Privacy policy

Status August 2024

Table of contents

I.    Name and address of the data controller

II. contact details of the data protection officer

III. general information on data processing

IV.    Rights of the data subject

V.    Use of cookies

VI. email contact

VII. contact form

VIII.    Use of company presences in professionally oriented networks

IX.    Hosting

X. Privacy Notice for Applicants

I.    Name and address of the person responsible

The responsible person within the meaning of the General Data Protection Regulation (DSGVO) and other data protection regulations is:
Cloudflake GmbH
Gerhart-Hauptmann-Str.11
85356 Freising
Germany
+49 8161 9699 522
info@cloudflake.com

https://www.cloudflake.com

II. Contact details of the data protection officer

The data protection officer of the data controller is:
DataCo GmbH
Dachauer Street 65
80335 Munich
Germany
+49 89 7400 45840

www.dataguard.de

III General information on data processing

1 Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is required by legal regulations.

2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a DSGVO serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) sentence 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for the processing.

3 Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

IV.    Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

1. the right to information (Art. 15 DSGVO).
You have the right to request confirmation from us as to whether personal data relating to you is being processed.
If this is the case, you have a right of access to this data and to the following information:
o Purposes of processing
o categories of personal data
o Recipients or categories of recipients
o the planned storage period or the criteria for determining this period
o the existence of the rights of rectification, erasure or restriction or opposition
o Right to lodge a complaint with the competent supervisory authority
o If applicable, origin of the data (if collected from a third party)
o If applicable, existence of automated decision-making, including profiling, with meaningful information about the logic involved, the scope and the effects to be expected.
o If applicable, transfer of personal data to a third country or international organisation.

2. right of rectification (Art. 16 DSGVO)
If your personal data is inaccurate or incomplete, you have the right to request that the personal data be corrected or completed without delay.

3. right to restriction of processing (Art. 18 DSGVO)
If one of the following conditions is met, you have the right to request restriction of the processing of your personal data:
o You dispute the accuracy of your personal data, for a period of time that allows us to verify the accuracy of the personal data.
o In the context of unlawful processing, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
o We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal rights; or
o after you have objected to the processing, for the duration of the examination as to whether our legitimate grounds outweigh your grounds.

4. right to erasure ("right to be forgotten") (Art. 17 DSGVO).
If one of the following reasons applies, you have the right to request immediate erasure of your personal data:
o Your data is no longer necessary for the processing purposes for which it was originally collected.
o You withdraw your consent and there is no other legal basis for the processing.
o You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) DSGVO.
o Your personal data are processed unlawfully.
o Erasure is necessary for compliance with a legal obligation under Union law or the law of the member state to which we are subject.
o The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
Please note that the above grounds do not apply insofar as the processing is necessary:
o For the exercise of the right to freedom of expression and information;
o For compliance with a legal obligation or for the performance of a task carried out in the public interest to which we are subject.
o For reasons of public interest in the field of public health.
o For archival, scientific or historical research purposes in the public interest or for statistical purposes.
o For the assertion, exercise or defence of legal claims.

5. right to data portability (Art. 20 DSGVO).
You have the right to receive your personal data in a structured, common and machine-readable format or to request that it be transferred to another controller.

6. right to object to certain data processing (Art. 21 DSGVO)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e or f DSGVO. This also applies to profiling based on these provisions.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

7. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. A list of the supervisory authorities with local jurisdiction in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
You have the right to complain about the processing of your personal data to a data protection supervisory authority. Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna Telephone: +43 1 52 152-0 E-mail: dsb@dsb.gv.at.

V.    Use of cookies

1. description and scope of data processing
When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the body that sets the cookie. Below we describe the types of cookies we use:
We use technically necessary cookies, which are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.
The following data is stored and transmitted by the technically necessary cookies:
o Frequency of page views

2. purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
We require the technically necessary cookies for the following applications:
o Matomo tracking code

3. legal basis for data processing
The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) are relevant for the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of § 25 para. 2 no. 2 TTDSG. This storage of and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information on different storage periods for cookies can be found in the following sections of this data protection declaration.

VI. email contact

1 Description and scope of data processing
On our website, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.
The data is used exclusively for processing the conversation.

2 Purpose of the data processing
In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

3. legal basis for data processing
The legal basis for processing the data transmitted in the course of sending an email is Art. 6 (1) lit. f DSGVO. Our legitimate interest is to optimally answer your enquiry that you send by e-mail.
If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

4 Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. possibility of objection
If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
I consent to my personal data being transmitted to Cloudflake GmbH for the purpose of contacting me. I can revoke my consent at any time by sending an email to info@cloudflake.com. All further information, in particular on the rights under Chapter III of the GDPR, can be found in the privacy policy.
All personal data stored in the course of contacting me will be deleted in this case.

