Privacy policy

For us, the operators of the application “lithire” (hereinafter referred to as the platform, whether mobile app or web app), the protection of your data has a very high priority. We are aware that the data you provide to us while using our app is personal in nature. Therefore, we have designed the app in all versions according to the principles of Privacy by Design and Privacy by Default. This means that we have applied strict privacy principles from the very first stage of the app’s development and make privacy-friendly default settings for you whenever possible. In addition, our app is hosted exclusively in Germany. Furthermore, we process your data exclusively in accordance with the requirements of the European General Data Protection Regulation (GDPR).

With this privacy policy, we would like to inform you about our processing operations of your personal data. At the same time, we comply with our legal obligations, in particular from the European Data Protection Regulation (GDPR).

1. General

1.1 What is personal data

Personal data is information that discloses or can disclose the identity of the user. We adhere to the principle of data avoidance. As far as possible, we refrain from collecting personal data.

1.2 Handling of personal data

Personal data is used exclusively for the purpose of establishing the contract, defining its content, implementing or processing the contractual relationship (Art. 6 I p. 1 b GDPR).

Beyond that, personal data will only be processed if we have received your consent to do so (Art. 6 I S. 1 a GDPR) or if it is data whose processing is necessary for our legitimate interests and insofar as the balancing process shows that no overriding interests, fundamental rights or freedoms on your part are opposed (Art. 6 I S. 1 f GDPR).

We may use order processors to process your personal data, but will not pass on the personal data to third parties beyond this as a matter of principle.

For the processing of payments, the payment data required for this will be passed on to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected payment service provider.

The processing of your personal data takes place exclusively within the EU, unless otherwise stated below.

1.3 Processing when using the web version of our app (Web App)

When visiting the website, general technical information is collected. This is the IP address used, time, duration of the visit, browser type and, if applicable, the page of origin. For technical reasons, this usage data is registered in a log file and can be used and stored for the purpose of statistical analysis of this website. A linkage of this usage data with your other personal data does not take place.

1.4 Use of the mobile app on your mobile device

When using the mobile app, we process the personal data described below to enable convenient use of the functions. If you want to use our mobile app, we process the following data, which are technically necessary for us to offer you the functions of our mobile app and to ensure stability and security, so that they must be processed by us. The legal basis is Art. 6 I p. 1 f GDPR:

• IP address,

• Date and time of the request,

• Time zone difference from Greenwich Mean Time (GMT),

• Content of the request (page visited),

• Access status/HTTP status code,

• amount of data transferred in each case,

• previously visited page,

• Browser,

• Operating system and

• Language and version of the browser software.

The app also requires the following permissions:

• Internet access: This is required to save your entries on our servers

• Camera access: This is needed so that you can take and save a profile photo of yourself.

• Push notifications: These are needed to send you targeted push notifications with further information including a reminder about jobs.

• Device memory: This is required if the option of uploading a resume or photos is taken.

• Email notifications: This is needed to send you targeted emails with further information including a reminder about jobs.

These authorizations are explicitly requested in your mobile device (Art. 6 I S.1 a GDPR). A granted authorization can usually be canceled at any time in the settings of the device. If you do not grant permissions, this potentially restricts the usage options of the app. As a rule, however, the app can still be used.

In addition to the previously mentioned data, technical tools are used for various functions when you use our mobile app, which may be stored on your end device. We will inform you of which these are before you use the app for the first time by means of our Consent Management Tool.

1.5 Registration data

Registration is required for the comprehensive use of the functions of our platform. The registration data is collected through your corresponding entries and used for the specifically stated purpose in accordance with your consent (Art. 6 I S. 1 a GDPR).

1.6 Hosting of the app / server log files

During the informational use of our app, i.e. if you do not register or otherwise transmit information to us, we collect such data that your browser or mobile device transmits to our server in so-called server log files. A server log file is a simple text document that contains all activities of a certain server in a certain period of time (e.g. one day). It is automatically created and maintained by the server and provides a detailed insight into how and when the end device you use with the IP address you use accessed our server or app.

