In the following we inform you about the processing of your personal data on our website and your rights in connection thereto.

Personal data

Pursuant to Article 4 of the General Data Protection Regulation (“GDPR”), personal data are any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller

Project Expat GmbH
Lechanger 8
86899 Landsberg am Lech
info@project-expat.com
+49 89 2441729 600

Your rights

You have the following statutory rights under data protection law:

Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are processed and where that is the case access to the personal data. In order to be able to process your request as quickly as possible, you should formulate your request precisely. We would like to point out, that your right of access may be restricted due to legal provisions (in particular, if Sec. 34 of the Federal Data Protection Act (FDPA) applies).

Right to rectification (Article 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right erasure (“right to be forgotten”) (Article 17 GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay under the conditions of Article 17 GDPR. Your right to obtain erasure depends on whether the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by the Union or Member state law to which we are subject or the performance of a task carried out in the public interest or in the exercise of official authority vested in us or for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain restriction of processing under the conditions of Article 18 GDPR.

Right to data portability (Article 20 GDPR)

Under the conditions of Article 20 GDPR, you have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from us. Where technically feasible, you have the right to have the personal data transmitted directly from us to another controller.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. A list of supervisory authorities (for the non-public sector) can be found here at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Your right to object pursuant Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

To the extent we process personal data for the purpose of direct marketing, you as the data subject have the right to object to the processing of personal data relating to you for the purpose of such marketing at any time, which includes profiling to the extent that it is related to such direct marketing.

Processing activities

Using our website for informational purposes

Purpose and legal basis

We process personal data for the purposes of providing our website and ensuring its stability and security.

The legal basis is Article 6 (1)(1)(f) GDPR. Our legitimate interest is making our website available to you in a fully functional form.

Storage period

As soon as these personal data are no longer required for the above purposes, they will be deleted. Further storage may take place in individual cases if required by law.

Recipients

We disclose these personal data to our server provider which is Strato AG, Pascalstraße 10, 10587 Berlin.

Obligation to provide the data

The provision of these personal data is neither a statutory nor a contractual requirement and is also not necessary for the conclusion of a contract. There is also no obligation to provide this personal data. However, if you do not provide these personal data, you may not be able to access our website.

Note: You have a right to object under Article 21 GDPR. You can send us your objection at any time, for example by email or by post using the contact details given above.

Contact by phone, email, mail or other means of communication; Recommendation of a partner

Purpose and legal basis

We process personal data for the purpose of getting in contact with you.

The legal basis is Article 6 (1)(1)(b)(2) GDPR, insofar as the processing is necessary in order to take steps at your request prior to entering into a contract and you yourself are a potential contractual partner. The legal basis is Article 6 (1)(1)(b)(1) GDPR, insofar as the processing is necessary for the performance of the contract and you yourself are a contractual partner. In all other cases, the legal basis is Article 6 (1)(1)(f) GDPR. In these cases, our legitimate interest is to answer your contact request and to contact you.

If you recommend a partner the purpose of the processing is the fulfillment of legal obligations to which the controller is subject.

The legal basis is Articles 6 (1)(1)(c), 14(2)(f) GDPR.

Storage period

We delete these personal data within three months from receiving the contact request.

Recipients

We disclose personal data to our server provider which is Strato AG, Pascalstraße 10, 10587 Berlin and to our inhouse sales and marketing department. In case of a partner recommendation, we transmit the recommender’s name to the recommendee.

Obligation to provide the data

Note: To the extend the processing is based on our legitimate interest, you have a right to object under Article 21 GDPR. You can send us your objection at any time, for example by email or by post using the contact details given above.

Contact form

Purpose and legal basis

We process personal data for the purpose of getting in contact with you.

Storage period

If no contract is concluded, personal data relating to precontractual communication will be deleted within three months of receiving the last communication from you. If a contract is concluded, please see section “Fulfilment of legal obligations”.

Recipients

We disclose these personal data to our server provider which is Strato AG, Pascalstraße 10, 10587 Berlin and to our in-house marketing and sales department.

Obligation to provide the data

Client registration and Member Login

Purpose and legal basis

We process personal data for the purpose of customer acquisition and to provide customers access to exclusive benefits and offers from Project Expat GmbH.

The legal basis for the processing of the e-mail address and password is Article 6 (1)(1)(b)(1) GDPR. The processing is necessary for the performance of the contract. The legal basis for processing your name and your nationality is Article 6 (1)(1)(f) GDPR. Our legitimate interest is to give you access to our exclusive offers.

Source

In case you choose to use Facebook Login, we receive your email address from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. If you choose to use Google Login, we receive your email address from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Storage period

These personal data will be stored for as long as your account exists. If you delete your account, these personal data will be deleted immediately.

Recipients

We disclose personal data to Strato AG, Pascalstraße 10, 10587 Berlin and our in-house marketing department.