VII Contact form

1 Description and scope of data processing
Our website contains a contact form which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored.
At the time the message is sent, the following data is stored:
o Email address
o surname
o First name
o date and time of contact

2. purpose of data processing
The processing of personal data from the input mask of the contact form or via the e-mail address provided serves us solely to process the contact.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 p. 1 lit. a DSGVO. Consent can be revoked at any time without reason. The data will not be used for any other purpose.

4 Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which consent was given. The consent of the e-mail sender to the processing of his/her personal data is of course not final. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

5. possibility of revocation
If the user contacts us via the input mask in the contact form, he can revoke his consent to the storage of his personal data at any time.
All personal data stored in the course of contacting us will be deleted in this case.

VIII.    Use of company presences in professionally oriented networks

1. scope of data processing

We use the possibility of company appearances in job-oriented networks.

We maintain a company presence on the following profession-oriented networks:

LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland.

On our site, we provide information and offer users the opportunity to communicate.
The company website is used for job applications, information/PR and active sourcing.

We have no information on the processing of your personal data by the companies jointly responsible for the company website. For more information, please see the privacy policy of:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. your full name or a photo of your user profile) public.

2. Legal basis for data processing
The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) sentence 1 lit. f DSGVO. Our legitimate interest here is to answer your enquiry in the best possible way or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b DSGVO.

3. Purpose of data processing
The purpose of our corporate website is to inform users about our services. In doing so, every user is free to publish personal data through activities.

4. duration of storage
We store your activities and personal data published via our company website until you revoke your consent. In addition, we comply with the statutory retention periods.

5. possibility of objection
You can object at any time to the processing of your personal data that we collect in the course of your use of our corporate presence and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal email to the email address stated in this data protection declaration.
Further information on how to exercise your rights can be found here:

LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

IX.  Privacy Policy for the Use of Amazon Web Services (AWS)

 

Controller and Service Provider As part of our online presence, we use the services of Amazon Web Services EMEA SARL, Germany Branch, to host our website and to provide you with secure and efficient use of our online services. Amazon Web Services (AWS) is a leading provider of cloud computing services, offering us a reliable infrastructure.

Service Provider's Address and Location: Amazon Web Services EMEA SARL

Germany Branch

Marcel-Breuer-Str. 12

80807 Munich

Germany

Branch Office Location: Munich

Registered in the Commercial Register of the Munich District Court under HRB 242240

VAT ID: DE317013094

Description of Data Processing The use of AWS as a hosting service provider requires the processing of data necessary for the operation of our website. This data may include IP addresses, technical usage data, and metadata. AWS stores this data in highly secure data centers that comply with the stringent data protection regulations of the European Union.

Legal Basis for Processing The processing of your personal data by AWS is based on Article 6(1)(f) of the GDPR (legitimate interest). Our legitimate interest lies in ensuring the stable, secure, and efficient use of our website.

Data Transfer We use the AWS location in Frankfurt. Your data may be transferred to third countries outside the EU as part of the use of AWS. AWS ensures that an adequate level of data protection is always maintained during such transfers, particularly through the use of the European Commission's standard contractual clauses.

Retention Period The data processed by AWS is only stored as long as necessary to achieve the purpose for which it was collected or as long as there are legal retention obligations.

Data Security AWS implements comprehensive technical and organizational measures to protect your data from loss, misuse, unauthorized access, or disclosure. These measures comply with the current state of technology and are regularly reviewed and updated.

X. Privacy Notice for Applicants

In accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data that you have provided during the application process and, where applicable, the data collected by us, as well as your rights in this regard. To ensure that you are fully informed about the processing of your personal data during this process, please take note of the following information.

1. Name and Contact Information of the Data Controller

The data controller responsible for processing your personal data within the scope of this contact is:

Cloudflake GmbH

Gerhart-Hauptmann-Str. 11

Phone: +49 8161 9699520

Email: info@cloudflake.com

Website: cloudflake.com

2. Contact Information of the Data Protection Officer

The appointed Data Protection Officer is:

DataCo GmbH

Nymphenburger Str. 86

80636 Munich

Phone: +49 (0) 89 7400 458 40

Email: datenschutz@dataguard.de

Website: www.dataguard.de

3. Purposes of Processing and Legal Basis

Your personal data is processed for the following purposes:

  • Conducting the application process and deciding on the establishment of an employment relationship.
  • Communication (phone, email).
  • Carrying out pre-contractual measures (initiation of the employment relationship).
  • Inclusion of applicant data in an applicant pool.
  • Assertion, exercise, or defense of legal claims arising from the application process.