We collect a series of general data and information with each call of the app by you or an automated system. This general data and information is stored in the log files of the server. We may collect:

• Hostname / IP of the visitor,

• Exact time of the page call,

• Invoked URL,

• HTTP Status Code,

• Transferred bytes of the requested URL,

• if available, the referrer (referring page) and

• Information about the visitor’s browser and PC.

The storage period for this data is 1 day (unless otherwise required by law or a shorter storage period is appropriate). When using this general data and information, we generally do not draw any conclusions about your person. This information is rather required in order to

• to deliver the contents of our website correctly,

• to optimize the content of our website and the advertising for it,

• to ensure the long-term operability of our IT systems and the technology of our website, and

• to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Therefore, the collected data and information will be evaluated by us on one hand statistically and on the other hand with the aim to increase the data protection and data security, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

We use the Google Cloud infrastructure for hosting our website. We have concluded an order processing agreement with the provider to ensure, among other things, a consistent level of data protection.

The legal basis for the data processing described above is Art. 6 I S. 1 f GDPR. Our legitimate interest follows from the data collection purposes listed above. The Google Cloud Hosting infrastructure consists of the following partial services:

1.6.1 Firebase Realtime Database (Google Ireland Limited)

Firebase Realtime Database is a web hosting and backend service provided by Google Ireland Limited.

Personal Data Processed: Usage Data; various types of data as described in the Service’s Privacy Policy.

Processing Location: Ireland – Privacy Policy: https://policies.google.com/privacy.

1.6.2 Firebase Cloud Storage (Google Ireland Limited)

Firebase Cloud Storage is a web hosting service provided by Google Ireland Limited.

Personal Data Processed: Usage Data; various types of data as described in the Service’s Privacy Policy.

Processing location: Germany – Privacy policy: https://policies.google.com/privacy.

1.6.3 Firebase Hosting (Google Ireland Limited)

Firebase Hosting is a web hosting service provided by Google Ireland Limited.

Personal Data Processed: various types of data as described in the Service’s Privacy Policy.

Processing Location: Ireland – Privacy Policy: https://policies.google.com/privacy.

1.6.4 Google Cloud Storage (Google Ireland Limited)

Google Cloud Storage is a web hosting service provided by Google Ireland Limited.

Personal Data Processed: various types of data as described in the Service’s Privacy Policy.

Processing location: Germany – Privacy policy: https://policies.google.com/privacy.

1.7 Creating a user account as an applicant

We offer you the opportunity to register for our app as a user. We only collect data from you that we absolutely need to provide the service associated with the registration. The following data is collected

• Username (first and last name)

• Address (street, house number, postal code, city, country)

• Phone number

• E-mail address

• Date of birth

• Birthplace

• Details of your current job (job title, gross salary/month).

• Resume

• Information about your background and skills

• Search profile for the potential job

• Profile creation date

In addition, you can provide voluntary information if you wish. This is, for example, uploading a photo.

The processing of this data takes place for the implementation of the service – i.e. the matching of applicants and companies.

The restriction of our content to registered users also serves to simplify the experience of our users – they thus only see content that is relevant to their user group (employer, employee, educational institution). This represents a legitimate interest within the meaning of Art. 6 I S. 1 f GDPR.

We only transfer your data to an interested company in the event of a match by making this information available to the company via our app. The information is only accessible to the company as long as there is an open application process. You can withdraw the application at any time and thus object to its further availability. The transfer to interested companies is carried out as a pre-contractual measure within the meaning of Art. 6 I p. 1 c and, in the case of the use of personal applicant data resulting from the application, by Art. 88 I GDPR in conjunction with. § 26 I BDSG-new.

We use Firebase Authentication for registration. Firebase Authentication is a registration and login service provided by Google Ireland Limited. To facilitate the registration and login process, Firebase Authentication may use third party identity services and store the information on its platform. Personal Data Processed: Email; password; phone number. More information can be found here: https://policies.google.com/privacy

1.8 Creating a user account as a company

We offer you the opportunity to register for our app as a company. We only collect data about your company and its respective users that we absolutely need to provide the services associated with the registration.

• Name of the company,

• Address of the company (street, house number, postal code, city, country),

• Company Description,

• First and last name of the company representative using our app on behalf of his/her company (hereinafter referred to as “User”),

• Job title and position of the user in the company,

• business e-mail address of the user,

• Description of the advertised position,

• Logo of the company,

• Job title of the position offered,

• Salary range of the position offered,

• Search profile for potential candidates as well as

• Profile creation date

In addition, you can provide voluntary information if you wish. These are e.g.

• Company locations,

• Number of employees of the company and

• Photo of the company building.

This data is processed in order to provide our service – i.e. the matching of applicants and companies. The restriction of our content to registered users also serves to simplify the experience of our users – you will only see content that is relevant to your user group (employer, employee, educational institution). This represents a legitimate interest within the meaning of Art. 6 I S. 1 f GDPR.

1.9 Managing contacts and sending messages

These types of services enable the management of a database of email contacts, phone numbers or any other contact information in order to communicate with the user and enable users to communicate with each other.

The services may also collect data on what date and time message was read by the user, as well as when the user interacts with incoming messages, for example, by clicking on links contained therein. The processing is therefore carried out for the purpose of communication between users. This represents a legitimate interest within the meaning of Art. 6 I S. 1 f GDPR.

We use Firebase for this processing. Firebase Cloud Messaging is a messaging service provided by Google Ireland Limited. Firebase Cloud Messaging allows the owner to send messages and notifications to users via platforms such as Android, iOS, and the web. Messages can be sent to individual devices, groups of devices, on specific topics, or to specific user segments. The place of processing of the data is Germany. Personal data processed: different types of data, as described in the privacy policy of the service: https://firebase.google.com/support/privacy

1.10 Google Play Store and Apple App Store

We use the Google Play Store and Apple App Store services. The purpose of these is to host and operate main components of the application for this application so that this application can be offered from a unified platform. Such platforms provide the provider with a whole range of tools – for example, analysis and comment functions, user and database management, e-commerce and payment processing – which involve the processing of personal data. Some of these services operate with geographically distributed servers, so it is difficult to determine the location where the personal data is stored. This information is processed by the respective platform on an opt-in basis (Art. 6 para. 1S. 1a GDPR).

Google Play Store (Google Ireland Limited)

This application is distributed on Google Play Store, a mobile app distribution platform provided by Google Ireland Limited.

By distributing this application through this channel, Google collects usage and diagnostic information and shares it with the provider. Much of this information is processed on an opt-in basis.

Users can disable this analytics feature directly through their device settings. Users can find more information about managing analytics settings on this page.Personal Data Processed: Usage data. Processing location is Ireland.

Payments processed through the Apple App Store (Apple Inc.)

This application uses a payment service provided by Apple Inc. that allows the provider to offer in-app purchases of the application itself or within the application

Personal data processed to process purchases is processed by Apple as described in the App Store Privacy Policy: https://www.apple.com/legal/privacy/de-ww/. Personal data processed are email; last name; username; billing address; first name.

1.10 Duration of storage

We store your personal data after the termination of the purpose for which the data was collected, only as long as this is required by law (especially tax law).

2. your rights

2.1 Information

You can request information from us as to whether we are processing personal data about you and, if so, you have a right to information about this personal data and to the further information specified in Article 15 GDPR.

2.2 Right to rectification

You have the right to have inaccurate personal data concerning you corrected and, in accordance with Article 16 of the GDPR, you may request that incomplete personal data be completed.

2.3 Right to erasure

You have the right to demand that we delete the personal data concerning you without undue delay. We are obliged to delete them immediately, in particular if one of the following reasons applies:

• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

• You withdraw your consent on which the processing of your data was based and there is no other legal basis for the processing.

• Your data has been processed unlawfully.

The right to erasure does not exist insofar as your personal data is required for the assertion, exercise or defense of our legal claims.

2.4 Right to restriction of processing

You have the right to demand that we restrict the processing of your personal data if

• you dispute the accuracy of the data and we therefore verify the accuracy,

• the processing is unlawful and you refuse the erasure and request the restriction of use instead

• we no longer need the data, but you need it to assert, exercise or defend legal claims,

• you have objected to the processing of your data and it has not yet been determined whether our legitimate grounds outweigh your grounds.

2.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by us with the aid of automated processes.

2.6 Right of withdrawal

Insofar as the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.

2.7 General and right of complaint

The exercise of your above rights is in principle free of charge for you. In the event of complaints, you have the right to contact the supervisory authority responsible for us, the State Data Protection Officer, directly.

3. Data security

3.1 Data security

All data on our platform is secured by technical and organizational measures against loss, destruction, access, modification and distribution.

3.2 Sessions and cookies

To operate the website, we use cookies or cookie-like technologies and server-side sessions in which data can be stored. We ensure that no personal data is taken from sessions or through cookies without your express consent and that cookies are only used if this is technically necessary for the platform or app (e.g. spam protection for contact form, shopping cart function) and thus the consideration shows that there are no overriding interests on your part (Art. 6 I p. 1 f GDPR) or there is express consent on your part. We use cookies after your explicit consent to personalize content and ads, to offer social media features and to analyze the access to our platform and app. We may share information about your use of our Platform and App with our social media, advertising, and analytics partners with your consent. Our partners may be able to combine this information with other data that the partners already have about you.

4. Anonymized collection of research data

We, the company leap in time GmbH, have been dealing with the future of the working world since our foundation. Research in this area has been firmly anchored in the company’s mission for years. To this end, we use anonymized data to continuously investigate general trends in the labor market, as well as trends related to individual occupations. Data on such trends can be derived, among other things, from the information provided by users of the lithire app. Therefore, the data of our app is regularly analyzed in aggregated form. As an example, we evaluate average salaries in different geographic regions or industries. In addition, we show quantitative trends regarding the popularity of characteristics/qualifications of applicant groups or companies. When analyzing anonymized data, it is not possible for us to draw conclusions about your person at any time. The storage period of the anonymized data depends on the purpose of the collection and is a maximum of 5 years.

The legal basis for the evaluation of anonymized research-relevant data described here is your express consent pursuant to Art. 6 I p. 1 a GDPR.

5. Newsletter

If you register for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 I S. 1 a GDPR.

Unsubscribing from the newsletter is possible at any time and can be done either by sending us a message via the contact options provided in the imprint or via the link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

6. Presence on social media platforms

We use the following social media platforms for company presentation and communication (explicit reference is made to the privacy statements and opt-out options linked below).

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) Privacy Policy: https://twitter.com/de/privacy Opt-Out: https://twitter.com/personalization

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) Privacy Policy https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) Privacy Policy: http://www.youtube.com/t/privacy/

These social media platforms may process personal data outside the EU; in this respect, we refer to the above data protection declarations of the social media platforms. The respective social media platforms may create usage profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior may even be stored independently of the device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests

We process the personal data exclusively for communicating with you via the social media platform you have chosen and for optimizing our online presence and ensure that no interests of yours are affected here that outweigh this legitimate interest on our part (Art. 6 I p. 1 f GDPR). Insofar as you have already given the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data will also be based on this consent (Art. 6 I S. 1 a GDPR).

7 Third-party services

7.1 Google Analytics (Website)

This website uses Google Analytics, a web analytics service provided by Google, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and collects and stores data via this web analytics service, from which usage profiles are created using pseudonyms. The usage profiles created in this way are used to evaluate visitor behavior in order to design and improve the offer presented on this website in line with requirements. Google Analytics uses “cookies”, which are small text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. The usage profiles kept under a pseudonym will also not be merged with personal data about the user without the user’s express and separately declared consent. Google Analytics is only used with your consent (Art. 6 I p. 1 a GDPR). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). In addition, you can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Google Analytics deactivate. You can view Google’s privacy policy at http://www.google.de/intl/de/policies/privacy/. For more information on the terms of use, please visit http://www.google.com/analytics/terms/de.html. We would like to point out that on this website Google Analytics has been extended by the code “anonymizeIp” to ensure anonymized collection of IP addresses (so-called IP masking).

7.2 Google Analytics for Firebase (App)

Our app uses Google Analytics for Firebase, an analytics service from Google, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and collects and stores data via this analytics service, from which usage profiles are created using pseudonyms. The usage profiles created in this way are used to evaluate user behavior in order to design and improve the app in line with requirements. Google Analytics for Firebase uses the advertising ID of the mobile device for this purpose. The information thus generated about your use of this app is usually transmitted to a Google server in the USA and stored there. However, since we have activated anonymization in this app, your IP address or advertising ID will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address or advertising ID be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this app, Google will use this information for the purpose of evaluating your use of the app, compiling reports on app activity and providing other services relating to app usage to the app operator. The information processed in this way may be used together with other Google services, such as Google Analytics and Google marketing services. In this case, only pseudonymous information, such as the Android Advertising ID or the Advertising Identifier for iOS, is processed to identify users’ mobile devices. The use of Google Analytics for Firebase only takes place with your consent (Art. 6 I S. 1 a GDPR). You can prevent the collection of data related to your use of the app (including your IP address) by Google Analytics for Firebase and the processing of this data by Google:

If you are using a smartphone with iOS operating system, you can restrict the use of the advertising ID under “Settings” / “Privacy” / “Advertising” / “Restrict ad tracking”.

If you are using a smartphone with Android operating system, you can restrict the use of the advertising ID under “Account” / “Google” / “Ads”.

You can view Google’s privacy policy here: https://policies.google.com/privacy

You can view Firebase’s privacy notice here: https://firebase.google.com/support/privacy.

7.3 Social media links

We have our own social media pages with the third-party providers that can be reached via links from our platform. Using the links will take you to the respective websites of the third-party providers (e.g. Facebook, Twitter, Instagram) To avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link, so that usage profiles cannot be created by the third-party provider simply by using the link.

7.4 Use of Google Maps (website)

This website uses Google Maps, a map service from Google, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When using Google Maps, data on the use of the Maps functions by visitors to the websites is also collected, processed and used. Google Maps is only used with your consent (Art. 6 I S. 1 a GDPR). You can view Google’s privacy policy at http://www.google.de/intl/de/policies/privacy/. You can view the additional usage information for Google Maps at http://www.google.com/intl/de_de/help/terms_maps.html.

7.5 Use of Google ReCAPTCHA (website)

This website uses the ReCAPTCHA service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The function serves to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes the sending of the IP address and possibly other data required by Google for the ReCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of ReCaptcha is not merged with other data from Google. The processing serves to prevent misuse of this website. Google ReCAPTCHA is only used with your consent (Art. 6 I S. 1 a GDPR). Google’s privacy policy applies, you can find it at: https://policies.google.com/privacy?hl=de.

7.6 Google Web Fonts (Website)

We use so-called web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), in order to be able to display a uniform font on our website. These are automatically stored in your browser cache when you call up one of our pages in order to enable the desired display. If your browser does not support the web fonts used, a standard font of your computer may be used. In this case, no interests of the user are affected which outweigh this technical necessity (Art. 6 I S. 1 f GDPR). You can view Google’s privacy policy here: https://www.google.com/policies/privacy/ You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq.

7.7 Use of MailChimp

Our email communication is handled using “MailChimp”, a platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Here, your e-mail address and also your other data described in the context of these notes are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the emails on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. MailChimp does not use the data of our mail recipients to write to them itself or to pass them on to third parties. The processing serves to prevent misuse of this website. MailChimp is only used with your consent (Art. 6 I S. 1 a GDPR). You can view the privacy policy of MailChimp at https://mailchimp.com/legal/privacy/.

8. Contact

To contact us regarding data protection, you are welcome to use the following contact options. Responsible party within the meaning of the GDPR:

leap in time GmbH

Daimlerstraße 6

63512 Hainburg

E-Mail: info@leap-in-time.com

Phone: +49 6182 / TBD

Contact: info@leap-in-time.de

You can reach our data protection officer at info@coventury.de or our postal address with the addition “the data protection officer”

Competent supervisory authority for data protection: The Hessian Commissioner for Data Protection and Freedom of Information – Gustav-Stresemann-Ring 1, 65189 Wiesbaden, poststelle@datenschutz.hessen.de