Obligation to provide the data

Facebook Business Tools

Purpose and legal basis

We process personal data for the following purposes:

Matching of information that personally identifies individuals, such as names, email addresses, and phone numbers (“Contact Information”) against user IDs of Meta Platforms Ireland Ltd., to combine those with other information about people and the actions that they take on our websites and apps (“Matching of Contact Information”);

Preparation of reports on the impact of our advertising campaigns and other online content (“Campaign Reports”);

Generation of analytics and insights about people and their use of our apps, websites, products and services (“Analytics”);

Targeting of our ad campaigns to people who interact with our business;

Delivery of Commercial and Transactional Messages and

Improvement of Ad Delivery; Personalization of Features and Content

The legal basis is article 6(1)(1)(a) GDPR.

Storage period

Your Contact Information will be deleted after matching.

Otherwise, this personal data will be stored for a period of two years after its collection.

Recipients

We disclose these personal data to Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland.

Joint controllers

We are jointly responsible with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland for the processing when using Facebook Business Tools for the following purposes (“Joint Processing”):

Targeting of our ad campaigns to people who interact with our business;

Delivery of Commercial and Transactional Messages and

Improvement of Ad Delivery; Personalization of Features and Content.

We and Meta Platforms Ireland Ltd. have concluded a contract (“Controller Addendum”) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the Joint Processing. It was agreed therein that we are responsible for providing data subjects with at least the following information:

Meta Platforms Ireland Ltd. is Joint Controller of the Joint Processing.
Information about the products of Meta Platforms Ireland Ltd. we use and for which purposes (see above).
The following information can be found in the Data Policy of Meta Platforms Ireland Ltd., available at:
- Contact details of Meta Platforms Ireland Ltd.;
- The name and contact details of its data protection officer as well as
- further information on how Meta Platforms Ireland Ltd. processes personal data including the legal basis Meta Platforms Ireland Ltd. relies on and the ways to exercise data subject rights against Meta Platforms Ireland Ltd.

In addition, we have agreed that between the parties, Meta Platforms Ireland Ltd. is responsible for enabling data subjects’ rights under Articles 15-20 of the GDPR with regard to personal data stored by Meta Platforms Ireland Ltd. after the Joint Processing. Insofar as the Joint Processing by Meta Platforms Ireland Ltd. is based on Article 6(1)(1)(f) GDPR, we have agreed that Meta Platforms Ireland Ltd. will fulfill any right to object pursuant to Article 21 GDPR.

The Controller Addendum is available at https://www.facebook.com/legal/controller_addendum.

Transfer of personal data to third countries

We do not intend to transfer these personal data to a third country. However, please note that Meta Platforms Ireland Ltd. has contractually agreed to transfer these personal data to third countries only on the basis of the processor-to-processor standard contractual clauses, i.e. as applicable to the transfer concerned: (a) module 3 (processor to processor) of the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR and approved by the European Commission decision 2021/914, dated 4 June 2021; or (b) such other (processor to processor) standard contractual clauses for the transfer of personal data to third countries that are recognised under the applicable data protection laws in the EU, EEA, UK or Switzerland, or an alternative transfer means recognised by the GDPR and other applicable data protection laws in the EEA, UK and Switzerland (such as an adequacy decision).

A copy of European Commission Decision 2021/914 can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

Obligation to provide the data

Automated decision making

Automatic decision-making in the form of profiling takes place.

Note: Consent is freely given. To the extent the processing is based on consent pursuant to Article 6 (1)(1)(a) or Article 9 (2)(a) GDPR, you have the right to withdraw the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until its withdrawal. You can withdraw your consent in the same way and just as easily as giving consent, for example by clicking on the cog icon in the lower left-hand corner and changing your settings.

Facebook Pages

We created Facebook Pages at the following addresses: https://www.facebook.com/ProjectExpatGermany.

Joint controllership

We and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (“Meta Platforms”), are joint controllers for the processing of such personal data in events for Page Insights (“Insights Data”). Page Insights are aggregated statistics that are created from certain events logged by Facebook servers when people interact with Pages and the content associated with them. You can find more information about Page Insights and the events they are based on under Information about Page Insights and under “How do we use this information?” in Facebook’s Data Policy. The joint controllership covers the creation of those events and their aggregation into Page Insights.

Meta Platforms has agreed to ensure that Meta Platforms has a legal basis for processing of Insights Data, to comply with the obligations under the General Data Protection Regulation for the processing of Insights Data (including, but not limited to, Articles 12, 13 of the GDPR and Articles 15-21 of the GDPR, Articles 33 and 34 of the GDPR) and to implement appropriate technical and organizational measures to ensure the security of the processing in accordance with Article 32 of the GDPR.

Additionally, Meta Platforms agreed to make the essence of the agreement on the joint controllership available at the following address: https://www.facebook.com/legal/terms/information_about_page_insights_data

We have agreed to ensure that we have a legal basis for the processing of Insights Data and to identify it including the legitimate interest we pursue, if applicable, and that we identify the responsible data controller(s) on our side including their contact details as well as the contact details of the data protection officer(s), if any (Article 13 (1)(a-d) GDPR).

In addition, we have agreed, if data subjects exercise their rights under the GDPR with regard to the processing of Insights Data against us (Article 26 (3) GDPR) or we are contacted by a supervisory authority with regard to the processing of Insights Data, each a “Request”, will forward all relevant information regarding such Requests to Meta Platforms promptly but within a maximum of seven calendar days.

Purpose and legal basis

We process these personal data to operate our Facebook pages.

Legal basis is Article 6 (1)(1)(f) GDPR. Our legitimate interest is to establish and maintain contact with potential new customers, business partners, employees, users of online services and existing customers, and to be able to disseminate our content via the Facebook pages.

Note: You have a right to object under Article 21 GDPR. You can send us your objection at any time, for example by email or by post using the contact details given above.

Instagram Page

We run our own page on Instagram. You can find information on data protection concerning your personal data at: https://help.instagram.com/519522125107875/?helpref=hc_fnav

LinkedIn Page

We have created a LinkedIn Page at https://www.linkedin.com/company/project-expat/.

For a list of processing activities, please refer to the privacy policy of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, https://de.linkedin.com/legal/privacy-policy?#data

Joint controllership

We and the LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn“) are joint controllers for „Page Insights” according to the General Data Protection Regulation („GDPR”). Page Insights are aggregated data which are provided by a Member to LinkedIn, such as job function, country, industry, seniority, company size, and employment status data from the Member’s profile. Additionally, LinkedIn processes information on how a Member has interacted with our LinkedIn page, e.g., whether a Member is a follower. LinkedIn only processes and retains personal data for Page Insights in accordance with its User Agreement and Privacy Policy. LinkedIn does not provide us personal data of Members with regard to Page Insights or enable us to link Page Insights back to individual Members.

Therefore, we have entered into a joint responsibility agreement (“LinkedIn Addendum“) with LinkedIn, which essentially has the following content:

LinkedIn ensures the security of the processing of member data and the provision of Page Insights by implementing appropriate technical and organizational measures; more information can be found here: https://security.linkedin.com/.

LinkedIn has committed to us to assume responsibility under the GDPR for providing Page Insights and to comply with all applicable obligations under the GDPR with respect to its processing of Page Insights (including, without limitation, Articles 12-22 and Articles 32-34 of the GDPR). This means that LinkedIn will, among other things, ensure that Members are informed about the data being processed and support Members’ right to access and deletion. LinkedIn decides in its sole discretion how to comply with its obligations under the Addendum.

We have made a commitment to LinkedIn, that we comply with applicable legal obligations including any obligations arising under the GDPR from our use of the Page Insights.

Further, if we are contacted by a data subject or supervisory authority under the GDPR (or other applicable law) regarding the processing of Page Insights and/or the obligations assumed by LinkedIn and us under the LinkedIn Addendum (each such contact a “Request“), we have committed to LinkedIn to notify LinkedIn immediately and in any event within three business days and to provide LinkedIn with all information they reasonably require in connection with the Request.

In addition, LinkedIn has committed to us to respond to requests in accordance with LinkedIn’s obligations under the LinkedIn Addendum, the GDPR and other applicable law. We have also committed to LinkedIn to use all reasonable efforts to cooperate with LinkedIn in responding to any such request in a timely manner.

Google Ads

Purpose and legal basis

We process personal data for the purpose of making our advertising more relevant to you, to measure its effectiveness, and to help recognize your devices to serve you ads on and off of Google services.

The legal basis is Article 6(1)(1)(a) GDPR.

Storage period

No personal data are stored beyond collection and disclosure to the recipients.

Recipients

We disclose these personal data to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google Ireland”).

Transfer of personal data to third countries

We do not intend to transfer these personal data to a third country. However, we would like to point out that Google Ireland has contractually agreed to transfer the above personal data to third countries only on the basis of standard data protection clauses of the European Commission or another solution that enables the lawful transfer of personal data to a third country in accordance with the European Data Protection Legislation. For more information, see https://business.safety.google/adscontrollerterms/.

Obligation to provide the data

Analytics

Purpose and legal basis

We process personal data for the purpose of market research and analytics for advertising.

The legal basis is Article 6 (1)(1)(a) GDPR.

Storage period

These personal data will be stored for a period of 210 days from collection.

Recipients

We disclose these personal data to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland”).

Transfer of personal data to third countries

We do not intend to transfer these personal data to a third country. However, we would like to point out that the Google Ireland has contractually agreed to transfer the above personal data to third countries only on the basis of standard data protection clauses of the European Commission. A copy of these standard data protection clauses is available here: https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/.

Obligation to provide the data

Google Fonts

Purpose and legal basis

We process personal data for the purpose of improving our website’s appearance by having a backup for loading fonts.

The legal basis is Article 6(1)(1)(f) GDPR.

Storage period

No personal data are stored beyond collection and disclosure to the recipients.

Recipients

We disclose these personal data to Google LLC, with offices at 1600 Amphitheatre Parkway, Mountain View, California 94043, United State of America.

Transfer of personal data to third countries

We intend to transfer these personal data to recipients in the United States of America. An adequacy decision of the European Commission does not exist. As appropriate safeguards under Articles 44, 46(2)(c) GDPR, we have entered into standard data protection clauses with the recipient, which have been adopted by the Commission. A copy of these standard data protection clauses is available here: https://business.safety.google/gdprcontrollerterms/sccs/eu-c2c/.

Obligation to provide the data

Note: You have a right to object under Article 21 GDPR. You can send us your objection at any time, for example by email or by post using the contact details given above.

Google Maps

Purpose and legal basis

We process personal data for the purpose of improving the appearance by showing to the users the country that they selected on a world map.

The legal basis is Article 6(1)(1)(f) GDPR.

Storage period

No personal data are stored beyond collection and disclosure to the recipients.

Recipients

We disclose these personal data to Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland (“Google Cloud Ireland”).

Transfer of personal data to third countries

We do not intend to transfer these personal data to a third country. However, we would like to point out that Google Cloud Ireland has contractually agreed to transfer the above personal data to third countries only on the basis of standard data protection clauses of the European Commission or another solution that enables the lawful transfer of personal data to a third country in accordance with the European Data Protection Legislation. For more information, see https://business.safety.google/adscontrollerterms/.

Obligation to provide the data

Note: You have a right to object under Article 21 GDPR. You can send us your objection at any time, for example by email or by post using the contact details given above.

LinkedIn Ads

Purpose and legal basis

We process personal data for the purpose of improving the ad services by optimizing relevance algorithms, finding LinkedIn members probabilistically across devices, to optimize our ad campaigns and to target our ads.

The legal basis is Article 6 (1)(1)(a) GDPR.

Storage period

These personal data will be stored for a period of 30 days from collection.

Recipients

We disclose these personal data to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”) and its affiliates (including in the United States of America).

Transfer of personal data to third countries

Obligation to provide the data

Twitter Ads

Purpose and legal basis

We process personal data for the purpose of making our advertising more relevant to you, to measure its effectiveness, and to help recognize your devices to serve you ads on and off of Twitter.

The legal basis is Article 6(1)(1)(a) GDPR.

Storage period

No personal data are stored beyond collection and disclosure to the recipients.

Recipients

We disclose these personal data to Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland („Twitter”).

Transfer of personal data to third countries

We do not intend to transfer these personal data to a third country. However, we would like to point out that the Twitter has stated that it would transfer the above personal data to third countries only as far as an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws and/or contractual obligations placed on the recipient of the data is ensured. Where Twitter relies on the EU Standard contractual clauses, these maybe requested by inquiry directly from Twitter. For more information click here: https://twitter.com/en/privacy

Obligation to provide the data

Tidio

Use of Tidio Live Chat
In order to be able to communicate with you better and to be able to answer questions about the online platform quickly, we use the chat function of Tidio Life Chat of the company Tidio LLC, 180 Steuart St,CA 94119, San Francisco, USA, Web: https://www.tidio.com, hereinafter: “Tidio Live Chat” on our website. If you have questions about our products, our online store, the website or our company, you can reach us via the displayed chat window of Tidio Live Chat and send us a message. You will be informed if someone is online at the moment to answer you immediately. If this is not the case, you can still leave a message. Tidio Live Chat uses cookies to enable you to personalize your online experience. Regarding the explanation of cookies, we refer to the point “Cookies” in this Privacy Policy. That information generated by Tidio Live Chat’s cookies is processed outside the European Union. We have concluded a so-called “standard contractual clause” with Tidio Live Chat to oblige Tidio Live Chat to maintain an adequate level of data protection. The data is processed exclusively for the processing of the conversation. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing to compliance with existing legally mandatory retention obligations. Legal basis for the processing Art. 6 para. 1 p. 1 lit. f) DSGVO. We carry out the aforementioned processing for customer care and to increase our services. We have no knowledge of the storage period at Tdio Live Chat and no possibility to influence it. Further information on data protection can be found at https://www.tidio.com/privacy-policy/.

Advance Page Visit Counter Plugin

To measure clicks within WordPress website, we use the plugin “Advanced Page Visit Counter” by Ankit Panchal – https://iamankitp.com/). No personal data is collected, only the clicks etc. are analyzed anonymously. This analysis is also used to improve our web services.