Processing of special categories of personal data made public - Article 9(2)(e) GDPR

To the extent that special categories of personal data are processed, which you have evidently made public, your data will be processed in accordance with Article 9(2)(e) GDPR.

Processing for the purpose of asserting, exercising, or defending legal claims or in court actions - Article 6(1)(f) GDPR, Article 9(1)(f) GDPR

Where necessary, your data will be processed for the purpose of asserting, exercising, or defending legal claims or in court actions, in accordance with Article 6(1)(f) GDPR, Article 9(1)(f) GDPR.

Processing based on consent - Article 6(1)(a) GDPR in conjunction with Article 7 GDPR, Article 88(1) GDPR in conjunction with Section 26(2) BDSG

If you have given your consent to data processing, your data will be processed in accordance with Article 6(1)(a) GDPR in conjunction with Article 7 GDPR, Article 88(1) GDPR in conjunction with Section 26(2) BDSG.

Decision on the establishment of the employment relationship - Article 6(1)(b) GDPR, Article 88(1) GDPR in conjunction with Section 26(1) BDSG

We process your data to decide on the establishment of an employment relationship. In the event of employment with our company, your data will be processed for the purpose of conducting and terminating the employment relationship. Separate information will be provided regarding the processing of your personal data.

Processing based on legitimate interest - Article 6(1)(f) GDPR

Where processing is necessary for the purposes of legitimate interests pursued by us or a third party, and your interests or fundamental rights and freedoms do not override these interests, Article 6(1)(f) GDPR serves as the legal basis for data processing. Our legitimate interest arises particularly from the following reasons:

  • The proper conduct and optimization of the application process.
  • Assertion, exercise, or defense against legal claims.

Processing of special categories of personal data - Article 9(2)(a) GDPR

If you have consented to the processing of special categories of personal data, such as health data, religious affiliation, or nationality, your data will be processed in accordance with Article 9(2)(a) GDPR.

4. Recipients or Categories of Recipients of Personal Data

In the context of processing your personal data, it may be necessary to share your personal data with the following recipients:

  • Within our company, only to the areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.
  • HR department.
  • Relevant department.
  • Data processors.

During the application process, your personal data will only be shared with employees of our company who need it to fulfill the purposes mentioned in Section 3. There will be no transfer of your personal data to third parties during the application process.

5. Transfer of Personal Data to a Third Country

Your personal data will not be transferred to third countries outside the European Union or the European Economic Area, and there are no plans to do so.

6. Duration of Storage of Personal Data

We will delete your personal data as soon as the purposes mentioned in Section 4 for their storage cease to apply, or if you object to the use of your personal data (in the case of processing based on legitimate interests) or withdraw your previously given consent. However, your personal data may be stored beyond this period, particularly in the following cases:

  • If contractual, legal (especially from the Commercial Code, Criminal Code, and Tax Code), or statutory retention periods prevent deletion.
  • For the assertion, exercise, or defense of legal claims.
  • If required by European or national laws to fulfill a legal obligation to which we are subject.

Legal retention periods particularly apply to us as follows:

  • After a decision not to hire: 6-month retention period for application documents (Section 15(4) General Equal Treatment Act (AGG), Section 224 Civil Procedure Code (ZPO)).

If the applicant has given consent, the application documents will be included in the applicant pool and stored there for a maximum of 2 years from the time of consent. They will be deleted upon the purpose’s cessation or the applicant’s withdrawal of consent.

In the event of employment with our company, your personal data will be deleted with the cessation of the purpose, at the latest after the termination of the employment relationship, provided that no legal retention periods prevent deletion.

7. Data Subject Rights

Under the General Data Protection Regulation, you have the following rights:

  • If your personal data is processed, you have the right to obtain information from the controller about the data stored concerning your person (Article 15 GDPR).
  • If incorrect personal data is processed, you have the right to rectification (Article 16 GDPR).
  • If the legal requirements are met, you can request the deletion or restriction of processing (Articles 17 and 18 GDPR).
  • If you have consented to data processing or if a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability (Article 20 GDPR).
  • If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
  • You also have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA). You can contact them at:

Bavarian State Office for Data Protection Supervision

Promenade 27 (Castle)

91522 Ansbach

Phone: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300

www.lda.bayern.de/en/index.html

poststelle@lda.bayern.de

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing based on a balancing of interests), including profiling based on these provisions in the sense of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

The objection can be made without any formalities.

8. Right to Withdraw Consent

If you have given consent to processing by the controller through a corresponding declaration, you can withdraw your consent at any time for the future. The lawfulness of the data processing carried out based on the consent until the withdrawal remains unaffected.