage outside the EU/EEA
If indicated above in the individual tool descriptions, we use tools from US third-party providers. To the extent necessary for the stated purposes, your IP address may be processed outside the European Economic Area, where a level of data protection corresponding to European standards is not always consistently guaranteed and confirmed (e.g., through appropriate safeguards within the meaning of Art. 46 GDPR or an adequacy decision of the European Commission). Therefore, it cannot be ruled out that security authorities in a third country may gain access to your IP address without you being able to take legally effective action against it.
The transfer of your IP address to these third-party providers is carried out in accordance with Art. 49 (1) (a) GDPR on the basis of your express consent, which you have granted in the consent banner. This consent is voluntary. You can revoke it at any time with future effect. This will not result in any disadvantages for you.
According to some US third-party providers, a level of protection equivalent to European standards is already guaranteed by the conclusion of so-called standard contractual clauses and additional measures taken in accordance with the Schrems II ruling. However, since the suitability of such measures to ensure an adequate level of data protection is controversial, we have decided to transmit your IP address only with your consent.
The certification of some companies under the Data Privacy Framework (DPF) serves to ensure the level of protection and can be requested here: https://www.dataprivacyframework.gov/s/ . This certification is sufficient as a measure to ensure an adequate level of data protection.
9 Our presence in social media
You can find us online within social networks and platforms. We would like to use these presences to communicate with our customers, interested parties, and users active there and to inform them about our services and our company.
The processing of personal data of users active there is based on our legitimate interest in communicating and providing information to and with users. If users have given their consent to data processing within the framework of the respective social platform, the processing will be based on this consent.
If you visit one of our social media presences, we and the operator of the social platform are jointly responsible for the data processing operations initiated during that visit. You can generally assert your rights (rights of access, rectification, erasure, restriction of processing, data portability, and complaint, see the following section “Rights of the data subject”) both against us and against the operator of the respective social platform.
We would like to point out that, despite our shared responsibility, we do not have full influence over the social platform’s data processing procedures and may forward the rights request to the respective operator to better process the data subject’s rights. Our options are generally based on the company policy of the respective provider.
Our storage information can be found below. We have no influence on the storage period of your data, which is stored by the operator of the social platform for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).
Depending on the social platform mentioned below, user data processing may also take place outside of the European Union. EU standard contractual clauses have been agreed with the US companies or they are certified under the Data Privacy Framework (DPF), so we have taken the necessary measures to ensure compliance with European data protection law.
User data is generally processed by the platforms for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests. These user profiles can then be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies are generally stored on users’ computers in which the user behavior and interests are saved. The user profiles can also store data independent of the devices used by the users. This occurs in particular when users are members of the respective platforms and are logged in to them.
For a detailed description of the respective processing and the options for objection, we refer to the information provided by the providers linked below.
9.1 Google/ YouTube
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
9.2 Twitter (X)
(Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)
Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
9.3 LinkedIn
(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy Policy https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
9.4 Xing
(New Work SE, Am Strandkai 1, 20457 Hamburg)
Privacy Policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung